Re: Switch to dynamic LDAP configuration?

To: debian-edu@lists.debian.org
Subject: Re: Switch to dynamic LDAP configuration?
From: Jonas Smedegaard <jonas@jones.dk>
Date: Sat, 17 Jul 2010 15:59:49 +0200
Message-id: <[🔎] 20100717135949.GK11646@jones.dk>
Reply-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 2flmxtsfsqf.fsf@login1.uio.no>
References: <[🔎] 2flmxtsfsqf.fsf@login1.uio.no>

On Thu, Jul 15, 2010 at 09:30:16PM +0200, Petter Reinholdtsen wrote:

Since OpenLDAP 2.3, it has been possible to store the LDAPconfiguration (as in schemas, ACLs etc) in the LDAP database itself,allowing it be changed without restarting the LDAP database.
The setup is documented in
<URL: http://www.zarafa.com/wiki/index.php/OpenLdap:_Switch_to_dynamic_config_backend_(cn%3Dconfig) >.

Should we switch to this kind of setup in Debian Edu too?

Another important "benefit" of moving configuration from filesystem todatabase (both here and other places like ISC BIND to PowerDNS move) isthat database is not governed by Debian Policy as /etc in filesystem is.


This circumvents the infamous bug#311188.

I deliberately say "circumvent" (not resolve) and quote "benefit" asreally I do not see it as a good approach to deal with ownership issuesof file-based configuration by avoiding file-based configuration.

There is a very sane logic in the package maintainer owning theconfiguration files tied to a package. Only the package maintainer canhandle transitions in configuration defaults or perhaps larger changeslike change of configuration format.

Bypassing package maintainer configuration means taking over thatimportant task of transitions as well.

Debian Edu aims at being a Debian Pure Blend. So solving bug#311188 isimportant. But I believe Debian Edu is also interested in beingupgradeable (i.e. not requiring fresh install at a major upgrade ofDebian), and to achieve that goal - without putting a big burden oncustom development - I believe the configuration format used by Debianpackaging whould be used, even if the underlying code supportsalternatives - for the very reason of keeping closely tied to the Debianmaintainance (which is deceivingly easy to *avoid* when seeking ways tosolve bug#311188).

Sorry, I do not have an easy solution, only a touch one: For each andevery package, the Debian maintainer *must* be convinced to officiallysupport whatever configuration customization Debian Edu needs to apply.

Circumvention of Debian Package Maintainance - even if "compliant" withDebian Policy, is bad for a maintainable Debian Edu.




Hope this makes sense.


Kind regards,

 - Jonas

--
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Switch to dynamic LDAP configuration?
  - From: Jonas Smedegaard <jonas@jones.dk>

References:
- Switch to dynamic LDAP configuration?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: Switch to dynamic LDAP configuration?
Next by Date: Re: Switch to dynamic LDAP configuration?
Previous by thread: Re: Switch to dynamic LDAP configuration?
Next by thread: Re: Switch to dynamic LDAP configuration?
Index(es):
- Date
- Thread