[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: managing OpenLDAP / back-config

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: managing OpenLDAP / back-config
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 16 Jan 2008 12:33:29 +0100
Cc: openldap-devel@openldap.org
In-reply-to: <200801151159.27625.rhafer@suse.de>
References: <200801150808.17185.rhafer@suse.de> <478C6E31.8030503@symas.com> <200801151159.27625.rhafer@suse.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

Ralf Haferkamp wrote:

On the other hand we have quite some customers demanding for tools to manage OpenLDAP, that's why I came here to find ways to improve that situation in a way that others could benefit from it as well.

Ralf, at first one would have to define what "manage OpenLDAP" really means, by defining the use-cases needed. I'd distinguish the use-cases in categories:

1. Configuration (network config, backends, indexing, ACLs, etc.)
2. Directory user and group management related to access control
3. Maintaining the content retrieved by client applications.

For 1. I usually ask my customers how they are going to implement the change management. After some discussion we usually end up with text-based config managed with version control. Something simple and handy. :-) Configuration changes in production are most times not that dynamic. Rather they are subject of a long-lasting change process. Tweaking text files is not the issue during this process. Dynamic reconfiguration if really needed for certain deployment situations (e.g. change of master/slave role) are implemented by home-grown scripts which must be thoroughly tested.

Use cases in category 2. are much simpler than 1. If the number of changes is low and the change process itself is rather simple the existing tools cover this situation quite well. If specific workflows have to be followed there is not a single tool which covers all the variants you can find even within one company. ;-) Again a home-grown tool has to be implemented for more complex cases.

3. is most times done by home-grown tools or by syncing mass data from other sources.

So like Howard I don't see much need for developing something like this. I rather see the need to teach the customers. ;-) Also bear in mind that an API might get very complex e.g. in case of tweaking things with special controls.

Regarding customization of configuration tools I can also confirm that most people are asking for powerful customization features but then nobody bothers to read the docs to really customize a admin UI.

Ciao, Michael.

Follow-Ups:
- Re: managing OpenLDAP / back-config
  - From: Ralf Haferkamp <rhafer@suse.de>

References:
- managing OpenLDAP / back-config
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: managing OpenLDAP / back-config
  - From: Howard Chu <hyc@symas.com>
- Re: managing OpenLDAP / back-config
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Re: managing OpenLDAP / back-config
Next by Date: Re: managing OpenLDAP / back-config
Index(es):
- Chronological
- Thread