I was recently coming up to speed on LDAP. Eager and ready, I got OpenLDAP version 2.4.7 and came up to speed with LDAP in general and had a server up and running fairly quickly.
While working with OpenLDAP, and editing and loading ldifs, I was quickly hoping some tool existed to manage the basic ldap tasks. I installed phpLdapAdmin which seemed to do the job. I enabled the ppolicy module and found out that trying to clear a users password inside phpLdapAdmin ( setting the text box to empty and then committing) caused OpenLDAP to exit with an assertion error. Ouch!! Determined that this was a pretty obvious bug, I found the latest source code had already fixed the issue. I installed the patch, and no longer did slapd exit when setting an empty password.
Today, I noticed 2.4.8 was released which also had the password fix, so I pulled that in and upgraded.
The next OpenLDAP task was to get multi-master replication up and going. After getting two servers set up I was able to add a single user and remove it from either server. Everything looked good. I decided to try refreshOnly syncing instead of refreshAndPersist. However, after changing the sync method on both servers, as soon as I restarted the servers and both servers connected, one would seg fault. I changed both back to refreshAndPersist, tested the single add and delete, and went to the next step--bulk loads.
I added 10 users to an ldiff. When I loaded them up, all ten would load up fine into the local server, but only one or two users from the list would get replicated to the other server. After deleting and adding several times, I could never get all 10 to replicate. I thought the computers not being ntp synced was an issue, but getting them synced up did not fix the issue.
I realize N-Way multi master has only been around since October or so. It would appear to me, it's not yet ready for production use if you are planning to do multi-master replication.
While working with OpenLDAP, I learned about the existence of Fedora Directory Server, and running Fedora myself, I got that up and going too. The experience has been completely different. The initial setup was simple ( RPMS -- no compiles ). The web-based java management tool is tons more functional than phpLdapAdmin, the documention is incredible, and it has yet to crash on me. FDS now manages my simple home network user accounts, and is now my LDAP server of choice.
Tomorrow, I will test FDS mult-master replication and report back on my findings. The multi-master replication is more mature than OpenLDAPs, so I have high expectations.