Re: Brief syncrepl question

[Howard Chu <hyc@symas.com>]

Michael L Torrie wrote:
> I want to abandon this proprietary custom Apple solution soon.   In the
> meantime we're keeping the Apple system because it interfaces so
> seamlessly with the Apple clients.  While it is possible to make apple
> clients talk directly to openldap, things like password syncing,
> automatic mounting of home directories and so forth are not so easy.  I
> have other mechanisms for dealing with syncing from the apple server to
> a linux server, and I can syncrepl from there for now.
>
> Apple's hack to bridge openldap and the password server should be done
> through overlays or something, but it is not.  And the way they've
> chosen to implement this has caused no end to problems for me and many
> other OS X Server users.  deadlocks, crashes, etc.  
>
> Michael
>
>   
Yes, it's unfortunate that Apple didn't coordinate with the OpenLDAP 
Project on their requirements in the past. There's been better 
communication more recently, and hopefully they'll take advantage of the 
supported extension hooks in OpenLDAP 2.3+ going forward. Personally I 
think their password server was never necessary; support for 
in-directory SASL secrets in OpenLDAP 2.1 obviated it from the get-go. 
Another fine example of what happens when you take code but don't 
participate in the community - reinvent the wheel, using an axle that 
doesn't fit...

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/