[Pkg-openldap-devel] How far from OpenLDAP 2.3?

Quanah Gibson-Mount quanah at stanford.edu
Tue Jan 24 01:10:52 UTC 2006 


--On Monday, January 23, 2006 2:25 PM -0800 Steve Langasek 
<vorlon at debian.org> wrote:

> On Mon, Jan 23, 2006 at 10:54:22AM -0800, Quanah Gibson-Mount wrote:
>> >> This is certainly the main obstacle to being able to upload
>> >> libldap2-dev 2.3 to unstable.  Has anybody looked at possible db
>> >> upgrade issues between slapd 2.2 and slapd 2.3?
>
>> > Quanah, can you comment on what the upgrade looks like?  (And you
>> > probably want to subscribe to
>> > pkg-openldap-devel at lists.alioth.debian.org; I'll get you the details.)
>
>> As far as BDB versions go, I recommend continuing to stick with BDB
>> 4.2.52+patches.  The OpenLDAP specific transactions patch is no longer
>> necessary for 2.3 like it was for 2.2.  The main thing is that the
>> database  must have the 2.2 version of slapcat run to export the
>> database to an LDIF  file, the database files removed (*.bdb, log files,
>> and the BDB  environment), and then a 2.3 slapadd -q on the LDIF file
>> must be run to  import the data back into the database.  This is because
>> the database  storage format has changed between the major releases.
>
> Ok, so this can basically use the same upgrade code as for 2.0->2.1; we
> just have to be sure that's enabled.
>
> Why the recommendation for BDB 4.2.52+patches?  For that matter, are the
> "patches" ones that are included in Debian today?  I know the Debian libdb
> maintainers were skeptical of preferring db4.2 over db4.3, and in any case
> there are plenty of reports in the wild of the sarge version of slapd
> misbehaving and corrupting its indices; dunno if that's rightly a BDB bug
> or a slapd bug.

I've used and tested slapd with BDB 4.2, 4.3, and 4.4.  Every release after 
4.2 has different issues.  In 4.3, its log handling changed significantly, 
which means the only sane way to load your database is with the -q flag. 
In addition, it is slower than 4.2 for both reads and writes.  95%+ of the 
issues I see on the OpenLDAP-software list about BDB come from people using 
4.3.  4.3, as best as I can tell, was never a very solid release.

4.4 is so new that how the changes made will affect OpenLDAP are unknown. 
I specifically found that it is some 2-3 times slower than 4.2 for WRITE 
operations, and slightly faster for READ (I have an open issue with 
sleepycat on this, the slowdown can be reproduced with simple BDB tools, 
indicating the problem is entirely in their software).  To me, the WRITE 
issue overweighs the READ improvement.  Plus I just saw the first issue 
report about 4.4 specific issues and OpenLDAP hit yesterday from one of the 
core OpenLDAP developers.  I imagine there will be more as it is more 
heavily tested.

As for the index corruption issues in debian, I can only guess it is 
related to the rather old and outdated version being shipped with it (btw, 
a major source of frustration as a member of the OpenLDAP team).  My 
general advice to people using Debian, RedHat, etc, is not to use the 
software shipped with the distros to run an LDAP server.  Simply use it as 
client libraries, because they never keep up with the bug fixes necessary 
to run a production quality LDAP service.  I am hoping with my involvement 
in the process that Debian can at least have up to date software to 
distribute from backports.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

More information about the Pkg-openldap-devel mailing list