[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: Transitioning from slapd.conf to slapd.d, best practices for maintaining configuration comments?
From: Brendan Kearney <bpk678 () gmail ! com>
Date: 2023-11-16 13:42:08
Message-ID: fabcc819-50b9-9a53-6598-6ae4ff1beb93 () gmail ! com
[Download RAW message or body]
On 11/15/23 1:58 PM, Ben Poliakoff wrote:
> This is more of a practical question than a technical one, but it's
> prompted by a technical change: I'm *very* **very** belatedly
> transitioning from flat file slapd.conf config to slapd.d/OLC.
>
> With flat file configuration, it was straightforward to include text
> comments (e.g. "# blah blah"), but as far as I know there isn't any
> sort of analog for comments, when using slapd.d. Looking for any tips
> about how best to annotate slapd configuration, in a slapd.d/olc
> world. Does anyone have a practice that they find works well for them?
> Do people just maintain separate documents/wiki pages/etc that
> describe their servers' configs?
>
> Ben
having jumped into LDAP after the switch to OLC started, i dove into the
OLC configs and really tried to learn how the new mechanism worked. i
like the benefit of the online updates where changes to the instance
occur without having to stop/start. i use fedora, and it includes the
file /usr/share/openldap-servers/slapd.ldif which serves as a base
config example, with comments in it. i have modified that and then
added its contents via slapadd or ldapadd.
as a jumping off point, you might look at "slaptest -f <flat slapd.conf
file> -F <slapd.d dir>". this will actually convert from old to new
format and may offer an opportunity to see what you flat config would
look like in OLC format.
when i wanted to add new object, entries, etc, i often create a
purposefully named ldif file, and add the syntax to it that is needed
for the specific purpose. i have a myriad of files named according to
what the action is or the function of the ldif file is, like
CacheModule.ldif and CacheOverlay.ldif. this helps me compartmentalize
the configs and not be overwhelmed with everything else going on.
i have found the phpLDAPAdmin project, which provides a browser based
admin UI, to be invaluable. getting past the syntax of LDAP allows me
to be focused on what i need to do, and not how i need to do it, though
you do still need to have proper structure in the syntax you're working
with.
HTH
brendan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic