[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapo-chain back-config vs. slapd.conf

To: openldap-devel@openldap.org
Subject: slapo-chain back-config vs. slapd.conf
From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 11 Mar 2011 15:19:36 +0100
User-agent: KMail/1.13.6 (Linux/2.6.37.1-1.2-desktop; KDE/4.6.0; x86_64; ; )

While trying to implement back-config delete support for slapo-chain I 
stumbled across some inconsistencies in slapo-chain's configuration 
routines.
When using slapd.conf it is not possible to configure some settings for 
slapo-chain's underlying back-ldap database. E.g. things like 
chain "-sizelimit", "-restrict", "-limits" are just rejected.
OTOH when using cn=config slapd will accept all these settings just fine 
and writes them to the database. They don't have any effect however.

It would be nice if cn=config and slapd.conf behaved more consistent 
here. Either by both rejecting general database options (everything 
that's not a specific back-ldap option) for the underlying back-ldap
databases or by correctly applying them.

I tend to think the latter approach could make sense. It would e.g. 
allow to define different size and timelimits for chained operations or 
would allow to setup a chain-overlay that only chains read operations 
(by setting olcReadOnly on the underlying LDAP database).

I have already starting implementing parts of this. But if people think
it does not make much sense it would still be early enough to dump the 
code and forget about it :).

Ralf

Prev by Date: AttributeDescriptions, OpenLDAP 2.5
Next by Date: Re: back-mdb notes
Index(es):
- Chronological
- Thread