Michael Strödermichael@stroeder.com schrieb am 31.01.2014 um 16:24 in
Nachricht 52EBC029.9000903@stroeder.com:
Turbo Fredriksson wrote:
On Jan 31, 2014, at 3:06 PM, Michael Ströder wrote:
Yeah, if she manages to setup AD the next thing is to teach her how to fix
or
work around replication problems.
Not the point. The argument was that OpenLDAP "is difficult to install and setup". NOT administrate!
Nonsense! There is no difference between installation and administration. It's a major fault to artificially distinguish that!
I disagree: Once the infrastructure is set up, the basic directory structure is set up, and the clients are configured, it's much easier to add/remove/modify entries than to do the initial setup.
And my opinion (and many, many others!) have been that it is. And that
there's
something huge lacking in the OpenLDAP documentation. But every time this
is
brought up, all the maintainers get very hostile.
I started '99/2k with OpenLDAP, and I had huge problems understanding and reading the documentation at the time. Most regarding the whole concept of
LDAP.
I've started with OpenLDAP 1.0 in 1998 (well actually I've started with Umich 3.3. just before). But it's unfair to argue with docs from that time. Many things improved since then.
And yes, I'm still reading OpenLDAP docs. Especially when designing ACLs. Fine-grained ACLs are hard in every software component.
Personally I could not decide whether the implementation is ease of use or ease of implementation.
Anyone not able to read man pages and admin guides should not touch server configurations at all.
Just as anyone not able to write man pages should not write software.
No wonder that so many systems are hacked when so-called "IT pros" (web enthusiasts etc.) set up systems without learning about what they are
doing.
Luckily, I've adapted (through years of testing) to this, so now it's
reasonably
easy. But when installing the new auth VM a few weeks ago, I had forgot
that
there's a problem with OpenSSL/GnuTLS (the interaction between them) so I couldn't get SSL/TLS work. It took hours of googling the very weird and non-discriptive errors to figure out the problem. And that of course struck
a
memory cord on how to solve it...
In this particular case your problems arised from deficiencies of the
GnuTLS
code layer. Simply don't use GnuTLS or try to improve this code part.
Ciao, Michael.