On Fri, 2008-08-01 at 17:33 -0700, nate wrote:
> I personally don't like LDAP(after having used it for many years now).
> I do use it at home, though only two of the 6 systems I have are
> actually using it(I also use it for mail routing but that is a
> legacy thing I setup 7 years ago that I haven't gotten around to
> migrating off of). I'm in the slow process of migrating my company's
> systems off of LDAP, they are using it for authentication and it's
> horribly unreliable and I hate that single point of failure and
> the complexity of setting it up and maintaining it. They have a
> cron script that restarts the LDAP services every 15 minutes and
> they restart nscd on all of the servers every hour. And still even
> I get complaints on occasion about not being able to login and I
> have to go restart nscd again or at least invalidate the nscd
> passwd cache (nscd -i passwd).
----
LDAP is as stable as anything I've ever used but I have to admit that I
don't use nscd anywhere because I would suspect, that is what is killing
you. I stopped using nscd when I went to LDAP for that reason.
It's not uncommon for my primary LDAP servers to have uptimes of over 9
months and never restarting though Red Hat made a curious choice of
using sleepy-cat 4.3 on RHEL 5 which is totally not recommended by
OpenLDAP developers. http://www.openldap.org/faq/data/cache/44.html
I suppose if you wanted to have a stable LDAP, you would investigate
with the developers of OpenLDAP.
Craig
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
