[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Bdb defaults - WAS: problem importing entries.

At 12:19 PM 6/15/2004, Armbrust, Daniel C. wrote:
>>Unless "example settings" come from another OL implementation that
>>is nearly identical to my own WRT hardware, LUAs, number of entries,
>>indices, attributes, etc. etc.  aren't I going to have to read the
>>docs and do my own configurating anyway? Would I risk my employer's
>>account authentication infrastructure (to take just one possible
>>LDAP application) on "example settings" that have been provided
>>without regard for our needs or limitations?
>>I'm rather grateful that the OpenLDAP developers have not made
>>any assumptions about what constitutes the group of "most OpenLDAP
>But to take your example of ACL's, they do.

The examples are intended to be illustrative of syntax and semantics of
access controls, not specific examples as to how one should set up
their directory service to support any particular set of applications.

>Its right there, in the main document that people will refer to when first learning how to configure a server.  With all the important variables, warnings, explanations of how it works, and examples.  There is no counterpart in the admin guide for configuring bdb.  There isn't even a pointer to the Berkeley docs until you start going through the faqs.

First, I note that the admin guide is secondary to manual pages.  The
manual pages do say:
  It is noted that these options are intended to complement
  Berkeley DB configuration options set in the environment's
  BB_CONFIG file.  See Berkeley DB documentation for details on
  DB_CONFIG configuration options.  Where there is overlap,
  settings in DB_CONFIG take precedence.

Second, I note there have been some recent contributions in this area
(pointers to BDB documentation).  It may also be appropriate to echo
the above text in the Admin Guide.  (Those who think so should submit
an ITS (preferably with patch) for consideration.)

Lastly, you and others are quite welcomed to contribute to the project's
documentation effort.  See http://www.openldap.org/faq/index.cgi?file=730
for details on how to make contributions.

>All that I am suggesting is that 
>A) - the admin guide should provide similar documentation and examples for the bdb configuration, since that is now their primary database.  Much of what is needed is already in the faq - and the other thing that would be nice is an example or two which were documented.  The documentation would explain why these parameters were set, and what their ramifications are for openldap.  At least then there would be a starting point for end users to compare their environment to, and adjust accordingly.

Write something up and submit it.

Regarding examples, they should be illustrative.  Application-specific examples
should be avoided (as they tend to require application-specific knowledge to
understand).  Where a particular application is needed to give context to an
example, use an Internet White Pages (as other examples do where such is needed).

>B) - they don't fall back on the defaults for Berkeley db, when no DB_CONFIG file is present, since everyone seems to agree that the Berkeley defaults are bad choices for openldap (in nearly any use case).

I previously suggested that maybe providing a DB_CONFIG example along side our
slapd.conf(5) example would be appropriate.  To date, no one has submitted a
contribution in this area.

I note that providing OpenLDAP-specific suggestions via a DB_CONFIG example
avoids introduction of additional documentation requirements.  That is,
if we provide OpenLDAP-specific BDB settings via code, then we have to
detail these exceptions to BDB documentation.  And even if the community
proves itself (through contributions from individuals) to desire to
fulfill these documentation requirements, the exercise of providing a
DB_CONFIG example (which would require reaching consensus on settings,
and writing of DB_CONFIG comments regarding these settings) would significant
aide in providing OpenLDAP-specific settings via slapd(8) code.