On Mon, Jul 16, 2018 at 08:08:41PM -0400, Sam Hartman wrote:
Ryan> What do you mean by "support"? I would be reluctant to add new
Ryan> schemas in an automated way - this should be an explicit
Ryan> action by the administrator. Our default configuration just
Ryan> includes the few most widely used schemas.
So, I agree administrator action should be required.
However, especially with the schema managed over the ldap protocol, I
find the process of updating a schema moderately tedious.
Mostly I'm wondering if you have considered helping the administrator
out by having a simple command they can run to enable a schema once they
have decided to do so.
I had not, actually. Assuming our default slapd configuration, adding a
schema is just:
ldapadd -H ldapi:// -Y EXTERNAL -f /path/to/schema.ldif
Is that the command you suggest could be automated, or is there more to
your process than that? I appreciate your feedback and will definitely
consider it - just want to make sure I've understood you correctly.
My only issue with a wrapper script (or such) is that authenticating to
the config DB with SASL EXTERNAL is merely a default, not something we
can assume in general... I don't know how commonly users change that
default, but I know it does happen.
Ryan
