Paul B. Henson wrote:
From: Quanah Gibson-Mount Sent: Friday, January 31, 2014 6:03 PM
Our servers do a nightly backup of cn=config via slapcat -n 0, and those are kept for a month. Since this is for clients, there's no revision control involved, but it would be trivial for someone to check in the resulting LDIF file into their favorite RCS system.
Hmm, so the revision control system would transition from being the authoritative source of what the configuration is (ie, in our current system, if somehow the running configuration deviated from the version in revision control, it would automatically be corrected back) to simply becoming a record of whatever changes happen to have been made on the running configuration?
Especially I'm not keen on allowing a CRON job with a clear-text credential in a config file to commit into the VCS. Also you don't have meaningful commit messages when doing so.
Ciao, Michael.