directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: about lock mechanism in apacheDS
Date Fri, 19 Apr 2013 00:03:09 GMT
Le 4/19/13 1:38 AM, Wu, James C. a écrit :
> Hi Guys,
> I am wondering if we can make the lock mechanism in ApacheDS more flexible. Right now,
both the read lock and the write lock seem to be global, which does not allow concurrent write
to different entities in the LDAP store. If we can make the lock more granular, it would improve
the throughput of the ApacheDS service. For example, we can have one thread serving one ldap
session trying to read, and another thread serving another ldap session applying some modifications.

The real problem is the backend. JDBM does not allow us to work nicely
when we have concurrent reads and writes. We have written a new backend
( and which will be
way more efficient, as it will allow concurrent reads and more
important, concurrent reads and write (although the write ar still
> Another issue with the current lock mechanism is that, a lock is not associate with the
owner, leading to a strange behavior.
> Here is an example. I would like to setup ApacheDS in this way by overriding the simple
authentication class so that if a user fails to authenticate himself, an external authentication
service is used. When external authentication succeeds, I would like to insert this user as
an entry in the ldap store or update his password. Users usually do a ldap binding with password
to authenticate to ApacheDS. During the handling of the bind request, ApacheDS will first
request a readlock through the DefaultOperationManager, then call the simple authenticator
to authenticate the user. In my case, if the authentication fails, then external authentication
service is used instead. The problem comes at when trying to insert the user as a new entity
or update its password, the write lock can't be obtained because it is still in the bind process
and the read lock is only released after the bind finishes.  If we keep track of the owner
of the lock, we would be able to allow the promotion of read-lock to write-lock as how lock
is done in many database systems.

Currently, this is not possible. The only possible option would be to
modify the BindHandler so that if the bind fails, you trp it and add the
user (as the BindHnalder is calling the DirectoryService, it's not
affected by the lock). Sdly, this part has no extension point.

As soon as we drop JDBM, we will not have the pb you are exposing.

The ongoig work sounds promizing, as Kiran was able to get the
core-integ tests passing with the Mavibot partition, but there is a lot
to do still (I would evaluate the remainingw work to a couple of months).

Emmanuel Lécharny 

View raw message