[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Root DSE

Hallvard B Furuseth wrote:

> Julio Sánchez Fernández writes:

> > Well, yes, I think I agree and yet..., well I don't know.
> If it's the format which bothers you: Yes, the current slapd.*.conf
> format is nice, and it's nice to have them in a separate file.

Yes, something like that.  The dump for cn=schema in a Netscape server
I tried is 1271 lines, many of them rather long.  We are not going
to have that many but it makes for a nice blob of an ldif definition.

A user wants new classes or attributes and has to put them somewhere
in that blob.

> But it would be easy to write a progam to convert them to ldif format.

Sure.  But are you talking about initial transformation or you mean the
admins edits the file in some nice format that is then translated into
ldif so that it can be loaded by slapd at start time?  Or do you envision
the database actually storing the schema?  That's not what I had in mind.
I was thinking of synthesizing the entry just as cn=monitor or the root
DSE is synthesized now.

Because if you just want to have ldif for the schema, ldapsearch -L
gives it.

I can only deduce that Kurt and you have some model of this that I don't
get and that's just why I don't quite get the hang of this.

> > Moreover, do you know what I would kill to have?  Stored perl
> > procedures...  That get called on modifications to enforce policy,
> > referential integrity, etc.
> Sounds like a wonderfully strong security hole.

Yeah, well.  You are right and yet...  I want something of the sort.