Bug#925597: [Pkg-openldap-devel] Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

2019-03-27 Thread Ryan Tandy 

Control: tag -1 upstream

Hi Christoph,

I'm sorry to hear the documentation caused you some frustration here.

On Wed, Mar 27, 2019 at 12:17:18PM +0100, Christoph Biedl wrote:

the slapo-constraint(5) manpage still refers to /etc/ldap/slapd.conf for
configuration, a configuration method that has been abandoned ... many
years ago. It took hours of searching and eventually using strace to
confirm it's completely ignored.


Sort of. It's soft-deprecated but also still supported. But slapd runs 
in cn=config mode (-F) OR slapd.conf mode (-f) ... it sounds like you 
had slapd running in cn=config mode (Debian's default) but tried to add 
some configuration in a slapd.conf file, which indeed would be ignored.



So *please* update the documentation and the examples of usage.


ACK. There is not really an active documentation contributor upstream at 
the moment, and some documentation is still not updated for cn=config, 
as you found. So I'm sorry there is indeed a long tail of older bits and 
not much progress being made.


The Administrator's Guide has something about this (12.4.2), and I had 
to read the openldap sources to learn the appropriate keywords like 
olcConstraintAttribute to find that one.


Maybe too late to help you now, but you can introspect the schema on 
your running slapd instance by making searches under the 'cn=Subschema' 
base. This is the recommended way of finding, for example, what 
configuration classes/attributes are actually available on your specific 
instance.



And while you're on it, it really shouldn't hurt to mention the
constraint module needs to be loaded before it's possible to use it.
This is mentioned in slapd.overlay(5), but that's another piece of
information you'd only find when you already know what you are looking
for.


Others have asked for this before and upstream are resistant to repeat 
this information in every overlay's man page when it can just be 
written once in a central place. (Can you tell we're talking about 
programmers here?) But this bites enough new users and I do tend to 
agree we should have even a breadcrumb in each man page that lets people 
know what they should be looking for...


Better luck on your next try,

Ryan

Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

2019-03-27 Thread Christoph Biedl 
Package: slapd
Version: 2.4.47+dfsg-3
Severity: normal

Dear Maintainer,

the slapo-constraint(5) manpage still refers to /etc/ldap/slapd.conf for
configuration, a configuration method that has been abandoned ... many
years ago. It took hours of searching and eventually using strace to
confirm it's completely ignored.

So *please* update the documentation and the examples of usage. The
Administrator's Guide has something about this (12.4.2), and I had to
read the openldap sources to learn the appropriate keywords like
olcConstraintAttribute to find that one.

And while you're on it, it really shouldn't hurt to mention the
constraint module needs to be loaded before it's possible to use it.
This is mentioned in slapd.overlay(5), but that's another piece of
information you'd only find when you already know what you are looking
for.

Constraints still don't work for me, that's something for another day.

Christoph, who had hoped to pass the "setting up constraints" level in ten 
minutes


signature.asc
Description: PGP signature