[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

To: Chris Hiestand <chiestand@salk.edu>, openldap-technical@openldap.org
Subject: Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 19 Mar 2012 11:57:32 -0700
Content-disposition: inline
In-reply-to: <315EABE9-81AD-4595-AAD5-6732BCCE0472@salk.edu>
References: <315EABE9-81AD-4595-AAD5-6732BCCE0472@salk.edu>

--On Monday, March 19, 2012 11:39 AM -0700 Chris Hiestand<chiestand@salk.edu> wrote:

Part 1: Readability

I know you veterans are probably sick to death of us late-comers asking
questions about cn=config. I understand but please hear me out because I
feel  I have done due diligence; but I still have some concerns with the
transition. Workflow has been discussed before, but I suspect it hasn't
been fleshed out because the switch from editing schema and ACLs in flat
files to LDAP entries reduces readability. I have no problem using
cn=config for most configuration attributes, but it gets a lot less user
friendly when the value is, what used to be in slapd.conf, a multi-line
string. But I could just be missing something. Your help is appreciated.

They were never a multi-line string in slapd.conf, either. You could justformat things to pretend they were multi-line strings.

The LDIF files are a mess because of the way words are split
unpredictably by new lines. You can't use a simple search and replace
with any hope of it working. Readability would be vastly improved with
new lines before keywords (eg to, filter, attrs â) but I don't think
it's possible to have ldapsearch output this way.

Am I just missing workflow techniques or key concepts that improves
readability? Or is your advice to just suck it up and get used to it?

I use Net::LDAP perl module to handle ACL updates. It's quite simple. Thesame thing could likely be done in python. Plus replacing an entire ACL incn=config is trivial, since you can delete the existing ACL using the {#}value, and you can insert new ACLs trivially but using a weight of whereyou want to insert it.

Part 2: Deleting entries in cn=config

Quanah Gibson-Mount has said entry deletes are coming in 2.5, is that
still the plan? The Roadmap page isn't specific.

You can optionally enable this at build time in OpenLDAP 2.4.30 fortesting. As it is an experimental feature, YMMV.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
  - From: David Blank-Edelman <dnb@ccs.neu.edu>
- Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
  - From: Chris Hiestand <chiestand@salk.edu>

References:
- Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
  - From: Chris Hiestand <chiestand@salk.edu>

Prev by Date: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
Next by Date: Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
Index(es):
- Chronological
- Thread