[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
>>> Michael StrÃder<michael@stroeder.com> schrieb am 31.01.2014 um 16:24 in
Nachricht <52EBC029.9000903@stroeder.com>:
> Turbo Fredriksson wrote:
>> On Jan 31, 2014, at 3:06 PM, Michael StrÃder wrote:
>>
>>> Yeah, if she manages to setup AD the next thing is to teach her how to fix
> or
>>> work around replication problems.
>>
>> Not the point. The argument was that OpenLDAP "is difficult to install and
>> setup". NOT administrate!
>
> Nonsense! There is no difference between installation and administration.
> It's
> a major fault to artificially distinguish that!
I disagree: Once the infrastructure is set up, the basic directory structure
is set up, and the clients are configured, it's much easier to
add/remove/modify entries than to do the initial setup.
>
>> And my opinion (and many, many others!) have been that it is. And that
> there's
>> something huge lacking in the OpenLDAP documentation. But every time this
is
>> brought up, all the maintainers get very hostile.
>>
>> I started '99/2k with OpenLDAP, and I had huge problems understanding and
>> reading the documentation at the time. Most regarding the whole concept of
> LDAP.
>
> I've started with OpenLDAP 1.0 in 1998 (well actually I've started with
> Umich
> 3.3. just before). But it's unfair to argue with docs from that time. Many
> things improved since then.
>
> And yes, I'm still reading OpenLDAP docs. Especially when designing ACLs.
> Fine-grained ACLs are hard in every software component.
Personally I could not decide whether the implementation is ease of use or
ease of implementation.
>
> Anyone not able to read man pages and admin guides should not touch server
> configurations at all.
Just as anyone not able to write man pages should not write software.
>
> No wonder that so many systems are hacked when so-called "IT pros" (web
> enthusiasts etc.) set up systems without learning about what they are
doing.
>
>> Luckily, I've adapted (through years of testing) to this, so now it's
> reasonably
>> easy. But when installing the new auth VM a few weeks ago, I had forgot
that
>> there's a problem with OpenSSL/GnuTLS (the interaction between them) so I
>> couldn't get SSL/TLS work. It took hours of googling the very weird and
>> non-discriptive errors to figure out the problem. And that of course struck
a
>> memory cord on how to solve it...
>
> In this particular case your problems arised from deficiencies of the
GnuTLS
> code layer. Simply don't use GnuTLS or try to improve this code part.
>
> Ciao, Michael.