Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

Turbo Fredriksson wrote:
On Jan 30, 2014, at 5:35 PM, Howard Chu wrote:

I saw some of this on twitter before, ignored it since none of the parties involved have any clue what they're talking about.

Personally, I think it's spot on. It IS hard to configure an LDAP server, and
even harder to understand how it works (the object based part). Took me three
months first time, and I'm not an idiot.

The object based part is *LDAP*, so that complaint is not specific to OpenLDAP.

The part about RedHat seems fairly accurate to me, it *is* true that they have their own commercial LDAP server to sell, and they have no great interest in OpenLDAP working well on their platforms.

Even today, I need to consult either my own book or the howto (or seriously
skim through the man pages) to setup a new server.

And I still need to read the docs when configuring an Apache HTTP server. That's why we have manpages, there's nothing wrong about that.

And even worse if when you want to optimize the backend... There's a lot of
magic there....

The LMDB backend has no tuning/optimization. That's one of the reasons it exists today.

And with the new config backend!? I haven't even had the time or energy to go
that far yet!

I think you (and everyone else) are blowing this way out of proportion. Compare the example from here


to the slapd.conf example


They aren't that different, and anyone familiar with slapd.conf and LDIF files should have no trouble mapping concepts from one to the other.

And if you aren't familiar with slapd.conf *and* LDIF then you don't know enough to be an OpenLDAP administrator in the first place, you need to do more homework. That's just life.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/