[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

Turbo Fredriksson wrote:
> On Jan 31, 2014, at 3:06 PM, Michael Ströder wrote:
>> Yeah, if she manages to setup AD the next thing is to teach her how to fix or
>> work around replication problems.
> Not the point. The argument was that OpenLDAP "is difficult to install and
> setup". NOT administrate!

Nonsense! There is no difference between installation and administration. It's
a major fault to artificially distinguish that!

> And my opinion (and many, many others!) have been that it is. And that there's
> something huge lacking in the OpenLDAP documentation. But every time this is
> brought up, all the maintainers get very hostile.
> I started '99/2k with OpenLDAP, and I had huge problems understanding and
> reading the documentation at the time. Most regarding the whole concept of LDAP.

I've started with OpenLDAP 1.0 in 1998 (well actually I've started with Umich
3.3. just before). But it's unfair to argue with docs from that time. Many
things improved since then.

And yes, I'm still reading OpenLDAP docs. Especially when designing ACLs.
Fine-grained ACLs are hard in every software component.

Anyone not able to read man pages and admin guides should not touch server
configurations at all.

No wonder that so many systems are hacked when so-called "IT pros" (web
enthusiasts etc.) set up systems without learning about what they are doing.

> Luckily, I've adapted (through years of testing) to this, so now it's reasonably
> easy. But when installing the new auth VM a few weeks ago, I had forgot that
> there's a problem with OpenSSL/GnuTLS (the interaction between them) so I
> couldn't get SSL/TLS work. It took hours of googling the very weird and
> non-discriptive errors to figure out the problem. And that of course struck a
> memory cord on how to solve it...

In this particular case your problems arised from deficiencies of the GnuTLS
code layer. Simply don't use GnuTLS or try to improve this code part.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature