Resending on-list. On Wed, Apr 20, 2011 at 1:33 PM, Simone Piccardi <[email protected]> wrote: > On 20/04/2011 17:42, Jose Ildefonso Camargo Tolosa wrote: >>> >>> Modern OpenLDAP does not use slapd.conf. Please read the OpenLDAP Admin >>> guide. >> >> Quanah: actually, documentation is not yet complete for cn=config, I >> had to actually convert my slapd.conf to cn=config using slaptest in >> order to find out how to do the same I had on slapd.conf on cn=config. >> >> Ildefonso > > That's the way I'm using it. And I suggest to anyone not needing to modify > configurations on the fly to use it that way. > > Because apart the missing documentation, I found difficult having to deal > with the obscure attribute names and the complex directory structure (and > the not so explicative file names used under it) that I found in > /etc/ldap/slapd.d/.
Well, I actually got used to cn=config pretty quickly, nevertheless, I still find easier to understand and modify the slapd.conf file than the directory structure under slapd.d... it is definitely more complex (and I don't think it is easier to modify using a LDAP administration tool). The "cn=config" replication suggested on the docs becomes useless when you need to use TLS, because, AFAIK, we don't have a way of having different TLS parameters for each replica (and, on a multi-master setup, you will likely have different servers, with different names, and thus: different SSL certificate). > > I understand the needs for cn=config, but for the moment I don't need it. > Having a file with a simple syntax that I can read and modify instead of a > tree of LDIF files is far more convenient for me. So I hope that slapd.conf > will remain supported. +1, we shouldn't drop slapd.conf file. > > Simone > -- > Simone Piccardi Truelite Srl > [email protected] (email/jabber) Via Monferrato, 6 > Tel. +39-347-1032433 50142 Firenze > http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336 >
