[Beowulf] Poll - Directory implementation
tina.friedrich at it.ox.ac.uk
Wed Oct 24 10:03:07 PDT 2018
I was about to ask that, as well - why the push for change?
Saying that, we did exactly that at my old workplace; move from 389-DS to
OpenLDAP. I can't actually remember all the reasons (some of it, I think, was
performance; I know we had problems with 389-DS and speed, we ended up having
insane timeouts at some point before the switch, if memory serves right).
I wasn't the person implementing the OpenLDAP, so unfortunately I don't know
how bad it really was to do it; I don't remember it causing problems when we
So; generally, I'd say both work. If there's good reasons to switch, I also
know it can be done (been there :) ); still, they'd have to be good reasons.
PS: I'm pretty sure OpenLDAP can do multi-master replication, actually.
On Wednesday, 24 October 2018 12:53:33 BST Michael Di Domenico wrote:
> we use openldap where i work now. it's working fine. i guess the
> first question to you is, why the push to switch?
> On Wed, Oct 24, 2018 at 12:43 PM Tom Harvill <unl at harvill.net> wrote:
> > [Because of my ignorance I mistakenly posted this inside of a list
> > thread. I'm sending it again cleanly.]
> > Hello,
> > Long time lurker, very infrequent poster - I enjoy this list very much.
> > We run multiple clusters in different data centers with a single
> > directory (LDAP) for general authentication and some user grouping for
> > special purposes (eg delineating admin users for privileges). We put
> > 'extra' user data in an RDBMS.
> > We currently use 389-DS (aka Fedora Directory Server) and there is some
> > internal pressure to switch to OpenLDAP.
> > 389-DS is working well, we use the multi-master feature. It really
> > hasn't failed us.
> > I'm writing this list to ask:
> > - what directory solution do you implement?
> > - if LDAP, which flavor?
> > - do you have any opinions one way or another on the topic?
> > Because 389-DS has just worked, it's sort-of out of sight and mind. I've
> > been re-engaging it for a little while and from what I can see it's
> > fairly well documented (I don't remember this being the case when we
> > originally set it up 10+ years ago.) I think OpenLDAP doesn't have
> > integrated multi-master replication - that feature appears to be a
> > bolted on script.
> > Thanks in advance for your time,
> > Tom
> > Tom Harvill
> > Holland Computing Center
> > https://hcc.unl.edu
> > _______________________________________________
> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> > To change your subscription (digest mode or unsubscribe) visit
> > http://www.beowulf.org/mailman/listinfo/beowulf
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
Tina Friedrich, Snr HPC Systems Administrator, Advanced Research Computing
Research Computing and Support Services, Academic IT
IT Services, University of Oxford
More information about the Beowulf