--On Tuesday, January 12, 2016 2:55 PM -0500 Katherine Faella kmf@uri.edu wrote:
I was afraid you were going to ask that. We are running the Redhat 6 supported 2.4.40-7.el6_7. We have a policy here of sticking with the redhat supported releases of packages since our staff is so small.
Unfortunately, that is a very flawed policy. In addition to 2.4.40 being a problematic release, RedHat links OpenLDAP to insecure and buggy SSL libraries (MozNSS). Thankfully, RH has dropped this approach for the future, but folks are still stuck with it for now. Also, RedHat generally will not truly offer you support on the OpenLDAP they ship. Issues that arise by using their packages should be directed to RedHat support, but good luck getting a resolution.
If you're unable to build and deploy OpenLDAP on your own, then you may be interested in the LTB project packages, which are linked to OpenSSL and are kept current. They provide both RHEL and Debian/Ubuntu repositories.
Finally, if you require support for your OpenLDAP deployment, then it's generally best to run the Symas builds of OpenLDAP and have a support contract with them.
As for the ACL issue in question here, I can confirm it works as designed in my deployments.
Regards, Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc