Add parameters to configure hdb in openldap::server::database

[amateo]

I have modified openldap::server::database and openldap_database provider so you could use most of the parameters supported in hdb (and bdb) databases documented at man slapd-hdb

[mcanevet]

Why is this commented out?

[mcanevet]

@amateo great PR, could you please rebase on master to pull my recent patches for Puppet4 to see if it still works with your code?

[raphink]

I think that's a whole lot of properties added to this type. I'd rather see a dboptions property that takes a hash, since anyway convergence on these properties mean a full flush of the resource from a template generated from all properties.

[amateo]

I can change them to a hash. I don't mind. What would you prefer?

[mcanevet]

@amateo I think a hash for at least for db* properties would be better and would reduce the code.

[amateo]

I'm modifying this. I have a doubt about how to handle absent options. Lets suppose you already have a database with this options:

dn: olcDatabase={4}hdb
objectClass: olcHdbConfig
olcDatabase: {4}hdb
olcDbDirectory: /var/lib/ldap/
olcSuffix: dc=mydomain,dc=com
...
olcDbCacheSize: 100000
olcDbCheckpoint: 5120 10
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIDLcacheSize: 300000
olcDbIndex: objectClass eq
olcDbCacheFree: 1
olcDbDNcacheSize: 0

I'm mapping all olcDbXXX attributes to a dboptions hash, like this:

openldap_database { 'dc=mydomain,dc=com':
  ensure    => 'present',
  backend   => 'hdb',
  dboptions => {'cachefree' => '1', 'cachesize' => '100000', 'checkpoint' => '5120 10', 'dbconfig' => ['{0}set_cachesize 0 2097152 0', '{1}set_lk_max_objects 1500', '{2}set_lk_max_locks 1500', '{3}set_lk_max_lockers 1500'], 'dncachesize' => '0', 'idlcachesize' => '300000', 'index' => 'objectClass eq'},
  directory => '/var/lib/ldap',
...
}

So, lets suppose that now I change my puppet code to:

openldap_database { 'dc=mydomain,dc=com':
  ensure    => 'present',
  backend   => 'hdb',
  dboptions => {'cachesize' => '100000', 'checkpoint' => '5120 10', 'dbconfig' => ['{0}set_cachesize 0 2097152 0', '{1}set_lk_max_objects 1500', '{2}set_lk_max_locks 1500', '{3}set_lk_max_lockers 1500'], 'dncachesize' => '0', 'idlcachesize' => '300000', 'index' => 'objectClass eq'},
  directory => '/var/lib/ldap',
...
}

removing the cachefree value.

What do you prefer? That the provider removes the olcDbCachefree attribute or that it leaves it? In the first case, the provider just takes care that programmed values are in the ldap entry for the object. In the second one, it takes care that they are correct and that they are the only defined in the ldap entry.

[mcanevet]

@amateo you can maybe add an additional parameter that allows to choose between minimal or inclusive like what Puppetlabs do for user type : https://docs.puppetlabs.com/references/latest/type.html#user-attribute-membership

[amateo]

One comment about this PR: the dboptions hash parameter, accepts index as a key (since db index options is map to olcDbIndex ldif attribute. This could conflict with openldap_dbindex provider if you use synctype=inclusive.

To solve this one solution is forcing to use synctype=minimum (it is the default) if you want to use openldap_dbindex too. Another solution is excluding index from attributes mapped to dboptions, forcing to use openldap_dbindex for that purpose. Another solution could be removing openldap_index (in the same way that limits are specific to a database so they are properties of databases).

What do you think?

[mcanevet]

@amateo great PR, thanks a lot.
I think deprecate openldap_index could be a good solution.
I may not have time to review this huge PR in the next few days but maybe @raphink will.

[amateo]

Hello @mcanevet. Will you merge this PR?

[mcanevet]

@amateo acceptance tests pass. So let's merge this!
Thanks

[amateo]

Thanks