From: Craig White [mailto:craigwhite at azapple.com] > On Wed, 2005-11-30 at 12:53 -0600, Johnny Hughes wrote: > > > > What is the purpose of the LDAP upgrade ... if it is security you are > > worried about ... those get in there. > > > > See this: > > http://www.redhat.com/advice/speaks_backport.html > > > > When you start changing major components, you greatly reduce the > > stability of CentOS for yourself ... and you ruin the system > > interoperability. > ---- > I pretty much agree with that last statement - and could never > conceive of getting an rpm of openldap/servers/client from Fedora > and rebuilding it on RHEL/CentOS without it being really really > tough to build and not breaking anything. > > I think the general consensus on openldap message base is to build > everything in /usr/local from source, which in my case, I built db4 > (4.2.52+patches), kerberos, cyrus-sasl, openssl and then finally > openldap - all from source and it wasn't nearly as hard as I feared > and left RHEL stuff alone and didn't break anything. The information > that I used to do this all came from Quanah's web pages at > Stanford... > http://www.stanford.edu/services/directory/openldap/ I'm looking at doing that. I was just trying to stay with RPMs if possible so that I don't run in to dependency issues later when I try to install an RPM that requires openldap. > Perhaps a less painful method might be to use Buchan Milne's rpm's > which would do much the same and though they seem to be created for > Mandriva, apparently can build/install on RHEL (sorry, I don't have > a URL for this but you can either post to openldap list or search > their archives). Not a bad idea. Anyone tried this on CentOS4? > Lastly, perhaps the least painful method of all is the pretty much > turnkey packages available from symas... <http://www.symas.com> Interesting. I may look into this. > Now, generally Red Hat back port works well enough but if you are > going to make RHEL/CentOS the base of a large directory service... > 2.0.7-20 (CentOS3) and 2.2.13-4 (CentOS4) simply don't cut it for a > number of reasons. I stick with them on most of my installations > because the number of users and the extent of the demands that I put > upon ldap are pretty minimal but if you are going to have a > substantial investment in time/energy in ldap, > fahgettibouddit...install current. That's about what we determined. > Recognize that 2.2.30 (I believe) is still the latest categorized > 'stable' - 2.3.11 (and I think it is now up to 2.3.12) is discussed > and sometimes casually referred to as 'stable' - I don't think that > it has 'officially' been designated so. Actually, 2.3.11 is stable as of 10/18. Bowie