On Wed, Sep 3, 2008 at 4:15 AM, John Nietzsche <[EMAIL PROTECTED]> wrote: > is there any chance the next openbsd release holds an unbroken OpenLDAP?
I presume you're referring to the port/packages version. The answer depends on whose definition of "unbroken" you prefer. The last word I heard from the OpenLDAP maintainers was that the ldbm backend was considered unsuitable for (their definition of) production use. Indeed, it's not supported in OpenLDAP 2.4. It's not robust if slapd or the machine crash at an inopportune time during a database change and has performance issues during writes: there's just one big reader/writer lock for the database, so any write blocks all readers. As a result, using it in a deployment where writes frequently occur seems unwise. The OpenLDAP people will certainly give you little sympathy if/when a problem occurs there. For a read-only, or write-rarely situation, it would seem to be okay, in which case the port/package should serve you. If you're building a write-often setup, then you would seem to need the bdb or hdb backend. For that, the current port/package will not serve you. I'm not a ports maintainer, but upgrading the port from OpenLDAP 2.3.x to 2.4.x in time for 4.4 seems extremely unlikely. For all I know, the deadline for such a change may have passed months ago. So, if you need the bdb backend, you would need to build OpenLDAP 2.4.x yourself. In my experience, of compiling OpenLDAP, it basically works, but keep your eyes open: support for what you build will need to be more dependent on yourself and the openldap mailing lists and less on the openbsd lists (and not at all on the ports list, of course, though they would probably be interested in your experiences). OpenLDAP has a test suite: run it and pay attention to the results. Subscribe to the OpenLDAP lists and pay attention to discussions of issues that may affect your setup. Someone else mentioned the sql backend. The OpenLDAP people apparently consider it only appropriate for gatewaying from existing SQL databases where the SQL interface is the primary use, and not as a primary backend for storing your main LDAP data, as SQL is a poor match for storing LDAP data. You should consult the OpenLDAP lists for further details if seriously considering that route. Note that this situation, where the packages that are provided by or associated with the OS have a limited applicability, is not limited to OpenBSD. The OpenLDAP people have few good words to say about the RedHat openldap server package; they often recommend that people experiencing problems with them to ditch that rpm and install the rpm created by one of the OpenLDAP maintainers. Philip Guenther
