[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3622) slapacl leaves active transactions in back-bdb when ACLs by clauses require internal operations on the databases
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#3622) slapacl leaves active transactions in back-bdb when ACLs by clauses require internal operations on the databases
- From: ando@sys-net.it
- Date: Fri, 1 Apr 2005 08:53:18 GMT
Full_Name: Pierangelo Masarati
Version: HEAD,2.3
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.175.154.56)
Submitted by: ando
It appears that clauses (like sets) that perform internal searches to collect
info leave active transactions behind, creating problems at backend destruction.
I think this is an issue related to the different behavior internal searches may
take when acting in tool rather than server mode, but I haven't been able to
trace it yet.
To trigger the problem, run test003; then, configure a (silly) ACL like
access to *
by set="user/uid & [foo]" write
and run slapacl like
slapacl -D "cn=Ursula Hampster,ou=Alumni
Association,ou=People,dc=example,dc=com" -b "dc=example,dc=com"
This triggers a backend_attribute() call that looks up the user's uid and leaves
a transaction active:
Backend ACL: access to *
by set="user/uid & [foo]" write
testrun/slapd.1.conf: line 45: warning: cannot assess the validity of the ACL
scope within backend naming context
DN: "cn=ursula hampster,ou=alumni association,ou=people,dc=example,dc=com"
=> access_allowed: auth access to "dc=example,dc=com" "entry" requested
=> acl_get: [1] attr entry
=> acl_mask: access to entry "dc=example,dc=com", attr "entry" requested
=> acl_mask: to all values by "cn=ursula hampster,ou=alumni
association,ou=people,dc=example,dc=com", (=n)
=> bdb_entry_get: found entry: "cn=ursula hampster,ou=alumni
association,ou=people,dc=example,dc=com"
<= acl_mask: no more <who> clauses, returning =n (stop)
=> access_allowed: auth access denied by =n
entry: =n
bdb(dc=example,dc=com): Error: closing the transaction region with active
transactions
bdb_db_destroy: close failed: Invalid argument (22)
See also <http://www.openldap.org/lists/openldap-devel/200503/msg00153.html>