[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue when injecting a new AttributeTypes in OpenLdap

Howard Chu writes:
>Hallvard B Furuseth wrote:
>> (...) it would be friendly if
>> OpenLDAP used the same attribute types for reading and writing schema,
>> without an 'olc' prefix for writing.  I presume there's a good reason it
>> doesn't, and I don't know how hard that would be to change.
> We use a custom attributeType since ours has an ORDERED-VALUES flag in the 
> schema definition. The generic attributeType does not, and we obviously 
> wouldn't change the generic one to add that flag.

Not sure what you mean.  OpenLDAP does extend the syntax of
attributeTypes and ldapSyntaxes with some 'X-...' keywords,
reserved for private experiments in rfc 4512.  This:
  ldapsearch -x -b cn=subschema -s base + |perl -p00e 's/\n //g' |grep X-
shows some non-OpenLDAP syntaxes, and OpenLDAP 'olc*' attribute types.

There are a few uses of X- in etc/openldap/schema/, but only in already
unportable/unsupported schemas (dyngroup and pmi).

> (...)
> The original LDAP designers obviously didn't understand schema to
> begin with, let alone the issues of designing and maintaining
> them. (Just ces and cis?  Ridiculous...)

Those were not supposed to be schema administration at all, since that
was done in the X.500 server & library installation which the LDAP
server was a gateway to.  I remember that one of the attractions of the
original LDAP for a sysadmin was getting rid of client-side schema
files, or at least the requirement of keeping them updated.

Then they probably proceeded with an excessive minimalist approach as a
reaction to the pointlessly heavyweight Quipu (free X.500) server, and
we are still living with the consequences:-(