On November 17, 2018 7:37:40 AM GMT+08:00, Quanah Gibson-Mount <quanah@symas.com> wrote:--On Friday, November 16, 2018 10:11 AM +0800 Derek Zhou <derek@shannon-data.com> wrote:My argument is why isn't it the default?A couple of immediate answers come to mind, there are probably more: a) OpenLDAP is used on numerous operating systems. Not all of those operating systems support UNIX sockets. b) Not everyone configures slapd for use with ldapiI see. But is it the most recommended way to review and edit cn=config on a unix like platform? If so, that should earn itself a spot on the quick start guide. If not, and simple auth is the way, that should be mentioned instead. Been able to edit config on a live system is a great feature, it is a shame that people only read the quick start guide dont know about it.
There are any number of ways to authenticate to cn=config. There is no "recommended" or "best" way to do it. The "recommended" way to do it is what works best for the end admin's requirements. That could be a simple bind, it could be SASL/EXTERNAL, it could be via SASL/GSSAPI, it could be via certificate authentication, etc. I've encountered any number of ways that end sites configure access based on the requirements of their organization.
Once cn=config is the only way to configure OpenLDAP, such documentation will be removed. However, that won't be occurring in OpenLDAP 2.5, which is the next major release, so it is valid for this documentation to remain in OpenLDAP master for the time being.you guys are really stingy on version numbers. just an observation.
Because the project follows long established software versioning practices? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>