Re: best practices for backing up ldap configuration

[Khosrow Ebrahimpour <khosrow.ebrahimpour@ssc-spc.gc.ca>]

On December 14, 2012 07:06:13 PM Michael Ströder wrote:
> That's what SVN/puppet is for in my current project which generates static
> configuration files for all the nodes based on templates. We can specify as
> many MMR replica instances as needed and use the same Puppet manifests for
> MMR setups in different stages.
> 
> And that works *much* better than tracking changes to back-config because it
> is easier to automate configuration without an "internal" state change in a
> DB.

But managing back-config using any config management tool remains an issue. I 
don't think I can just push the entire slapd.d directory using chef or puppet. 
That's why I thought of tracking the changes. 

Having said all that I do agree with you that using a static configuration is 
better suited for this kind of thing.

 
> IIRC the static configuration will be dropped not before 2.5.x is out.
> 

That's good to know, though we are entirely on back-config now.

I found something interesting as well. Openldap seems to ignore dotfiles in 
slapd.d directory. This can help avoid having to check for config changes using 
a script and I can simply commit the entire slapd.d to my VCS.

--
Khosrow