[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Corrupt LDAP DB ...

On Fri, 2005-10-28 at 21:23 -0700, Quanah Gibson-Mount wrote:

> If you've ever read the changelog of OpenLDAP 2.2, you'll quickly 
> understand that 2.2.13 was a very unstable release (and so were several 
> after it).  Anyone using the RedHat distributed version of OpenLDAP for a 
> directory service is simply asking for trouble.  A very large number of 
> problems coming in to the list can get traced straight back to the fact 
> that the person is using RedHat's OpenLDAP version.  Is it good for client 
> bits like pam_ldap? most likely.  Is it good for running a directory 
> service? Definately not.  I'll note they linked OpenLDAP against BDB 4.3, 
> and yet they avoided 4.3 for their RedHat DS after seeing the discussions 
> about it on the OpenLDAP software list.  Is RedHat the only distro that 
> doesn't do a very good job of keeping their OpenLDAP bits current? no, they 
> certainly aren't.  But historically they've been the worst.  I'd be more 
> than happy to see it improved.
I certainly recognize how you feel and don't want to occupy the list
with this...

I have a few clients with 25 or less employees. I am getting a lot of
usage out of 2.2.13 without any stability issues - pam_ldap, samba, user
address books. It works, I must be stupid then because I don't want to
run up the cost for these clients by building them a more current and
reputedly more stable directory.

for the record...
RHEL 3.x db4-4.1.25
RHEL 4.x db4-4.2.52 (incl 2 patches per the changelog)

The changelog for openldap (base/clients/servers) doesn't show too many
changes since migrating to 2.2.13 so it's likely that most of the
changes since then haven't made their way into openldap on RHEL 4.x. 

Not everyone uses openldap to run large structure but it's comforting to
know that it can be and is done.

Wittingly or unwittingly, the typical RHEL user isn't clamoring for an
up to date openldap, something that is stable definitely and Red Hat is
committed to delivering stable openldap and in a way, telling a RHEL
user to compile his own rather than directing him to bugzilla the
problems with Red Hat doesn't put any pressure on Red Hat to
patch/update. You can't lose sight of the squeeky wheel getting grease.
I would bugzilla it but I currently don't have problems on any of the
RHEL 4 systems that I administrate.

I gather that most savvy admins do their own compiling from source
anyway and the distribution packages handle the low hanging fruit of
ldap. Just a perspective that telling some users that their
implementation of openldap is old and bug ridden probably isn't always
germane to their issue.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.