Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

[Howard Chu <hyc@symas.com>]

Michael StrÃder wrote:
> Mike Jackson wrote:
> > I have built a fully automated installation system directly using cn=config. I
> > have a file called config.ldif which contains a lot of %%MACROS%% and a tiny
> > perl script that replaces those macros with actual values depending on the
> > details of the particular installation. So, there isn't any of this silliness
> > of creating slapd.conf, converting it into cn=config, and then continuing -
> > that's an unnecessary step.
> >
> > After I generate the real config.ldif from the template config.ldif, I simply
> > load it with slapadd to build my cn=config hierarchy.
> >
> > slapadd \
> >    -n0 \
> >    -v \
> >    -F ${CONF_DIR} \
> >    -l ldifs/config.ldif
>
> When using slapadd to fully load cn=config you have to stop your slapd during
> that. So this is definitely *not* how cn=config is supposed to be operated.

Perfectly fine for bootstrapping the initial config though.

> Also when mucking directly with the LDIF you loose slapd's capability of input
> validation.

You can muck with input to slapadd all you want. It will still get basic 
validation.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/