I've used glauth, and it's great. Would love a comparison between them since glauth seems to be the main "competitor" to lldap.

It's trivial to reload openldap data from ldif, so you can already manage LDAP via Ansible easily enough.

As a low write, high read database that use case makes sense. Everything can stay in git. LDIF is not a nice format to operate for humans, but it's not much worse than json.

I don't think the criticism against regular slapd being hard to configure is fair. It mostly runs out of the box. The tricky bit is LDAP itself, choosing a schema, and that query language which combines extremely long identifiers with line noise looking syntax.

Yeah, we never operated directly on the LDIF anyway. We had an ansible config that created, so we added a new server and it'd go in LDAP, and LDAP would feed the internal DNS and our (pre-Kubernetes) orchestration system.

While I agree about the query language, the only custom bits above required 2-3 ready baked queries we had to figure out once. If you need complex queries, I absolutely wouldn't use LDAP, but for that use that was not a consideration.

This sounds like a wonderful system. It's sad that Kubernetes is to tech like Facebook was to web forums. It killed all crafted and tailored systems in favor of a big bowl of badly written integration spaghetti. (And I'm allowed to say that because I do such things for money.)

I was looking for an LDAP server and this looks promising. Thanks for sharing!