[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating openldap db backend from ibdm to bdb





--On Monday, February 26, 2007 8:19 PM +0100 Hallvard B Furuseth <h.b.furuseth@usit.uio.no> wrote:

Quanah Gibson-Mount writes:
Using vendor packages to run an OpenLDAP server is nearly always a bad
idea (Mandriva's a definite exception).  There is almost nothing that
motivates the vendor to use current releases, or backport stability
fixes.  There are known problems with the connection code in OL
2.3.27, for example, that were fixed in OpenLDAP 2.3.32.  In general,
use vendor packages at extreme risk.

Is there something particular which makes this more so for OpenLDAP than other packages, or are OpenLDAP releases more buggy than other packages, or are existing bugs more likely to be fatal, or...?

I had the impression that this was mostly a RedHat issue.  But if it's
more general, it sounds like the only likely fix would be in OpenLDAP
or the release methods or something.

The distro operators are generally interested in one thing -- The LDAP C api, and the libraries provided by OpenLDAP. Using the software to actually run a slapd server is not something they particularly worry about. The only bugs they tend to backport are those ones involving a security vulnerability. I've tried for a few months now to get the Debian folks to pick up the connection code patch from 2.3.32 and apply it to their distribution. I'm still hopeful that they'll do it, but I removed myself from their packaging list after it became clear that creating a quality package in support of upstream was not anything they were interested in.


--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html