On 16/5/2012 11:48 μμ, Michele Mase' wrote:
We have to maintain 500+ custom apps and the skill is not so high, so it's better if we don't touch system related packages.
It would not be really feasible to advise anything without *good* knowledge of your environment, but I guess that you have an internal repo that feeds your servers and a mechanism to submit mass commands (e.g. by mass-uploading cron jobs to all servers). (As a side note, it would be interesting to know some basic details on your workflow.)
RHEL/CentOS 5 OS has, AFAIK, tight integration with the standard 2.3 package so the base package, in all cases I know, is never replaced/upgraded. Rather, a new package is installed and used using non default system paths. This is the approach followed by Buchan's, Symas' and LTB RPMs for CentOS / RHEL 5. (We are using the LTB packages on all - a small number, compared to yours - our servers, now with v2.4.31.)
So, if you want to use OpenLDAP 2.4.x, plan the change well and take care that your system path uses the new ldap* client executables (for LTB you can see: http://tools.ltb-project.org/issues/408), and there is no problem with leaving system files alone (there is no conflict in having installed even all of the above packages at the same time; it's your decision to decide what will be running/used at any one time!).
Yet, despite the effort to migrate, I can assure you that you are going to see enormous OpenLDAP stability improvement moving from 2.3 to 2.4
I am not a real expert, but I am trying to help based on my experiences. Just 2c.
Good luck, Nick