openLDAP Support In Future Versions Of CentOS
Hello!
I just joined this mailing list, so I apologize in advance if this topic has already been covered.
Red Hat and Suse announced they are no longer supporting openLDAP in future releases. https://www.ostechnix.com/redhat-and-suse-announced-to-
withdraw-support-for-openLDAP/
However, we mainly use CentOS and while it’s a RH derivative, I wanted to find out what CentOS plans on doing in this regard. Will you continue to include openLDAP or will it simply be removed?
I wasn’t able to find any CentOS related articles in response to this, and the only thing I did find that said CentOS hasn’t released whether they will continue to support it or not is from two years ago?
https://daasi.de/en/2017/09/25/red-hat-wont-continue-openLDAP-support-rhel-8-daasi-international-supports-migration/
Any updates/feedback/information is appreciated :)
Thank you!
8 thoughts on - openLDAP Support In Future Versions Of CentOS
Any changes in RHEL sources will be rolled into CentOS. Base CentOS
Linux is .. all the RHEL source code, rebuilt with trademark changes.
If something is removed from RHEL it will be removed from CentOS as well.
If those things stay in Fedora , they may be move to EPEL:
https://fedoraproject.org/wiki/EPEL
Thanks, Johnny Hughes
Hi Alicia,
In addition to Johnny’s feedback, here’s my 2 cents. On the openLDAP
mailing list users with problems with RHEL/CentOS provided openLDAP have been advised for years to use the latest openLDAP RPMs from https://ltb-project.org/ or from https://symas.com which also provides paid support. The openLDAP version included in RHEL 7 (and thus CentOS 7) is 2.4.44
which is missing a ton of fixes compared to upstream’s latest release.
tl;dr use the latest RPMs from the LTB Project or Hymas.
BR, Patrick
Patrick Laimbock wrote:
Ok, problem for me: all our servers and workstation are connected to the AD. If I need to check on something, I’ll run ldapsearch, which is from openLDAP-clients. Is there any advice of what we’re supposed to use instead?
mark
I only see a link to the SuSE announcement from that article. The Red Hat links just talk about how 398 is preferred, but don’t actually say openLDAP is deprecated. Is there a public Red Hat announcement of this somewhere?
I’ve searched the RHEL 7.4 and 7.5 release notes, and I don’t see anything about it being deprecated there.
We use the openLDAP libraries to talk to other LDAP implementations. (We don’t use the openLDAP server itself.) A skim of the docs at port389.org says they use the Mozilla LDAP API, but that library doesn’t appear to be in the CentOS 7 package repository:
$ yum search ldap | grep devel
openLDAP-devel.i686 : LDAP development libraries and header files
openLDAP-devel.x86_64 : LDAP development libraries and header files
We’d like to get ahead of this and migrate, if that’s going to be forced on us by CentOS 8, but is there a better path than just building Mozilla’s LDAP client libraries from source?
Maybe CentOS 8 beta will appear sometime soon so I can start work on the migration within a development VM?
First off, you have years to figure it out. While it is “deprecated”
in RHEL-7.5, that just means that the next major (not minor) release will not have it.
Second there is an ldapsearch in 389. It is ‘buried’ at the moment because it would conflict with the shipped one and I don’t know if it will move:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
Stephen John Smoogen wrote:
*snicker* So, alternatives->?
mark
As mentioned earlier By Johnny, as long as Fedora provides the openLDAP-
clients package, which is still found in F28, you’ll find ldapsearch, either in the CentOS or EPEL repos.
Mark
# rpm -qf /usr/share/doc/perl-LDAP-0.40/bin/ldapsearch perl-LDAP-0.40-3.el6.noarch
I never tried this one. Unsure if usable as replacement …