[Pkg-openldap-devel] Proposal for the configuration in debian.

Sun Feb 26 10:01:24 UTC 2006

On Fri, Feb 24, 2006 at 10:39:35PM +0100, Matthijs Mohlmann wrote:

> I would like to change the structure of the slapd configuration a bit so
> that it addresses a few issues.

> - - /etc/ldap/slapd.conf

> This configuration file should contain a minimal set of parameters that
> are needed to run the database server (without the directories)

> - - /etc/ldap/ldapdb/*

> The directory /etc/ldap/ldapdb should contain files that describe the
> directory and the needed parameters for that directory. The files in
> there can be called to their basedn for example. These files can contain
> the indexes, acl's and normal other parameters needed to setup a directory.

This sounds like an interesting idea to me.

> - - /etc/ldap/schema/*

> The schema's that are needed to be included. This is already done.

Uh, this is a problem.  I have plenty of files in my /etc/ldap/schema/
directory which I do *not* expect to be included unconditionally in the
running slapd's config; I have alternate revisions of schema files that I've
tuned, I have conflicting schema files, and I even have an
/etc/ldap/schema/README file...  I don't think it's right to include all of
the schema files like this, I think it might be better to just include the
core schema files and possibly create an additional /etc/ldap/slapd.d/
directory where packages can include config files that would document
additional schemas, etc.

At that point, I expect the load order would be:

include /etc/ldap/slapd.d/*.conf
include /etc/ldap/ldapdb/*.conf

Note that the *.conf should give us a way of excluding old versions of
conffiles, à la run-parts.

> In this way we can fix the issues around upgrading and following
> includes (#304488). And we can fix #333428 this bug. There are probably
> several out there that can be fixed if we do it this way.

Can you explain in more detail how you think this will fix 304488?  I don't
see that it will fix 304488 at all, since 304488 relates to config file
syntax changes -- splitting the config into more includes makes it *harder*
to correct such problems on upgrade, not easier, I think.

I do agree that this basic idea is nice for things like 333428; I've wanted
for a while to be able to provide a samba-ldap package to auto-configure an
LDAP-based samba PDC, but haven't really bothered with it because I knew it
would violate policy to implement it.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060226/daaa3610/attachment.pgp