Or you can use Fedora Directory Server for free. Also note that the price is _per server_, not per entry or per user like many of the other large commercial LDAP server vendors. So if you have a large number of entries, it can be a good deal.Hallvard B Furuseth wrote, on 26. feb 2007 20:19:
[...]
Is there something particular which makes this more so for OpenLDAP than other packages, or are OpenLDAP releases more buggy than other packages, or are existing bugs more likely to be fatal, or...?
I had the impression that this was mostly a RedHat issue. But if it's more general, it sounds like the only likely fix would be in OpenLDAP or the release methods or something.
I guess I was born cynical; Red Hat always (through many years) had a lousy record of supporting OpenLDAP, whilst its support of stuff like Apache and MySQL has always been impeccable. Not only these packages, but the OS as a whole has been supported and maintained (with or without back porting) in a manner that I as a SysV and Red Hat aficionado would find it difficult (but not impossible) to leave for any competitor. One asks oneself what, for example, Centos will do in the circumstances.
Lately Red Hat has adopted (bought) it's own directory services from Netscape/Sun. Looking at Red Hat's service support conditions (available for anyone on the net), I see that Red Hat (nothing like repeating the name for cognizance) wishes to charge around $17,000 per site for support of its own directory services.
I don't see any motive for continued Red Hat OpenLDAP support there.Red Hat has a large number of customers running the OpenLDAP server provided as part of the base OS, and these customers are supported, and will be for the lifetime of their support contracts with Red Hat. I won't get into the entire history, but there have been many customers who adamantly refused to upgrade OpenLDAP because it was "just working" (for some value of "working") and did not want to "fix something that wasn't broken". Of course this is a gross oversimplification but should convey the general idea. And yes, I've heard a thousand times that "yes, it is broken, they just don't know it - yet" (and so have the aforementioned Red Hat customers, to no avail).
Red Hat's pecuniary philosophy is fast becoming a superset of Microsoft's.Hardly. But you're welcome to your own opinion. Red Hat spent a considerable amount of money to purchase the Netscape server products, open source them, and make them available _for free_ as Fedora Directory Server. A lot of the work to open source the code, replace proprietary components with open source alternatives, make the build process more friendly to the open source community, package-ify, etc. was done solely for the purpose of creating a viable open source project, and at the expense of adding other features to the product to attract more paying customers.
My own experience over the last three years has been, that (latterly with Buchan Milne's continually updated Red Hat specs/srpms), I can probably do a far better job of supporting directory services using OpenLDAP on Red Hat and Fedora bases than Red Hat can using its own stuff; certainly for far less money. OpenLDAP is a crucial component of all Red Hat sites I have anything to do with.That's great. If it works for you, more power to you.
--Tonni