On Tue, Apr 05, 2022 at 02:10:37PM +0800, David Timber wrote:
I know how to import schemas with cn=config. That was never a question. I was just complaining because it's a tedious process and I believe that it shouldn't be like this. The whole cn=config matter was not even my question in the first place. My concern was that I'm not happy with how cn=config handles schemas and I want to stick with "deprecated" slapd.conf. slaptest has to be used to convert schema to ldif, which is in no way intuitive and convenient.
Hi David, you're right, it doesn't have to be like this, and it's quite trivial to bypass slaptest as I showed earlier. The contents of the schema are the same they just have to be encapsulated in attributes and an LDAP entry.
On 5/4/22 12:27, Quanah Gibson-Mount wrote:
And you're literally missing the point that a ".schema" file is a syntax specific to slapd.conf and a ".ldif" file is a syntax specific to cn=config. Just as you cannot load a ".schema" file into cn=config, you cannot load a ".ldif" file into slapd.conf. The two things are *equivalent* representations for their respective configuration types. In the future, expect only ".ldif" files to get shipped once we finalize deprecating slapd.conf.
The format of schema is defined in RFC 4512. It's universal. OpenLDAP has no right to be difficult in incorporating schemas. Forcing users to convert it to ldif to just fit into the OpenLDAP specific cn=config format is not just fair, especially for the sake of compatibility. I'd have been happy if I could just use include: attribute to load .schema.
Again, the contents of e.g. attributetype and olcAttributeTypes: are identical, both using the same RFC 4512 format as you rightly referenced. You probably want to explain again where you are coming from as I see no issue here.
Regards,