[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
Hi,
On Fri, 31 Jan 2014, Paul B. Henson wrote:
From: Quanah Gibson-Mount
Sent: Thursday, January 30, 2014 1:09 PM
Having used both methods for years, I disagree. It is a learning curve to
understand the cn=config backend, but once you do, it is far superior to
the old flat file, and to me, much easier to use.
My main issue with the cn=config method is how to integrate it into our
revision control and approval system.
all of the below:
- apply the changes using ldif files and put those changes into your approval system
- run nightly slapcat of cn=config an archive those
- put an ldif auditlog on cn=config and user personal users only to modify cn=config so you have a clean audit trail.
- ...
Currently, with the flat file, the authoritative configuration is stored in
a revision control system. When there are any changes to be made, they are
made in a development branch, tested, then reviewed and approved to be
merged into the production branch, at which point they are pushed out to the
system. I'm not really sure how to do that with the dynamic cn=config
method.
For example, currently our revision control system could tell us exactly
what configuration was in place seven weeks ago. How would you do that with
cn=config? I suppose you could have a change log document in revision
control, but unlike the actual configuration file in revision control,
there's no way to say whether or not the changes made dynamically via
cn=config are exactly matched to the changelog. Unless perhaps the ldif
executing the change is maintained in revision control?
I fail to see any issues in the above ...
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer