On Thu, Aug 07, 2008 at 04:16:53PM -0500, Doug Leavitt wrote: > Darren J Moffat wrote: > >[ Yeah Yet Another Ldap Library :-) The more the merrier! ] > > > >Is it possible to put the schema in /usr/share somewhere eg: > >/usr/share/openldap/schema/. Not a big issue just seems that they > >shouldn't need to be edited. > > The schema files are not static in the sense of "these will never > change" They are static in the sense of a LDAP server administrator > "should not modify these unless they really know what they are doing."
If the sysadmin needs to modify them they can copy them to $TMPDIR, edit them, and load them. There's no need to keep them around once edited, but if there is we can deliver an empty /etc/openldap/schema/ and put the standard schemas in /usr/share/openldap/schema as Darren suggests. > The schema files in /etc/openldap/schema are loaded via include > statements during the initialization phase via the slapd.conf > configuration file. Server administrators need to be able [and do] to > modify, add and potentially delete some schemas as part of the > configuration setup for the server. Right, but we should probably be able to deliver new versions of these files without clobbering the admins' modified versions. Following the CDE/X11 model I think that means putting originals in /usr/share and admin-edited versions in /etc. > >I don't want it to stop the integration of this case but having the > >existing /usr/lib/ldap.so.5 from Mozilla and the OpenLDAP library in > >the same process is *highly* toxic and leads to very strange and hard > >to debug problems - particularly when using LDAP over SSL/TLS. So > >I'd encourage the projects teams management to fund the switch to > >OpenLDAP for libsldap and nss_ldap ASAP. > > [...] > > In general any application linking with a libldap today, should no > longer have library collisions due to the nsswitch's use of libldap. But there are other potential sources of conflict. For example, the integration of PSARC/2008/342 introduced a dependency by libsec on libidmap, which brings in libldap, which brings in NSPR, which broke VirtualBox because VirtualBox has a private copy of NSPR in one of its shared objects. Nico --
