[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian

> I completely agree. As I said, a little statistic to understand what people
> use could be interesting. For me comments and  a text file config is
> mandatory. I am not configuring mysql.cnf using a mysql database. As it has
> been said before, once your setup is done, you barely change it. And a
> little restart is not a problem using replicas.
> If some colleagues come after me (not specialized on ldap), they would be
> probably more comfortable with a traditional text file than using an ldap
> browser which just show DNs and attributes.
> That's may be great to replicate cn=config, but from some mails I red, it
> seems not so easy. The harder it is to configure, the less people use.

Hi all,

+1 to not dismiss slapd.conf.

Comments are my leading motivation in saying this.
In my biggest deployment I used a complex configuration by splitting
my conf files in nested subdirectories, mirroring conceptual
separation of OpenLDAP components: database(s), overlays related to
each database, security, modules, etc...
I commented heavily each file and, in this way, I'm able to driver my
colleagues on ordinarily activities, without the burden to have each
of them become a full time specialist on OpenLDAP, letting me go on
holiday more relaxed :-)
I commented the rationale of my choices, not only the meaning of the
configuration directives. In an office of about 10 unix systems
administrators with large heterogeneity of skills and sw products this
way has revealed to be an added value.

Not to be misunderstood, I like very much the cn=config way. But in my
opinion it has to be a must in particular enterprise configurations,
in example for bastion slaves used for H24 operational systems, or in
situations where a network load balancer (to obtain failover, I mean)
in between cannot be used.

My 2 cents.