[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP - versioning/stability questions

To: "Richard L. Goerwitz III" <richard@goerwitz.com>, openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP - versioning/stability questions
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 21 Feb 2005 10:02:58 -0800
Content-disposition: inline
In-reply-to: <421A017A.9020604@goerwitz.com>
References: <20050219185445.GB88328@black.fajita.org> <87psyva42o.fsf@pumba.bayour.com> <421A017A.9020604@goerwitz.com>

--On Monday, February 21, 2005 9:42 AM -0600 "Richard L. Goerwitz III" <richard@goerwitz.com> wrote:

The two main Linux distros, SUSE and RedHat, are shipping OpenLDAP.
In the case of RedHat Enterprise Linux 4.0 (recently announced and
now available for download), OpenLDAP 2.2.13 is being used.

I wonder if anyone here can comment on this decision.

For example, is 2.2.13 particularly stable?  Or is this simply the
the most recent stable version was when RHEL 4.0 went beta or when
they had a version freeze on software going into that release?

Anyone know?

As for OpenLDAP, is there a particular version in the 2.2.x series
that's regarded as particularly stable, and that could serve as
the basis for a major directory installation for 18 - 24 months?

(18-24 months is a typical lifecycle at an institution like mine.
It's hard to maintain software that, aside from basic patching, needs
serious work, or gets us into support problems, on anything less
than an 18 month cycle [and even that can be tight].  This isn't
atypical in my experience, at least in higher ed.)

I see the versions of OpenLDAP shipped with a particular linux distribution as the local client libraries, and they should not be confused with what to use for running a directory service. I've been running OpenLDAP as Stanford's directory service since April of 2003, and just as with any service, you need to update and maintain it regularly. Since you say you are willing to support basic patching, just think of each release as a patch against the previous release, since that is essentially what it is. I personally wouldn't run with anything less than OpenLDAP 2.2.23, I would use BDB 4.2.52 + patches, and I would build and install it separately from the client LDAP libraries distributed with a given Linux distribution.

You might find

<http://www.stanford.edu/services/directory/openldap/>

and

<http://www.stanford.edu/services/directory/openldap/configuration/index.html>

useful reading.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Follow-Ups:
- Re: OpenLDAP - versioning/stability questions
  - From: "Richard L. Goerwitz III" <richard@goerwitz.com>

References:
- userPassword: {KERBEROS}/{SASL} help!
  - From: Lewis Thompson <purple@fajita.org>
- Re: userPassword: {KERBEROS}/{SASL} help!
  - From: Turbo Fredriksson <turbo@bayour.com>
- OpenLDAP - versioning/stability questions
  - From: "Richard L. Goerwitz III" <richard@goerwitz.com>

Prev by Date: Re: OpenLDAP - versioning/stability questions
Next by Date: Re: OpenLDAP - versioning/stability questions
Index(es):
- Chronological
- Thread