[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue when injecting a new AttributeTypes in OpenLdap

To: Howard Chu <hyc@symas.com>
Subject: Re: Issue when injecting a new AttributeTypes in OpenLdap
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 13 Apr 2011 10:20:18 +0200
Cc: elecharny@apache.org, openldap-technical@openldap.org
In-reply-to: <4DA49F5C.1080607@symas.com>
References: <702177.50988.qm@web94703.mail.in2.yahoo.com> <hbf.20110411smci@bombur.uio.no> <4DA2F5DB.1040005@gmail.com> <hbf.20110411toyt@bombur.uio.no> <4DA30856.1030105@apache.org> <hbf.20110412ancg@bombur.uio.no> <4DA40D1A.9010406@apache.org> <hbf.20110412c2yz@bombur.uio.no> <4DA49F5C.1080607@symas.com>

Howard Chu writes:
>Hallvard B Furuseth wrote:
>> (...) it would be friendly if
>> OpenLDAP used the same attribute types for reading and writing schema,
>> without an 'olc' prefix for writing.  I presume there's a good reason it
>> doesn't, and I don't know how hard that would be to change.
> 
> We use a custom attributeType since ours has an ORDERED-VALUES flag in the 
> schema definition. The generic attributeType does not, and we obviously 
> wouldn't change the generic one to add that flag.

Not sure what you mean.  OpenLDAP does extend the syntax of
attributeTypes and ldapSyntaxes with some 'X-...' keywords,
reserved for private experiments in rfc 4512.  This:
  ldapsearch -x -b cn=subschema -s base + |perl -p00e 's/\n //g' |grep X-
shows some non-OpenLDAP syntaxes, and OpenLDAP 'olc*' attribute types.

There are a few uses of X- in etc/openldap/schema/, but only in already
unportable/unsupported schemas (dyngroup and pmi).

> (...)
> The original LDAP designers obviously didn't understand schema to
> begin with, let alone the issues of designing and maintaining
> them. (Just ces and cis?  Ridiculous...)

Those were not supposed to be schema administration at all, since that
was done in the X.500 server & library installation which the LDAP
server was a gateway to.  I remember that one of the attractions of the
original LDAP for a sysadmin was getting rid of client-side schema
files, or at least the requirement of keeping them updated.

Then they probably proceeded with an excessive minimalist approach as a
reaction to the pointlessly heavyweight Quipu (free X.500) server, and
we are still living with the consequences:-(

-- 
Hallvard

References:
- keyword <modulepath> ignored
  - From: sarath chandra <sarath_74@yahoo.co.in>
- Re: keyword <modulepath> ignored
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Issue when injecting a new AttributeTypes in OpenLdap
  - From: Emmanuel Lecharny <elecharny@gmail.com>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Emmanuel LÃcharny <elecharny@apache.org>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Emmanuel LÃcharny <elecharny@apache.org>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Issue when injecting a new AttributeTypes in OpenLdap
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: fedora and openldap
Next by Date: how to use ldap_parse_sortresponse_control
Index(es):
- Chronological
- Thread