[Pkg-openldap-devel] Proposal for the configuration in debian.

Matthijs Mohlmann matthijs at cacholong.nl
Sun Feb 26 16:52:47 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Langasek wrote:
> On Fri, Feb 24, 2006 at 10:39:35PM +0100, Matthijs Mohlmann wrote:
> 
> 
>>I would like to change the structure of the slapd configuration a bit so
>>that it addresses a few issues.
> 
> 
>>- - /etc/ldap/slapd.conf
> 
> 
>>This configuration file should contain a minimal set of parameters that
>>are needed to run the database server (without the directories)
> 
> 
>>- - /etc/ldap/ldapdb/*
> 
> 
>>The directory /etc/ldap/ldapdb should contain files that describe the
>>directory and the needed parameters for that directory. The files in
>>there can be called to their basedn for example. These files can contain
>>the indexes, acl's and normal other parameters needed to setup a directory.
> 
> 
> This sounds like an interesting idea to me.
> 
> 
>>- - /etc/ldap/schema/*
> 
> 
>>The schema's that are needed to be included. This is already done.
> 
> 
> Uh, this is a problem.  I have plenty of files in my /etc/ldap/schema/
> directory which I do *not* expect to be included unconditionally in the
> running slapd's config; I have alternate revisions of schema files that I've
> tuned, I have conflicting schema files, and I even have an
> /etc/ldap/schema/README file...  I don't think it's right to include all of
> the schema files like this, I think it might be better to just include the
> core schema files and possibly create an additional /etc/ldap/slapd.d/
> directory where packages can include config files that would document
> additional schemas, etc.
> 
> At that point, I expect the load order would be:
> 
> include /etc/ldap/slapd.d/*.conf
> include /etc/ldap/ldapdb/*.conf
> 
> Note that the *.conf should give us a way of excluding old versions of
> conffiles, à la run-parts.
> 
Didn't thought about that, good suggestion.

> 
>>In this way we can fix the issues around upgrading and following
>>includes (#304488). And we can fix #333428 this bug. There are probably
>>several out there that can be fixed if we do it this way.
> 
> 
> Can you explain in more detail how you think this will fix 304488?  I don't
> see that it will fix 304488 at all, since 304488 relates to config file
> syntax changes -- splitting the config into more includes makes it *harder*
> to correct such problems on upgrade, not easier, I think.
> 
In this way we force a bit to have the user configuration in
/etc/ldap/ldapdb and we only need to parse the *.conf files in these
directories. On the other hand users can still have separate includes
and then you are right.

> I do agree that this basic idea is nice for things like 333428; I've wanted
> for a while to be able to provide a samba-ldap package to auto-configure an
> LDAP-based samba PDC, but haven't really bothered with it because I knew it
> would violate policy to implement it.
> 
So if I follow your suggestion about the schema's then you don't have a
policy violation at all...

> Cheers,
> 
Regards,

Matthijs Mohlmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEAdzf2n1ROIkXqbARAsJ2AJ9bb3CEJ6xI+tWjLlLWbW+8avwHdACgpYOg
2+XeuCXy4plU+89XKj0Ligg=
=dxEY
-----END PGP SIGNATURE-----

More information about the Pkg-openldap-devel mailing list