[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5329) back-ldif deadlock

To: openldap-its@OpenLDAP.org
Subject: (ITS#5329) back-ldif deadlock
From: h.b.furuseth@usit.uio.no
Date: Wed, 16 Jan 2008 16:34:34 GMT

Full_Name: Hallvard B Furuseth
Version: HEAD
OS: 
URL: 
Submission from: (NULL) (129.240.6.233)
Submitted by: hallvard


back-ldif deadlocks on Modify access control in test006-acls (modified
to support back-ldif).  It tries to lock li_rdwr for both write (for the
modify) and read (reading entries for access control) at the same time.

However the manpage says
  The LDIF backend does not honor any of the access control semantics
  described in slapd.access(5).

  Only read (=r) access to the entry pseudo-attribute and to the other
  attribute values of the entries returned by the search operation is
  honored, which is performed by the frontend.

Should the manpage be updated (and maybe more acl calls be added),
or should the acl call be removed?


Assuming the acl call should be there, one simple fix could be to
introduce a 'li_wlock' mutex, lock it early on LDAP update operations,
and delay locking li_rdwr until the operation is about to update
the database.  That can also get rid of the entry2str_mutex abuse.
I've written a patch and it works, but something broke test045.
Will look again later, if we are to keep the acl call(s).

Prev by Date: (ITS#5328) backends sending/setting results
Next by Date: Re: (ITS#5328) backends sending/setting results
Index(es):
- Chronological
- Thread