Michael, hello.
On 5 Apr 2022, at 16:01, Michael Ströder wrote: > On 4/5/22 08:10, David Timber wrote: > >> I know how to import schemas with cn=config. That was never a question. I >> was just complaining because it's a tedious process and I believe that it >> shouldn't be like this. > > I also think that cn=config should not be so complicated. And I've looked > into supporting this schema in web2ldap. Can you say a little more about how slapd.d is complicated? I ask because I've never used slapd.conf, and I'm worried I'm missing something, or that there's an interestingly different perspective on how to configure openldap, which I could usefully learn about. If I want to set up a new (testing?) instance, or test a tweaked configuration, then I blow away any pre-existing slapd.d, slapadd slapd.ldif, upload a dump of the live database (which takes a few seconds with -q), start slapd, and off we go. All of the configuration is in that single slapd.ldif file. I might occasionally make live tweaks to the configuration with ldapmodify, but after testing I would freeze them in the version-controlled slapd.ldif. I can see that there's a way of working where the 'live' cn=config tree is the source of truth, and one backs that up carefully, but that doesn't seem an entirely comfortable way of working, to me. And I can see that if there were a very high volume of writes, then the few seconds of primary-server downtime here could become intricate. But if one had a setup like that, then presumably one has a multi-master configuration, so that the primaries could have their configurations updated from a single slapd.ldif in rotation. > For now I'm just happy that static slapd.conf is still supported. It's still > the most DevOps-friendly way to configure OpenLDAP. I'm not really sure what devops-friendly means here. I think my problem -- the source of my puzzlement -- is that I can't see much significant difference between slapd.conf and slapd.ldif other than details of the syntax (which to my eyes is less weird in the latter case than the former). Or: what would I be losing if support for slapd.conf disappeared tomorrow? Best wishes, Norman -- Norman Gray : https://nxg.me.uk
