>>> Michael Ströder<mich...@stroeder.com> schrieb am 31.01.2014 um 16:24 in Nachricht <52ebc029.9000...@stroeder.com>: > Turbo Fredriksson wrote: >> On Jan 31, 2014, at 3:06 PM, Michael Ströder wrote: >> >>> Yeah, if she manages to setup AD the next thing is to teach her how to fix
> or >>> work around replication problems. >> >> Not the point. The argument was that OpenLDAP "is difficult to install and >> setup". NOT administrate! > > Nonsense! There is no difference between installation and administration. > It's > a major fault to artificially distinguish that! I disagree: Once the infrastructure is set up, the basic directory structure is set up, and the clients are configured, it's much easier to add/remove/modify entries than to do the initial setup. > >> And my opinion (and many, many others!) have been that it is. And that > there's >> something huge lacking in the OpenLDAP documentation. But every time this is >> brought up, all the maintainers get very hostile. >> >> I started '99/2k with OpenLDAP, and I had huge problems understanding and >> reading the documentation at the time. Most regarding the whole concept of > LDAP. > > I've started with OpenLDAP 1.0 in 1998 (well actually I've started with > Umich > 3.3. just before). But it's unfair to argue with docs from that time. Many > things improved since then. > > And yes, I'm still reading OpenLDAP docs. Especially when designing ACLs. > Fine-grained ACLs are hard in every software component. Personally I could not decide whether the implementation is ease of use or ease of implementation. > > Anyone not able to read man pages and admin guides should not touch server > configurations at all. Just as anyone not able to write man pages should not write software. > > No wonder that so many systems are hacked when so-called "IT pros" (web > enthusiasts etc.) set up systems without learning about what they are doing. > >> Luckily, I've adapted (through years of testing) to this, so now it's > reasonably >> easy. But when installing the new auth VM a few weeks ago, I had forgot that >> there's a problem with OpenSSL/GnuTLS (the interaction between them) so I >> couldn't get SSL/TLS work. It took hours of googling the very weird and >> non-discriptive errors to figure out the problem. And that of course struck a >> memory cord on how to solve it... > > In this particular case your problems arised from deficiencies of the GnuTLS > code layer. Simply don't use GnuTLS or try to improve this code part. > > Ciao, Michael.
