Simone Piccardi wrote:
On 07/02/2014 18:36, Quanah Gibson-Mount wrote:
--On Friday, February 07, 2014 2:25 PM +0100 Simone Piccardi
piccardi@truelite.it wrote:
Not to mention that slapd.conf is still far more readable that any slapd.d ldif...
Definitely not. slapd.conf allows people to put things in all sorts of random order that slapd "fixes" when it reads in the slapd.conf file.
I never got any problem with it having always used a it in a correct order with well commented directives. But if ordering is needed not having it enforced in the file configuration syntax is a design defect of slapd, not a shortcoming of using a text file for configuration.
cn=config enforces correct ordering, so with cn=config you can tell exactly what is happening, where it can be a muddled mess with slapd.conf.
Using apache, postfix, bind, and so on I usually know quite well what is happening, just having a text configuration file. And I can use a generic text editor to modify it, and I don't need to feed the configuration to the program using some dedicated tool or talking the specific protocol they are serving.
I agree that the current slapd.conf has lot problems and is prone to abuse, and if you tell me that rewriting it in a saner way or simply mantaining it is too much a burden for developers, I will not raise any further objection.
But this does not change the fact that slapd.conf is far more readable than a cn=config ldif file, were the use of LDIF syntax force the use of that ugly curly brace index prefix to order things,
you are right, but is is easy to reformat things
and make visible irrelevant (for the sake of configuration) informations like entryCSN, createTimestamp, and the like.
Perhaps I'm just getting old, but I still prefer the traditional Unix way to configure services, by the simple use of human (almost) readable text configuration files.
same to me ;-) but ldif may also looks nice
# ldapsearch -LLLY external -H ldapi:/// -b 'cn=config' '(olcaccess=*)' olcaccess 2>/dev/null|fmt_olcAccess
dn: olcDatabase={-1}frontend,cn=config olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: to dn.exact="" by * read olcAccess: to dn.base="cn=Subschema" by * read
dn: olcDatabase={0}config,cn=config olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
dn: olcDatabase={1}hdb,cn=config olcAccess: to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=kronprinz,dc=xx" write by * none olcAccess: to dn.base="" by * read olcAccess: to * by self write by dn="cn=admin,dc=kronprinz,dc=xx" write by * read
# cat $(which fmt_olcAccess)
#!/bin/sed -rf # Author: Harry Jede # produce human readable but still machine parseable # olcAccess lines and removes the ordering numbers in {} # because humans don't need them, really.
# the hole script s/^(olcAccess: ){[[:digit:]]+}(.*$)/\1\2/ $!{H;d} ${H;g;s/\n //g;s/[[:space:]]+by /\n by /g}
Regards Simone