[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: Re: Obtain Schema files from a software client

To: Mike Jackson <mj@sci.fi>
Subject: Re: Fwd: Re: Obtain Schema files from a software client
From: Howard Chu <hyc@symas.com>
Date: Wed, 11 May 2005 15:10:22 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20050511214634.GA3535@rocket.netauth.com>
References: <20050511042009.GA31313@rocket.netauth.com> <4281A9DA.8010703@symas.com> <20050511214634.GA3535@rocket.netauth.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050508

Mike Jackson wrote:

Howard Chu (hyc@symas.com) wrote:

This function exists in OpenLDAP 2.3. You can perform all of the server administration and configuration via LDAP; you can add any definitions via LDAP without requiring a server restart. In particular, for schema, you can collect related schema together into a single LDAP entry and propagate/replicate it to any other server; there is no need to dump it all into a catch-all file.
Nice. And how does this support version control of schema? Say, for instance,
I want to upgrade my self-written "foo123" schema from version 1.98 to version
1.99, how do I do it? Do I need to put X-ORIGIN stamps on every attribute
and objectclass, and do a deletes/modifies, or what? Obviously, I would prefer
that the server would poll a filesystem directory, parse the new/updated file,
and either atomically load or reject it, then replicate it to all servers where
there are existing replication agreements in force.
The typical case is that a new schema version will bring some new attributes
and objectclasses, but not remove backward compatibility...

Version control is up to you.

At present (2.3.3beta), deletes are not supported for schema elements. We have a plan to support fine-grain schema editing down the road. For now all you can do is Add new definitions - adding new attributes and objectclasses is fine, modifying the definitions of existing elements is not supported.

For example, I can create a schema set in a file "test.ldif" :

dn: cn=test,cn=schema,cn=config cn: test objectClass: olcSchemaConfig olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.37 NAME 'testTime' EQUALITY gen eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.24 SINGLE-VALUE ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.1.38 NAME 'testPerson' SUP OpenLDA Pperson STRUCTURAL MAY testTime )

and ldapadd it into a running slapd.

Later I could add new definitions to this entry with ldapmodify:

dn: cn=test,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.34 NAME 'x509CertificateIssuer' DESC 'Aliasing attribute: Issuer, use' EQUALITY distinguishedNameMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.35 NAME 'x509CertificateSerial' DESC 'Aliasing attribute: Serial, use' EQUALITY integerMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.27 )

Automatically replicating the change to other servers is feasible, but you have to go thru a bit of indirection to do it. The steps are still being discussed on the -devel list.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- Fwd: Re: Obtain Schema files from a software client
  - From: Mike Jackson <mj@sci.fi>
- Re: Fwd: Re: Obtain Schema files from a software client
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Access per Attribute Definition based on ACL
Next by Date: ldap_set_option
Index(es):
- Chronological
- Thread