[Date Prev][Date Next]
Re: Issue when injecting a new AttributeTypes in OpenLdap
Howard Chu writes:
>Hallvard B Furuseth wrote:
>> (...) it would be friendly if
>> OpenLDAP used the same attribute types for reading and writing schema,
>> without an 'olc' prefix for writing. I presume there's a good reason it
>> doesn't, and I don't know how hard that would be to change.
> We use a custom attributeType since ours has an ORDERED-VALUES flag in the
> schema definition. The generic attributeType does not, and we obviously
> wouldn't change the generic one to add that flag.
Not sure what you mean. OpenLDAP does extend the syntax of
attributeTypes and ldapSyntaxes with some 'X-...' keywords,
reserved for private experiments in rfc 4512. This:
ldapsearch -x -b cn=subschema -s base + |perl -p00e 's/\n //g' |grep X-
shows some non-OpenLDAP syntaxes, and OpenLDAP 'olc*' attribute types.
There are a few uses of X- in etc/openldap/schema/, but only in already
unportable/unsupported schemas (dyngroup and pmi).
> The original LDAP designers obviously didn't understand schema to
> begin with, let alone the issues of designing and maintaining
> them. (Just ces and cis? Ridiculous...)
Those were not supposed to be schema administration at all, since that
was done in the X.500 server & library installation which the LDAP
server was a gateway to. I remember that one of the attractions of the
original LDAP for a sysadmin was getting rid of client-side schema
files, or at least the requirement of keeping them updated.
Then they probably proceeded with an excessive minimalist approach as a
reaction to the pointlessly heavyweight Quipu (free X.500) server, and
we are still living with the consequences:-(