Hi!
It was easy running the slaptest utility -- you are correct. The output wasn't so easy to figure out with duplicate schema entries, tls being dropped, etc.
I saw that redhat uses nss and I'll have to confess that I don't understand the technical and political reasons for this. They (redhat) allege at it should be transparent to me.
Anyway, thanks for the suggestions. When I get my machine in place, I'll get back to converting the config and will post my workarounds.
Thanks,
Bobby
On May 21, 2012, at 4:30 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Monday, May 21, 2012 4:09 PM -0400 Bobby Krupczak rdk@krupczak.org wrote:
Hi!
OpenLDAP's dynamic configuration mechanism was released in 2005. It does not change every other release. It's not our fault if your distro is so behind the times.
Interesting. My machine is admittedly a little out of date but given how much fun it is to upgrade these various services, you have all grant me just a tiny amount of slack. The old machine is running openldap 2.3.30 circa 2007.
Also, if the new config format has been out that long, I'm kinda surprised that the config conversion has been so hard.
Conversion is not difficult at all. You use the slaptest utility to convert a conf file to cn=config. That is a single command. It would be hard to get any simpler than that.
I believe the majority of your issues stem from using your distributions build. For example, you are using Fedora. Fedora links OpenLDAP to NSS rather than the standardized OpenSSL. That NSS support was written by RedHat, and has had a large number of issues, which are still in the process of being resolved. If you were to follow my advice, and build your own OpenLDAP, linked to the industry standard OpenSSL, a large number of the problems you have encountered would simply go away.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration