Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

Christoph Biedl-7
Package: slapd
Version: 2.4.47+dfsg-3
Severity: normal

Dear Maintainer,

the slapo-constraint(5) manpage still refers to /etc/ldap/slapd.conf for
configuration, a configuration method that has been abandoned ... many
years ago. It took hours of searching and eventually using strace to
confirm it's completely ignored.

So *please* update the documentation and the examples of usage. The
Administrator's Guide has something about this (12.4.2), and I had to
read the openldap sources to learn the appropriate keywords like
olcConstraintAttribute to find that one.

And while you're on it, it really shouldn't hurt to mention the
constraint module needs to be loaded before it's possible to use it.
This is mentioned in slapd.overlay(5), but that's another piece of
information you'd only find when you already know what you are looking
for.

Constraints still don't work for me, that's something for another day.

    Christoph, who had hoped to pass the "setting up constraints" level in ten minutes

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#925597: [Pkg-openldap-devel] Bug#925597: slapd: slapo-constraint manpage pre-dates the advent of olc

Ryan Tandy-4
Control: tag -1 upstream

Hi Christoph,

I'm sorry to hear the documentation caused you some frustration here.

On Wed, Mar 27, 2019 at 12:17:18PM +0100, Christoph Biedl wrote:
>the slapo-constraint(5) manpage still refers to /etc/ldap/slapd.conf for
>configuration, a configuration method that has been abandoned ... many
>years ago. It took hours of searching and eventually using strace to
>confirm it's completely ignored.

Sort of. It's soft-deprecated but also still supported. But slapd runs
in cn=config mode (-F) OR slapd.conf mode (-f) ... it sounds like you
had slapd running in cn=config mode (Debian's default) but tried to add
some configuration in a slapd.conf file, which indeed would be ignored.

>So *please* update the documentation and the examples of usage.

ACK. There is not really an active documentation contributor upstream at
the moment, and some documentation is still not updated for cn=config,
as you found. So I'm sorry there is indeed a long tail of older bits and
not much progress being made.

>The Administrator's Guide has something about this (12.4.2), and I had
>to read the openldap sources to learn the appropriate keywords like
>olcConstraintAttribute to find that one.

Maybe too late to help you now, but you can introspect the schema on
your running slapd instance by making searches under the 'cn=Subschema'
base. This is the recommended way of finding, for example, what
configuration classes/attributes are actually available on your specific
instance.

>And while you're on it, it really shouldn't hurt to mention the
>constraint module needs to be loaded before it's possible to use it.
>This is mentioned in slapd.overlay(5), but that's another piece of
>information you'd only find when you already know what you are looking
>for.

Others have asked for this before and upstream are resistant to repeat
this information in every overlay's man page when it can just be
written once in a central place. (Can you tell we're talking about
programmers here?) But this bites enough new users and I do tend to
agree we should have even a breadcrumb in each man page that lets people
know what they should be looking for...

Better luck on your next try,

Ryan