<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/15/2014 09:05 PM, Nathaniel
McCallum wrote:<br>
</div>
<blockquote cite="mid:1410807911.4238.6.camel@redhat.com"
type="cite">
<pre wrap="">This plugin ensures that all counter/watermark operations are atomic
and never decrement. Also, deletion is not permitted.
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4494">https://fedorahosted.org/freeipa/ticket/4494</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<font face="Times New Roman, Times, serif">Hello Nathaniel,<br>
<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">More
thoughts.. I think being "betxnpreoperation" you are safe with
parallel client ops and the check is atomic. I have few
comments:<br>
</font>
<ul>
<li><font face="Times New Roman, Times, serif">Shouldn't be implemented
SLAPI_PLUGIN_CLOSE_FN/SLAPI_PLUGIN_START_FN callback, even
if they are empty.</font></li>
<li><font face="Times New Roman, Times, serif">In load_counters,
in case we have a target entry that has not 'objectclass'
'ipatokenHOTP|ipatokenTOTP' and the mod operation:<br>
dn: <entry><br>
changetype: modify<br>
replace: ipatokenHOTPcounter<br>
ipatokenHOTPcounter: 200<br>
-<br>
add: objectclass<br>
objectclass: ipatokenHOTP<br>
<br>
<br>
I wonder if the operation will not fail although IMHO it
should succeeds.<br>
Shouldn't let the schema checking reject the operation if
the attribute is not granted by the entry objectclass<br>
</font></li>
<li><font face="Times New Roman, Times, serif">in load_counters,
I am under the impression it may return ipatokenHOTPcounter
or ipatokenTOTPwatermark (</font><font face="Times New
Roman, Times, serif"><font face="Times New Roman, Times,
serif">ipatokenHOTPcounter is missing).<br>
But then how the caller knows that the returned value is a
counter or a watermark ?</font><br>
</font></li>
<li><font face="Times New Roman, Times, serif">in
ldapmod_is_attrs you may prefer PL_strcasecmp to </font><font
face="Times New Roman, Times, serif">strcasecmp</font></li>
</ul>
<p><font face="Times New Roman, Times, serif">About replicated
updates, if updates of counters/watermark are done on several
servers. Then a replicated operation may want to set
counters/watermark with a smaller value that the existing one.
In that case, it will return unwilling to perform. That could
break replication.<br>
If the update comes from replication and the value is going
backward, we could make the operation a nop operation (setting
the attribute to its current value).<br>
</font></p>
<p><font face="Times New Roman, Times, serif">thanks<br>
theirry<br>
</font></p>
</blockquote>
</body>
</html>