[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from slapd 2.3 to 2.4

To: Bobby Krupczak <rdk@krupczak.org>
Subject: Re: Migrating from slapd 2.3 to 2.4
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 21 May 2012 11:03:54 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <4F16DAFA-3CF8-4676-903A-73BFAEE22E57@krupczak.org>
References: <20120520173135.GF3735@smyrna.krupczak.org> <4FBA4B7E.8000403@eurobjects.com> <20120521141156.GO3735@smyrna.krupczak.org> <47BAA969C08973545B1A2A76@[192.168.1.49]> <20120521164409.GW3735@smyrna.krupczak.org> <AF1AC3474D201F03A464C2D0@[192.168.1.49]> <5AC0BD3E-E341-4AF0-8A29-30C5F2F0B064@krupczak.org> <43D8B07BA094CC9668240AC8@[192.168.1.49]> <4F16DAFA-3CF8-4676-903A-73BFAEE22E57@krupczak.org>

--On Monday, May 21, 2012 1:58 PM -0400 Bobby Krupczak <rdk@krupczak.org>wrote:

Hi!

I'm not sure I understand your point.  I used the client and server
builds that came with fedora.  If I don't use their server build, I'd
have to go re-build it, yes?  If I had to do that with other packages,
I'd double my work.  Also, the distros issue patches and it's nice to
have them pushed out to me.  I'm not sure why we're discussing the merits
of distros or not to distro.

You can take the advise of someone who has been running OpenLDAP for over adecade, or you can continue to fail. Your choice. My point was, you canbuild the OpenLDAP binaries out to your own custom location for running itas a server, and leave the distro build in place for anything that islinked to its libraries.

I will also note that distro "patches" for OpenLDAP are not updatingOpenLDAP to current versions. They are purely backports of a specificsecurity issue. Backports of actual later releases are not done by mostdistros, and especially not rhel/fedora.


I would strongly advise reading:
<http://www.openldap.org/faq/data/cache/1456.html>
and
<http://www.openldap.org/software/release/changes.html>

Anyway, I'm really struggling with conf to olc migration and the lack of
tls primitives.  If this a bug in 2.4.26, I get that and will
download/build a later version but if it's not, I'm not sure what the
payoff is.

In your last email, you failed to show the source of your "find" command.As has been mentioned more than once now, no one else is having them failto migrate. It still remains entirely possible you are looking in thewrong location.


Here's an example of helpful output:
root@zre-ldap004:/opt/zimbra/data/ldap/config# pwd
/opt/zimbra/data/ldap/config
root@zre-ldap004:/opt/zimbra/data/ldap/config# ls
cn=config  cn=config.ldif
root@zre-ldap004:/opt/zimbra/data/ldap/config# grep -i olctls *
cn=config.ldif:olcTLSCertificateFile: /opt/zimbra/conf/slapd.crt
cn=config.ldif:olcTLSCertificateKeyFile: /opt/zimbra/conf/slapd.key
cn=config.ldif:olcTLSCACertificatePath: /opt/zimbra/conf/ca
cn=config.ldif:olcTLSCRLCheck: none
cn=config.ldif:olcTLSVerifyClient: never

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>

References:
- Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Nick Milas <nick@eurobjects.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Migrating from slapd 2.3 to 2.4
  - From: Bobby Krupczak <rdk@krupczak.org>

Prev by Date: Re: Migrating from slapd 2.3 to 2.4
Next by Date: Re: Migrating from slapd 2.3 to 2.4
Index(es):
- Chronological
- Thread