Hi, I am using OpenLDAP 2.3.43 with BDB 4.5.20 and recently encountered a problem where two different entries were created with the same mail attribute value. The problem is that the mail attribute was defined as unique in slapd.conf: index mail eq,sub overlay unique unique_attributes mail
The two similar entries were created about 300 milliseconds apart. To add to the confusion, an ldapsearch for the same mail value occurred at roughly the same time.
So far I have not been able to reproduce this, which indicates that it is a race condition.
I hope someone can help me, or direct me to some documentation.
Regards, Magne Land
Magne Land wrote:
I am using OpenLDAP 2.3.43 with BDB 4.5.20 and recently encountered a problem where two different entries were created with the same mail attribute value. The problem is that the mail attribute was defined as unique in slapd.conf: index mail eq,sub overlay unique unique_attributes mail
The two similar entries were created about 300 milliseconds apart. To add to the confusion, an ldapsearch for the same mail value occurred at roughly the same time.
So far I have not been able to reproduce this, which indicates that it is a race condition.
I hope someone can help me, or direct me to some documentation.
There is no guarantee of DSA-wide or even database-wide atomicity in write operations, including internal ones. This was never even intended to be in place. This is a known design limitation not only of slapo-unique, but also of slapd (and, I'd say, of LDAP itself).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Thank you for replying. Currently the man page of slapo-unique says "enforce uniqueness", which I find misleading. Would it be possible to change it to say "makes the best effort to enforce uniqueness" or something to that effect? Also, is there any way to enforce this especially for indexed attributes? I imagine you could lock the index file?
Regards, Magne Land
On 1/24/09 1:21 AM, "Pierangelo Masarati" ando@sys-net.it wrote:
Magne Land wrote:
I am using OpenLDAP 2.3.43 with BDB 4.5.20 and recently encountered a problem where two different entries were created with the same mail attribute value. The problem is that the mail attribute was defined as unique in slapd.conf: index mail eq,sub overlay unique unique_attributes mail
The two similar entries were created about 300 milliseconds apart. To add to the confusion, an ldapsearch for the same mail value occurred at roughly the same time.
So far I have not been able to reproduce this, which indicates that it is a race condition.
I hope someone can help me, or direct me to some documentation.
There is no guarantee of DSA-wide or even database-wide atomicity in write operations, including internal ones. This was never even intended to be in place. This is a known design limitation not only of slapo-unique, but also of slapd (and, I'd say, of LDAP itself).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Magne Land wrote:
Thank you for replying. Currently the man page of slapo-unique says "enforce uniqueness", which I find misleading. Would it be possible to change it to say "makes the best effort to enforce uniqueness" or something to that effect? Also, is there any way to enforce this especially for indexed attributes? I imagine you could lock the index file?
Well,
as soon as LDAP transactions <draft-zeilenga-ldap-txn> are in place, they could be used. Even better, the internal API could be modified to take advantage of any database-specific transaction capabilities (which back-bdb & back-hdb have) to implement this type of operations in a transaction-safe manner. I recall this being discussed in the near past, something good for OpenLDAP 3.0.
In the meanwhile, yes, you should file an ITS for a clarification in the documentation.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
openldap-software@openldap.org
-
Magne Land -
Pierangelo Masarati