[Date Prev][Date Next]
Re: Value of contextCSN not persisted
--On Wednesday, December 21, 2011 4:36 PM +0000 "Torsten Schlabach (Tascel
eG)" <firstname.lastname@example.org> wrote:
We're using OpenLDAP 2.4.23 on Debian Linux. The backend is a
Actually, yes, newer is better most of the time in OSS land, but still, in
a production system IMO you cannot upgrade your software every week, can
Certainly no one is asking that be done. In fact, OpenLDAP has a fairly
slow release cycle. However, it also can be expected to update
The other part of the problem is that OpenLDAP is releasing a lot faster
than most distros manage to update their packages. For example, in Debian
right now they are working on getting 2.4.25 into "experimental" while
you're at 2.4.28 already. On average, Debian as well as Ubuntu and others
are frequently 2-3 releases behind the current one.
This question has come up so often that the Debian maintainers actually
contributed an FAQ on the topic:
You may find it helpful. Debian also has the complication that they want
to build OpenLDAP against GnuTLS, which has caused all sorts of nasty
problems, and GnuTLS remains an additional security risk as well due the
the way in which it is coded. When using Debian/Ubuntu, I always advise
people to (a) build their own packages and (b) ensure they are linked
against OpenSSL instead of GnuTLS.
I would also strongly advise you to read the change history between 2.4.23
and at least 2.4.26.<http://www.openldap.org/software/release/changes.html>
And yes, I personally build and upgrade OpenLDAP for the various production
environments I've worked in, both at my previous job and my current job. I
also don't build out every release. There are clearly times when it isn't
necessary. However, in Debian's case, neither 2.4.23 or 2.4.25 are what I
would consider suitable releases for a production OpenLDAP installation.
2.4.26 has been quite good for me, and I'll be moving to 2.4.28 in the near
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration