On Jan 30, 2014, at 7:35 PM, Howard Chu wrote:
You are (unfortunately) confusing the very new back-mdb with the very old
Ah, ok. Fair enough, but that must need optimization to work properly (?).
I'm currently in the process of migrating all the authentication services from my iron (which is also my ZFS On Linux storage - my idea was to ONLY have storage on the iron) to a virtual machine.
So I installed the latest version (2.4.39 or something like that - can't check now). I saw the recommendation to use the new mdb backend (I'm using hdb on the ldap server on the iron).
But a few days later, I noticed that the LDAP server on the VM was down, and I couldn't restart it. Some debugging later, I noticed that the log db had grown out of control (also using mdb).
I didn't have time to investigate exactly why, so I just deleted the whole log db (don't really need it).
I don't even fire up an editor, I just issue an ldapmodify - no service restart needed either, no interruption of service to clients. There's nothing smoother and more transparent than that.
Yeah, but you probably do that all day. I don't change my server that often, so every time I first need to retrieve the object in question, look at it, then generate a change ldif that I can send to the LDAP server.
In my phpQLAdmin tool (which I haven't worked on in quite some time) I added support for the new slapd config backend 'years' ago, so I HAVE used it, I just remember that it's a lot more complicated (if you don't do it all day) than editing a flat file.
I'm all for removing the flat config file, I also think that the new way is better. But it IS more complicated, no matter how you see it. TO complicated, no, but still MORE complicated...
That's not OpenLDAP's fault, that's all RedHat.
Technically you're of course right, but that doesn't really matter in practice. That's not how 'the noob' sees it. People (especially people not experienced enough to file a proper bug/issue report - which is quite difficult!) have a (really bad) habit of looking at the wrong thing when something doesn't work.
How many haven't heard the report: "It doesn't work." (period, full stop! :). Usually followed with "Fix it now!" :D
I'm in no way immune to that, but I like to think that when I have a problem, I'm good at trying to figure out WHY something goes wrong and 'blame' the correct part/software... But most people don't. And that's the ones bitching most loudly about OpenLDAP being complex. It IS complex, but it's supposed to be - it's the most advanced and fastest LDAP server out there, with the longest list of features... -- Life sucks and then you die