[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Wishes for set ACLs

Kurt D. Zeilenga wrote:

At 11:26 AM 3/17/2005, Pierangelo Masarati wrote:

access to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
 by set="[ldap:///dc=example,dc=com??sub?(uid=bjorn)]/uid & this/uid" read
 by * auth

which directly issues an internal search, in principle might incur in a deadlock, but it doesn't.

Try that with directory modifications.

The operation thread grabs a write lock on the entry for
the modify operation, then spins off an internal search for
the set evaluation, which causes the thread to try to grab a
read lock on the entry. As its using two different locker ids,
the thread is prone to self deadlock.

We actually only use one locker ID per thread. But, the txn pointer does need to be propagated, and looking thru HEAD acl.c:aci_set_gather() I see this isn't happening there, so this is a problem for sets. I think I can fix this pretty easily.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support