directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [ApacheDS 2.0] Should we remove the 'System' partition?
Date Fri, 15 Oct 2010 12:42:42 GMT
Hi Pierre-Arnaud,

On Fri, Oct 15, 2010 at 2:12 PM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
> Hi Dev,
>
> I'm really wondering if we should not remove the 'System' partition.
>
> The only interesting piece of information we're taking from it is the admin user, especially
the its password.
> Wouldn't be more interesting to store this information in the config partition?

The admin entry also contains the X.509 certificate and private/public
keys for LDAPS and StartTLS extended operation. But I think the config
partiton is a better place for that information. And it should also be
possible to reference the certificate and keys to a file in
filesystem.

> Except the Admin user the other entries of that partition look like crap and legacy from
old versions.
>
> The following configuration entries are no longer used:
> - ou=configuration,ou=system
>  | - ou=interceptors,ou=configuration,ou=system
>  | - ou=partitions,ou=configuration,ou=system
>  | - ou=services,ou=configuration,ou=system
>
> I don't know the role of this entry 'prefNodeName=sysPrefRoot,ou=system', if it still
has any role?
>
> The following entries are not very useful too:
> - ou=groups,ou=system
>  | - cn=Administrators,ou=groups,ou=system
> - ou=users,ou=system

AFAIK they are still used from the "simplified" access control system,
has to be checked.

> Isn't is better that the user creates its users in its own partition?
> Even our admin user is not in the 'ou=users' organizational unit...
>
> As you can see, the only valid information in the whole partition is the credentials
of the admin (should we say default) user.
>
> I really think this information should be placed in the configuration (we could also
allow the redefinition of the admin user DN).
> It would allow the user to edit these settings without having to start the server (at
least) once.

I'm +1, but keep in mind that we use "ou=system" in many places,
especially in tests.

Kind Regards,
Stefan

Mime
View raw message