[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: best practices for backing up ldap configuration



Khosrow Ebrahimpour wrote:
On December 14, 2012 09:26:10 AM Michael Ströder wrote:
Venkat wrote:
On Thu, Dec 13, 2012 at 3:25 PM, Michael Ströder <michael@stroeder.com

<mailto:michael@stroeder.com>> wrote:
     Well, if you're already using a VCS why not just use static
     configuration
     files.

One reason against using static configuration is that the server needs to
be stopped and started when making a simple ACL change.

If HA is really important I guess one has a load-balancer in front of
several replicas. So restarting one after another results in zero downtime
seen from the clients.

We do run a cluster of several replicas, but I'm still a fan of having a
central repository of configuration not to mention a nice timeline of all the
changes made on the configuration.

Personally I still prefer to use static configuration and fully automated
installation/configuration (with puppet manifests pulled from SVN). That's
really easy with text files compared to dealing with dynamic configuration.

I've seen this issue debated on this list many times, and although there are
some who like the ease of use of a slapd.conf, it is deprecated and who knows
if support for it will be dropped at some point or not.

Yes, this has been debated many times, and the debate is just as stupid and pointless today as it was the first N times.

If your tools can only deal with static config files, fine. Use "slapcat -n0" and go your merry way. The cn=config functionality is a total superset of the static config file. Anyone who thinks the existence of cn=config in any way limits their freedom of operation is just being ignorant.

In life there are many things that are a matter of opinion and open to debate. This is not one of them. It's cut and dry. Get over it, move on.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/