Paul B. Henson wrote: >> From: Quanah Gibson-Mount >> Sent: Friday, January 31, 2014 6:03 PM >> >> Our servers do a nightly backup of cn=config via slapcat -n 0, and those >> are kept for a month. Since this is for clients, there's no revision >> control involved, but it would be trivial for someone to check in the >> resulting LDIF file into their favorite RCS system. > > Hmm, so the revision control system would transition from being the > authoritative source of what the configuration is (ie, in our current > system, if somehow the running configuration deviated from the version in > revision control, it would automatically be corrected back) to simply > becoming a record of whatever changes happen to have been made on the > running configuration? Especially I'm not keen on allowing a CRON job with a clear-text credential in a config file to commit into the VCS. Also you don't have meaningful commit messages when doing so. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature