2012/11/14 Quanah Gibson-Mount quanah@zimbra.com
--On Wednesday, November 14, 2012 10:03 PM +0100 Clément OUDOT < clem.oudot@gmail.com> wrote:
Your OpenLDAP configuration will be compatible between 2.4.23 and 2.4.33.
But LTB project install OpenLDAP in /usr/local, not in the default location, so you need to move your configuration in the new location.
Why would they have to move the location of the configuration? The point of the -F flag to slapd is that you can use a location of your choosing any time you want to...
Right. In LTB package, this can be done in /etc/default/slapd
Clément.
So if I update to 2.4.33? Do I still need to get LTB package or new version has a last bind overlay?
And just for curiosity, what significant benefit we will get by this upgrade?
-Jignesh On Nov 14, 2012, at 4:43 PM, Clément OUDOT wrote:
2012/11/14 Quanah Gibson-Mount quanah@zimbra.com --On Wednesday, November 14, 2012 10:03 PM +0100 Clément OUDOT clem.oudot@gmail.com wrote:
Your OpenLDAP configuration will be compatible between 2.4.23 and 2.4.33. But LTB project install OpenLDAP in /usr/local, not in the default location, so you need to move your configuration in the new location.
Why would they have to move the location of the configuration? The point of the -F flag to slapd is that you can use a location of your choosing any time you want to...
Right. In LTB package, this can be done in /etc/default/slapd
Clément.
--On Wednesday, November 14, 2012 4:55 PM -0500 Jignesh Patel jignesh@icare.com wrote:
So if I update to 2.4.33? Do I still need to get LTB package or new version has a last bind overlay?
And just for curiosity, what significant benefit we will get by this upgrade?
a) You are confusing "new version options" with "compile choices". RedHat, by choice, does not compile or ship the lastbind module in the "contrib" section of the OpenLDAP source. The LTB project does compile and include that contrib code.
b) I think it is important you understand software versioning. For example, 2.4.33 means Major version 2, Minor version 4, patch level 33. I.e., 2.4.23 vs 2.4.33 is just a later release of the 2.4 series of OpenLDAP software, with significant bug fixes. A full list of fixes made to OpenLDAP between versions can always be found at http://www.openldap.org/software/release/changes.html.
c) I would note that RedHat's 2.4.23 build is nearly 2.5 years old. It is lacking many critical and significant fixes, as you can see from the above change log.
d) I would note that RedHat's 2.4 build is linked to NSS, which is fairly problematic. See http://www.openldap.org/lists/openldap-devel/201204/msg00019.html and http://www.openldap.org/its/index.cgi/?findid=7367. I do not know if the LTB project makes this same mistake or not.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP.
f) In relation to your question about back-bdb and back-hdb. With OpenLDAP 2.4.33 (and later) you may wish to consider back-mdb, a new database backend written by Howard Chu, chief architect of the OpenLDAP project and CTO of Symas. More information on back-mdb can be found at http://www.symas.com/mdb/
Hope that helps!
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
My only hesitant of using LTD project is - it is under GPL license. We may be customizing software for our need.
-Jignesh On Nov 14, 2012, at 8:24 PM, Quanah Gibson-Mount wrote:
--On Wednesday, November 14, 2012 4:55 PM -0500 Jignesh Patel jignesh@icare.com wrote:
So if I update to 2.4.33? Do I still need to get LTB package or new version has a last bind overlay?
And just for curiosity, what significant benefit we will get by this upgrade?
a) You are confusing "new version options" with "compile choices". RedHat, by choice, does not compile or ship the lastbind module in the "contrib" section of the OpenLDAP source. The LTB project does compile and include that contrib code.
b) I think it is important you understand software versioning. For example, 2.4.33 means Major version 2, Minor version 4, patch level 33. I.e., 2.4.23 vs 2.4.33 is just a later release of the 2.4 series of OpenLDAP software, with significant bug fixes. A full list of fixes made to OpenLDAP between versions can always be found at http://www.openldap.org/software/release/changes.html.
c) I would note that RedHat's 2.4.23 build is nearly 2.5 years old. It is lacking many critical and significant fixes, as you can see from the above change log.
d) I would note that RedHat's 2.4 build is linked to NSS, which is fairly problematic. See http://www.openldap.org/lists/openldap-devel/201204/msg00019.html and http://www.openldap.org/its/index.cgi/?findid=7367. I do not know if the LTB project makes this same mistake or not.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP.
f) In relation to your question about back-bdb and back-hdb. With OpenLDAP 2.4.33 (and later) you may wish to consider back-mdb, a new database backend written by Howard Chu, chief architect of the OpenLDAP project and CTO of Symas. More information on back-mdb can be found at http://www.symas.com/mdb/
Hope that helps!
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
On 11/15/2012 05:44 PM, Jignesh Patel wrote:
My only hesitant of using LTD project is - it is under GPL license. We may be customizing software for our need.
The OpenLDAP license can be found here: http://www.openldap.org/software/release/license.html
And in the sources: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree
I don't see the GPL in there.
Regards, Patrick
Thanks.
My comment inline. On Nov 14, 2012, at 8:24 PM, Quanah Gibson-Mount wrote:
--On Wednesday, November 14, 2012 4:55 PM -0500 Jignesh Patel jignesh@icare.com wrote:
So if I update to 2.4.33? Do I still need to get LTB package or new version has a last bind overlay?
And just for curiosity, what significant benefit we will get by this upgrade?
a) You are confusing "new version options" with "compile choices". RedHat, by choice, does not compile or ship the lastbind module in the "contrib" section of the OpenLDAP source. The LTB project does compile and include that contrib code.
b) I think it is important you understand software versioning. For example, 2.4.33 means Major version 2, Minor version 4, patch level 33. I.e., 2.4.23 vs 2.4.33 is just a later release of the 2.4 series of OpenLDAP software, with significant bug fixes. A full list of fixes made to OpenLDAP between versions can always be found at http://www.openldap.org/software/release/changes.html.
c) I would note that RedHat's 2.4.23 build is nearly 2.5 years old. It is lacking many critical and significant fixes, as you can see from the above change log.
d) I would note that RedHat's 2.4 build is linked to NSS, which is fairly problematic. See http://www.openldap.org/lists/openldap-devel/201204/msg00019.html and http://www.openldap.org/its/index.cgi/?findid=7367. I do not know if the LTB project makes this same mistake or not.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP. Please give me rough idea for pricing for support? And does that mean we have to download a version for Symas? Shouldn't there be open sourced version for Redhat from openLDAP community? f) In relation to your question about back-bdb and back-hdb. With OpenLDAP 2.4.33 (and later) you may wish to consider back-mdb, a new database backend written by Howard Chu, chief architect of the OpenLDAP project and CTO of Symas. More information on back-mdb can be found at http://www.symas.com/mdb/ Is MDB database part of openLDAP package or required separate installation. Hope that helps!
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Thursday, November 15, 2012 3:50 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks.
My comment inline.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP.
Please give me rough idea for pricing for support? And does that mean we
have
to download a version for Symas? Shouldn't there be open sourced version
for
Redhat from openLDAP community?
Please learn how to properly comment inline, what you did made it extremely difficult to find what you were asking.
a) I don't work for Symas, so I can't say what their support pricing would be. You would need to contact them, which is why I provided you the link to their website.
b) Yes, you would use a build of OpenLDAP provided by Symas, since that is what they are supporting.
c) The OpenLDAP foundation does not provide builds of OpenLDAP for any operating system. It provides the source. In general, there is nothing "special" about the generated binaries that tie them to a particular OS, so the concept of a "supported RedHat" build is nonsensical.
Hope that helps, Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks for the information. As you said it seems from the openladp site I successfully downloaded and install it. However not sure where it is getting installed as I still see following result.
@(#) $OpenLDAP: slapd 2.4.23 (Aug 8 2012 16:29:21) $ mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
It seems /etc/openldap dir is not getting updated.
-Jignesh On Nov 15, 2012, at 4:03 PM, Quanah Gibson-Mount wrote:
--On Thursday, November 15, 2012 3:50 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks.
My comment inline.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP.
Please give me rough idea for pricing for support? And does that mean we
have
to download a version for Symas? Shouldn't there be open sourced version
for
Redhat from openLDAP community?
Please learn how to properly comment inline, what you did made it extremely difficult to find what you were asking.
a) I don't work for Symas, so I can't say what their support pricing would be. You would need to contact them, which is why I provided you the link to their website.
b) Yes, you would use a build of OpenLDAP provided by Symas, since that is what they are supporting.
c) The OpenLDAP foundation does not provide builds of OpenLDAP for any operating system. It provides the source. In general, there is nothing "special" about the generated binaries that tie them to a particular OS, so the concept of a "supported RedHat" build is nonsensical.
Hope that helps, Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
After further research seems it installed dir /usr/local/etc/openldap instead of updating /etc/openldap.
I also see it has not installed cn=config dir.
-jignesh On Nov 15, 2012, at 4:53 PM, Jignesh Patel wrote:
Thanks for the information. As you said it seems from the openladp site I successfully downloaded and install it. However not sure where it is getting installed as I still see following result.
@(#) $OpenLDAP: slapd 2.4.23 (Aug 8 2012 16:29:21) $ mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
It seems /etc/openldap dir is not getting updated.
-Jignesh On Nov 15, 2012, at 4:03 PM, Quanah Gibson-Mount wrote:
--On Thursday, November 15, 2012 3:50 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks.
My comment inline.
e) If you feel you require having actual support, I would advise you have a support contract with Symas (http://www.symas.com), and use their builds of OpenLDAP.
Please give me rough idea for pricing for support? And does that mean we
have
to download a version for Symas? Shouldn't there be open sourced version
for
Redhat from openLDAP community?
Please learn how to properly comment inline, what you did made it extremely difficult to find what you were asking.
a) I don't work for Symas, so I can't say what their support pricing would be. You would need to contact them, which is why I provided you the link to their website.
b) Yes, you would use a build of OpenLDAP provided by Symas, since that is what they are supporting.
c) The OpenLDAP foundation does not provide builds of OpenLDAP for any operating system. It provides the source. In general, there is nothing "special" about the generated binaries that tie them to a particular OS, so the concept of a "supported RedHat" build is nonsensical.
Hope that helps, Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Thursday, November 15, 2012 5:05 PM -0500 Jignesh Patel jignesh@icare.com wrote:
After further research seems it installed dir /usr/local/etc/openldap instead of updating /etc/openldap.
I also see it has not installed cn=config dir.
Why would it install a cn=config dir? I would suggest you try and gain some basic concept of software compilation if you are going to do that.
Installling into /usr/local is most likely exactly what you want, as well. Simply switch the "slapd" you are using to be the one in /usr/local.
You can continue to use your existing config, as noted previously, but passing the -F flag to the startup arguments for slapd.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks Quanah,
I don't know what it has to do for creating slapd.d/cn=config dir and compilation. It has created schema dir so i assume it should create slapd.d/cn=config dir, something came as default in core installation of Redhat.
My compilation is good as make test was successful.
On Nov 15, 2012, at 5:07 PM, Quanah Gibson-Mount wrote:
--On Thursday, November 15, 2012 5:05 PM -0500 Jignesh Patel jignesh@icare.com wrote:
After further research seems it installed dir /usr/local/etc/openldap instead of updating /etc/openldap.
I also see it has not installed cn=config dir.
Why would it install a cn=config dir? I would suggest you try and gain some basic concept of software compilation if you are going to do that.
Installling into /usr/local is most likely exactly what you want, as well. Simply switch the "slapd" you are using to be the one in /usr/local.
You can continue to use your existing config, as noted previously, but passing the -F flag to the startup arguments for slapd.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Thursday, November 15, 2012 5:31 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks Quanah,
I don't know what it has to do for creating slapd.d/cn=config dir and compilation. It has created schema dir so i assume it should create slapd.d/cn=config dir, something came as default in core installation of
Your assumption is false. The schema directory is a directory just containing schema files, not part of the cn=config database. Again, use the newly built slapd binary with -F to point to your existing cn=config db. Honestly, the cn=config db should not be located in /etc at all, that is a mistake of the RHEL packagers.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah,
Thanks for the guidance. I will follow your suggestions and will try to install LDAP at its default location /usr/local/etc/openldap.
I tried to google for setup doc which will provide directory setup on cent OS 6 but couldn't find one. Is there any standardization setup doc- if you can point then it will be helpful.
-Jignesh On Nov 15, 2012, at 5:35 PM, Quanah Gibson-Mount wrote:
--On Thursday, November 15, 2012 5:31 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks Quanah,
I don't know what it has to do for creating slapd.d/cn=config dir and compilation. It has created schema dir so i assume it should create slapd.d/cn=config dir, something came as default in core installation of
Your assumption is false. The schema directory is a directory just containing schema files, not part of the cn=config database. Again, use the newly built slapd binary with -F to point to your existing cn=config db. Honestly, the cn=config db should not be located in /etc at all, that is a mistake of the RHEL packagers.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
On 11/16/2012 05:44 PM, Jignesh Patel wrote:
Quanah,
Thanks for the guidance. I will follow your suggestions and will try to install LDAP at its default location /usr/local/etc/openldap.
I tried to google for setup doc which will provide directory setup on cent OS 6 but couldn't find one. Is there any standardization setup doc- if you can point then it will be helpful.
Instead of using Google have a look on openldap.org:
OpenLDAP Admin Guide: http://www.openldap.org/doc/ OpenLDAP Quick-Start Guide: http://www.openldap.org/doc/admin24/quickstart.html
Regards, Patrick
Here is a nice sample setup to install openldap with mdb.
http://blogs.mindspew-age.com/2012/06/11/overlays-mdb-openldap-fun/
On Nov 15, 2012, at 5:35 PM, Quanah Gibson-Mount wrote:
--On Thursday, November 15, 2012 5:31 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Thanks Quanah,
I don't know what it has to do for creating slapd.d/cn=config dir and compilation. It has created schema dir so i assume it should create slapd.d/cn=config dir, something came as default in core installation of
Your assumption is false. The schema directory is a directory just containing schema files, not part of the cn=config database. Again, use the newly built slapd binary with -F to point to your existing cn=config db. Honestly, the cn=config db should not be located in /etc at all, that is a mistake of the RHEL packagers.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Tuesday, November 20, 2012 5:40 PM -0500 Jignesh Patel jignesh@icare.com wrote:
Here is a nice sample setup to install openldap with mdb.
http://blogs.mindspew-age.com/2012/06/11/overlays-mdb-openldap-fun/
Decent, but it is a bit out of date. No mention of the DB Env flags. ;)
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Clément OUDOT -
Jignesh Patel -
Patrick Lists -
Quanah Gibson-Mount