Daniel Pluta wrote:
Call it strange, useless, insane, fine or whatever, but my customers (also anybody who's interested in using a distinct service) should be able to get a chance for a detailed view into the running configuration of each service - before and while using it. slapd's cn=config supports this, not perfectly but better than any other service I'm aware of. For further details see our paper from LDAPcon2011.
I very well remember your interesting talk and that you give read access to olcRootDN to prove it's not set.
While I use old slapd.conf everywhere I also configure back-config on all of my system but just for read access (e.g. for monitoring agents).
I don't understand the yearly, redundant, and just time consuming discussions regaring slapd.conf vs. cn=config.
cn=config represents, as Quanah said: "forward thinking". +1
"Forward thinking" is never a sufficient argument in itself.
So, please think about it.
Dito.
Ciao, Michael.