--On Thursday, March 18, 2010 8:46 AM -0400 Alex McKenzie
<a...@chem.umass.edu> wrote:
I've been following the list for around a year, and I understand the
difficulties involved in supporting old versions, but the simple fact
is, most of us don't have time to custom compile all our server
software. My Ubuntu-default installs of Apache, postfix, SSH, and just
about everything else work fine and can be supported by their
developers. It's only LDAP (and a few things in beta) that absolutely
have to run the newest version at all times. I chose to accept a
limited feature-set and bullied GnuTLS into working "well enough" for
our limited LDAP environment, but if I ever find an alternative, I'll be
moving away from LDAP to whatever that is.
For a moment, consider our frustration. Debian/Ubuntu, because of their
issues with the OpenSSL license, build against GnuTLS. Which is a known
security risk
(<http://www.openldap.org/lists/openldap-devel/200802/msg00072.html>), and
also known to have tons of problems in working with OpenLDAP. RedHat built
their OpenLDAP against BDB 4.3 at one point, even though this was a known
bad version of BDB, and the configure script would deliberately quit if it
was encountered, so RH hacked configure instead of bothering to study why
this was a problem. Distributions also make specific decisions on how to
compile OpenLDAP (i.e., which options to use), that are not always best
suited to end users who want a production LDAP server.
While I agree most applications are easily and readily used with what is
compiled by OS distributors. But as is stated in the FAQ, and which is a
point people still continue to miss, is that the builds from OS distros are
geared toward providing the LDAP libraries for other clients (such as
postfix, etc). They are not geared towards running OpenLDAP as a
production service. Which is why we recommend over and over and over again
to avoid using them. If they happen to work for you great. If they don't,
then either support requests need to be taken to the distro provider, or a
build of the latest stable release needs to be used.
Consider your case, where you are using OpenLDAP 2.4.7, which was the first
public experimental release of 2.4. Read over the change log at the
hundreds, if not over a thousand at this point, bugs that were fixed since
then. As to your note about adding new features, all new branches, like
2.4 was at the time 2.4.7 was released, are open for new features until
development is stabilized and it is feature frozen. OpenLDAP 2.4 has been
feature frozen for a very long time now. This is not an unusual
development pattern.
So yes, if someone wants support for a problem they are experiencing, then
they need to show that the problem exists in the current stable release.
This also is not an uncommon practice. You may find it frustrating, but we
find it frustrating to be inundated with requests for help on issues that
were long ago fixed.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
