[Date Prev][Date Next] [Chronological] [Thread] [Top]

back-config again



More notes on LDAP-enabling the slapd configuration mechanism...

One step towards making the slapd configuration easily presentable in LDAP is
to use LDIF for the config file format. There will be a cn=config backend
implicitly defined, and everything will branch out underneat this.

The actual backend is implemented by specific modules corresponding to
specific objectclasses. E.g., objectClass OpenLDAPbdbDatabase will contain
attributes for a back-bdb configuration. Each backend type will export a
table of functions to implement their respective objectclasses.

The idea is somewhat reminiscent of the back-ftree backend.

There are still some issues regarding order-dependent config info (like ACLs,
sasl-regexp, database order). I have an idea to use attribute tagging to help
out here, e.g.:

suffix="dc=example,dc=com",ou=databases,cn=config
access;x-order-1: attr=userpassword $ by self write $ by * auth
access;x-order-2: * $ by * read

More thoughts welcome.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support