FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-11-2008, 06:56 PM
"Brett Serkez"
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

All,

After many hours of research I have found there is a incompatibility
between OpenLDAP V2.3.x and V2.2.x, or atleast between V2.3.27 the
current version on CentOS V5 and V2.2.13 the current version on CentOS
V4.

The syncrepl feature of OpenLDAP, to keep multiple slapd servers
sync'd, was working between CentOS 4 and 5 at one time, as that is how
I populated the "slave" servers.

I've found references indicating protocol changes and
incompatibilities between these versions and indeed looking at
detailed debugging logs I can see the protocol falling apart between
the two versions.

Has anyone else seen this issue? Is anyone aware of a fix in the
pipeline or a work around?

Thanks in advance,

Brett
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 09:10 PM
"nate"
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

Brett Serkez wrote:

> Has anyone else seen this issue? Is anyone aware of a fix in the
> pipeline or a work around?

Compile the source rpm from centos 5.x on a 4.x system and upgrade the
4.x systems to it ? (short of upgrading the entire OS to 5.x if you
don't want to do that it can be a major change depending on your
environment)

nate

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:08 PM
Ralph Angenendt
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

nate wrote:
> Brett Serkez wrote:
>
> > Has anyone else seen this issue? Is anyone aware of a fix in the
> > pipeline or a work around?
>
> Compile the source rpm from centos 5.x on a 4.x system and upgrade the
> 4.x systems to it ? (short of upgrading the entire OS to 5.x if you
> don't want to do that it can be a major change depending on your
> environment)

I tried to do that, as I wanted to have LDAP overlays (hey, anyone who
wants to test those on CentOS 5 - there are packages in the testing
repository).

And I found out that you don't want to do that. There are too many
packages which are built against openldap, you'd end up rebuilding a
rather large part of the distribution.

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:24 PM
Craig White
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
> nate wrote:
> > Brett Serkez wrote:
> >
> > > Has anyone else seen this issue? Is anyone aware of a fix in the
> > > pipeline or a work around?
> >
> > Compile the source rpm from centos 5.x on a 4.x system and upgrade the
> > 4.x systems to it ? (short of upgrading the entire OS to 5.x if you
> > don't want to do that it can be a major change depending on your
> > environment)
>
> I tried to do that, as I wanted to have LDAP overlays (hey, anyone who
> wants to test those on CentOS 5 - there are packages in the testing
> repository).
>
> And I found out that you don't want to do that. There are too many
> packages which are built against openldap, you'd end up rebuilding a
> rather large part of the distribution.
----
there are a number of people that do exactly that and in fact, if you go
on the openldap-software list, they will tell you that if you expect
openldap to function, that you need to build it from source (either
2.3.37 (or whatever the latest is in 2.3) or 2.4.9 (or whatever the
latest is).

IIRC, you have to build from source...
- openssl
- kerberos
- cyrus-sasl
- db4
- openldap

I built everything in /usr/local and just left the distribution packages
intact and it worked.

I believe that Buchan Milne offers rpm packages that can install on
CentOS-4 and certainly Symas/Connexitor has rpm packages that you can
install but it wasn't that hard to build it from source.

That said, I don't recall syncrepl ever working in 2.2.x and have used
slurpd for replicating with 2.2 but if the OP says he thinks he had it
running, well, I'm not gonna argue with him.

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:36 PM
Ralph Angenendt
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

Craig White wrote:
> On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
> > I tried to do that, as I wanted to have LDAP overlays (hey, anyone who
> > wants to test those on CentOS 5 - there are packages in the testing
> > repository).
> >
> > And I found out that you don't want to do that. There are too many
> > packages which are built against openldap, you'd end up rebuilding a
> > rather large part of the distribution.
> ----
> IIRC, you have to build from source...
> - openssl
> - kerberos
> - cyrus-sasl
> - db4
> - openldap
>
> I built everything in /usr/local and just left the distribution packages
> intact and it worked.

On my CentOS 5 install there are about 33 packages requiring a certain
version of libldap and liblber.

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:46 PM
Craig White
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

On Thu, 2008-06-12 at 00:36 +0200, Ralph Angenendt wrote:
> Craig White wrote:
> > On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
> > > I tried to do that, as I wanted to have LDAP overlays (hey, anyone who
> > > wants to test those on CentOS 5 - there are packages in the testing
> > > repository).
> > >
> > > And I found out that you don't want to do that. There are too many
> > > packages which are built against openldap, you'd end up rebuilding a
> > > rather large part of the distribution.
> > ----
> > IIRC, you have to build from source...
> > - openssl
> > - kerberos
> > - cyrus-sasl
> > - db4
> > - openldap
> >
> > I built everything in /usr/local and just left the distribution packages
> > intact and it worked.
>
> On my CentOS 5 install there are about 33 packages requiring a certain
> version of libldap and liblber.
----
as I said, I just left the distribution packages intact and built
everything in /usr/local

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:49 PM
Craig White
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

On Thu, 2008-06-12 at 00:36 +0200, Ralph Angenendt wrote:
> Craig White wrote:
> > On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
> > > I tried to do that, as I wanted to have LDAP overlays (hey, anyone who
> > > wants to test those on CentOS 5 - there are packages in the testing
> > > repository).
> > >
> > > And I found out that you don't want to do that. There are too many
> > > packages which are built against openldap, you'd end up rebuilding a
> > > rather large part of the distribution.
> > ----
> > IIRC, you have to build from source...
> > - openssl
> > - kerberos
> > - cyrus-sasl
> > - db4
> > - openldap
> >
> > I built everything in /usr/local and just left the distribution packages
> > intact and it worked.
>
> On my CentOS 5 install there are about 33 packages requiring a certain
> version of libldap and liblber.
----
and I'll add one more thing...

I think these are Buchan Milne's rpm packages here for updated openldap
that you can drop in as replacements...

http://staff.telkomsa.net/packages/

but I've never used them myself

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-11-2008, 10:53 PM
"Brett Serkez"
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

On Wed, Jun 11, 2008 at 6:24 PM, Craig White <craigwhite@azapple.com> wrote:
> That said, I don't recall syncrepl ever working in 2.2.x and have used
> slurpd for replicating with 2.2 but if the OP says he thinks he had it
> running, well, I'm not gonna argue with him.

syncrepl 2.2.x works fine between CentOS 4 systems as installed via
yum. I just used this today, made changes on the master that I needed
on to use on the slave, the replication was instant.

The issue is between 2.2.x and 2.3.x. What I said I thought worked
was replication from CentOS 4.x to CentOS 5.x (ie. 2.2.x -> 2.3.x), as
when I brought the CentOS 5.x on-line and started slapd, the LDAP
database was almost instantly available. I never used any other
method to load the LDAP data on the CentOS 5.x system from the CentOS
4.x master.

It is only recently that I noticed the replication failing, I believe
after a recent yum update.

I have looked at using yum to regress the version of LDAP on the
CentOS 5.x system, but it seems I needed to have turned on a yum
option before the update to do this. I also noticed all the
dependencies as far as trying to build myself.

My assumption is that eventually newer versions of LDAP will be
available that will work.

Brett
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-12-2008, 12:09 AM
Johnny Hughes
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

Brett Serkez wrote:

On Wed, Jun 11, 2008 at 6:24 PM, Craig White <craigwhite@azapple.com> wrote:

That said, I don't recall syncrepl ever working in 2.2.x and have used
slurpd for replicating with 2.2 but if the OP says he thinks he had it
running, well, I'm not gonna argue with him.


syncrepl 2.2.x works fine between CentOS 4 systems as installed via
yum. I just used this today, made changes on the master that I needed
on to use on the slave, the replication was instant.

The issue is between 2.2.x and 2.3.x. What I said I thought worked
was replication from CentOS 4.x to CentOS 5.x (ie. 2.2.x -> 2.3.x), as
when I brought the CentOS 5.x on-line and started slapd, the LDAP
database was almost instantly available. I never used any other
method to load the LDAP data on the CentOS 5.x system from the CentOS
4.x master.

It is only recently that I noticed the replication failing, I believe
after a recent yum update.

I have looked at using yum to regress the version of LDAP on the
CentOS 5.x system, but it seems I needed to have turned on a yum
option before the update to do this. I also noticed all the
dependencies as far as trying to build myself.

My assumption is that eventually newer versions of LDAP will be
available that will work.


There is an openldap in the CentOS Testing repo for centos-4 that will
work with centos-5.


It has a compat-openldap-<c4_version> for the things that are compiled
against the c4 version ... and i am using it in production and syncing
c5 and c4.


However, it is a couple updates behind.

The version is openldap-2.3.27-4.el4.centos

Thanks,
Johnny Hughes

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-12-2008, 02:07 PM
"Brett Serkez"
 
Default LDAP syncrepl incompatibility between CentOS 4.x and 5.x

> There is an openldap in the CentOS Testing repo for centos-4 that will work
> with centos-5.
>
> It has a compat-openldap-<c4_version> for the things that are compiled
> against the c4 version ... and i am using it in production and syncing c5
> and c4.

This works great! Thanks for the tip, this is just what I was looking for.

> However, it is a couple updates behind.
>
> The version is openldap-2.3.27-4.el4.centos

This is the same version as CentOS 5, perfect.

Brett
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org