[rhelv6-list] LDAPD dies after update

Prentice Bisbal prentice at ias.edu
Thu Sep 1 17:39:55 UTC 2011 

On 09/01/2011 12:36 PM, solarflow99 wrote:
> 
> 
> On Thu, Sep 1, 2011 at 12:04 PM, Prentice Bisbal <prentice at ias.edu
> <mailto:prentice at ias.edu>> wrote:
> 
>     On 09/01/2011 11:50 AM, solarflow99 wrote:
>     >
>     >
>     > On Thu, Sep 1, 2011 at 10:48 AM, Prentice Bisbal <prentice at ias.edu
>     <mailto:prentice at ias.edu>
>     > <mailto:prentice at ias.edu <mailto:prentice at ias.edu>>> wrote:
>     >
>     >     On 09/01/2011 09:40 AM, Götz Reinicke wrote:
>     >     > Am 01.09.11 15:08, schrieb Prentice Bisbal:
>     >     >> On 09/01/2011 08:36 AM, Götz Reinicke wrote:
>     >     >>> Hi,
>     >     >>>
>     >     >>> recently I updated our ldapd on our RH EL 6.1 to the most
>     recent
>     >     version
>     >     >>> openldap-2.4.23-15.el6_1.1.x86_64 (from 2.4.19-15)
>     >     >>>
>     >     >>> Since than the deamon died twice in the middle of the night,
>     >     leaving no
>     >     >>> traces to me why.
>     >
>     >
>     > I'd just use 389 instead, from my experience I can't see using
>     openldap
>     > in production anymore..
>     >
>     >
>     http://directory.fedoraproject.org/wiki/FAQ#How_to_install_389_in_RHEL6.3F
>     >
> 
>     I have just the opposite opinion. What's wrong with OpenLDAP that you
>     feel makes it unsuitable for production?--
> 
> 
> oh:)  I guess you tried both right? its your preference then, it wasn't
> my personal opinion which solution is better, just the one from
> practical experience and works properly.  Hope it helps...
> 

Yes, I did try both. I tried 389 a couple of years ago when it was still
called Fedora DS. I found there were several bugs weren't trivial to
fix, but appeared to be well-known, thanks to Google. Some things
weren't documented well, and the documentation was very out of date.

The final show-stopper for me was that when setting up password sync
with AD, it kept the updated passwords in a replog somewhere, clearly
labelled "cleartext-password"

That, to me was completely unacceptable, especially in a production
environment.

If you don't use AD sync, I agree that it's really a matter of personal
preference.

--
Prentice

More information about the rhelv6-list mailing list