CentOS - Aug 2018 - OpenLDAP support in future versions of CentOS

Hello!

I just joined this mailing list, so I apologize in advance if this topic
has already been covered.

Red Hat and Suse announced they are no longer supporting OpenLDAP in future
releases.
https://www.ostechnix.com/redhat-and-suse-announced-to-
withdraw-support-for-openldap/

However, we mainly use CentOS and while it's a RH derivative, I wanted to
find out what CentOS plans on doing in this regard.
Will you continue to include OpenLDAP or will it simply be removed?


I wasn't able to find any CentOS related articles in response to this, and
the only thing I did find that said CentOS hasn't released whether they
will continue to support it or not is from two years ago?

https://daasi.de/en/2017/09/25/red-hat-wont-continue-openldap-support-rhel-8-daasi-international-supports-migration/


Any updates/feedback/information is appreciated :)

Thank you!


-- 

Alicia Smith
@phrozyn
Information Security Engineer
asmith at mozilla.com

On 08/28/2018 10:51 AM, Alicia Smith wrote:
> Hello!
> 
> I just joined this mailing list, so I apologize in advance if this topic
> has already been covered.
> 
> Red Hat and Suse announced they are no longer supporting OpenLDAP in future
> releases.
> https://www.ostechnix.com/redhat-and-suse-announced-to-
> withdraw-support-for-openldap/
> 
> However, we mainly use CentOS and while it's a RH derivative, I wanted
to
> find out what CentOS plans on doing in this regard.
> Will you continue to include OpenLDAP or will it simply be removed?
> 
> 
> I wasn't able to find any CentOS related articles in response to this,
and
> the only thing I did find that said CentOS hasn't released whether they
> will continue to support it or not is from two years ago?
> 
>
https://daasi.de/en/2017/09/25/red-hat-wont-continue-openldap-support-rhel-8-daasi-international-supports-migration/
> 
> 
> Any updates/feedback/information is appreciated :)

Any changes in RHEL sources will be rolled into CentOS.  Base CentOS
Linux is .. all the RHEL source code, rebuilt with trademark changes.

If something is removed from RHEL it will be removed from CentOS as well.

If those things stay in Fedora , they may be move to EPEL:

https://fedoraproject.org/wiki/EPEL

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20180828/0261c275/attachment-0001.sig>

Hi Alicia,

On 28-08-18 17:51, Alicia Smith wrote:
> Hello!
> 
> I just joined this mailing list, so I apologize in advance if this topic
> has already been covered.
> 
> Red Hat and Suse announced they are no longer supporting OpenLDAP in future
> releases.
> https://www.ostechnix.com/redhat-and-suse-announced-to-
> withdraw-support-for-openldap/
> 
> However, we mainly use CentOS and while it's a RH derivative, I wanted
to
> find out what CentOS plans on doing in this regard.
> Will you continue to include OpenLDAP or will it simply be removed?
> 
> 
> I wasn't able to find any CentOS related articles in response to this,
and
> the only thing I did find that said CentOS hasn't released whether they
> will continue to support it or not is from two years ago?
> 
>
https://daasi.de/en/2017/09/25/red-hat-wont-continue-openldap-support-rhel-8-daasi-international-supports-migration/
> 
> 
> Any updates/feedback/information is appreciated :)
> 
> Thank you!
In addition to Johnny's feedback, here's my 2 cents. On the OpenLDAP 
mailing list users with problems with RHEL/CentOS provided OpenLDAP have 
been advised for years to use the latest OpenLDAP RPMs from 
https://ltb-project.org/ or from https://symas.com which also provides 
paid support.
The OpenLDAP version included in RHEL 7 (and thus CentOS 7) is 2.4.44 
which is missing a ton of fixes compared to upstream's latest release.

tl;dr use the latest RPMs from the LTB Project or Hymas.

BR, Patrick

Patrick Laimbock wrote:
> On 28-08-18 17:51, Alicia Smith wrote:
>>
>> I just joined this mailing list, so I apologize in advance if this
>> topic has already been covered.
>>
>> Red Hat and Suse announced they are no longer supporting OpenLDAP in
>> future releases.
https://www.ostechnix.com/redhat-and-suse-announced-to-
>> withdraw-support-for-openldap/
>>
>> However, we mainly use CentOS and while it's a RH derivative, I
wanted
>> to find out what CentOS plans on doing in this regard. Will you
continue
>> to include OpenLDAP or will it simply be removed?
>
>> I wasn't able to find any CentOS related articles in response to
this,
>> and the only thing I did find that said CentOS hasn't released
whether
>> they will continue to support it or not is from two years ago?
>>
>> https://daasi.de/en/2017/09/25/red-hat-wont-continue-openldap-support-r
>> hel-8-daasi-international-supports-migration/
>>
>> Any updates/feedback/information is appreciated :)
>>
> In addition to Johnny's feedback, here's my 2 cents. On the
OpenLDAP
> mailing list users with problems with RHEL/CentOS provided OpenLDAP have
> been advised for years to use the latest OpenLDAP RPMs from
> https://ltb-project.org/ or from https://symas.com which also provides
> paid support. The OpenLDAP version included in RHEL 7 (and thus CentOS 7)
> is 2.4.44 which is missing a ton of fixes compared to upstream's latest
> release.
>
> tl;dr use the latest RPMs from the LTB Project or Hymas.
>
Ok, problem for me: all our servers and workstation are connected to the
AD. If I need to check on something, I'll run ldapsearch, which is from
openldap-clients. Is there any advice of what we're supposed to use
instead?

      mark

On Aug 28, 2018, at 9:51 AM, Alicia Smith <asmith at mozilla.com>
wrote:
> 
> Red Hat and Suse announced they are no longer supporting OpenLDAP in future
> releases.
> https://www.ostechnix.com/redhat-and-suse-announced-to-
> withdraw-support-for-openldap/
I only see a link to the SuSE announcement from that article.  The Red Hat links
just talk about how 398 is preferred, but don?t actually say OpenLDAP is
deprecated.  Is there a public Red Hat announcement of this somewhere?

I?ve searched the RHEL 7.4 and 7.5 release notes, and I don?t see anything about
it being deprecated there.

We use the OpenLDAP libraries to talk to other LDAP implementations.  (We don?t
use the OpenLDAP server itself.)  A skim of the docs at port389.org says they
use the Mozilla LDAP API, but that library doesn?t appear to be in the CentOS 7
package repository:

    $ yum search ldap | grep devel
    openldap-devel.i686 : LDAP development libraries and header files
    openldap-devel.x86_64 : LDAP development libraries and header files

We?d like to get ahead of this and migrate, if that?s going to be forced on us
by CentOS 8, but is there a better path than just building Mozilla?s LDAP client
libraries from source?

Maybe CentOS 8 beta will appear sometime soon so I can start work on the
migration within a development VM?