Quanah Gibson-Mount wrote: > --On Friday, December 13, 2013 6:00 PM +0000 Clint Petty > <cpetty@luthresearch.com> wrote: > >> I know you are suppose to make changes through the command line, when >> using cn=config. I tried changing it through ldapmodify, however wasn't >> able to get it to work. So changed it in the file and it did work. We >> are transitioning away from cn=config, so this is just a short term >> solution. > > Bad idea, given that cn=config will eventually become the only way to > configure openldap. Instead of transitioning away, you should figure out why > you have problems using it, and resolve those instead. AFAICT slapd.conf will at least be available in all OpenLDAP releases 2.4.x. Maybe even in 2.5 if I understood Howard correctly at LDAPcon 2013. There *are* very good reasons to use slapd.conf - especially when beginning to develop your slapd configuration and you want to remove things and start over from scratch. We can see on this list that it's very hard for beginners to start with cn=config. Also I'm very much in favour of using slapd.conf with config management systems like puppet or similar and version control of config files. I'm currently working on a bunch of complex ACLs which would be a pain with cn=config. And yes, I know how these ACLs look in cn=config since I use cn=config read-only for letting the monitor check determining the syncrepl topology. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature