[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: best practices for backing up ldap configuration

To: Khosrow Ebrahimpour <khosrow.ebrahimpour@ssc-spc.gc.ca>, openldap-technical@openldap.org
Subject: Re: best practices for backing up ldap configuration
From: Howard Chu <hyc@symas.com>
Date: Fri, 14 Dec 2012 22:42:08 -0800
In-reply-to: <1708528.kaob7Yy3CJ@zerg>
References: <1366579.lIkHzkOR8Z@zerg> <CAOE5R6s8K9pNjY2KoEK-aABcwy=k_pjHbwq2zphdRWhDrRMh-Q@mail.gmail.com> <50CAE2A2.5000705@stroeder.com> <1708528.kaob7Yy3CJ@zerg>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17a1

Khosrow Ebrahimpour wrote:

On December 14, 2012 09:26:10 AM Michael Ströder wrote:

Venkat wrote:

On Thu, Dec 13, 2012 at 3:25 PM, Michael Ströder <michael@stroeder.com

<mailto:michael@stroeder.com>> wrote:
     Well, if you're already using a VCS why not just use static
     configuration
     files.

One reason against using static configuration is that the server needs to
be stopped and started when making a simple ACL change.


If HA is really important I guess one has a load-balancer in front of
several replicas. So restarting one after another results in zero downtime
seen from the clients.

We do run a cluster of several replicas, but I'm still a fan of having a
central repository of configuration not to mention a nice timeline of all the
changes made on the configuration.

Personally I still prefer to use static configuration and fully automated
installation/configuration (with puppet manifests pulled from SVN). That's
really easy with text files compared to dealing with dynamic configuration.

I've seen this issue debated on this list many times, and although there are
some who like the ease of use of a slapd.conf, it is deprecated and who knows
if support for it will be dropped at some point or not.

Yes, this has been debated many times, and the debate is just as stupid andpointless today as it was the first N times.

If your tools can only deal with static config files, fine. Use "slapcat -n0"and go your merry way. The cn=config functionality is a total superset of thestatic config file. Anyone who thinks the existence of cn=config in any waylimits their freedom of operation is just being ignorant.

In life there are many things that are a matter of opinion and open to debate.This is not one of them. It's cut and dry. Get over it, move on.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: best practices for backing up ldap configuration
  - From: Guillaume Rousse <guillomovitch@gmail.com>

References:
- best practices for backing up ldap configuration
  - From: Khosrow Ebrahimpour <khosrow.ebrahimpour@ssc-spc.gc.ca>
- Re: best practices for backing up ldap configuration
  - From: Venkat <mvenkatsub@gmail.com>
- Re: best practices for backing up ldap configuration
  - From: Michael Ströder <michael@stroeder.com>
- Re: best practices for backing up ldap configuration
  - From: Khosrow Ebrahimpour <khosrow.ebrahimpour@ssc-spc.gc.ca>

Prev by Date: Re: best practices for backing up ldap configuration
Next by Date: Re: best practices for backing up ldap configuration
Index(es):
- Chronological
- Thread