Quanah Gibson-Mount wrote:
The real issue with ppolicy is that it shouldn't be shipping with a separate schema, and instead it should have its configuration schema fully internalized.
Hmm, you could say that about for standard schema file shipped by OpenLDAP but considered immutable (like core.schema etc.). Especially if you change the code to move schema declarations from a schema file to schema_prep.c or an overlay foobar.c your stuck with having to update cn=config: 1. Before software you must not add/remove the schema declaration. 2. After software you cannot add/remove the schema declaration.
Ciao, Michael.