[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5889) [PATCH] Sending dereference field when retrying connection in meta backend
jorge.perez@adaptia.net wrote:
> When we have two slapds with a established meta connection between them and the
> connection is reset, for example by a router, the next search query will always
> be send with never in dereferencing.
>
> Steps to reproduce:
>
> - Established a meta connection between 2 slapds
> - Reset the connection, for example with cutter
> - Send a search dereferencing with something different to never.
> - See the results are no dereferenced.
Actually, I was reviewing this fix, and it seems that the code for alias
dereferencing is inherently broken, essentially because the (C) API for
alias dereferencing is broken. In fact, back-ldap and back-meta reuse
and pool connections, so setting this parameter using ldap_set_option()
will actually affect all (search) operations occurring simultaneously in
an unprotected manner. I think this needs to be fixed.
The simplest (and my favorite) solution would be to have back-ldap and
back-meta discontinue aliasing support.
Another option, which I do not consider particularly viable, is to
separately pool connections with different alias dereferencing strategies
Finally (my second favorite option) is to add a new C API for
ldap_search* operations that allows to explicitly set the alias
dereferencing parameter. This API does not need to be public, since it
is mostly useful inside the proxy backends.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------