Re: Best Practices for configuration management with cn=config?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Friday, February 03, 2012 9:14 PM +0100 Michael StrÃder 
<michael@stroeder.com> wrote:

> Quanah Gibson-Mount wrote:
> > --On Friday, February 03, 2012 12:27 PM -0700 Chris Jacobs
> > <Chris.Jacobs@apollogrp.edu> wrote:
> >
> > > We use puppet here... for openldap, it's ONLY useful for initial config.
> > > For modifications of openldap config, there's no mechanism to enable
> > > that, and any mechanism that DID exist would have to be aware of the
> > > current state.
> >
> > @ Zimbra we wrote our own state engine that queries the current cn=config
> > values, and compares them to a set of variables that user can modify. If
> > they differ, it updates cn=config to match the user variables. We don't
> > use puppet at all however.
>
> And where is the "set of variables that user can modify" stored?

In a utility local to the system.  Most end clients do not know or 
understand how to modify LDAP or any number of the software programs 
shipped with Zimbra, so it allows them the ability to configure LDAP, 
Postfix, etc, in a simple way.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration