[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: Transitioning from slapd.conf to slapd.d, best practices for maintaining configuration comments?
From: Quanah Gibson-Mount <quanah () fast-mail ! org>
Date: 2023-12-01 22:14:44
Message-ID: A557079589E76A20DBFF155B () [192 ! 168 ! 1 ! 30]
[Download RAW message or body]
--On Friday, December 1, 2023 1:02 PM -0800 Christopher Paul
<chris.paul@rexconsulting.net> wrote:
> In summary, I see great value to continuing to support the slapd.conf
> file-based config, especially for production, and I see a lot of risk
> induced by deprecating it and forcing people to use OLC. OpenLDAP
> project, would you please consider to not deprecate slapd.conf?
As has been noted numerous times, slapd.conf is unordered and a constant
source of configuration errors and unexpected behavior since people
routinely throw statements in the wrong place. I would also note that you
are literally running a cn=config system with slapd.conf, even if it
doesn't appear that way to you, since slapd just automatically turns
slapd.conf into a cn=config db (although it may not function as desired due
to preceding note).
For myself, being able to update the servers on the fly has allowed me to:
a) Push ACL changes w/o restart
b) Push indexing changes w/o restart
c) Push schema changes w/o restart
d) Push log level changes w/o restart (Particularly useful when debugging
problems in a live environment)
I keep my cn-config db in git & use a test environment confirm changes
prior to pushing them live in production.
--Quanah
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic