[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#6668) MemberOf Overlay

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6668) MemberOf Overlay
From: wf@bitplan.com
Date: Mon, 11 Oct 2010 10:30:33 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)
  Howard,

thank you for your comments.
I'll happily make more details available since I have the feeling that 
there is some value in doing so and
quite a few people might benefit from a clarification of:

http://www.openldap.org/doc/admin24/overlays.html#Member%20Of%20Configuration
which have been commented in
http://www.openldap.org/lists/openldap-technical/201001/msg00125.html
with "I think that the example in the docs is clear enough if you think 
it over :)"

the example seems indeed to be  clear. The configuration and 
installation of the memberOf functionality is IMHO not.

My first bug assumption here is that a non installed memberOf overlay 
should lead to
some kind of visible reaction in the logs or in an ldapsearch query at 
least when using some verbose or debug
option. At least I did not find any mention of a way to make this 
happen. So a system with a memberOf Overlay installed
might show results with a correct query where one that has none 
installed will simply show no results.

So someone trying to tryout memberOf will not know whether the query is 
incorrect or the overlay is simply not installed.
Even knowing that memberOf is an overlay is something people need to 
find out. My feeling is that memberOf is a default installation
part in other ldap implementations. I think I have seen a request to 
make it part of the default installation for openldap. I would support this
request given that this would make sure that distributions are forced to 
contain it and that overlays are not considered to be optional.

If you look for the overlays in rpmseek you'll see that it seems to be 
not-so-common to put them in to distros as it might look from your
response.

Wolfgang

Am 11.10.2010 11:43, schrieb Howard Chu:
> wf@bitplan.com wrote:
>> on
>> http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-membership-maintenance-on-an-openldap-server-m 
>>
>>
>> one can see how the issue hit us. We have a Suse 11.2 machine where
>> the standard openldap configuration is slapd.conf based.
>> On another ubuntu 10.04 machine it's cn=config based.
>>
>> The memberOf function simply didn't work and there were not proper error
>> messages and googling the issue was a pain in the ****
>>
>> When we finally found out that we need an overlay no rpm was available.
>> So we went and tried everything on the ubuntu machine.
>
> Whatever mechanism your distro uses to package the overlays is not 
> under our control. Whining about it here doesn't help anyone. If your 
> distro didn't adequately document where to find the overlays, file a 
> doc bug report with them.
>
>> But then there was this change of how everything is configured.
>> Basically we could start googling all over again. Many hours and
>> problems later we got the memberOf function working. What we know now is
>> that OpenLdap has joined the list of projects that have abandondend
>> simple configuration with a more complicated one. We've seen this with
>> grub2, gnome and other projects. In all cases in our opinion this is not
>> helping the majority of people using these projects. Many years of
>> Documentation on the internet is invalidated and worse there are now two
>> ways to do things that are incompatible and if you try to go back (as we
>> did on ubuntu trying to get a slapd.conf based version running) it does
>> not get any easier.
>
> Whining about the config mechanism is pointless. The slapd.conf 
> mechanism still works exactly the same as before. The cn=config 
> mechanism is the way forward because our large customers demanded a 
> way to modify the config without requiring a server restart. If you 
> can live with restarting every time you make a config change, you can 
> keep using OpenLDAP 2.4 the same as you always have.
>
>> Please use the contact form on BITPlan's webpage if you'd like to get
>> our configuration script for memberOf - we won't publish it at this time
>> since it contains user data.
>
> I personally don't have time to go chasing hither and yon for relevant 
> bug report data. If you can't provide a sanitized copy of the relevant 
> details, then you're just wasting everyone's time.
>


-- 

BITPlan - smart solutions
Wolfgang Fahl
Pater-Delp-Str. 1, D-47877 Willich Schiefbahn
Tel. +49 2154 811-480, Fax +49 2154 811-481
Web: http://www.bitplan.de
BITPlan GmbH, Willich - HRB 6820 Krefeld, Steuer-Nr.: 10258040548, Geschäftsführer: Wolfgang Fahl
Prev by Date: Re: (ITS#6668) MemberOf Overlay
Next by Date: (ITS#6669) SunOS4 LWP removal patch
Index(es):
- Chronological
- Thread