[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

New ldap schema for debian-edu?



Hi all,

I have been following part of the discussions to refurbish the ldap
structure in debian-edu as documented and discussed on IRC and in 
<URL:http://wiki.debian.org/DebianEdu/NewLDAPStructure>
<URL:http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html>.

Especially with the ideas of creating a new schema I cannot get rid of
a uncomfortable feeling. Let me explain why:

What makes me wonder is, why a small project like debian-edu needs to
come up with the invention of a new schema when the rest of the world
does not feel the pressure to move away from schemas that have been
around and used successfully for many years in many institutions. I
fear that this solo attempt to improve things might end up in loosing
compatibility and flexibility to use tools for ldap administration,
something we definitely need.

For me, the main argument in advance of using a single LDAP object for
a given computer is the following: If you use ldapvi to add or change
that object, it's much easier and you don't loose any part hidden in
an other object somewhere else. As soon as you use some higher level
LDAP administration tool, the problem of distributing changes to several
LDAP objects is left to the tool and seems to work for many people all
around the world. Of course, it is much nicer from an aesthetic point
of view to have one object and by that get rid of redundant
information too. 

There have been other arguments around, like what happens if slapd
crashes when half of the objects representing a single machine have
been added to LDAP, (missing) atomicity of openldap and so on - I
don't know if they expect to be taken seriously. The machine
information in LDAP is something static and if you think you need to
improve things perhaps better implement some LDAP server replication.

Has the distribution of machine information to several objects been a
problem with debian-edu in the past? 

So as I point out from time to time: In my opinion, we as a project
with rather limited manpower, we should really keep things as simple and
mainstream as possible. There is still enough work left to spend our
inventional energy on. So please think carefully if the price you pay
by implementing a special way is justified. I guess we don't have the
user base to make the world follow our better approach. 

I might have lost some arguments, please keep up with the
discussion. As people usually say: Just my two cents ;-)

Best regards,

     Andi


Reply to: