Hello,
I would like to voice my frustration with the quality of the openLDAP documentation. I am compiling openLDAP from source on Debian 7, and have spent about 2-3 continuous days getting to the point where I can add an LDAP user with a UID. I have been close to giving up with the software, but need it for the LDAP functionality, and as very few viable alternatives exist, have been forced to continue with the installation. I have however almost lost confidence in the product, and am concerned that if there are any problems with it in the future, or I want to enable another feature, I will be almost helpless in getting it to work.
The main problem is the Quick-Start Guide. This is anything but quick, and forces the user to consult the less-than-succinct Admin guide. The two together are inconsistent, difficult to follow and do a poor job of explaining what each feature does. The accessibility of information is less than optimal, which means that the user has to look elsewhere, consuming even more time. Unfortunately, there is not much relevant information on the Internet, forcing the user to get stuck in an almost endless loop of checking documentation, testing, reading manuals, and searching on the Internet, in order to get some kind of idea how the software works and what needs to be done to get it working.
I would offer to contribute to the documentation, but due to its lack of usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in the same way a new user would!
Tom
This is a constant problem with community projects. Those who are capable of writing good documentation are busy writing code.
In the case of OpenLDAP, part of the problem is the complexity of the system. There should probably be a warning on the quickstart guide, because LDAP is not something that you want to setup quickly, unless you are just experimenting. When I was building my LDAP clusters I read the entire Admin guide multiple times, along with many pages of RFCs, and asked lots of questions, and I still consider myself a beginner.
The good news is, there is a vibrant community around OpenLDAP. You can write an email or get on IRC and promptly get answers from the worlds' foremost OpenLDAP experts. I recommend polite, well-documented questions; complaints are not so useful. Here's a helpful template:
"I am on step X of the quickstart guide. I am compiling OpenLDAP version X on <OS> version X, and when I type this "..." I expect result X but Y happens instead. Here are the error messages and log entries, and the relevant portion of my config:..."
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Tom Jay Sent: Monday, April 04, 2016 2:12 AM To: openldap-technical@openldap.org Subject: Documentation Feedback
Hello,
I would like to voice my frustration with the quality of the openLDAP documentation. I am compiling openLDAP from source on Debian 7, and have spent about 2-3 continuous days getting to the point where I can add an LDAP user with a UID. I have been close to giving up with the software, but need it for the LDAP functionality, and as very few viable alternatives exist, have been forced to continue with the installation. I have however almost lost confidence in the product, and am concerned that if there are any problems with it in the future, or I want to enable another feature, I will be almost helpless in getting it to work.
The main problem is the Quick-Start Guide. This is anything but quick, and forces the user to consult the less-than-succinct Admin guide. The two together are inconsistent, difficult to follow and do a poor job of explaining what each feature does. The accessibility of information is less than optimal, which means that the user has to look elsewhere, consuming even more time. Unfortunately, there is not much relevant information on the Internet, forcing the user to get stuck in an almost endless loop of checking documentation, testing, reading manuals, and searching on the Internet, in order to get some kind of idea how the software works and what needs to be done to get it working.
I would offer to contribute to the documentation, but due to its lack of usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in the same way a new user would!
Tom
Am Mon, 4 Apr 2016 06:11:55 +0000 schrieb Tom Jay tom_jay@hotmail.com:
Hello,
I would like to voice my frustration with the quality of the openLDAP documentation. I am compiling openLDAP from source on Debian 7, and have spent about 2-3 continuous days getting to the point where I can add an LDAP user with a UID. I have been close to giving up with the software, but need it for the LDAP functionality, and as very few viable alternatives exist, have been forced to continue with the installation. I have however almost lost confidence in the product, and am concerned that if there are any problems with it in the future, or I want to enable another feature, I will be almost helpless in getting it to work.
The main problem is the Quick-Start Guide. This is anything but quick, and forces the user to consult the less-than-succinct Admin guide. The two together are inconsistent, difficult to follow and do a poor job of explaining what each feature does. The accessibility of information is less than optimal, which means that the user has to look elsewhere, consuming even more time. Unfortunately, there is not much relevant information on the Internet, forcing the user to get stuck in an almost endless loop of checking documentation, testing, reading manuals, and searching on the Internet, in order to get some kind of idea how the software works and what needs to be done to get it working.
I would offer to contribute to the documentation, but due to its lack of usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in the same way a new user would!
It seems there are two problems, first you complain about adding a uid object, second your complains about documentation. As you don't describe your problems adding a uid object there wouldn't be much support. With regard to documentation, the OpenLDAP Project provides sufficient unix style documention. That is any client operation, like ldapsearch etc. is documented in manual page section 1, any library function, like ldap_bind() is fully documented in manual page section 3, any configuration parameter is documented in manual page section 5, i.e. ldap.conf(5), slapd.conf(5), slapd-config(5), ldif(5). Any server operation is documented in manual page section 8, like slapd(8), slapdadd(8) etc. With regard to general LDAP documentation read RFC 4510 - RFC 4533 and ITU-T X.500 etc.. Manual Pages and appropriate RFC's are supplied with any sourcecode archive. ITU-T X.500 documentation can be found here http://www.x500standard.com/
-Dieter
I would offer to contribute to the documentation, but due to its lack of
usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in
the same way a new user would!
Hi Tom,
Thanks for this feedback. You're more than welcome to suggest a table of contents for a quick start guide patch based on your journey.
For example, what would have been best to know first? Some quick wins for the user? The problem is that there is no "one way" to do things. In the Perl would this is called TIMTOWTDI.
Getting into the LDAP protocol, Directory Server topology design, deployment, management, DIT design, replication, monitoring, security for authorization and authentication is not something you just rock up and do. OpenLDAP is a journey consisting of research, testing and understanding.
It took me a long time back in 2004 to get my Linux box to authenticate and authorise my login on a Red Hat Linux box, but what a feeling! In 12 years I've not even scratched the flexible surface of the OpenLDAP project family software suite.
It's the same for any open source project. To do things properly and perfect takes time. "Good enough" comes back to get you.
What would you have like to see? If your ideal documentation was there would you have just copied and pasted and moved on?
So, in the words of Jerry, "Help me, help you" .
Thanks, Gavin.
I would offer to contribute to the documentation, but due to its lack of
usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in
the same way a new user would!
Hi Tom,
Thanks for this feedback. You're more than welcome to suggest a table of contents for a quick start guide patch based on your journey.
For example, what would have been best to know first? Some quick wins for the user? The problem is that there is no "one way" to do things. In the Perl would this is called TIMTOWTDI.
Getting into the LDAP protocol, Directory Server topology design, deployment, management, DIT design, replication, monitoring, security for authorization and authentication is not something you just rock up and do. OpenLDAP is a journey consisting of research, testing and understanding.
It took me a long time back in 2004 to get my Linux box to authenticate and authorise my login on a Red Hat Linux box, but what a feeling! In 12 years I've not even scratched the flexible surface of the OpenLDAP project family software suite.
It's the same for any open source project. To do things properly and perfect takes time. "Good enough" comes back to get you.
What would you have like to see? If your ideal documentation was there would you have just copied and pasted and moved on?
So, in the words of Jerry, "Help me, help you" .
Thanks, Gavin.
Hello,
This is an example of an approach to MariaDB that could be taken with openLDAP. This makes initial setup of the system straightforward, which could save people a lot of time and effort. I wanted to include the same output from Redis, which also does a similar job of simplifying the installation process. This could remove the need for some of the documentation, through removing some of the complexity of the initial installation.
root@server:/usr/local/mysql# bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here.
Enter current password for root (enter for none): OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation.
Set root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? [Y/n] ... Success!
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] ... Success!
By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success!
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? [Y/n] ... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB installation should now be secure.
Thanks for using MariaDB! root@server:/usr/local/mysql# Tom
Thanks Tom. Will take a look.
We've never had an installation script like this as it's normally part of the distro packaging system. The OpenLDAP just ships the source code and every distro likes things in different places even with the FHS v3.0
gavin.
Hi!
If I'm allowed to contribute:
1) What do you want to do with LDAP? (serveral possibilities)
2) How should your DIT be structured? (essential decision)
3) How to set up the LDAP server with a minimal DIT?
4) How to polulate the DIT while the server is running.
5) Depending on 1): How to configure each mechanism?
6) How to check that things that should work, do work, and things that should not work don't. (Talking about access rights and checking those)
7) Monitoring and tuning
Probably part of 1 and 5): Replication
8) Backup and desaster recovery.
Regards, Ulrich
Gavin Henry ghenry@suretec.co.uk schrieb am 30.04.2016 um 01:57 in Nachricht
CAPcb_G+qb5AL1eCPJS2izFiAHbxEixrRye2f6aRtbYgTmrrO3A@mail.gmail.com:
I would offer to contribute to the documentation, but due to its lack of
usefulness, do not have an understanding of the basic concepts myself. The best I would be able to do is describe my experience and provide the steps that I followed to get a basic installation working.
Hopefully someone can volunteer the time to test the documentation, in
the same way a new user would!
Hi Tom,
Thanks for this feedback. You're more than welcome to suggest a table of contents for a quick start guide patch based on your journey.
For example, what would have been best to know first? Some quick wins for the user? The problem is that there is no "one way" to do things. In the Perl would this is called TIMTOWTDI.
Getting into the LDAP protocol, Directory Server topology design, deployment, management, DIT design, replication, monitoring, security for authorization and authentication is not something you just rock up and do. OpenLDAP is a journey consisting of research, testing and understanding.
It took me a long time back in 2004 to get my Linux box to authenticate and authorise my login on a Red Hat Linux box, but what a feeling! In 12 years I've not even scratched the flexible surface of the OpenLDAP project family software suite.
It's the same for any open source project. To do things properly and perfect takes time. "Good enough" comes back to get you.
What would you have like to see? If your ideal documentation was there would you have just copied and pasted and moved on?
So, in the words of Jerry, "Help me, help you" .
Thanks, Gavin.
Hi all,
I'll be back on this in June. Been a busy month at work.
Thanks.
openldap-technical@openldap.org
-
Albert Braden -
Dieter Klünter -
Gavin Henry -
Gavin Henry
-
Gavin Henry -
Karatas Ozgur -
Tom Jay -
Ulrich Windl