[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I really disable schema-checking?

To: Salim Fadhley <sal@stodge.org>, openldap-software@openldap.org
Subject: Re: How can I *really* disable schema-checking?
From: Bill MacAllister <whm@stanford.edu>
Date: Sat, 24 Jan 2009 13:28:32 -0800
Content-disposition: inline
In-reply-to: <a4603aec0901211306o34231435ud18f3b12949ecfdb@mail.gmail.com>
References: <ce6d5c8daefdede12d5f940e992f9b87@imap.gmail.com> <F75599DE0AC55F8E07CCA016@wp> <a4603aec0901211306o34231435ud18f3b12949ecfdb@mail.gmail.com>

--On Wednesday, January 21, 2009 09:06:19 PM +0000 Salim Fadhley <sal@stodge.org> wrote:

What about the other issue - the connection limit? I would be delighted to
use any build of 2.2.19 (it does everything I need), except that all of
the builds I have seen for windows have a limit of 64 concurrent
connections. The more recent builds have a limit of a few-thousand
connections but without the "schemacheck off" feature  so desperately
need.

In addition to missing attributes required by the schema we also have
extra attributes not required by core elements of the schema, and we also
have malformed elements which do not have cn entries - I understand that
this is not so much a violation of a schema but of the entire LDAP RFC.
Unfortunately I am dealing with utterly crazy data which if I were to fix
it would force me to re-test an entire application... it's a very big
application which I mostly do not understand - that is why it's much
simpler to make the new LDAP server work as much as possible like the old
one.

While it would be inappropriate to repeat a historical flaming, my feeling
is that it was a real nuisance to take a potentially useful feature which
people were innocently (ab)using - it was abruptly removed without any
simple migration path. I understand that disabling schema-checking would
be a foolish thing to do in a conventional LDAP application (e.g. NIS),
but many people use openldap for casual or experimental purposes for
which it is very convenient to allow an "anything-goes" strategy.

Just so we are clear, you want the developers to implement a feature that they don't agree with so that an application that is dependent on a broken data model won't have to be retested. You find someone that signs up for that make sure you let them know that I have a bridge for sale.

Having said that, really the only thing that has changed is that you have to define some schema elements. No where does the software say that they have to make sense. You will have to read the documentation enough to know how to create the new elements you require and relax syntaxes to allow your bogus data, but if you do that you will still be able to re-implement your "anything-goes" strategy.

Bill

+--------------------------------------------------------
| Bill MacAllister <whm@stanford.edu>
| Systems Software Programmer, ITS Unix Systems, Stanford University

References:
- How can I *really* disable schema-checking?
  - From: Salim Fadhley <sal@stodge.org>
- Re: How can I *really* disable schema-checking?
  - From: Bill MacAllister <whm@stanford.edu>
- Re: How can I *really* disable schema-checking?
  - From: Salim Fadhley <sal@stodge.org>

Prev by Date: [OPENLDAP] slapd password confusion
Next by Date: Re: 64bit compile fails on Solaris 10
Index(es):
- Chronological
- Thread

Re: How can I *really* disable schema-checking?

Re: How can I really disable schema-checking?