directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: [ApacheDS 2.0] Should we remove the 'System' partition?
Date Fri, 15 Oct 2010 13:32:21 GMT
On Fri, Oct 15, 2010 at 6:12 PM, Stefan Seelmann <> wrote:
> Hi Pierre-Arnaud,
> On Fri, Oct 15, 2010 at 2:12 PM, Pierre-Arnaud Marcelot <> wrote:
>> Hi Dev,
>> I'm really wondering if we should not remove the 'System' partition.
>> The only interesting piece of information we're taking from it is the admin user,
especially the its password.
>> Wouldn't be more interesting to store this information in the config partition?
> The admin entry also contains the X.509 certificate and private/public
> keys for LDAPS and StartTLS extended operation. But I think the config
> partiton is a better place for that information. And it should also be
> possible to reference the certificate and keys to a file in
> filesystem.
>> Except the Admin user the other entries of that partition look like crap and legacy
from old versions.
>> The following configuration entries are no longer used:
>> - ou=configuration,ou=system
>>  | - ou=interceptors,ou=configuration,ou=system
>>  | - ou=partitions,ou=configuration,ou=system
>>  | - ou=services,ou=configuration,ou=system
>> I don't know the role of this entry 'prefNodeName=sysPrefRoot,ou=system', if it still
has any role?
>> The following entries are not very useful too:
>> - ou=groups,ou=system
>>  | - cn=Administrators,ou=groups,ou=system
>> - ou=users,ou=system
> AFAIK they are still used from the "simplified" access control system,
> has to be checked.
>> Isn't is better that the user creates its users in its own partition?
>> Even our admin user is not in the 'ou=users' organizational unit...
>> As you can see, the only valid information in the whole partition is the credentials
of the admin (should we say default) user.
>> I really think this information should be placed in the configuration (we could also
allow the redefinition of the admin user DN).
>> It would allow the user to edit these settings without having to start the server
(at least) once.
> I'm +1, but keep in mind that we use "ou=system" in many places,
> especially in tests.
yes, I have an idea, how about moving these required entries to
ou=config and treat that as system
partition or better yet how about renaming it to ou=systemconfig or
just ou=system

Kiran Ayyagari

View raw message