[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Best Practices for configuration management with cn=config?

--On Friday, February 03, 2012 12:57 PM -0500 Jeff B <jeffb.list@gmail.com> wrote:

I'm using puppet for configuration management and with the slapd.conf
it was dumb simple to push configs to the master and the slave servers
and have the server reload when the config was updated.

However I'm running an overlay that pukes with a slapd.conf and had to
convert over to cn=config.  Now I'm not sure how I want to manage
this.  Can I safely modify the files while slapd is running?  I
wouldn't expect it to pick up the config changes without a reload, but
if I want puppet to push configs and reload will this be a valid

NO. With cn=config, you use ldapmodify or similar to change the database. The cn=config method IS a database, not a set of flat text files. Modifications to the configuration are immediate with the exception of changes to olcSecurity.

Or do I need to do something with an LDIF of the config and have some
kind  of ldapadd/ldapmodify mojo?

Correct. (or perl's net-ldap, python-ldap, etc).



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration