Hello, I was about to ask that, as well - why the push for change?
Saying that, we did exactly that at my old workplace; move from 389-DS to OpenLDAP. I can't actually remember all the reasons (some of it, I think, was performance; I know we had problems with 389-DS and speed, we ended up having insane timeouts at some point before the switch, if memory serves right). I wasn't the person implementing the OpenLDAP, so unfortunately I don't know how bad it really was to do it; I don't remember it causing problems when we switched. So; generally, I'd say both work. If there's good reasons to switch, I also know it can be done (been there :) ); still, they'd have to be good reasons. Tina PS: I'm pretty sure OpenLDAP can do multi-master replication, actually. On Wednesday, 24 October 2018 12:53:33 BST Michael Di Domenico wrote: > we use openldap where i work now. it's working fine. i guess the > first question to you is, why the push to switch? > > On Wed, Oct 24, 2018 at 12:43 PM Tom Harvill <u...@harvill.net> wrote: > > [Because of my ignorance I mistakenly posted this inside of a list > > thread. I'm sending it again cleanly.] > > > > Hello, > > > > Long time lurker, very infrequent poster - I enjoy this list very much. > > > > We run multiple clusters in different data centers with a single > > directory (LDAP) for general authentication and some user grouping for > > special purposes (eg delineating admin users for privileges). We put > > 'extra' user data in an RDBMS. > > > > We currently use 389-DS (aka Fedora Directory Server) and there is some > > internal pressure to switch to OpenLDAP. > > > > 389-DS is working well, we use the multi-master feature. It really > > hasn't failed us. > > > > I'm writing this list to ask: > > > > - what directory solution do you implement? > > - if LDAP, which flavor? > > - do you have any opinions one way or another on the topic? > > > > Because 389-DS has just worked, it's sort-of out of sight and mind. I've > > been re-engaging it for a little while and from what I can see it's > > fairly well documented (I don't remember this being the case when we > > originally set it up 10+ years ago.) I think OpenLDAP doesn't have > > integrated multi-master replication - that feature appears to be a > > bolted on script. > > > > Thanks in advance for your time, > > > > Tom > > > > Tom Harvill > > Holland Computing Center > > https://hcc.unl.edu > > > > _______________________________________________ > > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > > To change your subscription (digest mode or unsubscribe) visit > > http://www.beowulf.org/mailman/listinfo/beowulf > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf -- Tina Friedrich, Snr HPC Systems Administrator, Advanced Research Computing Research Computing and Support Services, Academic IT IT Services, University of Oxford http://www.arc.ox.ac.uk _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
