В Чтв, 18/03/2010 в 12:45 -0700, Quanah Gibson-Mount пишет: > --On Thursday, March 18, 2010 8:46 AM -0400 Alex McKenzie > <a...@chem.umass.edu> wrote: > > > I've been following the list for around a year, and I understand the > > difficulties involved in supporting old versions, but the simple fact > > is, most of us don't have time to custom compile all our server > > software. My Ubuntu-default installs of Apache, postfix, SSH, and just > > about everything else work fine and can be supported by their > > developers. It's only LDAP (and a few things in beta) that absolutely > > have to run the newest version at all times. I chose to accept a > > limited feature-set and bullied GnuTLS into working "well enough" for > > our limited LDAP environment, but if I ever find an alternative, I'll be > > moving away from LDAP to whatever that is. > > For a moment, consider our frustration. Debian/Ubuntu, because of their > issues with the OpenSSL license, build against GnuTLS. Which is a known > security risk > (<http://www.openldap.org/lists/openldap-devel/200802/msg00072.html>), and > also known to have tons of problems in working with OpenLDAP. RedHat built > their OpenLDAP against BDB 4.3 at one point, even though this was a known > bad version of BDB, and the configure script would deliberately quit if it > was encountered, so RH hacked configure instead of bothering to study why > this was a problem. Distributions also make specific decisions on how to > compile OpenLDAP (i.e., which options to use), that are not always best > suited to end users who want a production LDAP server. > > While I agree most applications are easily and readily used with what is > compiled by OS distributors. But as is stated in the FAQ, and which is a > point people still continue to miss, is that the builds from OS distros are > geared toward providing the LDAP libraries for other clients (such as > postfix, etc). They are not geared towards running OpenLDAP as a > production service. Which is why we recommend over and over and over again > to avoid using them.
You would better recommend to file a bug so that maintainers would finally consider recommendations of development team. Also It's strange maintainers are not members of this list, isn't it? :) > If they happen to work for you great. If they don't, > then either support requests need to be taken to the distro provider, or a > build of the latest stable release needs to be used. > > Consider your case, where you are using OpenLDAP 2.4.7, which was the first > public experimental release of 2.4. Read over the change log at the > hundreds, if not over a thousand at this point, bugs that were fixed since > then. As to your note about adding new features, all new branches, like > 2.4 was at the time 2.4.7 was released, are open for new features until > development is stabilized and it is feature frozen. OpenLDAP 2.4 has been > feature frozen for a very long time now. This is not an unusual > development pattern. > > So yes, if someone wants support for a problem they are experiencing, then > they need to show that the problem exists in the current stable release. > This also is not an uncommon practice. You may find it frustrating, but we > find it frustrating to be inundated with requests for help on issues that > were long ago fixed. > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration -- Покотиленко Костик <cas...@meteor.dp.ua>
