I fail to see where slapd.conf comes into play with handling of pwdPolicySubentry: Both the policies and the users are defined in a different (MDB) database. Only the default policy may be stored in the config database directly, and I did not talk about that.
Kind regards, Ulrich Windl > -----Original Message----- > From: Ondřej Kuzník <on...@mistotebe.net> > Sent: Thursday, May 8, 2025 10:58 AM > To: Windl, Ulrich <u.wi...@ukr.de> > Cc: openldap-technical@openldap.org > Subject: [EXT] Re: Re: Re: Re: using refint overlay for pwdPolicySubentry > > On Thu, May 08, 2025 at 05:40:07AM +0000, Windl, Ulrich wrote: > > Hi! > > > > I don't know who said "Ease of use, not ease of implementation is the > > design goal", but If one DN is used as a value for some attribute, and > > there's a "referential integrity module" to update such attributes if > > the underlying DN changes, it's hard to explain why it would work for > > some cases, but not for others. And to make things worse: It just > > fails silently. > > Ok, let's play devil's advocate and assume someone configured OpenLDAP > with slapd.conf: how do you propose refint goes about adjusting that > configuration for you? Does it write a new configuration file, do > ACLs/limit stanzas get rewritten as well on renames? How about regex > based ACLs/limits? > > Maybe you can help us design this functionality to improve the ease of > use, maybe you have suggestions how the documentation can be improved > to > make sure people appreciate the limitations at the appropriate time and > decide how well it covers their use case. > > After all this is still a community based project and without the wisdom > and contributions of the community it will not advance. > > Thanks, > > -- > Ondřej Kuzník > Senior Software Engineer > Symas Corporation http://www.symas.com > Packaged, certified, and supported LDAP solutions powered by OpenLDAP
