[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8935) slapo-ppolicy requires rewrite



Full_Name: Quanah Gibson-Mount
Version: OpenLDAP 2.4
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)


In OpenLDAP 2.4.43, a new attribute was added to the external ppolicy schema
(ITS#8185).  While this worked fine with older slapd.conf based configurations
where the ppolicy schema file was replaced on upgrade, it was a complete and
utter disaster for deployments using cn=config, as the ppolicy overlay
references all the attributes defined in external ppolicy schema file.  To be
able to upgrade without failure, one would have export cn=config, update the
binaries, update the ppolicy schema information in the exported cn=config
database, re-import cn=config, and then start slapd.  This broke the usual
ability to do in-place upgrades with cn=config.

Instead, the entire contents of the ppolicy.schema file should be internalized
to the ppolicy overlay, similar to how the accesslog overlay is written, and the
external ppolicy.schema file deleted.  This will allow non-breaking upgrades for
both slapd.conf and cn=config based configurations.