[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from slapd 2.3 to 2.4



Hi!

We seem to be going around in circles.

Once I get my new machine in place using the old .conf file, Ill come back to conversion and dilligently follow your advice.

Thanks,

Bobby

On May 21, 2012, at 2:03 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:

> --On Monday, May 21, 2012 1:58 PM -0400 Bobby Krupczak <rdk@krupczak.org> wrote:
> 
>> Hi!
>> 
>> I'm not sure I understand your point.  I used the client and server
>> builds that came with fedora.  If I don't use their server build, I'd
>> have to go re-build it, yes?  If I had to do that with other packages,
>> I'd double my work.  Also, the distros issue patches and it's nice to
>> have them pushed out to me.  I'm not sure why we're discussing the merits
>> of distros or not to distro.
> 
> You can take the advise of someone who has been running OpenLDAP for over a decade, or you can continue to fail.  Your choice.  My point was, you can build the OpenLDAP binaries out to your own custom location for running it as a server, and leave the distro build in place for anything that is linked to its libraries.
> 
> I will also note that distro "patches" for OpenLDAP are not updating OpenLDAP to current versions.  They are purely backports of a specific security issue.  Backports of actual later releases are not done by most distros, and especially not rhel/fedora.
> 
> I would strongly advise reading:
> <http://www.openldap.org/faq/data/cache/1456.html>
> and
> <http://www.openldap.org/software/release/changes.html>
> 
>> Anyway, I'm really struggling with conf to olc migration and the lack of
>> tls primitives.  If this a bug in 2.4.26, I get that and will
>> download/build a later version but if it's not, I'm not sure what the
>> payoff is.
> 
> In your last email, you failed to show the source of your "find" command. As has been mentioned more than once now, no one else is having them fail to migrate.  It still remains entirely possible you are looking in the wrong location.
> 
> Here's an example of helpful output:
> root@zre-ldap004:/opt/zimbra/data/ldap/config# pwd
> /opt/zimbra/data/ldap/config
> root@zre-ldap004:/opt/zimbra/data/ldap/config# ls
> cn=config  cn=config.ldif
> root@zre-ldap004:/opt/zimbra/data/ldap/config# grep -i olctls *
> cn=config.ldif:olcTLSCertificateFile: /opt/zimbra/conf/slapd.crt
> cn=config.ldif:olcTLSCertificateKeyFile: /opt/zimbra/conf/slapd.key
> cn=config.ldif:olcTLSCACertificatePath: /opt/zimbra/conf/ca
> cn=config.ldif:olcTLSCRLCheck: none
> cn=config.ldif:olcTLSVerifyClient: never
> 
> --Quanah
> 
> --
> 
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration