[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

Wiebe Cazemier wrote:
----- Original Message -----

I am by no means an LDAP expert, but as an experienced Linux sysadmin I do
have to say that I have had some very tricky issues with OpenLDAP.

One of them involved fiddling for days with difficulty changing the root
password, after finally finding out that the Ubuntu docs were wrong [1]; they
had cause me to create two admin users, with the passwords in plain text no less.

The other involved getting 'TLS required' on the TCP connection, which
to be undocumented.

Nonsense. The security directive is documented in slapd.conf(5) and slapd-config(5) manpages.

My question on Serverfault about it [2] is getting to be
quite popular. Forcing encryption would have been a lot easier if a different
port for SSL wasn't deprecated.

As usual when you go to unofficial support channels, all you get is garbage from unqualified self-proclaimed experts. The highest ranked answer on your question is flat wrong, and refers to Zytrax documentation, which is poorly plagiarized from outdated copies of the OpenLDAP Admin Guide and mixed with a generous helping of misinformation from their own addled brains.

[1] https://bugs.launchpad.net/serverguide/+bug/1094842
[2] https://serverfault.com/questions/459718/configure-openldap-with-tls-required

Regardless of what you may think about the tone of postings on this list (which is ludicrous to begin with since emails by their nature are horrible at conveying tone or emotion), actual subject matter experts monitor this list and make sure that correct answers get posted and that BS is censured. That is the purpose of this forum.

If you want to be coddled, feel free to look elsewhere. If you want real answers, this is the place.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/