Issue 6277 - Missing documentation for cn=config
Summary: Missing documentation for cn=config
Status: VERIFIED DUPLICATE of issue 7335
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: documentation (show other issues)
Version: 2.4.15
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: Howard Chu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-27 16:03 UTC by ryans@aweber.com
Modified: 2021-02-26 23:41 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description ryans@aweber.com 2009-08-27 16:03:46 UTC
Full_Name: Ryan Steele
Version: 2.4.15
OS: Ubuntu 8.04 LTD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (207.106.239.81)


According to chapter 5 of the admin guide, "some of the backends and of the
distributed overlays do not support runtime configuration yet. In those cases,
the old style slapd.conf(5) file must be used."  However, there is no
documentation on which backends and overlays do and don't have said support. 
Without grokking the code, it is a trial-and-error operation at best.

Also, there is no documentation on how to add overlay-specific directives (man
pages or otherwise).  Take, for example, autogroup-attrset; the olcAGattrSet
directive is only described in autogroup.c, and nowhere else.  This is not the
only instance of missing module documentation, but it should give a general idea
of where to look.

Of course, grepping the code is easy enough, but you shouldn't have to do that
to learn how to achieve simple configurations. If there's going to be a
fundamental paradigm shift from slapd.conf to cn=config, there has to be
documentation (man pages, admin guide sections, et. al.) on the appropriate
methods for achieving what once was done through slapd.conf.  IMHO, that should
include concrete examples, such as the following, pulled from the Courier
documentation:

The following LDIF could be used to add [the auditlog] overlay to cn=config
(adjust to suit):

    dn: olcOverlay=auditlog,olcDatabase={1}hdb,cn=config 
    changetype: add
    objectClass: olcOverlayConfig
    objectClass: olcAuditLogConfig
    olcOverlay: auditlog
    olcAuditlogFile: /tmp/auditlog.ldif

Comment 1 Gavin Henry 2009-08-27 16:06:50 UTC
moved from Incoming to Documentation
Comment 2 Gavin Henry 2009-08-27 16:21:45 UTC
> Full_Name: Ryan Steele
> Version: 2.4.15
> OS: Ubuntu 8.04 LTD
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (207.106.239.81)
> 
> 
> According to chapter 5 of the admin guide, "some of the backends and of the
> distributed overlays do not support runtime configuration yet. In those
cases,
> the old style slapd.conf(5) file must be used."  However, there is no
> documentation on which backends and overlays do and don't have said support. 
> Without grokking the code, it is a trial-and-error operation at best.

Point taken. I'm pretty sure they all do now. Will check and update that
section.

> Also, there is no documentation on how to add overlay-specific directives
(man
> pages or otherwise).  Take, for example, autogroup-attrset; the olcAGattrSet
> directive is only described in autogroup.c, and nowhere else.  This is not
the
> only instance of missing module documentation, but it should give a general
idea
> of where to look.

Some of the contribs one don't come with a man page unfortunately. Core ones
do.

I'll look into the relevant sections and add one or two examples.

> Of course, grepping the code is easy enough, but you shouldn't have to do
that
> to learn how to achieve simple configurations. If there's going to be a
> fundamental paradigm shift from slapd.conf to cn=config, there has to be
> documentation (man pages, admin guide sections, et. al.) on the appropriate
> methods for achieving what once was done through slapd.conf.  IMHO, that
should
> include concrete examples, such as the following, pulled from the Courier
> documentation:
> 
> The following LDIF could be used to add [the auditlog] overlay to cn=config
> (adjust to suit):
> 
>     dn: olcOverlay=auditlog,olcDatabase={1}hdb,cn=config 
>     changetype: add
>     objectClass: olcOverlayConfig
>     objectClass: olcAuditLogConfig
>     olcOverlay: auditlog
>     olcAuditlogFile: /tmp/auditlog.ldif
> 

Well there are two places that talk about how to convert from slapd.conf to
cn=config formats. In the guide and man pages, so that is the best way to do a
full conversion and see the end result. 

Where would you like to see these added?

Thanks for the feedback as always!

Gavin.
Comment 3 ando@openldap.org 2009-08-27 19:22:12 UTC
>> Full_Name: Ryan Steele
>> Version: 2.4.15
>> OS: Ubuntu 8.04 LTD
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (207.106.239.81)
>>
>>
>> According to chapter 5 of the admin guide, "some of the backends and of
>> the
>> distributed overlays do not support runtime configuration yet. In those
> cases,
>> the old style slapd.conf(5) file must be used."  However, there is no
>> documentation on which backends and overlays do and don't have said
>> support.
>> Without grokking the code, it is a trial-and-error operation at best.
>
> Point taken. I'm pretty sure they all do now. Will check and update that
> section.

back-meta and back-sql don't yet.  I have half (er, somewhere between 0
and 100%, boundaries not included) in a working dir somewhere, and rough
ideas about what to do with back-meta.

p.

Comment 4 Howard Chu 2009-08-27 19:27:21 UTC
masarati@aero.polimi.it wrote:
>>> Full_Name: Ryan Steele
>>> Version: 2.4.15
>>> OS: Ubuntu 8.04 LTD
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (207.106.239.81)
>>>
>>>
>>> According to chapter 5 of the admin guide, "some of the backends and of
>>> the
>>> distributed overlays do not support runtime configuration yet. In those
>> cases,
>>> the old style slapd.conf(5) file must be used."  However, there is no
>>> documentation on which backends and overlays do and don't have said
>>> support.
>>> Without grokking the code, it is a trial-and-error operation at best.
>>
>> Point taken. I'm pretty sure they all do now. Will check and update that
>> section.
>
> back-meta and back-sql don't yet.  I have half (er, somewhere between 0
> and 100%, boundaries not included) in a working dir somewhere, and rough
> ideas about what to do with back-meta.

All of the core overlays now support cn=config. Yes, contrib is trial-and-error.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 5 ryans@aweber.com 2009-09-01 19:16:54 UTC
Gavin,

> Well there are two places that talk about how to convert from slapd.conf
> to cn=config formats. In the guide and man pages, so that is the best
> way to do a full conversion and see the end result.
>
> Where would you like to see these added?
>
> Thanks for the feedback as always!

My vote would be section 5.2.2.3 of the Admin Guide.  Currently, it has 2 examples of loading modules consisting of
libtool libraries, but I would think that it would be good to give an example which, for pedagogical purposes, explained
how to instantiate an overlay in cn=config.  For example, ppolicy and autogroup:

   dn: olcOverlay=ppolicy,olcDatabase={1}hdb,cn=config
   objectClass: olcOverlayConfig
   objectClass: olcPPolicyConfig
   olcOverlay: ppolicy

   dn: olcOverlay=autogroup,olcDatabase={1}hdb,cn=config
   objectClass: olcOverlayConfig
   objectClass: olcAutomaticGroups
   olcOverlay: autogroup
   olcAGattrSet: groupOfNames labeledURI member

Perhaps it would also be good to emphasize the need for overlay-specific objectclasses, such as the aforementioned
'olcOverlayConfig' and 'olcPPolicyConfig'.  It probably also wouldn't hurt to mention that there are certain
overlay-specific attributes, i.e. olcAGattrSet, that are necessary to make full use of the module, and that grepping
through the contrib module's source can help one identify said attributes' names in lieu of adequate documentation.
Something like: grep -C3 NAME contrib/slapd-modules/autogroup/autogroup.c, maybe?


Thanks as always,
Ryan

Comment 6 Gavin Henry 2009-09-01 21:14:38 UTC
----- ryans@aweber.com wrote:

> Gavin,
> 
> > Well there are two places that talk about how to convert from
> slapd.conf
> > to cn=config formats. In the guide and man pages, so that is the
> best
> > way to do a full conversion and see the end result.
> >
> > Where would you like to see these added?
> >
> > Thanks for the feedback as always!
> 
> My vote would be section 5.2.2.3 of the Admin Guide.  

Hi Ryan,

Thanks for the time you spent replying in length. Oh, maybe that time could have been
spent writing a patch to docs! ;-)

I'll take on board your suggestions and make some changes when I can.

Patches welcome!

Cheers.

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

Comment 7 Howard Chu 2009-09-01 21:19:46 UTC
ryans@aweber.com wrote:
> Gavin,
>
>> Well there are two places that talk about how to convert from slapd.conf
>> to cn=config formats. In the guide and man pages, so that is the best
>> way to do a full conversion and see the end result.
>>
>> Where would you like to see these added?
>>
>> Thanks for the feedback as always!
>
> My vote would be section 5.2.2.3 of the Admin Guide.  Currently, it has 2 examples of loading modules consisting of
> libtool libraries, but I would think that it would be good to give an example which, for pedagogical purposes, explained
> how to instantiate an overlay in cn=config.  For example, ppolicy and autogroup:

autogroup is a contrib module. We only document usage of core features in the 
Admin Guide.

>     dn: olcOverlay=ppolicy,olcDatabase={1}hdb,cn=config
>     objectClass: olcOverlayConfig
>     objectClass: olcPPolicyConfig
>     olcOverlay: ppolicy

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 8 Gavin Henry 2009-09-02 19:37:35 UTC
Of course, but Ryan also mentioned the password policy overlay here
and loading overlays in general via cn=config.

On 01/09/2009, hyc@symas.com <hyc@symas.com> wrote:
> ryans@aweber.com wrote:
>> Gavin,
>>
>>> Well there are two places that talk about how to convert from slapd.conf
>>> to cn=config formats. In the guide and man pages, so that is the best
>>> way to do a full conversion and see the end result.
>>>
>>> Where would you like to see these added?
>>>
>>> Thanks for the feedback as always!
>>
>> My vote would be section 5.2.2.3 of the Admin Guide.  Currently, it has 2
>> examples of loading modules consisting of
>> libtool libraries, but I would think that it would be good to give an
>> example which, for pedagogical purposes, explained
>> how to instantiate an overlay in cn=config.  For example, ppolicy and
>> autogroup:
>
> autogroup is a contrib module. We only document usage of core features in
> the
> Admin Guide.
>
>>     dn: olcOverlay=ppolicy,olcDatabase={1}hdb,cn=config
>>     objectClass: olcOverlayConfig
>>     objectClass: olcPPolicyConfig
>>     olcOverlay: ppolicy
>
> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>
>
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com

Comment 9 Howard Chu 2021-02-15 12:43:00 UTC
At this point all backends and core overlays support cn=config, so that portion of this ticket is now resolved. The remaining issue, of adding cn=config-oriented docs, will be addressed in #7335.

*** This issue has been marked as a duplicate of issue 7335 ***