--On Friday, December 1, 2023 1:02 PM -0800 Christopher Paul chris.paul@rexconsulting.net wrote:
In summary, I see great value to continuing to support the slapd.conf file-based config, especially for production, and I see a lot of risk induced by deprecating it and forcing people to use OLC. OpenLDAP project, would you please consider to not deprecate slapd.conf?
As has been noted numerous times, slapd.conf is unordered and a constant source of configuration errors and unexpected behavior since people routinely throw statements in the wrong place. I would also note that you are literally running a cn=config system with slapd.conf, even if it doesn't appear that way to you, since slapd just automatically turns slapd.conf into a cn=config db (although it may not function as desired due to preceding note).
For myself, being able to update the servers on the fly has allowed me to:
a) Push ACL changes w/o restart b) Push indexing changes w/o restart c) Push schema changes w/o restart d) Push log level changes w/o restart (Particularly useful when debugging problems in a live environment)
I keep my cn-config db in git & use a test environment confirm changes prior to pushing them live in production.
--Quanah