[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: max open files

--On Thursday, March 18, 2010 8:46 AM -0400 Alex McKenzie <alex@chem.umass.edu> wrote:

I've been following the list for around a year, and I understand the
difficulties involved in supporting old versions, but the simple fact
is, most of us don't have time to custom compile all our server
software.  My Ubuntu-default installs of Apache, postfix, SSH, and just
about everything else work fine and can be supported by their
developers.  It's only LDAP (and a few things in beta) that absolutely
have to run the newest version at all times.  I chose to accept a
limited feature-set and bullied GnuTLS into working "well enough" for
our limited LDAP environment, but if I ever find an alternative, I'll be
moving away from LDAP to whatever that is.

For a moment, consider our frustration. Debian/Ubuntu, because of their issues with the OpenSSL license, build against GnuTLS. Which is a known security risk (<http://www.openldap.org/lists/openldap-devel/200802/msg00072.html>), and also known to have tons of problems in working with OpenLDAP. RedHat built their OpenLDAP against BDB 4.3 at one point, even though this was a known bad version of BDB, and the configure script would deliberately quit if it was encountered, so RH hacked configure instead of bothering to study why this was a problem. Distributions also make specific decisions on how to compile OpenLDAP (i.e., which options to use), that are not always best suited to end users who want a production LDAP server.

While I agree most applications are easily and readily used with what is compiled by OS distributors. But as is stated in the FAQ, and which is a point people still continue to miss, is that the builds from OS distros are geared toward providing the LDAP libraries for other clients (such as postfix, etc). They are not geared towards running OpenLDAP as a production service. Which is why we recommend over and over and over again to avoid using them. If they happen to work for you great. If they don't, then either support requests need to be taken to the distro provider, or a build of the latest stable release needs to be used.

Consider your case, where you are using OpenLDAP 2.4.7, which was the first public experimental release of 2.4. Read over the change log at the hundreds, if not over a thousand at this point, bugs that were fixed since then. As to your note about adding new features, all new branches, like 2.4 was at the time 2.4.7 was released, are open for new features until development is stabilized and it is feature frozen. OpenLDAP 2.4 has been feature frozen for a very long time now. This is not an unusual development pattern.

So yes, if someone wants support for a problem they are experiencing, then they need to show that the problem exists in the current stable release. This also is not an uncommon practice. You may find it frustrating, but we find it frustrating to be inundated with requests for help on issues that were long ago fixed.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration