[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to Mirror 2 OpenLDAP servers



--On Thursday, September 04, 2014 3:30 PM -0700 Quanah Gibson-Mount <quanah@zimbra.com> wrote:

--On Thursday, September 04, 2014 10:14 PM +0000 Sterling Sahaydak
<sterling.sahaydak@pi-coral.com> wrote:


Just updated slapd.conf with CA Certs and trying to get mirroring
synchronization to work.

Running into the following:

slapd -d sync
@(#) $OpenLDAP: slapd 2.4.23 (Feb  3 2014 19:11:35) $

Don't waste your time using this build, as you were already informed on
IRC.

Since you quit IRC in a huff, I'll give you some follow on thoughts:

a) It is not the community's job to support the broken builds that RHEL created. They are known to have numerous problems, some of which were inflicted by RH itself by doing custom patches against OpenLDAP.

b) 2.4.23 is over 4 years old at this point. There have been numerous bugs fixed since that release, particularly around MMR.

c) RHEL links to the non-standard NSS encryption libraries, which are utterly broken in concept, which may be the cause of your cert issues

d) There are freely available current alternatives to using the crap shipped by RHEL if you are not comfortable with building OpenLDAP yourself. You should investigate using them rather than complaining that the community is refusing to support RHEL's garbage.

Alternatives:
<http://www.symas.com/> - They offer free OpenLDAP builds sanely linked to OpenSSL. They also provide support contracts, with extremely knowledgable staff (The primary openldap developer works for them, for example).

<http://ltb-project.org/wiki/> - They offer free OpenLDAP builds sanely linked to OpenSSL. They also have a support forum for their builds.

--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration