On 14 janv. 2011, at 10:55, Emmanuel Lecharny wrote: > On 1/14/11 10:37 AM, Pierre-Arnaud Marcelot wrote: >> On 14 janv. 2011, at 10:23, Emmanuel Lecharny wrote: >> >>> On 1/14/11 9:58 AM, Pierre-Arnaud Marcelot wrote: >>>> Hi Emmanuel, >>>> >>>> I think it should. >>>> >>>> In the current state, does this mean that any modification done on >>>> ou=schema will not be saved and will be lost if the server is rebooted? >>> No, modifications done on ou=schema are persisted on disk. Only the >>> modifications done on cn=schema are not persisted, AFAICT. >> Hum... I'm confused... >> You just said the opposite in your first mail: "[...] modification is not >> stored on disk in ou=schema"... > > yes, this is what I meant. When you do a modification in cn=schema (in > memory), it's not stored on disk in the ou=schema partition.
Actually I think I got confused by the start of the sentence: "if we modify some schema element in ou=schema". I guess you wanted to write "cn=schema"... I should have double-checked with the subject of the mail. Now comes a question, why shouldn't we also make "cn=schema" read-only from both side, from outside AND inside the server? Can't we edit the standard "ou=schema" (and only allowed) location instead in the server code? >>> I'll create a JIRA and a test to demonstrate the issue. >>> >>> Fixing it should not be a problem, it's just a a matter of converting the >>> schema element (which is passed using the schema element syntax) to a >>> meta-schema entry, and propagate it to the backend. >>> >>> Remember that modifications to cn=schema are *not* allowed (it's a read >>> only data structure) from outside the server, but it's always possible to >>> modify the rootDSE subschemaSubentry attribute, as it contains all the >>> loaded schema element. This will, in fact, impact the cn=schema, as it's >>> just a LDAP exposition of the loaded schema. >> Hum... I'm confused again... >> To my knowledge, 'subschemaSubentry' attribute value points to the >> "cn=schema" DN and that's in this particular entry that you can access the >> schema elements (via 'attributeTypes', 'comparators', [etc.] attributes). >> I'm 100% sure 'subschemaSubentry' attribute does not contain any loaded >> schema element. > The rootDSE entry contains the subschemaSubentry AT, which contains a > reference to the cn=schema virtual partition. > > You can modify the cn=schema elements by adding for instance things like : > ( 1.3.6.1.4.1.18060.0.4.1.2.10000 DESC 'bogus desc' SYNTAX 1.2.3.4 X-SCHEMA > 'nis' ) > > Sorry for the confusion. > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
