[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: Transitioning from slapd.conf to slapd.d, best practices for maintaining configuration comments?
From:       Geert Hendrickx <geert () hendrickx ! be>
Date:       2023-12-01 22:04:55
Message-ID: ZWpYh6MohvI9nft0 () castor ! ghen ! be
[Download RAW message or body]

On Fri, Dec 01, 2023 at 13:02:03 -0800, Christopher Paul wrote:
> The one and only advantage I see to OLC is that you can make some changes on
> the fly, without restarting the server. But is this ever necessary, or even
> advisable in a production environment?



I prefer the traditional slapd.conf as well, but one very good use case
of dynamic configuration is being able to add indexes on a (very) large
directory on-line.  It can take many hours on a 100 GB directory, and if
you have to do that while slapd is down, it also needs to catch up with
many hours of replication afterwards, before you can use it again.  So
being able to do this on-line is really convenient.

We use a hybrid approach to achieve this: we use a traditional slapd.conf
(under version control), but when we need to add an index, we temporarily
enable a config database in slapd.conf *without a persistent backend*:

> database	config
> rootdn	cn=config
> rootpw	.........

This exposes our slapd.conf configuration as LDIF, and lets us modify it,
but in a non-persisent manner.  So we can dynamically add an olcDbIndex
entry to create a new index on-line, and then add that same index in our
slapd.conf for persistent use after slapd restart.

Best of both worlds?


	Geert
[prev in list] [next in list] [prev in thread] [next in thread]