www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: ASF LDAP Project - Update
Date Sat, 10 Jan 2009 12:31:14 GMT
Emmanuel L├ęcharny wrote:

> root should not be managed by LDAP. You have some exclusion for some 
> users, AFAIR. Last time I setup LDAP on a AIX server, this is what we did.

Absolutely correct.

But if you're fiddling with your PAM settings, you run the risk of 
locking yourself out as root.

A few years ago, Redhat shipped a method to switch on LDAP support by 
making changes to the config files for you, and on the surface it looked 
fine. In reality, Redhat had not got their failover sorted out, so when 
the LDAP server died, it became completely impossible to log into the 
machine, even as root. Many rescue disks later, I eventually found a 
config that did work, but it was very painful and frustrating.

This has given the LDAP support a reputation for being unreliable, when 
in reality it is just difficult to configure. Once it works, it works 
very well.


View raw message