Configuring OpenLDAP replication with OLCSyncrepl
Having just one OpenLDAP server is asking for trouble. Running more than one with replication will save you hours of trouble if one of the servers dies for any reason.
Read more
LDAP Authentication and NSCD
I don't know how I didn't run into this before, but I finally stumbled on a program that just made my life a ton better. We run OpenLDAP for network authentication, among other things. Periodically, the Name Service Caching Daemon (NSCD) will introduce a bug that causes accounts stored in LDAP to not work properly. In the most recent iteration of Ubuntu Precise 12.04.2, the bug is that "getent passwd" will list all your users, but trying to su to them will tell you they don't exist.
Read more