FS#22566 - [openldap] [patch] support new configuration directory
Attached to Project:
Arch Linux
Opened by Devin J. Pohly (djpohly) - Sunday, 23 January 2011, 06:15 GMT
Last edited by Andrea Scarpino (BaSh) - Sunday, 23 January 2011, 18:01 GMT
Opened by Devin J. Pohly (djpohly) - Sunday, 23 January 2011, 06:15 GMT
Last edited by Andrea Scarpino (BaSh) - Sunday, 23 January 2011, 18:01 GMT
|
Details
Description:
OpenLDAP configuration can now be stored in an LDAP directory instead of in a file (see http://www.openldap.org/doc/admin24/slapdconf2.html). In order to pass the correct parameters to slapd on Arch, the user will have to edit the rc script, since the config-file parameter is hard-coded there. Additional info: * openldap 2.4.23-2 Steps to reproduce: 1. Set up OpenLDAP. 2. Convert your configuration file to a configuration directory: # cd /etc/openldap # mkdir slapd.d # slaptest -f slapd.conf -F slapd.d 3. (Re)move the old configuration file. 4. Notice that it is probably preferable to edit /etc/default/slapd instead of /etc/rc.d/slapd. Attached patch moves the config-file parameter to /etc/default/slapd, allowing a user to more comfortably change it, e.g. from "-f /etc/openldap/slapd.conf" to "-F /etc/openldap/slapd.d". |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Sunday, 23 January 2011, 18:01 GMT
Reason for closing: Implemented
Additional comments about closing: openldap 2.4.23-4
Sunday, 23 January 2011, 18:01 GMT
Reason for closing: Implemented
Additional comments about closing: openldap 2.4.23-4
A few issues/thoughts:
* We might want to vercmp against 2.4.23-3. If you upgrade from 2.4.23-1 or -2, the configuration file won't be updated.
* The rc script should source /etc/conf.d/slapd instead of /etc/default/slapd.
* By default, slapd tries to read /etc/openldap/slapd.d/, then /etc/openldap/slapd.conf, so we don't technically need the configuration location in the default conf.d script at all.
* The slapd.d directory should be mode 700 like slapd.conf was.
* The automatic upgrade seems a bit intrusive. It might be good to put a note about the change to slapd.d in the post_upgrade hook, since we are significantly modifying the way that slapd configuration works. Alternatively, we could just encourage the admin to upgrade the configuration manually, and perhaps provide a wiki page (which I wouldn't mind writing).
* The rc script source /etc/conf.d/slapd instead of /etc/default/slapd
* removed useless option in /etc/conf.d/slapd
* /etc/openldap/slapd.d/ is 700
* removed the automatic upgrade (this was not working at all)
other suggestions? is this ok?