To expand a little bit on this:
We use our LDAP as a meta directory and have both our accounts (ca.
2000) and machine information in it. We use it as a back-end for
postfix, DHCP, DNS (bind-sdb) and vlan/port information for our switches.
Being a meta directory, the master can get hit very hard with writes
during syncs from other systems.
My main problems were in mod-rdn's not syncing to 64 bit consumers and
replication suddenly stopping about once every two weeks on other
consumers (both 32 and 64 bit). I noticed the mod-rdn issue in both the
SL and Centos 64 bit server; the 32 bit version ran just fine in that
regard. Note that not every implementation uses mod-rnd's.
Digging through the TUV bugzilla I found quite a few outstanding bugs,
some mod-rdn related. Posts on various mailinglists (and responses on
bugs in bugzilla) left the impression openLDAP server problems are not
high priority with TUV. So in the end I decided to roll my own rpm's
using the latest 2.3 version.
The TUV version might work for you. But do monitor it for a few weeks
before going in production and make sure the consumer is actually in sync.
Roelof
Faye Gibbins wrote:
We are also an Openldap shop/School on SL5.0
We're running the TUV's ldap rpms with replication and it's working
perfectly.
We're using STARTTLS'd enabled Syncrepl. Apart from a few teething
problems at the beginning it's been working fine.
Faye
Roelof van der Kleij wrote:
Hi Michael,
We are an openldap shop. We use an in-house php app to manage
accounts etc. Our ldap servers run FreeBSD, but I am in the process
of migrating to Centos/SL servers.
I found the openldap server packages included in RHEL5 to be out of
date and seriously broken. Especially master-slave replication is
impossible to get running reliably. The included Berkeley db version
is a bit buggy too (the openldap package indludes it's own bdb
version separate from the older one in db4.rpm)
Also, most overlays are not included in the RHEL version.
I am now maintaining my own openldap 2.3.43 rpm's. My impression is
that RHEL is only interested in keeping the client side stable and
expects you to run RDS for the server side.
So either go FDS or start to maintain your own openldap packages.
Roelof
Michael Mansour wrote:
Hi,
This area is quite new to me so I thought I'd ask this general
question.
I have a requirement where I need to setup an LDAP server and then
have a web
form available where people can fill out their details (name,
address, etc)
and have that web form effectively create an account on the LDAP
server.
In terms of the LDAP facility, I have previously installed and run
OpenLDAP a
few times over the times, but never in production (just to learn
it). But I'm
after some recommendations noting the requirement above.
* Should I use OpenLDAP for this?
* Should I use Fedora Directory Server for this?
* Should I use something else for LDAP directory services?
In terms of the Web form, is there anyone that knows what I can use
here? like
a current project or current piece of software (non-commercial) that
does this?
Thanks for any tips, recommendations and advice.
Michael.
