Hi Quanah,
On Tue, Sep 17, 2013 at 12:21 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
It is always interesting to me when someone emails the technical list, asking for guidance from people who know the most about the software, and then ignore it.
I know what you mean, I've suffered that myself :) but there's a valid reason for trying to ignore your suggestion (that I explained in a previous message).
The Debian build of OpenLDAP is old, links to a potentially insecure SSL implementation, and has a variety of known bugs present in it that are known to affect replication, particularly multi-master. Understand that by continuing to use the Debian package, you are essentially setting yourself up for failure when looking at using Multi-Master Replication.
Would you mind to provide me more details about the bugs and potential problems of using Debian packages? I'm not putting your statements in doubt, I just need to have solid and documented arguments to convince my boss that this extra work is really needed.
Thanks in advance for your help!
--On Tuesday, September 17, 2013 09:06:24 PM -0300 Listas de Correo toshiro.listas@gmail.com wrote:
The Debian build of OpenLDAP is old, links to a potentially insecure SSL implementation, and has a variety of known bugs present in it that are known to affect replication, particularly multi-master. Understand that by continuing to use the Debian package, you are essentially setting yourself up for failure when looking at using Multi-Master Replication.
Would you mind to provide me more details about the bugs and potential problems of using Debian packages? I'm not putting your statements in doubt, I just need to have solid and documented arguments to convince my boss that this extra work is really needed.
Thanks in advance for your help!
Seems like the changelog is a good place to start:
http://www.openldap.org/software/release/changes.html
You might find "Why is using the OpenLDAP server from a Linux distribution not recommended?" interesting reading at:
http://www.openldap.org/faq/data/cache/1456.html
Bill
--On Tuesday, September 17, 2013 9:06 PM -0300 Listas de Correo toshiro.listas@gmail.com wrote:
Would you mind to provide me more details about the bugs and potential problems of using Debian packages? I'm not putting your statements in doubt, I just need to have solid and documented arguments to convince my boss that this extra work is really needed.
Read the release notes for OpenLDAP:
http://www.openldap.org/software/release/changes.html
The FAQ from the Debian OpenLDAP package maintainers:
http://www.openldap.org/faq/data/cache/1456.html
The use of GnuTLS (What Debian links to instead of OpenSSL) is harmful:
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org