Re: back-config delete support (syncprov overlay)

2010-03-02 Thread Pierangelo Masarati

Ralf Haferkamp wrote:


Also on the topic of deletes, we should start adding term_module()
handlers to the backends and overlays.

Yes. I havn't gone into the details of module unloading yet, though.

An additional bi_db_delete handler in the BackendInfo structure might be 
helpful as well. Or a flag passed to  bi_db_close/bi_db_destory to 
indicate whether the database/overlay is closed due to a server shutdown 
or a delete operation on cn=config.


I vote for a new call.  Modifying the API of existing calls breaks 
source code compatibility.  Adding a new helper only breaks binary 
compatibility.  Code duplication issues can be dealt with by modules.


p.


Re: back-config delete support (syncprov overlay)

2010-03-02 Thread Ralf Haferkamp
Am Freitag 26 Februar 2010 19:29:43 schrieb Howard Chu:
> Ralf Haferkamp wrote:
> > Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
> >>> Hi,
> >>> 
> >>> while taking up some loose ends on my work on delete support for
> >>> back- config (enabled with -DSLAP_CONFIG_DELETE) I wondered how we
> >>> should deal with the deletion of the syncprov overlay when there
> >>> are active refreshAndPersist sessions. What errorcode should we
> >>> sent when closing such a connection? To me LDAP_UNAVAILABLE sound
> >>> like the best choice. LDAP_UNWILLING_TO_PERFORM might also be ok.
> >> 
> >> What about an unsolicited notification (RFC 4511, 4.4)?
> > 
> > Hm, yes. A "Notice of Disconneciton" might work as well. But that
> > would result in the client connection been taken down, which is
> > probably not desired. For syncrepl connections from slapd-consumers
> > this might be ok. But other LDAPSync clients might have other
> > operations active on the same connection which wouldn't be affected
> > by the removal of the syncprov overlay, I guess.
> > 
> > Returning an error just for the LDAPSync related Search seemed more
> > logical to me.
> 
> Agreed. The actual choice of error probably isn't too critical.
> LDAP_UNAVAILABLE sounds fine.
> 
> Also on the topic of deletes, we should start adding term_module()
> handlers to the backends and overlays.
Yes. I havn't gone into the details of module unloading yet, though.

An additional bi_db_delete handler in the BackendInfo structure might be 
helpful as well. Or a flag passed to  bi_db_close/bi_db_destory to 
indicate whether the database/overlay is closed due to a server shutdown 
or a delete operation on cn=config.

-- 
Ralf


Re: back-config delete support (syncprov overlay)

2010-02-26 Thread Howard Chu

masar...@aero.polimi.it wrote:

masar...@aero.polimi.it wrote:

Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
Returning an error just for the LDAPSync related Search seemed more
logical to me.


In any case, (ab)using an existing error code might not be optimal.  as
a
consequence of removing slapo-syncprov(5), any consumer using it needs
to
be clearly informed that just retrying later is probably not an option.
On the contrary, returning a dedicated error would allow to exactly
inform
the consumer about what it can expect from the (former) producer, and
possibly to suggest a strategy (e.g. the message could contain a hint
about some substitute producer, or so).


This situation is no different than pointing a consumer at a server that
has
no provider configured. We don't do anything special for that case; I
don't
believe anything special is called for here.


Well, I believe it's not exactly identical.  If you point a consumer to a
DSA that's not a producer, sync replication cannot initiate.  If you point
a consumer to a DSA that's a producer, and eventually ceases to be a
producer, the consumer could take advantage of being informed that it's
pointless to keep retrying an "unwilling to perform" that could be
interpreted as a temporary failure.  But I don't want to make a point of
it, as it would probably take us too far from the initial objective...


The actual sequence of events would be: consumer receives LDAP_UNAVAILABLE 
result on its psearch, then the next time it retries, it will be talking to a 
server with no provider. I.e., identical to the never-configured case, it will 
receive a search response with no sync control. There is no opportunity to 
provide more meaningful diagnostics, nor is there actually anything more 
useful that can be said. The situation might be temporary, or it might be 
permanent. Who can say?

--
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: back-config delete support (syncprov overlay)

2010-02-26 Thread masarati
> masar...@aero.polimi.it wrote:
>>> Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
>>> Returning an error just for the LDAPSync related Search seemed more
>>> logical to me.
>>
>> In any case, (ab)using an existing error code might not be optimal.  as
>> a
>> consequence of removing slapo-syncprov(5), any consumer using it needs
>> to
>> be clearly informed that just retrying later is probably not an option.
>> On the contrary, returning a dedicated error would allow to exactly
>> inform
>> the consumer about what it can expect from the (former) producer, and
>> possibly to suggest a strategy (e.g. the message could contain a hint
>> about some substitute producer, or so).
>
> This situation is no different than pointing a consumer at a server that
> has
> no provider configured. We don't do anything special for that case; I
> don't
> believe anything special is called for here.

Well, I believe it's not exactly identical.  If you point a consumer to a
DSA that's not a producer, sync replication cannot initiate.  If you point
a consumer to a DSA that's a producer, and eventually ceases to be a
producer, the consumer could take advantage of being informed that it's
pointless to keep retrying an "unwilling to perform" that could be
interpreted as a temporary failure.  But I don't want to make a point of
it, as it would probably take us too far from the initial objective...

p.



Re: back-config delete support (syncprov overlay)

2010-02-26 Thread Howard Chu

masar...@aero.polimi.it wrote:

Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
Returning an error just for the LDAPSync related Search seemed more
logical to me.


In any case, (ab)using an existing error code might not be optimal.  as a
consequence of removing slapo-syncprov(5), any consumer using it needs to
be clearly informed that just retrying later is probably not an option.
On the contrary, returning a dedicated error would allow to exactly inform
the consumer about what it can expect from the (former) producer, and
possibly to suggest a strategy (e.g. the message could contain a hint
about some substitute producer, or so).


This situation is no different than pointing a consumer at a server that has 
no provider configured. We don't do anything special for that case; I don't 
believe anything special is called for here.

--
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: back-config delete support (syncprov overlay)

2010-02-26 Thread masarati
> Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
>> > Hi,
>> >
>> > while taking up some loose ends on my work on delete support for
>> > back- config (enabled with -DSLAP_CONFIG_DELETE) I wondered how we
>> > should deal with the deletion of the syncprov overlay when there
>> > are active refreshAndPersist sessions. What errorcode should we
>> > sent when closing such a connection? To me LDAP_UNAVAILABLE sound
>> > like the best choice. LDAP_UNWILLING_TO_PERFORM might also be ok.
>>
>> What about an unsolicited notification (RFC 4511, 4.4)?
> Hm, yes. A "Notice of Disconneciton" might work as well. But that would
> result in the client connection been taken down, which is probably not
> desired. For syncrepl connections from slapd-consumers this might be ok.
> But other LDAPSync clients might have other operations active on the same
> connection which wouldn't be affected by the removal of the syncprov
> overlay, I guess.
>
> Returning an error just for the LDAPSync related Search seemed more
> logical to me.

In any case, (ab)using an existing error code might not be optimal.  as a
consequence of removing slapo-syncprov(5), any consumer using it needs to
be clearly informed that just retrying later is probably not an option. 
On the contrary, returning a dedicated error would allow to exactly inform
the consumer about what it can expect from the (former) producer, and
possibly to suggest a strategy (e.g. the message could contain a hint
about some substitute producer, or so).

p.



Re: back-config delete support (syncprov overlay)

2010-02-26 Thread Howard Chu

Ralf Haferkamp wrote:

Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:

Hi,

while taking up some loose ends on my work on delete support for
back- config (enabled with -DSLAP_CONFIG_DELETE) I wondered how we
should deal with the deletion of the syncprov overlay when there
are active refreshAndPersist sessions. What errorcode should we
sent when closing such a connection? To me LDAP_UNAVAILABLE sound
like the best choice. LDAP_UNWILLING_TO_PERFORM might also be ok.


What about an unsolicited notification (RFC 4511, 4.4)?

Hm, yes. A "Notice of Disconneciton" might work as well. But that would
result in the client connection been taken down, which is probably not
desired. For syncrepl connections from slapd-consumers this might be ok.
But other LDAPSync clients might have other operations active on the same
connection which wouldn't be affected by the removal of the syncprov
overlay, I guess.

Returning an error just for the LDAPSync related Search seemed more
logical to me.

Agreed. The actual choice of error probably isn't too critical. 
LDAP_UNAVAILABLE sounds fine.


Also on the topic of deletes, we should start adding term_module() handlers to 
the backends and overlays.


--
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: back-config delete support (syncprov overlay)

2010-02-26 Thread Ralf Haferkamp
Am Freitag 26 Februar 2010 13:30:55 schrieb masar...@aero.polimi.it:
> > Hi,
> > 
> > while taking up some loose ends on my work on delete support for
> > back- config (enabled with -DSLAP_CONFIG_DELETE) I wondered how we
> > should deal with the deletion of the syncprov overlay when there
> > are active refreshAndPersist sessions. What errorcode should we
> > sent when closing such a connection? To me LDAP_UNAVAILABLE sound
> > like the best choice. LDAP_UNWILLING_TO_PERFORM might also be ok.
> 
> What about an unsolicited notification (RFC 4511, 4.4)?
Hm, yes. A "Notice of Disconneciton" might work as well. But that would 
result in the client connection been taken down, which is probably not 
desired. For syncrepl connections from slapd-consumers this might be ok. 
But other LDAPSync clients might have other operations active on the same 
connection which wouldn't be affected by the removal of the syncprov 
overlay, I guess.

Returning an error just for the LDAPSync related Search seemed more 
logical to me.

-- 
Ralf




Re: back-config delete support (syncprov overlay)

2010-02-26 Thread masarati
> Hi,
>
> while taking up some loose ends on my work on delete support for back-
> config (enabled with -DSLAP_CONFIG_DELETE) I wondered how we should deal
> with the deletion of the syncprov overlay when there are active
> refreshAndPersist sessions. What errorcode should we sent when closing
> such a connection? To me LDAP_UNAVAILABLE sound like the best choice.
> LDAP_UNWILLING_TO_PERFORM might also be ok.

What about an unsolicited notification (RFC 4511, 4.4)?

p.