[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ang. RE: Bdb defaults - WAS: problem importing entries.

To: ando@sys-net.it
Subject: Re: Ang. RE: Bdb defaults - WAS: problem importing entries.
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Tue, 15 Jun 2004 12:57:57 +0200
Cc: Frank Hoffsummer <frank.hoffsummer@svt.se>, openldap-software@OpenLDAP.org
In-reply-to: <49308.131.175.154.56.1087294955.squirrel@131.175.154.56>
References: <7A1D7964C7C943419AB6D2C3233838530328FCE7@excsrv44.mayo.edu> <OF5C68A7D5.216198F2-ONC1256EB4.00349DC1-C1256EB4.00362E26@svt.se> <49308.131.175.154.56.1087294955.squirrel@131.175.154.56>
User-agent: Mozilla Thunderbird 0.6 (X11/20040609)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pierangelo Masarati wrote:
| You see, one approach I sometimes favour (and I've been working towards
| this in ACLs, for instance) is not to have any defaults.  All legal
| parameters MUST be present in a configuration file, and implementations
| shoudl bail out if any is absent; issues may arise when parameters are
| incompatible, but some crafting should allow this to be worked out (e.g.
| allowing a value of "undefined" for those that are incompatible).  Of
| course, users should be given up-to-date templates to start with, so they
| don't really have to read ALL about ANY parameter to be able to simply
| "give it a try".  I think defaults really make things tricky, because they
| hide a lot of knowlegde about what can be important and even about how
| things behave, and then one always needs to remember (or look up) default
| values; this approach would really make things simpler, because everything
| would be in the slapd.conf.  Would you consider this a better approach?
|

I don't think Frank meant that there should be compiled-in defaults, but
that the config files should have good defaults.

We ship a default slapd.access.conf which we include into slapd.conf,
with some comments on it, so that at least:
- -users/admins don't end up with no ACLs protecting passwords (I have
seen this far too often on servers running other distros ... including
servers set up by colleagues)
- -users/admins see the features available with regex-based ACLs etc
- -can learn more easily how they work

In many cases, a user's first interaction with the available parameters
is in the default config file ... so it needs to cover all the critical
parameters (checkpointing, indexing and ACLs I think qualify)

Currently, the slapd.conf provided with the source distribution doesn't
have any active ACLs (and,it seems that ACLs outside the database
definition don't work anymore, and the example ACLs that are commented
out are outside database definitions) or a checkpoint entry in the
single example bdb database.

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAztY1rJK6UGDSBKcRAu+EAJsH8zbuM8OiIpxB10eZhvUpuezDAwCdHoCh
sKmTU2D3FlaLG6MpdM3w1Ak=
=4SVv
-----END PGP SIGNATURE-----

Follow-Ups:
- Ang. Re: Ang. RE: Bdb defaults - WAS: problem importing entries.
  - From: Frank Hoffsummer <frank.hoffsummer@svt.se>
- Re: Ang. RE: Bdb defaults - WAS: problem importing entries.
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- RE: Bdb defaults - WAS: problem importing entries.
  - From: "Armbrust, Daniel C." <Armbrust.Daniel@mayo.edu>
- Ang. RE: Bdb defaults - WAS: problem importing entries.
  - From: Frank Hoffsummer <frank.hoffsummer@svt.se>
- Re: Ang. RE: Bdb defaults - WAS: problem importing entries.
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: looking for loginscript
Next by Date: Re: Rewriting the dn
Index(es):
- Chronological
- Thread