[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deleting overlays from cn=config

To: Howard Chu <hyc@symas.com>
Subject: Re: Deleting overlays from cn=config
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 5 Jun 2008 17:56:00 +0200
Cc: Ralf Haferkamp <rhafer@suse.de>, openldap-devel@openldap.org
In-reply-to: <484802F2.6080300@symas.com>
References: <200806051626.17542.rhafer@suse.de> <hbf.20080605n4yl@bombur.uio.no> <484802F2.6080300@symas.com>

Howard Chu writes:
>Hallvard B Furuseth wrote:
>> You also need to walk through the database and delete any attributes
>> object classes defined by the overlay.  That'll be at least any
>> operational attributes since they must be hardcoded into the C source.
>
> I wouldn't bother with that, since the schema definitions are still
> present.  Those attributes would simply stop being
> updated/generated...

OK, but their presence is still misleading.

>> (...) I.e. should these userPasswords be deleted?  (...)
>
> I think that's wrong.

Yes, me too.  I was thinking cross-eyed. Cross-brained?

> When you remove an overlay, you should expect to lose all the
> functionality that the overlay provided. If the overlay had locked an
> account, the lock will simply disappear when the overlay is removed.

Not necessarily, but it's the admin's problem to decide what to do.
Though he might want the overlay to refuse to go away until he has
cleaned up.  Maybe some ppolicy attribute can get a presence index, and
the overlay would refuse to be deleted if a search for that attr found
something.

-- 
Hallvard

References:
- Deleting overlays from cn=config
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: Deleting overlays from cn=config
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Deleting overlays from cn=config
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Deleting overlays from cn=config
Next by Date: Re: Deleting overlays from cn=config
Index(es):
- Chronological
- Thread