Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

[Howard Chu <hyc@symas.com>]

Mike Jackson wrote:
> Quoting Michael StrÃder <michael@stroeder.com>:
>
> > When using slapadd to fully load cn=config you have to stop your slapd during
> > that. So this is definitely *not* how cn=config is supposed to be operated.
> > Also when mucking directly with the LDIF you loose slapd's
> > capability of input
> > validation.
> >
> > Ciao, Michael.
>
> Please read my post more carefully and understand it before commenting.
>
> Slapd has never been started at this point so there's nothing to stop.
> It doesn't have any configuration at all. I don't muck with the LDIF,
> I generate it. If you take a little time to study the cn=config
> entries, you'll see that it's not exactly rocket science to write or
> generate your own. The only real concern is that the attribute names
> or something change over time and I have to adapt my template, in

We've never changed the names of any config attributes. The only thing that 
has changed over time is adding new definitions.

> other words it's not declared as a public interface but it really
> should be. You can even keep it in git (my template is certainly in
> git).

The schema is published in the cn=schema,cn=config entry. That's as much a 
public interface as there'll ever be in an LDAP directory.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/