LDAP integration
Lamont Granquist
lamont at scriptkiddie.org
Thu Jan 11 01:10:37 UTC 2007
On Wed, 10 Jan 2007, Vulpes Velox wrote:
> On Wed, 10 Jan 2007 13:56:23 -0800
> Doug Barton <dougb at FreeBSD.org> wrote:
>> Lamont Granquist wrote:
>>> Why are you doing this in the FreeBSD rc scripts directly? Why
>>> not install cfengine and work on making cfengine play better with
>>> database-driven config?
>>
>> Indeed. For a "many systems" problem, cfengine is a great tool. I
>> think the OP is more interested in the "dynamically configured
>> laptop" problem, which is also an interesting/difficult one, but I
>> don't think it's a good problem for LDAP to solve. It still feels
>> like "I have LDAP that I want to use as a solution, so what problem
>> can I point it at?" to me.
>
> Stuff like this is what LDAP truely shines for. It keeps everything
> in a nicely organized manner that is easily accessible and searchable.
I agree that database-driven config management is good. I do not agree
that LDAP is the best way to go about doing it since LDAP works best as a
read-mostly directory service and not as an mixed-read/write database
which is what I've seen these kinds of configuration management databases
scale and turn into. LDAP is great for stuff that barely ever changes.
When you add SOX audit trails and error reporting and other junk into the
database LDAP stops being appropriate.
I also don't understand the focus on dynamically generating /etc/rc.conf
since that is actually not what I want in my database. Inside my database
I want to configure a machine as an ftp server or a web server and deal
with the high-level roles that the machine plays. In order to generate an
rc.conf file I want to take the roles as inputs and construct the rc.conf
file specific to the machine.
More information about the freebsd-hackers
mailing list