Re: [blfs-support] Correction to OpenLDAP wiki

[Quanah Gibson-Mount]

--On Monday, March 23, 2015 10:10 PM -0500 Bruce Dubbs 
<bruce.du...@gmail.com> wrote:

Quanah Gibson-Mount wrote:
There is no reason for the BDB documentation to exist on the page at
all. The wiki should not mention BDB at all, and remove all the patch
notes, and instead correctly instruct people to build OpenLDAP with the
included LMDB backend.

We are quite open to that.  Can you suggest alternative instructions?  We
are using openldap-2.4.40.

Would this work?  It builds and installs fine without the sed for bdb,
but there are nuances that we may not be aware of.

   -- Bruce

./configure --prefix=/usr         \
             --sysconfdir=/etc     \
             --localstatedir=/var/lib/openldap \
             --disable-static      \
             --disable-debug       \
             --enable-dynamic      \
             --enable-crypt        \
             --enable-spasswd      \
             --enable-modules      \
             --enable-rlookups     \
             --enable-backends=mod \
             --enable-overlays=mod \
             --disable-ndb         \
             --disable-sql         \
             --disable-bdb         \
             --disable-hdb         \
             --enable-mdb

Hi Bruce,

My configure flags for Zimbra are:
       --with-cyrus-sasl \
       --with-tls=openssl \
       --enable-dynamic \
       --enable-slapd \
               --enable-modules \
       --enable-backends=mod \
               --disable-shell \
               --disable-sql \
               --disable-bdb \
               --disable-hdb \
               --disable-ndb \
       --enable-overlays=mod \
       --enable-debug \
       --enable-spasswd \
       --localstatedir=/opt/zimbra/data/ldap/state \
       --enable-crypt; \

Looks like the major difference between our configures is rlookups.  It can 
slow things down if there are issues with DNS, which is why I personally 
chose to disable it.

I note you don't explicitly call out cyrus-sasl, but I'm guessing you are 
linking to it as well. ;)

The other thing you may or may not want to do is build some of the contrib 
software.  For example, I build out the pw-sha2 contrib module so that we 
can use SSHA512 hashes for passwords instead of the default SHA, which is 
fairly insecure these days.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page