[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Converting from slapd.d back to slapd.conf

To: Simone Piccardi <piccardi@truelite.it>
Subject: Re: Converting from slapd.d back to slapd.conf
From: Christian Kratzer <ck-lists@cksoft.de>
Date: Fri, 28 Mar 2014 12:25:44 +0100 (CET)
Cc: openldap-technical@openldap.org
In-reply-to: <53355496.5040502@truelite.it>
References: <mailman.1.1394712001.83811.openldap-technical@openldap.org> <Pine.A41.4.58.1403270842500.1147632@tigger.cc.uic.edu> <alpine.BSF.2.00.1403271505140.1298@pohjola.cksoft.de> <Pine.A41.4.58.1403270908210.1147632@tigger.cc.uic.edu> <alpine.SOC.2.02.1403271137460.22098@toolbox.rutgers.edu> <53355496.5040502@truelite.it>
User-agent: Alpine 2.00 (BSF 1167 2008-08-23)

Hi,

On Fri, 28 Mar 2014, Simone Piccardi wrote:

On 03/27/2014 04:38 PM, Aaron Richton wrote:


Would you mind documenting your concerns/experiences for the benefit of
the list? (And, for that matter, if there are outright flaws they should
be tracked in OpenLDAP's ITS...)

I can give my reason:

- it's more readable than the ldif slapcat is producing
- I can put comments on it

- I can go back to a previous configuration just by a cp o editing back thecontents

yes it is a very different concept.

But after setting up several projects with cn=config I quite enjoy the new style of doing things:

1. I have ldiff snippets with nicely edited and commented acl configs and scheme deinitions that I apply with ldapmodify

2. I use ldapvi for quick changes

3. I replicate cn=config between members of a cluster and only apply changes to one of them

4. I have a bootstrapping config with :include: directives for pulling in standard schema. I do not use slaptest for bootstrapping anymore.

5. I have setup personal admin accounts that have permission to edit both the main dit and cn=config

6. I archive daily, weekly and monthly dumps of the configuration that I can easily diff if needed

7. I very much enjoy chaning the loglevel runtime in case I need detailed output

8. I also greatly enjoy the mostly consistent ordering of the config

9. When I goof up I delete slapd.d and reimport a known good config with slapadd -n0 -F slapd.d -l config.ldif

cn=config does take some time getting used to and I myself also resisted for some time.

It has a steeper learning curve and we need to document best practices and provide improved documentation for getting started.

slapd.conf is not going away in the very near future at least not until the rough edges and bugs in cn=config have been sorted out.

I consider cn=config superior once you get your head wrapped around it.

Greetings
Christian

--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/

Follow-Ups:
- Re: Converting from slapd.d back to slapd.conf
  - From: Nick Milas <nick@eurobjects.com>

References:
- Converting from slapd.d back to slapd.conf
  - From: Sven Jourgensen <svenj@uic.edu>
- Re: Converting from slapd.d back to slapd.conf
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Converting from slapd.d back to slapd.conf
  - From: Sven Jourgensen <svenj@uic.edu>
- Re: Converting from slapd.d back to slapd.conf
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Converting from slapd.d back to slapd.conf
  - From: Simone Piccardi <piccardi@truelite.it>

Prev by Date: Re: Converting from slapd.d back to slapd.conf
Next by Date: Re: Converting from slapd.d back to slapd.conf
Index(es):
- Chronological
- Thread