Subject: | |
From: | |
Reply To: | |
Date: | Mon, 8 Dec 2008 10:00:14 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
To expand a little bit on this:
We use our LDAP as a meta directory and have both our accounts (ca.
2000) and machine information in it. We use it as a back-end for
postfix, DHCP, DNS (bind-sdb) and vlan/port information for our switches.
Being a meta directory, the master can get hit very hard with writes
during syncs from other systems.
My main problems were in mod-rdn's not syncing to 64 bit consumers and
replication suddenly stopping about once every two weeks on other
consumers (both 32 and 64 bit). I noticed the mod-rdn issue in both the
SL and Centos 64 bit server; the 32 bit version ran just fine in that
regard. Note that not every implementation uses mod-rnd's.
Digging through the TUV bugzilla I found quite a few outstanding bugs,
some mod-rdn related. Posts on various mailinglists (and responses on
bugs in bugzilla) left the impression openLDAP server problems are not
high priority with TUV. So in the end I decided to roll my own rpm's
using the latest 2.3 version.
The TUV version might work for you. But do monitor it for a few weeks
before going in production and make sure the consumer is actually in sync.
Roelof
Faye Gibbins wrote:
> We are also an Openldap shop/School on SL5.0
>
> We're running the TUV's ldap rpms with replication and it's working
> perfectly.
>
> We're using STARTTLS'd enabled Syncrepl. Apart from a few teething
> problems at the beginning it's been working fine.
>
> Faye
>
>
> Roelof van der Kleij wrote:
>> Hi Michael,
>>
>> We are an openldap shop. We use an in-house php app to manage
>> accounts etc. Our ldap servers run FreeBSD, but I am in the process
>> of migrating to Centos/SL servers.
>>
>> I found the openldap server packages included in RHEL5 to be out of
>> date and seriously broken. Especially master-slave replication is
>> impossible to get running reliably. The included Berkeley db version
>> is a bit buggy too (the openldap package indludes it's own bdb
>> version separate from the older one in db4.rpm)
>> Also, most overlays are not included in the RHEL version.
>>
>> I am now maintaining my own openldap 2.3.43 rpm's. My impression is
>> that RHEL is only interested in keeping the client side stable and
>> expects you to run RDS for the server side.
>>
>> So either go FDS or start to maintain your own openldap packages.
>>
>> Roelof
>>
>>
>> Michael Mansour wrote:
>>> Hi,
>>>
>>> This area is quite new to me so I thought I'd ask this general
>>> question.
>>>
>>> I have a requirement where I need to setup an LDAP server and then
>>> have a web
>>> form available where people can fill out their details (name,
>>> address, etc)
>>> and have that web form effectively create an account on the LDAP
>>> server.
>>>
>>> In terms of the LDAP facility, I have previously installed and run
>>> OpenLDAP a
>>> few times over the times, but never in production (just to learn
>>> it). But I'm
>>> after some recommendations noting the requirement above.
>>>
>>> * Should I use OpenLDAP for this?
>>>
>>> * Should I use Fedora Directory Server for this?
>>>
>>> * Should I use something else for LDAP directory services?
>>>
>>> In terms of the Web form, is there anyone that knows what I can use
>>> here? like
>>> a current project or current piece of software (non-commercial) that
>>> does this?
>>>
>>> Thanks for any tips, recommendations and advice.
>>>
>>> Michael.
>>>
>>
>
>
|
|
|