To expand a little bit on this:

We use our LDAP as a meta directory and have both our accounts (ca. 
2000) and machine information in it. We use it as a back-end for 
postfix, DHCP, DNS (bind-sdb) and vlan/port information for our switches.
Being a meta directory, the master can get hit very hard with writes 
during syncs from other systems.

My main problems were in mod-rdn's not syncing to 64 bit consumers and 
replication suddenly stopping about once every two weeks on other 
consumers (both 32 and 64 bit). I noticed the mod-rdn issue in both the 
SL and Centos 64 bit server; the 32 bit version ran just fine in that 
regard. Note that not every implementation uses mod-rnd's.

Digging through the TUV bugzilla I found quite a few outstanding bugs, 
some mod-rdn related. Posts on various mailinglists (and responses on 
bugs in bugzilla) left the impression openLDAP server problems are not 
high priority with TUV. So in the end I decided to roll my own rpm's 
using the latest 2.3 version.

The TUV version might work for you. But do monitor it for a few weeks 
before going in production and make sure the consumer is actually in sync.

Roelof

Faye Gibbins wrote:
> We are also an Openldap shop/School on SL5.0
>
> We're running the TUV's ldap rpms with replication and it's working 
> perfectly.
>
> We're using STARTTLS'd enabled Syncrepl. Apart from a few teething 
> problems at the beginning it's been working fine.
>
> Faye
>
>
> Roelof van der Kleij wrote:
>> Hi Michael,
>>
>> We are an openldap shop. We use an in-house php app to manage 
>> accounts etc. Our ldap servers run FreeBSD, but I am in the process 
>> of migrating to Centos/SL servers.
>>
>> I found the openldap server packages  included in RHEL5 to be out of 
>> date and seriously broken. Especially master-slave replication is 
>> impossible to get running reliably. The included Berkeley db version 
>> is a bit buggy too (the openldap package indludes it's own bdb 
>> version separate from the older one in db4.rpm)
>> Also, most overlays are not included in the RHEL version.
>>
>> I am now maintaining my own openldap 2.3.43 rpm's. My impression is 
>> that RHEL is only interested in keeping the client side stable and 
>> expects you to run RDS for the server side.
>>
>> So either go FDS or start to maintain your own openldap packages.
>>
>> Roelof
>>
>>
>> Michael Mansour wrote:
>>> Hi,
>>>
>>> This area is quite new to me so I thought I'd ask this general 
>>> question.
>>>
>>> I have a requirement where I need to setup an LDAP server and then 
>>> have a web
>>> form available where people can fill out their details (name, 
>>> address, etc)
>>> and have that web form effectively create an account on the LDAP 
>>> server.
>>>
>>> In terms of the LDAP facility, I have previously installed and run 
>>> OpenLDAP a
>>> few times over the times, but never in production (just to learn 
>>> it). But I'm
>>> after some recommendations noting the requirement above.
>>>
>>> * Should I use OpenLDAP for this?
>>>
>>> * Should I use Fedora Directory Server for this?
>>>
>>> * Should I use something else for LDAP directory services?
>>>
>>> In terms of the Web form, is there anyone that knows what I can use 
>>> here? like
>>> a current project or current piece of software (non-commercial) that 
>>> does this?
>>>
>>> Thanks for any tips, recommendations and advice.
>>>
>>> Michael.
>>>   
>>
>
>