Quanah Gibson-Mount wrote:
--On Friday, September 15, 2017 7:57 PM +0200 Michael Ströder michael@stroeder.com wrote:
I strongly disagree. It's a schema shipped by OpenLDAP installation. So this update should have simply worked.
Since the schema is stored in the cn=config DB, there's not an option to replace the ppolicy LDIF in cn=config on upgrade. It has to be scripted.
I fully understand the technical reason for what went wrong.
But the sysadmin should not be required to script anything in case a schema file always shipped by OpenLDAP was updated by a regular OpenLDAP update. It should simply work like it does with other LDAP server implementations and cn=config.
I did test the update with my own installations. But they simply use slapd.conf. And it worked. ;-}
This would imply you updated the schema files at the same time.
Yes, of course. Any decent distribution package installs the schema files for this particular OpenLDAP version.
If you kept the 2.4.40 ppolicy.schema file with your new configuration, it would not have "simply" worked.
Yes, but why should I do so? A decent slapd.conf simply points to the version-specific OpenLDAP schema files. That's what we keep telling people here, aren't we?
Ciao, Michael.