[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

To: "Paul B. Henson" <henson@acm.org>
Subject: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Fri, 7 Feb 2014 07:00:20 -0500 (EST)
Cc: openldap-technical@openldap.org
In-reply-to: <0ad801cf2382$2467b250$6d3716f0$@acm.org>
References: <CAPcb_GK5B=-PzNuxY8wNkh+n-FRhnv0snDAcLYxjqhun1H97Bw@mail.gmail.com> <52EA7F3D.2090905@symas.com> <DBB1B1AD-EE28-4E1E-AF18-9974DC9CC06B@bayour.com> <52EA8929.2010309@symas.com> <59281912-8B90-495E-8FAC-99330FF17CD4@bayour.com> <52EA9B80.6030309@symas.com> <973E272C-A2BC-4C0B-B943-479EB299D4A5@bayour.com> <E092458822F5A957DE3F6C2F@[192.168.1.2]> <070e01cf1eeb$ded56ab0$9c804010$@acm.org> <A6E68C705577FC2E916E209E@[192.168.1.2]> <0ad801cf2382$2467b250$6d3716f0$@acm.org>
User-agent: Alpine 2.02 (SOC 1266 2009-07-14)

On Thu, 6 Feb 2014, Paul B. Henson wrote:

Our servers do a nightly backup of cn=config via slapcat -n 0, andthose are kept for a month. Since this is for clients, there's norevision control involved, but it would be trivial for someone to checkin the resulting LDIF file into their favorite RCS system.
Hmm, so the revision control system would transition from being theauthoritative source of what the configuration is (ie, in our currentsystem, if somehow the running configuration deviated from the versionin revision control, it would automatically be corrected back) to simplybecoming a record of whatever changes happen to have been made on therunning configuration?


Off the top of my head, I'm not really seeing this. With slapd.conf:

(human on workstation)
$RCS checkout repo/production.slapd.conf
$EDITOR !$
$RCS checkin repo/production.slapd.conf

(magical config overlord/human on server)
$RCS checkout repo/production.slapd.conf
cp repo/production.slapd.conf /server/production.slapd.conf
pkill slapd
slapd


or slapd.d:

(human on workstation)
$RCS checkout repo/production.slapd.ldif
$EDITOR !$
$RCS checkin repo/production.slapd.ldif

(magical config overlord/human on server)
$RCS checkout repo/production.slapd.ldif
ldifdiff /server/production.slapd.ldif repo/production.slapd.ldif > /tmp/diff.ldif
ldapmodify [...] -f /tmp/diff.ldif
slapcat -n0 -l /server/production.slapd.ldif

These both end up with the same state, and it's the same number ofcommands! You can checkout and revert to the latest head/trunk/etc. or anyarbitrary rev with either config format. Monitoring in-core vs. on-diskvs. expected-in-production committed config is possible in both cases andactually easier/more comprehensive with cn=config. If "magical configoverlord" is a cron job then "automatically be corrected" happens withboth of these workflows. How are your hands tied in this case?

Follow-Ups:
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: "Michael StrÃder" <michael@stroeder.com>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Simone Piccardi <piccardi@truelite.it>

References:
- RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: "Paul B. Henson" <henson@acm.org>
- RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: "Paul B. Henson" <henson@acm.org>

Prev by Date: OpenLDAP static configuration
Next by Date: Re: OpenLDAP static configuration
Index(es):
- Chronological
- Thread