I prefer testing and solid evidence rather than trusting to luck. And
I'm well aware of OpenSSL/NSS issues. But I think our architectures are
based on different assumptions, Quanah.
I don't use syncrepl. I use slurpd, and I run it without incident for
years at a time. I am currently feeding OL 2.4 systems (Red Hat 6.2)
and 2.3 systems (Red Hat 5.x) from a master 2.3 system without issues,
all using Red Hat packages. Slurpd is more bandwidth efficient than
syncrepl, and I do not have any of the problems syncrepl was designed to
solve, so using syncrepl would be a regression for me. I already have
the ability to sync any or all replicas in minutes if needed, and all my
applications implement LDAP failover at the client, so I can bring down
any server any time I wish. Syncrepl offers me nothing. Cn=config
offers less; it does not yet have all the functions of slapd.conf
(although I am running it on the 2.4 nodes) and it puts a master
password in the database, a password which previously was not LDAP
accessible.