From: Craig White [mailto:craigwhite@xxxxxxxxxxx]
> On Wed, 2005-11-30 at 12:53 -0600, Johnny Hughes wrote:
> >
> > What is the purpose of the LDAP upgrade ... if it is security you are
> > worried about ... those get in there.
> >
> > See this:
> > http://www.redhat.com/advice/speaks_backport.html
> >
> > When you start changing major components, you greatly reduce the
> > stability of CentOS for yourself ... and you ruin the system
> > interoperability.
> ----
> I pretty much agree with that last statement - and could never
> conceive of getting an rpm of openldap/servers/client from Fedora
> and rebuilding it on RHEL/CentOS without it being really really
> tough to build and not breaking anything.
>
> I think the general consensus on openldap message base is to build
> everything in /usr/local from source, which in my case, I built db4
> (4.2.52+patches), kerberos, cyrus-sasl, openssl and then finally
> openldap - all from source and it wasn't nearly as hard as I feared
> and left RHEL stuff alone and didn't break anything. The information
> that I used to do this all came from Quanah's web pages at
> Stanford...
> http://www.stanford.edu/services/directory/openldap/
I'm looking at doing that. I was just trying to stay with RPMs if
possible so that I don't run in to dependency issues later when I try
to install an RPM that requires openldap.
> Perhaps a less painful method might be to use Buchan Milne's rpm's
> which would do much the same and though they seem to be created for
> Mandriva, apparently can build/install on RHEL (sorry, I don't have
> a URL for this but you can either post to openldap list or search
> their archives).
Not a bad idea. Anyone tried this on CentOS4?
> Lastly, perhaps the least painful method of all is the pretty much
> turnkey packages available from symas... <http://www.symas.com>
Interesting. I may look into this.
> Now, generally Red Hat back port works well enough but if you are
> going to make RHEL/CentOS the base of a large directory service...
> 2.0.7-20 (CentOS3) and 2.2.13-4 (CentOS4) simply don't cut it for a
> number of reasons. I stick with them on most of my installations
> because the number of users and the extent of the demands that I put
> upon ldap are pretty minimal but if you are going to have a
> substantial investment in time/energy in ldap,
> fahgettibouddit...install current.
That's about what we determined.
> Recognize that 2.2.30 (I believe) is still the latest categorized
> 'stable' - 2.3.11 (and I think it is now up to 2.3.12) is discussed
> and sometimes casually referred to as 'stable' - I don't think that
> it has 'officially' been designated so.
Actually, 2.3.11 is stable as of 10/18.
Bowie
