On Fri, Oct 15, 2010 at 6:12 PM, Stefan Seelmann <[email protected]> wrote: > Hi Pierre-Arnaud, > > On Fri, Oct 15, 2010 at 2:12 PM, Pierre-Arnaud Marcelot <[email protected]> > wrote: >> Hi Dev, >> >> I'm really wondering if we should not remove the 'System' partition. >> >> The only interesting piece of information we're taking from it is the admin >> user, especially the its password. >> Wouldn't be more interesting to store this information in the config >> partition? > > The admin entry also contains the X.509 certificate and private/public > keys for LDAPS and StartTLS extended operation. But I think the config > partiton is a better place for that information. And it should also be > possible to reference the certificate and keys to a file in > filesystem. > >> Except the Admin user the other entries of that partition look like crap and >> legacy from old versions. >> >> The following configuration entries are no longer used: >> - ou=configuration,ou=system >> | - ou=interceptors,ou=configuration,ou=system >> | - ou=partitions,ou=configuration,ou=system >> | - ou=services,ou=configuration,ou=system >> >> I don't know the role of this entry 'prefNodeName=sysPrefRoot,ou=system', if >> it still has any role? >> >> The following entries are not very useful too: >> - ou=groups,ou=system >> | - cn=Administrators,ou=groups,ou=system >> - ou=users,ou=system > > AFAIK they are still used from the "simplified" access control system, > has to be checked. > >> Isn't is better that the user creates its users in its own partition? >> Even our admin user is not in the 'ou=users' organizational unit... >> >> As you can see, the only valid information in the whole partition is the >> credentials of the admin (should we say default) user. >> >> I really think this information should be placed in the configuration (we >> could also allow the redefinition of the admin user DN). >> It would allow the user to edit these settings without having to start the >> server (at least) once. > > I'm +1, but keep in mind that we use "ou=system" in many places, > especially in tests. yes, I have an idea, how about moving these required entries to ou=config and treat that as system partition or better yet how about renaming it to ou=systemconfig or just ou=system
Kiran Ayyagari
