[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

On Jan 30, 2014, at 7:35 PM, Howard Chu wrote:

> You are (unfortunately) confusing the very new back-mdb with the very old

Ah, ok. Fair enough, but that must need optimization to work properly (?).


I'm currently in the process of migrating all the authentication services
from my iron (which is also my ZFS On Linux storage - my idea was to ONLY
have storage on the iron) to a virtual machine.

So I installed the latest version (2.4.39 or something like that - can't check
now). I saw the recommendation to use the new mdb backend (I'm using hdb on the
ldap server on the iron).

But a few days later, I noticed that the LDAP server on the VM was down, and I
couldn't restart it. Some debugging later, I noticed that the log db had grown
out of control (also using mdb).

I didn't have time to investigate exactly why, so I just deleted the whole log
db (don't really need it).

> I don't even fire up an editor, I just issue an ldapmodify - no service restart needed either, no interruption of service to clients. There's nothing smoother and more transparent than that.

Yeah, but you probably do that all day. I don't change my server that often,
so every time I first need to retrieve the object in question, look at it,
then generate a change ldif that I can send to the LDAP server.

In my phpQLAdmin tool (which I haven't worked on in quite some time) I added
support for the new slapd config backend 'years' ago, so I HAVE used it, I just
remember that it's a lot more complicated (if you don't do it all day) than
editing a flat file.


I'm all for removing the flat config file, I also think that the new way is
better. But it IS more complicated, no matter how you see it. TO complicated,
no, but still MORE complicated...

> That's not OpenLDAP's fault, that's all RedHat.

Technically you're of course right, but that doesn't really matter in practice.
That's not how 'the noob' sees it. People (especially people not experienced
enough to file a proper bug/issue report - which is quite difficult!) have a
(really bad) habit of looking at the wrong thing when something doesn't work.

How many haven't heard the report: "It doesn't work." (period, full stop! :).
Usually followed with "Fix it now!" :D

I'm in no way immune to that, but I like to think that when I have a problem,
I'm good at trying to figure out WHY something goes wrong and 'blame' the
correct part/software... But most people don't. And that's the ones bitching
most loudly about OpenLDAP being complex. It IS complex, but it's supposed to
be - it's the most advanced and fastest LDAP server out there, with the longest
list of features...
--
Life sucks and then you die