Alex McKenzie alex@chem.umass.edu writes:
I'll be honest: while LDAP does what I need it to, and is the only tool I've found that works well for my purposes, this is why I'm constantly looking for another option. Just about every request for help I see come across this list gets an initial response of "Oh, well, you're one or two minor versions out of date. You need to update to the newest version before we can help you."
Software that unstable is not, in my view, really suited to a production environment. If the OpenLDAP developers -- who, overall, do an excellent job -- can't come up with a stable release every six months or so, there's a problem. If there are so many major flaws that running a month old version means it's unsupportable, that's an even bigger problem.
I've been following the list for around a year, and I understand the difficulties involved in supporting old versions, but the simple fact is, most of us don't have time to custom compile all our server software. My Ubuntu-default installs of Apache, postfix, SSH, and just about everything else work fine and can be supported by their developers. It's only LDAP (and a few things in beta) that absolutely have to run the newest version at all times. I chose to accept a limited feature-set and bullied GnuTLS into working "well enough" for our limited LDAP environment, but if I ever find an alternative, I'll be moving away from LDAP to whatever that is.
And please -- nobody take this as an attack. I really do respect the OpenLDAP development team, and the people on this list do their best to help everyone, even those of us using old versions. I just question the long-term viability of a system that needs to be recompiled as often as OpenLDAP seems to.
If you don't want to, or don't need to maintain an uptodate openldap version, feel free to stick to your distribution, if you require support, ask your distribution maintainer or an appropriate mailing list of your distribution.
-Dieter