When using the DNA plug-in in a multi-master replication scenario, a master should try to transfer range from another master when it's own range is exhausted (or hits a low-water mark).
Created attachment 317225 [details]
These diffs implement auto-extension of ranges.
The way that this works is that a server sends a range extension extended operation request to another server when it hits a threshold. The contents of this request are simply a string identifying the range it would like to extend (more details on this string below). The other server will respond with an extended operation response containing a set of new minimum and maximum values that define the range it is transferring if it decides to give up the range. This extended operation is only allowed by the replication bind DN. The transferred range is always from the top-end of the server's range that is releasing the values. It will give up to half of it's remaining allocated values up for each request.
For a server to know what other servers it can request range from, a shared configuration entry for each managed range is configured by the administrator. This shared config entry must be located in the replicated tree. Each server who has a range configured to use that shared entry will maintain a child entry for itself there. This child entry has the server's hostname and portnumbers along with the remaining number of values that it has left. This allows a server to ask the server with the most available values for range first instead of just asking all servers in a random order. This shared config entry is the string that is used in the extended operation request.
When a range is transferred from another server, it is saved as an "on-deck" range until the old range is completely exhausted. At that time, it will be made the active range. This approach also allows an administrator to manually add a new range to a server by simply adding the dnaNextRange attribute to the range configuration entry, which puts this new range "on-deck".
In addition to the above, I made the DNA plug-in register for internal operations so it can catch new entries added by winsync. I also added some functions to SLAPI for fetching long long values from attributes.
Created attachment 317423 [details]
I noticed a few unused defines that I meant to remove, so this new set of diffs addresses that.
I think you need to add nsslapd-secureport to the attr list, otherwise it won't be returned.
(In reply to comment #3)
> in dna_load_host_port()
> I think you need to add nsslapd-secureport to the attr list, otherwise it won't
> be returned.
> Otherwise, ok.
Good catch! I'll get a new patch attached and check everything in.
Checked into ldapserver (HEAD).
Checking in ldap/ldif/template-dnaplugin.ldif.in;
/cvs/dirsec/ldapserver/ldap/ldif/template-dnaplugin.ldif.in,v <-- template-dnaplugin.ldif.in
new revision: 1.2; previous revision: 1.1
Checking in ldap/servers/plugins/dna/dna.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v <-- dna.c
new revision: 1.9; previous revision: 1.8
Checking in ldap/servers/slapd/entry.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/entry.c,v <-- entry.c
new revision: 1.17; previous revision: 1.16
Checking in ldap/servers/slapd/slapi-plugin.h;
/cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v <-- slapi-plugin.h
new revision: 1.30; previous revision: 1.29
Checking in ldap/servers/slapd/value.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/value.c,v <-- value.c
new revision: 1.7; previous revision: 1.6
This functionality now exists in DS 8.1 and is being tested by automated DNA acceptance testing.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.