--On Thursday, August 28, 2008 8:04 AM -0600 Nicholas Dronen ndronen@gmail.com wrote:
Unfortunately, we're more or less at the mercy of Red Hat when it comes to the versions of packages that are included in their distribution. We use a commercial version, not Fedora, for support reasons. In this particular case, the fact that we were exceeding the default limit of 1024 file descriptors for select(2) resulted in pam_authenticate blocking for up to four minutes, which is a huge problem in a production system, enough to justify including a rebuilt RPM. Generally, JPam's use of libldap is pretty simple -- just enough to bind and authenticate a user -- so as long as that basic functionality works as desired, we should be okay with 2.3.27. :-) If we're not, then we'll have to include our own RPM.
Basing the OpenLDAP *server* you run on based on the version of OpenLDAP in RedHat is an extremely flawed and broken approach, that will only open yourself to heartache. Their RPM's are years out of date, and missing critical fixes. You need to understand that the OpenLDAP included in their release is to provide the client API, not a stable OpenLDAP server. For that, you need to use up to date versions of OpenLDAP. Buchan Milne provides pre-built RPMs for RedHat, and Symas Corp provides prebuilt builds of OpenLDAP that support can be purchased for. Either of those options are thousands of times more desirable than what RedHat ships.
Buchan's stuff: http://staff.telkomsa.net/packages/ Symas's stuff: http://www.symas.com/
FAQ entry you should read: http://www.openldap.org/faq/data/cache/1456.html
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration