[rhelv6-list] LDAPD dies after update
Prentice Bisbal
prentice at ias.edu
Thu Sep 1 17:39:55 UTC 2011
On 09/01/2011 12:36 PM, solarflow99 wrote:
>
>
> On Thu, Sep 1, 2011 at 12:04 PM, Prentice Bisbal <prentice at ias.edu
> <mailto:prentice at ias.edu>> wrote:
>
> On 09/01/2011 11:50 AM, solarflow99 wrote:
> >
> >
> > On Thu, Sep 1, 2011 at 10:48 AM, Prentice Bisbal <prentice at ias.edu
> <mailto:prentice at ias.edu>
> > <mailto:prentice at ias.edu <mailto:prentice at ias.edu>>> wrote:
> >
> > On 09/01/2011 09:40 AM, Götz Reinicke wrote:
> > > Am 01.09.11 15:08, schrieb Prentice Bisbal:
> > >> On 09/01/2011 08:36 AM, Götz Reinicke wrote:
> > >>> Hi,
> > >>>
> > >>> recently I updated our ldapd on our RH EL 6.1 to the most
> recent
> > version
> > >>> openldap-2.4.23-15.el6_1.1.x86_64 (from 2.4.19-15)
> > >>>
> > >>> Since than the deamon died twice in the middle of the night,
> > leaving no
> > >>> traces to me why.
> >
> >
> > I'd just use 389 instead, from my experience I can't see using
> openldap
> > in production anymore..
> >
> >
> http://directory.fedoraproject.org/wiki/FAQ#How_to_install_389_in_RHEL6.3F
> >
>
> I have just the opposite opinion. What's wrong with OpenLDAP that you
> feel makes it unsuitable for production?--
>
>
> oh:) I guess you tried both right? its your preference then, it wasn't
> my personal opinion which solution is better, just the one from
> practical experience and works properly. Hope it helps...
>
Yes, I did try both. I tried 389 a couple of years ago when it was still
called Fedora DS. I found there were several bugs weren't trivial to
fix, but appeared to be well-known, thanks to Google. Some things
weren't documented well, and the documentation was very out of date.
The final show-stopper for me was that when setting up password sync
with AD, it kept the updated passwords in a replog somewhere, clearly
labelled "cleartext-password"
That, to me was completely unacceptable, especially in a production
environment.
If you don't use AD sync, I agree that it's really a matter of personal
preference.
--
Prentice
More information about the rhelv6-list
mailing list