[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling multi-master replication option in CVS

To: openldap-devel@OpenLDAP.org
Subject: Re: Enabling multi-master replication option in CVS
From: Ryan Moats <rmoats@lemurnetworks.net>
Date: Thu, 18 Jul 2002 11:58:22 -0500
Cc: Ganesan R <rganesan-ldap@myrealbox.com>
Content-disposition: inline
In-reply-to: <20011121153211.A9264@andiamo.com>; from rganesan-ldap@myrealbox.com on Wed, Nov 21, 2001 at 03:32:11PM +0530
References: <20011120080248.A32253@andiamo.com> <5.1.0.14.0.20011120171426.016e2af8@127.0.0.1> <20011121153211.A9264@andiamo.com>
User-agent: Mutt/1.2.5i

On Wed, Nov 21, 2001 at 03:32:11PM +0530, Ganesan R wrote:
| On Tue, Nov 20, 2001 at 05:16:38PM -0800, Kurt D. Zeilenga wrote:
| > At 06:32 PM 2001-11-19, Ganesan R wrote:
| > >I have been experimenting with multi-master replication with good results
| > >in OpenLDAP CVS. I am wondering why the option is commented out in
| > >configure.in.
| > 
| > Because the code viewed as being experimental.
| 
| I remember there was some dicussion whether the code should be enabled even
| if it is experimental. The option is turned off by default anyway and the
| 2.1 tree is still in development. So I feel that the option can be exposed
| for user testing; the final call is yours, of course.
| 
| Ganesan

I know this is an old thread, but recently, I've had occasion to 
look at this experimental code as well, and frankly, I see a 
problem:  it allows any users to change attributes with "no user
modification" set. This is a no-no.

The following patches fix this for 2.0.25 (apply in servers/slapd).
Having checked 2.1.3, a similar patch can be done (with the be_update_ndn
checks appropriately changed).

The issue of the replication user being able to change non-user attributes
from the command line still exists.

Ryan Moats

*** add.c       Thu Jul 18 12:11:17 2002
--- add.c.orig  Thu Jul 18 12:10:54 2002
***************
*** 202,219 ****
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
- #ifdef SLAPD_MULTIMASTER
-       /*
-        * in multimaster, update should set to the value of repl_user,
-        * otherwise a normal user can modify non-user attributes.
-        */
-                       int update = repl_user;
- #else
-       /*
-        * normally if updatedn has been set then we can set all atributes.
-        */
                        int update = be->be_update_ndn != NULL;
- #endif
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;

--- 202,208 ----
*** modify.c    Thu Jul 18 12:12:52 2002
--- modify.c.orig       Thu Jul 18 12:11:33 2002
***************
*** 231,248 ****
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
! #ifdef SLAPD_MULTIMASTER
!         /*
!          * in multimaster, update should set to the value of repl_user,
!          * otherwise a normal user can modify non-user attributes.
!          */
!                         int update = repl_user;
! #else
!         /*
!          * normally if updatedn has been set then we can set all atributes.
!          */
!                         int update = be->be_update_ndn != NULL;
! #endif
                        const char *text;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;
--- 231,237 ----
                if ( be->be_update_ndn == NULL || repl_user )
  #endif
                {
!                       int update = be->be_update_ndn != NULL;
                        const char *text;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;

Prev by Date: error on select()
Next by Date: backend_group and re-entrant operations
Index(es):
- Chronological
- Thread