Quoting "Brett @Google" <[email protected]>:
But the benefits come from synergy of using ldap as the internal config
structure should not be overlooked, there are strongly typed data storage,
fast lookups, and reams of boilerplate code being thrown away. But
presently we still need a binary (executable) to turn that cn=config text
format into something slapd can boot up and use. Given the text ->
cn=config code is present already, is there really that much work to
leaving it there?
Since the cn=config is simply the conversion of one LDIF file into a
hierarchical directory structure of LDIF files, there isn't any
conversion needed for slapd to be able to use it or write to it for
that matter - slapadd already exists. Only thing that is needed is
some filesystem directory traversal logic in order to write out the
LDIF hierarchy.
But can we reliably create the slap.d config file with deployment scripts
directly, as it also seems to just be text.
I have built a fully automated installation system directly using
cn=config. I have a file called config.ldif which contains a lot of
%%MACROS%% and a tiny perl script that replaces those macros with
actual values depending on the details of the particular installation.
So, there isn't any of this silliness of creating slapd.conf,
converting it into cn=config, and then continuing - that's an
unnecessary step.
After I generate the real config.ldif from the template config.ldif, I
simply load it with slapadd to build my cn=config hierarchy.
slapadd \
-n0 \
-v \
-F ${CONF_DIR} \
-l ldifs/config.ldif
Repeat the process to load the DIT skeleton into n2 with slapadd,
slapindex n2 (needed if the DIT skeleton is huge like mine), fire up
the server and do the rest of the work.
My cn=config is replicated across servers so that access control,
tuning, and indices, for example, only need to be added to one server
over the wire. And they only need to be dumped from one server, over
the wire. That is a workable management interface.
My entire installation system: TLS certs, replication, DIT skeleton,
service admin users, access control, tuning, indexing, everything - it
takes less than 2 minutes and is 100% hands free.
-mike
