[Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin
Martin Kosek
mkosek at redhat.com
Thu Oct 16 19:02:55 UTC 2014
On 10/15/2014 09:22 AM, Martin Kosek wrote:
> On 10/14/2014 09:01 PM, Nathaniel McCallum wrote:
>> On Thu, 2014-10-09 at 18:48 +0200, thierry bordaz wrote:
>>> On 10/09/2014 05:51 PM, Nathaniel McCallum wrote:
>>>
>>>> On Thu, 2014-10-09 at 11:44 +0200, thierry bordaz wrote:
>>>>> On 10/09/2014 12:15 AM, Nathaniel McCallum wrote:
>>>>>
>>>>>> On Wed, 2014-10-08 at 17:19 -0400, Simo Sorce wrote:
>>>>>>> On Wed, 08 Oct 2014 15:53:39 -0400
>>>>>>> Nathaniel McCallum <npmccallum at redhat.com> wrote:
>>>>>>>
>>>>>>>> As I understand my code, all servers will have csnD. Some servers will
>>>>>>>> have valueB and others will have valueD, but valueB == valueD.
>>>>>>>>
>>>>>>>> We *never* discard a CSN. We only discard the counter/watermark mods
>>>>>>>> in the replication operation.
>>>>>>> What Thierry is saying is that the individual attributes in the entry
>>>>>>> have associate the last CSN that modified them. Because you remove the
>>>>>>> mods when ValueD == ValueB the counter attribute will not have the
>>>>>>> associated CSN changed. But it doesn't really matter because the plugin
>>>>>>> will always keep things consistent.
>>>>>> Attached is a new version. It removes this optimization. If server X has
>>>>>> valueB/csnB and receives valueD/csnD and valueB == valueD, the
>>>>>> replication will be applied without any modification. However, if valueB
>>>>>>> valueD and csnD > csnB, the counter mods will still be stripped.
>>>>>> It also collapses the error check from betxnpre to bepre now that we
>>>>>> have a fix for https://fedorahosted.org/389/ticket/47919 committed. The
>>>>>> betxnpre functions are completely removed. Also, a dependency on 389
>>>>>> 1.3.3.4 (not yet released) is added.
>>>>>>
>>>>>> Nathaniel
>>>>> Hello Nathaniel,
>>>>>
>>>>> For me the code is fine. Ack.
>>>> New attached patch.
>>>>
>>>>> I have two minor comments:
>>>>> * in preop_mod, when a direct update moves the counter
>>>>> backward you send UNWILLING to perform with a message.
>>>>> The message is allocated with slapi_ch_smprintf, you
>>>>> may free it with slapi_ch_free_string (rather than
>>>>> 'free').
>>>> Fixed.
>>>>
>>>>> * About this message, for example when you have these
>>>>> MODS (I admit they make no sens):
>>>>>
>>>>> changetype: modify
>>>>> ipatokenHOTPcounter: MOD_DELETE
>>>>> -
>>>>> ipatokenHOTPcounter: MOD_INCREMENT
>>>>>
>>>>> The returned message will be "Will not decrement
>>>>> ipatokenHOTPcounter", because 'simulate' will return
>>>>> 'COUNTER_UNSET+1'.
>>>>> Is it the message you expected ?
>>>> I changed the logic in simulate(). Please review it.
>>>>
>>>> Nathaniel
>>>>
>>> Hello Nathaniel,
>>>
>>>
>>> The patch is ok for me. Ack.
>>
>> Since the ACK, the upstream 389 fix actually landed in 1.3.3.5. This
>> patch changes nothing except the dependency version. I have tested it
>> against the 1.3.3.5 build.
>>
>> Nathaniel
>
> Great! As soon as the new build land in Fedora 21 (and we add it to our Copr),
> the patch can be pushed.
>
> Martin
Ok, 1.3.3.5 is in koji and our Copr repo. I almost pushed the patch, but I just
spotted you forgot to solve the upgrades - so NACK.
"cn=IPA OTP Counter,cn=plugins,cn=config" plugin configuration also needs to be
added in some update file.
Martin
More information about the Freeipa-devel
mailing list