I would second OpenLDAP, having used it in production at two different
employers. It's always been stable and reliable. If you're restarting
slapd every 15 minutes I'd take a good hard look at the problem versus
just migrating away from it.
On that note, we recently migrated to Active Directory from OpenLDAP,
primarily because we migrated from Zimbra 4.5 to Exchange (and
Exchange requires AD). It wasn't without much kicking and screaming,
but in the end it was the best move for our users. The tricky part was
switching Linux systems which had been authenticating reliably and
smoothly to OpenLDAP to using Winbind instead (primarily because of AD
group support). Even though it largely works, I would say that in a
large production environment I prefer OpenLDAP for centralized
authentication over AD, especially since we're a predominately Linux/
UNIX environment.
- Chris
On 1 Aug, 2008, at 5:47 PM, Craig White wrote:
On Fri, 2008-08-01 at 17:33 -0700, nate wrote:
I personally don't like LDAP(after having used it for many years
now).
I do use it at home, though only two of the 6 systems I have are
actually using it(I also use it for mail routing but that is a
legacy thing I setup 7 years ago that I haven't gotten around to
migrating off of). I'm in the slow process of migrating my company's
systems off of LDAP, they are using it for authentication and it's
horribly unreliable and I hate that single point of failure and
the complexity of setting it up and maintaining it. They have a
cron script that restarts the LDAP services every 15 minutes and
they restart nscd on all of the servers every hour. And still even
I get complaints on occasion about not being able to login and I
have to go restart nscd again or at least invalidate the nscd
passwd cache (nscd -i passwd).
----
LDAP is as stable as anything I've ever used but I have to admit
that I
don't use nscd anywhere because I would suspect, that is what is
killing
you. I stopped using nscd when I went to LDAP for that reason.
It's not uncommon for my primary LDAP servers to have uptimes of
over 9
months and never restarting though Red Hat made a curious choice of
using sleepy-cat 4.3 on RHEL 5 which is totally not recommended by
OpenLDAP developers. http://www.openldap.org/faq/data/cache/44.html
I suppose if you wanted to have a stable LDAP, you would investigate
with the developers of OpenLDAP.
Craig
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
