Full_Name: Andrew Bartlett Version: CVS HEAD OS: Fedora 9 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (124.176.63.104) As instructed by Howard: From: Howard Chu <hyc@highlandsun.com> To: samba-technical@lists.samba.org Subject: Re: samba4-ol-mmr Date: Mon, 11 Aug 2008 21:09:52 -0700 (Tue, 14:09 EST) > # Generated from schema in /usr/local/samba/private/ldap/schema-tmp.ldb > overlay memberof > memberof-dn cn=samba-admin,cn=samba > memberof-dangling error > memberof-refint TRUE > memberof-group-oc top > memberof-member-ad msDS-ObjectReference > memberof-memberof-ad msDS-ObjectReferenceBL > memberof-dangling-error 32 (repeats once per attribute link) ... Mmm, that's really clunky. Someone should file an OpenLDAP enhancement request on the memberof config syntax. You should only need to instantiate the overlay once, and then it should just take a list of oc/forward-ad/back-ad config options. > Look closely at how we sub in memberof configuration into the > slapd.conf. I suggest that you could add a ${REPL_CONFIG} after each > database, which the script could sub with either "" or by reading and > subing in a slapd-replica.conf -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
moved from Incoming to Software Enhancements
abartlet@samba.org wrote: > Full_Name: Andrew Bartlett > Version: CVS HEAD > OS: Fedora 9 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (124.176.63.104) > > > As instructed by Howard: > > From: Howard Chu <hyc@highlandsun.com> > To: samba-technical@lists.samba.org > Subject: Re: samba4-ol-mmr > Date: Mon, 11 Aug 2008 21:09:52 -0700 (Tue, 14:09 EST) > > > >> # Generated from schema in /usr/local/samba/private/ldap/schema-tmp.ldb >> overlay memberof >> memberof-dn cn=samba-admin,cn=samba >> memberof-dangling error >> memberof-refint TRUE >> memberof-group-oc top >> memberof-member-ad msDS-ObjectReference >> memberof-memberof-ad msDS-ObjectReferenceBL >> memberof-dangling-error 32 > > (repeats once per attribute link) > > ... > > Mmm, that's really clunky. Someone should file an OpenLDAP enhancement request > on the memberof config syntax. You should only need to instantiate the overlay > once, and then it should just take a list of oc/forward-ad/back-ad config > options. > >> Look closely at how we sub in memberof configuration into the >> slapd.conf. I suggest that you could add a ${REPL_CONFIG} after each >> database, which the script could sub with either "" or by reading and >> subing in a slapd-replica.conf It's not the syntax that's clunky. You're (ab)using slapo-memberof(5), which was designed to deal with *just one* pair of member/reverse-link attribute relationship. Probably the overlay needs to be entirely reworked to provide a many-to-many relationship. At this point, I'd rather design a new one, giving up some of the not so useful extra features implemented in slapo-memberof(5), and focusing on the many-to-many main requirement. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
changed notes
need redesign patch welcome
memberOf is deprecated with openldap 2.5, use dynlist to handle memberOf population instead, which allows configuration for multiple contexts.