Mike Jackson wrote:
Quoting Christian Kratzer ck-lists@cksoft.de:
as has been said before several times. There is no reason to lose your ability to put your configs into version control when you move to cn=config.
- You can check the output from slapcat -n0 into your vcs.
"You" in my message referring to the OP, not you Christian.
Or you can ldapsearch it from a backup script running on a cron job. Or you can cd into the config directory and do a git init.
We've discussed that here many times: IMO it's a big difference to export a running configuration in your VCS just for the records or to control the configuration in VCS before rollout.
For me doing the VCS actions *before* rolling out the configuration to all the slapd instances gives much more control especially if you have to roll *back* something. And think of staging. And slapd-config does not handle deletion => rollback can be very hard.
Also orchestrated rollout of changes might spread across other systems as well. E.g. when I'm deploying schema changes in slapd I have to change the web-based admin UI as well etc.
In any case, dynamic configuration IS an enterprise-grade/carrier-grade feature as opposed to static configuration. It enables you to perform critical adjustments to your service without interrupting your service (more or less depending on the implementation). I have built multilevel LDAP clusters where there were over 15000 simultaneous persistent connections from mobile network elements checking RBAC against management actions and believe me, static configuration would have been a showstopper if I needed to restart LDAP services just to expand my capacity (adding new replicas, etc).
Nonsense. If HA is important you must have decent load-balancers in front of your servers and know how to operate them.
If you don't see why dynamic configuration is a good idea, then you probably shouldn't be using LDAP for anything too important, anyway.
Ah, and you are the one and only *real* expert.
Strange enough my customers are running mission-critical OpenLDAP deployments with static configuration - since years.
I personally believe that support for static configuration should be removed already because having two different configuration systems in place serves to confuse a lot of people, especially learners.
Complete nonsense.
Ciao, Michael.