[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Olc deployment vs slapd.conf based deployment

To: Howard Chu <hyc@symas.com>, openldap-technical@openldap.org
Subject: Re: Olc deployment vs slapd.conf based deployment
From: Peter <peter.gietz@daasi.de>
Date: Mon, 25 Sep 2017 11:17:03 +0200
Content-language: en-GB
In-reply-to: <7024d93b-cf76-cb74-d637-d7b38b0cedfc@symas.com>
References: <2d8fa872-4df7-3cd0-6b0a-8ebc14cebf53@stroeder.com> <WM!d539e7f4ea540fb7cc4264264cb345aa1c3312e5a9cf4415abacf83ec5d76f5d0666910600c9779cf61a582a02703201!@mailstronghold-2.zmailcloud.com> <33CC7C0F66B0112865DBD451@[192.168.1.30]> <4e799610-4b88-8787-53c5-6fcb794be36a@stroeder.com> <WM!55ccb5fadfbb92a5e5e701b3f2fe107989aaa5f7f85473d4186bf1a0bc43c317ca2fd528537be5a77b94eab9784d3f72!@mailstronghold-1.zmailcloud.com> <EE5A467AAD37BC5FF60EF292@[192.168.1.30]> <00333450-1faf-4c7a-e9ee-9e9c5ab90b8e@stroeder.com> <20170915182434.5m3sx2vgkwyoeald@comet.nardis.ca> <WM!2095a05b22fc97b6b86e56d3c81275d4b763782d5d87f43d478389d9dbc3d83e73356f2d00886f401c32567316e634c4!@mailstronghold-1.zmailcloud.com> <6FC7A2523C36A116C81FB003@[192.168.1.30]> <56c2d5a0-560e-2c63-34e1-9ad7f965122a@daasi.de> <WM!488c5bb2f914d229b4b32ae7df6678d7cd4847c625413f6bae7257199ce56c0e56bf7508aeb3c68ea447a03b394772fd!@mailstronghold-3.zmailcloud.com> <7024d93b-cf76-cb74-d637-d7b38b0cedfc@symas.com>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0



Am 22.09.2017 um 16:50 schrieb Howard Chu:

Peter wrote:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif
olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif
olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
That is a very nice proposal, it would sort of give us the goodthings of both worlds.
It means you would not be able to edit the schema contained withinthese directives over LDAP, since those elements aren't themselvespart of the cn=config DIT.


Oops, I just see that I read something different than I meant.
I meant .schema and not .ldif:

olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.schema
olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.schema
olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.schema

That is what I would like to have, so that people can edit schema in aformat that was standardised in LDAP without adding the complexity ofLDIF change commands.

So no, it's not the good things of both worlds.

It would make schema modification easier and better traceable and auditable.

But as it is not a lot more than a nice to have, I wont push this further.

Cheers,
Peter

IMHO schema is the only thing where cn=config makes life harder thanslapd.conf.
Being a long time lurker on this list it is fun to see that althoughsame subjects like config alternatives, turn up again and again, thearguments and solution proposals at least sometimes do progress.
Cheers

Peter



Am 15.09.2017 um 20:33 schrieb Quanah Gibson-Mount:
--On Friday, September 15, 2017 12:24 PM -0700 Ryan Tandy<ryan@nardis.ca> wrote:
There was some talk, either in IRC or on -devel, of creating a way for
cn=config to reference schema files (possibly LDIF) on disk ratherthan
importing them into the config database. I think that would be an
improvement. Importing schemas into cn=config is cool - especiallyif you
want to replicate the config - but I'm not sure it's a good default.
Since ordering is mandatory, it would be nice if you could just dosomething like:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif
olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif
olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
etc. Then you could change the schema files on disk, and cn=configwould just load them in when it started. It'd certainly make thebehavior analagous to slapd.conf, and allow for easierrollback/testing.
--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>


--
_______________________________________________________________________

Peter Gietz (CEO)
DAASI International GmbH                   phone: +49 7071 407109-0
Europaplatz 3                              Fax:   +49 7071 407109-9
D-72072 Tübingen                           mail:  peter.gietz@daasi.de
Germany                                    Web:   www.daasi.de

DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175

Directory Applications for Advanced Security and Information Management
_______________________________________________________________________

References:
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Michael Ströder <michael@stroeder.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Peter <peter.gietz@daasi.de>
- Re: Olc deployment vs slapd.conf based deployment
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Openldap periodic cpu spikes in one of the servers in two node MMR
Next by Date: Re: slapd: null_callback : error code 0x14
Index(es):
- Chronological
- Thread