[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian

Hello Howard,

Nothing else to discuss? When I started a long time ago, the learning edge was a little bit easier, as to start your configuration you don't need to use ldap tools. You know the problem of chicken and eggs.
On other ldap servers, software comes with a GUI to configure. If you don't do that and you get rid of slapd.conf I imagine that lots of beginners will try some other solutions than OpenLDAP and that would be a pity.
And a configuration tool can help to glue the dependences between directives. It's harder and harder to understand what to put, where, and the side effects. I was just playing around with ProxyAuth, using directives, slaptest OK, but I am not using SASL which should be (after a day to test) something required. But my slaptest is OK..

Another example: We have several independant for the moment databases that are glued together. That's not the same config and we need to have an acl part with limits and rights. If I do that with cn=config, I have to write an ldap programm to add, modify, delete attributes.
Using an include acl.conf in slapd.conf, just rsync acl.conf and restart. And the comments in slapd.conf are very usefull.
Please do not remove slapd.conf or add a configure tool.


2011/4/21 Howard Chu <hyc@symas.com>
Jose Ildefonso Camargo Tolosa wrote:
On Wed, Apr 20, 2011 at 4:18 PM, Howard Chu<hyc@symas.com>  wrote:
Jose Ildefonso Camargo Tolosa wrote:

On Wed, Apr 20, 2011 at 2:53 PM, Howard Chu<hyc@symas.com>    wrote:

The tree of files is not meant for you to ever look at or modify
Just use slapcat or ldapsearch. If you know anything about LDAP at all
is MUCH easier than editing flat text files, since you can use any LDAP
(commandline or GUI) to do all the administration.

I don't find complex to directly modify the files, actually, I find it
easier than having to write a ldif modification script every time I
need to apply a change! I just go ahead and edit the corresponding
ldif file on slapd.d

You are editing the backing store of a slapd internal database. If slapd is
running while you're doing this, you will probably corrupt the database.
Even if slapd is not running, you'll probably corrupt the database.

Ok, I'll fall for this: how in the world can I corrupt a text (ldif)
file? I have done that for quite some time, and I have never had a
single issue with it.  Off course, I need to restart slapd to make it
use my changes, but it is not big deal on my environment (for other
environments, you can use ldapmodify (or similar) and make changes on
the fly).

There are many possibilities. The most obvious is leaving random whitespace at the end of a line, which frequently trips up people who manually edit flat text files. I won't go into the other possibilities because frankly, it's an internal implementation detail and not worth mentioning. Suffice to say, if you're not going to take the word of the programmer who designed and implemented all of this that editing by hand is prone to corruption, then we have nothing further to discuss.

 -- Howard Chu
 CTO, Symas Corp.           http://www.symas.com
 Director, Highland Sun     http://highlandsun.com/hyc/
 Chief Architect, OpenLDAP  http://www.openldap.org/project/

Dominique LALOT
Ingénieur Systèmes et Réseaux