[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Overlays and OpenLDAP multi-threading model

To: "Lucas Brasilino" <lucas.brasilino@gmail.com>
Subject: Re: Overlays and OpenLDAP multi-threading model
From: masarati@aero.polimi.it
Date: Fri, 25 Jun 2010 05:34:01 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <AANLkTik-YIHYBlaUgH6ExP4kmeH-fmOqhYvjCtTr_hUF@mail.gmail.com>
References: <AANLkTilvhlxKct3uKCRNvgxutV_kt_pFpcqa4_ARKKvF@mail.gmail.com> <79e737ede3837bcd3b45fb32168fab5f.squirrel@www.aero.polimi.it> <AANLkTinno08qQrQ2RfLHHOsA7hGH3-GmlPTwlXvu1lRx@mail.gmail.com> <80ed7479060dda4a2523b950f2d55897.squirrel@www.aero.polimi.it> <AANLkTik-YIHYBlaUgH6ExP4kmeH-fmOqhYvjCtTr_hUF@mail.gmail.com>
User-agent: SquirrelMail/1.4.15

> Hi
>
>> Now I understand a bit more of your question.  OpenLDAP does not work as
>> I
>> presume you imagined.  There is one thread that listens for requests.
>>  As
>> soon as a request is received, an operation structure is created, and
>> queued for execution.  As soon as one thread is available from a thread
>> pool, the first operation in the queue is executed.  So threads *do not*
>> accept connections (a connection is a persistent channel between the
>> client and the server; a connection is not related to a thread).  A
>> specific thread accepts requests (a request is mapped onto an
>> operation),
>> and each operation is executed by a different thread.
>
> Thanks for your explanation. But, is this operation structure also
> points (or stores)
> connection related data like the binding DN and it's credentials
> (password) ? If
> so, do you can point me in which structure member it is stored ? The
> overlay
> has to have those informations...

The Operaton structure points to the Connection structure (op->o_conn,
which is actually a macro that expands to op->o_hdr->oh_conn); it also
contains copies of data that could be modified.  For example, the DN the
connection is bound as is in op->o_dn (pretty) and op->o_ndn (normalized).
 It is a copy, because the operation could modify it (e.g. via the proxied
authorization control).  The original value is in op->o_conn->c_ndn.  Of
course credentials are not stored; actually, slapd should have no notion
of how the client bound after the bind succeeds, except for what type of
mechanism was used, and the related ssf.

>> If your overlay takes a lot of time, in principle it will only affect
>> its
>> operation.  If the client is performing multiple operations
>> concurrently,
>> only that operation will be delayed.  Of course, if all operations use
>> your overlay, and all operations of your overlay take a lot of time, at
>> some point all the threads of the pool will be busy.  Further requests
>> will be accepted by the listener thread, but they will be queued until
>> one
>> thread of the pool is available.
>
> Great! So the overall performance of OpenLDAP won't be compromised, once
> the overlay will only act over modifications operations of one
> attribute (userPassword).

Your overlay can access the password during a simple bind operation.  It
is in op->orb_cred.

p.

References:
- Overlays and OpenLDAP multi-threading model
  - From: Lucas Brasilino <lucas.brasilino@gmail.com>
- Re: Overlays and OpenLDAP multi-threading model
  - From: masarati@aero.polimi.it
- Re: Overlays and OpenLDAP multi-threading model
  - From: Lucas Brasilino <lucas.brasilino@gmail.com>
- Re: Overlays and OpenLDAP multi-threading model
  - From: masarati@aero.polimi.it
- Re: Overlays and OpenLDAP multi-threading model
  - From: Lucas Brasilino <lucas.brasilino@gmail.com>

Prev by Date: Re: ldaprc with ldaps:// and ldap:// fallback
Next by Date: Re: Unique Overlay Help
Index(es):
- Chronological
- Thread