top of page
Greg Noe
Apr 1, 20223 min read

Symas Binary Packaging for OpenLDAP 2.5, 2.6, and Beyond

Updated: May 12, 2022



What's Different?

OpenLDAP 2.5 represents the contribution of various Symas Open Source enhancements not previously adopted by the Project. Everything previously only available in Symas OpenLDAP Gold binary packages is now available in the source code distributions from The OpenLDAP Project and in the binary packages available on Symas's repository site,repo.symas.com.


In this transition, the Project updated its Support Policy to provide support for Long Term Support (LTS) Releases in addition to the traditional Feature Release stream. Changes were made to file locations to conform to current practice where possible. The cadence for minor releases has also been increased to run approximately eighteen months and two years for each minor release. Finally, some configuration items are new or different. Details follow.


Release Streams

As described above, there are two distinct types of releases now: Feature Releases and LTS releases.


Feature Releases

Feature Releases are the means by which new features are introduced to OpenLDAP. While these releases are suitable for production, it should be understood that the support lifecycle for each Feature Release is between eighteen months and two years. As of this writing, OpenLDAP 2.6 is the most recent Feature Release.


LTS Releases

An LTS release, or Long Term Support release, is intended for customers who prioritize longevity over new features. The support lifecycle for an LTS release is expected to be between three and five years. During this time, critical fixes are made to the release, but no new features will be introduced. The LTS release stream is recommended for production deployments that focus on proven stability and reliability. As of this writing, OpenLDAP version 2.5 is the LTS release. Within three to five years, a future Feature Release will be designated as the new LTS release and support for the previous LTS release will be phased out.


Installation Structure

The main difference between OFL and symas-openldap is the installation structure. The symas-openldap package if fully self-contained and installs everything (configuration, command line tools, dependencies) in the /opt/symas directory:

/opt
└── symas
├── bin          (user-level commands)
├── etc
│   └── openldap (configuration, schema)
├── lib          (slapd)
│   └── openldap (overlays/modules)
├── sbin         (administrative commands)
├── share
│   ├── man      (manual pages)
│   └── symas    (demo scripts)
└── ssl          (certificate storage)

The advantage of the self-contained installation is that system/OS updates will never overwrite symas-openldap's dependencies (OpenSSL, for example).


Slapd Configuration

Your slapd runtime configuration will need some changes to work with symas-openldap:

  • The include path to the standard schema files is now "/opt/symas/etc/openldap/schema"

  • If ppolicy is being used, the ppolicy schema must be removed from slapd.conf/cn=config

  • slapd.conf/cn=config need to have the "pidfile/olcPidFile" path adjusted to /var/symas/run

  • slapd.conf/cn=config need to have the "argsfile/olcArgsFile" path adjusted to /var/symas/run

  • slapd.conf/cn=config need to have he modulepath/olcModulePath adjusted to "/opt/symas/lib/openldap"

  • If using a multi-provider replication environment, the "mirrormode/olcMirrorMode" keyword needs to be adjusted to "multiprovider/olcMultiProvider"

  • If multival(hi/lo) feature is in use, the keyword needs to be changed to "multival/olcMultiVal" and the configuration must be updated for the 2.5 syntax and set the "default" keyword:

Old slapd.conf settings:
multivallo 10
multivalhi 50
New slapd.conf setting:
multival default 50,10
Old cn=config settings:
olcMultiValLo: 10
olcMultiValHi: 50
New cn=config setting:
olcMultiVal: default 50,10

The slapd startup configuration (USER, GROUP, EXTRA_SLAPD_ARGS) is now located in /etc/default/symas-openldap.


Utilities

The path to online LDAP command line utilities (ldapsearch, ldapadd, etc.) are now located in /opt/symas/bin.


The path to offline slapd command line utilities (slapadd, slapcat, etc.) are now located in /opt/symas/sbin.


The symas-openldap package contains several utilities for working with LMDB databases:

  • mdb_stat - Gets the status of LMDB databases

  • mdb_copy - Makes a safe copy of LMDB databases with optional compaction


Logging

The symas-openldap package includes enhanced logging, which provides elapsed execution time (etime) for all LDAP operations.


The 2.6.x packages includes a new local logging feature:

  • Slapd log entries are written directly to file, bypassing rsyslog and its performance penalties

  • Log rotation is built in and configurable

  • Timestamp formats are configurable

More Information

For more information on upgrading to Symas OpenLDAP versions 2.5 or 2.6, seehttps://repo.symas.com/soldap2.5/upgrading/

477 views0 comments

Recent Posts

See All

Additions and Subtractions

Symas is pleased to announce that its OpenLDAP builds, which have long been available for the x86_64 architecture, are now joined by a...

0 comments

OpenSSL 3

Symas is pleased to announce that all of its OpenLDAP 2.5, starting with 2.5.17-2, and its 2.6 builds, starting with 2.6.7-2, feature...

0 comments

Comments

bottom of page