If you not appreciate OpenLDAP, nobody force you to use it :-) You can choose a non-opensource software or develop your own :-)
Personally I have 6 OpenLDAP in a redundant architecture and they are running since 3 years and I never had a problem ! Never rebooted service, server etc. If I want to modify something in the configuration, I make it in a test server, and if it works, I make the same modification in the prod server (just on it and the configuration is automatically updated on the 5 other servers…). With the configuration stored in cn=config, you can modify server configuration without restarting service and you can synchronise server configuration :-) I think you have not learning much about how to CORRECTLY use OpenLDAP. If you want a good introduction consult these links. Basic installation : http://www.cyrill-gremaud.ch/linux/howto-install-openldap-2-4-server/ Setup multi-master replication : http://www.cyrill-gremaud.ch/linux/howto-setup-n-way-multi-master-replication-with-openldap/ Add new custom schema : http://www.cyrill-gremaud.ch/linux/how-to-add-new-schema-to-openldap-2-4/ Remove custom schema : http://www.cyrill-gremaud.ch/linux/deleting-custom-schema-in-openldap-2-4/ Best regards, cyrill gremaud On 26 Nov 2014, at 06:43, Onno van der Straaten <[email protected]<mailto:[email protected]>> wrote: What was created with OpenLDAP is incredible. Truly. Experienced with open source but never seen before a system that is so archaic. Amazing. The way that configuration works is something that has to be seen and experienced to be believed. There must be strong commercial interest served here to create a system that works in this manner. It allows for configuration changes that corrupt the installation but will now allow manual correction of the configuration. Chicken and egg. To correct the configuration you have start OpenLDAP and ldapmodify the config files. But.... OpenLDAP will not start because the configuration is not correct. Really funny. And if you try to manually undo your changes, OpenLDAP will completely refuse to put itself into something that resembles a working configuration. It is fairly easy to make configuration changes that corrupt the database. Documentation is often incorrect or non-existing. For example try to add sha2 support. Accidentally add non existing hash method will create a corrupt configuration. If you slapd restart it will fail to start. To correct the configuration you need to start slapd. To start slapd you need correct configuration. It is the end of your efforts. I'm not doing this on a production system of course, I am trying to create a production system where OpenLDAP is on of the many components. So far most of the effort is OpenLDAP effort. It is consuming most of the project budget. A project of a couple of days turns into a project for a couple of weeks. We just need a LDAP user directory. OpenLDAP is not it.
