[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re[2]: config backend
Hello,
Wednesday, March 05, 2003, 11:59:19 AM, you wrote:
HC> Yes, the idea is to allow most settings to be changed. Part of the problem I
HC> struggled with in the prototype was efficient/modular parsing and rewriting
HC> of the file without losing or misplacing coments.
HC> If we use LDIF and actual attributeTypes for config keywords, then the schema
HC> engine becomes my framework for efficient parsing. To handle backend- or
HC> database-specific config keywords, the schema engine would have to be
HC> extended to pass off schema evaluation to individual backends. This would
HC> naturally lead to implementing backend-specific subschemaSubentries.
HC> There's still the issue of how to rewrite the file while preserving comments.
HC> I had it worked out, but it was no joy. I still don't have a good idea for
HC> how to present the comments thru the LDAP interface, adjacent to their
HC> relevant keywords.
May be we can use hierarchy config schema like this (it's modified
version):
dn: cn=config
cn: config
objectclass: OpenLDAPslapdConfig
dn: cn=global,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPGlobalslapdConfig
> allow: bind_v2
> allow: bind_anon_cred
> argsfile: slapd.args
> concurrency: 1
> defaultsearchbase: o=foo
> disallow: bind_krbv4
> limits: anonymous $ time=1 $ size=20
> labeledURI: ldap://localhost $ listen on loopback interface, default port
> labeledURI: ldaps:// $ listen on all interfaces, default port (636)
> labeledURI: ldapi://%2fvar%2frun%2fldapi $ listen on /var/run/ldapi
> labeledURI: cldap://
> loglevel: 256
comments: This is some discription and comments for Global Parameters
> schemadn: cn=Subschema,cn=config
dn: cn=modules,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPModulesslapdConfig
> moduleload: back_ldbm.la
comments: This is some discription and comments for Modules
Parameters. Here may be information about type of module
(static or dynamic)
dn: cn=modules,cn=config
objectclass: OpenLDAPslapdConfig
objectclass: OpenLDAPAccesslapdConfig
> access: dn="cn=foo" attr=userpassword $ by self write $ by * auth
comments: This is some discription and comments for ACL of Directory
Parameters. May be each of "access: dn" could hold comments
>
> dn: cn=rootdse,cn=config
> cn: rootdse
> <attributes to add to the rootDSE>
comments: This is some discription and comments
>
> dn: cn=Subschema,cn=config
> #include schema/core.schema
> #include schema/cosine.schema
> ...
comments: This is some discription and comments
>
> dn: ou=backends,cn=config
>
> dn: cn=bdb,ou=backends,cn=config
> <backend-specific options>
>
> dn: ou=databases,cn=config
>
> dn: suffix="dc=example,dc=com",ou=databases,cn=config
> objectclass: OpenLDAPslapdDatabase
> objectclass: OpenLDAPslapdAccess
> suffix: dc=example,dc=com
> suffix: o=example.com,c=us
> database: bdb
> rootdn: dc=example,dc=com
> index: objectclass $ eq
> index: cn,sn,mail $ eq,sub,approx
This version on my mind can help to solve problem with "losing
comments" and help to check each part of config file for correctness.
Next question is with offline-tools (slapcat and slapadd).
How these utilities will work in a usual mode and in chroot
environment mode of the server?
HC> -- Howard Chu
HC> Chief Architect, Symas Corp. Director, Highland Sun
HC> http://www.symas.com http://highlandsun.com/hyc
HC> Symas: Premier OpenSource Development and Support
>> -----Original Message-----
>> From: Pierangelo Masarati [mailto:ando@sys-net.it]
>> Sent: Tuesday, March 04, 2003 11:43 PM
>> To: hyc@highlandsun.com
>> Cc: openldap-devel@OpenLDAP.org
>> Subject: Re: config backend
>>
>>
>>
>> > Just food for thought:
>>
>> It is very interesting; I think you already wrote about this
>> some time ago, when talking about gentle restart or so.
>> I believe this would become strikingly interesting if we could
>> modify at least some of the settings while the server is running.
>>
>> Ando.
>>
>> --
>> Pierangelo Masarati
>> mailto:pierangelo.masarati@sys-net.it
>>
>>
--
Best regards,
Volkov mailto:vserge@altlinux.ru