Re: [Pki-devel] [PATCH] pki-ftweedal-0015-Monitor-database-for-changes-to-LDAP-profiles.patch

On 10/1/2014 1:42 AM, Fraser Tweedale wrote: Some comments: 1. The MODDN operation can potentially happen if someone renames the profile in LDAP directly, and that's easier to do with LDAP-based profiles. I think we should handle this case too. 2. If the LDAP server is restarted the Monitor will stop working and subsequent changes are not detected. The Monitor should automatically reconnect in case the LDAP connection is interrupted. 3. Since the changesOnly is set to true, there's a possibility that changes that happens after initial profile loading and before the Monitor starts will not be detected. To avoid this problem, the changesOnly should be false, and the initial profile loading should be done in the Monitor as well. 4. The following assignment is redundant because the value is overwritten by the next line: String profileId = "<unknown>"; 5. When receiving a MODIFY operation the Monitor calls forgetProfile(). It's probably redundant because readProfile() calls createProfile() which calls forgetProfile() too. 6. Generally it's recommended to implement Runnable instead of extending Thread. The Monitor can be merged into ProfileSubsystem. I think #1, #2, #3 are important to fix because there is no mechanism to refresh the profiles in memory other than by restarting the server, so we cannot miss any changes in the database. -- Endi S. Dewata