[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can a package modify slapd.conf in its maintainer script?

On Tue, Aug 12, 2008 at 06:07:14PM +0200, Bastian Blank wrote:
> On Tue, Aug 12, 2008 at 12:35:30PM -0300, Steve Langasek wrote:
> > It is possible; I'm currently awaiting feedback from the OpenLDAP
> > comaintainers before we enable it.

> You know that parts of the config settings are only supported in the
> legacy-format?

I've been told that there are certain (uncommon) backends that aren't
supported by cn=config, and I'm not surprised to learn that there are some
overlays that are unsupported as well.  Do you have a list of these that are
of concern to you?

AFAIK the components that have not yet been ported to cn=config are those of
marginal interest, and I don't think they should block us from moving to
only support cn=config in the package; users who prefer to stick with
slapd.conf will be able to switch back after upgrade, at the expense of not
getting automatic config upgrades from the package anymore.

> Is there documentation how to import new schemas in the new config tree?

They need to be provided in LDIF format.  All of the schemas included in the
slapd package now also have .ldif versions that can be used as examples of
how to do this.  I haven't looked for documentation, per se.

> Also modification are only supported via the ldap
> protocol, who say that root may authenticate at all?

We prompt for the password to use as the olcRootPW when setting up
cn=config, and can prompt for it again when other packages need to make
schema changes.  I don't think this should be any more problematic than
what's currently done for integration with database packages.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: