Re: max open files

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday, 18 March 2010 13:46:38 Alex McKenzie wrote:
> I'll be honest:  while LDAP does what I need it to, and is the only tool
> I've found that works well for my purposes, this is why I'm constantly
> looking for another option.  Just about every request for help I see
> come across this list gets an initial response of "Oh, well, you're one
> or two minor versions out of date.  You need to update to the newest
> version before we can help you."

Well, you haven't personally asked any questions on this list in the past 15 
months (AFAICS), and I have personally attempted to provide alternative 
answers to many questions which otherwise got the "upgrade before you bug us 
further" response, besides spending time and effort on providing up-to-date 
packages for two different distributions.

> Software that unstable is not, in my view, really suited to a production
> environment.  If the OpenLDAP developers -- who, overall, do an
> excellent job -- can't come up with a stable release every six months or
> so, there's a problem.

Well, the 2.3.x series was very stable for me in production. 2.3.43 has been 
running flawlessly for almost 2 years, and I switched to 2.3 at around 2.3.11 
(and experienced one or two real bugs which were fixed during 2.3.x).

If you don't need the latest features from 2.4, it is also quite stable. The 
multi-master code has taken a while to reach stability, but you should really 
consider carefully if you *need* it. With OpenLDAP almost never failing, 
environments that can't afford a few minutes of downtime a year for critical 
kernel security updates should consider HA solutions instead of MMR.

> If there are so many major flaws that running a
> month old version means it's unsupportable, that's an even bigger problem.
> 
> I've been following the list for around a year, and I understand the
> difficulties involved in supporting old versions, but the simple fact
> is, most of us don't have time to custom compile all our server
> software.  My Ubuntu-default installs of Apache, postfix, SSH, and just
> about everything else work fine and can be supported by their
> developers.  It's only LDAP (and a few things in beta) that absolutely
> have to run the newest version at all times.  I chose to accept a
> limited feature-set and bullied GnuTLS into working "well enough" for
> our limited LDAP environment, but if I ever find an alternative, I'll be
> moving away from LDAP to whatever that is.

Maybe you should consider a different distribution, at least for your LDAP 
servers, or consider spending your time improving the Debian/Ubuntu packages.

> And please -- nobody take this as an attack.  I really do respect the
> OpenLDAP development team, and the people on this list do their best to
> help everyone, even those of us using old versions.  I just question the
> long-term viability of a system that needs to be recompiled as often as
> OpenLDAP seems to.

As I showed, depending on the features you need, this isn't a necessity. And, 
even if it is a necessity, there's no reason you should need to do it 
yourself. That's what distributions are for.

<punt>
All supported versions of Mandriva typically get the latest version of 
OpenLDAP in their backports repo within 2 weeks of the upstream source 
release. Rebuilds of those packages for Red Hat/CentOS 5 follow as and when I 
have time to build and upload manually.
</punt>

Regards,
Buchan