[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Olc deployment vs slapd.conf based deployment

To: Peter <peter.gietz@daasi.de>, openldap-technical@openldap.org
Subject: Re: Olc deployment vs slapd.conf based deployment
From: Howard Chu <hyc@symas.com>
Date: Fri, 22 Sep 2017 15:50:04 +0100
In-reply-to: <WM!488c5bb2f914d229b4b32ae7df6678d7cd4847c625413f6bae7257199ce56c0e56bf7508aeb3c68ea447a03b394772fd!@mailstronghold-3.zmailcloud.com>
References: <2d8fa872-4df7-3cd0-6b0a-8ebc14cebf53@stroeder.com> <6da7eea6-d209-226f-c7f3-f97f149344e4@stroeder.com> <WM!d539e7f4ea540fb7cc4264264cb345aa1c3312e5a9cf4415abacf83ec5d76f5d0666910600c9779cf61a582a02703201!@mailstronghold-2.zmailcloud.com> <33CC7C0F66B0112865DBD451@[192.168.1.30]> <4e799610-4b88-8787-53c5-6fcb794be36a@stroeder.com> <WM!55ccb5fadfbb92a5e5e701b3f2fe107989aaa5f7f85473d4186bf1a0bc43c317ca2fd528537be5a77b94eab9784d3f72!@mailstronghold-1.zmailcloud.com> <EE5A467AAD37BC5FF60EF292@[192.168.1.30]> <00333450-1faf-4c7a-e9ee-9e9c5ab90b8e@stroeder.com> <20170915182434.5m3sx2vgkwyoeald@comet.nardis.ca> <WM!2095a05b22fc97b6b86e56d3c81275d4b763782d5d87f43d478389d9dbc3d83e73356f2d00886f401c32567316e634c4!@mailstronghold-1.zmailcloud.com> <6FC7A2523C36A116C81FB003@[192.168.1.30]> <56c2d5a0-560e-2c63-34e1-9ad7f965122a@daasi.de> <WM!488c5bb2f914d229b4b32ae7df6678d7cd4847c625413f6bae7257199ce56c0e56bf7508aeb3c68ea447a03b394772fd!@mailstronghold-3.zmailcloud.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1

Peter wrote:

olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif
olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif
olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
That is a very nice proposal, it would sort of give us the good things of bothworlds.

It means you would not be able to edit the schema contained within thesedirectives over LDAP, since those elements aren't themselves part of thecn=config DIT. So no, it's not the good things of both worlds.

IMHO schema is the only thing where cn=config makes life harder than slapd.conf.
Being a long time lurker on this list it is fun to see that although samesubjects like config alternatives, turn up again and again, the arguments andsolution proposals at least sometimes do progress.
Cheers

Peter



Am 15.09.2017 um 20:33 schrieb Quanah Gibson-Mount:
--On Friday, September 15, 2017 12:24 PM -0700 Ryan Tandy <ryan@nardis.ca>wrote:
There was some talk, either in IRC or on -devel, of creating a way for
cn=config to reference schema files (possibly LDIF) on disk rather than
importing them into the config database. I think that would be an
improvement. Importing schemas into cn=config is cool - especially if you
want to replicate the config - but I'm not sure it's a good default.
Since ordering is mandatory, it would be nice if you could just do somethinglike:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif
olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif
olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
etc. Then you could change the schema files on disk, and cn=config wouldjust load them in when it started. It'd certainly make the behavioranalagous to slapd.conf, and allow for easier rollback/testing.
--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Olc deployment vs slapd.conf based deployment
  - From: Peter <peter.gietz@daasi.de>

References:
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Peter <peter.gietz@daasi.de>

Prev by Date: Proper Way To Securely Bind With LDAP Server
Next by Date: Re: Olc deployment vs slapd.conf based deployment
Index(es):
- Chronological
- Thread