[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: "LDAP ease modify restrictions" support
- To: openldap-technical@openldap.org
- Subject: Re: "LDAP ease modify restrictions" support
- From: Radovan Semancik <radovan.semancik@evolveum.com>
- Date: Mon, 22 Feb 2016 10:01:54 +0100
- Dkim-filter: OpenDKIM Filter v2.9.0 hermes.evolveum.com 035783629CB
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evolveum.com; s=46F1F96C-8266-11E5-BB5D-6C9186186C84; t=1456131727; bh=Pz8x3oZoPnmxR6bFzgsEw5EkIrLSivhD+rEjZHnCKGU=; h=Subject:To:From:Message-ID:Date:MIME-Version:Content-Type: Content-Transfer-Encoding; b=QyypsZzdyPra36hdPhpYsBg5EvUGzltsIu3epz1grLd3Pp9j5vUpHWX0d6DdGvJ3r tSLpm6W7Ns3Y0/4CYncCdneaKF6BmuBbN51ccWKuQdvOc0pOV3StXhOuHF/y5dDCj8 7RBrnDAtbYiG/8CL6Ajon8q5XqB80utjjMHtVBik=
- In-reply-to: <56C8836C.2090807@stroeder.com>
- References: <56C709C2.7010808@evolveum.com> <56C8836C.2090807@stroeder.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
On 02/20/2016 04:17 PM, Michael Ströder wrote:
The control's OID is listed in my OpenLDAP 2.4.44 instance.
Thanks. I'll try that once I find Ubuntu packages of recent OpenLDAP
version ... that'll take a bit of time :-)
BTW: I'd always recommend to fix the client instead of using this control.
Actually, that's not really a practical advice.
LDAP does not have ACID consistency. Adding a value that is already
added may happen even if everything operates correctly and there is no
bug in the client code.
E.g. imagine that two clients adds user to the same group. If the
control is not present, one of the operations fails even if there is
actually no logical error at all. Reading a value, filtering out the
values and writing it again provides no guarantees, as the value might
be changed in the meantime. Yes, the clients may have special handling
for this error and evaluate the case and re-try the operation. In a way
similar to handling of optimistic lock conditions. But that is at least
one extra round-trip. Usually two. And this significantly complicates
the client code as the operation may add a couple of values and remove
other values. It is possible to write a correct code to handle that (we
have done that in midPoint), but it is not easy to develop and
(especially) test it. It is not something that one would expect from an
ordinary LDAP client, is it?
--
Radovan Semancik
Software Architect
evolveum.com