Nicholas Dronen wrote:
> Hi, Pierangelo:
>
> Unfortunately, we're more or less at the mercy of Red Hat when it
> comes to the versions of packages that are included in their
> distribution.  We use a commercial version, not Fedora, for support
> reasons.  In this particular case, the fact that we were exceeding the
> default limit of 1024 file descriptors for select(2) resulted in
> pam_authenticate blocking for up to four minutes, which is a huge
> problem in a production system, enough to justify including a rebuilt
> RPM.  Generally, JPam's use of libldap is pretty simple -- just enough
> to bind and authenticate a user -- so as long as that basic
> functionality works as desired, we should be okay with 2.3.27.

> <http://2.3.27.> :-)  If we're not, then we'll have to include our own
> RPM.
I would say you're at the mercy of redhat 'cause you want to.
You are free to package your own version of openldap and install it on
your system without losing support from RH as long as it doesn't
interfere with RH existing packages.
We deploy our own openldap rpm to our customers. It installs in
/opt/ldap, is up-to-date with recommened versions of openssl,
cyrus-sasl, berkeleydb and anything else it could need (it's latest
OpenLDAP, of course), has its own init script, man pages and so on.
So it's up to you...