Re: (ITS#5889) [PATCH] Sending dereference field when retrying connection in meta backend

[ando@sys-net.it]

jorge.perez@adaptia.net wrote:

> When we have two slapds with a established meta connection between them and the
> connection is reset, for example by a router, the next search query will always
> be send with never in dereferencing.
> 
> Steps to reproduce:
> 
> - Established a meta connection between 2 slapds
> - Reset the connection, for example with cutter
> - Send a search dereferencing with something different to never.
> - See the results are no dereferenced.

Actually, I was reviewing this fix, and it seems that the code for alias 
dereferencing is inherently broken, essentially because the (C) API for 
alias dereferencing is broken.  In fact, back-ldap and back-meta reuse 
and pool connections, so setting this parameter using ldap_set_option() 
will actually affect all (search) operations occurring simultaneously in 
an unprotected manner.  I think this needs to be fixed.

The simplest (and my favorite) solution would be to have back-ldap and 
back-meta discontinue aliasing support.

Another option, which I do not consider particularly viable, is to 
separately pool connections with different alias dereferencing strategies

Finally (my second favorite option) is to add a new C API for 
ldap_search* operations that allows to explicitly set the alias 
dereferencing parameter.  This API does not need to be public, since it 
is mostly useful inside the proxy backends.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------