[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Handling bad cn=config updates

Howard Chu wrote:
> Hallvard B Furuseth wrote:
>> If I modify olcDbDirectory of a BDB database to a broken directory, the
>> Modify returns success but BDB says "failed to reopen database" and
>> slapd shuts down.  Maybe other modifications can shut down slapd too, I
>> don't know.
>> It would be nice if slapd tried to restore the old config value, reopen
>> the old directory, and return unwillingToPerform or something to the
>> Modify.  However I don't know how hard that would be, or how obscure a
>> case it is.
> The Modify operation has already completed though, there's nothing to
> "return" an error message to by then.
> We do as much pre-checking as possible to validate the syntax of changes
> before committing them. But here you've got an input with perfectly
> valid syntax. The only way to know that it's bad is to commit the change.
> We already undo bad changes when we can detect them...
> For this particular case, ITS#4829 needs to be considered as well. What
> is the definition of a "broken directory"? If you specify a directory
> that doesn't exist, the backend ought to just create it and use it. In
> that case, you'll end up with an empty context in the server. That might
> be what was intended, and also might not be; we have no way to tell.
> Therefore there is no sensible pre-check that we can perform.

According to Howard's and Hallvard's analysis, slapd should do its best
to determine if the change is inconsistent.  As soon as it's
self-consistent (although possibly not what the user intended; but then
it's the user's fault), and no matter what, it shouldn't result in
shutting down slapd.  In this case, I think it is the responsibility of
back-config to try and open a database, but gracefully handle failure.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it