OpenLDAP and UnboundID: use of transactions
https://stackoverflow.com/questions/11345123
-
19-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using OpenLDAP as LDAP server and UnboundID to interact with it through Java code. I need to handle the removal of a certain instance X of a Entity A on which several other instances Y1, .. Yn of an Entity B are logically linked. This means that I first need to remove all the instances of B (Y1, ... Yn) and after this I want to also remove X. I want to be able to use a transaction to do that, in order to abort the transaction if something goes wrong while removing one of Y1,..Yn and have the possibility to rollback. I tried following the following example:
What I got though, is an LDAPException saying that the extended operation is unsopported. How can I handle transactions? I think that OpenLDAP does support transactions...
Solution
I'm not really up to date with the latest on OpenLDAP, but the last I heard was that OpenLDAP had not yet added support for LDAP transactions as described in RFC 5805. However, you should be able to check this by looking at the OpenLDAP root DSE. In the UnboundID LDAP SDK for Java, you can do that with code like:
RootDSE rootDSE = ldapConnection.getRootDSE();
boolean supportsTransactions = rootDSE.supportsExtendedOperation(
StartTransactionExtendedRequest.START_TRANSACTION_REQUEST_OID);
If the OpenLDAP server doesn't yet support transactions, then there may not be anything you can do to make it really atomic and able to roll back if a problem is encountered. If OpenLDAP supports the experimental LDAP no-operation control (and I think that it does), then you could use the com.unboundid.ldap.sdk.experimental.DraftZeilengaLDAPNoOp12RequestControl class to include that in delete requests to see if the server would accept deleting all of the entries, and then only go ahead with the delete if it looks like they will all be successful. Otherwise, you could keep a log in your application so that in the event of a failure you could report what was deleted and what wasn't.
Neil
OTHER TIPS
You shouldn't have to do this sort of thing at all. The OpenLDAP 'refint' referential integrity module can do the secondary deletions for you if you tell it to maintain referential integrity on those attributes, so all you have to do is the primary delete.
