[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: starting slapd syboll lookup error





--On Monday, July 18, 2005 10:36 AM +0200 Buchan Milne <bgmilne@obsidian.co.za> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt D. Zeilenga wrote:
This problem is likely specific to the 3rd package of
OpenLDAP Software you are using.  You should contact that
party for assistance.

Maybe you missed my (the maintainer of said 3rd-party packages) responses to Javier's problems, which resulted from him following the advice of the admin guide (http://www.openldap.org/doc/admin23/install.html) to download and compile all the necessary software from source, which resulted in half a 2.2.27 and half a 2.2.23 installation?

Javier solved the problem by (on my advice) removing the
locally-compiled 2.2.27 library from /usr/local/lib and running ldconfig.

I wonder if it may be useful to include a mention that the user should
first check if the software provided by their vendor is relatively
up-to-date, before modifying their installation to a (to the
inexperienced user) difficult to repair state?

If not, maybe I will patch the version of the admin guide we ship so we
don't have users shoot themselves in the foot when following it
(although, I don't know if this would have helped Javier, since he
probably read the on-line copy).

Surely someone just installing OpenLDAP the first time (and who may not
necessarily be experienced in building software from source) should
rather stick with the packages provided, maintained (from a security
updates point of view at least) and supported (in terms of
application-level support, integration with other packages and updates
between releases of the vendor's product) by the vendor rather than
compile everything from source

I think part of the problem here is even suggesting people mess with the vendor maintained LDAP libraries. Although Buchan does an excellent job of keeping his distro's versions of OpenLDAP up to date, many do not, with an unnamed large corporation that distributes linux being one of the worst offenders. If we are going to suggest that people build their own LDAP installation, we should at least caveat that they build it into a location completely separate from the distributions LDAP libraries (like /opt, /usr/local, etc).


--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html