[Date Prev][Date Next]
Re: back-config design considerarions - Admin Guide fodder
Quanah Gibson-Mount wrote:
--On Thursday, July 28, 2005 8:07 PM +0200 Michael Ströder
> Quanah, I do see all the advantages of slapd.conf mentioned above.
> But I also see the issues with inconsistencies and user confusion.
> Arent' you then questioning usefulness of back-config in general?
No, not at all. I already intend to use it on my production systems.
However, for doing a wide range of testing where I can make immediate
changes and restart the server with a new version of slapd.conf, no,
I don't intend to use it.
You realize, of course, that the whole point to back-config is that it
allows making immediate changes without needing to restart the server.
> BTW: Testing various setups by using -F with different directories
> is as easy as using -f. And you can check in the configdir/ tree to
> CVS as well without problem.
Not really. I can copy slapd.conf and make minor tweaks to it very
quickly, and store those slapd.conf files with specific tests quite
Well, it probably does take more keystrokes to run ldapmodify than it
does to edit slapd.conf. I guess that proves Michael's point that we
need better setup tools, or at least a more terse format than LDIF for
> Furthermore if in the future ACLs and access/audit logging is
> implemented for back-config you have a much more powerful
> instrument to track configuration changes than CVS for slapd.conf.
Last I checked, back-config supported my ACLs...
I suspect he means ACL checking on back-config operations. Certainly ACL
configuration via back-config operations is already fully implemented.
And the accesslog overlay is available for tracking configuration
changes. (We just need to expose olcDatabase=config now.)
> => One has to decide which route to go and after that one has to
> follow that route consequently to avoid inconsistencies and double
And sometimes, there is more than one route to a destination, each
route with its pros and cons.
While that may be true, part of the effort going into this is to choose
one path and ensure that it has more pros than any other. back-config is
the desired direction, and ultimately it will become the only path.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/