--On April 4, 2011 3:00:34 PM +0200 Simone Piccardi piccardi@truelite.it wrote:
Hi Simone.
First, keep your replies on the list.
On 01/04/2011 18:11, Quanah Gibson-Mount wrote:
Hi Markus,
While I understand this is often the case with companies, this policy is short sighted. If you want to have a stable, secure, and functional LDAP server, then you need to be able to build OpenLDAP from source.
That's true, but is true also for a lot of other programs.
However, OpenLDAP is an amazingly complex piece of software, which a lot of other programs are not.
And if you need to build everything from source, it will become soon a manutention nightmare (often you have to do so for a lot of different machines).
I didn't say for him to build everything from source. I said to build OpenLDAP from source. Personally, I do build everything that OpenLDAP uses from source myself, short of the kernel & gcc.
So that kind of policy is a must in a lot of cases, and your suggestion cannot be accepted.
I don't care whether or not you accept what I said. It wasn't a suggestion, it is the result of over a decade of experience working with LDAP software from a number of projects.
Not having good packages in a distribution harms everyone, but unfortunately this is a general problem, not affecting just RedHat or OpenLDAP.
Correct. And this is something the OpenLDAP Foundation has zero control over. The distributions decide what OpenLDAP releases they include. The distributions decide what patches they apply to their OpenLDAP builds. The distributions occasionally apply their own patches to OpenLDAP that can break it in horrible ways. Distributions do not update their OpenLDAP builds after they release a particular OS, either. So again, if someone chooses against better advice to use the build a distribution provides, then they need to seek help from those who provide the build they are using. If that is not acceptable to them, then they either need to learn to build OpenLDAP themselves so they can use current releases rather than ones that have had hundreds of bugs fixed since their release, or they should use a version of OpenLDAP that comes with support from a company that provides such a thing. Symas is a good example of that.
If they choose to use a distribution build, and then contact the OpenLDAP foundation about problems they face with it, the first thing they are going to be asked to do is to upgrade their software. If their policy doesn't allow that, then they need to contact the distributor. Not the foundation.
--Quanah
openldap-technical@openldap.org