Re: (ITS#3701) slaptest is too quiet

[richton@nbcs.rutgers.edu]

> I think the fact that unknowd directives are simply ignored is a legacy
> and cannot be removed without breaking too many things, but in fact an

Wouldn't those things be very likely to be broken already? I cringe at the
thought of a "legacy" ACL that's offering false security because it parses
as an "ignored" line. Even if you do decide it's important for backwards
compat in slapd, slaptest should complain.

> I think in your case the real error is that you didn't use the "overlay
> dynlist" directive; this, in the absence of the "dynlist" feature
> (because it was not compiled, or because the dynamic module was not
> loaded yet) would have triggered an error, instead of an ignore.

This sounds like "Oh, the config file you gave was too broken to give
valid results." What's the point of a config checker then? Or move my
error up a level--say I typoed "0verlay dynlist". I'd be in the same
situation (0verlay ignored, slaptest passes).

> I don't personally think setting debug level to 64 by default would be a
> solution; this would require users that want the usual behavior to use
> -d 0 to suppress undesired logging.  Note that usually loading the
> schema implies some 500 lines of loging at -d 64, so any "ignored" line
> would be likely be lost most of the times anyway.

I wouldn't claim -d 64 as a default would be sane. I do claim that at
least slaptest, and possibly slapd, should have a lower threshold at -d 0:
ignored directives, invalid arguments, etc. should be printed. Or maybe
the whole thing should just be draconian and any minor issue should return
ARG_BAD_CONF. The syntax is complex enough as it is--letting loose
adherence to it slide by only adds to the confusion.