Ondřej Kuzník wrote:
> On Wed, Dec 18, 2019 at 02:02:40AM +0000, Howard Chu wrote:
>> Ondřej Kuzník wrote:
>>> How about being able to merge identical attribute definitions whether
>>> they come from config or directly from code?
>>
>> We've got other overlays that do something similar, ignore an error if
>> the schema element they'yre runtime loading is already defined. I
>> guess my question is whether we want to include memberOf in the schema
>> like this or not. If not, then it's always up to the admin to define
>> their own particular attribute that functions as a memberOf attribute.
> 
> More like making it no longer an error to load the same schema twice.
> 
> Modules could then define it at load time but ship it as a schema file
> too. The admin could then include that on all servers that need to deal
> with the data (while they match) so it's available even if the module
> isn't. 
> 
> That would almost sort out the schema issues we have with ppolicy where
> currently it needs to be loaded on all replicas even if they don't need
> the functionality.
> 
Since we're talking about operational attributes, that are only valid if the 
server has
code to implement them, I think trying to support them without loading the 
modules is
a wrong approach.

Should be a moot point for a lot of these that are defined as dSAoperation,
since they are, by definition, specific to a single server and not replicatable.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Reply via email to