[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

Le 20 mars 2012 09:32, Nick Milas <nick@eurobjects.com> a Ãcrit :
> On 20/3/2012 2:32 ÏÎ, Chris Hiestand wrote:
>> As far as the sysadmin is concerned, slapd.conf allowed multi-line strings
>> for ACLs and schemas. This yielded great readability
> Although I also really totally respect project developers and appreciate
> every single effort for the fine OpenLDAP project, I too believe that there
> is room for usability improvements in dynamic configuration.
> I am mostly using JXplorer for directory edits (including dynamic config),
> yet there are serious issues with readability and commenting, esp. with
> ACLs. (One might be interested to see some of my older posts on this matter,
> e.g.:
> http://www.openldap.org/lists/openldap-technical/201110/msg00186.html).
> Recently, Harry Jede contributed a script to enable better readability
> (http://www.openldap.org/lists/openldap-technical/201203/msg00191.html), but
> IMHO this is not the right approach in improving config management. We would
> greatly appreciate it if the OpenLDAP team could *incorporate* some changes
> in the dynamic config so as to *help* admins manage the server. Writing
> custom applications/scripts for this job seems to me a wrong approach; if
> something causes problems to those exactly for whom it has been designed,
> then it should be re-evaluated. I am confident that the OpenLDAP people can
> sense the feelings and experiences of admins providing this feedback. We
> report with complete trust to the development team.
>> I don't think writing a custom ldap client is "simple". Or, as David
>> Blank-Edelman requests, perhaps you have some example code showing how
>> simple it is?
>> ...
>> I'm having trouble imagining this being any more user-friendly than a
>> decent LDAP client like Apache Directory Studio - which still isn't as
>> readable as ACL .conf files.
> I will have to agree. We can write applications (I use PHP) for directory
> management (when necessary, e.g. to facilitate complex tasks), but I would
> kindly request OpenLDAP design and development team to provide some
> usability features to help us avoid writing applications for configuration
> management too.


As a complement of Apache Directory Studio, I would like to let you
know that we are developing an OpenLDAP cn=config web administration
interface : http://www.linid.org/projects/linid-om/wiki

You can download it and test it, we would appreciate any feedback on
this product. We are of course aware that we still have a lot a
features to implement, but the current stable version is already used
by some of our customers to manage OpenLDAP configuration.