multi master replication allows schema violation

389ds / 389-ds-base

The enterprise-class Open Source LDAP server for Linux

https://www.port389.org/

Other

210 stars 90 forks source link

multi master replication allows schema violation #601

Closed 389-ds-bot closed 4 years ago

389-ds-bot commented 4 years ago

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/601

Created at 2013-02-26 15:40:14 by lkrispen (@elkris)
Closed as Fixed
Assigned to lkrispen (@elkris)
Associated bugzillas
- https://bugzilla.redhat.com/show_bug.cgi?id=1044154

If an attribute is required by the schema any attempt to delete all values will fail without replication or on a single master. But if the attribute has two values it is possible to simultaneously delete one value on one master and the other value on the other master - the individual operation is allowed as one value remains. After the two masters have replayed their changes to each other bot values have disappeared.

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2013-09-10 14:08:36

attachment 0001-Ticket-601-multi-master-replication-allows-schema-vi.patch

389-ds-bot commented 4 years ago

Comment from rmeggins (@richm) at 2013-09-10 21:29:03


    299                         slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &lmods); 
    300                         slapi_mods_init_passin(&smods, mods); 
    301                         slapi_mods_add_string (&smods, LDAP_MOD_ADD, ATTR_NSDS5_REPLCONFLICT, "Schema violation"); 
    302                         lmods = slapi_mods_get_ldapmods_passout(&smods); 
    303                         slapi_pblock_set(pb, SLAPI_MODIFY_MODS, lmods); 
    304

Does this leak lmods? lmods is not freed, and it is overwritten.

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2013-09-10 21:48:29

good catch, it should have been:

slapi_mods_init_passin(&smods, lmods);

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2013-09-18 15:52:31

There is a problem with this solution. In fractional replication it might be accepted that on the consumer side entries can violate the schema because required attributes are not replicated. This is itself problematic for fractional replication between masters, so I am not sure how to procede.

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2013-09-24 15:52:53

I verified that with the change in comment8 there is no memory leak. lmods is taken from the pblock, slapimods_add_string it is reallocated an then set back to the pblock. The test was also run with valgrind and didn't show a leak.

After some discussion we cam to the conclusion that fractional replication should not be used to allow schema violations, so it is ok to check the schema for replicated mods.

Is it ok now to commit ?

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2013-09-25 14:10:05

$git merge ticket601 Updating 36f506d..d9f25b7 Fast-forward ldap/servers/slapd/back-ldbm/ldbm_modify.c | 47 +++++++++++++++++++++++++++++++++++++++-------- ldap/servers/slapd/schema.c | 13 +++++++++++-- ldap/servers/slapd/slapi-plugin.h | 10 ++++++++++ 3 files changed, 60 insertions(+), 10 deletions(-) $ git push origin master Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (9/9), done. Writing objects: 100% (9/9), 2.21 KiB, done. Total 9 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 36f506d..d9f25b7 master -> master

389-ds-bot commented 4 years ago

Comment from nkinder (@nkinder) at 2013-12-18 03:31:15

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1044154

389-ds-bot commented 4 years ago

Comment from lkrispen (@elkris) at 2017-02-11 23:04:33

Metadata Update from @elkris:

Issue assigned to elkris
Issue set to the milestone: 1.3.2 - 09/13 (September)