Re: back-config design considerarions - Admin Guide fodder

[Howard Chu <hyc@symas.com>]

Quanah Gibson-Mount wrote:
>  --On Thursday, July 28, 2005 8:07 PM +0200 Michael Ströder
>  <michael@stroeder.com> wrote:
> > Quanah, I do see all the advantages of slapd.conf mentioned above.
> > But I also see the issues with inconsistencies and user confusion.
> > Arent' you then questioning usefulness of back-config in general?

>  No, not at all.  I already intend to use it on my production systems.
>  However, for doing a wide range of testing where I can make immediate
>  changes and restart the server with a new version of slapd.conf, no,
>  I don't intend to use it.

You realize, of course, that the whole point to back-config is that it 
allows making immediate changes without needing to restart the server.

> > BTW: Testing various setups by using -F with different directories
> > is as easy as using -f. And you can check in the configdir/ tree to
> > CVS as well without problem.
>
>  Not really.  I can copy slapd.conf and make minor tweaks to it very
>  quickly, and store those slapd.conf files with specific tests quite
>  easily.

Well, it probably does take more keystrokes to run ldapmodify than it 
does to edit slapd.conf. I guess that proves Michael's point that we 
need better setup tools, or at least a more terse format than LDIF for 
specifying modifications.

> > Furthermore if in the future ACLs and access/audit logging is
> > implemented for back-config you have a much more powerful
> > instrument to track configuration changes than CVS for slapd.conf.

>  Last I checked, back-config supported my ACLs...

I suspect he means ACL checking on back-config operations. Certainly ACL 
configuration via back-config operations is already fully implemented. 
And the accesslog overlay is available for tracking configuration 
changes. (We just need to expose olcDatabase=config now.)

> > => One has to decide which route to go and after that one has to
> > follow that route consequently to avoid inconsistencies and double
> > effort.

Agreed.

>  And sometimes, there is more than one route to a destination, each
>  route with its pros and cons.

While that may be true, part of the effort going into this is to choose 
one path and ensure that it has more pros than any other. back-config is 
the desired direction, and ultimately it will become the only path.
--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/