While trying to implement back-config delete support for slapo-chain I stumbled across some inconsistencies in slapo-chain's configuration routines. When using slapd.conf it is not possible to configure some settings for slapo-chain's underlying back-ldap database. E.g. things like chain "-sizelimit", "-restrict", "-limits" are just rejected. OTOH when using cn=config slapd will accept all these settings just fine and writes them to the database. They don't have any effect however.

It would be nice if cn=config and slapd.conf behaved more consistent here. Either by both rejecting general database options (everything that's not a specific back-ldap option) for the underlying back-ldap databases or by correctly applying them.

I tend to think the latter approach could make sense. It would e.g. allow to define different size and timelimits for chained operations or would allow to setup a chain-overlay that only chains read operations (by setting olcReadOnly on the underlying LDAP database).

I have already starting implementing parts of this. But if people think it does not make much sense it would still be early enough to dump the code and forget about it :).

Ralf