[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openlap and BDB updates: update question

Hash: SHA1


Howard  wrote:

> Generally one raises a complaint because one is seeking a resolution. 

Might be true.

> If a
> complaint is raised on this forum, that implies that someone here ought to
> do something about it.

Not entirely true.

> But a complaint directed to the wrong people serves
> no purpose.


> I think Tony's a sharp guy.


> When he ends a post with
>   > But it's not just Openldap: Other completely independent
>   > services linked
>   > with BDB have to be recompiled too. Hassle upon hassle.
> that sounds to me like a complaint about BDB. If I thought it was a
> meaningless post I would have just ignored it, but instead I responded with
> advice to contact the folks who would know best - Sleepycat.

Yes, but the fact is that, after posting on this list, we find out
- - it's not supposed to be happening at all, openldap normally makes use of 
shared libraries
- - some people expereinece this problem, others don't
- - it's likely not an openldap problem.

To me, this looks like a good result of discussion on this list. Aside from 
misunderstandings between you and me :-)

> > Why are you so fed up with questions from users ?
> If I were simply fed up, I would not bother posting at all. You seem to be
> misinterpreting quite a bit of my post.

I am always sorry if I misinterpret anything. I am glad you answer to my 
message so things can move forward!

> It looks to me like you're the one getting personal here. There was nothing
> personal in any of my previous messages. Obviously I have nothing to gain
> on any front by making personal attacks.

Indeed, no one has to gain anything by getting personal. I try not to become 
personal. If I failed, I apologize, and will take more care not to do it in 
future postings.

> > Maybe the users have a wrong view - I can't argue with that,
> > but nevertheless, that's how most people will see it.
> Whatever number of people hold a false perception doesn't make it right.

True, but that was not the point. The point was that it might take some effort 
to keep educating people ( that is users + developers ) about what's right or 

This is not easy, as it seems. And the way how to handle this might vary from 
person to person. And the main problem seems to be that people sometimes 
don't know if they are adressing the right people or the right list.

> If
> you don't want correct information, we can all save ourselves a lot of
> time.

Sure. But that's rhetorical. I definetely want to know if sets are broken in 
2.2.5. I definetely want to know if there is a problem with ipv6 in 2.2.5 or 
other versions. I definetely want to know if BDB is supposed to link 
statically into openldap.

Before every message I write, I *try* to ask myself the question: would this 
be an appropriate message to the openldap list ? Would it be likely that I 
get an answer ? Must I file an ITS about this ?

Right now, my estimate of possible effectiveness of these questions would be:

- - I definetely want to know if sets are broken in 2.2.5.
- -- Read the code! 

- - I definetely want to know if there is a problem with ipv6 in 2.2.5 or other 
- -- patch your kernel, go to SuSE

- -  I definetely want to know if BDB is supposed to link statically into
- -- whether it is or not, is your responsibility, learn about build 
environments or go to sleepycat.

You might or might not admit that this is not very encouraging.

The answers that I minimally would hope for are:

- - I definetely want to know if sets are broken in 2.2.5.
- -- Yes, it's broken, you can add that to our excellent article in the FAQ. 
There are no plans of fixing it, so you're stuck with 2.1.25 unless you climb 
the learning curve or pay some one to fix it for you.

- - I definetely want to know if there is a problem with ipv6 in 2.2.5 or other 
- -- No, there is no such problem known here. Sorry, you're on your own, but you 
could try {insert obscure but usefull tool here } to debug it.

- -  I definetely want to know if BDB is supposed to link statically into
- --- on this one, we know the answer now. We still don't know the cause, but at 
least we know that it's not the responsibility or fault of openLDAP.

I say 'minimal answers' because of course I hope to receive answers that solve 
the problem by just closing your eyes and snapping your fingers three times.
But with these kind of answers, at least one could further pursue the issue.

> The question of back-ldbm vs back-bdb is interesting in its own right, but
> not relevant here since both will use the BDB library.

ah... but not if you do something like --enable-gdbm --disable-dbd

> This just highlights
> the point I've tried to make so many times before - without attention to
> detail you get nowhere. back-bdb is not BerkeleyDB, much like SSL/TLS is
> not StartTLS. You ignore the distinction to your own detriment.

Or, like I said before, a clear overview of what is what, is missing. A page 
on the web that lists all these things that are not openLDAP and maybe some 
common troubles, some ways to determine if it is openLDAP or not causing the 
problem, some pointers to lists and such. (I am willing to make such a page, 
but I am afraid I don't know enough. However, in cooperation with 'the 
developers' anyone who can compile information into a readable document could 
go ahead and just do it. You might note that two of my proposals as to do 
such thing for ACL's have been met with less then encouraging responses. But 
that's in the past. Let's please move forward.)

> > Users are NOT holding you or any developer resonsible for
> > their problems.
> Perhaps not. As a developer I hold myself responsible for problems that
> arise in this code base. It's something to do with ego and professional
> pride. Sometimes ego can be a pain. But usually it results in greater care
> being taken and better quality resulting.

rpg:/mud# poke ego with stick.

> > But users want to know what went wrong. If something went wrong
> > with compling
> > openldap (like statically linking bdb) where's the first place I go ?
> > To THIS list. Because it happened when compiling openldap.
> > Not when compiling bdb!
> Yes. And when people have trouble getting their LDAP-based Linux
> authentication working, this seems to be the first place they go too, but
> that doesn't mean it's right.

A simple canned answer would do. 

Between the time it takes me to get auth_ldap with openldap debugged, I am 
thinking hard about the possibility of such canned responses and how to 
deploy them. My benefit from such an effort would be that, maybe, the people 
who really know what it is all about, would have more time to concentrate on 
real problems. Including my problems. (And of course if my problem was not 
appropriate for this list, I'd write a canned message to myself).
> > Is my recent problem with ipv6 a problem of ipv6, SuSE,
> > libtool, make, ls, or
> > openldap ? I discovered it only when using openldap. I didn't
> > change any
> > thing with ipv6. I didn't even know it was enabeld. On top of
> > that, it's an intermittent problem.
> >
> > So I go to the openLDAP list. Does that make sense ?
> Sure, and that is an actual question about the behavior of the OpenLDAP
> software.

The problem is: how do I know that? Maybe it's a problem of the tcp stack. Or 
a side efect of Yeast. The point being: I really don't know enough to 
understand what causes which problem. I think I am not the only 'user of 
openLDAP' with that problem. My life is not developing software, compiling, 
linking, etc etc. My life is running a web- and mailserver, doing some 
usersupport for my users, trying to make the managemanet of all this as easy 
as possible for me and my users. You see, most users of openLDAP may have 
only very limited understanding of even such trivial things as 'ptrace' of 
'gdb'. (Actually, I've never used them). If there was a possibility that the 
answers on this list might
- - direct them to the appropriate documentation
- - help them with the problem if it's a well know prolem or misconception
- - give them the feeling that they are a valued as a user of openldap software

then I think this list will be nicer and more effective, and it wouldn't take 
much time from everyone involved.

> There's nothing cyclical in the previous statement.

oh, then maybe it's just one of these self-referential things, they are 
sometimes hard to recognize (grin).


> > Why would my kernel need patching for compiling openldap ?

> Indeed, why would you need an OS patch to use OpenLDAP? I can't think of a
> good reason either, but then you run into RedHat 7, 9.0... The OpenLDAP
> docs say essentially, "use the latest available version of all requisite
> software." To be more specific would be unmanageable. You as sysadmin have
> to maintain your base system in stable working order.

Maybe it is unmanagable, I don't know that yet. But for those popular 
distro's, it would be not so much work to, again, compile distro-specific or 
OS specific information on a webpage. Probably, if there's a real problem, 
some one will have been posting it to this list. Someone else might have 
solved it already. People should search the archives - yes, of course. 

Just a suggestion - maybe you need some people (volunteers) that specifically 
try to update these kind of pages. Aw, but I've suggested that before, pardon 


PS another 40 minutes well spent !

>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)