--On Friday, December 1, 2023 1:02 PM -0800 Christopher Paul
<chris.p...@rexconsulting.net> wrote:
In summary, I see great value to continuing to support the slapd.conf
file-based config, especially for production, and I see a lot of risk
induced by deprecating it and forcing people to use OLC. OpenLDAP
project, would you please consider to not deprecate slapd.conf?
As has been noted numerous times, slapd.conf is unordered and a constant
source of configuration errors and unexpected behavior since people
routinely throw statements in the wrong place. I would also note that you
are literally running a cn=config system with slapd.conf, even if it
doesn't appear that way to you, since slapd just automatically turns
slapd.conf into a cn=config db (although it may not function as desired due
to preceding note).
For myself, being able to update the servers on the fly has allowed me to:
a) Push ACL changes w/o restart
b) Push indexing changes w/o restart
c) Push schema changes w/o restart
d) Push log level changes w/o restart (Particularly useful when debugging
problems in a live environment)
I keep my cn-config db in git & use a test environment confirm changes
prior to pushing them live in production.
--Quanah