[Freeipa-devel] [PATCH 0051] Preserve already configured options in openldap conf
Jan Cholasta
jcholast at redhat.com
Wed Apr 24 13:11:11 UTC 2013
On 24.4.2013 14:54, Martin Kosek wrote:
> On 04/24/2013 02:51 PM, Rob Crittenden wrote:
>> Jan Cholasta wrote:
>>> Hi,
>>>
>>> On 23.4.2013 12:28, Tomas Babej wrote:
>>>> Hi,
>>>>
>>>> We should respect already configured options present in
>>>> /etc/openldap/ldap.conf when generating our own configuration.
>>>> With this patch, we only rewrite URI, BASE and TLS_CACERT options.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3582
>>>>
>>>
>>> the changeConf call will fail when the file does not exist, we might
>>> want to handle that gracefully.
>>>
>>> Honza
>>>
>>
>> We also need to handle the case where these items are already defined. I'm
>> honestly not sure what the behavior should be: overwrite, warn and overwrite,
>> fail.
>>
>> rob
>>
>
> I am also thinking that we may want to be more cautious before updating this
> file. AFAIK, we do not need the updated file for our function, its only updated
> for user convenience so that he can run ldapsearches more easily.
>
> I see several options here that could help this goal:
> 1) Update ldap.conf if BASE and URI and TLS_CACERT only if these options are
> not set. If the options are already set, we could just print a note that we
> skipped it. When I see my vanilla /etc/openldap/ldap.conf, it has these options
> commented out, so it should be possible to implement this check.
>
> 2) Do ldap.conf changes only if a new special option is passe (e.g.
> --configure-ldap-cong)
>
> 3) Do not update ldap.conf when a new special option is not passed (e.g.
> --no-ldap-conf
>
> Martin
>
If we don't need the file for our function, we can just not configure it
at all IMO. We can document how to configure it for users who want it.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list