Re: Handling bad cn=config updates

[Howard Chu <hyc@symas.com>]

Howard Chu wrote:
> Hallvard B Furuseth wrote:
> > Howard Chu writes:
> > > The Modify operation has already completed though, there's nothing to
> > > "return" an error message to by then.
> > I see.
> >
> > > We do as much pre-checking as possible to validate the syntax of changes
> > > before committing them. But here you've got an input with perfectly valid
> > > syntax. The only way to know that it's bad is to commit the change.
> > >
> > > We already undo bad changes when we can detect them...
> > That's good, but that also means that a success response doesn't
> > indicate that the change was made to cn=config.
>
> No, the changes that we can detect are done before the response is sent. As
> such, the failure is sent back to the client (as it should be).
>
> > So let me step back a bit: I'd like slapd to send the ModifyResponse
> > _after_ the change has taken effect (or failed to take effect).

That's actually the way it has been implemented. Just that in this case, we 
weren't validating the olcDbDirectory argument before trying to use it. This 
is now being done in HEAD.

As for bad changes shutting down the server - that was also a conscious 
decision; the kinds of errors that can cause this failure are presumably the 
type that we cannot rollback and recover from. If you find any other trivially 
recoverable errors that cause this to occur, feel free to patch them, but 
leave the overall shutdown trigger in place.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/