[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: Transitioning from slapd.conf to slapd.d, best practices for maintaining configuration comments?
From:       Quanah Gibson-Mount <quanah () fast-mail ! org>
Date:       2023-12-01 22:14:44
Message-ID: A557079589E76A20DBFF155B () [192 ! 168 ! 1 ! 30]
[Download RAW message or body]



--On Friday, December 1, 2023 1:02 PM -0800 Christopher Paul 
<chris.paul@rexconsulting.net> wrote:

> In summary, I see great value to continuing to support the slapd.conf
> file-based config, especially for production, and I see a lot of risk
> induced by deprecating it and forcing people to use OLC.   OpenLDAP
> project, would you please consider to not deprecate slapd.conf?

As has been noted numerous times, slapd.conf is unordered and a constant 
source of configuration errors and unexpected behavior since people 
routinely throw statements in the wrong place.  I would also note that you 
are literally running a cn=config system with slapd.conf, even if it 
doesn't appear that way to you, since slapd just automatically turns 
slapd.conf into a cn=config db (although it may not function as desired due 
to preceding note).

For myself, being able to update the servers on the fly has allowed me to:

a) Push ACL changes w/o restart
b) Push indexing changes w/o restart
c) Push schema changes w/o restart
d) Push log level changes w/o restart (Particularly useful when debugging 
problems in a live environment)

I keep my cn-config db in git & use a test environment confirm changes 
prior to pushing them live in production.


--Quanah
[prev in list] [next in list] [prev in thread] [next in thread]