Re: openldap up; can't db_stat

[Tony Earnshaw <tonye@billy.demon.nl>]

tor, 22.07.2004 kl. 18.01 skrev Rich Graves:

> I avoided that, and problems getting Heimdal compiled without pollution by
> system bdb and openssl libs, by giving up and going --without-sasl.

FWIW I ad no problems in compiling Heimdal on RHAS3 (it's installed in
/usr/heimdal) nor getting Cyrus SASL 2.1.18 to use it for GSSAPI.
Openldap SASL support is vital to my Openldap Postfix 2.1
implementations, since it eliminates the need to use saslauthd with the
latter's lack of SASL MD5 integration.

>  I have
> a custom bdb rooted in /usr/local/openldap, but am able to use the
> RedHat-supplied openssl.

0.9.7a, which has a serious security (ASN.1) flaw.

>  I regret not having the option to use kerberised
> binds against Active Directory, but I considered maintainability more
> important.

Try again ;) I promise you it's possible.

> > with up2date and its DB is minimized. Openldap 2.0.27 clients have to be
> > renamed
> 
> I am happy with RedHat's 2.0.27 clients.

That's because you don't use SASL ...

--Tonni

>  Only their servers are horribly
> broken.  I build br-openldap and br-openldap-servers RPMs rooted in
> /usr/local/openldap, and set them to conflict only with openldap-servers.
> This allows me to use the stock RedHat sendmail, etc.
> 
> My SRPM is 
> http://people.brandeis.edu/~rcgraves/br-openldap-2.2.14-9brandeis.src.rpm
> and some implementation notes are at 
> http://web.brandeis.edu/pages/view/Network/LdapCutover
> 
> Critiques very welcome. I went into production with it last Friday, and it 
> looks good thus far.
-- 

Happiness is having your cat jump in through the window and
greet you, with the light summer dew yet a few seconds wet
on his coat.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl