[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from slapd 2.3 to 2.4

--On Monday, May 21, 2012 4:09 PM -0400 Bobby Krupczak <rdk@krupczak.org> wrote:


OpenLDAP's dynamic configuration mechanism was released in 2005. It
does not change every other release. It's not our fault if your
distro is so behind the times.

Interesting.  My machine is admittedly a little out of date but given
how much fun it is to upgrade these various services, you have all
grant me just a tiny amount of slack.  The old machine is running
openldap 2.3.30 circa 2007.

Also, if the new config format has been out that long, I'm kinda
surprised that the config conversion has been so hard.

Conversion is not difficult at all. You use the slaptest utility to convert a conf file to cn=config. That is a single command. It would be hard to get any simpler than that.

I believe the majority of your issues stem from using your distributions build. For example, you are using Fedora. Fedora links OpenLDAP to NSS rather than the standardized OpenSSL. That NSS support was written by RedHat, and has had a large number of issues, which are still in the process of being resolved. If you were to follow my advice, and build your own OpenLDAP, linked to the industry standard OpenSSL, a large number of the problems you have encountered would simply go away.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration