[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
Quanah, all of this is with due respect - I really appreciate how much time you've put into this project.
> They were never a multi-line string in slapd.conf, either. You could just format things to pretend they were multi-line strings.
But this is irrelevant within the scope of usability. As far as the sysadmin is concerned, slapd.conf allowed multi-line strings for ACLs and schemas. This yielded great readability as shown in the screenshots in the original message.
> I use Net::LDAP perl module to handle ACL updates. It's quite simple. The same thing could likely be done in python. Plus replacing an entire ACL in cn=config is trivial, since you can delete the existing ACL using the {#} value, and you can insert new ACLs trivially but using a weight of where you want to insert it.
I don't think writing a custom ldap client is "simple". Or, as David Blank-Edelman requests, perhaps you have some example code showing how simple it is? I have written ldap scripts in perl, python, and php - so I'm not asking as a newbie. I'm having trouble imagining this being any more user-friendly than a decent LDAP client like Apache Directory Studio - which still isn't as readable as ACL .conf files. One could always pay special attention to the script's output/ui to make it more readable, but that's not trivial; I think something good would require ACL and schema parsing.
> You can optionally enable this at build time in OpenLDAP 2.4.30 for testing. As it is an experimental feature, YMMV.
I have seen that in various threads. I'm happy to test it, but primarily I'm interested in cn=config entry deletion being a stable feature eventually. Just my $0.02.