I’m working on migrating more of my RHEL 7 instances to RHEL 8 and I can’t get OpenLDAP server to work on RHEL 8. Is it great that I have so many choices? No – all of them are awful!
Option 1: Stop using OpenLDAP, abandon having a directory server for internal use in my organizational division, and tie directly to Active Directory for all authentication and directory lookups. Pros: simple, no cost. Cons: NFS will be borked because my organization has ‘:’ characters inside their group names, it will be a disaster, and anyone who is even sitting near me will heave their heads on a chopping block.
Option 2: Pull OpenLDAP from the Symas repo. Pros: simple, no cost, expected to be a “drop-in replacement”. Cons: an endless hell of path and config changes that will take days to lead me to the main entrance of a mental hospital.
Option 3: Build RPMs from any of several sources. Pros: no cost. Cons: spend endless hours/days going through the same hell with ridiculous and unnecessary path and config changes for and end result that is so difficult to patch that I will probably end up lagging behind on vulnerability patching.
Option 4: Condemn Red Hat and boycott them entirely. Pros: Will have so much fun rebuilding about 100 RHEL instances on Ubuntu Server. LOL. Cons: The end of my existence as I know it. <insert every imaginable con here>
Option 5: Red Hat iDM. Pros: it will run (probably) without too much of a hassle. Cons: without a customizable schema it will be a pile of garbage that has no usefulness to anyone.
Option 6: Red Hat Directory Server. Pros: it seems like a great solution to all my problems. Cons: $45,000 for a few LDAP servers. Per year. Does that come out of my paycheck?
Hmmmm…. so many choices. I’m going to give Option #3 another shot. If I figure it out I will certainly share with the world.
Hoy Manor 