abartlet@samba.org wrote:
Full_Name: Andrew Bartlett Version: CVS HEAD OS: Fedora 9 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (124.176.63.104)
As instructed by Howard:
From: Howard Chu hyc@highlandsun.com To: samba-technical@lists.samba.org Subject: Re: samba4-ol-mmr Date: Mon, 11 Aug 2008 21:09:52 -0700 (Tue, 14:09 EST)
# Generated from schema in /usr/local/samba/private/ldap/schema-tmp.ldb overlay memberof memberof-dn cn=samba-admin,cn=samba memberof-dangling error memberof-refint TRUE memberof-group-oc top memberof-member-ad msDS-ObjectReference memberof-memberof-ad msDS-ObjectReferenceBL memberof-dangling-error 32
(repeats once per attribute link)
...
Mmm, that's really clunky. Someone should file an OpenLDAP enhancement request on the memberof config syntax. You should only need to instantiate the overlay once, and then it should just take a list of oc/forward-ad/back-ad config options.
Look closely at how we sub in memberof configuration into the slapd.conf. I suggest that you could add a ${REPL_CONFIG} after each database, which the script could sub with either "" or by reading and subing in a slapd-replica.conf
It's not the syntax that's clunky. You're (ab)using slapo-memberof(5), which was designed to deal with *just one* pair of member/reverse-link attribute relationship. Probably the overlay needs to be entirely reworked to provide a many-to-many relationship. At this point, I'd rather design a new one, giving up some of the not so useful extra features implemented in slapo-memberof(5), and focusing on the many-to-many main requirement.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
-
ando@sys-net.it