Peter wrote:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
That is a very nice proposal, it would sort of give us the good things of both worlds.
It means you would not be able to edit the schema contained within these directives over LDAP, since those elements aren't themselves part of the cn=config DIT. So no, it's not the good things of both worlds.
IMHO schema is the only thing where cn=config makes life harder than slapd.conf.
Being a long time lurker on this list it is fun to see that although same subjects like config alternatives, turn up again and again, the arguments and solution proposals at least sometimes do progress.
Cheers
Peter
Am 15.09.2017 um 20:33 schrieb Quanah Gibson-Mount:
--On Friday, September 15, 2017 12:24 PM -0700 Ryan Tandy ryan@nardis.ca wrote:
There was some talk, either in IRC or on -devel, of creating a way for cn=config to reference schema files (possibly LDIF) on disk rather than importing them into the config database. I think that would be an improvement. Importing schemas into cn=config is cool - especially if you want to replicate the config - but I'm not sure it's a good default.
Since ordering is mandatory, it would be nice if you could just do something like:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
etc. Then you could change the schema files on disk, and cn=config would just load them in when it started. It'd certainly make the behavior analagous to slapd.conf, and allow for easier rollback/testing.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Am 22.09.2017 um 16:50 schrieb Howard Chu:
Peter wrote:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
That is a very nice proposal, it would sort of give us the good things of both worlds.
It means you would not be able to edit the schema contained within these directives over LDAP, since those elements aren't themselves part of the cn=config DIT.
Oops, I just see that I read something different than I meant. I meant .schema and not .ldif:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.schema olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.schema olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.schema
That is what I would like to have, so that people can edit schema in a format that was standardised in LDAP without adding the complexity of LDIF change commands.
So no, it's not the good things of both worlds.
It would make schema modification easier and better traceable and auditable.
But as it is not a lot more than a nice to have, I wont push this further.
Cheers, Peter
IMHO schema is the only thing where cn=config makes life harder than slapd.conf.
Being a long time lurker on this list it is fun to see that although same subjects like config alternatives, turn up again and again, the arguments and solution proposals at least sometimes do progress.
Cheers
Peter
Am 15.09.2017 um 20:33 schrieb Quanah Gibson-Mount:
--On Friday, September 15, 2017 12:24 PM -0700 Ryan Tandy ryan@nardis.ca wrote:
There was some talk, either in IRC or on -devel, of creating a way for cn=config to reference schema files (possibly LDIF) on disk rather than importing them into the config database. I think that would be an improvement. Importing schemas into cn=config is cool - especially if you want to replicate the config - but I'm not sure it's a good default.
Since ordering is mandatory, it would be nice if you could just do something like:
olcSchemaFile: {0}include: file://$ABS_SCHEMADIR/core.ldif olcSchemaFile: {1}include: file://$ABS_SCHEMADIR/cosine.ldif olcSchemaFile: {2}include: file://$ABS_SCHEMADIR/inetorgperson.ldif
etc. Then you could change the schema files on disk, and cn=config would just load them in when it started. It'd certainly make the behavior analagous to slapd.conf, and allow for easier rollback/testing.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Howard Chu -
Peter