On Thu, May 08, 2025 at 05:40:07AM +0000, Windl, Ulrich wrote:
Hi!
I don't know who said "Ease of use, not ease of implementation is the design goal", but If one DN is used as a value for some attribute, and there's a "referential integrity module" to update such attributes if the underlying DN changes, it's hard to explain why it would work for some cases, but not for others. And to make things worse: It just fails silently.
Ok, let's play devil's advocate and assume someone configured OpenLDAP with slapd.conf: how do you propose refint goes about adjusting that configuration for you? Does it write a new configuration file, do ACLs/limit stanzas get rewritten as well on renames? How about regex based ACLs/limits?
Maybe you can help us design this functionality to improve the ease of use, maybe you have suggestions how the documentation can be improved to make sure people appreciate the limitations at the appropriate time and decide how well it covers their use case.
After all this is still a community based project and without the wisdom and contributions of the community it will not advance.
Thanks,