[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

To: Wiebe Cazemier <wiebe@halfgaar.net>, Brent Bice <bbice@sgi.com>
Subject: Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
From: Howard Chu <hyc@symas.com>
Date: Fri, 31 Jan 2014 02:43:53 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <742862673.58552.1391112370800.JavaMail.zimbra@halfgaar.net>
References: <CAPcb_GK5B=-PzNuxY8wNkh+n-FRhnv0snDAcLYxjqhun1H97Bw@mail.gmail.com> <52EA7F3D.2090905@symas.com> <DBB1B1AD-EE28-4E1E-AF18-9974DC9CC06B@bayour.com> <52EA978A.3030607@sgi.com> <742862673.58552.1391112370800.JavaMail.zimbra@halfgaar.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

Wiebe Cazemier wrote:

----- Original Message -----

(snip)
(long)
(snip)


I am by no means an LDAP expert, but as an experienced Linux sysadmin I do

have to say that I have had some very tricky issues with OpenLDAP.


One of them involved fiddling for days with difficulty changing the root

password, after finally finding out that the Ubuntu docs were wrong [1]; they
had cause me to create two admin users, with the passwords in plain text no less.


The other involved getting 'TLS required' on the TCP connection, which
seems

to be undocumented.

Nonsense. The security directive is documented in slapd.conf(5) andslapd-config(5) manpages.

My question on Serverfault about it [2] is getting to be

quite popular. Forcing encryption would have been a lot easier if a different
port for SSL wasn't deprecated.

As usual when you go to unofficial support channels, all you get is garbagefrom unqualified self-proclaimed experts. The highest ranked answer on yourquestion is flat wrong, and refers to Zytrax documentation, which is poorlyplagiarized from outdated copies of the OpenLDAP Admin Guide and mixed with agenerous helping of misinformation from their own addled brains.

[1] https://bugs.launchpad.net/serverguide/+bug/1094842
[2] https://serverfault.com/questions/459718/configure-openldap-with-tls-required

Regardless of what you may think about the tone of postings on this list(which is ludicrous to begin with since emails by their nature are horrible atconveying tone or emotion), actual subject matter experts monitor this listand make sure that correct answers get posted and that BS is censured. That isthe purpose of this forum.

If you want to be coddled, feel free to look elsewhere. If you want realanswers, this is the place.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Wiebe Cazemier <wiebe@halfgaar.net>

References:
- Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Gavin Henry <ghenry@suretec.co.uk>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Howard Chu <hyc@symas.com>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Brent Bice <bbice@sgi.com>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Wiebe Cazemier <wiebe@halfgaar.net>

Prev by Date: Antw: Re: FW: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
Next by Date: Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
Index(es):
- Chronological
- Thread