directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject [AdminPoint] Updated version of the Operations
Date Sat, 18 Dec 2010 00:59:58 GMT
Hi,

I fixed the operations wrt Pierre-Arnaud comments. Here is the new version :

Add operation
=============

+--+
|AP|
+--+

We don't have to do anything except to update the apCache as the added 
AP is a new entry with no child

 >>>-------------------------------------------
update the apCache for the given AP role
-------------------------------------------<<<

+--------+
|Subentry|
+--------+

We can't add a subentry if the immediate parent is not an AP and if the 
parent AP does not have the same role (or of the parent  is an IAP and 
there are no higher parent with the same role).

Otherwise, adding a subentry is just a matter to update the parent's AP 
seqNumber (and all the hierarchy up to the first SAP if it's an IAP)

As a subentry is only associated with one single role, we don't have to 
loop on all the roles

 >>>-------------------------------------------
check the parentAP for the role

get a new new seqNumber

update the parentAP and all its IAP subordinate with the same role with 
the new seqNumber

continue down the chain
-------------------------------------------<<<

+-----+
|Entry|
+-----+

When we add an entry, we have to check if it depends on an AP for each 
roles. If so, we have to add the AP seqNumber into the entry, and add 
references to all the subentry it is related too.

 >>>-------------------------------------------
for each role
   for each parent AP(role)
     get the parentAP(role) seqNumber, store it into the entry

     for each subentry associated with the AP(role) do
       if the entry is part of the subtree
         then add the subentry entryUUID into the entry references
     done
   done
done

continue down the chain
-------------------------------------------<<<


Delete operation
================
Deleting an entry is somehow easier, as we don't update anything, except 
when we delete a Subentry.

+--+
|AP|
+--+
We can't delete an AP if it has any child. So deleting an AP is a 
straightforward operation : we just remove the AP, and update the AP cache.

 >>>-------------------------------------------
check that the AP has no children

if the AP is an AAP
   then
     for each role do
       remove the AP(role) from the AP(role) cache
     done
   else
     remove the AP(role) from the AP(role) cache

remove the AP from the backend
-------------------------------------------<<<

+--------+
|Subentry|
+--------+
Removing a subentry is slightly more complex, as we will have to update 
the associated AP SeqNumber, so that the entries part of the subtree can 
be updated later.

 >>>-------------------------------------------
get a new seqNumber
update the parentAP(role) with the new seqNumber

for each parentAP IAP descendant
   update IAP with  new seqNumber
done

remove the subentry from the backend
-------------------------------------------<<<


+-----+
|Entry|
+-----+

Deleting an entry is a straightforward operation. Nothing has to be done

 >>>-------------------------------------------
continue down the chain
-------------------------------------------<<<



Search operation
================
The base idea is to check if an entry selected as a candidate is up to 
date wrt the Administrative perspective. If we grab an entry from the 
backend, and if there is an AP higher in the tree, then we will check 
the entry seqNumber :
- if there is no seqNumber, then the entry need to be updated
- if there is a seqNumber which is below then its parent's AP, then the 
entry need to be updated
- otherwise, the entry is already up to date

An entry might have a seqNumber with no reference to any subentry, that 
just means the entry is not part of any subentry's subtree.

One other thing : we will have to deal with entries only when they have 
been selected, so the entry filtering should be done during the 
candidate evaluation. Here, we just update the entry adding the 
references to the associated subentries (if any), and we will let the 
ACI search filter to determinate if the entry is a valid candidate.

+--+
|AP|
+--+
An AP is always searchable by anyone, if one can reach it (ie, no higher 
AP limit the access to a parent entry)

There is nothing to do

+--------+
|Subentry|
+--------+
Subentries are not returned to the user unless the Subentries control 
has been sent with the request.
A Subentry is always searchable by anyone, if one can reach it (ie, no 
higher AP limit the access to a parent entry)

There is nothing to do

+-----+
|Entry|
+-----+

We have to check if the entry is up to date for each role.

 >>>----------------------------------------
for each role do
   if entry has a parent AP(role)
     then take the entry(role) seqNumber (entrySN) and the AP(role) 
seqNumber (apSN)
   else
     continue

   if entry has a seqNumber
     then
       if the entrySN equals the apSN
         then
           continue
         else
           remove the entrySN
           remove the entry references to Subentries
           store the apSN in the entry
           update the references to Subentries
           continue
     else
       add the apSeqNumber to the entry
       update the references to Subentries
       continue
done

if the entry has been updated
   then
     store the entry

continue up the chain
----------------------------------------<<<


Modify operation
================

A modification done on an AP may impact the AP hierarchy, and make it 
becoming inconsistent. We will check that before updating the seqNulbers.

+--+
|AP|
+--+
We can only add or delete administrative roles from an AP. If a removal 
let the AP hierarchy inconsistent, the the removal is rejected. This has 
to be pre-checked before we actually apply the modification.

We don't support the replace change for APs

 >>>-------------------------------------------
if operation == ADD
   then
     get a new seqNumber
     store the seqNumber in the AP
     update the AP cache

     if the added AP is an IAP
       then
         propagate the seqNumber all its descendant IAP
       else
         if the added AP is an AAP
           then
             for each existing AP do
               remove the AP
               update the AP cache
             done
   else
     if we have some subentry associated with the removed AP
       then
         reject the operation
       else
         if the deleted AP is an AAP
           then
             remove the AP
             update the AP cache
           else
             if the deleted role is the last one
               then
                 remove the AP
                 update the AP cache
               else
                 get a new seqNumber
                 store the seqNumber in the AP
                 remove the role
                 update the AP cache
-------------------------------------------<<<

+--------+
|Subentry|
+--------+
Modifying a subentry is just about modifying the subtreeSpecification AT 
or the ObjectClass (adding or removing some auxiliary classes) In both 
cases, we have to update the parent AP. If the modification impact any 
other attribute, then we don't d anything, as it won't change the 
subtree, so no entry will be impacted

 >>>-------------------------------------------
if modified attributes = ObjectClass or subtreeSpecification
   then
     if the modified attribute is ObjectClass
       then
         get new seqNumber

         for each modified role do
           get the parentAP( role )
           update the parentAP( role ) seqNumber
           update the APcache(role)
         done

         continue down the chain
       else
         get new seqNumber

         for each existing role do
           get the parentAP( role )
           update the parentAP( role ) seqNumber
           update the APcache(role)
         done
   else
     continue down the chain
-------------------------------------------<<<


+-----+
|Entry|
+-----+
We have to check if the entry is up to date, or not. For that, we 
compare its seqNumber (if any) with it's parents AP (IAP *and* SAP). 
This is basically the same processing than for a search operation

 >>>-------------------------------------------
if entry has a parent AP
   then take the entry seqNumber (entrySN) and the AP seqNumber (apSN)
else
   continue down the chain

if entry has a seqNumber
   then
     if the entrySN equals the apSN
       then
         continue down the chain
       else
         remove the entrySN
         remove the entry references to Subentries
         store the apSN in the entry
         update the references to Subentries
         continue down the chain
   else
     add the apSeqNumber to the entry
     update the references to Subentries
     continue down the chain
-------------------------------------------<<<


Rename operation
================
The rename operation will only impact the entry and the AP, not the 
Subentry.

+--+
|AP|
+--+
If the AP is an IAP, then we have to reevaluate all the underlying children.

 >>>-------------------------------------------
if the AP is an IAP
   then
     get a new seqNumber
     update the IAP with the new SeqNumber
     store the AP
   else
     continue down the chain
-------------------------------------------<<<


+--------+
|Subentry|
+--------+
Renaming a subentry has no impact

+-----+
|Entry|
+-----+
Renaming an entry implies we reevaluate all the children too, as the 
subtree specification may change.
We can do that recursively, updating all the entries, or modifying the 
parent AP for each role why a new SeqNumber.
Right now, the second option will be applied

 >>>-------------------------------------------
if the entry has a parentAP
   then
     remove the entry seqNumbers
     remove the ref to subentries

     for each role do
       get a new seqNumber(role)
       update the parentAP(role) with the new seqNumber
       update the ref to the subentries(role)
     done
done
-------------------------------------------<<<


Move and Rename operation
=========================
The Move and Rename operation is a combinaison of both operations, 
applied one after the other.

Compare operation
=================
The compare operation uses the same algorithm than the search operation

Move operation
==============
The move operation has a limited impact if we move the AP, except if we 
move an IAP. For subentries and entreeies, it's slightly more complex

+--+
|AP|
+--+
If the AP is an IAP, we have to check that the new position is valid. If 
so, we can move it. Then, as the the new parent AP may have changed, we 
have to modify the IAP seqNumber so that the underlying entries can be 
updated later. This has to be done for all the IAP descendants too.

 >>>-------------------------------------------
if AP is an IAP
   then
     check that the new position is valid
     if the parentAP is not the same
       then
         get a new seqNumber
         update the IAP with the new seqNumber

         for each IAP in the IAP descendant do
           update the IAP with the new seqNumber
         done

continue down the chain
-------------------------------------------<<<


+--------+
|Subentry|
+--------+
Moving a subentry implies we update the old parentAP and the new one. Of 
course, we have to check first that the changed AP are not inconsistent 
after the change.

 >>>-------------------------------------------
get a new seqNumber

update the old parentAP with the seqNumber (and all the IAP descendants)
update the new parentAP with the seqNumber (and all the IAP descendants)

continue down the chain

-------------------------------------------<<<


+-----+
|Entry|
+-----+
Moving an entry might impact it, as it may not pertain to the subentries 
subtree. We have to reevaluate them.
This has to be done for each possible roles.

 >>>-------------------------------------------
for each role
   get the old parentAP(role)
   get the new parentAP(role)

   remove the entrySN(role)
   remove the entry references to Subentries
   store the new parent SN in the entry
   update the references to the new parentAP Subentries
done

continue down the chain
-------------------------------------------<<<




-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com


Mime
View raw message