Michael L Torrie wrote:
I want to abandon this proprietary custom Apple solution soon. In the
meantime we're keeping the Apple system because it interfaces so
seamlessly with the Apple clients. While it is possible to make apple
clients talk directly to openldap, things like password syncing,
automatic mounting of home directories and so forth are not so easy. I
have other mechanisms for dealing with syncing from the apple server to
a linux server, and I can syncrepl from there for now.
Apple's hack to bridge openldap and the password server should be done
through overlays or something, but it is not. And the way they've
chosen to implement this has caused no end to problems for me and many
other OS X Server users. deadlocks, crashes, etc.
Michael
Yes, it's unfortunate that Apple didn't coordinate with the OpenLDAP
Project on their requirements in the past. There's been better
communication more recently, and hopefully they'll take advantage of the
supported extension hooks in OpenLDAP 2.3+ going forward. Personally I
think their password server was never necessary; support for
in-directory SASL secrets in OpenLDAP 2.1 obviated it from the get-go.
Another fine example of what happens when you take code but don't
participate in the community - reinvent the wheel, using an axle that
doesn't fit...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/