Hi Pierre-Arnaud, On Fri, Oct 15, 2010 at 2:12 PM, Pierre-Arnaud Marcelot <[email protected]> wrote: > Hi Dev, > > I'm really wondering if we should not remove the 'System' partition. > > The only interesting piece of information we're taking from it is the admin > user, especially the its password. > Wouldn't be more interesting to store this information in the config > partition?
The admin entry also contains the X.509 certificate and private/public keys for LDAPS and StartTLS extended operation. But I think the config partiton is a better place for that information. And it should also be possible to reference the certificate and keys to a file in filesystem. > Except the Admin user the other entries of that partition look like crap and > legacy from old versions. > > The following configuration entries are no longer used: > - ou=configuration,ou=system > | - ou=interceptors,ou=configuration,ou=system > | - ou=partitions,ou=configuration,ou=system > | - ou=services,ou=configuration,ou=system > > I don't know the role of this entry 'prefNodeName=sysPrefRoot,ou=system', if > it still has any role? > > The following entries are not very useful too: > - ou=groups,ou=system > | - cn=Administrators,ou=groups,ou=system > - ou=users,ou=system AFAIK they are still used from the "simplified" access control system, has to be checked. > Isn't is better that the user creates its users in its own partition? > Even our admin user is not in the 'ou=users' organizational unit... > > As you can see, the only valid information in the whole partition is the > credentials of the admin (should we say default) user. > > I really think this information should be placed in the configuration (we > could also allow the redefinition of the admin user DN). > It would allow the user to edit these settings without having to start the > server (at least) once. I'm +1, but keep in mind that we use "ou=system" in many places, especially in tests. Kind Regards, Stefan
