[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Value of contextCSN not persisted

To: "Torsten Schlabach (Tascel eG)" <tschlabach@tascel.net>
Subject: Re: Value of contextCSN not persisted
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 21 Dec 2011 10:55:22 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <dfb44cf05d1f8a9c3e3e0d730cc4149d@imap.tascel.net>
References: <1fdb2344ab642f092a3154d82fb3ff42@imap.tascel.net> <050727867B1569F559E900E9@[192.168.1.20]> <BE0B84135CE4D3D94D1BEC7E@[192.168.1.20]> <dfb44cf05d1f8a9c3e3e0d730cc4149d@imap.tascel.net>

--On Wednesday, December 21, 2011 4:36 PM +0000 "Torsten Schlabach (TasceleG)" <tschlabach@tascel.net> wrote:

We're using OpenLDAP 2.4.23 on Debian Linux. The backend is a

back-hdb.


Upgrade.



Actually, yes, newer is better most of the time in OSS land, but still, in
a production system IMO you cannot upgrade your software every week, can
you?

Certainly no one is asking that be done. In fact, OpenLDAP has a fairlyslow release cycle. However, it also can be expected to updateperiodically.

The other part of the problem is that OpenLDAP is releasing a lot faster
than most distros manage to update their packages. For example, in Debian
right now they are working on getting 2.4.25 into "experimental" while
you're at 2.4.28 already. On average, Debian as well as Ubuntu and others
are frequently 2-3 releases behind the current one.

This question has come up so often that the Debian maintainers actuallycontributed an FAQ on the topic:<http://www.openldap.org/faq/data/cache/1456.html>

You may find it helpful. Debian also has the complication that they wantto build OpenLDAP against GnuTLS, which has caused all sorts of nastyproblems, and GnuTLS remains an additional security risk as well due thethe way in which it is coded. When using Debian/Ubuntu, I always advisepeople to (a) build their own packages and (b) ensure they are linkedagainst OpenSSL instead of GnuTLS.

I would also strongly advise you to read the change history between 2.4.23and at least 2.4.26.<http://www.openldap.org/software/release/changes.html>

And yes, I personally build and upgrade OpenLDAP for the various productionenvironments I've worked in, both at my previous job and my current job. Ialso don't build out every release. There are clearly times when it isn'tnecessary. However, in Debian's case, neither 2.4.23 or 2.4.25 are what Iwould consider suitable releases for a production OpenLDAP installation.2.4.26 has been quite good for me, and I'll be moving to 2.4.28 in the nearfuture.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Value of contextCSN not persisted
  - From: "Torsten Schlabach (Tascel eG)" <tschlabach@tascel.net>
- Re: Value of contextCSN not persisted
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Value of contextCSN not persisted
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Value of contextCSN not persisted
  - From: "Torsten Schlabach (Tascel eG)" <tschlabach@tascel.net>

Prev by Date: Re: Value of contextCSN not persisted
Next by Date: Ldap problems in paradise, working with suse 12.1 miles stone 5
Index(es):
- Chronological
- Thread