Howard Chu writes:
Hallvard B Furuseth wrote:
(...) it would be friendly if OpenLDAP used the same attribute types for reading and writing schema, without an 'olc' prefix for writing. I presume there's a good reason it doesn't, and I don't know how hard that would be to change.
We use a custom attributeType since ours has an ORDERED-VALUES flag in the schema definition. The generic attributeType does not, and we obviously wouldn't change the generic one to add that flag.
Not sure what you mean. OpenLDAP does extend the syntax of attributeTypes and ldapSyntaxes with some 'X-...' keywords, reserved for private experiments in rfc 4512. This: ldapsearch -x -b cn=subschema -s base + |perl -p00e 's/\n //g' |grep X- shows some non-OpenLDAP syntaxes, and OpenLDAP 'olc*' attribute types.
There are a few uses of X- in etc/openldap/schema/, but only in already unportable/unsupported schemas (dyngroup and pmi).
(...) The original LDAP designers obviously didn't understand schema to begin with, let alone the issues of designing and maintaining them. (Just ces and cis? Ridiculous...)
Those were not supposed to be schema administration at all, since that was done in the X.500 server & library installation which the LDAP server was a gateway to. I remember that one of the attractions of the original LDAP for a sysadmin was getting rid of client-side schema files, or at least the requirement of keeping them updated.
Then they probably proceeded with an excessive minimalist approach as a reaction to the pointlessly heavyweight Quipu (free X.500) server, and we are still living with the consequences:-(