--On Friday, September 22, 2017 8:38 AM -0400 Frank Swasey
My take away from this lengthy discussion is the following:
1) cn=config is not ready for "make; make test; make install" level of
upgrade. Until it is, it is not usable in a production environment.
I've been doing binary upgrades on deployments using cn=config for years
(Since 2011 or so), with servers all across the globe. However, I didn't
use ppolicy in my configurations. The real issue with ppolicy is that it
shouldn't be shipping with a separate schema, and instead it should have
its configuration schema fully internalized. I've already made a note to
that that needs to be fixed for OpenLDAP 2.5 so it doesn't occur again.
Outside of that, I'm not aware of it being deficient in comparison to
slapd.conf, and I'm quite aware of numerous ways in which it is
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: