[Pkg-openldap-devel] new debconf template for openldap

Ryan Tandy ryan at nardis.ca
Sat Jan 7 23:25:48 UTC 2017 

Hi Justin,

Thank you for the review!

On Sat, Jan 07, 2017 at 10:10:16PM +0000, Justin B Rye wrote:
>> In the version of slapd about to be installed, the ppolicy overlay
>> requires the new pwdMaxRecordedFailure attribute to be defined in the
>> ppolicy schema. The schema contained in the cn=config database does not
>> currently include this attribute.
>
>Expanding "ppolicy" and crushing everything else:
>
>  In the new version of slapd, the Password Policy (ppolicy) overlay schema
>  requires a defined pwdMaxRecordedFailure attribute, which is not present
>  in the schema contained in the cn=config database.

I had to read this a few times. Initially I parsed "overlay schema" as a 
schema overlaid onto others, rather than an overlay and a related 
schema. Just to be clear, an overlay is a slapd plugin (a shared 
library), and the schema is configuration that supplies schema entities 
(primarily attribute types and object classes). "The schema" technically 
means the entire slapd schema collectively. "The ppolicy schema" is more 
colloquial and means either the subset of it used by the ppolicy 
overlay, or the schema fragment shipped in a file called "ppolicy.ldif" 
(normally these are equivalent).

I also realized it would probably be more correct to say "attribute 
type" and not just "attribute". (Attributes are things that have values; 
attribute types define their names and what the values can look like.)

This is all rather esoteric OpenLDAP-specific stuff, I realize. Sorry.

Anyway, my attempt at adjusting it:

  In the new version of slapd, the Password Policy (ppolicy) overlay 
  requires the schema to define the pwdMaxRecordedFailure attribute 
  type, which is not present in the schema currently in use.

>(Or would just "the schema currently in use" be okay?)

I think so. The context for that bit is that new users sometimes think 
the schema files shipped by the package represent the active 
configuration, while in reality those are only consulted at the time 
they're imported into the database. In this case it should be fine since 
we provide specific guidance.

>Oh, I used apt-get source - hope the attached patch is useful.

That's perfect, thanks! Besides the paragraph I commented on above, I'll 
take the rest of your patch verbatim.

More information about the Pkg-openldap-devel mailing list