[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Centralized LDAP Authentication or Kerberos+LDAP Authentication
> You may view them at:
> http://web.singnet.com.sg/~garyttt/
Thanks for contributing what you're learning, but don't follow these
directions in a production environment.
Your init script, like redhat's, stops the server with kill -9. Especially
with a bdb backend, this will corrupt your dababase and cause master and
slave to get out of sync. (RedHat's ldap.init is mostly ok with openldap
2.0.27/ldbm, to the limited extent that openldap 2.0.27/ldbm is ok. With
2.2.x/bdb, though, you need to use -HUP or at most -TERM.)
You don't mention DB_CONFIG. If you add a nontrivial number of entries, the
server will fail without one.
Overwriting redhat's openldap, openssl, and db4 libs in /usr is likely to
cause programs linked with the stock versions, such as sendmail, to crash
at some point. Either rebuild the whole system or segregate in /opt or
/usr/local.
It is not safe to use MIT kerberos in multithreaded applications
like openldap without patches.
--
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator