RE: Antw: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

["Paul B. Henson" <henson@acm.org>]

> From: Ulrich Windl
> Sent: Wednesday, May 14, 2014 11:13 PM
>
> Well if you want to sync your configuration with LDAP means, the LDAP
> representation (as well as DIT metadata) makes sense.

Yes, if you eat LDAP for breakfast, lunch, and dinner, dream about LDAP, and
don't really work with anything else, then the LDAP-based configuration is
probably great for you. If you manage dozens of other services for which you
already have a well developed and flexible framework for managing
configuration files, perhaps not so much.

> > with no luck. Why on earth would I spend the amount of time and effort
it
> > would take to implement flat text config file based dynamic
> > reconfiguration
> > when I can't even get engagement on what will likely be a five line
diff? On
> 
> If you see the server as an island, modifications are trivial, but if the
server is
> part of an infrastructure, any change may break other parts of the
> infrastructure.

I'm not quite sure what you're addressing with this remark? Implementing
flat text config file reconfiguration? The five line diff for increasing the
granularity of the authentication failure attribute for the password policy
module? Something else?

> At that point one might argue that implementinc two mechanisms for the
> same thing is one too much, maybe.

Possibly. But assuming the "convert slapd.conf into LDIF" functionality
isn't going away, then flat text config file reconfiguration would really be
only a layer on top of that and the existing LDIF dynamic reconfiguration
implementation.