[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries



On 20/3/2012 2:32 ÏÎ, Chris Hiestand wrote:

As far as the sysadmin is concerned, slapd.conf allowed multi-line strings for ACLs and schemas. This yielded great readability

Although I also really totally respect project developers and appreciate every single effort for the fine OpenLDAP project, I too believe that there is room for usability improvements in dynamic configuration.

I am mostly using JXplorer for directory edits (including dynamic config), yet there are serious issues with readability and commenting, esp. with ACLs. (One might be interested to see some of my older posts on this matter, e.g.: http://www.openldap.org/lists/openldap-technical/201110/msg00186.html).

Recently, Harry Jede contributed a script to enable better readability (http://www.openldap.org/lists/openldap-technical/201203/msg00191.html), but IMHO this is not the right approach in improving config management. We would greatly appreciate it if the OpenLDAP team could *incorporate* some changes in the dynamic config so as to *help* admins manage the server. Writing custom applications/scripts for this job seems to me a wrong approach; if something causes problems to those exactly for whom it has been designed, then it should be re-evaluated. I am confident that the OpenLDAP people can sense the feelings and experiences of admins providing this feedback. We report with complete trust to the development team.

I don't think writing a custom ldap client is "simple". Or, as David Blank-Edelman requests, perhaps you have some example code showing how simple it is?
...
I'm having trouble imagining this being any more user-friendly than a decent LDAP client like Apache Directory Studio - which still isn't as readable as ACL .conf files.

I will have to agree. We can write applications (I use PHP) for directory management (when necessary, e.g. to facilitate complex tasks), but I would kindly request OpenLDAP design and development team to provide some usability features to help us avoid writing applications for configuration management too.

With due respect,
Nick