[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tool to covert from LDIF cn=config to slapd.conf?

--On Wednesday, June 09, 2010 12:26 PM -0700 j@gropefruit.com wrote:

Actually I don't think this idea solely implies "going backwards in
development", in fact I think this tool is an excellent idea and
shouldn't be immediately balked at by the OpenLDAP team.

slapd.conf is deprecated and will likely be removed in OpenLDAP 2.5.

Let's look at this from the Disaster Recovery standpoint.   Consider this:

  * One uses slapd.conf as a boot-strap to general the cn=config database
  * cn=config works fine at first, and you are able to add new entries to
your runtime configuration, instead of adding them to slapd.conf (the
original boot-strapper).
  * One day, your Junior admin tries to add an "olc" attribute to your
cn=config backend, only to crash slapd (happens occasionally).
  * You start up slapd only to find the cn=config database has been
  * You use your original slapd.conf boot-strap to generate a NEW
cn=config backend.
  * You find your original bootstrap config LACKS some of the recent
changes your team made to the cn=config DB.  So, in essence, you're

I would suggest you instead take backups of your cn=config database via slapcat. This is what I do, on a nightly basis. If some junior admin makes a mistake, then I can restore it very trivially via slapadd.

The rest of your email is invalid due to the above. bootstrapping via slapd.conf should only be a one-time affair, and not used for disaster recovery.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration