[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
back-config again
More notes on LDAP-enabling the slapd configuration mechanism...
One step towards making the slapd configuration easily presentable in LDAP is
to use LDIF for the config file format. There will be a cn=config backend
implicitly defined, and everything will branch out underneat this.
The actual backend is implemented by specific modules corresponding to
specific objectclasses. E.g., objectClass OpenLDAPbdbDatabase will contain
attributes for a back-bdb configuration. Each backend type will export a
table of functions to implement their respective objectclasses.
The idea is somewhat reminiscent of the back-ftree backend.
There are still some issues regarding order-dependent config info (like ACLs,
sasl-regexp, database order). I have an idea to use attribute tagging to help
out here, e.g.:
suffix="dc=example,dc=com",ou=databases,cn=config
access;x-order-1: attr=userpassword $ by self write $ by * auth
access;x-order-2: * $ by * read
More thoughts welcome.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support