[Freeipa-users] upstream ipa on centos inside openvz container

[Angel Marin]

Ivan Levchenko wrote:
> Angel Marin wrote:
>> When we did the first tests here, the slapd setup scripts seemed to be 
>> kind of buggy while dealing with input it doen't like. For example a 
>> directory service admin password containing same special chars (can't 
>> remember which) generated an invalid dse.ldif config section. To make 
>> things worse slapd segfaulted instead of dealing with it more gracefully.
>>
>> Try running ns-slapd with debug enabled or inside gdb, it should give 
>> you a hint on what attribute is making it choke.
> 
> You're right, I did use a password with some special chars =)
> 
> Are there any other such caveats that might cause some strange behavior 
> (more segfaults)?

Only with the setup process (I can't recall what triggered them though). 
We also had to apply some of the post 1.1.0 patches to get some of the 
tools going, but other than that once we got it setup and running, it's 
been rock solid.

> And more importantly, is IPA ready enough to use on a production system 
> to handle user/email accounts?

It's on production now here (we're still migrating workstations). Its 
main components (DS and MIT kdc) have been around for quite some time so 
it's not like it's some kind of new and untested piece of code :) IPA 
will mainly glue them for you and provide nice admin tools while at it :)

> I'm just looking into the various ldap implementations and I really like 
>  IPA based on its description... (and gui tools)

Regards,
-- 
Angel Marin
http://anmar.eu.org/