[Pkg-openldap-devel] Bug#925597: Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

Ryan Tandy ryan at nardis.ca
Wed Mar 27 15:22:50 GMT 2019 

Control: tag -1 upstream

Hi Christoph,

I'm sorry to hear the documentation caused you some frustration here.

On Wed, Mar 27, 2019 at 12:17:18PM +0100, Christoph Biedl wrote:
>the slapo-constraint(5) manpage still refers to /etc/ldap/slapd.conf for
>configuration, a configuration method that has been abandoned ... many
>years ago. It took hours of searching and eventually using strace to
>confirm it's completely ignored.

Sort of. It's soft-deprecated but also still supported. But slapd runs 
in cn=config mode (-F) OR slapd.conf mode (-f) ... it sounds like you 
had slapd running in cn=config mode (Debian's default) but tried to add 
some configuration in a slapd.conf file, which indeed would be ignored.

>So *please* update the documentation and the examples of usage.

ACK. There is not really an active documentation contributor upstream at 
the moment, and some documentation is still not updated for cn=config, 
as you found. So I'm sorry there is indeed a long tail of older bits and 
not much progress being made.

>The Administrator's Guide has something about this (12.4.2), and I had 
>to read the openldap sources to learn the appropriate keywords like 
>olcConstraintAttribute to find that one.

Maybe too late to help you now, but you can introspect the schema on 
your running slapd instance by making searches under the 'cn=Subschema' 
base. This is the recommended way of finding, for example, what 
configuration classes/attributes are actually available on your specific 
instance.

>And while you're on it, it really shouldn't hurt to mention the
>constraint module needs to be loaded before it's possible to use it.
>This is mentioned in slapd.overlay(5), but that's another piece of
>information you'd only find when you already know what you are looking
>for.

Others have asked for this before and upstream are resistant to repeat 
this information in every overlay's man page when it can just be 
written once in a central place. (Can you tell we're talking about 
programmers here?) But this bites enough new users and I do tend to 
agree we should have even a breadcrumb in each man page that lets people 
know what they should be looking for...

Better luck on your next try,

Ryan

More information about the Pkg-openldap-devel mailing list