OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Documentation/5908
Full headers

From: magne.land@citrix.com
Subject: slapo-unique man page misleading
Compose comment
Download message
State:
2 replies: 1 2
10 followups: 1 2 3 4 5 6 7 8 9 10

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 28 Jan 2009 01:00:10 GMT
From: magne.land@citrix.com
To: openldap-its@OpenLDAP.org
Subject: slapo-unique man page misleading
Full_Name: Magne Land
Version: 2.3.43
OS: RHEL 5.1 64-bit
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (72.37.244.20)


Currently the man page of slapo-unique says "enforce uniqueness", which I find
misleading.
Would it be possible to change it to say "makes the best effort to enforce
uniqueness" or something to that effect?


Reply 1

Resend
From: Gavin Henry <openldap-its@OpenLDAP.org>
To: magne.land@citrix.com
Subject: Re: slapo-unique man page misleading (ITS#5908)
Date: Wed Jan 28 22:33:03 2009
CC: openldap-its@openldap.org
> Full_Name: Magne Land
> Version: 2.3.43
> OS: RHEL 5.1 64-bit
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (72.37.244.20)
> 
> 
> Currently the man page of slapo-unique says "enforce uniqueness", which I
find
> misleading.
> Would it be possible to change it to say "makes the best effort to enforce
> uniqueness" or something to that effect?
> 
> 

It would need more words than that to comment on what exactly happens i.e. why
it is a "best effort".



Followup 1

Download message
From: Magne Land <Magne.Land@citrix.com>
To: Gavin Henry <openldap-its@OpenLDAP.org>
Date: Wed, 28 Jan 2009 14:39:11 -0800
Subject: Re: slapo-unique man page misleading (ITS#5908)
Hi,
Please see this thread for background info:
http://www.openldap.org/lists/openldap-software/200901/msg00112.html

To me, something is either guaranteed or not. And I think "enforce" means
something that is guaranteed.
In this case, the uniqueness is not guaranteed, therefore it is not enforced.

Regards,
Magne Land

On 1/28/09 2:33 PM, "Gavin Henry" <openldap-its@OpenLDAP.org> wrote:

> Full_Name: Magne Land
> Version: 2.3.43
> OS: RHEL 5.1 64-bit
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (72.37.244.20)
>
>
> Currently the man page of slapo-unique says "enforce uniqueness", which I
find
> misleading.
> Would it be possible to change it to say "makes the best effort to enforce
> uniqueness" or something to that effect?
>
>

It would need more words than that to comment on what exactly happens i.e. why
it is a "best effort".






Followup 2

Download message
Date: Wed, 28 Jan 2009 16:25:23 -0800
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: Magne.Land@citrix.com, openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)

--On January 28, 2009 10:39:41 PM +0000 Magne.Land@citrix.com wrote:

> Hi,
> Please see this thread for background info:
> http://www.openldap.org/lists/openldap-software/200901/msg00112.html
>
> To me, something is either guaranteed or not. And I think "enforce" means
> something that is guaranteed. In this case, the uniqueness is not
> guaranteed, therefore it is not enforced.

Set up slapo-accesslog on your master.  Then uniqueness is guaranteed.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 3

Download message
Date: Thu, 29 Jan 2009 11:15:18 +0000 (GMT)
From: Gavin Henry <ghenry@suretecsystems.com>
To: quanah@zimbra.com
Cc: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
----- quanah@zimbra.com wrote:

> --On January 28, 2009 10:39:41 PM +0000 Magne.Land@citrix.com wrote:
> 
> > Hi,
> > Please see this thread for background info:
> >
> http://www.openldap.org/lists/openldap-software/200901/msg00112.html
> >
> > To me, something is either guaranteed or not. And I think "enforce"
> means
> > something that is guaranteed. In this case, the uniqueness is not
> > guaranteed, therefore it is not enforced.
> 
> Set up slapo-accesslog on your master.  Then uniqueness is
> guaranteed.

We don't document this requirement in slapo-unique.5 though.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html



Followup 4

Download message
Date: Thu, 29 Jan 2009 14:34:37 +0100
From: Pierangelo Masarati <ando@sys-net.it>
To: quanah@zimbra.com
CC: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
quanah@zimbra.com wrote:
> --On January 28, 2009 10:39:41 PM +0000 Magne.Land@citrix.com wrote:
> 
>> Hi,
>> Please see this thread for background info:
>> http://www.openldap.org/lists/openldap-software/200901/msg00112.html
>>
>> To me, something is either guaranteed or not. And I think "enforce"
means
>> something that is guaranteed. In this case, the uniqueness is not
>> guaranteed, therefore it is not enforced.
> 
> Set up slapo-accesslog on your master.  Then uniqueness is guaranteed.

Are you sure about this?  I didn't look in detail to the code, so I 
can't tell whether serializing writes that way will cause the desired 
behavior, since slapo-unique is using internal writes.  As Gavin says,. 
if this is the case then it should be at least documented, and not only 
in slapo-unique, but also for any overlay/module that does internal writes.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------



Followup 5

Download message
Date: Thu, 29 Jan 2009 06:03:20 -0800
From: Howard Chu <hyc@symas.com>
To: ando@sys-net.it
CC: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
ando@sys-net.it wrote:
> quanah@zimbra.com wrote:
>> --On January 28, 2009 10:39:41 PM +0000 Magne.Land@citrix.com wrote:
>>
>>> Hi,
>>> Please see this thread for background info:
>>> http://www.openldap.org/lists/openldap-software/200901/msg00112.html
>>>
>>> To me, something is either guaranteed or not. And I think "enforce"
means
>>> something that is guaranteed. In this case, the uniqueness is not
>>> guaranteed, therefore it is not enforced.
>> Set up slapo-accesslog on your master.  Then uniqueness is guaranteed.
>
> Are you sure about this?  I didn't look in detail to the code, so I
> can't tell whether serializing writes that way will cause the desired
> behavior, since slapo-unique is using internal writes.

Huh? slapo-unique only does internal searches. The writes are all user ops, 
and accesslog will serialize all of them.

>  As Gavin says,.
> if this is the case then it should be at least documented, and not only
> in slapo-unique, but also for any overlay/module that does internal writes.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 6

Download message
Date: Thu, 29 Jan 2009 15:47:57 +0000 (GMT)
From: Gavin Henry <ghenry@suretecsystems.com>
To: hyc@symas.com
Cc: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
----- hyc@symas.com wrote:

> ando@sys-net.it wrote:
> > quanah@zimbra.com wrote:
> >> --On January 28, 2009 10:39:41 PM +0000 Magne.Land@citrix.com
> wrote:
> >>
> >>> Hi,
> >>> Please see this thread for background info:
> >>>
> http://www.openldap.org/lists/openldap-software/200901/msg00112.html
> >>>
> >>> To me, something is either guaranteed or not. And I think
> "enforce" means
> >>> something that is guaranteed. In this case, the uniqueness is
not
> >>> guaranteed, therefore it is not enforced.
> >> Set up slapo-accesslog on your master.  Then uniqueness is
> guaranteed.
> >
> > Are you sure about this?  I didn't look in detail to the code, so I
> > can't tell whether serializing writes that way will cause the
> desired
> > behavior, since slapo-unique is using internal writes.
> 
> Huh? slapo-unique only does internal searches. The writes are all user
> ops, 
> and accesslog will serialize all of them.

So, where does this leave us? 

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html



Followup 7

Download message
Date: Fri, 30 Jan 2009 11:04:53 -0800
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: ghenry@suretecsystems.com, openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
--On Thursday, January 29, 2009 3:48 PM +0000 ghenry@suretecsystems.com 
wrote:

>> Huh? slapo-unique only does internal searches. The writes are all user
>> ops,
>> and accesslog will serialize all of them.
>
> So, where does this leave us?

If you want guaranteed atomic writes, use slapo-accesslog on your master to 
serialize them.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 8

Download message
Subject: Re: slapo-unique man page misleading (ITS#5908)
To: "Quanah Gibson-Mount" <quanah@zimbra.com>, openldap-its@openldap.org
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Fri, 30 Jan 2009 19:08:45 +0000
Ok, so this should be in the man page. Where else should this be listed that
affects other overlays?

------Original Message------
From: Quanah Gibson-Mount
Sender: 
To: Gavin Henry
To: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
Sent: 30 Jan 2009 19:04

--On Thursday, January 29, 2009 3:48 PM +0000 ghenry@suretecsystems.com 
wrote:

>> Huh? slapo-unique only does internal searches. The writes are all user
>> ops,
>> and accesslog will serialize all of them.
>
> So, where does this leave us?

If you want guaranteed atomic writes, use slapo-accesslog on your master to 
serialize them.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html



Followup 9

Download message
Date: Fri, 30 Jan 2009 11:13:11 -0800
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: ghenry@suretecsystems.com, openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
--On Friday, January 30, 2009 7:08 PM +0000 Gavin Henry 
<ghenry@suretecsystems.com> wrote:

> Ok, so this should be in the man page. Where else should this be listed
> that affects other overlays?

Eh, I'm not sure it should be in the man page.  The point is, if you ever 
want guaranteed atomic writes, you have to use slapo-accesslog to serialize 
them.  That's an issue that affects other LDAP servers as well.

AS Pierangelo said:


There is no guarantee of DSA-wide or even database-wide atomicity in write 
operations, including internal ones.  This was never even intended to be in 
place.  This is a known design limitation not only of slapo-unique, but 
also of slapd (and, I'd say, of LDAP itself).

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 10

Download message
Subject: Re: slapo-unique man page misleading (ITS#5908)
To: "Quanah Gibson-Mount" <quanah@zimbra.com>, openldap-its@openldap.org
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Fri, 30 Jan 2009 19:19:50 +0000
Ok, but we should mention this somewhere like in the admin guide perhaps. 

------Original Message------
From: Quanah Gibson-Mount
Sender: 
To: Gavin Henry
To: openldap-its@openldap.org
Subject: Re: slapo-unique man page misleading (ITS#5908)
Sent: 30 Jan 2009 19:13

--On Friday, January 30, 2009 7:08 PM +0000 Gavin Henry 
<ghenry@suretecsystems.com> wrote:

> Ok, so this should be in the man page. Where else should this be listed
> that affects other overlays?

Eh, I'm not sure it should be in the man page.  The point is, if you ever 
want guaranteed atomic writes, you have to use slapo-accesslog to serialize 
them.  That's an issue that affects other LDAP servers as well.

AS Pierangelo said:


There is no guarantee of DSA-wide or even database-wide atomicity in write 
operations, including internal ones.  This was never even intended to be in 
place.  This is a known design limitation not only of slapo-unique, but 
also of slapd (and, I'd say, of LDAP itself).

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html



Reply 2

Resend
From: Gavin Henry <openldap-its@OpenLDAP.org>
To: 
Subject: Re: slapo-unique man page misleading (ITS#5908)
Date: Mon Feb  9 17:10:05 2009
CC: openldap-its@openldap.org
> Ok, but we should mention this somewhere like in the admin guide perhaps. 
> 
> ------Original Message------
> From: Quanah Gibson-Mount
> Sender: 
> To: Gavin Henry
> To: openldap-its@openldap.org
> Subject: Re: slapo-unique man page misleading (ITS#5908)
> Sent: 30 Jan 2009 19:13
> 
> --On Friday, January 30, 2009 7:08 PM +0000 Gavin Henry 
> <ghenry@suretecsystems.com> wrote:
> 
>> Ok, so this should be in the man page. Where else should this be
listed
>> that affects other overlays?
> 
> Eh, I'm not sure it should be in the man page.  The point is, if you ever 
> want guaranteed atomic writes, you have to use slapo-accesslog to serialize

> them.  That's an issue that affects other LDAP servers as well.
> 
> AS Pierangelo said:
> 
> 
> There is no guarantee of DSA-wide or even database-wide atomicity in write

> operations, including internal ones.  This was never even intended to be in

> place.  This is a known design limitation not only of slapo-unique, but 
> also of slapd (and, I'd say, of LDAP itself).
> 

Should this be in the Admin Guide? I can't think of a place for it at the
moment. Should we suspend the ITS until there is a right place?

Thanks.

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org