[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd/back-ldap chain.c



Pierangelo Masarati wrote:
On Fri, 2005-11-04 at 23:08 +0000, kurt@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-ldap

Modified Files:
      Tag: OPENLDAP_REL_ENG_2_3
	chain.c  1.12.2.10 -> 1.12.2.11

Log Message:
Sync with HEAD

I'd like to hear if we are all (Howard, significantly, since he's a good
insight into that piece of code) fine with my fix: it's a "brute force"
approach.
If there is a referral loop this mutex will cause a deadlock. I.e., if the main backend returns a referral to a remote server that refers back to this same backend which causes another referral from the main backend. (If the remote reference back resolves to a regular entry in the local backend it will be fine.) Like I said before, to really fix this requires making back-ldap work with multiple URLs (and slap_bindconf's). That would also address the FIXME re: using the correct idassert-authcDN.

On a related note, we probably should implement this Loop Detection Control.
http://www.redhat.com/docs/manuals/dir-server/ag/6.0/entry_dist.htm#19056

I can't seem to find any further docs on it, but this may be enough to work with. Perhaps Mark Wahl could shed some light on it since the OID is under his arc.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/