Quanah Gibson-Mount wrote:
So instead of writing a single file (in one FS transaction) after letting slaptest check it I have to write several files (multiple FS operations), diff that and then apply multiple LDAP operations.
Hm? How is this any different really than tracking slapd.conf in git? And plenty of people break out slapd.conf into multiple files and use "include" handling to pull, such as with schema, ACLs, etc. I see no difference here.
(Except the schema files) I break up slapd.conf in several *templates* but the config management (currently ansible) generates a single slapd.conf file on the target system. So after the includes in the template engine there is a single file transferred to the target and installed there.
Yeah, sounds really great regarding error handling.
How does this differ from slapd.conf? You get no error handling with that, either, if you modify it and commit it to git.
I had some detail issue with slaptest I have to revisit. But mainly I want to use "validate: slaptest..." in the ansible template task to avoid installing a broken slapd.conf. Yes, that's feasible even with a directory tree. But it needs much more work/caution without added value.
Ciao, Michael.