[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Central configuration storage

On 06/10/10 19:22, Nick Douma wrote:
Hash: SHA1

Hi Joe,

You appear to be about to reinvent Active Directory. There's quite a bit
of material around the Net concerning that. Look particularly at Group
Policy within domains.

I indeed did check briefly, but came to the conclusion that LDAP was
mostly suited for authentication, because it's not really possible (or
supported by the various applications) to store the complete
configuration in LDAP, as I initially did expect. The tips on Puppet and
Cfengine seem to match more what I want to do. That is defining in LDAP
that "there is an Apache vhost with these general parameters" and
letting Puppet/Cfengine handle the actual creation of the config file.

If I'm wrong, please correct, as I started this discussion to learn :P.

Sorry, I didn't mean to suggest any implementation details, just that MS have been doing this for many years now, and there may be aspects of Group Policies that would interest you. While LDAP may not be the way to store detailed configurations, it lends itself well to the creation of a hierarchy of policies.

Also, if you do implement this for Windows machines, by way of remote registry writing, you may need to avoid stepping on the toes of the local policies. If you are working with domain machines, you will almost certainly need to alter the domain policies themselves rather than try to fight the domain controllers for mastery of the computers.

It took MS a while to get this to an acceptable stage, and there are still a few oddities, but there's no reason not to pick up any tips you can from them. And before anyone jumps in, I have learned considerable respect for Microsoft's programmers, and considerable sympathy for the way they are treated by the marketing men.


Reply to: