directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot ...@marcelot.net>
Subject Re: Should modifications made on cn=schema stored on disk ?
Date Fri, 14 Jan 2011 10:13:33 GMT

On 14 janv. 2011, at 10:55, Emmanuel Lecharny wrote:

> On 1/14/11 10:37 AM, Pierre-Arnaud Marcelot wrote:
>> On 14 janv. 2011, at 10:23, Emmanuel Lecharny wrote:
>> 
>>> On 1/14/11 9:58 AM, Pierre-Arnaud Marcelot wrote:
>>>> Hi Emmanuel,
>>>> 
>>>> I think it should.
>>>> 
>>>> In the current state, does this mean that any modification done on ou=schema
will not be saved and will be lost if the server is rebooted?
>>> No, modifications done on ou=schema are persisted on disk. Only the modifications
done on cn=schema are not persisted, AFAICT.
>> Hum... I'm confused...
>> You just said the opposite in your first mail: "[...] modification is not stored
on disk in ou=schema"...
> 
> yes, this is what I meant. When you do a modification in cn=schema (in memory), it's
not stored on disk in the ou=schema partition.

Actually I think I got confused by the start of the sentence: "if we modify some schema element
in ou=schema".
I guess you wanted to write "cn=schema"...
I should have double-checked with the subject of the mail.

Now comes a question, why shouldn't we also make "cn=schema" read-only from both side, from
outside AND inside the server?
Can't we edit the standard "ou=schema" (and only allowed) location instead in the server code?

>>> I'll create a JIRA and a test to demonstrate the issue.
>>> 
>>> Fixing it should not be a problem, it's just a a matter of converting the schema
element (which is passed using the schema element syntax) to a meta-schema entry, and propagate
it to the backend.
>>> 
>>> Remember that modifications to cn=schema are *not* allowed (it's a read only
data structure) from outside the server, but it's always possible to modify the rootDSE subschemaSubentry
attribute, as it contains all the loaded schema element. This will, in fact, impact the cn=schema,
as it's just a LDAP exposition of the loaded schema.
>> Hum... I'm confused again...
>> To my knowledge, 'subschemaSubentry' attribute value points to the "cn=schema" DN
and that's in this particular entry that you can access the schema elements (via 'attributeTypes',
'comparators', [etc.] attributes).
>> I'm 100% sure 'subschemaSubentry' attribute does not contain any loaded schema element.
> The rootDSE entry contains the subschemaSubentry AT, which contains a reference to the
cn=schema virtual partition.
> 
> You can modify the cn=schema elements by adding for instance things like :
> ( 1.3.6.1.4.1.18060.0.4.1.2.10000 DESC 'bogus desc' SYNTAX 1.2.3.4 X-SCHEMA 'nis' )
> 
> Sorry for the confusion.
> 
> -- 
> Regards,
> Cordialement,
> Emmanuel L├ęcharny
> www.iktek.com
> 


Mime
View raw message