OpenLdapCnConfigMigration
Differences between revisions 1 and 4 (spanning 3 versions)
|
Size: 2345
Comment:
|
Size: 3161
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
* '''Launchpad Entry''': UbuntuSpec:openldap-cnconfig-migration |
|
| Line 5: | Line 7: |
| This should provide an overview of the issue/functionality/change proposed here. Focus here on what will actually be DONE, summarising that so that other people don't have to read the whole spec. See also CategorySpec for examples. | OpenLDAP version 2.3 introduced a special DIT called cn=config that can be used to replace the slapd.conf file. ## This should provide an overview of the issue/functionality/change proposed here. Focus here on what will actually be DONE, summarising that so that other people don't have to read the whole spec. See also CategorySpec for examples. |
| Line 9: | Line 13: |
| This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.) | ## This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.) |
| Line 11: | Line 15: |
| It is mandatory. | ## It is mandatory. |
| Line 15: | Line 19: |
| This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified. | ## This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified. slapd.conf has certain drawbacks: adding schema files creating new databases requires editing slapd.conf. Future version of openldap will drop support of slapd.conf. cn=config enables programatic access to slapd configuration, such as loading additional schemas. |
| Line 18: | Line 26: |
== Assumptions == |
* Chris install the slapd package and can use the new cn=config tree to manage his LDAP tree using standard LDAP command tools. * Don upgrades his LDAP directory and can use LDAP queries and updates to change the ACLs of object in the directory. * Erwan installs an application that uses an ldap schema. After installing, the new features are automatically available in the LDAP directory. |
| Line 23: | Line 32: |
| You can have subsections that better describe specific parts of the issue. | ## You can have subsections that better describe specific parts of the issue. The new configuration backend in explained in the OpenLDAP administrator Guide: http://www.openldap.org/doc/admin24/slapdconf2.html |
| Line 27: | Line 37: |
| This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like: | ## This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like: |
| Line 29: | Line 39: |
| === UI Changes === | === cn=config migration === |
| Line 31: | Line 41: |
| Should cover changes required to the UI, or specific UI that is required to implement this | A new installation will enable cn=config by default. |
| Line 33: | Line 43: |
| === Code Changes === | On upgrade, the postinst script will try convert slapd.conf to cn=config: 1. Enable the config database using rootdn="cn=admin,cn=config". The password will either be extracted from the existing database or the user will be prompted to enter a new one. 2. Convert slapd.conf using slapd -f and -F options. 3. Rename the old slapd.conf to slapd.conf.bak and update /etc/default/slapd to use the new cn=config backend. |
| Line 35: | Line 48: |
| Code changes should include an overview of what needs to change, and in some cases even the specific details. === Migration === Include: * data migration, if any * redirects from old URLs to new ones, if any * how users will be pointed to the new way of doing things, if necessary. == Test/Demo Plan == It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. This need not be added or completed until the specification is nearing beta. |
[http://www.zytrax.com/books/ldap/ch6/slapd-config.html Chapter 6: OpenLDAP using cn=config - Converting to use cn=config] |
| Line 52: | Line 52: |
| This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved. | ## This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved. |
| Line 56: | Line 56: |
| Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected. | ## Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected. |
Launchpad Entry: openldap-cnconfig-migration
Summary
OpenLDAP version 2.3 introduced a special DIT called cn=config that can be used to replace the slapd.conf file.
Release Note
Rationale
slapd.conf has certain drawbacks: adding schema files creating new databases requires editing slapd.conf. Future version of openldap will drop support of slapd.conf.
cn=config enables programatic access to slapd configuration, such as loading additional schemas.
Use Cases
- Chris install the slapd package and can use the new cn=config tree to manage his LDAP tree using standard LDAP command tools.
- Don upgrades his LDAP directory and can use LDAP queries and updates to change the ACLs of object in the directory.
- Erwan installs an application that uses an ldap schema. After installing, the new features are automatically available in the LDAP directory.
Design
The new configuration backend in explained in the OpenLDAP administrator Guide: http://www.openldap.org/doc/admin24/slapdconf2.html
Implementation
cn=config migration
A new installation will enable cn=config by default.
On upgrade, the postinst script will try convert slapd.conf to cn=config:
- Enable the config database using rootdn="cn=admin,cn=config". The password will either be extracted from the existing database or the user will be prompted to enter a new one.
- Convert slapd.conf using slapd -f and -F options.
- Rename the old slapd.conf to slapd.conf.bak and update /etc/default/slapd to use the new cn=config backend.
[http://www.zytrax.com/books/ldap/ch6/slapd-config.html Chapter 6: OpenLDAP using cn=config - Converting to use cn=config]
Outstanding Issues
BoF agenda and discussion
OpenLdapCnConfigMigration (last edited 2008-08-06 16:36:04 by localhost)