2011/4/22 Simone Piccardi <[email protected]> > Il 21/04/2011 11:05, Howard Chu ha scritto: > > > > If you don't understand LDAP and LDIF then you cannot effectively > > administer an LDAP server. Period. There is no chicken and egg here - > > you must understand LDAP. You must know what "DIT" means. You must know > > what a DN is. You must know what a schema is. You must know what an > > attribute is. There is no bypassing this required knowledge. > > > > When you know what these things are, cn=config is just another DIT, that > > you manage just like every other DIT. The learning curve for cn=config > > is shorter than for slapd.conf, because once you learn the essential > > elements of LDAP, you also know all the essentials for configuring > > slapd. Otherwise, you have to learn LDAP + LDIF + slapd.conf syntax, > > which history has shown practically everybody gets *wrong*. The web is > > full of bogus slapd.conf examples with directives scattered all over the > > place, instead of in their proper order and location. Our ITS is > > frequently littered with such junk, configs created by people who > > hastily copy/pasted something they read from some howto somewhere, > > without understanding what they were really doing. > > > Sorry but I cannot agree to this. Using cn=config, at least for now, is > far more complex. Saying that's just another DIT is misleading. > > To understand configuration you need to understand what that DIT > contents means, and the syntax you have to use for it. So you have to > learn LDAP + LDIF + cn=config syntax. > > And as far I can see the cn=config syntax is far more complex than the > one of slapd.conf. > > Probably I'm stupid but still I see as very hard to read all that {N} > placed all around that you need to use as special values for DN's, and > the same is for all those olcSomeThing attributes and those olcSomeClass > objectclass that you have to use. > > So something like: > > slapadd -n0 > dn: cn=config > objectClass: olcGlobal > cn: config > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcRootPW: MySecretPassword > <EOF> > > for me is not easier to understand than saying change the rootpw line on > the database stanza of your slapd.conf. > > And sorry, probably its a bad habit, but I'm used to put comments in my > configurations files, and I cannot see how I can do this here. > > Regards > Simone > > I completely agree. As I said, a little statistic to understand what people use could be interesting. For me comments and a text file config is mandatory. I am not configuring mysql.cnf using a mysql database. As it has been said before, once your setup is done, you barely change it. And a little restart is not a problem using replicas. If some colleagues come after me (not specialized on ldap), they would be probably more comfortable with a traditional text file than using an ldap browser which just show DNs and attributes. That's may be great to replicate cn=config, but from some mails I red, it seems not so easy. The harder it is to configure, the less people use.
Dom -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot
