Im having a few issues wrapping my head around how schemas should be implemented.
If I do a default install of openldap (2.4.23) on CentOS 6 the following schemas are automatically included:
cn={0}corba.ldif cn={1}core.ldif cn={2}cosine.ldif cn={3}duaconf.ldif cn={4}dyngroup.ldif cn={5}inetorgperson.ldif cn={6}java.ldif cn={7}misc.ldif cn={8}nis.ldif cn={9}openldap.ldif cn={10}ppolicy.ldif cn={11}collective.ldif
I assume this is done because it allows for a fairly flexible directory that Just Works for nearly everyone. However, many of these schemas contain attributes that I do not use, in fact I can cut down the list of schemas that contain attributes I knowingly use to the following list:
cn={0}core.ldif cn={1}cosine.ldif cn={2}inetorgperson.ldif cn={3}nis.ldif cn={4}customschema.ldif
My issue is that I am not sure if there is any benefit for removing the unused schemas (i.e. I could have just added my customschema as cn={12}customschema.ldif to the default install but I was worried there would be a performance penalty or security issue with including the unused schemas).
Is it advisable to remove unused schemas? Does including unused schemas result in any sort of performance penalty (e.g. while booting or when doing searches)? If I want to use syncrepl to replicate my data do I have to have the exact same list of schemas in the same order on the consumer (i.e. does the number in the curly braces matter)? If I add a schema to a consumer does it have to be added to the provider as well even if the attributes it contains are unused?
--On Friday, December 05, 2014 12:02 PM +1300 Chris Neilson crusty.chris@gmail.com wrote:
Im having a few issues wrapping my head around how schemas should be implemented.
If I do a default install of openldap (2.4.23) on CentOS 6 the following schemas are automatically included:
Throw away this installation and start over. You don't want to use 2.4.23, and you definitely don't want the CentOS build of OpenLDAP.
As for the schema question, there's really little cost to having the ldap server have them loaded. Whether you wish to keep them is up to you.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Chris Neilson wrote:
Is it advisable to remove unused schemas? Does including unused schemas result in any sort of performance penalty (e.g. while booting or when doing searches)?
Regarding slapd there's no noticable performance penalty.
If you have schema-aware LDAP client applications there could be a small performance penalty if those do not implement decent schema caching. There are only very few schema-aware LDAP client applications which are worth using anyway.
If I want to use syncrepl to replicate my data do I have to have the exact same list of schemas in the same order on the consumer (i.e. does the number in the curly braces matter)?
In general (for safety) and if in doubt: Yes.
There might be exceptions in some rare corner cases and if you really know what you're doing. ;-]
If I add a schema to a consumer does it have to be added to the provider as well even if the attributes it contains are unused?
Most times no.
Ciao, Michael.
openldap-technical@openldap.org
-
Chris Neilson -
Michael Ströder -
Quanah Gibson-Mount