[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I can't delete a shell DB



Michael Ströder wrote:
 From a practical standpoint - behavior of the service when clients are making
requests to a backend that gets removed is totally undefined.

LDAP clients do not care about (OpenLDAP) database backends at all.
They simply query a DIT.

Yes, but they expect to get consistent answers to their queries. You cannot make any assertions about consistency when the rug is pulled out from under a running query.

AFAICS the original poster wanted to replace back-shell with back-sock for the
very same naming context. In theory this could be done with back-config - only
requring a very small downtime - entry deletion in back-config would be possible.

It would require adding a suffix to one backend while removing it from another. Since this can't be done in a single LDAP request it would require wrapping both changes in a single LDAP Transaction.

Doing it non-atomically would invariably result in inexplicable client error messages as they send requests to an LDAP server that was "working fine before" but suddenly replies "no global superior knowledge".

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/