[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Handling bad cn=config updates

Hallvard B Furuseth wrote:
Howard Chu writes:
The Modify operation has already completed though, there's nothing to
"return" an error message to by then.

I see.

We do as much pre-checking as possible to validate the syntax of changes
before committing them. But here you've got an input with perfectly valid
syntax. The only way to know that it's bad is to commit the change.

We already undo bad changes when we can detect them...

That's good, but that also means that a success response doesn't indicate that the change was made to cn=config.

No, the changes that we can detect are done before the response is sent. As such, the failure is sent back to the client (as it should be).

So let me step back a bit: I'd like slapd to send the ModifyResponse
_after_ the change has taken effect (or failed to take effect).

Right, it's just that some changes need to be done at a later point than others. It's all about keeping a logical sequencing.

How can a program currently wait for a cn=config change to take effect?
Just loop and read the directory, waiting for either an expected visible
change or for the cn=config change to disappear (if it gets undone)?

The only change that has a delayed effect is adding a new index, which starts a background task. Everything else actually takes place before the response goes back to the client. The problem right now is that the return code from the cleanup handler isn't being checked. That's a simple fix. The other problem is that we need to keep the old set of attributes around to undo the modify if the cleanup fails.

BTW, unless I've missed something the doc says very little about how
back-config itself works.  Mostly the slapd-config(5) and the config
parts of the admin guide describe the _contents_ of cn=config.

For the most part, internal implementation details never get documented. Only developers need to know, and they can just read the code.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/