[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?

To: "'Quanah Gibson-Mount'" <quanah@zimbra.com>, <openldap-technical@openldap.org>
Subject: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
From: "Paul B. Henson" <henson@acm.org>
Date: Fri, 31 Jan 2014 17:20:58 -0800
Content-language: en-us
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=eBeYz2/GOxgMHeGnx6/noUSsa6RTLE8zNbdBnOW+d0I=; b=Ei9GX/sP4GDyzaroTEXm2cBOty4ooNs20vOu12NBOmWjU1KDirCpytgN0SmO0YRTFu iA/PMT44rsf3zZtmzgkpcYogdVl0fiG8e/8F6Hqx/y6KIYaAN761QSmb0LgHs/zkYBkZ gyFL9SXcLJFNsowRjMKJNpkC45eKavaKA09es9tE9BA65pkCugnSNYwGxHEoQUahL1f6 r4yskCb7U6xr8ikOaUS3JxG2XD9pLeIrEHWkcxQ3xipovw6v+JQrqDrbXdE92EWcrX/H gX04Clc6XmWyTMAtBvHpRSlhdSiuakO3eXLKCt9TookQJpJPNWrUAOeCCbkbOpEiUcGH q+sg==
In-reply-to: <E092458822F5A957DE3F6C2F@[192.168.1.2]>
References: <CAPcb_GK5B=-PzNuxY8wNkh+n-FRhnv0snDAcLYxjqhun1H97Bw@mail.gmail.com> <52EA7F3D.2090905@symas.com> <DBB1B1AD-EE28-4E1E-AF18-9974DC9CC06B@bayour.com> <52EA8929.2010309@symas.com> <59281912-8B90-495E-8FAC-99330FF17CD4@bayour.com> <52EA9B80.6030309@symas.com> <973E272C-A2BC-4C0B-B943-479EB299D4A5@bayour.com> <E092458822F5A957DE3F6C2F@[192.168.1.2]>
Thread-index: AQIBehI6Zsy2IgA9h4PWn4vMBbyeRgIgku54AOI7f4gCya3NPQFaqgteAXLxKjsBZp0LWQGCnAbImd7HmiA=

> From: Quanah Gibson-Mount
> Sent: Thursday, January 30, 2014 1:09 PM
>
> Having used both methods for years, I disagree.  It is a learning curve to
> understand the cn=config backend, but once you do, it is far superior to
> the old flat file, and to me, much easier to use.

My main issue with the cn=config method is how to integrate it into our
revision control and approval system.

Currently, with the flat file, the authoritative configuration is stored in
a revision control system. When there are any changes to be made, they are
made in a development branch, tested, then reviewed and approved to be
merged into the production branch, at which point they are pushed out to the
system. I'm not really sure how to do that with the dynamic cn=config
method.

For example, currently our revision control system could tell us exactly
what configuration was in place seven weeks ago. How would you do that with
cn=config? I suppose you could have a change log document in revision
control, but unlike the actual configuration file in revision control,
there's no way to say whether or not the changes made dynamically via
cn=config are exactly matched to the changelog. Unless perhaps the ldif
executing the change is maintained in revision control?

Follow-Ups:
- RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: Michael Ströder <michael@stroeder.com>
- Antw: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: slapd.d and back-sql
Next by Date: RE: Have you seen this FUD - IT pros suffer OpenLDAP configuration headaches ?
Index(es):
- Chronological
- Thread