Hi,
On Fri, 28 Mar 2014, Simone Piccardi wrote:
On 03/27/2014 04:38 PM, Aaron Richton wrote:
Would you mind documenting your concerns/experiences for the benefit of the list? (And, for that matter, if there are outright flaws they should be tracked in OpenLDAP's ITS...)
I can give my reason:
- it's more readable than the ldif slapcat is producing
- I can put comments on it
- I can go back to a previous configuration just by a cp o editing back the
contents
yes it is a very different concept.
But after setting up several projects with cn=config I quite enjoy the new style of doing things:
1. I have ldiff snippets with nicely edited and commented acl configs and scheme deinitions that I apply with ldapmodify
2. I use ldapvi for quick changes
3. I replicate cn=config between members of a cluster and only apply changes to one of them
4. I have a bootstrapping config with :include: directives for pulling in standard schema. I do not use slaptest for bootstrapping anymore.
5. I have setup personal admin accounts that have permission to edit both the main dit and cn=config
6. I archive daily, weekly and monthly dumps of the configuration that I can easily diff if needed
7. I very much enjoy chaning the loglevel runtime in case I need detailed output
8. I also greatly enjoy the mostly consistent ordering of the config
9. When I goof up I delete slapd.d and reimport a known good config with slapadd -n0 -F slapd.d -l config.ldif
cn=config does take some time getting used to and I myself also resisted for some time.
It has a steeper learning curve and we need to document best practices and provide improved documentation for getting started.
slapd.conf is not going away in the very near future at least not until the rough edges and bugs in cn=config have been sorted out.
I consider cn=config superior once you get your head wrapped around it.
Greetings Christian