ldap: Run the LDAP server with the default (typically standard) process model

This allows one LDAP socket to proceed if another fails, and reduces the
impact of a crash becoming a DoS bug, as it only impacts one socket.

This may mean we have a lot of idle tasks, but this should not be a big
issue

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 6a6053206b29ec15b833daf1e3d137d932a9d2cc..d9f24e0817c319e8f2fc9e4c8642be691195fce6 100644 (file)
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -1121,9 +1121,12 @@ static void ldapsrv_task_init(struct task_server *task)
 
        task_server_set_title(task, "task[ldapsrv]");
 
-       /* run the ldap server as a single process */
-       model_ops = process_model_startup("single");
-       if (!model_ops) goto failed;
+       /*
+        * Here we used to run the ldap server as a single process,
+        * but we don't want transaction locks for one task in a write
+        * blocking all other reads, so we go multi-process.
+        */
+       model_ops = task->model_ops;
 
        ldap_service = talloc_zero(task, struct ldapsrv_service);
        if (ldap_service == NULL) goto failed;