--On Monday, May 21, 2012 5:18 PM -0400 "Charles T. Brooks" brooksct@hbcs.org wrote:

I prefer testing and solid evidence rather than trusting to luck. And I'm well aware of OpenSSL/NSS issues. But I think our architectures are based on different assumptions, Quanah.

I don't use syncrepl. I use slurpd, and I run it without incident for years at a time. I am currently feeding OL 2.4 systems (Red Hat 6.2) and 2.3 systems (Red Hat 5.x) from a master 2.3 system without issues, all using Red Hat packages. Slurpd is more bandwidth efficient than syncrepl, and I do not have any of the problems syncrepl was designed to solve, so using syncrepl would be a regression for me. I already have the ability to sync any or all replicas in minutes if needed, and all my applications implement LDAP failover at the client, so I can bring down any server any time I wish. Syncrepl offers me nothing. Cn=config offers less; it does not yet have all the functions of slapd.conf (although I am running it on the 2.4 nodes) and it puts a master password in the database, a password which previously was not LDAP accessible.

Then your usage vastly differs from the norm, and should not in any way, shape, or form, be used as a platform for giving advice to people who are freshly deploying OpenLDAP.

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration