Static vs. Dynamic Configuration
OpenLDAP can be configured using either a static configuration
(slapd.conf
) or a dynamic configuration
(slapd.d
, also known as cn=config
). Both way
are fine, but there are pros and cons. The primary benefit of
slapd.conf
is that it is much more concise and easier to
edit to make changes. The primary benefit of the cn=config
approach is that the configuration can be modified while the service is
running.
During early experimentation, setup, and testing it may be easier to
work the configuration as a whole (slapd.conf
) in its
smaller form. As testing procedes and the configuration stabilizes, it
can be converted to the cn=config
internal database.
Changes are then made via the LDAP line-mode utility programs (or an
LDAP browser like the Apache Directory Studio). They take effect
immediately.
Once the configuration is stored in the internal
cn=config
database, changes made can only be reflected in
external copies of slapd.conf
. If a server has to have its
configuration (re)loaded, it can only be done from a backup of the
contents of a recent backup of the data stored in
cn=config
.
In Multi-Master server clusters, support for replicating
cn=config
among servers was completed in OpenLDAP 2.5. More
information will be provided about relicating cn=config
in
an upcoming Knowledge Base article.