[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication replutil.c, 1.7, 1.8

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Wed Feb 8 21:52:29 UTC 2006 

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20758

Modified Files:
	replutil.c 
Log Message:
Bug(s) fixed: 180515
Bug Description: Chain BIND requests with chain on update + global pw policy
Reviewed by: Nathan, Pete (Thanks!)
Fix Description: When using global password policy, we need to chain the 
BIND request back to a master so that it can update the pw policy op 
attrs in the user's entry and replicate them to all other servers.  The 
call to config_get_pw_is_global_policy() is expensive (acquires a lock) 
so we delay it as long as possible.
The reason we have to use config_get_pw_is_global_policy() is because the entry distribution plugin interface is poor - we have no way to register an init or start function to get the config, and no way to register a statechange callback to be notified of changes to the global password policy.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no



Index: replutil.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/replutil.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- replutil.c	16 Jan 2006 19:06:03 -0000	1.7
+++ replutil.c	8 Feb 2006 21:52:22 -0000	1.8
@@ -889,7 +889,6 @@
 	op_type = slapi_op_get_type(op);
 	if (local_online &&
 		((op_type == SLAPI_OPERATION_SEARCH) ||
-	    (op_type == SLAPI_OPERATION_BIND) ||
 	    (op_type == SLAPI_OPERATION_UNBIND) ||
 	    (op_type == SLAPI_OPERATION_COMPARE))) {
 #ifdef DEBUG_CHAIN_ON_UPDATE
@@ -930,6 +929,19 @@
 		return local_backend;
 	}
 
+    /* if using global password policy, chain the bind request so that the 
+       master can update and replicate the password policy op attrs */
+	if (op_type == SLAPI_OPERATION_BIND) {
+        extern int config_get_pw_is_global_policy();
+        if (!config_get_pw_is_global_policy()) {
+#ifdef DEBUG_CHAIN_ON_UPDATE
+            slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "repl_chain_on_update: conn=%d op=%d using "
+                            "local backend for local password policy\n", connid, opid);
+#endif
+            return local_backend;
+        }
+    }
+
 	/* all other case (update while not directory manager) :
 	 * or any normal non replicated client operation while local is disabled (import) :
 	 * use the chaining backend

More information about the Fedora-directory-commits mailing list