[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#4556 ditStructureRules

To: openldap-its@OpenLDAP.org
Subject: ITS#4556 ditStructureRules
From: hyc@symas.com
Date: Wed, 7 Feb 2007 23:22:19 GMT

I've often thought about adding support here, but it looks like an 
all-or-nothing proposition. I.e., when you have a server that uses 
ditStructureRules, you must actually define a full set of rules otherwise you 
cannot add any user entries to the directory at all. This would be a pretty 
drastic change for people accustomed to the current behavior, where you can 
put any entry you like anywhere you like. Beginners have a hard enough time 
just getting their first two entries into the directory; requiring the use of 
ditStructureRules would seem to just make a bad situation worse.

Possibly we could make it a configurable option - enable them with a 
per-database setting, defaulting to off to preserve the current behavior. 
Fully aligning with X.500 practices would have to wait for a new generation 
of server. E.g., we currently support the use of subdatabases using 
subordinate/glue. These provide some of the notion of X.500 Administrative 
Areas, except their definitions reside in the cn=config tree, not as 
subentries of the main DIT. Providing full subentry-based administration 
would be a major change in how the server is operated and how the DIT is 
administered. Something for OpenLDAP 3.0.
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Prev by Date: Re: (ITS#4833) Back-config chokes when adding database
Next by Date: (ITS#4835) dyngroup.schema needs clarification
Index(es):
- Chronological
- Thread