directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS 2.0] Should we remove the 'System' partition?
Date Fri, 15 Oct 2010 13:32:21 GMT
On Fri, Oct 15, 2010 at 6:12 PM, Stefan Seelmann <seelmann@apache.org> wrote:
> Hi Pierre-Arnaud,
>
> On Fri, Oct 15, 2010 at 2:12 PM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
>> Hi Dev,
>>
>> I'm really wondering if we should not remove the 'System' partition.
>>
>> The only interesting piece of information we're taking from it is the admin user,
especially the its password.
>> Wouldn't be more interesting to store this information in the config partition?
>
> The admin entry also contains the X.509 certificate and private/public
> keys for LDAPS and StartTLS extended operation. But I think the config
> partiton is a better place for that information. And it should also be
> possible to reference the certificate and keys to a file in
> filesystem.
>
>> Except the Admin user the other entries of that partition look like crap and legacy
from old versions.
>>
>> The following configuration entries are no longer used:
>> - ou=configuration,ou=system
>>  | - ou=interceptors,ou=configuration,ou=system
>>  | - ou=partitions,ou=configuration,ou=system
>>  | - ou=services,ou=configuration,ou=system
>>
>> I don't know the role of this entry 'prefNodeName=sysPrefRoot,ou=system', if it still
has any role?
>>
>> The following entries are not very useful too:
>> - ou=groups,ou=system
>>  | - cn=Administrators,ou=groups,ou=system
>> - ou=users,ou=system
>
> AFAIK they are still used from the "simplified" access control system,
> has to be checked.
>
>> Isn't is better that the user creates its users in its own partition?
>> Even our admin user is not in the 'ou=users' organizational unit...
>>
>> As you can see, the only valid information in the whole partition is the credentials
of the admin (should we say default) user.
>>
>> I really think this information should be placed in the configuration (we could also
allow the redefinition of the admin user DN).
>> It would allow the user to edit these settings without having to start the server
(at least) once.
>
> I'm +1, but keep in mind that we use "ou=system" in many places,
> especially in tests.
yes, I have an idea, how about moving these required entries to
ou=config and treat that as system
partition or better yet how about renaming it to ou=systemconfig or
just ou=system

Kiran Ayyagari

Mime
View raw message