Optimize LDAP modifications.

For non-indexed attributes, do not ask the LDAP server to modify values
in the symmetric difference of A (the entry found in the directory) and
B (the target). That is, we replace A by B only when they are disjoint;
otherwise we remove values in A-B and add those in B-A.

1 files changed, 1 insertions, 0 deletions

diff --git a/roles/common/tasks/ldap.yml b/roles/common/tasks/ldap.yml
index 26ab349..cb1e835 100644
--- a/roles/common/tasks/ldap.yml
+++ b/roles/common/tasks/ldap.yml
@@ -36,31 +36,32 @@
         owner=root group=root
         state=directory
         mode=0755
 
 - name: Copy fripost database definition
   template: src=etc/ldap/database.ldif.j2
             dest=/etc/ldap/fripost/database.ldif
             owner=root group=root
             mode=0600
 
 - name: Copy fripost schema
   copy: src=etc/ldap/schema/fripost.ldif
         dest=/etc/ldap/schema/fripost.ldif
         owner=root group=root
         mode=0644
 
 - name: Load fripost's schema and configure the database
   openldap: target=/etc/ldap/{{ item }} state=present
   with_items:
     - schema/fripost.ldif
+    # TODO load other required schemas *before* loading the database
     - fripost/database.ldif
 
 - name: Load LDAP modules
   openldap: module={{ item }}.la state=present
   with_items:
     # TODO only if provider
     - syncprov
     # TODO only if writable
     - constraint
 
 # TODO: authz constraint syncprov syncrepl