Brian K. Jones wrote:
On Monday 20 June 2005 2:03 pm, Mike Jackson wrote:
>Don't put schema into 99user.ldif, it's not maintainable.
This would seem to be contrary to the documentation on redhat's site. I'm
certainly not meaning to say you're wrong - quite the contrary - I'm pointing
out to whomever it may concern that the docs need polishing :)
OK, I guess "not maintainable" is ambiguous in this context. Here comes
the longer explanation.
Every piece of schema which you add over-the-wire gets mixed into
Let's say that you write version 1.0 of your custom schema and you
deploy it into 99user.ldif. When you write version 2.0 of your cool,
custom schema, and you have a pool of servers to update, which are not
in the same namespace partitions, you have a hard time figuring out
which machine has which version, etc.
It's just not a clean solution.
I've also seen the docs mention that these files are imported in
order, so I
understand, and will change this. Presumably, I can do a simple "mv" on the
file. Lemme know if this is not the case.
I think if you move 99user.ldif, the server will refuse to start, or it
will create an empty 99user.ldif. You could just move it and then touch
an empty one, but check the permissions and ownership...
Right - and I plan to use this in the future to make disaster
of services/machines as simple and brainless as humanly possible. The first
step, though, was to get the import right before I go automating it ;-)
I have also been doing a lot of work on automated disaster recovery over
the past few months. That is really not fun.
Did any of your coding allow for a "userSchema" keyword in
the config file,
for which I could've just put the path to my schema file? That would be nice,
but I don't remember seeing it. I did see that I could specify an ldif file,
but attempts to put schema extensions in that ldif file have, so far, failed.
The silent.inf doesn't allow you to specify schema files. What I do is
to use a script to copy them somewhere, generate the silent.inf, run
setup, symlink the files into place, restart the server, then import my
LDAP Directory Consulting - http://www.netauth.com