[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: max open files

Hash: SHA1

I'll be honest:  while LDAP does what I need it to, and is the only tool
I've found that works well for my purposes, this is why I'm constantly
looking for another option.  Just about every request for help I see
come across this list gets an initial response of "Oh, well, you're one
or two minor versions out of date.  You need to update to the newest
version before we can help you."

Software that unstable is not, in my view, really suited to a production
environment.  If the OpenLDAP developers -- who, overall, do an
excellent job -- can't come up with a stable release every six months or
so, there's a problem.  If there are so many major flaws that running a
month old version means it's unsupportable, that's an even bigger problem.

I've been following the list for around a year, and I understand the
difficulties involved in supporting old versions, but the simple fact
is, most of us don't have time to custom compile all our server
software.  My Ubuntu-default installs of Apache, postfix, SSH, and just
about everything else work fine and can be supported by their
developers.  It's only LDAP (and a few things in beta) that absolutely
have to run the newest version at all times.  I chose to accept a
limited feature-set and bullied GnuTLS into working "well enough" for
our limited LDAP environment, but if I ever find an alternative, I'll be
moving away from LDAP to whatever that is.

And please -- nobody take this as an attack.  I really do respect the
OpenLDAP development team, and the people on this list do their best to
help everyone, even those of us using old versions.  I just question the
long-term viability of a system that needs to be recompiled as often as
OpenLDAP seems to.

- -Alex McKenzie

Quanah Gibson-Mount wrote:
> --On Tuesday, March 16, 2010 7:21 PM -0300 Matheus Morais
> <matheus.morais@gmail.com> wrote:
>> Well, IMHO this is a really bad excuse and I was not expecting to hear
>> that in this list. 
>> Klements,
>> You can get slapd source packages and change the flags as you want.
>> Serious distribution packages as Debian packages shouldn't
>> be discouraged by OpenLDAP dev team as I'm seeing here. Debian packages
>> policy are very strong and help a lot stable environments to be bug-free
>> from recent less stable versions. I use Debian as a protection from that
>> too early versions who can potentially threat my production environment
>> and I was very successful with Debian packages in this attempt.
>> You can also look for support on Debian IRC channels and lists.
> Hi Matheus,
> I'll note that article was written by one of the Debian openldap package
> maintainers.  And it is quite correct that anyone wanting to run a
> *stable* OpenLDAP production environment should most definitely *not*
> use the ones provided by most Linux OS providers, *particularly*
> Debian/Ubuntu.  The reasons why this is the case have been hashed over
> many, many times. Particularly, the use of GnuTLS which is horribly
> broken being one of the major reasons.  The fact that they are not kept
> up to date with current stable releases is another.
> --Quanah
> -- 
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/