Howard Chu wrote:
From a philosophical standpoint - production configurations generally only grow.
IMO this general assumption is not valid.
If you're mucking around and experimenting, you do that on a throw-away development system.
Well, one should always experiment on a dedicated test system. But the result of the tests can be to delete things from the production system following a well-defined procedure developed during testing.
From a practical standpoint - behavior of the service when clients are making requests to a backend that gets removed is totally undefined.
LDAP clients do not care about (OpenLDAP) database backends at all. They simply query a DIT.
AFAICS the original poster wanted to replace back-shell with back-sock for the very same naming context. In theory this could be done with back-config - only requring a very small downtime - entry deletion in back-config would be possible.
Ciao, Michael.