--On Friday, September 15, 2017 10:01 AM +0200 Michael Ströder michael@stroeder.com wrote:
And the upgrade issue with 'pwdMaxRecordedFailure' (see other mail thread) serves as good example how easy it is to run into a operational dead-end with cn=config. There's no easy way to fix this afterwards without violating what's considered best practice for maintaining cn=config. I could give several other examples for this kind of operational dead-ends.
In retrospect, I think the ITS that introduced that change should not have gone into RE24. ;) Unfortunately, one thing that people seldom test in testing calls is upgrade scenarios from older versions of OpenLDAP to a current release, with a variety of configurations, so it was not caught as an issue prior to release.
Certainly another reason as to why we need 2.5 out with slapmodify (and possibly a flag to disable loading some modules in that scenario).
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
--On Friday, September 15, 2017 10:01 AM +0200 Michael Ströder michael@stroeder.com wrote:
And the upgrade issue with 'pwdMaxRecordedFailure' (see other mail thread) serves as good example how easy it is to run into a operational dead-end with cn=config.
In retrospect, I think the ITS that introduced that change should not have gone into RE24. ;)
I strongly disagree. It's a schema shipped by OpenLDAP installation. So this update should have simply worked.
Unfortunately, one thing that people seldom test in testing calls is upgrade scenarios from older versions of OpenLDAP to a current release,
I did test the update with my own installations. But they simply use slapd.conf. And it worked. ;-}
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount