[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Brief syncrepl question

Michael L Torrie wrote:
I want to abandon this proprietary custom Apple solution soon.   In the
meantime we're keeping the Apple system because it interfaces so
seamlessly with the Apple clients.  While it is possible to make apple
clients talk directly to openldap, things like password syncing,
automatic mounting of home directories and so forth are not so easy.  I
have other mechanisms for dealing with syncing from the apple server to
a linux server, and I can syncrepl from there for now.

Apple's hack to bridge openldap and the password server should be done
through overlays or something, but it is not. And the way they've
chosen to implement this has caused no end to problems for me and many
other OS X Server users. deadlocks, crashes, etc.


Yes, it's unfortunate that Apple didn't coordinate with the OpenLDAP Project on their requirements in the past. There's been better communication more recently, and hopefully they'll take advantage of the supported extension hooks in OpenLDAP 2.3+ going forward. Personally I think their password server was never necessary; support for in-directory SASL secrets in OpenLDAP 2.1 obviated it from the get-go. Another fine example of what happens when you take code but don't participate in the community - reinvent the wheel, using an axle that doesn't fit...

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/