[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Wishes for set ACLs

At 11:26 AM 3/17/2005, Pierangelo Masarati wrote:
>access to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
>   by set="[ldap:///dc=example,dc=com??sub?(uid=bjorn)]/uid & this/uid" read
>   by * auth
>which directly issues an internal search, in principle might incur in a deadlock, but it doesn't. 

Try that with directory modifications.

The operation thread grabs a write lock on the entry for
the modify operation, then spins off an internal search for
the set evaluation, which causes the thread to try to grab a
read lock on the entry.  As its using two different locker ids,
the thread is prone to self deadlock.