Christopher Wood wrote:
On Fri, Feb 07, 2014 at 02:25:45PM +0100, Simone Piccardi wrote:
these last two are far usually done with a service restart, or, when the service support the online changes, with a service reload or a kill -HUP.
Therein lies the issue with the text config file for some of us - we are not able to interrupt the ldap service which supports critical customer-facing services. Or, more specifically, we are not able to interrupt ldap service without floods of really grumpy master tickets. The cn=config layout really helps here.
If you have strong HA requirements you have to run with decent load-balancers in front of your LDAP servers anyway. So restarting replicas one after another is not really a big deal.
For my part I had ldap bootstrapped via puppet into a full cn=config supplier/consumer multimaster setup, but I never got as far as a type/provider to configure ACLs or anything.
Well, it seems there's a choice of whether to use back-config or config file.
Ciao, Michael.