While trying to implement back-config delete support for slapo-chain I
stumbled across some inconsistencies in slapo-chain's configuration
When using slapd.conf it is not possible to configure some settings for
slapo-chain's underlying back-ldap database. E.g. things like
chain "-sizelimit", "-restrict", "-limits" are just
OTOH when using cn=config slapd will accept all these settings just fine
and writes them to the database. They don't have any effect however.
It would be nice if cn=config and slapd.conf behaved more consistent
here. Either by both rejecting general database options (everything
that's not a specific back-ldap option) for the underlying back-ldap
databases or by correctly applying them.
I tend to think the latter approach could make sense. It would e.g.
allow to define different size and timelimits for chained operations or
would allow to setup a chain-overlay that only chains read operations
(by setting olcReadOnly on the underlying LDAP database).
I have already starting implementing parts of this. But if people think
it does not make much sense it would still be early enough to dump the
code and forget about it :).