[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-config design considerarions - Admin Guide fodder

Quanah Gibson-Mount wrote:
 --On Thursday, July 28, 2005 8:07 PM +0200 Michael Ströder
 <michael@stroeder.com> wrote:
> Quanah, I do see all the advantages of slapd.conf mentioned above.
> But I also see the issues with inconsistencies and user confusion.
> Arent' you then questioning usefulness of back-config in general?

 No, not at all.  I already intend to use it on my production systems.
 However, for doing a wide range of testing where I can make immediate
 changes and restart the server with a new version of slapd.conf, no,
 I don't intend to use it.

You realize, of course, that the whole point to back-config is that it allows making immediate changes without needing to restart the server.

> BTW: Testing various setups by using -F with different directories
> is as easy as using -f. And you can check in the configdir/ tree to
> CVS as well without problem.

 Not really.  I can copy slapd.conf and make minor tweaks to it very
 quickly, and store those slapd.conf files with specific tests quite

Well, it probably does take more keystrokes to run ldapmodify than it does to edit slapd.conf. I guess that proves Michael's point that we need better setup tools, or at least a more terse format than LDIF for specifying modifications.

> Furthermore if in the future ACLs and access/audit logging is
> implemented for back-config you have a much more powerful
> instrument to track configuration changes than CVS for slapd.conf.

Last I checked, back-config supported my ACLs...

I suspect he means ACL checking on back-config operations. Certainly ACL configuration via back-config operations is already fully implemented. And the accesslog overlay is available for tracking configuration changes. (We just need to expose olcDatabase=config now.)

> => One has to decide which route to go and after that one has to
> follow that route consequently to avoid inconsistencies and double
> effort.


 And sometimes, there is more than one route to a destination, each
 route with its pros and cons.

While that may be true, part of the effort going into this is to choose one path and ensure that it has more pros than any other. back-config is the desired direction, and ultimately it will become the only path.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/