Michael Ströder wrote:

Howard Chu wrote:

...

Ugh, no. There's no way any sysadmin is going to remember what each OID means.

There are tools to display them: http://demo.web2ldap.de:1760/web2ldap?ldap://ldap.uninett.no/??base

There also could be GUI tools to display ACLs to humans.

None of which may be accessible when trying to diagnose a crashed system. It must always be practical to manually edit a slapd configuration.

...

Each exop will be given a "friendly name" like WhoAmI, ModifyPwd, etc.

Who maintains the list of friendly names? Yes, the OpenLDAP project can maintain a proprietary list like all other LDAP vendors do. :-( Probably that's another topic for cross-vendor coordination...

Interoperability is not a requirement for slapd configuration elements. However, any shortname already present in RFCs would be obvious first choices. E.g., "passwdModify" (RFC 3062, section 2) and "whoami" (RFC4532, section 2) (derived by dropping the letters "OID" from the name of the OID definition). Or just accept any oidmacros, as some of the other config items already do.

On that score I believe we should promote more pervasive use OID macros instead of numeric OIDs, because that greatly enhances comprehension by human administrators. I believe we should define macros for all of the syntaxes etc. already in common use in slapd and document them, guaranteeing that they will be available for everyone else who uses OpenLDAP to also take advantage of them. (Note that back-config already has several hardcoded, but they're decorated with "OM" prefix and not documented for public consumption. For real use they should be unadorned, using plain names such as "integer" or "directoryString" ...)