[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: OpenLDAP incroyable!

To: <onno.van.der.straaten@gmail.com>, <openldap-technical@openldap.org>
Subject: Antw: OpenLDAP incroyable!
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Wed, 26 Nov 2014 09:34:52 +0100
Content-disposition: inline
In-reply-to: <CADKMi6L08GjUcW3LiKmHjzP0W0CVdW44RqpJq+kWek-ENxJ_bw@mail.gmail.com>
References: <CADKMi6L08GjUcW3LiKmHjzP0W0CVdW44RqpJq+kWek-ENxJ_bw@mail.gmail.com>

>>> Onno van der Straaten <onno.van.der.straaten@gmail.com> schrieb am 26.11.2014
um 06:43 in Nachricht
<CADKMi6L08GjUcW3LiKmHjzP0W0CVdW44RqpJq+kWek-ENxJ_bw@mail.gmail.com>:
> What was created with OpenLDAP is incredible. Truly.
> 
> Experienced with open source but never seen before a system that is so
> archaic. Amazing. The way that configuration works is something that has to
> be seen and experienced to be believed.
> 
> There must be strong commercial interest served here to create a system
> that works in this manner. It allows for configuration changes that corrupt
> the installation but will now allow manual correction of the configuration.

That isn't quite different from MS-Windows ;-)

> 
> Chicken and egg. To correct the configuration you have start OpenLDAP and
> ldapmodify the config files. But.... OpenLDAP will not start because the
> configuration is not correct. Really funny. And if you try to manually undo

You are wrong: slapadd can modify the config while slapd is down.

> your changes, OpenLDAP will completely refuse to put itself into something
> that resembles a working configuration.

You can always have backups of your files and restore them!

> 
> It is fairly easy to make configuration changes that corrupt the database.

That's why to 1) be careful with changes, and 2) make backups

> Documentation is often incorrect or non-existing. For example try to add
> sha2 support. Accidentally add non existing hash method will create a

What would you have done about 6 weeks ago if you wanted to add SHA-2 to Windows 7?

> corrupt configuration. If you slapd restart it will fail to start. To

You can do that with Windows also. See about backup.

> correct the configuration you need to start slapd. To start slapd you need
> correct configuration. It is the end of your efforts.

No, see above. You are wrong,

> 
> I'm not doing this on a production system of course, I am trying to create
> a production system where OpenLDAP is on of the many components. So far
> most of the effort is OpenLDAP effort. It is consuming most of the project
> budget. A project of a couple of days turns into a project for a couple of
> weeks.
> 
> We just need a LDAP user directory. OpenLDAP is not it.

I agreed that slapd can be improved in many way, and you can easily shoot yourself into the foot with it, but once you got some experience, you can keep it up and running. Even if it's not the latest version.

Regards,
Ulrich

Prev by Date: Re: Antw: Passwords, Hashing, and Binds
Next by Date: Antw: ldaps replication question
Index(es):
- Chronological
- Thread