[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Adding read-only consumers to a Mirror Mode Replication setup?
Hi,
* Michael Ströder <michael@stroeder.com> [20181024 03:26]:
> On 10/23/18 8:44 PM, Jean-Francois Malouin wrote:
<snip>
>
> > Finally, should I rather consider the LTB project for Debian OpenLDAP as been
> > mentioned in some other threads rather than using the Debian backports? I'm a
> > bit reluctant to roll my own packaging from source.
>
> The recommendation for LTB builds have two reasons:
>
> 1. At some times Debian packages were far behind OpenLDAP's releases
> while LTB package updates are most times published a couple of days
> after an OpenLDAP release.
>
> 2. Debian, and only Debian, links OpenLDAP with GNUTLS because they have
> some old licensing paranoia regarding OpenSSL. This caused trouble in
> the past. Forgot the details, not sure about the current state.
>
> Bear in mind on Debian: The GNUTLS wrapper in OpenLDAP does not return
> TLS related error messages as diagnostic message to the client. So if
> cert validation fails at the client side the only message you see is
> "Server Down". People then look for connection problems and do not get
> the idea to look after cert config error. The OpenSSL wrapper returns a
> text message from the OpenSSL libs as diagnostic message.
The GnuTLS stuff I'm well aware of, and infuriated at it as I've been at the
receiving end of it a few times too many! Just for that, if I had known at the
time, would have been reason enough to try the LTB builds!
> > Sorry for the very naive questions, I'm still fairly new to OpenLDAP!
>
> Your questions are not naive. You're welcome asking here.
>
> Ciao, Michael.
Again, thank you for your comments.
regards,
jf