On Mittwoch, 16. Januar 2008, Michael Ströder wrote:
Ralf Haferkamp wrote:
On the other hand we have quite some customers demanding for tools to manage OpenLDAP, that's
why I
came here to find ways to improve that situation in a way that
others
could benefit from it as well.
Ralf, at first one would have to define what "manage OpenLDAP" really means, by defining the use-cases needed. I'd distinguish the use-cases in categories:
- Configuration (network config, backends, indexing, ACLs, etc.)
This is what I was talking about. I thought that was clear, when I mentioned back-config in my original posting ;)
- Directory user and group management related to access control
- Maintaining the content retrieved by client applications.
For 1. I usually ask my customers how they are going to implement the change management. After some discussion we usually end up with text-based config managed with version control. Something simple and handy. :-) Configuration changes in production are most times not that dynamic. Rather they are subject of a long-lasting change process. Tweaking
text
files is not the issue during this process. Dynamic reconfiguration if really needed for certain deployment situations (e.g. change of master/slave role) are implemented by home-grown scripts which must be thoroughly tested.
Yes, I guess that this works pretty well when you deploy OpenLDAP (or basically any other software) at a single customer. It gets harder when you ship OpenLDAP as a part of a product, that is also used by people that are not too familiar with OpenLDAP. Ok, one might argue now, that people not really familiar with OpenLDAP should not use it, but I tend to disagree a bit here ;).
I pretty much agree with the rest of your mail.