--On Wednesday, February 23, 2022 4:35 PM +0000 Aaron Bennett abennett@clarku.edu wrote:

Hi,

I'm migrating a small two-node OpenLDAP cluster from CentOS 7 to Rocky 8. I've been maintaining my own openldap rpms forked off of the RHEL 7 srpms, edited to link against OpenSSL instead of the never-to-be-sufficiently-d*mned GnuTLS. Now that there is no official openldap build from RedHat, I'm evaluating my choices.

Essentially it comes down to these:

1. Build from source every time. Not difficult and I'm comfortable with

it, but I prefer when possible to not drop non-rpm packaged files into production 2. Package it myself. If we still used it super extensively like we did in the past, I would do this, but it's a lot of work. 3. Look for third-party packages that are frequently updated.

My preference is 3, which of course leads me to Symas OpenLdap. Looking at the symas page, it looks like there are two branches, the LTS 2.5 branch and the 2.6 branch. If this is accurate and the 2.5 branch is updated with security backports, etc, and is still gratis, that's the direction I'm looking to go. Any gotchas, or am I totally missing something obvious?

Nope, that's correct. LTS 2.5 also receives bug fixes outside of security issues.

--Quanah