[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Olc deployment vs slapd.conf based deployment
- To: openldap-technical@openldap.org
- Subject: Re: Olc deployment vs slapd.conf based deployment
- From: Radovan Semancik <radovan.semancik@evolveum.com>
- Date: Mon, 18 Sep 2017 11:21:38 +0200
- Content-language: en-US
- Dkim-filter: OpenDKIM Filter v2.9.0 hermes.evolveum.com DA008362A07
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evolveum.com; s=46F1F96C-8266-11E5-BB5D-6C9186186C84; t=1505726561; bh=dIvF/ccPcaBcSdgZfehkHHVdFuEmzke6jmytjTdX4XI=; h=Subject:To:From:Message-ID:Date:MIME-Version:Content-Type: Content-Transfer-Encoding; b=khQncI8C4eORQ4ZOHrZzARvPCrI5KwR220xNvPb2qcA1M6JMA+zgzi3Fjk+aB0T0P qagYY80cZH7JkwMlw8zq2Mllnac00TrppMoR3YozMZt/kIOzj4fydj1T2y3npX1lnv fNRRmRL2lFFbxH13y5Z6SQaTm7aeaSvddi080QPc=
- In-reply-to: <77336596566E63C254BF34B5@[192.168.1.30]>
- References: <CALm_VjikYjnYEcrfKXYjm8AFt0VQ7EV1crGX=tXst3-RUbr7fQ@mail.gmail.com> <WM!5ccf6f006a0b3aa9abfbc3f9c9be3eb021708e582b17a98c6ed49d59b8e29485947e7650 daf5ed804e3554164491fa2d!@mailstronghold-1.zmailcloud.com> <78567B9241600A3CA0EAC7A6@[192.168.1.30]> <b9e230a5-1dc0-b01f-ae4d-d23e0cd21d3e@stroeder.com> <b7d93005-3de5-5b9a-630e-d93510bd9b44@ironicdesign.com> <WM!c441031e673082de9904bb70fc818ffda9b9f7dd5392e09c37cc5ccb7332246257b6daf5a456f233f94aa06df0aea0f3!@mailstronghold-1.zmailcloud.com> <77336596566E63C254BF34B5@[192.168.1.30]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
Hi,
The "cn=config" configuration method is clearly superior. However, there
are serious practical issues. Firstly, the documentation leaves a lot to
be desired. Until recently almost all examples shown the slapd.conf way,
cn=config equivalent was simply missing. Unless I have missed something
most manual pages still assume the slapd.conf configuration method. And
so on. Secondly, there are operations that simply cannot be done using
ldpamodify in cn=config (e.g. removal of a suffix database). And thirdly
and most importantly: it is a real pain to remember the configuration
schema and write a multi-line ldapmodify command-line even for simple
operations. Especially given that you have to translate suffix names
(dc=example,dc=com) to configuration DNs (olcDatabase={1}mdb,cn=config),
set up non-trivial configuration (e.g. replication) and so on. The
cn=config method may be superior. But it is not user friendly. Not even
close.
But, OpenLDAP is an open source project. If there is something that a
user does not like then there is always something that can be done about
it. For example, I like cn=config, but I hate the lack of tooling.
Therefore I have created the missing tools:
https://github.com/Evolveum/slapdconf
--
Radovan Semancik
Software Architect
evolveum.com
On 09/15/2017 02:36 AM, Quanah Gibson-Mount wrote:
It takes all of ldapadd/modify to modify cn=config. If you're having
that much difficulty, it sounds like you don't understand how to use
cn=config.