On Fri, 2008-08-01 at 17:33 -0700, nate wrote:
I personally don't like LDAP(after having used it for many years now). I do use it at home, though only two of the 6 systems I have are actually using it(I also use it for mail routing but that is a legacy thing I setup 7 years ago that I haven't gotten around to migrating off of). I'm in the slow process of migrating my company's systems off of LDAP, they are using it for authentication and it's horribly unreliable and I hate that single point of failure and the complexity of setting it up and maintaining it. They have a cron script that restarts the LDAP services every 15 minutes and they restart nscd on all of the servers every hour. And still even I get complaints on occasion about not being able to login and I have to go restart nscd again or at least invalidate the nscd passwd cache (nscd -i passwd).
---- LDAP is as stable as anything I've ever used but I have to admit that I don't use nscd anywhere because I would suspect, that is what is killing you. I stopped using nscd when I went to LDAP for that reason.
It's not uncommon for my primary LDAP servers to have uptimes of over 9 months and never restarting though Red Hat made a curious choice of using sleepy-cat 4.3 on RHEL 5 which is totally not recommended by OpenLDAP developers. http://www.openldap.org/faq/data/cache/44.html
I suppose if you wanted to have a stable LDAP, you would investigate with the developers of OpenLDAP.
Craig