[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Installation openLDAP in Debian
From: Howard Chu <hyc@symas.com>
Date: Thu, 21 Apr 2011 13:36:39 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <4DB065A2.9060103@stroeder.com>
References: <BANLkTikfeAfRqNVEJdvRcoXz2SMk_eOrPg@mail.gmail.com> <BANLkTik15pcioQzSq06Go3Nx5QkW45VF8A@mail.gmail.com> <4DAF2019.4000800@truelite.it> <4DAF329D.3040509@symas.com> <BANLkTimtGCPzrnEnPKFNkimM00Lv9gdbng@mail.gmail.com> <4DAF469A.8000301@symas.com> <BANLkTi=F6LZGofbcLrJJ_84EiYbCEDAffQ@mail.gmail.com> <4DAFB416.3040109@symas.com> <BANLkTimY5Fpffd8ba_NCSMnvYpT3sxzYig@mail.gmail.com> <4DAFF349.4080002@symas.com> <4DB065A2.9060103@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) Gecko/20110322 Firefox/4.0b13pre SeaMonkey/2.1b2pre

Michael Ströder wrote:

Howard Chu wrote:

If you don't understand LDAP and LDIF then you cannot effectively
administer an LDAP server. Period. There is no chicken and egg here -
you must understand LDAP. You must know what "DIT" means. You must know
what a DN is. You must know what a schema is. You must know what an
attribute is. There is no bypassing this required knowledge.


I'd say I understand LDAP and LDIF etc. but still I'm in favour using
slapd.conf and only use cn=config in the *rare* cases where dynamic
configuration is really needed.

When you know what these things are, cn=config is just another DIT, that
you manage just like every other DIT.


Especially the schema design of OpenLDAP's cn=config is more complicated than
it should be. Look at other LDAP server implementations and you'll see how
easy it is to tweak cn=config with a generic, schema-aware LDAP client. That's
not so easy with OpenLDAP's cn=config.

Since you're being so vague it's difficult to address your point. However, onething is clear - you can manage everything using just the ldapmodify commandline tool, that's a simple fact. So from what I can see, either your clientsare inferior to a command line tool or you're just using them wrong.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Installation openLDAP in Debian
  - From: Michael Ströder <michael@stroeder.com>

References:
- Installation openLDAP in Debian
  - From: "D. R. Paudel" <rajme690@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Simone Piccardi <piccardi@truelite.it>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: LALOT Dominique <dom.lalot@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: clarifications on cachesize, preferred db, et. al. from admin guide
Next by Date: Re: Installation openLDAP in Debian
Index(es):
- Chronological
- Thread