[rhelv6-list] LDAPD dies after update

solarflow99 solarflow99 at gmail.com
Thu Sep 1 20:58:44 UTC 2011 

On Thu, Sep 1, 2011 at 1:39 PM, Prentice Bisbal <prentice at ias.edu> wrote:

> On 09/01/2011 12:36 PM, solarflow99 wrote:
> >
> >
> > On Thu, Sep 1, 2011 at 12:04 PM, Prentice Bisbal <prentice at ias.edu
> > <mailto:prentice at ias.edu>> wrote:
> >
> >     On 09/01/2011 11:50 AM, solarflow99 wrote:
> >     >
> >     >
> >     > On Thu, Sep 1, 2011 at 10:48 AM, Prentice Bisbal <prentice at ias.edu
> >     <mailto:prentice at ias.edu>
> >     > <mailto:prentice at ias.edu <mailto:prentice at ias.edu>>> wrote:
> >     >
> >     >     On 09/01/2011 09:40 AM, Götz Reinicke wrote:
> >     >     > Am 01.09.11 15:08, schrieb Prentice Bisbal:
> >     >     >> On 09/01/2011 08:36 AM, Götz Reinicke wrote:
> >     >     >>> Hi,
> >     >     >>>
> >     >     >>> recently I updated our ldapd on our RH EL 6.1 to the most
> >     recent
> >     >     version
> >     >     >>> openldap-2.4.23-15.el6_1.1.x86_64 (from 2.4.19-15)
> >     >     >>>
> >     >     >>> Since than the deamon died twice in the middle of the
> night,
> >     >     leaving no
> >     >     >>> traces to me why.
> >     >
> >     >
> >     > I'd just use 389 instead, from my experience I can't see using
> >     openldap
> >     > in production anymore..
> >     >
> >     >
> >
> http://directory.fedoraproject.org/wiki/FAQ#How_to_install_389_in_RHEL6.3F
> >     >
> >
> >     I have just the opposite opinion. What's wrong with OpenLDAP that you
> >     feel makes it unsuitable for production?--
> >
> >
> > oh:)  I guess you tried both right? its your preference then, it wasn't
> > my personal opinion which solution is better, just the one from
> > practical experience and works properly.  Hope it helps...
> >
>
> Yes, I did try both. I tried 389 a couple of years ago when it was still
> called Fedora DS. I found there were several bugs weren't trivial to
> fix, but appeared to be well-known, thanks to Google. Some things
> weren't documented well, and the documentation was very out of date.
>
> The final show-stopper for me was that when setting up password sync
> with AD, it kept the updated passwords in a replog somewhere, clearly
> labelled "cleartext-password"
>
> That, to me was completely unacceptable, especially in a production
> environment.
>
> If you don't use AD sync, I agree that it's really a matter of personal
> preference.
>

I had no preference since they're both open source, it was just which was a
better tool for the job, i've been really disappointed with openldap for a
production environment.
There is adequate info available on the 389 site now for anything you need
to do.    http://directory.fedoraproject.org/wiki/Documentation
I just configured AD replication a short while ago, and it worked
brilliantly.  Passsync handles the password updates by intercepting password
changes in AD, so there's no need to log passwords, I didn't see any sign of
it in my passsync log.  The most common problems others run into is usually
configuring SSL.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20110901/ff7d87db/attachment.htm>

More information about the rhelv6-list mailing list