[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[2]: config backend


Wednesday, March 05, 2003, 11:59:19 AM, you wrote:

HC> Yes, the idea is to allow most settings to be changed. Part of the problem I
HC> struggled with in the prototype was efficient/modular parsing and rewriting
HC> of the file without losing or misplacing coments.

HC> If we use LDIF and actual attributeTypes for config keywords, then the schema
HC> engine becomes my framework for efficient parsing. To handle backend- or
HC> database-specific config keywords, the schema engine would have to be
HC> extended to pass off schema evaluation to individual backends. This would
HC> naturally lead to implementing backend-specific subschemaSubentries.

HC> There's still the issue of how to rewrite the file while preserving comments.
HC> I had it worked out, but it was no joy. I still don't have a good idea for
HC> how to present the comments thru the LDAP interface, adjacent to their
HC> relevant keywords.

May be we can use hierarchy config schema like this (it's modified
dn: cn=config
cn: config
objectclass: OpenLDAPslapdConfig

dn: cn=global,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPGlobalslapdConfig
> allow: bind_v2
> allow: bind_anon_cred
> argsfile: slapd.args
> concurrency: 1
> defaultsearchbase: o=foo
> disallow: bind_krbv4
> limits: anonymous $ time=1 $ size=20
> labeledURI: ldap://localhost $ listen on loopback interface, default port
> labeledURI: ldaps:// $ listen on all interfaces, default port (636)
> labeledURI: ldapi://%2fvar%2frun%2fldapi $ listen on /var/run/ldapi
> labeledURI: cldap://
> loglevel: 256
comments: This is some discription and comments for Global Parameters
> schemadn: cn=Subschema,cn=config

dn: cn=modules,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPModulesslapdConfig
> moduleload: back_ldbm.la
comments: This is some discription and comments for Modules
          Parameters. Here may be information about type of module
          (static or dynamic)

dn: cn=modules,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPAccesslapdConfig
> access: dn="cn=foo" attr=userpassword $ by self write $ by * auth
comments: This is some discription and comments for ACL of Directory
          Parameters. May be each of "access: dn" could hold comments
> dn: cn=rootdse,cn=config
> cn: rootdse
> <attributes to add to the rootDSE>
comments: This is some discription and comments
> dn: cn=Subschema,cn=config
> #include schema/core.schema
> #include schema/cosine.schema 
> ...
comments: This is some discription and comments
> dn: ou=backends,cn=config
> dn: cn=bdb,ou=backends,cn=config
> <backend-specific options>
> dn: ou=databases,cn=config
> dn: suffix="dc=example,dc=com",ou=databases,cn=config
> objectclass: OpenLDAPslapdDatabase
> objectclass: OpenLDAPslapdAccess
> suffix: dc=example,dc=com
> suffix: o=example.com,c=us
> database: bdb
> rootdn: dc=example,dc=com
> index: objectclass $ eq
> index: cn,sn,mail $ eq,sub,approx

This version on my mind can help to solve problem with "losing
comments" and help to check each part of config file for correctness.

Next question is with offline-tools (slapcat and slapadd).
How these utilities will work in a usual mode and in chroot
environment mode of the server?

HC>   -- Howard Chu
HC>   Chief Architect, Symas Corp.       Director, Highland Sun
HC>   http://www.symas.com               http://highlandsun.com/hyc
HC>   Symas: Premier OpenSource Development and Support

>> -----Original Message-----
>> From: Pierangelo Masarati [mailto:ando@sys-net.it]
>> Sent: Tuesday, March 04, 2003 11:43 PM
>> To: hyc@highlandsun.com
>> Cc: openldap-devel@OpenLDAP.org
>> Subject: Re: config backend
>> > Just food for thought:
>> It is very interesting; I think you already wrote about this
>> some time ago, when talking about gentle restart or so.
>> I believe this would become strikingly interesting if we could
>> modify at least some of the settings while the server is running.
>> Ando.
>> --
>> Pierangelo Masarati
>> mailto:pierangelo.masarati@sys-net.it

Best regards,
 Volkov                            mailto:vserge@altlinux.ru