[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Handling bad cn=config updates

Howard Chu wrote:
Hallvard B Furuseth wrote:
Howard Chu writes:
The Modify operation has already completed though, there's nothing to
"return" an error message to by then.
I see.

We do as much pre-checking as possible to validate the syntax of changes
before committing them. But here you've got an input with perfectly valid
syntax. The only way to know that it's bad is to commit the change.

We already undo bad changes when we can detect them...
That's good, but that also means that a success response doesn't
indicate that the change was made to cn=config.

No, the changes that we can detect are done before the response is sent. As such, the failure is sent back to the client (as it should be).

So let me step back a bit: I'd like slapd to send the ModifyResponse
_after_ the change has taken effect (or failed to take effect).

That's actually the way it has been implemented. Just that in this case, we weren't validating the olcDbDirectory argument before trying to use it. This is now being done in HEAD.

As for bad changes shutting down the server - that was also a conscious decision; the kinds of errors that can cause this failure are presumably the type that we cannot rollback and recover from. If you find any other trivially recoverable errors that cause this to occur, feel free to patch them, but leave the overall shutdown trigger in place.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/