directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Radovan Semancik <>
Subject Re: OpenLDAP schema
Date Fri, 20 Mar 2015 13:42:50 GMT
On 03/20/2015 02:19 PM, Emmanuel L├ęcharny wrote:
> We *can* do that, but that will most certainly reqire some refactoring 
> of the API, as we heavily depend on the syntax to be present. By 
> working with an inconsistant schema, you can expect many NPE here and 
> thre. That's fine, we can fix that... 

Looks like I'm getting quite close. I've got my test cases running with 
389ds. I'm working on OpenLDAP right now. There were some NPEs, but not 
that many as I've expected.

>> All I need is for the schema parser not to die during parsing.
> I do,'t think it will die. We can conduct some experiment with a twisted
> schema to check that.

In the current state on trunk it really dies. The SchemaManager will 
throw a lot of exceptions. But I have spiced the code with a bunch of 
"if (registries.isStrict())" and that seems to do the job.

> Anyway, we have anticipated teh fact that some schema might be wrong, 
> and the schema is parsed in 2 steps : the first one just read 
> everything, doing no control, the second phase checks everything, and 
> return the errors we have seen. In any case, we *have* a schemaManager 
> which is fully loaded (the logic was changed on purpose for teh Studio 
> Schema plugin to be able to work whatever schema you were processing). 

Well, yes. But currently the API seems to require SchemaManager with a 
reasonably good state as long as I want to be at least partially 
schema-aware (which I want). It looks like this is the way how 
LdapNetworkConnection works. But it looks like there just a couple of 
things to fix. I'll commit that to my github version once I got OpenLDAP 
roughly working. I hope to have it in an hour or two. Then you can have 
a look and check whether I haven't produced some disaster (which may 

>> Then there is still guarantee of schema consistency. But
>> realistically, I have tried three different real-world LDAP servers
>> and this strict mode fails to work will all three of them.
> Well, ApacheDS is quite unique there ;-)

Now I see that :-) ... I knew that the schema of existing LDAP servers 
has some issues, but honestly I haven't expected that it is such a disaster.

Radovan Semancik
Software Architect

View raw message