[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6435) Hidden schema elements
rein@OpenLDAP.org wrote:
> Full_Name: Rein Tollevik
> Version: CVS HEAD
> OS: Irrelevant
> URL:
> Submission from: (NULL) (2a01:600:0:1:21c:23ff:feab:61cd)
> Submitted by: rein
>
> Some of the operational attributes defined in the slapd source are hidden from
> the clients unless slapd is compiled with LDAP_DEVEL enabled. Still, some of
> these elements are used in the database (as in the authz* and monitor related
> attributes).
Yes, see also:
http://www.openldap.org/its/index.cgi?findid=5573
http://www.openldap.org/its/index.cgi?findid=5574
http://www.openldap.org/its/index.cgi?findid=5576
IIRC also a bunch of attribute types used in back-config which makes
back-config almost unusable with a stock schema aware client.
The standard answer by Kurt and others is that as along as an experimental OID
with .666 is used a schema description should be hidden. I strongly disagree
with that though.
> This causes my schema-aware application to complain when it sees
> (or worse tries to modify) these attributes.
(Sigh!) I also had to add several work-arounds to web2ldap regarding this.
> A patch that adds a new optional define that can be used to disable the schema
> hiding without enabling LDAP_DEVEL is coming.
Looking forward to this being committed.
> A better fix would be to not hide those schema elements that is actually
> being used..
Amen.
Ciao, Michael.