Hi there! I am working on the integration of eBox into Ubuntu and we are having a problem to add schemas and acls to LDAP in a policy conformant way.
The first obvious option to do it is directly editing the /etc/ldap/slapd.conf, we would obviously ask for permission from the user before doing so. The second option would be having a mechanism such as the one that Soren proposed in the Pkg OpenLDAP mailing list[0]. I guess this mechanism wasn't included in the Ubuntu packages because now slapd supports a much nicer way to do such a thing using a configuration directory, as described in the OpenLDAP documentation[1]. Our problem to use this approach is that by default Ubuntu won't read the configuration from a directory, but from the old style /etc/ldap/slapd.conf file, unless we edit /etc/default/slapd to set the SLAPD_CONF variable. Right now we don't have any option to add schemas or acls to LDAP without touching a configuration file. We wonder if it would be possible to change the default LDAP behaviour to use the new configuration style (after all that's what upstream seems to want) or at least provide a way to enable it without having to modify any configuration file (i.e., it checks for a /etc/ldap/slapd.d/ directory and if it exists it uses it). So the options we have are: 1) Just overwrite /etc/ldap/slapd.conf asking for permission 2) Add a mechanism to add schemas and acls like the one proposed by Soren 3) Modify /etc/default/slapd asking for permission so slapd uses the directory configuration style 4) Modify the package so it uses the directory configuration style by default or provides a way to enable it without messing with configuration files. So ... is 4) or 2) possible? otherwise ... which of the other options looks more reasonable? Best regards [0] http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/2007-July/001391.html [1] http://www.openldap.org/doc/admin24/slapdconf2.html -- Isaac Clerencia at Warp Networks, http://www.warp.es Blog: http://people.warp.es/~isaac/blog/ Work: <[EMAIL PROTECTED]> | Debian: <[EMAIL PROTECTED]> -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
