On Thu, Aug 07, 2008 at 04:16:53PM -0500, Doug Leavitt wrote:
> Darren J Moffat wrote:
> >[ Yeah Yet Another Ldap Library :-)  The more the merrier! ]
> >
> >Is it possible to put the schema in /usr/share somewhere eg:
> >/usr/share/openldap/schema/.  Not a big issue just seems that they
> >shouldn't need to be edited.
> 
> The schema files are not static in the sense of "these will never
> change" They are static in the sense of a LDAP server administrator
> "should not modify these unless they really know what they are doing."

If the sysadmin needs to modify them they can copy them to $TMPDIR, edit
them, and load them.  There's no need to keep them around once edited,
but if there is we can deliver an empty /etc/openldap/schema/ and put
the standard schemas in /usr/share/openldap/schema as Darren suggests.

> The schema files in /etc/openldap/schema are loaded via include
> statements during the initialization phase via the slapd.conf
> configuration file.  Server administrators need to be able [and do] to
> modify, add and potentially delete some schemas as part of the
> configuration setup for the server.

Right, but we should probably be able to deliver new versions of these
files without clobbering the admins' modified versions.  Following the
CDE/X11 model I think that means putting originals in /usr/share and
admin-edited versions in /etc.

> >I don't want it to stop the integration of this case but having the
> >existing /usr/lib/ldap.so.5 from Mozilla and the OpenLDAP library in
> >the same process is *highly* toxic and leads to very strange and hard
> >to debug problems - particularly when using LDAP over SSL/TLS.  So
> >I'd encourage the projects teams management to fund the switch to
> >OpenLDAP for libsldap and nss_ldap ASAP.
> 
> [...]
> 
> In general any application linking with a libldap today, should no
> longer have library collisions due to the nsswitch's use of libldap.

But there are other potential sources of conflict.

For example, the integration of PSARC/2008/342 introduced a dependency
by libsec on libidmap, which brings in libldap, which brings in NSPR,
which broke VirtualBox because VirtualBox has a private copy of NSPR in
one of its shared objects.

Nico
-- 

Reply via email to