[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Value of contextCSN not persisted

--On Wednesday, December 21, 2011 4:36 PM +0000 "Torsten Schlabach (Tascel eG)" <tschlabach@tascel.net> wrote:

We're using OpenLDAP 2.4.23 on Debian Linux. The backend is a


Actually, yes, newer is better most of the time in OSS land, but still, in
a production system IMO you cannot upgrade your software every week, can

Certainly no one is asking that be done. In fact, OpenLDAP has a fairly slow release cycle. However, it also can be expected to update periodically.

The other part of the problem is that OpenLDAP is releasing a lot faster
than most distros manage to update their packages. For example, in Debian
right now they are working on getting 2.4.25 into "experimental" while
you're at 2.4.28 already. On average, Debian as well as Ubuntu and others
are frequently 2-3 releases behind the current one.

This question has come up so often that the Debian maintainers actually contributed an FAQ on the topic: <http://www.openldap.org/faq/data/cache/1456.html>

You may find it helpful. Debian also has the complication that they want to build OpenLDAP against GnuTLS, which has caused all sorts of nasty problems, and GnuTLS remains an additional security risk as well due the the way in which it is coded. When using Debian/Ubuntu, I always advise people to (a) build their own packages and (b) ensure they are linked against OpenSSL instead of GnuTLS.

I would also strongly advise you to read the change history between 2.4.23 and at least 2.4.26.<http://www.openldap.org/software/release/changes.html>

And yes, I personally build and upgrade OpenLDAP for the various production environments I've worked in, both at my previous job and my current job. I also don't build out every release. There are clearly times when it isn't necessary. However, in Debian's case, neither 2.4.23 or 2.4.25 are what I would consider suitable releases for a production OpenLDAP installation. 2.4.26 has been quite good for me, and I'll be moving to 2.4.28 in the near future.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration