Open Site Navigation
  • Greg Noe

Symas Binary Packaging for OpenLDAP 2.5, 2.6, and Beyond

Updated: May 12



What's Different?

OpenLDAP 2.5 represents the contribution of various Symas Open Source enhancements not previously adopted by the Project. Everything previously only available in Symas OpenLDAP Gold binary packages is now available in the source code distributions from The OpenLDAP Project and in the binary packages available on Symas's repository site,repo.symas.com.


In this transition, the Project updated its Support Policy to provide support for Long Term Support (LTS) Releases in addition to the traditional Feature Release stream. Changes were made to file locations to conform to current practice where possible. The cadence for minor releases has also been increased to run approximately eighteen months and two years for each minor release. Finally, some configuration items are new or different. Details follow.


Release Streams

As described above, there are two distinct types of releases now: Feature Releases and LTS releases.


Feature Releases

Feature Releases are the means by which new features are introduced to OpenLDAP. While these releases are suitable for production, it should be understood that the support lifecycle for each Feature Release is between eighteen months and two years. As of this writing, OpenLDAP 2.6 is the most recent Feature Release.


LTS Releases

An LTS release, or Long Term Support release, is intended for customers who prioritize longevity over new features. The support lifecycle for an LTS release is expected to be between three and five years. During this time, critical fixes are made to the release, but no new features will be introduced. The LTS release stream is recommended for production deployments that focus on proven stability and reliability. As of this writing, OpenLDAP version 2.5 is the LTS release. Within three to five years, a future Feature Release will be designated as the new LTS release and support for the previous LTS release will be phased out.


Installation Structure

The main difference between OFL and symas-openldap is the installation structure. The symas-openldap package if fully self-contained and installs everything (configuration, command line tools, dependencies) in the /opt/symas directory:

/opt
└── symas
├── bin          (user-level commands)
├── etc
│   └── openldap (configuration, schema)
├── lib          (slapd)
│   └── openldap (overlays/modules)
├── sbin         (administrative commands)
├── share
│   ├── man      (manual pages)
│   └── symas    (demo scripts)
└── ssl          (certificate storage)

The advantage of the self-contained installation is that system/OS updates will never overwrite symas-openldap's dependencies (OpenSSL, for example).


Slapd Configuration

Your slapd runtime configuration will need some changes to work with symas-openldap:

  • The include path to the standard schema files is now "/opt/symas/etc/openldap/schema"

  • If ppolicy is being used, the ppolicy schema must be removed from slapd.conf/cn=config

  • slapd.conf/cn=config need to have the "pidfile/olcPidFile" path adjusted to /var/symas/run

  • slapd.conf/cn=config need to have the "argsfile/olcArgsFile" path adjusted to /var/symas/run

  • slapd.conf/cn=config need to have he modulepath/olcModulePath adjusted to "/opt/symas/lib/openldap"

  • If using a multi-provider replication environment, the "mirrormode/olcMirrorMode" keyword needs to be adjusted to "multiprovider/olcMultiProvider"

  • If multival(hi/lo) feature is in use, the keyword needs to be changed to "multival/olcMultiVal" and the configuration must be updated for the 2.5 syntax and set the "default" keyword:

Old slapd.conf settings:
multivallo 10
multivalhi 50
New slapd.conf setting:
multival default 50,10
Old cn=config settings:
olcMultiValLo: 10
olcMultiValHi: 50
New cn=config setting:
olcMultiVal: default 50,10

The slapd startup configuration (USER, GROUP, EXTRA_SLAPD_ARGS) is now located in /etc/default/symas-openldap.


Utilities

The path to online LDAP command line utilities (ldapsearch, ldapadd, etc.) are now located in /opt/symas/bin.


The path to offline slapd command line utilities (slapadd, slapcat, etc.) are now located in /opt/symas/sbin.


The symas-openldap package contains several utilities for working with LMDB databases:

  • mdb_stat - Gets the status of LMDB databases

  • mdb_copy - Makes a safe copy of LMDB databases with optional compaction


Logging

The symas-openldap package includes enhanced logging, which provides elapsed execution time (etime) for all LDAP operations.


The 2.6.x packages includes a new local logging feature:

  • Slapd log entries are written directly to file, bypassing rsyslog and its performance penalties

  • Log rotation is built in and configurable

  • Timestamp formats are configurable

More Information

For more information on upgrading to Symas OpenLDAP versions 2.5 or 2.6, seehttps://repo.symas.com/soldap2.5/upgrading/

149 views0 comments

Recent Posts

See All

We are pleased to announce the availability of Symas OpenLDAP 2.5.12, which was released on May 4, 2022. Several high profile changes included in this update are: Fixed slapd to clear connections on b

We are pleased to announce the availability of Symas OpenLDAP 2.6.2, which was released on May 4, 2022. Several high profile changes included in this update are: Added libldap support f OpenSSL 3.0 (I

  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2022, Symas Corporation. All rights reserved. Privacy Statement (updated July 28, 2022)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA