Resending on-list.
On Wed, Apr 20, 2011 at 1:33 PM, Simone Piccardi piccardi@truelite.it wrote:
On 20/04/2011 17:42, Jose Ildefonso Camargo Tolosa wrote:
Modern OpenLDAP does not use slapd.conf. Please read the OpenLDAP Admin guide.
Quanah: actually, documentation is not yet complete for cn=config, I had to actually convert my slapd.conf to cn=config using slaptest in order to find out how to do the same I had on slapd.conf on cn=config.
Ildefonso
That's the way I'm using it. And I suggest to anyone not needing to modify configurations on the fly to use it that way.
Because apart the missing documentation, I found difficult having to deal with the obscure attribute names and the complex directory structure (and the not so explicative file names used under it) that I found in /etc/ldap/slapd.d/.
Well, I actually got used to cn=config pretty quickly, nevertheless, I still find easier to understand and modify the slapd.conf file than the directory structure under slapd.d... it is definitely more complex (and I don't think it is easier to modify using a LDAP administration tool).
The "cn=config" replication suggested on the docs becomes useless when you need to use TLS, because, AFAIK, we don't have a way of having different TLS parameters for each replica (and, on a multi-master setup, you will likely have different servers, with different names, and thus: different SSL certificate).
I understand the needs for cn=config, but for the moment I don't need it. Having a file with a simple syntax that I can read and modify instead of a tree of LDIF files is far more convenient for me. So I hope that slapd.conf will remain supported.
+1, we shouldn't drop slapd.conf file.
Simone
Simone Piccardi Truelite Srl piccardi@truelite.it (email/jabber) Via Monferrato, 6 Tel. +39-347-1032433 50142 Firenze http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336