[Pkg-openldap-devel] OpenLDAP 2.4.7

Steve Langasek vorlon at debian.org
Fri Jan 11 20:02:29 UTC 2008


On Fri, Dec 21, 2007 at 07:53:19PM -0800, Quanah Gibson-Mount wrote:
>>> Not all databases support replication (back-monitor for example).  Some
>>> databases probably shouldn't be replicated (back-config for example).

>> That's detectable based on the contents of slapd.conf though, so this
>> could be "apply it to all the databases that aren't back-monitor or
>> back-config"?

> Or back-ldap, back-meta, bback-ldif, back-null, back-passwd, back-perl, 
> back-relay, back-shell, back-sock (coming in a future 2.4 release), and 
> back-sql.  I think that about covers it. ;)

>>> Also, see my somewhat more expanded reply in my other email to Russ.
>>> One  can't assume the credentials apply correctly in reverse.

>> Right, I guess I just don't see that this should prevent us from doing the
>> first, automatable half of the setup, leaving only the credentials setup
>> for the admin to handle?

> I suppose, although they may be doing other things than simple 
> username/password, but I'm guessing you can detect some of that from the 
> slurpd configurations as well. :)

So looking more closely at this, slapd.conf(5) asserts that a 'replica'
option is per-database, not global, which is consistent with how I recall
using it in the past.  That makes it even easier to get reasonable default
behavior on upgrade, I think - if the database had a replica configured, add
the server-side syncrepl config and warn, otherwise do nothing.

Here's a first try at converting, then.  The "syncprov-checkpoint" value is
taken from the example at
<http://www.openldap.org/doc/admin24/syncrepl.html>, which I hope means it's
a reasonable default.  It's not clear to me whether "syncprov-sessionlog"
should also be set by default.
The "replica" lines themselves are left untouched, for reference if nothing
else; they're silently ignored by slapd 2.4 from what I see, so no need to
fret over them yet.

Introduces more debconf interaction, so we should probably run the text by
debian-l10n-english, though I'm disinclined to let a language review block
the process of getting this uploaded to unstable so we can start the libldap
transition.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slurpd-obsoleted.patch
Type: text/x-diff
Size: 4457 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080111/a0cb6d58/attachment.patch 


More information about the Pkg-openldap-devel mailing list