--On Thursday, September 14, 2017 3:06 PM -0700 rammohan ganapavarapu rammohanganap@gmail.com wrote:
Hi,
I am trying to see what is the best and recommended way of deploying/starting ldap, OLC or conf file based? i was in the impression that conf file based is easy and more controllable approach than OLC?
slapd.conf is deprecated, and support for it will be removed in a future release. It is recommended taht new deployments use cn=config. I would say "easy and more controllable" are not measurable, nor are they relevant. I find cn=config to be trivially easy, for example, and allows me to execute much better control over my deployments. YMMV.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
slapd.conf is deprecated, and support for it will be removed in a future release.
Back in 2013 Howard confirmed that 2.5 will still support static config (slapd.conf). And we don't see 2.5 yet.
I would say "easy and more controllable" are not measurable, nor are they relevant.
Personally I strongly prefer static configuration because it's so much easier to control it with the usual idempotent config management techniques (puppet, ansible, etc.) which you need for the rest of the system anyway.
I'd even state that it's a strong plus of OpenLDAP compared to other LDAP server implementations to still provide this configuration method.
Ciao, Michael.
On 09/14/2017 04:49 PM, Michael Ströder wrote:
Quanah Gibson-Mount wrote:
slapd.conf is deprecated, and support for it will be removed in a future release.
Back in 2013 Howard confirmed that 2.5 will still support static config (slapd.conf). And we don't see 2.5 yet.
I would say "easy and more controllable" are not measurable, nor are they relevant.
Personally I strongly prefer static configuration because it's so much easier to control it with the usual idempotent config management techniques (puppet, ansible, etc.) which you need for the rest of the system anyway.
I'd even state that it's a strong plus of OpenLDAP compared to other LDAP server implementations to still provide this configuration method.
I concur with Michael.
I have our dev server using OLC and it takes me twice as long to modify it's config than the 15 other servers we have running openLDAP.
On Thu, 2017-09-14 at 14:15 -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 14, 2017 3:06 PM -0700 rammohan ganapavarapu rammohanganap@gmail.com wrote:
Hi,
I am trying to see what is the best and recommended way of deploying/starting ldap, OLC or conf file based? i was in the impression that conf file based is easy and more controllable approach than OLC?
slapd.conf is deprecated, and support for it will be removed in a future release. It is recommended taht new deployments use cn=config. I would say "easy and more controllable" are not measurable, nor are they relevant. I find cn=config to be trivially easy, for example, and allows me to execute much better control over my deployments. YMMV.
If you don't find cn=config to be trivially easy, a tool like ldapvi ht tp://www.lichteblau.com/ldapvi/ makes config files irrelevant because the ldap tree can be edited like a file using any text editor you want.
It may even be convenient in some circumstances to move more configuration to ldap, but there is no service for that so that can be done with only a couple applications.
openldap-technical@openldap.org
-
Andy Dorman -
John Lewis -
Michael Ströder -
Quanah Gibson-Mount