[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Olc deployment vs slapd.conf based deployment

To: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
Subject: Re: Olc deployment vs slapd.conf based deployment
From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Fri, 15 Sep 2017 15:14:09 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20170915095510.GT27271@maia.oucs.ox.ac.uk>
References: <CALm_VjikYjnYEcrfKXYjm8AFt0VQ7EV1crGX=tXst3-RUbr7fQ@mail.gmail.com> <WM!5ccf6f006a0b3aa9abfbc3f9c9be3eb021708e582b17a98c6ed49d59b8e29485947e7650daf5ed804e3554164491fa2d!@mailstronghold-1.zmailcloud.com> <78567B9241600A3CA0EAC7A6@[192.168.1.30]> <b9e230a5-1dc0-b01f-ae4d-d23e0cd21d3e@stroeder.com> <WM!2056d11326b77cae4108e23999f0a6268f3993b708b522f6b62189222846339a4ad2c8ab4c093c059746abe16d83eddb!@mailstronghold-1.zmailcloud.com> <09DC3AC4FD5C91D7F0D9EA03@[192.168.1.30]> <18a7cbf1-2127-9576-09ac-501801362d6e@stroeder.com> <20170915084601.GR27271@maia.oucs.ox.ac.uk> <76d570da-a8ca-d7d5-a5b1-da27aa1aee3a@stroeder.com> <20170915095510.GT27271@maia.oucs.ox.ac.uk>
User-agent: Mutt/1.5.23 (2014-03-12)

On Fri, Sep 15, 2017 at 10:55:10AM +0100, Dameon Wagner wrote:
> On Fri, Sep 15 2017 at 11:22:44 +0200, Michael Ströder scribbled
>> I already though about writing an ansible module doing the
>> idempotent diffs via LDAP. But the hard part is a roll-back or
>> removing parts since back-config does not support delete operations
>> in 2.4.x.
>> IMO it's not worth the effort, also because one would have to keep a
>> complete representation of cn=config as static file anway.
> 
> I completely agree.  I really hope that if/when slapd.conf support is
> removed there's already some form of "conventional" configuration
> management integration available.

cn=config delete support exists in master, as well as slapmodify tools
that work on cn=config and, with a tiny nudge (cn=config suffix itself
is reserved for back-config), the underlying ldif database if you really
do get into a bind. And slaptest works with cn=config just fine already.
All that will have been firmly in place by the time slapd.conf is
removed.

What you really need is ldif diff tools and you might have luck perusing
the OpenLDAP source tree or elsewhere (ldapvi?).

I know LDAP TXN support for cn=config might be just what you'd see as
the silver bullet but I don't see that happening, not yet, sorry.

Regards,

--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP

References:
- Re: Olc deployment vs slapd.conf based deployment
  - From: rammohan ganapavarapu <rammohanganap@gmail.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Dameon Wagner <dameon.wagner@it.ox.ac.uk>

Prev by Date: Re: Olc deployment vs slapd.conf based deployment
Next by Date: Re: Upgrade from 2.4.40 to 2.4.44
Index(es):
- Chronological
- Thread