[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3622) slapacl leaves active transactions in back-bdb when ACLs by clauses require internal operations on the databases

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3622) slapacl leaves active transactions in back-bdb when ACLs by clauses require internal operations on the databases
From: hyc@symas.com
Date: Fri, 1 Apr 2005 10:04:25 GMT

bdb_txn_get obtains a long-lived read transaction, one per thread when 
slapd is running. It relies on the thread pool mechanism to call the 
free routine when the thread pool is shutdown. In tool mode there is no 
thread pool, so the free routine is never invoked. Probably in tool mode 
the bdb_txn_get function should be a no-op.

ando@sys-net.it wrote:

>Full_Name: Pierangelo Masarati
>Version: HEAD,2.3
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (131.175.154.56)
>Submitted by: ando
>
>
>It appears that clauses (like sets) that perform internal searches to collect
>info leave active transactions behind, creating problems at backend destruction.
>I think this is an issue related to the different behavior internal searches may
>take when acting in tool rather than server mode, but I haven't been able to
>trace it yet.
>
>To trigger the problem, run test003; then, configure a (silly) ACL like
>
>
>access to *
>   by set="user/uid & [foo]" write
>
>
>and run slapacl like
>
>
>slapacl -D "cn=Ursula Hampster,ou=Alumni
>Association,ou=People,dc=example,dc=com" -b "dc=example,dc=com"
>
>This triggers a backend_attribute() call that looks up the user's uid and leaves
>a transaction active:
>
>Backend ACL: access to *
>    by set="user/uid & [foo]" write
>
>
>testrun/slapd.1.conf: line 45: warning: cannot assess the validity of the ACL
>scope within backend naming context
>DN: "cn=ursula hampster,ou=alumni association,ou=people,dc=example,dc=com"
>=> access_allowed: auth access to "dc=example,dc=com" "entry" requested
>=> acl_get: [1] attr entry
>=> acl_mask: access to entry "dc=example,dc=com", attr "entry" requested
>=> acl_mask: to all values by "cn=ursula hampster,ou=alumni
>association,ou=people,dc=example,dc=com", (=n)
>=> bdb_entry_get: found entry: "cn=ursula hampster,ou=alumni
>association,ou=people,dc=example,dc=com"
><= acl_mask: no more <who> clauses, returning =n (stop)
>=> access_allowed: auth access denied by =n
>entry: =n
>bdb(dc=example,dc=com): Error: closing the transaction region with active
>transactions
>bdb_db_destroy: close failed: Invalid argument (22) 
>
>See also <http://www.openldap.org/lists/openldap-devel/200503/msg00153.html>
>
>
>
>
>  
>


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Prev by Date: Re: (ITS#3620) ldapsearch controls attached to Unbind request
Next by Date: Re: (ITS#3622) slapacl leaves active transactions in back-bdb when ACLs by clauses require internal operations on the databases
Index(es):
- Chronological
- Thread