[Date Prev][Date Next]
RE: Bdb defaults - WAS: problem importing entries.
>Unless "example settings" come from another OL implementation that
>is nearly identical to my own WRT hardware, LUAs, number of entries,
>indices, attributes, etc. etc. aren't I going to have to read the
>docs and do my own configurating anyway? Would I risk my employer's
>account authentication infrastructure (to take just one possible
>LDAP application) on "example settings" that have been provided
>without regard for our needs or limitations?
>I'm rather grateful that the OpenLDAP developers have not made
>any assumptions about what constitutes the group of "most OpenLDAP
But to take your example of ACL's, they do.
Its right there, in the main document that people will refer to when first learning how to configure a server. With all the important variables, warnings, explanations of how it works, and examples. There is no counterpart in the admin guide for configuring bdb. There isn't even a pointer to the Berkeley docs until you start going through the faqs.
All that I am suggesting is that
A) - the admin guide should provide similar documentation and examples for the bdb configuration, since that is now their primary database. Much of what is needed is already in the faq - and the other thing that would be nice is an example or two which were documented. The documentation would explain why these parameters were set, and what their ramifications are for openldap. At least then there would be a starting point for end users to compare their environment to, and adjust accordingly.
B) - they don't fall back on the defaults for Berkeley db, when no DB_CONFIG file is present, since everyone seems to agree that the Berkeley defaults are bad choices for openldap (in nearly any use case). MySQL has the option of using BDB as their backend, much like openldap. And they provide the default settings. Settings that work well for most use cases. I certainly don't hear anyone clamoring for the MySQL developers to stop picking good initial variables, and instead making everyone who wants to use mysql with a bdb backend go out and read the BerkeleyDB documentation before they try to use it.
I'll stop feeding the flames now.