[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: direct local change when a consumer chains a write to the producer?
- To: ando@sys-net.it
- Subject: Re: direct local change when a consumer chains a write to the producer?
- From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Date: Fri, 02 Dec 2005 12:42:40 +0100
- Cc: "Howard Chu" <hyc@symas.com>, "OpenLDAP devel list" <openldap-devel@OpenLDAP.org>
- In-reply-to: <39351.131.175.154.56.1133195123.squirrel@131.175.154.56>
- References: <313423751.20051110113255@uaic.net> <42138.192.168.1.254.1132334767.squirrel@tomate.linagora.lan> <48887.10.0.14.46.1132341797.squirrel@mail.ivytech.edu> <465451149.20051118224611@uaic.net> <20498EEB4C91E6CD7543390E@cadabra-dsl.stanford.edu> <1466010362.20051119122217@uaic.net> <0F84CCF877D1F094219160DC@cadabra-dsl.stanford.edu> <1132493739.3316.112.camel@ando> <F5A02675FC28DA7864C3438C@cadabra-dsl.stanford.edu> <1132505214.3316.117.camel@ando> <43528.192.168.1.254.1132565037.squirrel@tomate.linagora.lan> <32823.10.0.14.46.1132587321.squirrel@mail.ivytech.edu> <53801.192.168.1.254.1132588966.squirrel@tomate.linagora.lan> <1132590414.3330.4.camel@ando> <33022.10.0.14.46.1132590508.squirrel@mail.ivytech.edu> <54934.192.168.1.254.1132591085.squirrel@tomate.linagora.lan> <1132592221.3330.14.camel@ando> <1132594689.6044.6.camel@ando> <6.2.1.2.0.20051121110557.03272008@mail.openldap.org> <1133163684.3318.10.camel@ando> <438AC745.7030709@symas.com> <6.2.1.2.0.20051128051020.02a88fa8@mail.openldap.org> <39326.131.175.154.56.1133193844.squirrel@131.175.154.56> <39351.131.175.154.56.1133195123.squirrel@131.175.154.56>
I note that an alternative to copying the result of
the modify to slave, another way to address inconsistent
reads after modify is to chain the read as well.
That is, if a server chains a modify for a client, it
should then chain any subsequent read of that entry
by that client as well. That is, treat this read as
if it included a dontUseCopy control.
Kurt
At 02:25 AM 11/29/2005, Pierangelo Masarati wrote:
>>
>>> and if the DSA wants to chain as B:
>>> chainedRequest originator=Y request={
>>> modifyRequest ... proxyAuthz=X
>>> } proxyAuthz=B
>>
>> Just to make sure I got you: "originator" would play a sort of "native"
>> proxyAuthz for the chainedRequest. So the players on the ground are:
>>
>> - the identity of the chaining DSA, A
>> - the identity A wants to proxyAuthz as, B
>> - the identity of the DUA that initiated the request, Y
>> - the identity Y wanted to proxyAuthz as, X
>>
>
>Moreover, if the chained DSA needs to further chain the request, it would
>contact yet another chained DSA using its own chaining identity (A'),
>eventually quthorizing as its own authz chaining identity (B'); so the
>chainedRequest would be rewritten as
>
> bindRequest name=A'
> chainedRequest originator=Y request={
> modifyRequest ... proxyAuthz=X
> } proxyAuthz=B'
>
>since it's to trust originator=Y because the request was received from a
>"trusted" chaining DSA that authenticated as A, i.e. an identity that is
>given the privilege to chain requests.
>
>p.
>
>--
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>
>
>
>Ing. Pierangelo Masarati
>
>Responsabile Open Solution
>
>
>
>SysNet s.n.c.
>
>Via Dossi, 8 - 27100 Pavia - ITALIA
>
>http://www.sys-net.it
>
>------------------------------------------
>
>Office: +39.02.23998309
>
>Mobile: +39.333.4963172
>
>Email: pierangelo.masarati@sys-net.it
>
>------------------------------------------