Howard Chu wrote: > If you don't understand LDAP and LDIF then you cannot effectively > administer an LDAP server. Period. There is no chicken and egg here - > you must understand LDAP. You must know what "DIT" means. You must know > what a DN is. You must know what a schema is. You must know what an > attribute is. There is no bypassing this required knowledge.
I'd say I understand LDAP and LDIF etc. but still I'm in favour using slapd.conf and only use cn=config in the *rare* cases where dynamic configuration is really needed. > When you know what these things are, cn=config is just another DIT, that > you manage just like every other DIT. Especially the schema design of OpenLDAP's cn=config is more complicated than it should be. Look at other LDAP server implementations and you'll see how easy it is to tweak cn=config with a generic, schema-aware LDAP client. That's not so easy with OpenLDAP's cn=config. Ciao, Michael.