directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Radovan Semancik <>
Subject Re: OpenLDAP schema
Date Thu, 19 Mar 2015 18:40:41 GMT
On 03/19/2015 06:08 PM, Emmanuel L├ęcharny wrote:
> It's not old, it's prehistoric. More exactly, 4 years old. 

Yes. But that's what Debian/Ubuntu has.

> and it should not be. It's like ie6, who was popular, up to recently,
> and it was a PITA to those who wanted to write decent sites.

Yes. But unless someone volunteers to maintain a deb package for more 
recent versions it is unlikely to change.

> The question here is : is the API works with a more recent version of
> OpenLDAP ?

No idea. I can check. But it is not exactly straightforward to get, 
install a maintain a newer version that will not break after each Ubuntu 
upgrade (which is every 6 months on my devel machine). I cannot test it 
on production server anyway ... so I have to build it. Anyway, this is 
currently not my priority. I have to support what is popular and that is 
version 2.4.3x both for DEB and RPM world.

>> So I really look for a way how to support it.
> IMHO, that is a double mistake :
> - first because it would imply some huge modifications in the way the
> schema manager works,
> - and second it will make people think that 2.4.32 is usable, which is not.
> Seriously, going in production with openLDAP 2.4.32 is a sever mistake !

Strictly speaking you are right. But 2.4.32 is out there. We cannot 
change that.
And actually, the latest long-term-support version of Ubuntu has 
OpenLDAP 2.4.31. This is supported until 2018 or so. Therefore these old 
versions of OpenLDAP are here to stay for a while.
BTW, I have seen OpenLDAP 2.2.x still used in production. But fear not. 
I have no intention to support that :-)

> Well, the best way would be to switch to a decent version of openLDAP.

This is not really an option. The connector is not implemented for just 
one specific deployment. It is part of a reusable product. Several 
products, actually ... as ConnId connectors are meant to be used by both 
midPoint and Syncope. So it has to support what is out there. I must 
adapt to the world, world will not adapt to me.

But what is perhaps more important is that I have tried 389ds in the 
meantime. And there are very similar issues. Which means that DSEE is 
also likely to have the same issues. So even if OpenLDAP upgrade could 
solve something I still have to do the hacks to support the "iPlanet" 
server family. This is what life brings ...

Also in the meantime I have discovered that the SchemaManager and 
Registries have "relaxed" mode. I'm trying to use that to get the 
(hugely) tolerant behavior that I'm looking for. As an experiment. Let's 
see how it goes.

Radovan Semancik
Software Architect

View raw message