[KLUG Members] LDAP & PHP

Jim C members@kalamazoolinux.org
Mon, 04 Aug 2003 23:56:44 -0700

Previous message: [KLUG Members] LDAP & PHP
Next message: [KLUG Members] KLUG lack of donations, volunteers, members.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>Unless it has been changed since the last time I worked with it, 
>>PHP-LDAP does not contain proper management for concurrent write access. 
>>    
>>
>
>"concurrent write access"?  LDAP is not a RDBMS, there are no
>  
>
I know, I just didn't know how to phrase the problem in the appropriate 
jargon.  If I am wrong about this, I sure would like to know why.  
Frankly I would rather be wrong than right. ;-)
Again when I successfully made this point the last time was 6 or more 
months ago so I could concievably be messed up here but my expectation 
is that no changes have taken place since language standards tend to 
resist them.

My understanding of LDAP is that for each item, only one change may 
occur at at time.  Later in your message you say that it will just fail 
which is fine since one can always write a script that will try a number 
of times before giveing up and reporting an error.  So if Process A is 
modifying item B, Process C must fail if it tries a modify on item B in 
the midst of things and this is an LDAP constraint not a PHP constraint.

Checking the PHP-LDAP website now we find:

*ldap_modify()* function is used to modify the existing entries in the 
LDAP directory. The structure of the entry is same as in *ldap_add()* 
<http://www.php.net/manual/en/function.ldap-add.php>.
OK, so...
bool *ldap_add* ( resource link_identifier, string dn, array entry)
These were found at 
http://www.php.net/manual/en/function.ldap-modify.php and at 
http://www.php.net/manual/en/function.ldap-add.php

Problem: No search criteria which means you already have to know what 
record needs modifying.  The implication is that you must already have 
retrieved that record.
If you need to find the record first and then modify it then that is two 
steps not one and therefore not atomic. Also notice the lack of a place 
for a previous value in the function prototype.

Lets take a look at:
bool *ldap_mod_replace* ( resoure link_identifier, string dn, array 
entry) found at http://www.php.net/manual/en/function.ldap-mod-replace.php

Problem: Same prototype so same problems again.

...and the list goes on.

Now most web scripting languages, includeing PHP, do have semaphores so 
we could use one of them but ONLY if each and every script that will 
access the LDAP system has access to the same set of semaphores, 
implying that they must all have access to the same runtime/memory space 
(i.e. they must be on the same system).  This is typically not the case, 
especially if one has a large and relatively busy system with an 
"administrator" class of users who make changes from a varitety of 
locations etc.

>transactions.  A modify, delete, or add operation is atomic - LDAP
>offers nothing beyond that. 
>
>The modify notation itself contains some protection against redundant
>write operations - ldapmodify requires an attribute name, previous
>value, and new value (for example) - thus if the previous value has
>changed the write will fail - and all modifiers in the write operation
>will fail.
>  
>
I'm not seeing a spot for a previous value in the documentation of these 
functions. Am I looking in the right place or have they changed?


Jim C.

Previous message: [KLUG Members] LDAP & PHP
Next message: [KLUG Members] KLUG lack of donations, volunteers, members.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]