Re: managing OpenLDAP / back-config
On Mittwoch, 16. Januar 2008, Michael Ströder wrote:
Ralf Haferkamp wrote:
> On the other hand we have
> quite some customers demanding for tools to manage OpenLDAP, that's
why
I
> came here to find ways to improve that situation in a way that
others
> could benefit from it as well.
Ralf, at first one would have to define what "manage OpenLDAP" really
means, by defining the use-cases needed. I'd distinguish the use-cases
in categories:
1. Configuration (network config, backends, indexing, ACLs, etc.)
This is what I
was talking about. I thought that was clear, when I
mentioned
back-config in my original posting ;)
2. Directory user and group management related to access control
3. Maintaining the content retrieved by client applications.
For 1. I usually ask my customers how they are going to implement
the
change management. After some discussion we usually end up with
text-based config managed with version control. Something simple and
handy. :-)
Configuration changes in production are most times not that dynamic.
Rather they are subject of a long-lasting change process. Tweaking
text
files is not the issue during this process.
Dynamic reconfiguration if really needed for certain deployment
situations (e.g. change of master/slave role) are implemented by
home-grown scripts which must be thoroughly tested.
Yes, I guess that this works
pretty well when you deploy OpenLDAP (or
basically any other software) at a single customer. It gets harder when
you ship OpenLDAP as a part of a product, that is also used by people
that are not too familiar with OpenLDAP. Ok, one might argue now, that
people not really familiar with OpenLDAP should not use it, but I tend
to disagree a bit here ;).
I pretty much agree with the rest of your mail.
--
regards,
Ralf