From Fedora Project Wiki


Openldap-2.5

Summary

OpenLDAP upgrade from version 2.4.59 to the latest upstream version 2.5.8 in Fedora.

Owner

Current status

  • Targeted release: Fedora Linux 36
  • Last updated: 2021-10-29
  • FESCo issue: #2682
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Upgrading OpenLDAP from version 2.4.59 to version 2.5.8 according to the new upstream release. Years of development differ between these two releases, so problems are expected.

This change might cause failures during builds of multiple packages. These two versions have slight ABI incompatibility even though it's easily fixable. This step must be properly discussed with maintainers of dependent packages, which should forward this change proposal to their upstream projects.

Feedback

Benefit to Fedora

Brings a stable and up-to-date version of OpenLDAP according to upsteam release. OpenLDAP 2.4 will be out of support as soon as OpenLDAP 2.6 is released which is planned for this year. Fedora will be prepared for such a step.

Scope

  • Proposal owners:
  • Other developers: Check if their packages can be build with openldap-2.5.8, if not, they are required to make the appropriate changes to their packages.
  • Release engineering: #10349
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

Problems during build can appear in multiple packages what can lead to build failure, as multiple packages require OpenLDAP as their upstream dependency. These problems have to be resolved before adding openldap-2.5.8 into Fedora. It seems aprox. 10% of dependent packages are having problems during build, which could be caused by a problem with same pattern.

Full ABI Compatibility Report: https://spichugi.fedorapeople.org/ol_24_25_abi_check/compat_report.html

How To Test

Rebuilding your packages with openldap-2.5.8 dependency in copr (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.5/).

The best way to rebuild new version of package against openldap-2.5.8 is to create a pull-request against your dist-git repository (against rawhide branch). After that, you package will be automatically rebuild in the mentioned copr. Please find your package in the "Builds" tab and search in the various sub-tabs for your build.

If possible, please prepare a pull-request, so you can easily merge it, when the change will be executed.

For local testing and building, please download mock-config from the given copr repository and use it with your mock:

copr mock-config spichugi/openldap-2.5 fedora-rawhide-x86_64 > spichugi-openldap-2.5_fedora-rawhide-x86_64.cfg

mv spichugi-openldap-2.5_fedora-rawhide-x86_64.cfg /etc/mock

Now we may run: mock -r spichugi-openldap-2.5_fedora-rawhide-x86_64 --rebuild <package-1.0-1.src.rpm>

User Experience

Users will be able to use the newer version (2.5) of OpenLDAP, and building packages with openldap-2.4 won't be available, as it won't be present on the specific fedora version. This can affect 3rd partly packages, which are not part of Fedora.

To remediate the impact of the change the post-installation script will be run with the package installation. And in case the openldap-servers package is installed on the system, dnf will halt the upgrade and notify the user with a message describing what and why happened, and what steps to take to mitigate the issue.

The user will have to follow the Upstream upgrading guide and only then concisely continue the upgrade: https://www.openldap.org/doc/admin25/appendix-upgrading.html

Dependencies

Tens of packages have build dependency on OpenLDAP, so they should be properly notified and the upgradeshould be carefully tested. List of dependent packages with their ability to be built with openldap-2.5 can be found in the given copr project (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.5/packages/)

Contingency Plan

  • Contingency mechanism: moving this change to Fedora 37, if not successfully finished until Fedora 36 branching from Rawhide
  • Contingency deadline: Fedora 36 branching from Rawhide (2022-02-08)
  • Blocks release? No


Documentation

Latest OpenLDAP documentation: https://www.openldap.org/doc/admin25/

Release Notes