[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4965) slapd stops if access to cn=monitor is restricted

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
From: ando@sys-net.it
Date: Fri, 8 Jun 2007 09:07:04 GMT

ali.pouya@free.fr wrote:
> OK Pierangelo;
> Now I have an explanation :
> If you declare the monitor database AFTER bdb slapd starts well.
> But if you decalre monitor BEFORE bdb slapd cannot start.
> You can test it.

OK, I see.

The difference is that if the monitor database comes first, it's already 
open when the bdb tries to register its custom monitor stuff.  So it can 
barf out when the addition fails because of no enough permissions.

If it comes later, back-bdb's custom monitor stuff ends up in the limbo, 
which is then flushed when the monitor database starts up.  At this 
point, a failure in flushing the limbo is not considered critical.

I see two/three solutions:

1) allow databases to fail monitor info registration without aborting

2) make startup fail also when limbo flushing fails

3) let the monitor database have a default rootdn.

I'm not oriented towards any of the above, yet.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Prev by Date: Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
Next by Date: Re: (ITS#4983) libldap_r/tls.c compile failure
Index(es):
- Chronological
- Thread