On Wednesday, 25 November 2009 14:57:12 Christian Haugan Toldnes wrote:
Howard Chu wrote:
> Laurence Field wrote:
>> Laurence Field wrote:
>>>> The answer to this question can probably be gleaned from reading the
>>>> openldap-devel archives from the time 2.4 was being first prepared for
>>>> release. A lot of profiling and refactoring went into the 2.4 code to
>>>> improve performance relative to 2.3. At this point 2.3 is ancient and
>>>> I've forgotten everything that we've changed internally, and
>>>> worth my while to dig back to remember what we fixed.
>>> Thanks, will start digging.
>> Just to complete this thread. In the devel list there was quite a bit of
>> discussion about the bdb backend. Debugging suggested that most of the
>> time was spent in the following library.
>> As a solution, I have just taken the openldap source rpm from Fedora 12
>> and rebuilt it on CENTOS 5, relocating it to /opt/openldap2.4 and
>> turning off auto-provides.
> And now you know why (a) we recommend never using slapd as built by your
> distro vendor (particularly Red Hat and its derivatives) and (b) we
> always recommend using the most current code.
As this seems to be the one and only, always true answer, which covers
all common openldap server scenarios, I can't help but wonder:
Why are there no pre-built, openldap-crew-certified, latest stable
version, auto-updateable packages made available for most common server
distros, including RHEL, CentOS, SLES, Ubuntu LTS and Debian Stable?
The same question could be asked about kernel, glibc, Berkeley DB, cyrus-
sasl, MIT Kerberos and/or Heimdal etc. etc. etc.
Symas does provide builds, but they have to pay developers, so you may have to
pay for builds from them, depending on your requirements.
When software are provided in source form only, the burden of
pre-compilation configuration, compilation and quality assurance are
placed on the user,
Or the organisation that provided the user with the rest of their OS, or third
parties who provide supported packages.
which in most cases are less qualified, less
informed, and less able to keep up to date with the work. Even more
important, the risk of human error are multiplied by the number of users
that accept this burden.
The combination of only releasing the software in source form, frequent
development in the stable branch (too early too frequent), and
continuously stating that vendor provided binary packages should NOT be
used, places this software project way down on the list of software we
want to include in a production environment, I am sorry to say. Sorry
both because the alternatives are still quite expensive, and because
openldap is what we currently use on our rather large and critical LDAP
This LDAP implementation has the potential to be on the very top of the
list. But right now, it's found wanting.
I'm quite sure that we are not the only organization willing to pay good
money for support contracts that includes up to date packages for our
server distributions at any time. Feel free to cash in! :)
I know of at least two companies provided supported binaries:
I have used neither, as I build my own (and those for Mandriva), e.g.:
If OpenLDAP is your biggest requirement, I would probably go with Symas, as
they employ OpenLDAP developers, if you need support on other packages
OpenLogic supplies, it might make more sense to go with them.
2.4.19 is building at the moment, I hope packages will be available, at least
for RHEL5/CentOS 5, by early next week.