[Pki-devel] [PATCH] pki-ftweedal-0015-Monitor-database-for-changes-to-LDAP-profiles.patch
Endi Sukma Dewata
edewata at redhat.com
Tue Apr 7 01:27:05 UTC 2015
On 3/30/2015 2:27 AM, Fraser Tweedale wrote:
>> 1. I have not actually tested this, but suppose the LDAP server is running
>> on a separate machine, then the network is down, and during that time a
>> profile is removed from the database. When the network is restored, the
>> ProfileSubsystem will reload all remaining profiles, but it will still have
>> the profile that was deleted in its memory. I think the ProfileSubsystem
>> should clear its memory before running the persistent search.
>> 2. In ProfileSubsystem.createProfileDN() the basedn is no longer used so it
>> can be removed.
>> 3. If the LDAP server is stopped the debug log says it's retrying in 5
>> seconds, but it's actually trying every second.
>> I think #1 should be fixed, but the others are very trivial to fix too.
> New patch attached. All issues have been addressed.
Let's say a profile is modified then deleted. These operations are
replicated to a clone which is monitoring the changes using persistent
search. When the clone receives the modify operation it will call
readProfile(), which will call createProfile(), which will create an
LDAPConfigStore for that profile. When LDAPConfigStore is created, it
will read the profile from the database using a separate query. The
problem is, at that point it's unclear whether the profile still exists.
The current code might ignore the error if the entry doesn't exist, but
in general I don't think the code should make a separate query to
retrieve the profile info because it could lead to inconsistencies. It
should have used the LDAP entry returned by the persistent search that
corresponds to the operation being processed.
Endi S. Dewata
More information about the Pki-devel