[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Loading LDAP schema files into cn=config



Michael StrÃder wrote:
Nick Milas wrote:
On 2/7/2011 2:53 ÎÎ, Simone Piccardi wrote:
I don't think there are comments inside cn=config, and
those are very important when you have to document and track tens of
different installations.

Indeed, it seems that the config schema does not include a "description" (or
similar) attribute which can be used freely in any config DIT entries for
documentation purposes.

If this is truly the case, wouldn't it be advisable to add such support to the
config schema? Of course, this means that all objectclass definitions should
include: ...MAY (... $ description ) ...

While description may help a little bit you cannot add comments for each
configuration directive for example ACLs.

We've been discussing this problem for quite a while. My current thinking is that somehow we can use attribute options to help. Visually it might be better to associate the option with the original attribute, e.g.
	olcAccess:
	olcAccess;x-comment:
This would require defining a new (and strange) type of attribute option though, since the value with the option has no relation (syntactically) to the original attribute type.

The other alternative is to add a generic description attribute, and tag it with the attribute that a comment refers to:
	description;x-olcAccess: blah blah blah

This is a lot simpler for us to implement.

Usually, in our DIT (which includes mainly people, mail alias, other accounts,
and DNS data) we use single-valued or multi-valued (per entry) "description"
attributes (as defined in RFC 4519) which serve very well our documentation
needs. These are already included in the objectClasses we use (based on
account, person, domain etc. objectClasses ).

I also use 'description' quite a lot especially since my web2ldap displays it
as bubble help in the browser. But it's not sufficient in this case.

Ciao, Michael.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/