[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.2 and db4 under RHEL4 on Xen 3.0

--On Sunday, March 19, 2006 12:41 PM -0700 Michael Torrie <torriem@chem.byu.edu> wrote:

On Sat, 2006-03-18 at 23:43 -0800, Quanah Gibson-Mount wrote:
I'm assuming by a "dbm" backend, you mean ldbm.  Of course, ldbm is not
recommended for use, because of its many problems.  Honestly, if you are
looking to run a directory service, I would highly advise you dump Xen,
and  use something where BDB is supported (and I'd suggest running
OpenLDAP  2.3.20 (or higher, if newer releases have been made by the
time you get to  it)).

Unfortunately 2.3.20 is not an option. This xen server (which is not in production at this moment) syncs (or will sync) using slurpd off of our production servers which are all 2.2, and cannot be changed until the next hardware/OS upgrade cycle. I will be getting the syncrep stuff going soon which I understand will can allow two different versions of OpenLDAP to sync. Even at that point, when this xen machine goes into production we have to, as much as possible, stick with maintainable RPM packages that are vendor supported. I've maintained servers using source tarballs before. It's not fun.

I am sure the distro makers (IE RedHat) will fix this problem soon as
they support Xen more and more.  Xen is here to stay.  It's not going
away.  Rather than dumping xen our long-term plan is to migrate all of
our servers to Xen virtual machines over the next five years.  We'll be
using a cluster of identical machines that are all tied into a fiber-
channel storage backbone.  This will allow near 100% uptime even with
equipment failure as we can transparently migrate xen vms from host to
host on the fly, allowing physical maintenance.  Since each vm is tied
directly to a scsi LUN coming over fiber channel, even the file server
can run in a virtual machine without significant performance loss.

So while the problems with xen are not the concern of the OpenLDAP
developers really, expect to hear more and more from your users about
xen and running OpenLDAP on xen.  I had just hoped someone with more
experience could tell me to just rebuild the bdb stuff with some
configure option.  I'll be talking to the bdb folks about this.


As Howard noted, an alternative vendor solution is CDS from Symas Corporation. That software installs into its own path (/opt/symas), so it doesn't conflict with the ldap libraries shipped by RedHat. I would strongly recommend against using the RedHat for a number of reasons:

(1) They historically do a very bad job of packaging OpenLDAP. This pattern continues with their current packaged version
(2) They have no incentive to "do" OpenLDAP well, since it competes with their Fedora DS
(3) They do not update their distributed version, nor patch it for the many known bugs fixed in later releases.

If what you are looking for is a reliable, robust directory service, then using RedHat's packaged version is the wrong thing to do.


-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html