Re: memberOf attributes not working through slapd-ldap backend

[masarati@aero.polimi.it]

> masarati@aero.polimi.it wrote:
>> The schema definition of memberOf is in fact missing in the proxy.  That
>> definition is hardcoded in slapo-memberof(5).  Your build probably has
>> slapo-memberof(5) built as module, or not built at all.  You need to
>> just
>> load the module, so the schema definition takes place.
>
> To me this approach still looks wrong. It does not make sense to load an
> additional module non-functional in a proxy just for having the schema
> around.
> Rather slapd overlays and backends relying on a certain schema should
> simply
> check by OID whether everything is present during startup.

There is a good reason: slapd does not allow to define via configuration
operational attributes.  This is a legacy of the pre-module, pre-overlay
time, when it as obvious that operational attributes could only be used in
conjunction with the code that dealt with them.  ITS#5714 is about that.

However, I see some good reason in defining middleware specific schema
through the middleware that uses them: compactness, and guarantee that the
module and its schema are consistent.  Moreover, if anyone using
slapo-memberof(5) were to load memberof.schema first, we'd see many
complaints like "slapd doesn't start; it says 'load memberof.schema
first'; what am I supposed to do?"

p.