Bug 1956957 - Add EPEL8 branch for openldap
Summary: Add EPEL8 branch for openldap
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Simon Pichugin
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2021-05-04 18:20 UTC by Trey Dockendorf
Modified: 2021-05-06 15:09 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-05-06 15:09:23 UTC
Type: Bug

Attachments (Terms of Use)

Description Trey Dockendorf 2021-05-04 18:20:22 UTC
Description of problem:

I'd like to request a EPEL8 branch of the openldap RPMs. Because RHEL includes openldap and openldap-clients RPMs, the EPEL8 version would have to exclude those packages.  If it's easier I would be happy to become the EPEL8 maintainer of openldap.

Comment 1 Viktor Ashirov 2021-05-04 22:02:01 UTC
> Because RHEL includes openldap and openldap-clients RPMs, the EPEL8 version would have to exclude those packages.

openldap package is part of RHEL BaseOS. EPEL guidelines say that EPEL packages must never conflict with packages in RHEL [1][2]. To avoid the conflict a different prefix might be used, but Fedora Packaging Guidelines [3] (packages in EPEL also subject to them) do not allow /usr/local and limit /opt usage.
In other words, it's highly unlikely that there will be an EPEL version of openldap.

If you need openldap-servers package in RHEL8+, I suggest to use the official rpms from Symas or use rpms from LDAP Tool Box project [4]. Both of them are installed in a different prefix and do not conflict with system libraries.

[1] https://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies#Policy_for_Conflicting_Packages 
[2] https://fedoraproject.org/wiki/EPEL/FAQ#Does_EPEL_replace_packages_provided_within_Red_Hat_Enterprise_Linux_or_layered_products.3F
[3] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_no_files_or_directories_under_srv_usrlocal_or_homeuser
[4] https://ltb-project.org/documentation/openldap-rpm

Comment 2 Trey Dockendorf 2021-05-06 13:10:41 UTC
What about for EPEL8 just not having the openldap RPM spec include the "openldap" and "openldap-clients" and whatever other openldap packages come from RHEL so that it does build "openldap-servers" and then just depends on RHEL for the RPMs the servers RPM needs like "openldap"?  I don't know if something like that is a viable option for EPEL or too ugly to consider doing.  Or maybe renaming the package from "openldap" to "openldap-servers" and only building the RPM to produce the "openldap-servers" RPM and rely on RHEL for the dependencies that would need at install time.

- Trey

Comment 3 Viktor Ashirov 2021-05-06 13:48:53 UTC
openldap package contains libldap and liblber, that openldap-servers package uses. There is no guarantee that openldap-servers built against a different libldap will work with the one from BaseOS, because they might contain a different set of patches or be completely different versions. As I said earlier, the best approach is to use a different prefix to keep things separate. 

Have you considered to use rpms from Symas or LTB project?

Comment 4 Trey Dockendorf 2021-05-06 14:36:30 UTC
Given the packaging guidelines linked previously it sounds like different prefix would not be allowed, though that certainly sounds like a viable option especially if there's a way to make it work with existing policies.

I was not aware of Symas or LTB projects, so those are viable options. I've also found that I can easily mock rebuild the Fedora SRPM for EPEL8 and just host the RPMs locally though I was hoping that such effort could be pushed back to something like EPEL8 so others could benefit.

If this request is a non-starter or has no realistic solutions for EPEL8, then I think this bug can be closed.

Comment 5 Viktor Ashirov 2021-05-06 15:09:23 UTC
For your personal use you can rebuild in mock and install openldap packages. But keep in mind that there are at least 52 packages in BaseOS and AppStream that depend on system openldap libraries and were not tested against your rebuild and some things might break:

$ repoquery --setopt=appstream.module_hotfixes=true --whatdepends openldap --qf '%{SOURCERPM}' | wc -l 
Last metadata expiration check: 0:04:39 ago on Thu 06 May 2021 14:52:11 UTC.

If you just need an LDAP server on RHEL8, you might want to take a look at FreeIPA [1] or 389 Directory Server [2] projects. 


[1] https://www.freeipa.org/page/About
[2] https://www.port389.org/docs/389ds/download.html#centos-81-ds-14x

Note You need to log in before you can comment on or make changes to this bug.