Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "internal server error"
Its Friday, you all know what that means! ... Its results day for practiseSafeHex's most incompetent co-worker!!!
We've had a bewildering array of candidates, lets remind ourselves:
- a psychopath that genuinely scared me a little
- a CEO I would take pleasure seeing in pain
- a pothead who mistook me for his drug dealer
- an unbelievable idiot
- an arrogant idiot obsessed with strings
Tough competition, but there can be only one ... *drum roll* ... the winner is ... none of them!
*audience member: what?*
*audience member: no way!*
*audience member: your fucking kidding me!*
Sir calm down! this is a day time show, no need for that ... let me explain, there is a winner ... but we've kept him till last and for a good reason
You see our final contestant and ultimate winner of this series is our good old friend "C", taking the letters of each of our previous contestants, that spells TRAGIC which is the only word to explain C.
Oh I assure you its no laughing matter. C was with us for 6 whole months ... 6 excruciatingly painful months.
We needed someone with frontend, backend and experience with IoT devices, or raspberry PI's. We didn't think we'd get it all, but in walked an interviewee with web development experience, a tiny bit of Angular and his masters project was building a robot device that would change LED's depending on your facial expressions. PERFECT!!!
... oh to have a time machine
Working with C:
- He never actually did the tutorials I first set him on for Node.js and Angular 2+ because they were "too boring". I didn't find this out until some time later.
- The first project I had him work on was a small dashboard and backend, but he decided to use Angular 1 and a different database than what we were using because "for me, these are easier".
- He called that project done without testing / deploying it in the cloud, despite that being part of the ticket, because he didn't know how. Rather than tell or ask anyone ... he just didn't do it and moved on.
- As part of his first tech review I had to explain to him why he should be using if / else, rather than just if's.
- Despite his past experience building server applications and dashboards (4 years!), he never heard of a websocket, and it took a considerable amount of time to explain.
- When he used a node module to open a server socket, he sat staring at me like a deer caught in headlights completely unaware of how to use / test it was working. I again had to explain it and ultimately test it for him with a command line client.
- He didn't understand the need to leave logging inside an application to report errors. Because he used to ... I shit you not ... drive to his customers, plug into their server and debug their application using a debugger.
... props for using a debugger, but fuck me.
- Once, after an entire 2 days of tapping me on the shoulder every 15 mins for questions / issues, I had to stop and ask:
Me: "Have you googled it?"
C: "... eh, no"
Me: "can I ask why?"
C: "well, for me, I only google for something I don't know"
Me: "... well do you know what this error message means?"
C: "ah good point, i'll try this time"
... maybe he was A's stoner buddy?
- He burned through our free cloud usage allowance for a month, after 1 day, meaning he couldn't test anything else under his account. He left an application running, broadcasting a lot of data. Turns out the on / off button on the dashboard only worked for "on". He had been killing his terminal locally and didn't know how to "ctrl + c a cloud app" ... so left it running. His intention was to restart the app every time you are done using it ... but forgot.
- His issue with the previous one ... not any of his countless mistakes, not the lack of even trying to make the button work, no, no, not for C. C's issue is the cloud is "shit" for giving us such little allowances. (for the record in a month I had never used more than 5%).
- I had to explain environment variables and why they are necessary for passwords and tokens etc. He didn't know it wasn't ok to commit these into GitHub.
- At his project meetups with partners I had to repeatedly ask him to stop googling gifs and pay attention to the talks.
- He complained that we don't have 3 hour lunch breaks like his last place.
- He once copied and pasted the same function 450 times into a file as a load test ... are loops too mainstream nowadays?
You see C is our winner, because after 6 painful months (companies internal process / requirements) he actually achieved nothing. I really mean that, nothing. Every thing was so broken, so insecure / wide open, built without any kind of common sense or standards I had to delete it all and start again ... it took me 2 weeks.
I hope you've all enjoyed this series and will join me in praying for the return of my sanity ... I do miss it a lot.
It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.
The following has played out at more than one company:
App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up
*msg service team*
Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."
Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.22
Once we were going to present a web service to governmental firm. All is going well so far and my boss asks me to host the web application the day before the presentation.
I hosted it and all was good with demo production tests, but I had a bad feeling.
While it was running on our server, I also ran it locally with a reverse proxy just in case.
* Meeting starts *
* Ice broken and down to business *
"And now our developer will run the demo for you..."
* Run the demo from my laptop to double check --> 500 Internal Server Error *
* Opens reverse proxy link on my laptop. Present demo during meeting. Demo works like a charm. *
Firm representative: "Great! Looking forward to go live."
*Our team walks out*
GM: "Good job guys"
Me: I should use an informative status code to let my users know what went wrong
Me to me: *500 internal server error*1
Yea, that's seems about right.When the user gives incorrect password,throw an Internal Server Error.
Great API design!2
My Flask App all of a sudden started throwing 'Error 500 - Internal Server Error' pages at me for a new subpage I made.
I couldn't figure WTF was wrong because the method responsible for the page literally just returned the HTML-template.
After giving up yesterday night, I noticed this morning that I forgot the quotes around the HTML-file name...2
"200 Internal Server Error"
Yep, I did that. Because the lousy crapheads I work with were too lazy to handle any other HTTP status so anything else breaks the whole thing. And it's a pain to roll out another release of their part of the backend so "this isn't a priority". Also, they don't feel the need to check the JSON body of the response for the "status":"ok"/"fail" because what could ever go wrong, right? I effectively have no way of conveying to them that there was an error on this end of the API so they show success toast on the frontend irrespective of what really happened.6
Him: Why choose 200 over 500, minimalist?
Me: Why choose an internal server error over a successful request? Less is more.
500 Internal server error when showcasing the semi-complete project to client.
Can't be worse, can it.1
Yesterday night, pushed code that work normally to prod server, website down, internal server error, too many connection to MySQL server, tried to fix it for 4 hours, nothing to do, removed the new code, still the same problem, in my head, I told myself that I'm not good at programming (not the first time), send an email to the host, they tell me the problem is from them and they fixed it. And now I know I'm not bad enough.2
Why WordPress is not very good:
I wrote a quick 230 line python script that uses the power of urllib, ebooklib and 12 regular expressions that would make any italian proud to download webnovels from virlyce.com and turn them into .epub files for me.
The chapters are all individual WordPress pages, and after sequentially downloading only 202 of them I got an internal server error.
Of course, I saw this coming and put mitmproxy to good use caching everything, so even though my python script with terrible error handling crashed I don't have to do it all again (yay)4
Just posted a rant that BitBucket gave me a big Internal Server Error
Then I realized one of my extensions was overriding the authentication token (as I configured it to do that for a dashboard) and that was why BitBucket was inaccessible
Why do I keep doing this to myself
Professor: writes a loop to sum up first five numbers and asks the output.
Other random student: 15
Prof praises him.
He runs the code.
Output: 500 ( internal server error)
(He had a missing semicolon) 😅6
A loooong time ago...
I've started my first serious job as a developer. I was young yet enthusiastic as well as a kind of a greenhorn. First time working in a business, working with a team full of experienced full-lowered ultra-seniors which were waiting to teach me the everything about software engineering.
Beside one senior which was the team lead as well there were two other devs. One of them was very experienced and a pretty nice guy, I could ask him anytime and he would sit down with me a give me advice. I've learned a lot of him.
Fast forward three months (yes, three months).
I was not that full kind of greenhorn anymore and people started to give me serious tasks. I had some experience in doing deployments and stuff from my other job as a sysadmin before so I was soon known as the "deployment guy", setting up deployments for our projects the right way and monitoring as well as executing them. But as it should be in every good team we had to share our knowledge so one can be on vacation or something and another colleague was able to do the task as well.
So now we come to the other teammate. The one I was not talking about till now. And that for a reason.
He was very nice too and had a couple of years as a dev on his CV, but...yeah...like...
When I switched some production systems to Linux he had to learn something about Linux. Everytime he encountered an error message he turned around and asked me how to fix it. Even. For. The. Simplest. Error. He. Could. Google. Up.
I mean okay, when one's new to a system it's not that easy, but when you have an error message which prints out THE SOLUTION FOR THE ERROR and he asks me how to fix it...excuse me?
This happened over 30 times.
Later on I had to introduce him to the deployment workflow for a project, so he could eventually deploy the staging environment and the production environment by hisself.
I introduced him. Not for 10 minutes. I explained him the whole workflow and the very main techniques and tools used for like two hours. Every then and when I stopped and asked him if he had any questions. He had'nt! Wonderful!
Haha. Oh no.
So he had to do his first production deployment. I sat by his side to monitor everything. He did well. One or two questions but he did well.
The same when he did his second prod deploy. Everythings fine.
And then. It. Frikkin. Begins.
I was working on the project, did some changes to the code. Okay, deploy it to dev, time for testing.
Error checking out git. Okay, awkward. Got to investigate...
On the dev server were some files changed. Strange. The repo was all up to date. But these changes seemed newer because they were fixing at least one bug I was working on.
This doubles the strangeness.
I want over to my colleague's desk.
I asked him about any recent changes to the codebase.
"Yeah, there was a bug you were working on right? But the ticket was open like two days so I thought I'll fix it"
What the Heck dude, this bug was not critical at all and I had other tasks which were more important. Okay, but what about the changed files?
"Oh yeah, I could not remember the exact deployment steps (hint from the author: I wrote them down into our internal Wiki, he wrote them done by hisself when introducing him and after all it's two frikkin commands), so I uploaded them via FTP"
"Uhm... that's not how we do it buddy. We have to follow the procedure to avoid..."
"The boss said it was fine so I uploaded the changes directly to the production servers. It's so much easier via FTP and not this deployment crap, sorry to say that"
You. Did. What?
I could not resist and asked the boss about this. But this had not Effect at all, was the long-time best-buddy-schmuddy-friend of the boss colleague's father.
So in the end I sat there reverting, committing and deploying.
It's soooo much harder this deployment crap.
Years later, a long time after I quit the job and moved to another company, I get to know that the colleague now is responsible for technical project management.
Karma's a bitch, right?
The fuck? I'm trying to automate login for an asp.net website from a C# console app using HttpWebRequests. I used Fiddler to see how the login happens and how the browser obtains the session and auth cookies from the server. When I replicate the same procedure from C#, I am able to get both cookies withoth a problem, but when I try to use them to get data about the user, I get a 500 ISE. What the actual fuck? I've double-checked every single header and the URLs and it's doing literally the same thing as chrome: Get asp session id (POST)-> get an auth cookie (POST username and passwd) -> interact with the site using the session id and auth cookie (GET). And obiviously I don't have access to the server logs... :/2
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Ex-colleague asked for help in regards to an old project we were working at my old job
Him:"We're experiencing an internal server error. What do we do?"
Me:"Restart tomcat, dude"
Then I explained how by finding tomcat in ps -ef in a Redhat server, because he's a Linux noob and needed a lesson in how services works. Proceeded to explain how to restart tomcat with an online guide available.
Him:"Couldn't find tomcat in any of the servers"
Me:"Are you sure? Send me screenshots"
Him: sent screenshots
Me:"it's there. Look carefully."
Him: finds it and proceeded to restart tomcat.
Him: "Can't restart. Some catalina.sh is stopping it."
Me:"Figure it out. You can do it".
Half a day passed...
Him:"I give up. If I restart the server, will tomcat also restart?"
Me:"Up to you man. It will work but it's bad practice."
He restarted the server vand now everything is honky dory. I feel sorry for him though.2
Under pressure for a big feature that had to be merged into develop like one month ago. But I couldn't because of issues I discover every single fucking day.
Today's issue is that a Cucumber test fails. I try reproducing it on my machine, it fails with a different error. Apparently I need to download some 10GB database file from some company server.
Alright, let's download it. But it's damn too slow. Well, let's have lunch in the meantime.
I come back, the download timed out at basically the same point I left it at.
I don't wanna try again. Not without trying to improve things. Download speed is ridiculous. Switching from Wi-Fi to Ethernet definitely helps, I thought.
The cable doesn't work. The port LEDs are both off. Is that cable even connected to something? So I follow that damn cable throughout my colleagues' desks. I'm now doing things without even remembering why.
I finally find the other end. It is plugged to the wall. I try another plug, but that fucking LED is still off. A colleague tells me: not all the sockets are actually connected to the switch, you have to call IT to have yours patched. Stay calm, stay caaaaalm...
A small lamp turns on in my head. Maybe something in my laptop is broken. So I try with a colleague's ethernet. That fucking LED is still off. A-ha.
Turns out, the shitty macbook adapter has this Ethernet port that DOESN'T work out of the box. It needs a driver to even realize there's a port. I look for it, I find it. I finally have wired connection. It's like having drinking water again.
I turn off WiFi, I re-try downloading that fucking database.
Nope, it's still stupidly slow. The bottleneck was in the dumbfuck internal server.
At least I have Ethernet now.1
I am working on a freelance project for a software dev startup. The api service endpoints given to me is so full errors that you can boldly say it's zero percent tested and you'll be correct. The project was meant to last for a week but now it's going to a month due to the errors I have encountered while working with the given API service, so more like a back and forth wait for an update kind of thing. I am close to done building the client but yes they cannot test my last update because someone updated the login endpoint which now returns 500 internal server error. I really want to vent out my frustration to this company without loosing them to the project but honestly i don't know how to do it.
Edit: Just for a side note, about the relationship this client is my former company.3
Yeah..finally some improvement.
my code is throwing Internal Server error exception now, two days back it was showing Unknown Exception.
Improving day by day.1
A common walkthrough with Laravel deployment:
1.) Error 403
2.) Internal server error 🤔
3.) bad require paths in index.php....
4.) Whooops something went wrong.. What?.... Look at log file with 2MB size
5.) View not found1
I was adding a new API integration into the product today, half of the API Documentation is written like shit, and has mistakes in them.
Okay, I kind of solved what ever errors there were in the documentation and got the API to give a response.
Tried to simulate an error response and all I get is 'Internal Server Error'.
What fucking pieces of shit wrote an API, which doesn't provide a correct error response.
I had to write to the support team in order to get everything clarified.
The elements that were indicated as optional should be there in the request it seems, if you don't want to enter any data for that, pass an empty string to it.
Atleast they could've given a proper error response / their documentation could've been better!4
I cannot understand the reasoning behind anyone using Gitlab instead of Github
I have to use it (gitlab) for a project, and these are my observations:
- clicking on one of the tabs on a project throws an internal server error
- under activity, the creation of the repo is listed under issues activity??
- cannot manage to push, even though I have the developer role (permissions broken?)
Ps: when choosing tabs, typing "gitlab is a" comes up with "gitlab is a joke" as autocompletion ;)6
My work product: Or why I learned to get twitchy around Java...
I maintain a Java based test system, that tests a raster image processor. The client is a Java swing project that contains CORBA bindings to the internal API of the raster image processor. It also has custom written UI elements and duplicated functionality that became available in later versions of Java, but because some of the third party tools we use don't work with later versions of Java for some reason, it's not possible to upgrade Java to gain things as simple as recursive directory deletion, yes the version of Java we have to use does not support something as simple as that and custom code had to be written to support it.
Because of the requirement to build the API bindings along with the client the whole application must be built with the raster image processor build chain, which is a heavily customised jam build system. So an ant task calls out to execute a jam task and jam does about 90% of the heavy lifting.
In addition to the Java code there's code for interpreting PostScript files, as these can be used to alter the behaviour of the raster image processor during testing.
The server isn't much better though. It's a tomcat based application that was written by someone who had never built a tomcat application before, or any web application for that matter and uses raw SQL strings instead of an orm, it doesn't use MVC in any way, and insane amount of functionality is dumped into the jsp files.
It too interacts with a raster image processor to create difference masks of the output, running PostScript as needed. It spawns off multiple threads and can spend days processing hundreds of gigabytes of image output (depending on the size of the tests).
We're stuck on Tomcat seven because we can't upgrade beyond Java 6, which brings a whole manner of security issues, but that eager little Java updated will break the tool chain if it gets its way.
Between these two components we have the Java RMI server (sometimes) working to help generate image data on the client side before all images are pulled across a UNC network path onto the server that processes test jobs (in PDF format), by reading into the xref table of said PDF, finding the embedded image data (for our server consumed test files are just flate encoded TIFF files wrapped around just enough PDF to make them valid) and uses a tool to create a difference mask of two images.
This tool is very error prone, it can't difference images of different sizes, colour spaces, orientations or pixel depths, but it's the best we have.
The tool is installed in both the client and server if the client can generate images it'll query from the server which ones it needs to and if it can't the server will use the tool itself.
Our shells have custom profiles for linking to a whole manner of third party tools and libraries, including a link to visual studio 2005 (more indirectly related build dependencies), the whole profile has to ensure that absolutely no operating system pollution gets into the shell, most of our apps are installed in our home directories and we have to ensure our paths are correct for every single application we add.
And... Fucking and!
Most of the tools are stored as source bundles in a version control system... Not got or mercurial, not perforce or svn, not even CVS... They use a custom built version control system that is built on top of RCS, it keeps a central database of locked files (using soft and hard locks along with write protecting the files in the file system) to ensure users can't get merge conflicts by preventing other users from writing to the files at all.
Branching is heavy weight and can take the best part of a day to create a new branch and populate the history.
Gathering the tools alone to build the Dev environment to build my project takes the best part of a week.
What should be a joy come hardware refresh year becomes a curse ("Well fuck, now I loose a week spending it setting up the Dev environment on ANOTHER machine").
Needless to say, I enjoy NOT working with Java. A lot of this isn't Javas fault, but there's a lot of things that Java (specifically the Java 6 version we're stuck on) does not make easy.
This is why I prefer to build my web apps in python or node, hell, I'd even take Lua... Just... Compiling web pages into executable Java classes, why? I mean I understand the implementation of how this happens, but why did my predecessor have to choose this? Why?2
I'm so sick of this task.
It's been three weeks now and I have the same problem as last week. It's very frustrating to have my name on this. I could have finished this in a few days if there weren't so many dependencies on other people or if those people would at least care enough to validate their work. I worked on more complex tasks and the most annoying part is knowing how easy it is but still being unable to finish it. I'm tired of attending stand-up meetings and giving the same "update" over and over again.
The team lead who borrowed me (team 2) messaged me yesterday asking what's holding it up. I told him I'm stuck with this thing that I need and that I already reached out to someone to get it so he already knows it's not my fault it's taking so long. Keep in mind that I cannot "just" get it myself, I would if I could, but imagine logging in and then paying right away. What items are you paying for? How much do they cost? It's a chain of events involving different teams.
Last week was spent with a team (team 3) that wouldn't respond to follow-ups. It came to a point where my original team (team 1) and the team who borrowed me (team 2) were all in the same group chat as team 3's lead. All for this one small fucking thing that I need. They kept saying "It's fixed" when it's not and I spent hours taking and sending screenshots to say "It's not there, seeeee?"
Finally, they made the changes last Friday after my work shift. Someone else from the team I'm working with (team 2) validated it, "Yep, it's fixed. The thing is there now." Now someone from team 2 has to make the changes to their API so the thing would appear in the response and then I will call that API to get the thing. While I'd love to volunteer, it's a completely different task assigned to a different developer and since I'm just borrowed by this team, I don't have access to all of their code except this module I'm working on and cannot assess the impact of making the changes. Not to mention that I would have to learn their entire process which I've already proven they are not really sure of themselves.
Why do I need to learn the entire process? Isn't that overkill? Glad you asked. I had an amazing on-boarding during the first week while setting up their shit and got a lot of "You need these first" errors, none of those things are committed to the repository, some are but are in different branches that I couldn't have guessed. Just refer to the previous rant.
So the smartest move is to wait for them to make the changes to the API. I told team 2 that I'm getting an internal server error with the API. They re-deployed and it works but after testing, the thing I need isn't in the response. They said they already made the changes to get the thing. It's not there. Now this guy I'm talking to follows up again with the developer who's working on the API and while all of this is happening, they decided to change the requirements. Team 2 is having production issues and my concerns are of course, not prioritized.
My team lead (team 1, the original) is obviously pissed off by team 3 from last week and now my team mates (team 1) are annoyed at both team 2 and 3 because of their broken applications and processes. Team 2 also made changes in their application without proper communication so the team 1 developers are affected.
I just want all of this to be over so I can return to my original team.
What the hell is the point of this small projects team spending 2-3 months on developing extensive logging system for an internal application for inside and outside customers to use if your application isn’t going to log any of the fucking errors. Sure you write the failure status to the database, but it just says failure with an even more vague explanation than microsoft’s errors. “An error occurred”. No shit, that’s why I’m looking in the logs and database to debug the application to get these files on their merry way so our company can stay in compliance with the state, feds, and not pay out the wazzoo in fines. All our other applications state where the error occured such as “failed to connect to the email server”, why can’t this one.
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.
Relatively often the OpenLDAP server (slapd) behaves a bit strange.
While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.
Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?
To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...
The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).
But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.
The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.2