[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from slapd 2.3 to 2.4

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: Migrating from slapd 2.3 to 2.4
From: Bobby Krupczak <rdk@krupczak.org>
Date: Mon, 21 May 2012 16:42:24 -0400
Cc: Howard Chu <hyc@symas.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <4283B049B4703AE2E2DB0A93@[192.168.1.49]>
References: <20120520173135.GF3735@smyrna.krupczak.org> <4FBA4B7E.8000403@eurobjects.com> <20120521141156.GO3735@smyrna.krupczak.org> <47BAA969C08973545B1A2A76@[192.168.1.49]> <20120521164409.GW3735@smyrna.krupczak.org> <AF1AC3474D201F03A464C2D0@[192.168.1.49]> <5AC0BD3E-E341-4AF0-8A29-30C5F2F0B064@krupczak.org> <4FBA8F4A.30007@symas.com> <20120521200918.GB3735@smyrna.krupczak.org> <4283B049B4703AE2E2DB0A93@[192.168.1.49]>

Hi!

It was easy running the slaptest utility -- you are correct.  The output wasn't so easy to figure out with duplicate schema entries, tls being dropped, etc.

I saw that redhat uses nss and I'll have to confess that I don't understand the technical and political reasons for this.  They (redhat) allege at it should be transparent to me.

Anyway, thanks for the suggestions.  When I get my machine in place, I'll get back to converting the config and will post my workarounds.

Thanks,

Bobby

On May 21, 2012, at 4:30 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:

> --On Monday, May 21, 2012 4:09 PM -0400 Bobby Krupczak <rdk@krupczak.org> wrote:
> 
>> Hi!
>> 
>>> OpenLDAP's dynamic configuration mechanism was released in 2005. It
>>> does not change every other release. It's not our fault if your
>>> distro is so behind the times.
>> 
>> Interesting.  My machine is admittedly a little out of date but given
>> how much fun it is to upgrade these various services, you have all
>> grant me just a tiny amount of slack.  The old machine is running
>> openldap 2.3.30 circa 2007.
>> 
>> Also, if the new config format has been out that long, I'm kinda
>> surprised that the config conversion has been so hard.
> 
> Conversion is not difficult at all.  You use the slaptest utility to convert a conf file to cn=config.  That is a single command.  It would be hard to get any simpler than that.
> 
> I believe the majority of your issues stem from using your distributions build. For example, you are using Fedora.  Fedora links OpenLDAP to NSS rather than the standardized OpenSSL.  That NSS support was written by RedHat, and has had a large number of issues, which are still in the process of being resolved.  If you were to follow my advice, and build your own OpenLDAP, linked to the industry standard OpenSSL, a large number of the problems you have encountered would simply go away.
> 
> --Quanah
> 
> 
> --
> 
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Nick Milas <nick@eurobjects.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Howard Chu <hyc@symas.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Migrating from slapd 2.3 to 2.4
Next by Date: Re: Migrating from slapd 2.3 to 2.4
Index(es):
- Chronological
- Thread