https://bugs.openldap.org/show_bug.cgi?id=5500

--- Comment #4 from Karl O. Pinc kop@karlpinc.com --- The problem with adding an attribute is that this means that comments are per-entry, and cannot be associated with specific attribute values.

Having to write comments on an entry that apply to a specific attribute value means having to describe the attribute's value within the comment. Most of my comments have to do with particular attribute values, so this would be awkward -- both for writer and reader.

Below is an alternative design. It supports commenting both entries and attributes and working with commented ldif files in an "expected" way. The downside is that this design does not provide a "natural" user interface. Generic LDAP clients would not readily associate comment text with the entries or attributes commented. The OpenLDAP client tools would need to be used to produce and consume "commented ldif" files.

No reason why this alternative design could not be implemented alongside the design previously proposed.

Have a cn=comment,cn=config subtree. The dn is index=X,attribute=Y,EntryUUID=Z,cn=comment,cn=config. (Where index is the index of the commented attribute when an attribute is multi-valued.) Keep all the comments there.

Index and attribute would be optional in the dn; when omitted the comment is on the entry.

Pass a flag to ldapmodify and ldapadd so that comments are preserved on input, and a flag for ldapsearch to output such comments. The flag would only work on the cn=config DIT.

Comments appearing in an ldif before a dn are attached to the entry. Comments appearing before an attribute are attached to the attribute.