[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: config backend

To: ando@sys-net.it
Subject: Re: config backend
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 06 Mar 2003 12:15:31 -0800
Cc: <hyc@highlandsun.com>, <openldap-devel@OpenLDAP.org>
In-reply-to: <36209.131.175.154.56.1046850204.squirrel@webmail.sys-net.i t>
References: <005001c2e1ef$a7db5dc0$0e01a8c0@CELLO> <005001c2e1ef$a7db5dc0$0e01a8c0@CELLO>

At 11:43 PM 3/4/2003, Pierangelo Masarati wrote:
>It is very interesting; I think you already wrote about this
>some time ago, when talking about gentle restart or so.
>I believe this would become strikingly interesting if we could
>modify at least some of the settings while the server is running. 

In my opinion, slapd should never update a configuration file.
This is not to say that users should never be able to
dynamically update slapd's configuration.   If the configuration
is held in files, then to support dynamic updates, the server needs
to support re-reading of the files.   If the configuration
is held in the directory, then the server needs to support
update of the directory.   I would prefer the latter.

That is, why not have a backend which held configuration
information (maybe it would use flat files for storage, but
that's an implementation detail).  The default configuration
would be to support one listener, ldapi://, directory manager
set to the authorization identity associated with euid=0,egid=0
of the peer, no databases (other than the configuration), and
a simple ACL policy (access to * by rootdn write by * none).

To (re)configure the system, one just issues the appropriate
LDAP update operations....

Kurt

References:
- config backend
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re[2]: config backend
Next by Date: FW: Adding an LDIF entry to openldap
Index(es):
- Chronological
- Thread