Re: [Pkg-openldap-devel] new debconf template for openldap
Thank you for the review!
On Sat, Jan 07, 2017 at 10:10:16PM +0000, Justin B Rye wrote:
In the version of slapd about to be installed, the ppolicy overlay
requires the new pwdMaxRecordedFailure attribute to be defined in the
ppolicy schema. The schema contained in the cn=config database does not
currently include this attribute.
Expanding "ppolicy" and crushing everything else:
In the new version of slapd, the Password Policy (ppolicy) overlay schema
requires a defined pwdMaxRecordedFailure attribute, which is not present
in the schema contained in the cn=config database.
I had to read this a few times. Initially I parsed "overlay schema" as a
schema overlaid onto others, rather than an overlay and a related
schema. Just to be clear, an overlay is a slapd plugin (a shared
library), and the schema is configuration that supplies schema entities
(primarily attribute types and object classes). "The schema" technically
means the entire slapd schema collectively. "The ppolicy schema" is more
colloquial and means either the subset of it used by the ppolicy
overlay, or the schema fragment shipped in a file called "ppolicy.ldif"
(normally these are equivalent).
I also realized it would probably be more correct to say "attribute
type" and not just "attribute". (Attributes are things that have values;
attribute types define their names and what the values can look like.)
This is all rather esoteric OpenLDAP-specific stuff, I realize. Sorry.
Anyway, my attempt at adjusting it:
In the new version of slapd, the Password Policy (ppolicy) overlay
requires the schema to define the pwdMaxRecordedFailure attribute
type, which is not present in the schema currently in use.
(Or would just "the schema currently in use" be okay?)
I think so. The context for that bit is that new users sometimes think
the schema files shipped by the package represent the active
configuration, while in reality those are only consulted at the time
they're imported into the database. In this case it should be fine since
we provide specific guidance.
Oh, I used apt-get source - hope the attached patch is useful.
That's perfect, thanks! Besides the paragraph I commented on above, I'll
take the rest of your patch verbatim.