[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-bdb flaw

Hallvard B Furuseth wrote:
Howard Chu writes:
There appears to be a long-standing problem with back-bdb and entries
with more than BDB_IDL_DB_MAX immediate children. If the entryIDs of
the children are non-contiguous, then attempts to delete the subtree
of the entry will fail, because the IDL range for the OneLevel index
in the dn2id DB will never zero out.

I'm not aware of a recursive delete LDAP control - do you mean "attempts to delete the entry after having deleted the subtree"? If so:

Pretty much. E.g. using ldapdelete -r, but it would apply to any situation where an entry had many children, and eventually they were all deleted, and then eventually someone attempts to delete the entry itself.

Is the problem only to (make it feasible to) detect this situation, or
also to act on it?  To detect it, I assume Delete before returning
notAllowedOnNonLeaf could search with scope onelevel/children, and see
if it finds any entires.

Yes... back-bdb would also need to check this for modrdn as well. Seems like quite a lot of extra expense to perform this check each time.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/