[Beowulf] Poll - Directory implementation

Tina Friedrich tina.friedrich at it.ox.ac.uk
Wed Oct 24 10:03:07 PDT 2018


Hello,

I was about to ask that, as well - why the push for change?

Saying that, we did exactly that at my old workplace; move from 389-DS to 
OpenLDAP. I can't actually remember all the reasons (some of it, I think, was 
performance; I know we had problems with 389-DS and speed, we ended up having 
insane timeouts at some point before the switch, if memory serves right). 

I wasn't the person implementing the OpenLDAP, so unfortunately I don't know 
how bad it really was to do it; I don't remember it causing problems when we 
switched. 

So; generally, I'd say both work. If there's good reasons to switch, I also 
know it can be done (been there :) ); still, they'd have to be good reasons. 

Tina

PS: I'm pretty sure OpenLDAP can do multi-master replication, actually. 

On Wednesday, 24 October 2018 12:53:33 BST Michael Di Domenico wrote:
> we use openldap where i work now.  it's working fine.  i guess the
> first question to you is, why the push to switch?
> 
> On Wed, Oct 24, 2018 at 12:43 PM Tom Harvill <unl at harvill.net> wrote:
> > [Because of my ignorance I mistakenly posted this inside of a list
> > thread.  I'm sending it again cleanly.]
> > 
> > Hello,
> > 
> > Long time lurker, very infrequent poster - I enjoy this list very much.
> > 
> > We run multiple clusters in different data centers with a single
> > directory (LDAP) for general authentication and some user grouping for
> > special purposes (eg delineating admin users for privileges). We put
> > 'extra' user data in an RDBMS.
> > 
> > We currently use 389-DS (aka Fedora Directory Server) and there is some
> > internal pressure to switch to OpenLDAP.
> > 
> > 389-DS is working well, we use the multi-master feature.  It really
> > hasn't failed us.
> > 
> > I'm writing this list to ask:
> > 
> > - what directory solution do you implement?
> > - if LDAP, which flavor?
> > - do you have any opinions one way or another on the topic?
> > 
> > Because 389-DS has just worked, it's sort-of out of sight and mind. I've
> > been re-engaging it for a little while and from what I can see it's
> > fairly well documented (I don't remember this being the case when we
> > originally set it up 10+ years ago.)  I think OpenLDAP doesn't have
> > integrated multi-master replication - that feature appears to be a
> > bolted on script.
> > 
> > Thanks in advance for your time,
> > 
> > Tom
> > 
> > Tom Harvill
> > Holland Computing Center
> > https://hcc.unl.edu
> > 
> > _______________________________________________
> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> > To change your subscription (digest mode or unsubscribe) visit
> > http://www.beowulf.org/mailman/listinfo/beowulf
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf


-- 
Tina Friedrich, Snr HPC Systems Administrator, Advanced Research Computing
Research Computing and Support Services, Academic IT 
IT Services, University of Oxford 
http://www.arc.ox.ac.uk


More information about the Beowulf mailing list