[Freeipa-devel] [PATCH 0051] Preserve already configured options in openldap conf
Rob Crittenden
rcritten at redhat.com
Wed Apr 24 18:02:54 UTC 2013
Jan Cholasta wrote:
> On 24.4.2013 14:54, Martin Kosek wrote:
>> On 04/24/2013 02:51 PM, Rob Crittenden wrote:
>>> Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 23.4.2013 12:28, Tomas Babej wrote:
>>>>> Hi,
>>>>>
>>>>> We should respect already configured options present in
>>>>> /etc/openldap/ldap.conf when generating our own configuration.
>>>>> With this patch, we only rewrite URI, BASE and TLS_CACERT options.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/3582
>>>>>
>>>>
>>>> the changeConf call will fail when the file does not exist, we might
>>>> want to handle that gracefully.
>>>>
>>>> Honza
>>>>
>>>
>>> We also need to handle the case where these items are already
>>> defined. I'm
>>> honestly not sure what the behavior should be: overwrite, warn and
>>> overwrite,
>>> fail.
>>>
>>> rob
>>>
>>
>> I am also thinking that we may want to be more cautious before
>> updating this
>> file. AFAIK, we do not need the updated file for our function, its
>> only updated
>> for user convenience so that he can run ldapsearches more easily.
>>
>> I see several options here that could help this goal:
>> 1) Update ldap.conf if BASE and URI and TLS_CACERT only if these
>> options are
>> not set. If the options are already set, we could just print a note
>> that we
>> skipped it. When I see my vanilla /etc/openldap/ldap.conf, it has
>> these options
>> commented out, so it should be possible to implement this check.
>>
>> 2) Do ldap.conf changes only if a new special option is passe (e.g.
>> --configure-ldap-cong)
>>
>> 3) Do not update ldap.conf when a new special option is not passed (e.g.
>> --no-ldap-conf
>>
>> Martin
>>
>
> If we don't need the file for our function, we can just not configure it
> at all IMO. We can document how to configure it for users who want it.
It was an RFE that we create this file. It is handy to have
pre-configured, I like having it actually.
We just need to try to have a gentler touch than my first crack at it,
which overwrote it completely. I think #1 is probably enough for now.
I'm not sure I want to add two new options this late in the game, and
the client already has a lot of knobs.
rob
More information about the Freeipa-devel
mailing list