[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: requesting clarification of slapd.conf-versus-slapd.d configuration

Eric Irrgang wrote:
The slapd man page states that "If both -f and -F are specified, the
config file will be read and converted to config directory format and
written to the specified directory."  To me, this implies that whether or
not a valid config directory exists it should be overwritten with config
information from the file specified with '-f'.  Which is the actual
intended behavior?

Regardless of any existing config directory, when both flags are specified, the slapd.conf file is read and written out in config directory format. If there were any other conditions on the behavior, it would say so. Since there is not, it does not.

I gather that is the intent of the OpenLDAP project to ultimately
eliminate slapd.conf-style configuration and go all the way with the
cn=config backend. If this is the case, is there also an intent to
provide more complete mechanisms for converting between the LDIF-backend
layout and straight-up LDIF like you would get with an
'ldapsearch -b cn=config'? I figure there are fundamental problems with
the notion of a 'slapadd -l config.ldif' but functionality to convert ldif
to slapd.d the way slapd.conf is converted to slapd.d by specifying both
-f and -F should be reasonably simple. Maybe some code to handle a
'-L config.ldif'? Is this already done or underway or would such a
contribution be in line with the current road-map?

Already done. Just do "slapadd -n0 -l config.ldif"

I'm also a little confused by the intended behavior of include files.
When slapd.conf is converted to slapd.d, entries are generated for the
include files but the contents are also processed and included in
appropriate config directory entries. On subsequent starts of slapd,
specifying only "-F" should the contents of the include files cause the
other config entries to be rewritten or should they merely be treated the
same as repeated configuration directives in a slapd.conf file?

slapd.conf include directives are only preserved in the config directory for purposes of documentation, they are never reprocessed. The contents of the included files are integrated into the config directory. In the particular case of include files containing schema definitions, those schema elements will be contained in their own entry (named after the include file) under the cn=schema,cn=config branch.

Incidentally, if config directives are repeated, is the first or last
value used? Do the include file entries in cn=config get processed before
or after the olcDatabase and olcSchemaConfig entries? Which has priority?

What directives are you talking about getting repeated? Few of them tolerate being specified redundantly. But the whole point of the config directory is to show you the active configuration as slapd is using it. So, the better question for you is, how does slapd behave with repeated directives?

As I noted above, the include entries are totally ignored. So most of the rest of this message is moot.

In the case of ordering there is other ambiguity in the way include
entries versus include lines in slapd.conf work.  Some configuration
directives have a different effect depending on whether they are specified
globally or within a database section, even if they are in a file that is
actually processed as a result of an include line in a database section.
This distinction is lost since there is nothing to indicate whether some
entries in cn=config should be processed between, before, or after
processing specific include entries.

To obviate most of the questions about include files, I propose the

1) Until the deprecated olcIncludeFile entries are completely unsupported,
the conversion of slapd.conf to slapd.d should process the contents of
include files inline with slapd.conf (as it currently does) but no
olcIncludeFile entries should be created.

2) An addition to the documentation in the admin guide (at
http://www.openldap.org/doc/admin23/slapdconf2.html ) should be made to
indicate when the include files in olcIncludeFile entries are processed
relative to the rest of the entries in cn=config.


The existence olcConfigFile attribute in the cn=config entry also seems
confusing... What's the general intent there?

Again, just for documentation purposes, to tell where the configuration came from.

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/