This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
dbuschke
dbuschke Super Contributor.
Super Contributor.
‎2020-01-31 17:28
150 views

Race Condition LDAP User Create vs. User Application assign Role

Hi,
following Setup:

Server A: eDir 9.1 Master, UA 4.7
Server B: eDir 9.1 R/W Replica, Custom Application

The Custom Application creates users in eDir via LDAP. Because of performance we had the idea to connect the Custom Application running on Server B against the local running eDir R/W Replica. But right after creation the Custom Application also wants to assign a role onto the newly created user by using the User Application. The result was a LDAP error (Invalid Syntax) while the User Application tried to create the Role Request Object on Server A. To be honest I haven't checked further but I am 99% sure that happened because the user which was created on Server B (running the Custom Application) was not already synced to Server A (running the User Application). If the Custom Application connects directly against the eDir Master on Server A the user creation and role assignment works fine.

So, is there a way to get notified by LDAP that the sync has been executed? E.g. if eDirectory would not response on the user creation until the sync is done everything would be fine. Is there a LDAP Option or something like?
If not, any other ideas on how to solve this Race Condition? Any other than "add 'sleep X seconds' in your custom application" is appreciated 😁

regards
Daniel

Labels (1)
0 Likes
Reply
Report Inappropriate Content
2 Replies
rrawson
rrawson Honored Contributor.
Honored Contributor.
‎2020-01-31 17:38

Re: Race Condition LDAP User Create vs. User Application assign Role

Query LDAP on Server B for the user; it would not see the user object until it is replicated from server A.


0 Likes
Reply
Report Inappropriate Content
Marcus Tornberg
Marcus Tornberg Honored Contributor.
Honored Contributor.
‎2020-01-31 20:38

Re: Race Condition LDAP User Create vs. User Application assign Role

One idea could be to have your custom application retrying the role assignment based on the error message recieved when trying to assign to the new user.

Another idea is to have a custom approval flow on the role with no approval action, but a custom error handling or retry logic in the workflow.

Hope this helps.

Best regards
Marcus
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.