Quanah and Howard, hello.
On 16 Jul 2020, at 16:29, Quanah Gibson-Mount wrote:
Documentation such as [1] notes that there is a one-to-one
correspondence
between slapd.conf directives and slapd-config database attributes.
However it's not always completely clear just what the mapping is.
See bugs: 5915, 6277, 7335, 8742
Right -- I see. Thanks.
I appreciate the point in
<https://bugs.openldap.org/show_bug.cgi?id=5915> that documenting both
sets of directives would be quite a lot of work, which might have to be
more-or-less redone when slapd.conf support is removed in 2.6/3.0
(hooray).
As an interim alternative, it would probably be lowish-effort, but
useful, if eg slapo-syncprov(5) and friends said something like the
following, at the end of the '.SH CONFIGURATION' section:
Note that the above are
.B slapd.conf
configuration options. These will be replaced by
.B slapd.d
options (see
.B slapd-config(5)
for details) in a forthcoming release. Until then, you can deduce the
names of the
.B slapd.d
attributes by examining the source files in [suitable URL, such as at
git.openldap.org,
or simply a reference to servers/slapd/overlays in the distribution].
The same text could be dumped into all or most of the slapo-* manpages.
It's incomplete, but it would be better than nothing, in that it would
reassure the reader that there isn't some collection of documentation
they've completely missed, and that the documentation isn't somehow out
of date, by still referring to slapd.conf-style attributes.
I have an alternative, possibly better, suggestion below.
Patches welcome where appropriate.
If it were simply a case of the above, then yes, I could do the labour
of the edit and send you a patch. But I don't think I've the standing
to be creative here (!).
Overlay objectClasses are defined in the code for the overlay.
<https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/overlays/syncprov.c#L3160>
Thanks -- at least I'm not missing something obvious!
Separately, Howard Chu said:
All of the schema is always retrievable from slapd itself, either by
querying cn=Subschema
or cn=schema,cn=config.
That looks perfect in principle, and I see you made a similar remark in
<https://bugs.openldap.org/show_bug.cgi?id=7335>. However the first way
that occurred to me to search for this:
# slapcat -b cn=config | grep cn=schema
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
...didn't produce the results I expected.
I find I can do
% ldapsearch -x -b cn=schema,cn=config -D cn=config -w PASSWORD
'(objectclass=*)'
and grub through the output to find
olcObjectClasses: ( OLcfgOvOc:1.1 NAME 'olcSyncProvConfig' DESC
'SyncRepl Prov
ider configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcSpCheckpoint $ o
lcSpSessionlog $ olcSpNoPresent $ olcSpReloadHint ) )
Is that what you meant, Howard? If so, then yes, a schema; but looking
there really, really, isn't obvious from slapd-config(5). It is
described there under 'schema options', and there's nothing wrong with
the text, but one has to know it's there beforehand, in order to find
it.
I think none of your users would feel at all insulted by being given
slightly more of a hint there or in, say, slapd.overlays(5).
(I've spent enough time with OpenLDAP to be able to parse that attribute
value by eye, and recognise it as not line-noise).
To be concrete, how about, in slapd.overlays,
.SH SCHEMAS
The schemas for these overlays are documented in the corresponding
.B slapo-<overlay>
(5) manpages, in the form appropriate for
.B slapd.conf
configuration. The schemas are loaded dynamically,
and can be found either in the overlay source code, or else searching
for the appropriate attributes under
.B cn=schema,cn=config
For example
.B ldapsearch -x -b cn=schema,cn=config -s base -D cn=config -w PASSWORD
'(objectclass=*)' olcobjectclasses
See the
.B slapd-config
manpage for discussion of the olcObjectClasses attribute.
I found and read the slapd.overlays manpage early in my search for this
information. Something like the above would have led me to the
information I needed very quickly.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
