The formal release of the ReOpenLDAP 1.2.0 LDAP server has been published, formed to resurrect the project after blocking its repository on GitHub. In April, GitHub removed the accounts and repositories of many Russian developers associated with companies under US sanctions, including the ReOpenLDAP repository. In connection with the revival of user interest in ReOpenLDAP, it was decided to bring the project back to life.
The ReOpenLDAP project was created in 2014 to solve problems that arose when using the OpenLDAP package in the infrastructure of PJSC MegaFon, where the LDAP server was involved in one of the infrastructure subsystems (NGDR is a UDR (User Data Repository), according to the 3GPP 23.335 standard, and is a centralized node for storing data on all types of subscriber services in the IT infrastructure of the telecom operator). Such an application assumed a 24x7 production run of a specific LDAP directory, 10-100 million records in size, in a high-load scenario (10K updates and 50K reads per second) and in a multi-master topology.
Symas Corp, as the main developers, committers and owners of the OpenLDAP code, could not solve the problems, so they decided to try to do it themselves. As it turned out later, there were many more errors in the code than one could expect. Therefore, more effort was put into it than planned, and ReOpenLDAP is still of some value and (according to the available information) is the only LDAP server that fully and reliably supports the multi-master topology for RFC-4533, including in high-load scenarios.
In 2016, the project goals were achieved, and support and development of the project directly in the interests of MegaFon PJSC was completed. Then ReOpenLDAP was actively developed and supported for another three years, but gradually it lost its meaning:
- Technologically, MegaFon migrated from ReOpenLDAP to Tarantool, which is architecturally correct;
- There were no clearly interested ReOpenLDAP users;
- None of the developers joined the project, both because of the high entry threshold and because of the low demand for ReOpenLDAP itself;
- Development and support became too time-consuming for the remaining (core) developer, as he professionally moved away from the production operation of ReOpenLDAP.
In an inactive state, the ReOpenLDAP repository existed until April 2022, when the Github administration deleted the associated accounts and the repository itself without any warning or explanation. Recently, the author has received several requests regarding ReOpenLDAP, including the location of the repository and the state of the codebase. Therefore, it was decided to minimally refresh the project, form a technical release, and use this news to inform all those interested.
The current state of the project, including regarding OpenLDAP:
- Import of improvements and fixes from OpenLDAP has not been carried out since December 2018. For mission-critical applications, all fixes in OpenLDAP should be parsed and the relevant ones imported.
- Actual versions of OpenLDAP are now formed based on the 2.5 branch. Therefore, the improvements described below were made only in the "devel" branch (which corresponded to OpenLDAP 2.5), and then merged into the "master" (which corresponded to OpenLDAP 2.4 before the merger).
- In 2018, problems with config-bakend inherited from OpenLDAP persisted. In particular, when changing the server configuration via config-bakend (configuring LDAP over LDAP) there are race conditions or recursive annoyances including deadlocks.
- Presumably there are build issues with current versions of OpenSSL/GnuTLS;
- Passes the core set of native tests minus those requiring TLS/SSL;
Recent improvements:
- The libmdbx library has been updated to the current version with the elimination of all observed incompatibility problems that arose due to the development of the library. However, there is probably some outdated information in the man pages.
- The current version of autotools 2.71 is involved.
- Minor edits have been made in the wake of part of the warnings of the current gcc 11.2 compiler.
Source: opennet.ru