[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?



We have run openldap for some years, and it runs very well, but it's a fair comment for openldap to include a simple installation script, to get a server installed for the new B. That would encourage evaluation and adoption.

OpenDJ has one, it asks for base, port, hostname, if ssl is required, etc., and optionally includes a bunch of randomly generated data for testing or proof of concept type applications. If ssl is requested, it just generates a self signed certificate and installs it. Some people have pretty straightforward ldap requirements.

People who do this sort of birds eye or top down review, aren't going to spend more than an hour or two, even if they try, which it seems this one didn't. This article seems to me to be no more than a re-hash of other people's experiences with openldap, and they did not install themselves. But the ideas re-hashed

I can download a copy of OpenDJ, run the setup script and at the end of the install the server is running and configured. It has a dynamic configuration backend, but it has a command line interface for day to day usage. And the config.ldif can be hand edited if you do something unexpected like sexy up the listening port, which stops the server from starting.

I don't mean to make this a sales spiel, but my point is, there should be some notion of new B friendliness. Also i know plenty of busy computer operators who look after many different bit of software, and are not interested in the details of the server, they want to start / stop, diagnose problems, and move on to something else. Time is an issue.

I don't think as much of the idea of a configuration tui/gui for openldap though, as you'd always be tweaking the interface to batch the config backend. But i think a optimal solution of a dynamic config backend is to go in this ease of maintenance direction, otherwise you are just sweeping the rats under the rug.

I dont see how the RHEL package issues can be fixed, other than :

#!/bin/sh
echo "This package is too old, download xxxx and run the auto-build-rhel.sh script!"


There is no such script, AFAIK but it would be nice. Install required packages & libraries, warn about library conflicts, etc.,

Cheers
Brett

On Fri, Jan 31, 2014 at 2:35 AM, Howard Chu <hyc@symas.com> wrote:
Gavin Henry wrote:
http://searchdatacenter.techtarget.com/feature/IT-pros-suffer-OpenLDAP-configuration-headaches

Any one been in touch with them?

I saw some of this on twitter before, ignored it since none of the parties involved have any clue what they're talking about.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/




--
Whenever you find yourself on the side of the majority, it is time to pause and reflect.

- Mark Twain