On Thu, Sep 1, 2011 at 1:39 PM, Prentice Bisbal <[email protected]> wrote:
> On 09/01/2011 12:36 PM, solarflow99 wrote: > > > > > > On Thu, Sep 1, 2011 at 12:04 PM, Prentice Bisbal <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 09/01/2011 11:50 AM, solarflow99 wrote: > > > > > > > > > On Thu, Sep 1, 2011 at 10:48 AM, Prentice Bisbal <[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > On 09/01/2011 09:40 AM, Götz Reinicke wrote: > > > > Am 01.09.11 15:08, schrieb Prentice Bisbal: > > > >> On 09/01/2011 08:36 AM, Götz Reinicke wrote: > > > >>> Hi, > > > >>> > > > >>> recently I updated our ldapd on our RH EL 6.1 to the most > > recent > > > version > > > >>> openldap-2.4.23-15.el6_1.1.x86_64 (from 2.4.19-15) > > > >>> > > > >>> Since than the deamon died twice in the middle of the > night, > > > leaving no > > > >>> traces to me why. > > > > > > > > > I'd just use 389 instead, from my experience I can't see using > > openldap > > > in production anymore.. > > > > > > > > > http://directory.fedoraproject.org/wiki/FAQ#How_to_install_389_in_RHEL6.3F > > > > > > > I have just the opposite opinion. What's wrong with OpenLDAP that you > > feel makes it unsuitable for production?-- > > > > > > oh:) I guess you tried both right? its your preference then, it wasn't > > my personal opinion which solution is better, just the one from > > practical experience and works properly. Hope it helps... > > > > Yes, I did try both. I tried 389 a couple of years ago when it was still > called Fedora DS. I found there were several bugs weren't trivial to > fix, but appeared to be well-known, thanks to Google. Some things > weren't documented well, and the documentation was very out of date. > > The final show-stopper for me was that when setting up password sync > with AD, it kept the updated passwords in a replog somewhere, clearly > labelled "cleartext-password" > > That, to me was completely unacceptable, especially in a production > environment. > > If you don't use AD sync, I agree that it's really a matter of personal > preference. > I had no preference since they're both open source, it was just which was a better tool for the job, i've been really disappointed with openldap for a production environment. There is adequate info available on the 389 site now for anything you need to do. http://directory.fedoraproject.org/wiki/Documentation I just configured AD replication a short while ago, and it worked brilliantly. Passsync handles the password updates by intercepting password changes in AD, so there's no need to log passwords, I didn't see any sign of it in my passsync log. The most common problems others run into is usually configuring SSL. http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html
_______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
