[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?



Christopher Wood wrote:
> On Fri, Feb 07, 2014 at 02:25:45PM +0100, Simone Piccardi wrote:
>> these last two are far usually done with a service restart, or, when
>> the service support the online changes, with a service reload or a
>> kill -HUP.
> 
> Therein lies the issue with the text config file for some of us - we are
> not able to interrupt the ldap service which supports critical
> customer-facing services. Or, more specifically, we are not able to
> interrupt ldap service without floods of really grumpy master tickets. The
> cn=config layout really helps here.

If you have strong HA requirements you have to run with decent load-balancers
in front of your LDAP servers anyway. So restarting replicas one after another
is not really a big deal.

> For my part I had ldap bootstrapped via puppet into a full cn=config
> supplier/consumer multimaster setup, but I never got as far as a
> type/provider to configure ACLs or anything.

Well, it seems there's a choice of whether to use back-config or config file.

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature