[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication replutil.c, 1.7, 1.8
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Feb 8 21:52:29 UTC 2006
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20758
Modified Files:
replutil.c
Log Message:
Bug(s) fixed: 180515
Bug Description: Chain BIND requests with chain on update + global pw policy
Reviewed by: Nathan, Pete (Thanks!)
Fix Description: When using global password policy, we need to chain the
BIND request back to a master so that it can update the pw policy op
attrs in the user's entry and replicate them to all other servers. The
call to config_get_pw_is_global_policy() is expensive (acquires a lock)
so we delay it as long as possible.
The reason we have to use config_get_pw_is_global_policy() is because the entry distribution plugin interface is poor - we have no way to register an init or start function to get the config, and no way to register a statechange callback to be notified of changes to the global password policy.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: replutil.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/replutil.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- replutil.c 16 Jan 2006 19:06:03 -0000 1.7
+++ replutil.c 8 Feb 2006 21:52:22 -0000 1.8
@@ -889,7 +889,6 @@
op_type = slapi_op_get_type(op);
if (local_online &&
((op_type == SLAPI_OPERATION_SEARCH) ||
- (op_type == SLAPI_OPERATION_BIND) ||
(op_type == SLAPI_OPERATION_UNBIND) ||
(op_type == SLAPI_OPERATION_COMPARE))) {
#ifdef DEBUG_CHAIN_ON_UPDATE
@@ -930,6 +929,19 @@
return local_backend;
}
+ /* if using global password policy, chain the bind request so that the
+ master can update and replicate the password policy op attrs */
+ if (op_type == SLAPI_OPERATION_BIND) {
+ extern int config_get_pw_is_global_policy();
+ if (!config_get_pw_is_global_policy()) {
+#ifdef DEBUG_CHAIN_ON_UPDATE
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "repl_chain_on_update: conn=%d op=%d using "
+ "local backend for local password policy\n", connid, opid);
+#endif
+ return local_backend;
+ }
+ }
+
/* all other case (update while not directory manager) :
* or any normal non replicated client operation while local is disabled (import) :
* use the chaining backend
More information about the Fedora-directory-commits
mailing list