[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

To: "Turbo Fredriksson" <turbo@bayour.com>, <openldap-technical@openldap.org>, "Michael StrÃder" <michael@stroeder.com>
Subject: Antw: Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 03 Feb 2014 08:04:14 +0100
Content-disposition: inline
In-reply-to: <52EBC029.9000903@stroeder.com>
References: <CAPcb_GK5B=-PzNuxY8wNkh+n-FRhnv0snDAcLYxjqhun1H97Bw@mail.gmail.com> <52EA7F3D.2090905@symas.com> <DBB1B1AD-EE28-4E1E-AF18-9974DC9CC06B@bayour.com> <52EA8929.2010309@symas.com> <59281912-8B90-495E-8FAC-99330FF17CD4@bayour.com> <52EBADCF.3030606@stroeder.com> <7D193934-DF42-4AE3-97ED-1BB48E19D945@bayour.com> <52EBC029.9000903@stroeder.com>

>>> Michael StrÃder<michael@stroeder.com> schrieb am 31.01.2014 um 16:24 in
Nachricht <52EBC029.9000903@stroeder.com>:
> Turbo Fredriksson wrote:
>> On Jan 31, 2014, at 3:06 PM, Michael StrÃder wrote:
>> 
>>> Yeah, if she manages to setup AD the next thing is to teach her how to fix

> or
>>> work around replication problems.
>> 
>> Not the point. The argument was that OpenLDAP "is difficult to install and
>> setup". NOT administrate!
> 
> Nonsense! There is no difference between installation and administration. 
> It's
> a major fault to artificially distinguish that!

I disagree: Once the infrastructure is set up, the basic directory structure
is set up, and the clients are configured, it's much easier to
add/remove/modify entries than to do the initial setup.

> 
>> And my opinion (and many, many others!) have been that it is. And that 
> there's
>> something huge lacking in the OpenLDAP documentation. But every time this
is
>> brought up, all the maintainers get very hostile.
>> 
>> I started '99/2k with OpenLDAP, and I had huge problems understanding and
>> reading the documentation at the time. Most regarding the whole concept of

> LDAP.
> 
> I've started with OpenLDAP 1.0 in 1998 (well actually I've started with 
> Umich
> 3.3. just before). But it's unfair to argue with docs from that time. Many
> things improved since then.
> 
> And yes, I'm still reading OpenLDAP docs. Especially when designing ACLs.
> Fine-grained ACLs are hard in every software component.

Personally I could not decide whether the implementation is ease of use or
ease of implementation.

> 
> Anyone not able to read man pages and admin guides should not touch server
> configurations at all.

Just as anyone not able to write man pages should not write software.

> 
> No wonder that so many systems are hacked when so-called "IT pros" (web
> enthusiasts etc.) set up systems without learning about what they are
doing.
> 
>> Luckily, I've adapted (through years of testing) to this, so now it's 
> reasonably
>> easy. But when installing the new auth VM a few weeks ago, I had forgot
that
>> there's a problem with OpenSSL/GnuTLS (the interaction between them) so I
>> couldn't get SSL/TLS work. It took hours of googling the very weird and
>> non-discriptive errors to figure out the problem. And that of course struck
a
>> memory cord on how to solve it...
> 
> In this particular case your problems arised from deficiencies of the
GnuTLS
> code layer. Simply don't use GnuTLS or try to improve this code part.
> 
> Ciao, Michael.

Prev by Date: Re: Antw: problem with accessing secure ldap --- Low Sensitivity/Aerospace Internal Use Only
Next by Date: Antw: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
Index(es):
- Chronological
- Thread