[Date Prev][Date Next]
Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
On 20/3/2012 2:32 ÏÎ, Chris Hiestand wrote:
As far as the sysadmin is concerned, slapd.conf allowed multi-line strings for ACLs and schemas. This yielded great readability
Although I also really totally respect project developers and appreciate
every single effort for the fine OpenLDAP project, I too believe that
there is room for usability improvements in dynamic configuration.
I am mostly using JXplorer for directory edits (including dynamic
config), yet there are serious issues with readability and commenting,
esp. with ACLs. (One might be interested to see some of my older posts
on this matter, e.g.:
Recently, Harry Jede contributed a script to enable better readability
but IMHO this is not the right approach in improving config management.
We would greatly appreciate it if the OpenLDAP team could *incorporate*
some changes in the dynamic config so as to *help* admins manage the
server. Writing custom applications/scripts for this job seems to me a
wrong approach; if something causes problems to those exactly for whom
it has been designed, then it should be re-evaluated. I am confident
that the OpenLDAP people can sense the feelings and experiences of
admins providing this feedback. We report with complete trust to the
I don't think writing a custom ldap client is "simple". Or, as David Blank-Edelman requests, perhaps you have some example code showing how simple it is?
I'm having trouble imagining this being any more user-friendly than a decent LDAP client like Apache Directory Studio - which still isn't as readable as ACL .conf files.
I will have to agree. We can write applications (I use PHP) for
directory management (when necessary, e.g. to facilitate complex tasks),
but I would kindly request OpenLDAP design and development team to
provide some usability features to help us avoid writing applications
for configuration management too.
With due respect,