Hi!OpenLDAP's dynamic configuration mechanism was released in 2005. It does not change every other release. It's not our fault if your distro is so behind the times.Interesting. My machine is admittedly a little out of date but given how much fun it is to upgrade these various services, you have all grant me just a tiny amount of slack. The old machine is running openldap 2.3.30 circa 2007. Also, if the new config format has been out that long, I'm kinda surprised that the config conversion has been so hard.
Conversion is not difficult at all. You use the slaptest utility to convert a conf file to cn=config. That is a single command. It would be hard to get any simpler than that.
I believe the majority of your issues stem from using your distributions build. For example, you are using Fedora. Fedora links OpenLDAP to NSS rather than the standardized OpenSSL. That NSS support was written by RedHat, and has had a large number of issues, which are still in the process of being resolved. If you were to follow my advice, and build your own OpenLDAP, linked to the industry standard OpenSSL, a large number of the problems you have encountered would simply go away.
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration