Openldap-2.5+
Summary
OpenLDAP upgrade from version 2.4.59 to the latest upstream version 2.6.1 in Fedora.
Owner
- Name: Simon Pichugin
- Email: spichugi@gmail.com
Current status
- Targeted release: Fedora Linux 36
- Last updated: 2022-02-08
- FESCo issue: #2682
- Tracker bug: #2021662
- Release notes tracker: #763
Detailed Description
Upgrading OpenLDAP from version 2.4.59 to version 2.6.1 according to the new upstream release. Years of development differ between these two releases, so problems are expected.
This change might cause failures during builds of multiple packages. These two versions have slight ABI incompatibility even though it's easily fixable. This step must be properly discussed with maintainers of dependent packages, which should forward this change proposal to their upstream projects.
Feedback
Benefit to Fedora
Brings a stable and up-to-date version of OpenLDAP according to upsteam release. OpenLDAP 2.4 will be out of support as soon as OpenLDAP 2.6 is released which is planned for this year. Fedora will be prepared for such a step.
Scope
- Proposal owners:
- Prepare openldap-2.6.1 as RPM package for Fedora Rawhide
- Check software that requires
openldap
and rebuild it with openldap-2.6.1 - Build openldap-2.6.1 to Rawhide in a side-tag (https://fedoraproject.org/wiki/Package_update_HOWTO#Creating_a_side-tag)
- Rebuild depended packages with openldap-2.6.1 in the side-tag
- Merge the side-tag to Rawhide
- Other developers: Check if their packages can be build with openldap-2.6.1, if not, they are required to make the appropriate changes to their packages.
- Release engineering: #10349
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Upgrade/compatibility impact
Problems during build can appear in multiple packages what can lead to build failure, as multiple packages require OpenLDAP as their upstream dependency. These problems have to be resolved before adding openldap-2.6.1 into Fedora. It seems aprox. 10% of dependent packages are having problems during build, which could be caused by a problem with same pattern.
Full ABI Compatibility Report: https://spichugi.fedorapeople.org/ol_24_26_abi_check/compat_report.html
It's worth mentioning that -h and -p options were removed from client tools. Universal -H option should be used instead.
How To Test
Rebuilding your packages with openldap-2.6.1 dependency in copr (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.6/).
The best way to rebuild new version of package against openldap-2.6.1 is to create a pull-request against your dist-git repository (against rawhide branch). After that, you package will be automatically rebuild in the mentioned copr. Please find your package in the "Builds" tab and search in the various sub-tabs for your build.
If possible, please prepare a pull-request, so you can easily merge it, when the change will be executed.
For local testing and building, please download mock-config from the given copr repository and use it with your mock:
copr mock-config spichugi/openldap-2.6 fedora-rawhide-x86_64 > spichugi-openldap-2.6_fedora-rawhide-x86_64.cfg
mv spichugi-openldap-2.6_fedora-rawhide-x86_64.cfg /etc/mock
Now we may run:
mock -r spichugi-openldap-2.6_fedora-rawhide-x86_64 --rebuild <package-1.0-1.src.rpm>
User Experience
Users will be able to use the newer version (2.6) of OpenLDAP, and building packages with openldap-2.4 won't be available, as it won't be present on the specific fedora version. This can affect 3rd partly packages, which are not part of Fedora.
To remediate the impact of the change the server won't start after the update (because of the modified systemd file). The instructions will be provided in the file. The instructions will contain detailed information on how to do an offline backup and all of the necessary precautions.
The user will have to follow the Upstream upgrading guide and only then concisely continue the upgrade: https://www.openldap.org/doc/admin25/appendix-upgrading.html https://www.openldap.org/doc/admin26/appendix-upgrading.html
Dependencies
Tens of packages have build dependency on OpenLDAP, so they should be properly notified and the upgradeshould be carefully tested. List of dependent packages with their ability to be built with openldap-2.6 can be found in the given copr project (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.6/packages/)
Contingency Plan
- Contingency mechanism: moving this change to Fedora 37, if not successfully finished until Fedora 36 branching from Rawhide
- Contingency deadline: Fedora 36 branching from Rawhide (2022-02-08)
- Blocks release? No
Documentation
Latest OpenLDAP documentation: https://www.openldap.org/doc/admin25/
Release Notes
- Release notes for the latest OpenLDAP release: https://www.openldap.org/software/release/
- Major changes: https://www.openldap.org/software/roadmap.html
- OpenLDAP 2.5 Announcement: https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/
- OpenLDAP 2.6 Release Announcement: https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/