Re: back-config

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

BTW, you might want to require "manage" permission instead
of just "write" to add/modify/delete values in cn=config.
I added "manage" for other uses (such as updating
NO-USER-MODIFICATION attributes like entryUUID),
but seems applicable here as well.

Kurt


At 12:45 PM 3/27/2005, Howard Chu wrote:
>On a related topic, there's a question of whether to incorporate certain side-effects into particular operations. E.g., when defining a database  
>on the server, back-bdb requires the data directory to already exist. It would be convenient in some situations for these dependencies to be created automatically in the course of processing the LDAP request. So LDAPadd of a Database entry creates the underlying data directory if it is missing. Likewise, LDAPdelete of a Database entry (if it's ever supported, not sure yet) would delete the underlying files and directories.
>
>Probably there should be a control present to specify whether the side-effects should be executed, or whether the operation applies only to the DIT and not to the underlying system. It seems to me that the ManageDSAit control could reasonably be interpreted to fit this role. (I.e., if the control is present, the operation applies only to the DIT itself. If the control is absent, then side-effects are also executed.)
>
>Howard Chu wrote:
>
>>I've actually created a fully working slapd now with multiple bdb and hdb databases and syncrepl replication using just a stub slapd.conf and JXplorer to do the rest. If I didn't have to provide a rootpw for cn=config I could configure the whole thing dynamically. (Perhaps we should provide a default rootpw that is only valid until some explicit configuration step occurs?)
>
>
>
>-- 
> -- Howard Chu
> Chief Architect, Symas Corp.       Director, Highland Sun
> http://www.symas.com               http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support