On 04/12/12 22:02, Gregory Haverkamp wrote:
In my base, it was back-relay. back-ldap fixed the back-relay problem (with a performance degradation), but then I encountered oodles of problems with back-ldap, followed by back-meta, after which I was forced to scrap any hope of maintaining my legacy naming context without synchronization. I started a bug report on one of them, but I was in the middle of a roll-out of the new directory infrastructure, and I never got back to all three problems.
Hi Greg, Hmm..In my case I would have to shelve ppolicy until all my clients had been converted - I have over 150 clients and 600 user accounts (under my control) but LDAP is not just used by PAM/NSS (if it were it would be easy) - there are undocumented usages in apache configs, Confluence, possibly webapps written in all manner of languages etc etc.
It's a real mess... Cheers, Tim -- Tim WattsPersonal Blog: http://www.dionic.net/tim/
"It would be better to live under robber barons than under omnipotent moral busybodies."