Re: Installation openLDAP in Debian

[Michael Ströder <michael@stroeder.com>]

Howard Chu wrote:
> Michael Ströder wrote:
>> Howard Chu wrote:
>>> If you don't understand LDAP and LDIF then you cannot effectively
>>> administer an LDAP server. Period. There is no chicken and egg here -
>>> you must understand LDAP. You must know what "DIT" means. You must know
>>> what a DN is. You must know what a schema is. You must know what an
>>> attribute is. There is no bypassing this required knowledge.
>>
>> I'd say I understand LDAP and LDIF etc. but still I'm in favour using
>> slapd.conf and only use cn=config in the *rare* cases where dynamic
>> configuration is really needed.
>>
>>> When you know what these things are, cn=config is just another DIT, that
>>> you manage just like every other DIT.
>>
>> Especially the schema design of OpenLDAP's cn=config is more
>> complicated than
>> it should be. Look at other LDAP server implementations and you'll see
>> how
>> easy it is to tweak cn=config with a generic, schema-aware LDAP
>> client. That's
>> not so easy with OpenLDAP's cn=config.
> 
> Since you're being so vague it's difficult to address your point.

E.g. the proprietary X-ORDERED stuff prevents clients from doing things
easily. It feels like using the text editor while not being as flexible like a
text editor.

> However, one thing is clear - you can manage everything using just the
> ldapmodify command line tool, that's a simple fact. 

Yes. But I prefer to use a comfortable text editor.

> So from what I can see, either your clients are inferior to a command line
> tool or you're just using them wrong.

Being the author of web2ldap I claim having thought about how LDAP clients
should be designed quite a lot. So indeed I take this as personal offense.

Ciao, Michael.