Howard Chu wrote:
When you know what these things are, cn=config is just another DIT, that you manage just like every other DIT. The learning curve for cn=config is shorter than for slapd.conf, because once you learn the essential elements of LDAP, you also know all the essentials for configuring slapd. Otherwise, you have to learn LDAP + LDIF + slapd.conf syntax, which history has shown practically everybody gets *wrong*. The web is full of bogus slapd.conf examples with directives scattered all over the place, instead of in their proper order and location. (...)
That seems to me a similarity with slapd.conf, not a difference. Now people are getting cn=config wrong. Cut&paste which includes the magic {numbers} they do not know what is, getting a BDB database number {0}. Editing the cn=config tree directly, that's a fairly obvious thing to. After all, why go via some tool once you've already written your LDIF?
The latter is fixable by switching cn=config to use a back-ber with binary files and no RDN-like filenames, if we really never should edit cn=config.