masarati@aero.polimi.it wrote:
Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2.40.14.92) Submitted by: ando
Currently attributes in pcache attrsets must be defined. As far as I recall this was introduced to catch misconfigurations (e.g. a typo would have silently resulted in erroneous caching). However, one may wish to cache attrs whose schema is not known. I've modified pcache to allow undef:attrname in attrsets, so the administrator needs to know what he's doing. The "undef:" is stripped during parsing, but slapd will not complain and the administrator.
I think this is a mistake. Anything slapd handles must have a defined schema. Probably the recent patches for back-ldap to support undefined filters are also a mistake. We have already documented that schema must be provided in order to get proper functioning of e.g. back-ldap. There is no reason to relax this requirement since one can always obtain the relevant schema from the target server.
I understand your point and I fully agree with it. However, we have been swaying between these two extremes many times, and there's always some good reason to need strictness as well as (some) relaxation.
I think this ITS' solution approach represents a reasonable trade-off: we require schema to be defined, but we accept that it's not provided the admin knows what he's doing. I'm prepared to back this feature out as soon as it creates harm.
p.