[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config: sharing, conditionals

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: cn=config: sharing, conditionals
From: Howard Chu <hyc@symas.com>
Date: Fri, 29 May 2009 07:49:23 -0700
Cc: OpenLDAP Devel <openldap-devel@openldap.org>
In-reply-to: <hbf.20090529mb96@bombur.uio.no>
References: <4A1CB4EF.7000007@symas.com> <7C0905A945DCB017A60E33FF@[192.168.1.199]> <hbf.20090528ibkr@bombur.uio.no> <4A1E23B4.5040005@symas.com> <4A1E354E.2020804@symas.com> <hbf.20090529mb96@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090517 SeaMonkey/2.0a1pre Firefox/3.0.3

Hallvard B Furuseth wrote:

Howard Chu writes:

The other alternative, which is much simpler to implement, is just to
add a suffixmassage/rewrite keyword to the syncrepl config, allowing
it to pull from a particular remote base and map it to the local
base. Then it's up to the sysadmin to create a complete cn=config
hierarchy somewhere else on the master server and let the slaves pick
it up. That would address all of the issues of differentiation, at the
cost of a little bit of redundancy on the master.


Can translucent be made to combine with back-relay and rwm?  Then the
other database need only maintain differences from the main config, and
there's less problem with keeping the two config databases in sync.

Translucent is currently a bit too limited here; it only allows customizing ofentries that exist in the master. It doesn't allow creating new entries thatonly exist in the local/translucent DB.

All this reminds me of another wish/gripe of mine, though not one to
address in RE24: cn=config modifies input data and adds default values
to the user-provided data.  I'd much prefer it to only do ordinary
attribute normalization.

I would have preferred not to generate the default values either, but as Andofrequently reminds me, relying on unstated defaults is error-prone...

I've suggested ;x-original attribute options or something to show what
was really written, but a cleaner alternative would be to have two
config databases: One database with just the data stored by the admin,
and one read-only in-memory which back-config builds from the stored
data.  Changes to inherited data would be iffy though, since they'll
apply to several databases and may need to be reverted in early
databases if they fail in late ones.

Back to this discussion, that would also allow for variables and simple
conditionals to be stored in the read-write database, which would be
expanded when copied to the read-only config database.  Also if
back-config builds the real configuration from several entries through
inheritance anyway, that might be expanded to build the config from
multiple config trees - the main config + the server-specific config as
above.  No, definitely not for RE24:-)

Now that sounds like overkill... We also want something that we can easilydocument and explain to people....

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- cn=config defaults (was: cn=config: sharing, conditionals)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- cn=config: sharing, conditionals
  - From: Howard Chu <hyc@symas.com>
- Re: cn=config: sharing, conditionals
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: cn=config: sharing, conditionals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: cn=config: sharing, conditionals
  - From: Howard Chu <hyc@symas.com>
- Re: cn=config: sharing, conditionals
  - From: Howard Chu <hyc@symas.com>
- Re: cn=config: sharing, conditionals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: cn=config: sharing, conditionals
Next by Date: Re: cn=config: sharing, conditionals
Index(es):
- Chronological
- Thread