[Freeipa-devel] [PATCH 0051] Preserve already configured options in openldap conf
Martin Kosek
mkosek at redhat.com
Wed Apr 24 12:54:52 UTC 2013
On 04/24/2013 02:51 PM, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> Hi,
>>
>> On 23.4.2013 12:28, Tomas Babej wrote:
>>> Hi,
>>>
>>> We should respect already configured options present in
>>> /etc/openldap/ldap.conf when generating our own configuration.
>>> With this patch, we only rewrite URI, BASE and TLS_CACERT options.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3582
>>>
>>
>> the changeConf call will fail when the file does not exist, we might
>> want to handle that gracefully.
>>
>> Honza
>>
>
> We also need to handle the case where these items are already defined. I'm
> honestly not sure what the behavior should be: overwrite, warn and overwrite,
> fail.
>
> rob
>
I am also thinking that we may want to be more cautious before updating this
file. AFAIK, we do not need the updated file for our function, its only updated
for user convenience so that he can run ldapsearches more easily.
I see several options here that could help this goal:
1) Update ldap.conf if BASE and URI and TLS_CACERT only if these options are
not set. If the options are already set, we could just print a note that we
skipped it. When I see my vanilla /etc/openldap/ldap.conf, it has these options
commented out, so it should be possible to implement this check.
2) Do ldap.conf changes only if a new special option is passe (e.g.
--configure-ldap-cong)
3) Do not update ldap.conf when a new special option is not passed (e.g.
--no-ldap-conf
Martin
More information about the Freeipa-devel
mailing list