Re: Loading LDAP schema files into cn=config
Michael Ströder wrote:
Nick Milas wrote:
> On 2/7/2011 2:53 μμ, Simone Piccardi wrote:
>> I don't think there are comments inside cn=config, and
>> those are very important when you have to document and track tens of
>> different installations.
>
> Indeed, it seems that the config schema does not include a "description"
(or
> similar) attribute which can be used freely in any config DIT entries for
> documentation purposes.
>
> If this is truly the case, wouldn't it be advisable to add such support to the
> config schema? Of course, this means that all objectclass definitions should
> include: ...MAY (... $ description ) ...
While description may help a little bit you cannot add comments for each
configuration directive for example ACLs.
We've been discussing this problem for quite a while. My current thinking is
that somehow we can use attribute options to help. Visually it might be better
to associate the option with the original attribute, e.g.
olcAccess:
olcAccess;x-comment:
This would require defining a new (and strange) type of attribute option
though, since the value with the option has no relation (syntactically) to the
original attribute type.
The other alternative is to add a generic description attribute, and tag it
with the attribute that a comment refers to:
description;x-olcAccess: blah blah blah
This is a lot simpler for us to implement.
> Usually, in our DIT (which includes mainly people, mail alias,
other accounts,
> and DNS data) we use single-valued or multi-valued (per entry)
"description"
> attributes (as defined in RFC 4519) which serve very well our documentation
> needs. These are already included in the objectClasses we use (based on
> account, person, domain etc. objectClasses ).
I also use 'description' quite a lot especially since my web2ldap displays it
as bubble help in the browser. But it's not sufficient in this case.
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/