[Date Prev][Date Next]
Re: OpenLDAP 2.2 and db4 under RHEL4 on Xen 3.0
--On Sunday, March 19, 2006 12:41 PM -0700 Michael Torrie
On Sat, 2006-03-18 at 23:43 -0800, Quanah Gibson-Mount wrote:
I'm assuming by a "dbm" backend, you mean ldbm. Of course, ldbm is not
recommended for use, because of its many problems. Honestly, if you are
looking to run a directory service, I would highly advise you dump Xen,
and use something where BDB is supported (and I'd suggest running
OpenLDAP 2.3.20 (or higher, if newer releases have been made by the
time you get to it)).
Unfortunately 2.3.20 is not an option. This xen server (which is not in
production at this moment) syncs (or will sync) using slurpd off of our
production servers which are all 2.2, and cannot be changed until the
next hardware/OS upgrade cycle. I will be getting the syncrep stuff
going soon which I understand will can allow two different versions of
OpenLDAP to sync. Even at that point, when this xen machine goes into
production we have to, as much as possible, stick with maintainable RPM
packages that are vendor supported. I've maintained servers using
source tarballs before. It's not fun.
I am sure the distro makers (IE RedHat) will fix this problem soon as
they support Xen more and more. Xen is here to stay. It's not going
away. Rather than dumping xen our long-term plan is to migrate all of
our servers to Xen virtual machines over the next five years. We'll be
using a cluster of identical machines that are all tied into a fiber-
channel storage backbone. This will allow near 100% uptime even with
equipment failure as we can transparently migrate xen vms from host to
host on the fly, allowing physical maintenance. Since each vm is tied
directly to a scsi LUN coming over fiber channel, even the file server
can run in a virtual machine without significant performance loss.
So while the problems with xen are not the concern of the OpenLDAP
developers really, expect to hear more and more from your users about
xen and running OpenLDAP on xen. I had just hoped someone with more
experience could tell me to just rebuild the bdb stuff with some
configure option. I'll be talking to the bdb folks about this.
As Howard noted, an alternative vendor solution is CDS from Symas
Corporation. That software installs into its own path (/opt/symas), so it
doesn't conflict with the ldap libraries shipped by RedHat. I would
strongly recommend against using the RedHat for a number of reasons:
(1) They historically do a very bad job of packaging OpenLDAP. This
pattern continues with their current packaged version
(2) They have no incentive to "do" OpenLDAP well, since it competes with
their Fedora DS
(3) They do not update their distributed version, nor patch it for the many
known bugs fixed in later releases.
If what you are looking for is a reliable, robust directory service, then
using RedHat's packaged version is the wrong thing to do.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html