Re: back-bdb flaw
Hallvard B Furuseth wrote:
Howard Chu writes:
> There appears to be a long-standing problem with back-bdb and entries
> with more than BDB_IDL_DB_MAX immediate children. If the entryIDs of
> the children are non-contiguous, then attempts to delete the subtree
> of the entry will fail, because the IDL range for the OneLevel index
> in the dn2id DB will never zero out.
I'm not aware of a recursive delete LDAP control - do you mean "attempts
to delete the entry after having deleted the subtree"? If so:
Pretty much. E.g. using ldapdelete -r, but it would apply to any situation
where an entry had many children, and eventually they were all deleted, and
then eventually someone attempts to delete the entry itself.
Is the problem only to (make it feasible to) detect this situation,
or
also to act on it? To detect it, I assume Delete before returning
notAllowedOnNonLeaf could search with scope onelevel/children, and see
if it finds any entires.
Yes... back-bdb would also need to check this for modrdn as well. Seems like
quite a lot of extra expense to perform this check each time.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/