|
From: Lucas R. <lu...@me...> - 2015-12-16 19:13:10
|
Neil, As always, thank you for the very thorough response! -lucas > On Dec 16, 2015, at 2:07 PM, Neil A. Wilson <nei...@un...> wrote: > > On 12/16/2015 12:35 PM, Lucas Rockwell wrote: >> Hello, >> >> When updating a group (regardless of the number of members, as it can be any size), is it better to use a list of Modification objects that are of type ADD and REMOVE (for just the added and removed members), or is it okay to use REPLACE (which then has the info for the entire group, which can be large). I assume the former, but I just wanted to do a sanity check. >> >> Thank you. >> >> -lucas > > It is better to use the ADD modification type to add new members and the > DELETE modification type to remove existing members. There are a couple > of potential problems with using the REPLACE modification type to > explicitly set the desired membership: > > - In the event that two clients are making a change to group membership > at the same time, then the use of the REPLACE modification type could > cause one client to undo the change made by the other client. For > example, let's say that I currently have a group with members A, B, and > C. Client one wants to add D as a new member, while client two wants to > remove B as a member. If this happens at about the same time, then both > clients could see the current member list of A, B, and C and then the > first one would send a REPLACE with A, B, C, and D while the second > would send a replace with just A and C, and the resulting member list > would be whichever of the two operations completed last. On the other > hand, if client one sent an ADD with member D and client two sent a > DELETE with member B, then you would correctly end up with A, C, and D > after both operations were processed, regardless of their order. > > - An LDAP REPLACE modification type requires that you supply the entire > new set of values in the request. For a very large group (e.g., one > with hundreds of thousands of members), this could result in a very > large request, and some servers place an upper bound on the size of the > request that they will accept from clients (as a way of protecting > against the possibility of a malicious or buggy client trying to cause > the server to allocate a huge amount of memory), and an attempt to send > a request that is too large generally causes the server to terminate the > client connection. > > > Neil > > > ------------------------------------------------------------------------------ > _______________________________________________ > ldap-sdk-discuss mailing list > lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldap-sdk-discuss |
