|
 |
95b556 |
From 8e9222ed1edb8f5f234fa2451d17e4f8ac726998 Mon Sep 17 00:00:00 2001
|
|
|
95b556 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
95b556 |
Date: Thu, 22 Sep 2016 20:48:13 +0200
|
|
|
95b556 |
Subject: [PATCH 51/55] Ticket 48992: Total init may fail if the pushed schema
|
|
|
95b556 |
is rejected
|
|
|
95b556 |
|
|
|
95b556 |
Bug Description:
|
|
|
95b556 |
In the early phase of total update (or incremental update), the supplier may send its schema.
|
|
|
95b556 |
A supplier will send its schema to the consumer at the condition its nsSchemaCSN is greater than
|
|
|
95b556 |
the consumer nsSchemaCSN.
|
|
|
95b556 |
If it is the case, a 1.2.11 supplier will systematically send its schema, while a 1.3 supplier will
|
|
|
95b556 |
check that its schema is a superset of the consumer schema before sending it.
|
|
|
95b556 |
If a 1.2.11 supplier sends its schema and that schema is a subset of consumer one, then
|
|
|
95b556 |
the >1.3 consumer will detect it is a subset and reject the update.
|
|
|
95b556 |
In that case the >1.3 consumer rejects a replicated update.
|
|
|
95b556 |
|
|
|
95b556 |
On the consumer side, with the fix https://fedorahosted.org/389/ticket/47788, if a
|
|
|
95b556 |
replication operation fails, it may trigger the closure of the replication connection.
|
|
|
95b556 |
The fix decides, based on the type of failure, if the failure can be ignored (leave the connection
|
|
|
95b556 |
opened) or is fatal (close the connection).
|
|
|
95b556 |
This is detected, on the consumer side, in multimaster_postop_*->process_postop->ignore_error_and_keep_going.
|
|
|
95b556 |
|
|
|
95b556 |
In the current version, if a replicated update of the schema fails it return LDAP_UNWILLING_TO_PERFORM.
|
|
|
95b556 |
This is a fatal error regarding ignore_error_and_keep_going that then close the connection
|
|
|
95b556 |
and interrupt the total/incremental update.
|
|
|
95b556 |
|
|
|
95b556 |
Note this bug can be transient as, the schema learning mechanism (on consumer) may learn from
|
|
|
95b556 |
the received schema (even if it is rejected) and update its local schema that increase
|
|
|
95b556 |
nsSchemaCSN. If this occur, a later replication session finding a greater nsSchemaCSN on the
|
|
|
95b556 |
consumer side will not push the schema
|
|
|
95b556 |
|
|
|
95b556 |
Fix Description:
|
|
|
95b556 |
When the update of the schema is rejected make it not fatal, switching the returned
|
|
|
95b556 |
code from LDAP_UNWILLING_TO_PERFORM to LDAP_CONSTRAINT_VIOLATION
|
|
|
95b556 |
|
|
|
95b556 |
https://fedorahosted.org/389/ticket/48992
|
|
|
95b556 |
|
|
|
95b556 |
Reviewed by: Noriko Hosoi, Ludwig Krispenz (thanks to you !)
|
|
|
95b556 |
|
|
|
95b556 |
Platforms tested: 7.3
|
|
|
95b556 |
|
|
|
95b556 |
Flag Day: no
|
|
|
95b556 |
|
|
|
95b556 |
Doc impact: no
|
|
|
95b556 |
|
|
|
95b556 |
(cherry picked from commit e2bc8fd60bf232cd4c1bc9a6860b7bd570a9dff1)
|
|
|
95b556 |
---
|
|
|
95b556 |
ldap/servers/slapd/schema.c | 19 ++++++++++++++++++-
|
|
|
95b556 |
1 file changed, 18 insertions(+), 1 deletion(-)
|
|
|
95b556 |
|
|
|
95b556 |
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
|
|
|
95b556 |
index 7689aa9..4b8910d 100644
|
|
|
95b556 |
--- a/ldap/servers/slapd/schema.c
|
|
|
95b556 |
+++ b/ldap/servers/slapd/schema.c
|
|
|
95b556 |
@@ -2120,7 +2120,24 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
|
|
|
95b556 |
slapi_log_error(SLAPI_LOG_FATAL, "schema",
|
|
|
95b556 |
"[C] Local %s must not be overwritten (set replication log for additional info)\n",
|
|
|
95b556 |
attr_name);
|
|
|
95b556 |
- *returncode = LDAP_UNWILLING_TO_PERFORM;
|
|
|
95b556 |
+ /*
|
|
|
95b556 |
+ * If the update (replicated) of the schema is rejected then
|
|
|
95b556 |
+ * process_postop->ignore_error_and_keep_going will decide if
|
|
|
95b556 |
+ * this failure is fatal or can be ignored.
|
|
|
95b556 |
+ * LDAP_UNWILLING_TO_PERFORM is considered as fatal error --> close the connection
|
|
|
95b556 |
+ *
|
|
|
95b556 |
+ * A 6.x supplier may send a subset schema and trigger this error, that
|
|
|
95b556 |
+ * will break the replication session.
|
|
|
95b556 |
+ *
|
|
|
95b556 |
+ * With new "learning" mechanism this is not that important if the
|
|
|
95b556 |
+ * update of the schema is successful or not. Just be permissive
|
|
|
95b556 |
+ * ignoring that failure to let the full replication session going on
|
|
|
95b556 |
+ * So return LDAP_CONSTRAINT_VIOLATION (in place of LDAP_UNWILLING_TO_PERFORM)
|
|
|
95b556 |
+ * is pick up as best choice of non fatal returncode.
|
|
|
95b556 |
+ * (others better choices UNWILLING_TO_PERFORM, OPERATION_ERROR or ldap_error
|
|
|
95b556 |
+ * are unfortunately all fatal).
|
|
|
95b556 |
+ */
|
|
|
95b556 |
+ *returncode = LDAP_CONSTRAINT_VIOLATION;
|
|
|
95b556 |
return (SLAPI_DSE_CALLBACK_ERROR);
|
|
|
95b556 |
}
|
|
|
95b556 |
}
|
|
|
95b556 |
--
|
|
|
95b556 |
2.4.11
|
|
|
95b556 |
|