Re: Migrating openldap db backend from ibdm to bdb

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, February 26, 2007 8:19 PM +0100 Hallvard B Furuseth 
<h.b.furuseth@usit.uio.no> wrote:

> Quanah Gibson-Mount writes:
> > Using vendor packages to run an OpenLDAP server is nearly always a bad
> > idea (Mandriva's a definite exception).  There is almost nothing that
> > motivates the vendor to use current releases, or backport stability
> > fixes.  There are known problems with the connection code in OL
> > 2.3.27, for example, that were fixed in OpenLDAP 2.3.32.  In general,
> > use vendor packages at extreme risk.
>
> Is there something particular which makes this more so for OpenLDAP than
> other packages, or are OpenLDAP releases more buggy than other packages,
> or are existing bugs more likely to be fatal, or...?
>
> I had the impression that this was mostly a RedHat issue.  But if it's
> more general, it sounds like the only likely fix would be in OpenLDAP
> or the release methods or something.

The distro operators are generally interested in one thing -- The LDAP C 
api, and the libraries provided by OpenLDAP.  Using the software to 
actually run a slapd server is not something they particularly worry about. 
The only bugs they tend to backport are those ones involving a security 
vulnerability.  I've tried for a few months now to get the Debian folks to 
pick up the connection code patch from 2.3.32 and apply it to their 
distribution.  I'm still hopeful that they'll do it, but I removed myself 
from their packaging list after it became clear that creating a quality 
package in support of upstream was not anything they were interested in.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html