Ondřej Kuzník wrote: > On Wed, Dec 18, 2019 at 02:02:40AM +0000, Howard Chu wrote: >> Ondřej Kuzník wrote: >>> How about being able to merge identical attribute definitions whether >>> they come from config or directly from code? >> >> We've got other overlays that do something similar, ignore an error if >> the schema element they'yre runtime loading is already defined. I >> guess my question is whether we want to include memberOf in the schema >> like this or not. If not, then it's always up to the admin to define >> their own particular attribute that functions as a memberOf attribute. > > More like making it no longer an error to load the same schema twice. > > Modules could then define it at load time but ship it as a schema file > too. The admin could then include that on all servers that need to deal > with the data (while they match) so it's available even if the module > isn't. > > That would almost sort out the schema issues we have with ppolicy where > currently it needs to be loaded on all replicas even if they don't need > the functionality. > Since we're talking about operational attributes, that are only valid if the server has code to implement them, I think trying to support them without loading the modules is a wrong approach.
Should be a moot point for a lot of these that are defined as dSAoperation, since they are, by definition, specific to a single server and not replicatable. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/