[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: cn=config configuration method



> From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Giles > Coochey
> Sent: Thursday, July 28, 2011 9:23 AM
> To: daniel@up247solution.com
> Cc: openldap-technical@openldap.org
> Subject: Re: cn=config configuration method
>
> On 28/07/2011 17:25, Daniel Qian wrote:
> >
> > What I found out about Redhat cn=config is every time you
> > ldadadd/ldapmodify to the database, it automatically updates the
> > relevant ldif on filesystem. Editing .ldif files and restart openldap
> > still works but you will get flamed here :)
> >
> Yes - I finally discovered the relevant (redhat) documentation
> recommending _not_ to manually edit the ldif files directly. Reason
> given - too easy to make a mistake and then it won't work at all.

My $.02 : While I'm not yet using slapd.d (harder to manage config via Puppet), my current take on the slapd.d is like the windows registry : use the tools provided (ldapmodify, regedit, etc) rather than trying to edit by hand. Granted, the windows registry is a binary blob and the contents of slapd.d are temptingly human readable text files, the same ideas apply. Of course, the comparison starts to fall apart when you consider you can make any nonsensical edit with regedit, and ldapmodify (and its kin) makes sure the edits are allowed via current config/schema - which reinforces the OpenLDAP team's strong warnings to use the supplied tools vs edits by hand.

- chris

>
> --
> Best Regards,
>
> Giles Coochey
> NetSecSpec Ltd
> NL Mobile: +31 626 508 131
> GIB Mobile: +350 5401 6693
> Business Email: giles.coochey@netsecspec.co.uk
> Email/MSN/Live Messenger: giles@coochey.net
> Skype: gilescoochey

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.