[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian

Hi!

On Thu, Apr 21, 2011 at 3:42 PM, Howard Chu <hyc@symas.com> wrote:
> Jose Ildefonso Camargo Tolosa wrote:
>>
>> On Thu, Apr 21, 2011 at 12:05 AM, Howard Chu<hyc@symas.com>  wrote:
>>>
>>> There are many possibilities. The most obvious is leaving random
>>> whitespace
>>> at the end of a line, which frequently trips up people who manually edit
>>> flat text files. I won't go into the other possibilities because frankly,
>>> it's an internal implementation detail and not worth mentioning. Suffice
>>> to
>>> say, if you're not going to take the word of the programmer who designed
>>> and
>>> implemented all of this that editing by hand is prone to corruption, then
>>> we
>>> have nothing further to discuss.
>>
>> Howard, I *know* who you are, I am not new to OpenLDAP.  So, please,
>> take no offense, we are having just a discussion.
>
> We are having a *STUPID* discussion. The man who knows this field has just
> told you it is full of landmines, and if you tread on it you will blow your
> foot off. You are arguing that it hasn't happened yet so therefore it must
> be perfectly safe. If you were sitting in front of me right now I would ask
> you to give me some money, because you are clearly a fool.

I *never* said it is safe, I just said that it has never failed for me
(in my own, personal, experience), on the other side: it is very
uncommon for me to be tweaking the configs after the server is up, I
could say that I update the configs once a year or less!

>
>> Still, I'm yet to
>> see any of my servers being corrupted by me editing the cn=config
>> files directly! (well, it is also me... I *know* several admins that
>> totally screwed config files, but I have been on the UNIX world for
>> ~16 years, so, maybe I'm used to really tight files formatting)  also,
>> because these are LDIFs, these actually "yell" to be edited by hand!
>> (you should add an ominous warning to the docs, stating that you
>> should not edit those files directly, for x, y, or z reason).
>
> It is not my responsibility to tell you exactly where each landmine is. I
> have told you they exist; for a wise man that is enough. If you wish to seek
> out exactly where they lie, fine, spend your own time on that. It's
> certainly not a good use of my time.

Yet, the ominous warning on the docs would be good, maybe here?

http://www.openldap.org/doc/admin24/slapdconf2.html

As I said: the slapd.d directory structure is actually a bunch of ldif
files, that you may think can directly edit! and, according to what
you say: it can actually be a very bad idea! so, a warning on the docs
would be wise (I don't think I can edit the docs, so, I can't add the
warning myself).

Ildefonso.