I completely agree. As I said, a little statistic to understand what people use could be interesting. For me comments and a text file config is mandatory. I am not configuring mysql.cnf using a mysql database. As it has been said before, once your setup is done, you barely change it. And a little restart is not a problem using replicas. If some colleagues come after me (not specialized on ldap), they would be probably more comfortable with a traditional text file than using an ldap browser which just show DNs and attributes. That's may be great to replicate cn=config, but from some mails I red, it seems not so easy. The harder it is to configure, the less people use.
Hi all,
+1 to not dismiss slapd.conf.
Comments are my leading motivation in saying this. In my biggest deployment I used a complex configuration by splitting my conf files in nested subdirectories, mirroring conceptual separation of OpenLDAP components: database(s), overlays related to each database, security, modules, etc... I commented heavily each file and, in this way, I'm able to driver my colleagues on ordinarily activities, without the burden to have each of them become a full time specialist on OpenLDAP, letting me go on holiday more relaxed :-) I commented the rationale of my choices, not only the meaning of the configuration directives. In an office of about 10 unix systems administrators with large heterogeneity of skills and sw products this way has revealed to be an added value.
Not to be misunderstood, I like very much the cn=config way. But in my opinion it has to be a must in particular enterprise configurations, in example for bastion slaves used for H24 operational systems, or in situations where a network load balancer (to obtain failover, I mean) in between cannot be used.
My 2 cents.
Marco