Thank you!
On Wed, Aug 25, 2021 at 3:08 PM Quanah Gibson-Mount quanah@symas.com wrote:
--On Wednesday, August 25, 2021 3:57 PM -0400 Dave Macias davama@gmail.com wrote:
Awesome!
So then, if it's already shipped, why dont I see the schema files for ppolicy? Would have thought to find it here: /opt/symas/etc/openldap/schema
I strongly advise reading the OpenLDAP 2.5 admin guide section on upgrading, specifically:
< https://www.openldap.org/doc/admin25/appendix-upgrading.html#ppolicy%20overl...
which directly answers your question.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hello,
I have noticed a few changes in the cn=config configuration between openldap 2.5.1 and 2.5.7.
The main things that have changed:
- many modifications in the configuration schema (cn=schema,cn=config)
- some modifications in the additional schemas (core, cosine,...)
- a few modifications in the database and overlay entries (for example, olcDbMaxEntrySize, olcPPolicyDisableWrite, objectClass: olcMemberOf -> objectClass: olcMemberOfConfig)
It means that, when upgrading OpenLDAP, the previous configuration may not be compatible with the new OpenLDAP version.
Considering this, I have 2 questions:
1/ Do you plan to continue having evolutions of the configuration schema?
2/ If so, will the previous 2.5 configuration be compatible in the future?
Regards,
David
David Coutadeur wrote:
Hello,
I have noticed a few changes in the cn=config configuration between openldap 2.5.1 and 2.5.7.
The main things that have changed:
- many modifications in the configuration schema (cn=schema,cn=config)
- some modifications in the additional schemas (core, cosine,...)
- a few modifications in the database and overlay entries (for example, olcDbMaxEntrySize, olcPPolicyDisableWrite, objectClass: olcMemberOf -> objectClass: olcMemberOfConfig)
It means that, when upgrading OpenLDAP, the previous configuration may not be compatible with the new OpenLDAP version.
False. Additions to the schema are always forward-compatible. Where we have renamed objectclasses, we have kept the old name as an alias. So old configs will continue to work.
Considering this, I have 2 questions:
1/ Do you plan to continue having evolutions of the configuration schema?
Whenever the need arises.
2/ If so, will the previous 2.5 configuration be compatible in the future?
We will never break compatibility unless it is totally unavoidable.
Le 26/08/2021 à 17:24, Howard Chu a écrit :
David Coutadeur wrote:
Hello,
I have noticed a few changes in the cn=config configuration between openldap 2.5.1 and 2.5.7.
The main things that have changed:
- many modifications in the configuration schema (cn=schema,cn=config)
- some modifications in the additional schemas (core, cosine,...)
- a few modifications in the database and overlay entries (for example, olcDbMaxEntrySize, olcPPolicyDisableWrite, objectClass: olcMemberOf -> objectClass: olcMemberOfConfig)
It means that, when upgrading OpenLDAP, the previous configuration may not be compatible with the new OpenLDAP version.
False. Additions to the schema are always forward-compatible. Where we have renamed objectclasses, we have kept the old name as an alias. So old configs will continue to work.
Considering this, I have 2 questions:
1/ Do you plan to continue having evolutions of the configuration schema?
Whenever the need arises.
2/ If so, will the previous 2.5 configuration be compatible in the future?
We will never break compatibility unless it is totally unavoidable.
Ok, thanks for your answers!
Le 26/08/2021 à 17:24, Howard Chu a écrit :
It means that, when upgrading OpenLDAP, the previous configuration may not be compatible with the new OpenLDAP version.
False. Additions to the schema are always forward-compatible. Where we have renamed objectclasses, we have kept the old name as an alias. So old configs will continue to work.
Hello Howard,
thanks a lot for this confirmation.
What would be the best practice to update the cn=schema,cn=config entry after an upgrade? It seems this schema is only available when we migrate slapd.conf to cn=config.
Maybe it could be interesting to provide an upgrage LDIF file that we could use to modify existing configuration?
Clément OUDOT wrote:
Le 26/08/2021 à 17:24, Howard Chu a écrit :
It means that, when upgrading OpenLDAP, the previous configuration may not be compatible with the new OpenLDAP version.
False. Additions to the schema are always forward-compatible. Where we have renamed objectclasses, we have kept the old name as an alias. So old configs will continue to work.
Hello Howard,
thanks a lot for this confirmation.
What would be the best practice to update the cn=schema,cn=config entry after an upgrade? It seems this schema is only available when we migrate slapd.conf to cn=config.
The contents of the cn=schema,cn=config entry on disk are mostly irrelevant. That entry represents all the hardcoded schema in slapd, so it will always be generated in memory with slapd's current schema at runtime.
Le 26/08/2021 à 18:13, Howard Chu a écrit :
What would be the best practice to update the cn=schema,cn=config entry after an upgrade? It seems this schema is only available when we migrate slapd.conf to cn=config.
The contents of the cn=schema,cn=config entry on disk are mostly irrelevant. That entry represents all the hardcoded schema in slapd, so it will always be generated in memory with slapd's current schema at runtime.
Oh I discover that, thanks a lot!
Do you know why it is generated when we convert slapd.conf to cn=config? It does not seem to have any advantage.
openldap-technical@openldap.org
-
Clément OUDOT -
Dave Macias -
David Coutadeur -
Howard Chu