[Pkg-openldap-devel] Adding schemas and ACL's to slapd.conf

Soren Hansen soren at ubuntu.com
Sun Jul 29 17:24:21 UTC 2007 

On Sun, Jul 29, 2007 at 09:57:31AM -0700, Russ Allbery wrote:
> > I'm an a situation where I need to add ACL's and schemas to
> > slapd.conf, and I can imagine others must have faced similar needs.
> > Debian Policy tells me not to touch the config file directly, so I
> > propose the attached patch. Summary:
> Yeah, we talked about this a bit at Debconf as well.  I think the
> general consensus at the time was to include a directory of schema
> files and use an -available / -enabled structure similar to the Apache
> 2.x packages.

Right, that's kind of what I was thinking. I just didn't want to rename
/etc/ldap/schemas since other packages may still expect it to exist. Of
course a few symlinks could mitigate that.

> Doesn't slapd.conf support including directories, thereby including
> all files in the directory?

Unfortunately, no. I considered adding that instead, but this felt less
instrusive and accomplishes almost the same. Heck, running the scripts
is cheap, so we could add them to the init script instead.

> Although I suppose that would require making the same modifications
> that the Apache folks did to ignore files ending in .dpkg-* so that
> the configuration file backups and new copies created by dpkg aren't
> included.

Good point. My update-slapd-{acl,schemas} don't do that currently.

> If we can include directories, though, I think that would be cleaner than
> requiring people to run a command to regenerate their slapd.conf.

Well, "people" are limited to package maintainers, so I don't think it's
that bad. They will have to make changes to support this anyway, so
requiring it won't force any extra work on anyone who's not changing
something anyway.

> back-config will obviously make this much better, but I don't think it's
> fully ready until 2.4 (although Quanah can correct me certainly if I'm
> wrong).

Oh, I see. I just need this solution "right now"-ish. :)

-- 
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20070729/94c74b6a/attachment.pgp

More information about the Pkg-openldap-devel mailing list