Bug 1956957

> Because RHEL includes openldap and openldap-clients RPMs, the EPEL8 version would have to exclude those packages.

openldap package is part of RHEL BaseOS. EPEL guidelines say that EPEL packages must never conflict with packages in RHEL [1][2]. To avoid the conflict a different prefix might be used, but Fedora Packaging Guidelines [3] (packages in EPEL also subject to them) do not allow /usr/local and limit /opt usage.
In other words, it's highly unlikely that there will be an EPEL version of openldap.

If you need openldap-servers package in RHEL8+, I suggest to use the official rpms from Symas or use rpms from LDAP Tool Box project [4]. Both of them are installed in a different prefix and do not conflict with system libraries.


[1] https://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies#Policy_for_Conflicting_Packages 
[2] https://fedoraproject.org/wiki/EPEL/FAQ#Does_EPEL_replace_packages_provided_within_Red_Hat_Enterprise_Linux_or_layered_products.3F
[3] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_no_files_or_directories_under_srv_usrlocal_or_homeuser
[4] https://ltb-project.org/documentation/openldap-rpm

What about for EPEL8 just not having the openldap RPM spec include the "openldap" and "openldap-clients" and whatever other openldap packages come from RHEL so that it does build "openldap-servers" and then just depends on RHEL for the RPMs the servers RPM needs like "openldap"?  I don't know if something like that is a viable option for EPEL or too ugly to consider doing.  Or maybe renaming the package from "openldap" to "openldap-servers" and only building the RPM to produce the "openldap-servers" RPM and rely on RHEL for the dependencies that would need at install time.

Thanks,
- Trey

openldap package contains libldap and liblber, that openldap-servers package uses. There is no guarantee that openldap-servers built against a different libldap will work with the one from BaseOS, because they might contain a different set of patches or be completely different versions. As I said earlier, the best approach is to use a different prefix to keep things separate. 

Have you considered to use rpms from Symas or LTB project?

Given the packaging guidelines linked previously it sounds like different prefix would not be allowed, though that certainly sounds like a viable option especially if there's a way to make it work with existing policies.

I was not aware of Symas or LTB projects, so those are viable options. I've also found that I can easily mock rebuild the Fedora SRPM for EPEL8 and just host the RPMs locally though I was hoping that such effort could be pushed back to something like EPEL8 so others could benefit.

If this request is a non-starter or has no realistic solutions for EPEL8, then I think this bug can be closed.

For your personal use you can rebuild in mock and install openldap packages. But keep in mind that there are at least 52 packages in BaseOS and AppStream that depend on system openldap libraries and were not tested against your rebuild and some things might break:

$ repoquery --setopt=appstream.module_hotfixes=true --whatdepends openldap --qf '%{SOURCERPM}' | wc -l 
Last metadata expiration check: 0:04:39 ago on Thu 06 May 2021 14:52:11 UTC.
52

If you just need an LDAP server on RHEL8, you might want to take a look at FreeIPA [1] or 389 Directory Server [2] projects. 

Thanks.

[1] https://www.freeipa.org/page/About
[2] https://www.port389.org/docs/389ds/download.html#centos-81-ds-14x