Michael Ströder wrote:
Howard Chu wrote:Michael Ströder wrote:There's no mechanism like include.False. OpenLDAP's LDIF library supports include directives, and they're used frequently in the test suite. The include statement has been documented in the ldif(5) manpage since 2006.How do you use this proprieatry include-statement in cn=config?
The full discussion of include: was on the ldapext mailing list, there's nothing proprietary about it. If you don't like the fact that there's no new version of RFC2849 with the relevant text, feel free to spend the time to polish up a new version of that document.
From my understanding this can only be used when editing LDIF files outsideback-config and slapadd the whole stuff at once. But this defeats the goal of cn=config because slapadd needs a restart.
This conversation was about checking a config into a version control system. If you're actually doing that, then you should be checking in a complete slapcat'd LDIF as a single file. The only way to make use of such a version controlled file is by slapadd of course, but most likely the reason you're digging an old version out of your VCS in the first place is because you need to restore a backup, and slapd would already be down in that case.
You're blaming the tools when it's your own ignorance at fault.Ah, yes...again you don't want to hear the defencencies of the current approach which get obvious again in this thread.
What you call a deficiency(sp) is sheer nonsense. Tell me how you expect to provide read/write database access to a file included from any arbitrary filesystem location? Think about the safety of such a proposition as well; not everybody has AppArmor or other security mechanisms on their machines. You cry that it can't do "X" when in fact it would be irresponsible to ever allow it to do "X". You haven't thought it through, you're just babbling.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/