[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4816) slurpd generates invalid ldapadd/modify requests

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4816) slurpd generates invalid ldapadd/modify requests
From: hyc@symas.com
Date: Mon, 29 Jan 2007 03:51:03 GMT

gael.roualland@oleane.net wrote:
> Full_Name: Gaël Roualland
> Version: 2.3.33
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/gael.roualland-070126.diff
> Submission from: (NULL) (213.56.0.199)
> 
> 
> Hello,
> 
> Slurpd has a bug when replicating, in the way it generates the LDAPMod array of
> the add and modify operations : if the same attribute is present several times
> (for add) or in multiple change blocks (for modify) in the replication log, it
> simply adds all occurences to the LDAPMod array, hence having one or more
> attributes repeated serveral times which violates the protocol.
> 
> This is usually fine with slapd because there is code there to accept invalid
> queries from the updatedn, but it is rejected if you're not using updatedn
> (which happens to be our case in a custom floating master scenario).
> 
> The uploaded patch fixes this in slurpd by replacing its LDAPmod logic by one
> based on ldapmodify which generates proper requests. I know slurpd is considered
> deprecated, however this might be useful to others still using it and would
> allow to remove the exception from slapd code.
> 
> Regards,

As far as I can see, slurpd merely processes the changes in the replog. If it 
is generating requests out of sequence, then they must have been recorded 
out-of-sequence in the log. And yet I don't see any reason why slapd would 
generate the modifications out of sequence.

What are the circumstances that cause these improper sequences to get into 
the replog in the first place?

As for copying the code from ldapmodify.c into slurpd - probably the better 
solution would be to move the relevant code from ldapmodify.c into a library. 
When we still maintained libldif as its own entity it would have made sense 
to put it there, but now it would seem to best fit in libldap, and perhaps 
the other LDIF routines in liblutil should move there as well. This would 
also partially address ITS#4033.
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4817) modify "replace" command firing conflict error where it shouldn't be
Next by Date: Re: (ITS#4816) slurpd generates invalid ldapadd/modify requests
Index(es):
- Chronological
- Thread