[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Removing olcAccess entry
- To: Katherine Faella <kmf@uri.edu>
- Subject: Re: Removing olcAccess entry
- From: Quanah Gibson-Mount <quanah@zimbra.com>
- Date: Mon, 01 Feb 2016 08:50:37 -0800
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.10.3 edge01.zimbra.com 1C9D44428B
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1454345469; bh=rhsqKa6PW4tWCJp/LhTb1Y4K1F+RNf01CerEyvECLXg=; h=Date:From:To:Message-ID:MIME-Version; b=QARad+WapYegJzGfBpv+Is+ti+Jo4qN/7N6t7Rs26qr2u9fstzVFOqO8MQY+2r3qg +PheBLX+Hh9p8cmH+5dEB3lOEws1aYY6JG9dyjsfjx9BCUh6ktz5itTuLxVHd9thIB gSuBjWdW+oM32OaYkAAVFzVMmXs7mde8HpOlcrAM=
- In-reply-to: <CAOWsejKwPPY+U7qxJYP_E3WiPWU=Q4LJaP-SCfp4LbdxTpcrKA@mail.gmail.com>
- References: <CAOWsejKaHsybZrmQrYhtpyUxBA8e60BoUkMobWcvc60HU+TQqw@mail.gmail.com> <E7D2D958-B1C0-4591-93AD-54885D33B9CD@bitrate.net> <56955031.1050204@symas.com> <CAOWsej+T1rELeSDQbDRe4Kz-s3j9CCC5QB8EKJCgwRPsGcJUEA@mail.gmail.com> <FB684FF8BB30B1A42093982B@192.168.1.9> <CAOWsejKwPPY+U7qxJYP_E3WiPWU=Q4LJaP-SCfp4LbdxTpcrKA@mail.gmail.com>
--On Tuesday, January 12, 2016 2:55 PM -0500 Katherine Faella <kmf@uri.edu>
wrote:
I was afraid you were going to ask that. We are running the Redhat 6
supported 2.4.40-7.el6_7. We have a policy here of sticking with the
redhat supported releases of packages since our staff is so small.
Unfortunately, that is a very flawed policy. In addition to 2.4.40 being a
problematic release, RedHat links OpenLDAP to insecure and buggy SSL
libraries (MozNSS). Thankfully, RH has dropped this approach for the
future, but folks are still stuck with it for now. Also, RedHat generally
will not truly offer you support on the OpenLDAP they ship. Issues that
arise by using their packages should be directed to RedHat support, but
good luck getting a resolution.
If you're unable to build and deploy OpenLDAP on your own, then you may be
interested in the LTB project packages, which are linked to OpenSSL and are
kept current. They provide both RHEL and Debian/Ubuntu repositories.
Finally, if you require support for your OpenLDAP deployment, then it's
generally best to run the Symas builds of OpenLDAP and have a support
contract with them.
As for the ACL issue in question here, I can confirm it works as designed
in my deployments.
Regards,
Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc