[rhelv6-list] LDAPD dies after update
solarflow99
solarflow99 at gmail.com
Thu Sep 1 20:58:44 UTC 2011
On Thu, Sep 1, 2011 at 1:39 PM, Prentice Bisbal <prentice at ias.edu> wrote:
> On 09/01/2011 12:36 PM, solarflow99 wrote:
> >
> >
> > On Thu, Sep 1, 2011 at 12:04 PM, Prentice Bisbal <prentice at ias.edu
> > <mailto:prentice at ias.edu>> wrote:
> >
> > On 09/01/2011 11:50 AM, solarflow99 wrote:
> > >
> > >
> > > On Thu, Sep 1, 2011 at 10:48 AM, Prentice Bisbal <prentice at ias.edu
> > <mailto:prentice at ias.edu>
> > > <mailto:prentice at ias.edu <mailto:prentice at ias.edu>>> wrote:
> > >
> > > On 09/01/2011 09:40 AM, Götz Reinicke wrote:
> > > > Am 01.09.11 15:08, schrieb Prentice Bisbal:
> > > >> On 09/01/2011 08:36 AM, Götz Reinicke wrote:
> > > >>> Hi,
> > > >>>
> > > >>> recently I updated our ldapd on our RH EL 6.1 to the most
> > recent
> > > version
> > > >>> openldap-2.4.23-15.el6_1.1.x86_64 (from 2.4.19-15)
> > > >>>
> > > >>> Since than the deamon died twice in the middle of the
> night,
> > > leaving no
> > > >>> traces to me why.
> > >
> > >
> > > I'd just use 389 instead, from my experience I can't see using
> > openldap
> > > in production anymore..
> > >
> > >
> >
> http://directory.fedoraproject.org/wiki/FAQ#How_to_install_389_in_RHEL6.3F
> > >
> >
> > I have just the opposite opinion. What's wrong with OpenLDAP that you
> > feel makes it unsuitable for production?--
> >
> >
> > oh:) I guess you tried both right? its your preference then, it wasn't
> > my personal opinion which solution is better, just the one from
> > practical experience and works properly. Hope it helps...
> >
>
> Yes, I did try both. I tried 389 a couple of years ago when it was still
> called Fedora DS. I found there were several bugs weren't trivial to
> fix, but appeared to be well-known, thanks to Google. Some things
> weren't documented well, and the documentation was very out of date.
>
> The final show-stopper for me was that when setting up password sync
> with AD, it kept the updated passwords in a replog somewhere, clearly
> labelled "cleartext-password"
>
> That, to me was completely unacceptable, especially in a production
> environment.
>
> If you don't use AD sync, I agree that it's really a matter of personal
> preference.
>
I had no preference since they're both open source, it was just which was a
better tool for the job, i've been really disappointed with openldap for a
production environment.
There is adequate info available on the 389 site now for anything you need
to do. http://directory.fedoraproject.org/wiki/Documentation
I just configured AD replication a short while ago, and it worked
brilliantly. Passsync handles the password updates by intercepting password
changes in AD, so there's no need to log passwords, I didn't see any sign of
it in my passsync log. The most common problems others run into is usually
configuring SSL.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20110901/ff7d87db/attachment.htm>
More information about the rhelv6-list
mailing list