--On Tuesday, January 12, 2016 2:55 PM -0500 Katherine Faella <kmf(a)uri.edu>
I was afraid you were going to ask that. We are running the Redhat
supported 2.4.40-7.el6_7. We have a policy here of sticking with the
redhat supported releases of packages since our staff is so small.
Unfortunately, that is a very flawed policy. In addition to 2.4.40 being a
problematic release, RedHat links OpenLDAP to insecure and buggy SSL
libraries (MozNSS). Thankfully, RH has dropped this approach for the
future, but folks are still stuck with it for now. Also, RedHat generally
will not truly offer you support on the OpenLDAP they ship. Issues that
arise by using their packages should be directed to RedHat support, but
good luck getting a resolution.
If you're unable to build and deploy OpenLDAP on your own, then you may be
interested in the LTB project packages, which are linked to OpenSSL and are
kept current. They provide both RHEL and Debian/Ubuntu repositories.
Finally, if you require support for your OpenLDAP deployment, then it's
generally best to run the Symas builds of OpenLDAP and have a support
contract with them.
As for the ACL issue in question here, I can confirm it works as designed
in my deployments.
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc