On 10/14/2025 9:25 AM, Norman Gray wrote:
> Christopher, hello. > > On 14 Oct 2025, at 13:49,
[email protected] wrote: > >> Now my question is, is
the slapd.conf going to be removed in >> future OpenLDAP versions, or
will it remain in OpenLDAP? > > I can't definitively answer this part of
the question (though I'd > guess the answer would be that it would be
removed at some point). > >> Should we move our configuration to the new
slapd-config system? > > Probably, yes. But I'm chipping here, on-list,
to suggest that > there is a middle ground, which preserves the
advantages of the > single-file slapd.conf (which I get the impression
is what you're > regretting soon losing).
IMO:
1. The OLC is not a good practice for production, where you want to
strictly control changes.
2. The slapd.conf, especially when indented for human readability,
vastly easier for a human to read.
3. There is an another middle ground. Enable the config backend (OLC) in
the slapd.conf. This provides the capability to do non-persistent
changes on the fly (without rebooting), in the case of emergency or
near-emergency. The idea is that any "emergency" changes that are needed
for the long term, will be implemented through the configuration
management pipeline that builds production servers and servers' slapd.confs.
--
Chris Paul | Rex Consulting | https://www.rexconsulting.net
