[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] race condition when creating ldap entries

To: Andreas Schuldei <andreas@xxxxxxxxxxxx>, devel@xxxxxxxxxxxxx
Subject: Re: [Devel] race condition when creating ldap entries
From: Harald Thingelstad <harald@xxxxxxxxxxxxx>
Date: Fri, 1 Aug 2003 19:03:10 +0200
In-reply-to: <20030801153515.GB1682@schuldei.org>
List-archive: <https://init.linpro.no/pipermail/skolelinux.no/devel/>
List-help: <mailto:devel-request@skolelinux.no?subject=help>
List-id: <devel.skolelinux.no>
List-post: <mailto:devel@skolelinux.no>
List-subscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=subscribe>
List-unsubscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=unsubscribe>
Organization: Skolelinux
References: <20030801153515.GB1682@schuldei.org>
Sender: devel-admin@xxxxxxxxxxxxx
User-agent: KMail/1.5.2

A note from someone who can't keep his paws off..

fredag 1. august 2003, 17:35, skrev Andreas Schuldei:
> as i understand it we have no protection against race conditions
> in the ldap code.
...
> we have several options to solve this problem:
>
> use a database with transaction support (postgresql is my
> favourit) and rollback doing the user management. This is the way
> *real* systems like sourceforge and alioth are doing it. (c:
> ldap is just used as a fast lookup, not as the real backend.

Old itch, this one. So far we've just lived with it and demanded no parallell 
submissions. Is this a critical demand?

The problem with postgresql is getting it to install smoothly. See bug #22 
(recently translated to English).
On the other hand, some user index is going to be needed in postgresql 
(default Skolelinux DBMS) sooner or later anyway. To help other applications 
going. Like class management systems and the likes. (National level systems 
are slow and clunky, when all users massively tries to use it with the 
schools "broadband"..) 
Or, should the cups/pyqota page counter be managed in LDAP?

>
> have one "uid-daemon" doing all the (sequential) ldap write
> queries (and also uid and login creation), which he receives from
> the webmin instances, nicely queued through a pipe.

Could get difficult to secure? See the Cups vulnerability.
http://lwn.net/Vulnerabilities/33772/

Harald

Follow-Ups:
- Re: [Devel] race condition when creating ldap entries
  - From: Andreas Schuldei

References:
- [Devel] race condition when creating ldap entries
  - From: Andreas Schuldei

Prev by Date: [Devel] pre-created ldap groups: admin teacher student?
Next by Date: Re: [Devel] race condition when creating ldap entries
Previous by thread: [Devel] race condition when creating ldap entries
Next by thread: Re: [Devel] race condition when creating ldap entries
Index(es):
- Date
- Thread