On Tue, Apr 05, 2022 at 02:10:37PM +0800, David Timber wrote: > I know how to import schemas with cn=config. That was never a question. I > was just complaining because it's a tedious process and I believe that it > shouldn't be like this. The whole cn=config matter was not even my question > in the first place. My concern was that I'm not happy with how cn=config > handles schemas and I want to stick with "deprecated" slapd.conf. slaptest > has to be used to convert schema to ldif, which is in no way intuitive and > convenient.
Hi David, you're right, it doesn't have to be like this, and it's quite trivial to bypass slaptest as I showed earlier. The contents of the schema are the same they just have to be encapsulated in attributes and an LDAP entry. > On 5/4/22 12:27, Quanah Gibson-Mount wrote: >> And you're literally missing the point that a ".schema" file is a syntax >> specific to slapd.conf and a ".ldif" file is a syntax specific to >> cn=config. Just as you cannot load a ".schema" file into cn=config, you >> cannot load a ".ldif" file into slapd.conf. The two things are >> *equivalent* representations for their respective configuration types. >> In the future, expect only ".ldif" files to get shipped once we finalize >> deprecating slapd.conf. > > The format of schema is defined in RFC 4512. It's universal. OpenLDAP has no > right to be difficult in incorporating schemas. Forcing users to convert it > to ldif to just fit into the OpenLDAP specific cn=config format is not just > fair, especially for the sake of compatibility. I'd have been happy if I > could just use include: attribute to load .schema. Again, the contents of e.g. attributetype and olcAttributeTypes: are identical, both using the same RFC 4512 format as you rightly referenced. You probably want to explain again where you are coming from as I see no issue here. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
