[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling multi-master replication option in CVS



On Wed, Nov 21, 2001 at 03:32:11PM +0530, Ganesan R wrote:
| On Tue, Nov 20, 2001 at 05:16:38PM -0800, Kurt D. Zeilenga wrote:
| > At 06:32 PM 2001-11-19, Ganesan R wrote:
| > >I have been experimenting with multi-master replication with good results
| > >in OpenLDAP CVS. I am wondering why the option is commented out in
| > >configure.in.
| > 
| > Because the code viewed as being experimental.
| 
| I remember there was some dicussion whether the code should be enabled even
| if it is experimental. The option is turned off by default anyway and the
| 2.1 tree is still in development. So I feel that the option can be exposed
| for user testing; the final call is yours, of course.
| 
| Ganesan

I know this is an old thread, but recently, I've had occasion to 
look at this experimental code as well, and frankly, I see a 
problem:  it allows any users to change attributes with "no user
modification" set. This is a no-no.

The following patches fix this for 2.0.25 (apply in servers/slapd).
Having checked 2.1.3, a similar patch can be done (with the be_update_ndn
checks appropriately changed).

The issue of the replication user being able to change non-user attributes
from the command line still exists.

Ryan Moats

*** add.c       Thu Jul 18 12:11:17 2002
--- add.c.orig  Thu Jul 18 12:10:54 2002
***************
*** 202,219 ****
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
- #ifdef SLAPD_MULTIMASTER
-       /*
-        * in multimaster, update should set to the value of repl_user,
-        * otherwise a normal user can modify non-user attributes.
-        */
-                       int update = repl_user;
- #else
-       /*
-        * normally if updatedn has been set then we can set all atributes.
-        */
                        int update = be->be_update_ndn != NULL;
- #endif
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;

--- 202,208 ----
*** modify.c    Thu Jul 18 12:12:52 2002
--- modify.c.orig       Thu Jul 18 12:11:33 2002
***************
*** 231,248 ****
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
! #ifdef SLAPD_MULTIMASTER
!         /*
!          * in multimaster, update should set to the value of repl_user,
!          * otherwise a normal user can modify non-user attributes.
!          */
!                         int update = repl_user;
! #else
!         /*
!          * normally if updatedn has been set then we can set all atributes.
!          */
!                         int update = be->be_update_ndn != NULL;
! #endif
                        const char *text;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;
--- 231,237 ----
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
!                       int update = be->be_update_ndn != NULL;
                        const char *text;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;