Long time Tony,
Wednesday, January 08, 2003, 12:21:03 AM, you wrote:
[snip]
TE> For me the break point was Openldap 2.1.10 with BDB 4.1.24
TE> People (also Openldap.org) state 2.0.x as being "stable". But the
TE> Openldap designers and developers continually recommend upgrade to 2.1.x
TE> because of shortcomings in 2.0.x. The only "stable" version of 2.0.x is
TE> said to be 2.0.27, and development of the 2.0.x line is finished.
[snip]
As long as I was an original initiator of some OpenLDAP features (like
ldapi://, thanks to Philip for making them work), I have to warn You
about Exim <=> OpenLDAP-2.1.x:
1) LDAP TLS cert verification is incomplete in Exim. You have no
client-side options for setting up it's certs, CA certs, etc. But
LDAP library looks for system-wide ldap.conf for the CA cert, and Exim
have absolutely no information about this kind of behaviour.
While OpenLDAP-2.1 library defaults to hard cert verification, some
configurations would not be funcional. I've made a private hack.
2) ldap_auth over ldaps:// could be broken, because it must re-bind
the existing connection. In my partucular environment it was broken (a
lot of 'Unable to contact LDAP server' messages with 550).
But I didn't try 2.1.10 though.
3) About hard stress and 100% bus utilization: You have indexed Your
LDAP storage carefully, didn't You ? ;-)
4) I use ldapi:// for local and ldaps:// for remote (backup) LDAP
server access. That seems for me as the best practice.
PS Happy N.Y. and Merry Xmas to You, Tony. Sorry for the late.
--
Best regards,
Peter mailto:spam4octan@highway.ru
