[Date Prev][Date Next] [Chronological] [Thread] [Top]

requesting clarification of slapd.conf-versus-slapd.d configuration

The slapd man page states that "If both -f and -F are specified, the
config file will be read and converted to config directory format and
written to the specified directory."  To me, this implies that whether or
not a valid config directory exists it should be overwritten with config
information from the file specified with '-f'.  Which is the actual
intended behavior?

I gather that is the intent of the OpenLDAP project to ultimately
eliminate slapd.conf-style configuration and go all the way with the
cn=config backend.  If this is the case, is there also an intent to
provide more complete mechanisms for converting between the LDIF-backend
layout and straight-up LDIF like you would get with an
'ldapsearch -b cn=config'?  I figure there are fundamental problems with
the notion of a 'slapadd -l config.ldif' but functionality to convert ldif
to slapd.d the way slapd.conf is converted to slapd.d by specifying both
-f and -F should be reasonably simple.  Maybe some code to handle a
'-L config.ldif'?  Is this already done or underway or would such a
contribution be in line with the current road-map?

I'm also a little confused by the intended behavior of include files.
When slapd.conf is converted to slapd.d, entries are generated for the
include files but the contents are also processed and included in
appropriate config directory entries.  On subsequent starts of slapd,
specifying only "-F" should the contents of the include files cause the
other config entries to be rewritten or should they merely be treated the
same as repeated configuration directives in a slapd.conf file?
Incidentally, if config directives are repeated, is the first or last
value used?  Do the include file entries in cn=config get processed before
or after the olcDatabase and olcSchemaConfig entries?  Which has priority?

In the case of ordering there is other ambiguity in the way include
entries versus include lines in slapd.conf work.  Some configuration
directives have a different effect depending on whether they are specified
globally or within a database section, even if they are in a file that is
actually processed as a result of an include line in a database section.
This distinction is lost since there is nothing to indicate whether some
entries in cn=config should be processed between, before, or after
processing specific include entries.

To obviate most of the questions about include files, I propose the

1) Until the deprecated olcIncludeFile entries are completely unsupported,
the conversion of slapd.conf to slapd.d should process the contents of
include files inline with slapd.conf (as it currently does) but no
olcIncludeFile entries should be created.

2) An addition to the documentation in the admin guide (at
http://www.openldap.org/doc/admin23/slapdconf2.html ) should be made to
indicate when the include files in olcIncludeFile entries are processed
relative to the rest of the entries in cn=config.


The existence olcConfigFile attribute in the cn=config entry also seems
confusing...  What's the general intent there?


Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342