[Date Prev][Date Next] [Chronological] [Thread] [Top]

back-config again

To: <openldap-devel@OpenLDAP.org>
Subject: back-config again
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sun, 28 Mar 2004 19:29:25 -0800
Importance: Normal

More notes on LDAP-enabling the slapd configuration mechanism...

One step towards making the slapd configuration easily presentable in LDAP is
to use LDIF for the config file format. There will be a cn=config backend
implicitly defined, and everything will branch out underneat this.

The actual backend is implemented by specific modules corresponding to
specific objectclasses. E.g., objectClass OpenLDAPbdbDatabase will contain
attributes for a back-bdb configuration. Each backend type will export a
table of functions to implement their respective objectclasses.

The idea is somewhat reminiscent of the back-ftree backend.

There are still some issues regarding order-dependent config info (like ACLs,
sasl-regexp, database order). I have an idea to use attribute tagging to help
out here, e.g.:

suffix="dc=example,dc=com",ou=databases,cn=config
access;x-order-1: attr=userpassword $ by self write $ by * auth
access;x-order-2: * $ by * read

More thoughts welcome.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: back-config again
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: back-config again
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: back-config again
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: ITS #2899 - NS-MTA-MD5 password hashing
Next by Date: Re: back-config again
Index(es):
- Chronological
- Thread