Re: managing OpenLDAP / back-config

[Ralf Haferkamp <rhafer@suse.de>]

On Mittwoch, 16. Januar 2008, Michael Ströder wrote:
> Ralf Haferkamp wrote:
> > On the other hand we have
> > quite some customers demanding for tools to manage OpenLDAP, that's 
why I
> > came here to find ways to improve that situation in a way that 
others
> > could benefit from it as well.
>
> Ralf, at first one would have to define what "manage OpenLDAP" really
> means, by defining the use-cases needed. I'd distinguish the use-cases
> in categories:
>
> 1. Configuration (network config, backends, indexing, ACLs, etc.)
This is what I was talking about. I thought that was clear, when I 
mentioned 
back-config in my original posting ;)

> 2. Directory user and group management related to access control
> 3. Maintaining the content retrieved by client applications.

> For 1. I usually ask my customers how they are going to implement the
> change management. After some discussion we usually end up with
> text-based config managed with version control. Something simple and
> handy. :-)
> Configuration changes in production are most times not that dynamic.
> Rather they are subject of a long-lasting change process. Tweaking 
text
> files is not the issue during this process.
> Dynamic reconfiguration if really needed for certain deployment
> situations (e.g. change of master/slave role) are implemented by
> home-grown scripts which must be thoroughly tested.
Yes, I guess that this works pretty well when you deploy OpenLDAP (or 
basically any other software) at a single customer. It gets harder when 
you ship OpenLDAP as a part of a product, that is also used by people 
that are not too familiar with OpenLDAP. Ok, one might argue now, that 
people not really familiar with OpenLDAP should not use it, but I tend 
to disagree a bit here ;).

I pretty much agree with the rest of your mail.

-- 
regards,
	Ralf