Mike Jackson wrote: > Quoting Christian Kratzer <ck-lists@cksoft.de>: >> >> as has been said before several times. There is no reason to lose your >> ability to put your configs into version control when you move to cn=config. >> >> - You can check the output from slapcat -n0 into your vcs. > > "You" in my message referring to the OP, not you Christian. > > Or you can ldapsearch it from a backup script running on a cron job. Or you > can cd into the config directory and do a git init. We've discussed that here many times: IMO it's a big difference to export a running configuration in your VCS just for the records or to control the configuration in VCS before rollout. For me doing the VCS actions *before* rolling out the configuration to all the slapd instances gives much more control especially if you have to roll *back* something. And think of staging. And slapd-config does not handle deletion => rollback can be very hard. Also orchestrated rollout of changes might spread across other systems as well. E.g. when I'm deploying schema changes in slapd I have to change the web-based admin UI as well etc. > In any case, dynamic configuration IS an enterprise-grade/carrier-grade > feature as opposed to static configuration. It enables you to perform critical > adjustments to your service without interrupting your service (more or less > depending on the implementation). I have built multilevel LDAP clusters where > there were over 15000 simultaneous persistent connections from mobile network > elements checking RBAC against management actions and believe me, static > configuration would have been a showstopper if I needed to restart LDAP > services just to expand my capacity (adding new replicas, etc). Nonsense. If HA is important you must have decent load-balancers in front of your servers and know how to operate them. > If you don't see why dynamic configuration is a good idea, then you probably > shouldn't be using LDAP for anything too important, anyway. Ah, and you are the one and only *real* expert. Strange enough my customers are running mission-critical OpenLDAP deployments with static configuration - since years. > I personally believe that support for static configuration should be removed > already because having two different configuration systems in place serves to > confuse a lot of people, especially learners. Complete nonsense. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature