[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3432) back-sql enhancements

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3432) back-sql enhancements
From: adamson@andrew.cmu.edu
Date: Mon, 3 Jan 2005 15:01:41 GMT

> during the xmas vacations I've been able to work on incorporating your 
> patches.

Thanks for taking the time to look at them.



> 4: I'm oriented toward rejecting it at the moment, because first of all I'm 
> not really convinced about its need: all slapd is based on using attr_merge() 
> and its variations about normalization; note that in back-sql we're passing 
> the memory context to the normalization routines, so temporary memory 
> shouldn't really be an issue.

This patch became critical to us here at CMU when we started using groups. 
Some of our group objects have thousands of members, and when slapd tried 
loading one in from the RDBM it would render the LDAP server unusable. Anytime 
you have two memory buffers that you are growing by realloc'ing them back and 
forth they are going to start leapfrogging through memory until the process 
crashes.  The frontend attr_merge() doesn't know how many values will be 
coming later on, so the backend(s) cannot rely on it when an unknown number of 
values, possibly thousands, are going to be loaded in.  back-bdb (and some 
others) don't face this problem since they're loading a single hunk off disk.
   Try creating a group with 10,000 members and then try to load it with 
ldapsearch.
   The 4.count_query patch seemed like a reasonable way to fix the leapfrog 
issue.  Another possibility is to load all the values and THEN, afterwards, 
normalize them all, so that you don't have two growing memory segments 
alternating through realloc().


> 6: I didn't apply this yet because I want to study it more deeply, since it 
> may heavily impact the code.  One thing I don't understand is why you use 
> avl_find_lin() instead of avl_find().

I had to use avl_find_lin() in that one case because the functions calling the 
taint() function don't always have the *Operation available, which is a part 
of the key used in the AVL.  You'll note the comparison function used with 
avl_find_lin() is different from the function used in all the avl_find() 
calls.  Since the entire AVL key is not available, the entire AVL tree has to 
be searched to find any node whose "dbh" matches that given to the taint() 
function.


> 7: I'm not sure about the need for this patch: all backends require to delete 
> an entry if the structuralObjectClass needs be changed.  And, in case, I 
> think there's something I didn't understand about the whole procedure, but 
> this might be my fault :)

There may be something I don't understand about the LDAP protocol, then. Is it 
possible, or not, to change the objectClass of an entry?

Example:
An LDAP database has an entry "cn=adamson,dc=cmu,dc=edu"  of objectClass 
"posixAccount", which has a subclass "cmuAccount" and the entry already 
matches all of the MAY and MUST directives of the schema for both cmuAccount 
and posixAccount.  Now the server receives this LDIF:

   dn: cn=adamson,dc=cmu,dc=edu
   changetype: modify
   replace: objectClass
   objectClass: cmuAccount
   -

what should the server do?

This patch #7 attempts to make the necessary changes in the RDBM to change the 
objectClass of the entry.  If LDAP says that entries cannot change OC, then 
yeah this is a bad patch.



    Thanks again for your time.


        -Mark Adamson
         Carnegie Mellon

Prev by Date: (ITS#3458) ppolicy overlay doesn't build (missing declarations)
Next by Date: Re: (ITS#3446) ACL val clause ineffective with bind
Index(es):
- Chronological
- Thread