[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: Transitioning from slapd.conf to slapd.d, best practices for maintaining configuration comments?
From:       Brendan Kearney <bpk678 () gmail ! com>
Date:       2023-11-16 13:42:08
Message-ID: fabcc819-50b9-9a53-6598-6ae4ff1beb93 () gmail ! com
[Download RAW message or body]

On 11/15/23 1:58 PM, Ben Poliakoff wrote:
> This is more of a practical question than a technical one, but it's 
> prompted by a technical change: I'm *very* **very** belatedly 
> transitioning from flat file slapd.conf config to slapd.d/OLC.
>
> With flat file configuration, it was straightforward to include text 
> comments (e.g. "# blah blah"), but as far as I know there isn't any 
> sort of analog for comments, when using slapd.d. Looking for any tips 
> about how best to annotate slapd configuration, in a slapd.d/olc 
> world. Does anyone have a practice that they find works  well for them? 
> Do people just maintain separate documents/wiki pages/etc that 
> describe their servers' configs?
>
> Ben

having jumped into LDAP after the switch to OLC started, i dove into the 
OLC configs and really tried to learn how the new mechanism worked.   i 
like the benefit of the online updates where changes to the instance 
occur without having to stop/start.   i use fedora, and it includes the 
file /usr/share/openldap-servers/slapd.ldif which serves as a base 
config example, with comments in it.   i have modified that and then 
added its contents via slapadd or ldapadd.

as a jumping off point, you might look at "slaptest -f <flat slapd.conf 
file> -F <slapd.d dir>".   this will actually convert from old to new 
format and may offer an opportunity to see what you flat config would 
look like in OLC format.

when i wanted to add new object, entries, etc, i often create a 
purposefully named ldif file, and add the syntax to it that is needed 
for the specific purpose.   i have a myriad of files named according to 
what the action is or the function of the ldif file is, like 
CacheModule.ldif and CacheOverlay.ldif.   this helps me compartmentalize 
the configs and not be overwhelmed with everything else going on.

i have found the phpLDAPAdmin project, which provides a browser based 
admin UI, to be invaluable.   getting past the syntax of LDAP allows me 
to be focused on what i need to do, and not how i need to do it, though 
you do still need to have proper structure in the syntax you're working 
with.

HTH

brendan
[prev in list] [next in list] [prev in thread] [next in thread]