From abartlet at samba.org Wed Jan 3 10:45:44 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Wed, 03 Jan 2007 21:45:44 +1100 Subject: [Fedora-directory-devel] [SAMBA4] Fedora DS backend to Samba4 Message-ID: <1167821144.14375.39.camel@localhost.localdomain> I've been working to allow Fedora DS to backend Samba4, much as OpenLDAP can. This, I hope, will bring us the benefits of a replicated backend between Samba4 servers. To set this up, I've placed some notes in setup/fedora-ds-init.ldif and extended the provision script. The provision now succeeds, and Win2k3 can join and log into the Samba4/FDS domain. The next step is to test the Fedora DS backend in our 'make test' script. For that, I'll need some help. I need to automatically configure and start fedora DS, from within the test scripts. I understand some testing scripts to do this exist... To integrate such scripts with Samba4, I need a few things: Ideally it would bind to an ldapi:// socket (this is redhat bug 219573: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for now a high port would do. Likewise, it would be ideal if fedora DS could terminate with the process group, so we don't risk leaving ldap servers around after a failed test. Finally, I need USN support in Fedora DS, or something very much like the contextCSN attribute in OpenLDAP. (With a way to obtain a highest value, preferably also a way to get a 'new' value too). Later, we need to figure out how ACLs should behave for all our backends. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Wed Jan 3 14:52:42 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 03 Jan 2007 07:52:42 -0700 Subject: [Fedora-directory-devel] [SAMBA4] Fedora DS backend to Samba4 In-Reply-To: <1167821144.14375.39.camel@localhost.localdomain> References: <1167821144.14375.39.camel@localhost.localdomain> Message-ID: <459BC33A.7060906@redhat.com> Andrew Bartlett wrote: > I've been working to allow Fedora DS to backend Samba4, much as OpenLDAP > can. This, I hope, will bring us the benefits of a replicated backend > between Samba4 servers. > > To set this up, I've placed some notes in setup/fedora-ds-init.ldif and > extended the provision script. The provision now succeeds, and Win2k3 > can join and log into the Samba4/FDS domain. > Excellent! > The next step is to test the Fedora DS backend in our 'make test' > script. For that, I'll need some help. I need to automatically > configure and start fedora DS, from within the test scripts. I > understand some testing scripts to do this exist... > Basically, you create a .inf file, and pass this file to bin/slapd/admin/bin/ds_create or ds_newinst.pl - see http://directory.fedora.redhat.com/wiki/Install_Guide#Creating_an_instance_if_using_just_the_core_DS > To integrate such scripts with Samba4, I need a few things: > > Ideally it would bind to an ldapi:// socket (this is redhat bug 219573: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for > now a high port would do. > > Likewise, it would be ideal if fedora DS could terminate with the > process group, so we don't risk leaving ldap servers around after a > failed test. > You can start the server with the "-d 0" argument - this causes the server to not detach from the controlling terminal. > Finally, I need USN support in Fedora DS, or something very much like > the contextCSN attribute in OpenLDAP. (With a way to obtain a highest > value, preferably also a way to get a 'new' value too). > Do you need this to work even if the server does not participate in replication? CSNs are only generated if the server is configured to participate in replication. > Later, we need to figure out how ACLs should behave for all our > backends. > > Andrew Bartlett > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu Jan 4 06:25:36 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 04 Jan 2007 17:25:36 +1100 Subject: [Fedora-directory-devel] [SAMBA4] Fedora DS backend to Samba4 In-Reply-To: <459BC33A.7060906@redhat.com> References: <1167821144.14375.39.camel@localhost.localdomain> <459BC33A.7060906@redhat.com> Message-ID: <1167891936.32113.3.camel@localhost.localdomain> On Wed, 2007-01-03 at 07:52 -0700, Richard Megginson wrote: > Andrew Bartlett wrote: > > I've been working to allow Fedora DS to backend Samba4, much as OpenLDAP > > can. This, I hope, will bring us the benefits of a replicated backend > > between Samba4 servers. > > > > To set this up, I've placed some notes in setup/fedora-ds-init.ldif and > > extended the provision script. The provision now succeeds, and Win2k3 > > can join and log into the Samba4/FDS domain. > > > Excellent! > > The next step is to test the Fedora DS backend in our 'make test' > > script. For that, I'll need some help. I need to automatically > > configure and start fedora DS, from within the test scripts. I > > understand some testing scripts to do this exist... > > > Basically, you create a .inf file, and pass this file to > bin/slapd/admin/bin/ds_create or ds_newinst.pl - see > http://directory.fedora.redhat.com/wiki/Install_Guide#Creating_an_instance_if_using_just_the_core_DS I'll give that a shot. > > To integrate such scripts with Samba4, I need a few things: > > > > Ideally it would bind to an ldapi:// socket (this is redhat bug 219573: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for > > now a high port would do. > > > > Likewise, it would be ideal if fedora DS could terminate with the > > process group, so we don't risk leaving ldap servers around after a > > failed test. > > > You can start the server with the "-d 0" argument - this causes the > server to not detach from the controlling terminal. Thanks > > Finally, I need USN support in Fedora DS, or something very much like > > the contextCSN attribute in OpenLDAP. (With a way to obtain a highest > > value, preferably also a way to get a 'new' value too). > > > Do you need this to work even if the server does not participate in > replication? CSNs are only generated if the server is configured to > participate in replication. Yes, I need it no matter how the server is configured. Of course, I'm happy to have replication configured, just unused. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dennis at ausil.us Fri Jan 5 18:59:57 2007 From: dennis at ausil.us (Dennis Gilmore) Date: Fri, 5 Jan 2007 12:59:57 -0600 Subject: [Fedora-directory-devel] FDS and Fedora 7 Message-ID: <200701051259.57659.dennis@ausil.us> Hey Guys, Jarod Wilson and myself have taken ownership to make sure that FDS is in the repository in time for Fedora 7. I believe that most pieces are already in place that there is a few small remaining packages before the admin tools get it. Can someone give me a list of what is left to be done? -- ?,-._|\ ? ?Dennis Gilmore, RHCE /Aussie\ ? Proud Australian \_.--._/ ? | Aurora | Fedora | ? ? ? v ? ? From rmeggins at redhat.com Fri Jan 5 19:49:18 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 05 Jan 2007 12:49:18 -0700 Subject: [Fedora-directory-devel] FDS and Fedora 7 In-Reply-To: <200701051259.57659.dennis@ausil.us> References: <200701051259.57659.dennis@ausil.us> Message-ID: <459EABBE.8090908@redhat.com> Dennis Gilmore wrote: > Hey Guys, > > Jarod Wilson and myself have taken ownership to make sure that FDS is in the > repository in time for Fedora 7. > > I believe that most pieces are already in place that there is a few small > remaining packages before the admin tools get it. > > Can someone give me a list of what is left to be done? > Thanks! I've been tracking the progress of this work here - http://directory.fedora.redhat.com/wiki/FDS_Into_FedoraCore We could use this to share information, and just watch the page for changes. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Jan 12 02:48:10 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 11 Jan 2007 19:48:10 -0700 Subject: [Fedora-directory-devel] Please review: Bug 222398: Allow building on Fedora Message-ID: <45A6F6EA.1060005@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222398 Resolves: bug 222398 Bug Description: Allow building on Fedora Reviewed by: ??? Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=145417 Branch: HEAD Fix Description: There are a few issues with building on Fedora (5 or later): 1) Need to be able to build with db4.2, db4.3, db4.4, etc. This version auto-detects the db version from the db.h file it finds. In order to use a different db version, just use configure --with-db=path or --with-db-inc=path that points to a different db.h 2) mozldap and svrcore are now part of Fedora, so we need to look for those components. Look for mozldap6 first to allow building on RHEL-4 as well. mozldap now includes libldif, so add that to the link line. svrcore-devel is now just svrcore - a svrcore runtime package and a svrcore-devel build time package. 3) FHS means FHS - /etc, /var/, prefix=/usr and exec_prefix=/usr. It doesn't make any sense to talk about FHS under a prefix. This means the default build will do /opt/fedora-ds/etc, var, lib, bin, share, and so on instead of /opt/fedora-ds/usr/etc. --with-fhs resets prefix=/usr and exec_prefix=/usr, and overrides the default settings for sysconfdir and localstatedir So, different build types: FHS - use configure --with-fhs - uses /etc, /var, /usr/lib, /usr/share, etc. Nothing - configure - uses /opt/fedora-ds/etc/, var/, bin/, lib/, etc. GNU style - configure --prefix=/usr/local - /usr/local/etc, /usr/local/bin, /usr/local/var, and so on Developers can use configure --prefix=/home/user/fds && make && make install to install local versions Platforms tested: FC-6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=145418&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Jan 16 16:43:55 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 16 Jan 2007 09:43:55 -0700 Subject: [Fedora-directory-devel] Please review: Bug 222860: Allow build of mozldap Solaris pkgs without SGTAR - from CVS or SRPM Message-ID: <45AD00CB.7010801@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222860 Resolves: bug 222860 Bug Description: Allow build of mozldap Solaris pkgs without SGTAR - from CVS or SRPM Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Add the CVS information to the build scripts. If the SGTAR is not available or cannot be found, first look to see if there is an SRPM and extract the source from that. Otherwise, export the source from CVS. Build the SGTAR from the source. If the SRPM is given, it should be the one from Brew, not the one from Fedora Extras since the one in Brew has some additional stuff needed for our internal dirsec products. The spec file has been changed - all of the linux specific stuff has been removed, and other changes have been made to make the packaging look as much like the linux package as possible. Also, upgrade the component versions used to the latest. Platforms tested: Solaris 9 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=145706&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Fri Jan 19 21:50:39 2007 From: prowley at redhat.com (Pete Rowley) Date: Fri, 19 Jan 2007 13:50:39 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin Message-ID: <45B13D2F.4050202@redhat.com> New pre-operation plugin: General numeric sequencer that allows generation of sequenced unique numbers such as posix uidNumber, posix gidNumber, Samba SambaSID etc. in an MMR environment. Rather than network locking or number pooling schemes, the approach taken is to allow the configuration of an interval that should be equal to or greater than the number of masters in the deployment. Then each master is assigned starting numbers in sequence e.g. server 1, 500; server 2, 501; server 3, 502 etc. When the interval is configured as 3, the servers will generate sequences like so: server 1, 500, 503, 506...; server 2, 501, 504, 507; server 3, 502, 505, 508. Of course, in single master environments the interval may be set to one for a monotonically increasing sequence. Adding masters that exceed the interval requires that the configuration be reset, starting from a value higher than the highest currently assigned value. Multiple types may be configured. An LDAP search filter must be added to the configuration for each type, the filter may be as complex as desired and determines to which entries the configuration applies - at minimum this filter should restrict the configuration to objectclasses that allow the type since no schema checking is done by the plugin. Generated values may have a pre-fix configured to be pre-pended to the value (useful for systems such as Samba when it needs a new SID). Each configuration entry may be scoped with a configuration attribute containing a DN, where conflicts arise due to scope the closest scope wins. Configuration is dynamic. That is, once the plugin entry has been added to cn=plugins, cn=config and the server restarted, any configuration change will be observed. Configuration entries that do not contain an attribute type, a starting value, an interval value, and a filter will be ignored. Which configuration entries have been skipped can be determined by config level logging. Example configuration ldif and test ldaifs along with some scripts are included. The main source is in dna.c. -- Pete -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Makefile URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: addentries.sh Type: application/x-shellscript Size: 103 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: config.sh Type: application/x-shellscript Size: 275 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: del_test_entries.dns URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: delentries.sh Type: application/x-shellscript Size: 111 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dna.c Type: text/x-csrc Size: 28294 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dna.ldif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: editentries.sh Type: application/x-shellscript Size: 127 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: oneentry.sh Type: application/x-shellscript Size: 102 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: posix.ldif URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: posix_one.ldif URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: posix_test.ldif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: seeconfig.sh Type: application/x-shellscript Size: 169 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: seeentries.sh Type: application/x-shellscript Size: 137 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: subtest.ldif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Fri Jan 19 22:16:53 2007 From: prowley at redhat.com (Pete Rowley) Date: Fri, 19 Jan 2007 14:16:53 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B13D2F.4050202@redhat.com> References: <45B13D2F.4050202@redhat.com> Message-ID: <45B14355.5010309@redhat.com> Diff for autotools build: Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/ldapserver/Makefile.am,v retrieving revision 1.14 diff -r1.14 Makefile.am 81c81 < libviews-plugin.la --- > libviews-plugin.la libdna-plugin.la 736a737,743 > #------------------------ > # libdna-plugin > #------------------------ > libdna_plugin_la_SOURCES = ldap/servers/plugins/dna/dna.c > > libdna_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) > Pete Rowley wrote: > New pre-operation plugin: > > General numeric sequencer that allows generation of sequenced unique > numbers such as posix uidNumber, posix gidNumber, Samba SambaSID etc. > in an MMR environment. Rather than network locking or number pooling > schemes, the approach taken is to allow the configuration of an > interval that should be equal to or greater than the number of masters > in the deployment. Then each master is assigned starting numbers in > sequence e.g. server 1, 500; server 2, 501; server 3, 502 etc. When > the interval is configured as 3, the servers will generate sequences > like so: server 1, 500, 503, 506...; server 2, 501, 504, 507; server > 3, 502, 505, 508. Of course, in single master environments the > interval may be set to one for a monotonically increasing sequence. > Adding masters that exceed the interval requires that the > configuration be reset, starting from a value higher than the highest > currently assigned value. > > Multiple types may be configured. An LDAP search filter must be added > to the configuration for each type, the filter may be as complex as > desired and determines to which entries the configuration applies - at > minimum this filter should restrict the configuration to objectclasses > that allow the type since no schema checking is done by the plugin. > Generated values may have a pre-fix configured to be pre-pended to the > value (useful for systems such as Samba when it needs a new SID). Each > configuration entry may be scoped with a configuration attribute > containing a DN, where conflicts arise due to scope the closest scope > wins. > > Configuration is dynamic. That is, once the plugin entry has been > added to cn=plugins, cn=config and the server restarted, any > configuration change will be observed. Configuration entries that do > not contain an attribute type, a starting value, an interval value, > and a filter will be ignored. Which configuration entries have been > skipped can be determined by config level logging. > > Example configuration ldif and test ldaifs along with some scripts are > included. The main source is in dna.c. > > ------------------------------------------------------------------------ > > # > # BEGIN COPYRIGHT BLOCK > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # END COPYRIGHT BLOCK > # > LDAP_SRC = ../../.. > BUILD_ROOT = ../../../.. > > NOSTDCLEAN=true # don't let nsconfig.mk define target clean > NOSTDSTRIP=true # don't let nsconfig.mk define target strip > > OBJDEST = $(OBJDIR)/lib/libdna > LIBDIR = $(LDAP_PLUGIN_RELDIR) > > include $(BUILD_ROOT)/nsdefs.mk > include $(BUILD_ROOT)/nsconfig.mk > include $(LDAP_SRC)/nsldap.mk > > ifeq ($(ARCH), WINNT) > DEF_FILE:=./dna.def > endif > > DNA_OBJS = dna.o > OBJS = $(addprefix $(OBJDEST)/, $(DNA_OBJS)) > > DNA_DLL = libdna-plugin > > INCLUDES += -I../http -I../../slapd -I../../../include > CFLAGS+=$(SLCFLAGS) -DSLAPD_LOGGING > > ifeq ($(ARCH), WINNT) > EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(NSPRLINK) $(LIBSLAPD) $(LDAP_SDK_LIBLDAP_DLL) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > DNA_DLL_OBJ = $(addprefix $(OBJDEST)/, dllmain.o) > endif > > ifeq ($(ARCH), AIX) > EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(LIBSLAPDLINK) $(NSPRLINK) $(LDAP_SDK_LIBLDAP_DLL) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > LD=ld > endif > > ifeq ($(ARCH), HPUX) > EXTRA_LIBS_DEP += $(LIBSLAPD_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(SECURITY_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) $(ICULINK) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > endif > > DNA= $(addprefix $(LIBDIR)/, $(DNA_DLL).$(DLL_SUFFIX)) > > clientSDK: > > all: $(OBJDEST) $(LIBDIR) $(DNA) > > ifeq ($(ARCH), WINNT) > $(DNA): $(OBJS) $(DNA_DLL_OBJ) $(DEF_FILE) > $(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS) /DEF:$(DEF_FILE) > else > $(DNA): $(OBJS) $(DNA_DLL_OBJ) > $(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS) > endif > > > veryclean: clean > > clean: > $(RM) $(OBJS) > ifeq ($(ARCH), WINNT) > $(RM) $(DNA_DLL_OBJ) > endif > $(RM) $(DNA) > > $(OBJDEST): > $(MKDIR) $(OBJDEST) > > $(LIBDIR): > $(MKDIR) $(LIBDIR) > ------------------------------------------------------------------------ > > uid=add_has_magic_number, dc=example, dc=com > uid=add_second_has_magic_number, dc=example, dc=com > uid=no_uid_number, dc=example, dc=com > uid=add_has_uid_number_550, dc=example, dc=com > uid=add_is_sub, ou=sub, dc=example, dc=com > ou=sub, dc=example, dc=com > ------------------------------------------------------------------------ > > /** BEGIN COPYRIGHT BLOCK > * This Program is free software; you can redistribute it and/or modify it under > * the terms of the GNU General Public License as published by the Free Software > * Foundation; version 2 of the License. > * > * This Program is distributed in the hope that it will be useful, but WITHOUT > * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > * > * You should have received a copy of the GNU General Public License along with > * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > * Place, Suite 330, Boston, MA 02111-1307 USA. > * > * In addition, as a special exception, Red Hat, Inc. gives You the additional > * right to link the code of this Program with code not covered under the GNU > * General Public License ("Non-GPL Code") and to distribute linked combinations > * including the two, subject to the limitations in this paragraph. Non-GPL Code > * permitted under this exception must only link to the code of this Program > * through those well defined interfaces identified in the file named EXCEPTION > * found in the source code files (the "Approved Interfaces"). The files of > * Non-GPL Code may instantiate templates or use macros or inline functions from > * the Approved Interfaces without causing the resulting work to be covered by > * the GNU General Public License. Only Red Hat, Inc. may make changes or > * additions to the list of Approved Interfaces. You must obey the GNU General > * Public License in all respects for all of the Program code and other code used > * in conjunction with the Program except the Non-GPL Code covered by this > * exception. If you modify this file, you may extend this exception to your > * version of the file, but you are not obligated to do so. If you do not wish to > * provide this exception without modification, you must delete this exception > * statement from your version and license this file solely under the GPL without > * exception. > * > * > * Copyright (C) 2007 Red Hat, Inc. > * All rights reserved. > * END COPYRIGHT BLOCK **/ > > #ifdef HAVE_CONFIG_H > # include > #endif > > > /** > * Distributed Numeric Assignment plug-in > */ > #include > #include > #include > #include "portable.h" > #include "nspr.h" > #include "slapi-private.h" > #include "dirlite_strings.h" > #include "dirver.h" > #include "prclist.h" > #include "ldif.h" > > /* get file mode flags for unix */ > #ifndef _WIN32 > #include > #endif > > #define DNA_PLUGIN_SUBSYSTEM "dna-plugin" > #define DNA_PLUGIN_VERSION 0x00010000 > > #define DNA_DN "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" /* temporary */ > > #define DNA_SUCCESS 0 > #define DNA_FAILURE -1 > > /** > * DNA config types > */ > #define DNA_TYPE "dnaType" > #define DNA_PREFIX "dnaPrefix" > #define DNA_NEXTVAL "dnaNextValue" > #define DNA_INTERVAL "dnaInterval" > #define DNA_GENERATE "dnaMagicRegen" > #define DNA_FILTER "dnaFilter" > #define DNA_SCOPE "dnaScope" > > #define FEATURE_DESC "Distributed Numeric Assignment" > #define PLUGIN_DESC "Distributed Numeric Assignment plugin" > > static Slapi_PluginDesc pdesc = { FEATURE_DESC, > PLUGIN_MAGIC_VENDOR_STR, > PRODUCTTEXT, > PLUGIN_DESC }; > > > /** > * linked list of config entries > */ > > struct _defs { > PRCList list; > char *dn; > char *type; > char *prefix; > int nextval; > int interval; > struct slapi_filter *filter; > char *generate; > char *scope; > } dna_anchor; > typedef struct _defs configEntry; > static PRCList *config; > static PRRWLock *g_dna_cache_lock; > > static void *_PluginID = NULL; > static char *_PluginDN = NULL; > > > > /** > * > * DNA plug-in management functions > * > */ > int dna_init(Slapi_PBlock *pb); > static int dna_start(Slapi_PBlock *pb); > static int dna_close(Slapi_PBlock *pb); > static int dna_postop_init(Slapi_PBlock *pb); > > /** > * > * Local operation functions > * > */ > static int loadPluginConfig(); > static int parseConfigEntry(Slapi_Entry *e); > static void deleteConfig(); > static void freeConfigEntry(configEntry **entry); > > /** > * > * helpers > * > */ > static char *dna_get_dn(Slapi_PBlock *pb); > static int dna_dn_is_config(char *dn); > static int dna_get_next_value(configEntry *config_entry, char **next_value_ret); > > /** > * > * the ops (where the real work is done) > * > */ > static int dna_config_check_post_op(Slapi_PBlock *pb); > static int dna_pre_op( Slapi_PBlock *pb, int modtype ); > static int dna_mod_pre_op( Slapi_PBlock *pb ); > static int dna_add_pre_op( Slapi_PBlock *pb ); > > /** > * debug functions - global, for the debugger > */ > void dnaDumpConfig(); > void dnaDumpConfigEntry(configEntry *); > > /** > * set the debug level > */ > #ifdef _WIN32 > int *module_ldap_debug = 0; > > void plugin_init_debug_level(int *level_ptr) > { > module_ldap_debug = level_ptr; > } > #endif > > /** > * > * Deal with cache locking > * > */ > void dna_read_lock() > { > PR_RWLock_Rlock(g_dna_cache_lock); > } > > void dna_write_lock() > { > PR_RWLock_Wlock(g_dna_cache_lock); > } > > void dna_unlock() > { > PR_RWLock_Unlock(g_dna_cache_lock); > } > > /** > * > * Get the dna plug-in version > * > */ > int dna_version() > { > return DNA_PLUGIN_VERSION; > } > > /** > * Plugin identity mgmt > */ > void setPluginID(void * pluginID) > { > _PluginID=pluginID; > } > > void * getPluginID() > { > return _PluginID; > } > > void setPluginDN(char *pluginDN) > { > _PluginDN = pluginDN; > } > > char * getPluginDN() > { > return _PluginDN; > } > > /* > dna_init > ------------- > adds our callbacks to the list > */ > int dna_init( Slapi_PBlock *pb ) > { > int status = DNA_SUCCESS; > char * plugin_identity=NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_init\n"); > > /** > * Store the plugin identity for later use. > * Used for internal operations > */ > > slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity); > PR_ASSERT (plugin_identity); > setPluginID(plugin_identity); > > if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, > SLAPI_PLUGIN_VERSION_01 ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, > (void *) dna_start ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, > (void *) dna_close ) != 0 || > slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, > (void *)&pdesc ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, > (void *) dna_mod_pre_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, > (void *) dna_add_pre_op ) != 0 || > /* the config change checking post op */ > slapi_register_plugin( > "postoperation", /* op type */ > 1, /* Enabled */ > "dna_init", /* this function desc */ > dna_postop_init, /* init func for post op */ > PLUGIN_DESC, /* plugin desc */ > NULL, /* ? */ > plugin_identity /* access control */ > ) > ) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_init: failed to register plugin\n" ); > status = DNA_FAILURE; > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_init\n"); > return status; > } > > > static int dna_postop_init(Slapi_PBlock *pb) > { > int status = DNA_SUCCESS; > > if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, > SLAPI_PLUGIN_VERSION_01 ) != 0 || > slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, > (void *)&pdesc ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODRDN_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_DELETE_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, > (void *) dna_config_check_post_op ) != 0 > ) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_postop_init: failed to register plugin\n" ); > status = DNA_FAILURE; > } > > return status; > } > > /* > dna_start > -------------- > Kicks off the config cache. > It is called after dna_init. > */ > static int dna_start( Slapi_PBlock *pb ) > { > char * plugindn = NULL; > char * httpRootDir = NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_start\n"); > > config = &dna_anchor.list; > g_dna_cache_lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "dna"); > > > /** > * Get the plug-in target dn from the system > * and store it for future use. This should avoid > * hardcoding of DN's in the code. > */ > slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn); > if (plugindn == NULL || strlen(plugindn) == 0) > { > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , > "dna_start: had to use hard coded config dn\n"); > plugindn = DNA_DN; > } > else > { > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , > "dna_start: config at %s\n", plugindn); > > } > > setPluginDN(plugindn); > > /** > * Load the config for our plug-in > */ > PR_INIT_CLIST(config); > if (loadPluginConfig() != DNA_SUCCESS) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_start: unable to load plug-in configuration\n" ); > return DNA_FAILURE; > } > > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , "dna: ready for service\n"); > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_start\n"); > > return DNA_SUCCESS; > } > > /* > dna_close > -------------- > closes down the cache > */ > static int dna_close( Slapi_PBlock *pb ) > { > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_close\n"); > > deleteConfig(); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_close\n"); > > return DNA_SUCCESS; > } > > /* > * config looks like this > * - cn=myplugin > * --- ou=posix > * ------ cn=accounts > * ------ cn=groups > * --- cn=samba > * --- cn=etc > * ------ cn=etc etc > */ > static int loadPluginConfig() > { > int status = DNA_SUCCESS; > int result; > int i; > Slapi_PBlock *search_pb; > Slapi_Entry **entries = NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> loadPluginConfig\n"); > > dna_write_lock(); > deleteConfig(); > > search_pb = slapi_pblock_new(); > > slapi_search_internal_set_pb(search_pb, DNA_DN, LDAP_SCOPE_SUBTREE, > "objectclass=*", NULL, 0, NULL, NULL, getPluginID(), 0); > slapi_search_internal_pb(search_pb); > slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); > > if (status != DNA_SUCCESS) > { > status = DNA_SUCCESS; > goto cleanup; > } > > slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); > if (NULL == entries || entries[0] == NULL) > { > status = DNA_SUCCESS; > goto cleanup; > } > > for (i = 0; (entries[i] != NULL); i++) > { > status = parseConfigEntry(entries[i]); > } > > cleanup: > slapi_free_search_results_internal(search_pb); > slapi_pblock_destroy(search_pb); > dna_unlock(); > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- loadPluginConfig\n"); > > return status; > } > > static int parseConfigEntry(Slapi_Entry *e) > { > char *key = NULL; > char *value = NULL; > configEntry *entry = NULL; > configEntry *config_entry = NULL; > Slapi_Attr *attr = NULL; > PRCList *list = NULL; > int entry_added = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> parseConfigEntry\n"); > > entry = (configEntry*) slapi_ch_calloc(1, sizeof(configEntry)); > if(0 == entry) > goto bail; > > value = slapi_entry_get_ndn(e); > if(value) { > entry->dn = strdup(value); > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dn [%s] \n",entry->dn,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_TYPE); > if(value) { > entry->type = value; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaType [%s] \n",entry->type,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); > if (value) { > entry->nextval = atoi(value); > slapi_ch_free_string(&value); > value = 0; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaNextValue [%d] \n",entry->nextval,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_PREFIX); > if (value) { > entry->prefix = value; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaPrefix [%s] \n",entry->prefix,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); > if (value) { > entry->interval = atoi(value); > slapi_ch_free_string(&value); > value = 0; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaInterval [%s] \n",value,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_GENERATE); > if (value) { > entry->generate = value; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaMagicRegen [%s] \n",entry->generate,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_FILTER); > if (value) { > entry->filter = slapi_str2filter(value); > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaFilter [%s] \n",value,0,0); > > slapi_ch_free_string(&value); > value = 0; > > value = slapi_entry_attr_get_charptr(e, DNA_SCOPE); > if (value) { > char *canonical_dn = slapi_dn_normalize(value); > entry->scope = canonical_dn; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaScope [%s] \n",entry->scope,0,0); > > > /** > * Finally add the entry to the list > * we group by type then by filter > * and finally sort by dn length with longer dn's > * first - this allows the scope checking > * code to be simple and quick and > * cunningly linear > */ > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > while(list != config) > { > config_entry = (configEntry*)list; > > if(slapi_attr_type_cmp(config_entry->type, entry->type,1)) > goto next; > > if(slapi_filter_compare(config_entry->filter, entry->filter)) > goto next; > > if(slapi_dn_issuffix(entry->scope,config_entry->scope)) > { > PR_INSERT_BEFORE(&(entry->list), list); > slapi_log_error( SLAPI_LOG_CONFIG, > DNA_PLUGIN_SUBSYSTEM , > "store [%s] before [%s] \n",entry->scope,config_entry->scope,0); > entry_added = 1; > break; > } > > next: > list = PR_NEXT_LINK (list); > > if(config == list) > { > /* add to tail */ > PR_INSERT_BEFORE(&(entry->list), list); > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "store [%s] at tail\n",entry->scope,0,0); > entry_added = 1; > break; > } > } > } > else > { > /* first entry */ > PR_INSERT_LINK(&(entry->list), config); > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "store [%s] at head \n",entry->scope,0,0); > entry_added = 1; > } > > bail: > if(0 == entry_added) > { > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , > "config entry [%s] skipped\n",entry->dn,0,0); > freeConfigEntry(&entry); > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- parseConfigEntry\n"); > > return DNA_SUCCESS; > } > > static void freeConfigEntry(configEntry **entry) > { > configEntry *e = *entry; > > if(e->dn) > { > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , > "freeing config entry [%s]\n",e->dn,0,0); > slapi_ch_free_string(&e->dn); > } > > if(e->type) > slapi_ch_free_string(&e->type); > > if(e->prefix) > slapi_ch_free_string(&e->prefix); > > if(e->filter) > slapi_filter_free(e->filter,1); > > if(e->generate) > slapi_ch_free_string(&e->generate); > > if(e->scope) > slapi_ch_free_string(&e->scope); > > slapi_ch_free((void**)entry); > } > > static void deleteConfigEntry(PRCList *entry) > { > PR_REMOVE_LINK(entry); > freeConfigEntry((configEntry**)&entry); > } > > static void deleteConfig() > { > PRCList *list; > > while(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > deleteConfigEntry(list); > } > > return; > } > > > /**************************************************** > Helpers > ****************************************************/ > > static char *dna_get_dn(Slapi_PBlock *pb) > { > char *dn = 0; > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_get_dn\n"); > > if(slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn )) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_get_dn: failed to get dn of changed entry"); > goto bail; > } > > slapi_dn_normalize( dn ); > > bail: > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_get_dn\n"); > > return dn; > } > > /* config check > matching config dn or a descendent reloads config > */ > static int dna_dn_is_config(char *dn) > { > int ret = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_is_config\n"); > > if(slapi_dn_issuffix(dn, getPluginDN())) > { > ret=1; > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_is_config\n"); > > return ret; > } > > > /**************************************************** > Functions that actually do things other > than config and startup > ****************************************************/ > > > /* > * Perform ldap operationally atomic increment > * Return the next value to be assigned > * Method: > * 1. retrieve entry > * 2. remove current value, add new value in one operation > * 3. if failed, and less than 3 times, goto 1 > */ > static int dna_get_next_value(configEntry *config_entry, char **next_value_ret) > { > int ret = -1; > Slapi_DN *dn = 0; > char *attrlist[2]; > Slapi_Entry *e = 0; > int attempts = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_get_next_value\n"); > > /* get pre-requisites to search */ > dn = slapi_sdn_new_dn_byref(config_entry->dn); > attrlist[0] = DNA_NEXTVAL; > attrlist[1] = 0; > > > while(attempts < 3) > { > attempts++; > > /* do update */ > if(e) > { > slapi_entry_free(e); > e = 0; > } > > ret = slapi_search_internal_get_entry( dn, attrlist, &e,getPluginID()); > if(LDAP_SUCCESS == ret) > { > char *old_value; > > old_value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); > if(old_value) > { > LDAPMod mod_add; > LDAPMod mod_delete; > LDAPMod *mods[3]; > Slapi_PBlock *pb = slapi_pblock_new(); > char *delete_val[2]; > char *add_val[2]; > char new_value[16]; > > mods[0] = &mod_delete; > mods[1] = &mod_add; > mods[2] = 0; > > if(0 == pb) > goto bail; > > /* perform increment */ > > sprintf(new_value, "%d", > config_entry->interval + > atoi(old_value)); > > delete_val[0] = old_value; > delete_val[1] = 0; > > mod_delete.mod_op = LDAP_MOD_DELETE; > mod_delete.mod_type = DNA_NEXTVAL; > mod_delete.mod_values = delete_val; > > add_val[0] = new_value; > add_val[1] = 0; > > mod_add.mod_op = LDAP_MOD_ADD; > mod_add.mod_type = DNA_NEXTVAL; > mod_add.mod_values = add_val; > > > mods[0] = &mod_delete; > mods[1] = &mod_add; > mods[2] = 0; > > slapi_modify_internal_set_pb( > pb, config_entry->dn, > mods, 0, 0, > getPluginID(), 0); > > slapi_modify_internal_pb(pb); > > slapi_pblock_get(pb, > SLAPI_PLUGIN_INTOP_RESULT, > &ret); > > slapi_pblock_destroy(pb); > > if(LDAP_SUCCESS == ret) > { > *next_value_ret = old_value; > break; > } > else > slapi_ch_free((void**)&old_value); > } > else > break; > } > else > break; > } > > bail: > if(dn) > slapi_sdn_free(&dn); > > if(e) > slapi_entry_free(e); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_get_next_value\n"); > > return ret; > } > > /* for mods and adds: > where dn's are supplied, the closest in scope > is used as long as the type and filter > are identical - otherwise all matches count > */ > > static int dna_pre_op(Slapi_PBlock *pb, int modtype) > { > char *dn = 0; > PRCList *list = 0; > configEntry *config_entry = 0; > struct slapi_entry *e = 0; > char *last_type = 0; > char *value = 0; > int generate = 0; > Slapi_Mods *smods = 0; > Slapi_Mod *smod = 0; > LDAPMod **mods; > int free_entry = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_pre_op\n"); > > if(0 == (dn = dna_get_dn(pb))) > goto bail; > > if(dna_dn_is_config(dn)) > goto bail; > > if(LDAP_CHANGETYPE_ADD == modtype) > { > slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e); > } > else > { > /* xxxPAR: Ideally SLAPI_MODIFY_EXISTING_ENTRY should be > * available but it turns out that is only true if you are > * a dbm backend pre-op plugin - lucky dbm backend pre-op > * plugins. > * I think that is wrong since the entry is useful for filter > * tests and schema checks and this plugin shouldn't be limited > * to a single backend type, but I don't want that fight right > * now so we go get the entry here > * > slapi_pblock_get( pb, SLAPI_MODIFY_EXISTING_ENTRY, &e); > */ > Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn); > if(tmp_dn) > { > slapi_search_internal_get_entry( > tmp_dn, 0, &e,getPluginID()); > slapi_sdn_free(&tmp_dn); > free_entry = 1; > } > > /* grab the mods - we'll put them back later with > * our modifications appended > */ > slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods); > smods = slapi_mods_new(); > slapi_mods_init_passin(smods, mods); > } > > if(0 == e) > goto bailmod; > > dna_read_lock(); > > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > > while(list != config) > { > config_entry = (configEntry*)list; > > /* did we already service this type? */ > if(last_type) > { > if(!slapi_attr_type_cmp(config_entry->type, last_type,1)) > goto next; > } > > /* is the entry in scope? */ > if(config_entry->scope) > { > if(!slapi_dn_issuffix(dn, config_entry->scope)) > goto next; > } > > /* does the entry match the filter? */ > if(config_entry->filter) > { > if(LDAP_SUCCESS != slapi_vattr_filter_test(pb, > e, > config_entry->filter,0)) > goto next; > } > > > if(LDAP_CHANGETYPE_ADD == modtype) > { > /* does attribute contain the magic value > or is the type not there? > */ > value = slapi_entry_attr_get_charptr( > e, config_entry->type); > if((value && > !slapi_utf8casecmp( > config_entry->generate, > value)) || > 0 == value) > { > generate = 1; > } > } > else > { > /* check mods for magic value */ > Slapi_Mod *next_mod = slapi_mod_new(); > smod = slapi_mods_get_first_smod( > smods, > next_mod); > while(smod) > { > char *type = (char *) > slapi_mod_get_type(smod); > > if(slapi_attr_types_equivalent( > type, > config_entry->type)) > { > struct berval *bv = > slapi_mod_get_first_value( > smod); > int len = strlen( > config_entry-> > generate); > > > if(len == bv->bv_len) > { > if(!slapi_utf8ncasecmp( > bv->bv_val, > config_entry-> > generate, > len)) > > generate = 1; > break; > } > } > > slapi_mod_done(next_mod); > smod = slapi_mods_get_next_smod( > smods, > next_mod); > } > > slapi_mod_free(&next_mod); > } > > if(generate) > { > char *new_value; > int len; > int ret = 0; > > /* create the value to add */ > if(dna_get_next_value(config_entry,&value)) > break; > > len = strlen(value) + 1; > if(config_entry->prefix) > { > len += strlen(config_entry->prefix); > } > > new_value = slapi_ch_malloc(len); > > if(config_entry->prefix) > { > strcpy(new_value, > config_entry->prefix); > strcat(new_value, value); > } > else > strcpy(new_value, value); > > /* do the mod */ > if(LDAP_CHANGETYPE_ADD == modtype) > { > /* add - add to entry */ > slapi_entry_attr_set_charptr( > e, > config_entry->type, > new_value); > } > else > { > /* mod - add to mods */ > slapi_mods_add_string( > smods, > LDAP_MOD_REPLACE, > config_entry->type, > new_value); > } > > /* free up */ > slapi_ch_free_string(&value); > slapi_ch_free_string(&new_value); > > /* make sure we don't generate for this > * type again > */ > if(LDAP_SUCCESS == ret) > { > last_type = config_entry->type; > } > > generate = 0; > } > next: > list = PR_NEXT_LINK (list); > } > } > > dna_unlock(); > > bailmod: > if(LDAP_CHANGETYPE_MODIFY == modtype) > { > /* these are the mods you made, really, > * I didn't change them, honest, just had a quick look > */ > mods = slapi_mods_get_ldapmods_passout(smods); > slapi_pblock_set( pb, SLAPI_MODIFY_MODS, mods); > slapi_mods_free(&smods); > } > > bail: > > if(free_entry && e) > slapi_entry_free(e); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_pre_op\n"); > > return 0; > } > > > static int dna_add_pre_op( Slapi_PBlock *pb ) > { > return dna_pre_op(pb, LDAP_CHANGETYPE_ADD); > } > > static int dna_mod_pre_op( Slapi_PBlock *pb ) > { > return dna_pre_op(pb, LDAP_CHANGETYPE_MODIFY); > } > > static int dna_config_check_post_op(Slapi_PBlock *pb) > { > char *dn; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_config_check_post_op\n"); > > if(dn = dna_get_dn(pb)) > { > if(dna_dn_is_config(dn)) > loadPluginConfig(); > } > > bail: > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_config_check_post_op\n"); > > return 0; > } > > /**************************************************** > End of > Functions that actually do things other > than config and startup > ****************************************************/ > > /** > * debug functions to print config > */ > void dnaDumpConfig() > { > PRCList *list; > > dna_read_lock(); > > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > while(list != config) > { > dnaDumpConfigEntry((configEntry*)list); > list = PR_NEXT_LINK (list); > } > } > > dna_unlock(); > } > > > void dnaDumpConfigEntry(configEntry *entry) > { > printf("<- type --------------> %s\n", entry->type); > printf("<---- prefix ---------> %s\n", entry->prefix); > printf("<---- next value -----> %d\n", entry->nextval); > printf("<---- interval -------> %d\n", entry->interval); > printf("<---- filter ---------> %s\n", entry->filter); > printf("<---- generate flag --> %s\n", entry->generate); > } > > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # plugin configuration entry > dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: nsSlapdPlugin > objectclass: extensibleObject > objectclass: nsContainer > cn: Distributed Numeric Assignment Plugin > nsslapd-plugininitfunc: dna_init > nsslapd-plugintype: preoperation > nsslapd-pluginenabled: on > nsslapd-plugindescription: Distributed Numeric Assignment plugin > nsslapd-pluginvendor: Fedora Project > nsslapd-pluginVersion: 1.1 > nsslapd-pluginId: distributed-numeric-assignment > nsslapd-pluginPath: /home/prowley/srv/lib/fedora-ds/plugins/libdna-plugin.so > > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # add plugin configuration for posix users > > dn: cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: nsContainer > objectclass: extensibleObject > cn: Posix > > dn: cn=Accounts,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > cn: Accounts > dnaType: uidNumber > dnaNextValue: 500 > dnaInterval: 4 > dnaMagicRegen: 499 > dnaFilter: (objectclass=posixAccount) > > # add plugin configuration for posix groups > > dn: cn=Groups,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > cn: Groups > dnaType: gidNumber > dnaNextValue: 500 > dnaInterval: 4 > dnaMagicRegen: 499 > dnaFilter: (objectclass=posixGroup) > > ------------------------------------------------------------------------ > > dn: uid=add_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 1 > sn: test > uid: add_has_uid_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > ------------------------------------------------------------------------ > > dn: uid=add_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 1 > sn: test > uid: add_has_uid_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > dn: uid=add_second_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 2 > sn: test > uid: add_second_has_magic_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > dn: uid=no_uid_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 3 > sn: test > uid: no_uid_number > gidNumber: 550 > homeDirectory: / > > dn: uid=add_has_uid_number_550, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 4 > sn: test > uid: add_has_uid_number > uidNumber: 550 > gidNumber: 550 > homeDirectory: / > > dn: ou=sub, dc=example, dc=com > objectclass: top > objectclass: organizationalunit > ou: sub > > dn: uid=add_is_sub, ou=sub, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 4 > sn: test > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # add Samba SIDs > > dn: cn=Example top level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > dnaType: title > dnaPrefix: example- > dnaNextValue: 600 > dnaInterval: 4 > dnaMagicRegen: assign > dnaFilter: (objectclass=organizationalperson) > dnaScope: dc=example, dc=com > > dn: cn=Example sub level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > dnaType: title > dnaPrefix: sub-example- > dnaNextValue: 600 > dnaInterval: 4 > dnaMagicRegen: assign > dnaFilter: (objectclass=organizationalperson) > dnaScope: ou=sub, dc=example, dc=com > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rcritten at redhat.com Mon Jan 22 13:25:44 2007 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Jan 2007 08:25:44 -0500 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B13D2F.4050202@redhat.com> References: <45B13D2F.4050202@redhat.com> Message-ID: <45B4BB58.6030409@redhat.com> Pete Rowley wrote: > New pre-operation plugin: In dna_get_next_value() what could cause a call to slapi_search_internal_get_entry() to fail that you have to try 3 times? Would it be better to use an unsigned long to represent the value or is this longer than any possible uid (the downside, or upside, being that 64-bit could support significantly larger numbers)? If so the new_value field would need to be expanded. rob -- Learn. Network. Experience open source. Red Hat Summit San Diego | May 9-11, 2007 Learn more: http://www.redhat.com/promo/summit/2007 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Mon Jan 22 19:01:11 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 22 Jan 2007 11:01:11 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B4BB58.6030409@redhat.com> References: <45B13D2F.4050202@redhat.com> <45B4BB58.6030409@redhat.com> Message-ID: <45B509F7.3020601@redhat.com> Rob Crittenden wrote: > Pete Rowley wrote: >> New pre-operation plugin: > > In dna_get_next_value() what could cause a call to > slapi_search_internal_get_entry() to fail that you have to try 3 times? > It's actually the mod operation that can fail, the original value is deleted and the new value added in one operation with two mods, if the original value has changed since the search the mod operation will fail. It's a way to get an atomic increment. > Would it be better to use an unsigned long to represent the value or > is this longer than any possible uid (the downside, or upside, being > that 64-bit could support significantly larger numbers)? If so the > new_value field would need to be expanded. > Yes it should probably be unsigned long, I'll change that. > rob > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Jan 22 20:02:40 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 22 Jan 2007 13:02:40 -0700 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B509F7.3020601@redhat.com> References: <45B13D2F.4050202@redhat.com> <45B4BB58.6030409@redhat.com> <45B509F7.3020601@redhat.com> Message-ID: <45B51860.4090902@redhat.com> Pete Rowley wrote: > Rob Crittenden wrote: >> Pete Rowley wrote: >>> New pre-operation plugin: >> >> In dna_get_next_value() what could cause a call to >> slapi_search_internal_get_entry() to fail that you have to try 3 times? >> > It's actually the mod operation that can fail, the original value is > deleted and the new value added in one operation with two mods, if the > original value has changed since the search the mod operation will > fail. It's a way to get an atomic increment. Ok. So I think the errors should be treated a little differently. If the search fails, that's bad - probably a fatal error, or perhaps someone deleted the configuration entry out from under you. I think that if the mod fails, you should check the error code, for something like LDAP_TYPE_OR_VALUE_EXISTS, which means the mod->add failed because attribute already has that value, or whatever specific error is returned from the mod->delete value operation when the value doesn't exist. Other errors are probably fatal. >> Would it be better to use an unsigned long to represent the value or >> is this longer than any possible uid (the downside, or upside, being >> that 64-bit could support significantly larger numbers)? If so the >> new_value field would need to be expanded. >> > Yes it should probably be unsigned long, I'll change that. >> rob >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Mon Jan 22 20:22:54 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 22 Jan 2007 12:22:54 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B51860.4090902@redhat.com> References: <45B13D2F.4050202@redhat.com> <45B4BB58.6030409@redhat.com> <45B509F7.3020601@redhat.com> <45B51860.4090902@redhat.com> Message-ID: <45B51D1E.7020809@redhat.com> Richard Megginson wrote: > Pete Rowley wrote: >> Rob Crittenden wrote: >>> Pete Rowley wrote: >>>> New pre-operation plugin: >>> >>> In dna_get_next_value() what could cause a call to >>> slapi_search_internal_get_entry() to fail that you have to try 3 times? >>> >> It's actually the mod operation that can fail, the original value is >> deleted and the new value added in one operation with two mods, if >> the original value has changed since the search the mod operation >> will fail. It's a way to get an atomic increment. > Ok. So I think the errors should be treated a little differently. If > the search fails, that's bad - probably a fatal error, or perhaps > someone deleted the configuration entry out from under you. I think > that if the mod fails, you should check the error code, for something > like LDAP_TYPE_OR_VALUE_EXISTS, which means the mod->add failed > because attribute already has that value, or whatever specific error > is returned from the mod->delete value operation when the value > doesn't exist. Other errors are probably fatal. ok >>> Would it be better to use an unsigned long to represent the value or >>> is this longer than any possible uid (the downside, or upside, being >>> that 64-bit could support significantly larger numbers)? If so the >>> new_value field would need to be expanded. >>> >> Yes it should probably be unsigned long, I'll change that. >>> rob >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-devel mailing list >>> Fedora-directory-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Mon Jan 22 21:37:56 2007 From: prowley at redhat.com (Pete Rowley) Date: Mon, 22 Jan 2007 13:37:56 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B51D1E.7020809@redhat.com> References: <45B13D2F.4050202@redhat.com> <45B4BB58.6030409@redhat.com> <45B509F7.3020601@redhat.com> <45B51860.4090902@redhat.com> <45B51D1E.7020809@redhat.com> Message-ID: <45B52EB4.8030806@redhat.com> Made values unsigned longs, failed sooner when errors not due to race conditions in dna_get_next_value(), also made dna_pre_op() return an error code on failure - probably a bad idea to just silently not work :) Pete Rowley wrote: > Richard Megginson wrote: >> Pete Rowley wrote: >>> Rob Crittenden wrote: >>>> Pete Rowley wrote: >>>>> New pre-operation plugin: >>>> >>>> In dna_get_next_value() what could cause a call to >>>> slapi_search_internal_get_entry() to fail that you have to try 3 >>>> times? >>>> >>> It's actually the mod operation that can fail, the original value is >>> deleted and the new value added in one operation with two mods, if >>> the original value has changed since the search the mod operation >>> will fail. It's a way to get an atomic increment. >> Ok. So I think the errors should be treated a little differently. >> If the search fails, that's bad - probably a fatal error, or perhaps >> someone deleted the configuration entry out from under you. I think >> that if the mod fails, you should check the error code, for something >> like LDAP_TYPE_OR_VALUE_EXISTS, which means the mod->add failed >> because attribute already has that value, or whatever specific error >> is returned from the mod->delete value operation when the value >> doesn't exist. Other errors are probably fatal. > ok >>>> Would it be better to use an unsigned long to represent the value >>>> or is this longer than any possible uid (the downside, or upside, >>>> being that 64-bit could support significantly larger numbers)? If >>>> so the new_value field would need to be expanded. >>>> >>> Yes it should probably be unsigned long, I'll change that. >>>> rob >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-devel mailing list >>>> Fedora-directory-devel at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-devel mailing list >>> Fedora-directory-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: dna.c Type: text/x-csrc Size: 28618 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From hyc at symas.com Mon Jan 22 21:59:09 2007 From: hyc at symas.com (Howard Chu) Date: Mon, 22 Jan 2007 13:59:09 -0800 Subject: Fedora-directory-devel Digest, Vol 19, Issue 8Re: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <20070122213801.71F3973816@hormel.redhat.com> References: <20070122213801.71F3973816@hormel.redhat.com> Message-ID: <45B533AD.9090001@symas.com> > Date: Mon, 22 Jan 2007 13:02:40 -0700 > From: Richard Megginson >> > Rob Crittenden wrote: >>> >> Pete Rowley wrote: >>>> >>> New pre-operation plugin: >>> >> >>> >> In dna_get_next_value() what could cause a call to >>> >> slapi_search_internal_get_entry() to fail that you have to try 3 times? >>> >> >> > It's actually the mod operation that can fail, the original value is >> > deleted and the new value added in one operation with two mods, if the >> > original value has changed since the search the mod operation will >> > fail. It's a way to get an atomic increment. > Ok. So I think the errors should be treated a little differently. If > the search fails, that's bad - probably a fatal error, or perhaps > someone deleted the configuration entry out from under you. I think > that if the mod fails, you should check the error code, for something > like LDAP_TYPE_OR_VALUE_EXISTS, which means the mod->add failed because > attribute already has that value, or whatever specific error is returned > from the mod->delete value operation when the value doesn't exist. > Other errors are probably fatal. You should only be able to get LDAP_NO_SUCH_ATTRIBUTE, not LDAP_TYPE_OR_VALUE_EXISTS from this operation. The delete of the old value must fail before it even tries to add the new value. This is the standard test-and-set operation in LDAP. (And of course LDAP_NO_SUCH_OBJECT if someone is really messing with you...) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ From rmeggins at redhat.com Thu Jan 25 03:28:00 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 24 Jan 2007 20:28:00 -0700 Subject: [Fedora-directory-devel] Please review: Bug 224291: Move script-templates from sysconfdir to datadir Message-ID: <45B823C0.1060705@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224291 Resolves: bug 224291 Bug Description: Move script-templates from sysconfdir to datadir Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Just change sysconfdir to datadir in both the Makefile.am (which controls where the files are put during installation) and in create_instance.c (which controls where instance creation looks for the templates to use them to create the real scripts). Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=146494&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Jan 26 17:46:38 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 26 Jan 2007 10:46:38 -0700 Subject: [Fedora-directory-devel] Please review: Bug 224606: Instance specific dirs should be in instance directory Message-ID: <45BA3E7E.60708@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224606 Resolves: bug 224606 Bug Description: Instance specific dirs should be in instance directory Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Fixed create instance to create these instance specific directories: /var/lock/slapd-instance -> /var/lock/fedora-ds/slapd-instance /var/lib/slapd-instance -> /var/lib/fedora-ds/slapd-instance /var/log/slapd-instance -> /var/log/fedora-ds/slapd-instance /var/run/slapd-instance -> /var/run/fedora-ds For now, I'm side-stepping the question of what to do about permissions on /var/run/fedora-ds/slapd-instance.pid - we'll address this in the RPM creation. I've also moved the migration scripts to the %{_libdir}/fedora-ds/slapd-instance directory, and I've made the default directory for the key/cert db the same as the config directory. I think the dynamic nature of their configuration warrants the move. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=146695&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Jan 26 22:57:08 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 26 Jan 2007 15:57:08 -0700 Subject: [Fedora-directory-devel] Please review: Bug 224672: Get rid of key/cert db prefix Message-ID: <45BA8744.7060301@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224672 Resolves: bug 224672 Bug Description: Get rid of key/cert db prefix Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Now that we have everything in its own instance specific directory, we do not need the troublesome key/cert database prefix. This simplifies the slapd_nss_init code a great deal. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=146728&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Sat Jan 27 01:30:34 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 26 Jan 2007 17:30:34 -0800 Subject: [Fedora-directory-devel] Please review: [Bug 223861] Nightly build uses autotools/yum (ds_newinst failure) In-Reply-To: <200701270123.l0R1NUnZ026594@bugzilla.redhat.com> References: <200701270123.l0R1NUnZ026594@bugzilla.redhat.com> Message-ID: <45BAAB3A.5090806@redhat.com> Summary: Nightly build uses autotools/yum https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223861 (Comment #8) Instance creation utility ds_newinst.pl has started failing with the "command not found" error. Weird thing is it was working till yesterday. And the code related to the path hasn't been changed for a while... *puzzled* >------- Additional Comments From nhosoi at redhat.com 2007-01-26 20:23 EST ------- >Description of problem: >Output from ds_newinst.pl (with some debug messages) >==================================================== >CGI /usr/lib/fedora-ds/ds_newinst failed with 1: here is the output: >Content-type: text/plain > >[slapd-laputa]: starting up server ... >[slapd-laputa]: Fedora-Directory/1.1 B2007.026.2158 >[slapd-laputa]: laputa:25543 (/dev/shm/DS7.2-2049/server/slapd-laputa) >[slapd-laputa]: >[slapd-laputa]: [26/Jan/2007:15:46:40 -0800] - Fedora-Directory/1.1 >B2007.026.2158 starting up >[slapd-laputa]: [26/Jan/2007:15:46:40 -0800] - slapd started. Listening on All >Interfaces port 25543 for LDAP requests >error:MY PATH IS ... > >error:/usr/lib/fedora-ds > >error:/dev/shm/DS7.2-2049/server/slapd-laputa/start-slapd: line 54: expr: >command not found > >error:/dev/shm/DS7.2-2049/server/slapd-laputa/start-slapd: line 58: cat: command >not found > >error:/dev/shm/DS7.2-2049/server/slapd-laputa/start-slapd: line 53: test: -le: >unary operator expected > >error:/dev/shm/DS7.2-2049/server/slapd-laputa/start-slapd: line 69: expr: >command not found > >error:Server failed to start !!! Please check errors log for problems > >error:server:The server could not be started. >system_errno:2 >error:could not create server laputa - The server could not be started. >NMC_Status: 1 >Error: could not run /usr/lib/fedora-ds/ds_newinst: 1 >Error: Could not create new directory server instance >==================================================== > >This "command not found" error is caused by ds_newinst wrapper, which calls the >binary ds_newinst-bin. > >The wrapper ds_newinst sets BIN_DIR as follows: >BIN_DIR=/usr/lib/fedora-ds >PATH=${BIN_DIR} >export PATH > >Next, ds_newinst-bin launches "start-slapd" via "system". The start script >calls typical system commands such as cat and expr, but PATH is not set for them. > >To solve this problem, can we add "/usr/bin" and "/bin" to BIN_DIR? > >Index: ds_newinst.in >=================================================================== >RCS file: /cvs/dirsec/ldapserver/wrappers/ds_newinst.in,v >retrieving revision 1.2 >diff -t -w -U4 -r1.2 ds_newinst.in >--- ds_newinst.in 2 Nov 2006 03:11:40 -0000 1.2 >+++ ds_newinst.in 27 Jan 2007 00:36:28 -0000 >@@ -4,9 +4,9 @@ > ## (1) Specify variables used by this script. ## > ############################################################################### > > LIB_DIR=@nss_libdir@:@nspr_libdir@:@ldapsdk_libdir@:@sasl_libdir@:@serverdir@ >-BIN_DIR=@serverdir@ >+BIN_DIR=@serverdir@:/usr/bin:/bin > COMMAND=ds_newinst-bin > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Mon Jan 29 07:53:04 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Mon, 29 Jan 2007 18:53:04 +1100 Subject: [Fedora-directory-devel] Please review: Bug 224672: Get rid of key/cert db prefix In-Reply-To: <45BA8744.7060301@redhat.com> References: <45BA8744.7060301@redhat.com> Message-ID: <1170057184.29163.48.camel@amy.samba4.abartlet.net> On Fri, 2007-01-26 at 15:57 -0700, Richard Megginson wrote: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224672 > Resolves: bug 224672 > Bug Description: Get rid of key/cert db prefix > Reviewed by: ??? > Files: see diff > Branch: HEAD > Fix Description: Now that we have everything in its own instance > specific directory, we do not need the troublesome key/cert database > prefix. This simplifies the slapd_nss_init code a great deal. > Platforms tested: RHEL4 > Flag Day: no > Doc impact: no I was reading docs on the Fedora DS wiki that referenced this, so shouldn't we have a Doc impact=yet on this? Search for 'the trailing dash is critical' in http://directory.fedora.redhat.com/wiki/Howto:SSL Andrew Bartlett -- Andrew Bartlett -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Mon Jan 29 14:51:14 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 29 Jan 2007 07:51:14 -0700 Subject: [Fedora-directory-devel] Please review: Bug 224672: Get rid of key/cert db prefix In-Reply-To: <1170057184.29163.48.camel@amy.samba4.abartlet.net> References: <45BA8744.7060301@redhat.com> <1170057184.29163.48.camel@amy.samba4.abartlet.net> Message-ID: <45BE09E2.4090306@redhat.com> Andrew Bartlett wrote: > On Fri, 2007-01-26 at 15:57 -0700, Richard Megginson wrote: > >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224672 >> Resolves: bug 224672 >> Bug Description: Get rid of key/cert db prefix >> Reviewed by: ??? >> Files: see diff >> Branch: HEAD >> Fix Description: Now that we have everything in its own instance >> specific directory, we do not need the troublesome key/cert database >> prefix. This simplifies the slapd_nss_init code a great deal. >> Platforms tested: RHEL4 >> Flag Day: no >> Doc impact: no >> > > I was reading docs on the Fedora DS wiki that referenced this, so > shouldn't we have a Doc impact=yet on this? > Absolutely correct. Thanks! This will actually have a major doc impact which will ripple into other areas as well. > Search for 'the trailing dash is critical' in > http://directory.fedora.redhat.com/wiki/Howto:SSL > > Andrew Bartlett > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Mon Jan 29 22:19:06 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 30 Jan 2007 09:19:06 +1100 Subject: [Fedora-directory-devel] Help with silent installs Message-ID: <1170109146.4292.11.camel@amy.samba4.abartlet.net> I'm having trouble trying to setup Fedora DS for Samba4's 'make test' environment. I'm using this as a reproducible development platform for my LDAP backend testing with Fedora DS. So far, I've been attempting to run /opt/fedora-ds/setup/setup -s st/ldap/fedorads.inf (where fedorads.inf is attached) As non-root, it errors out all over the place with being unable to read files. I'm a bit puzzled by this, because the basic distribution files should be public knowledge, and it shouldn't be trying to touch any other LDAP setup on the disk. > grep: /opt/fedora-ds/admin-serv/config/adm.conf: Permission denied > touch: cannot touch `dssecure.txt': Permission denied > touch: cannot touch `assecure.txt': Permission denied > grep: /opt/fedora-ds/slapd-localhost/config/dse.ldif: Permission > denied > grep: /opt/fedora-ds/slapd-localhost/config/dse.ldif: Permission > denied > grep: /opt/fedora-ds/admin-serv/config/adm.conf: Permission denied > grep: /opt/fedora-ds/admin-serv/config/adm.conf: Permission denied > Converting slapd-localhost to new format password file . . . > Copying new schema ldiffiles . . . > Can't create /opt/fedora-ds/slapd-localhost/config/schema-bak/old: > Permission denied > Starting slapd-localhost . . . When run as root, it wants the password to the configuration directory. How do I convince it that it will become the configuration directory, for it's mini-instance? > sudo /opt/fedora-ds/setup/setup -s st/ldap/fedorads.inf > INFO Begin Setup . . . > In order to reconfigure your installation, the Configuration Directory > Administrator password is required. Here is your current information: > > Configuration Directory: > ldap://localhost.localdomain:3389/o=NetscapeRoot > Configuration Administrator ID: admin > > At the prompt, please enter the password for the Configuration > Administrator. > > administrator ID: admin > Password: > Password: I find it odd that we ever require passwords to convince the DS that we, as a local root user, are a local root user. This should be handled behind the covers (perhaps with the ldapi:// support I've asked for). Anyway, can I have some hints as to how to setup a unprivileged, test LDAP server from the binaries in the fedora-ds-1.0.4 RPM? Are some of the files needlessly read protected, or am I just doing something wrong? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- [General] FullMachineName= localhost ServerRoot= /data/samba/samba4/svn/source/st/ldap ConfigDirectoryLdapURL= ldap://127.0.0.1:3389/o=NetscapeRoot ConfigDirectoryAdminID= administrator AdminDomain= localdomain ConfigDirectoryAdminPwd= penguin Components= svrcore,base,slapd [slapd] ServerPort= 3389 Suffix= dc=samba,dc=example,dc=com RootDN= cn=Manager,dc=samba,dc=example,dc=com RootDNPwd= penguin Components= slapd ServerIdentifier= samba4 InstallLdifFile=/data/samba/samba4/svn/source/st/ldap/fedorads-initial-ldif.inf [base] Components= base -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From david_list at boreham.org Mon Jan 29 22:23:03 2007 From: david_list at boreham.org (David Boreham) Date: Mon, 29 Jan 2007 15:23:03 -0700 Subject: [Fedora-directory-devel] Help with silent installs In-Reply-To: <1170109146.4292.11.camel@amy.samba4.abartlet.net> References: <1170109146.4292.11.camel@amy.samba4.abartlet.net> Message-ID: <45BE73C7.3060708@boreham.org> Andrew, I think you may have a stale previous install on the machine. The fact that the installer wants to talk to a configuration DS is a clue -- it won't do that in a bare-metal first server install. That might also explain the permission stuff. From abartlet at samba.org Mon Jan 29 22:27:12 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 30 Jan 2007 09:27:12 +1100 Subject: [Fedora-directory-devel] Help with silent installs In-Reply-To: <45BE73C7.3060708@boreham.org> References: <1170109146.4292.11.camel@amy.samba4.abartlet.net> <45BE73C7.3060708@boreham.org> Message-ID: <1170109632.4292.15.camel@amy.samba4.abartlet.net> On Mon, 2007-01-29 at 15:23 -0700, David Boreham wrote: > Andrew, I think you may have a stale previous install on the machine. > The fact that the installer wants to talk to a configuration DS is > a clue -- it won't do that in a bare-metal first server install. > That might also explain the permission stuff. I'm certain I do. And I expect to keep such stale installs, because this must be a reproducible, contained, self test environment. How do I convince Fedora DS that it's universe is to be found only inside a certain prefix? (I would really like something like the way we run OpenLDAP and Samba4 itself, where we run some commands to prep the prefix, then run the main binary with a 'config file here' option. It then only every looks where that config file points). Andrew Bartlett -- Andrew Bartlett -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Tue Jan 30 01:18:53 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 30 Jan 2007 12:18:53 +1100 Subject: [Fedora-directory-devel] Help with silent installs In-Reply-To: <1170109632.4292.15.camel@amy.samba4.abartlet.net> References: <1170109146.4292.11.camel@amy.samba4.abartlet.net> <45BE73C7.3060708@boreham.org> <1170109632.4292.15.camel@amy.samba4.abartlet.net> Message-ID: <1170119933.4292.35.camel@amy.samba4.abartlet.net> On Tue, 2007-01-30 at 09:27 +1100, Andrew Bartlett wrote: > On Mon, 2007-01-29 at 15:23 -0700, David Boreham wrote: > > Andrew, I think you may have a stale previous install on the machine. > > The fact that the installer wants to talk to a configuration DS is > > a clue -- it won't do that in a bare-metal first server install. > > That might also explain the permission stuff. > > I'm certain I do. And I expect to keep such stale installs, because > this must be a reproducible, contained, self test environment. > > How do I convince Fedora DS that it's universe is to be found only > inside a certain prefix? > > (I would really like something like the way we run OpenLDAP and Samba4 > itself, where we run some commands to prep the prefix, then run the main > binary with a 'config file here' option. It then only every looks where > that config file points). I've moved up to FDS 1.1 on richm's advise, and am now stuck with the behaviour of the 'prefix' command in the inf file: See my attached file, which I thought would install the configuration and data into the prefix, using the binaries in ServerRoot. It seems to me that prefix is being appended unconditionally, and that it still doesn't want to just put the configuration outside the ServerRoot. [abartlet at amy source]$ perl /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst.pl /home/abartlet/samba/samba4/svn/source/st/ldap/fedorads.inf CGI /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst failed with 1: here is the output: Content-type: text/plain error:could not create server samba4 - Could not write /home/abartlet/samba/samba4/svn/source/st/ldap/media/usbdisk/fedora-ds/prefix/share/fedora-ds/script-templates/template-ldif2db.pl to /home/abartlet/samba/samba4/svn/source/st/ldap/media/usbdisk/fedora-ds/prefix/lib/fedora-ds/slapd-samba4/ldif2db.pl (No such file or director). NMC_Status: 1 Error: could not run /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst: 1 Error: Could not create new directory server instance -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- [General] SuiteSpotUserID = abartlet FullMachineName= localhost prefix=/home/abartlet/samba/samba4/svn/source/st/ldap ServerRoot= /media/usbdisk/fedora-ds/prefix ConfigDirectoryLdapURL= ldap://127.0.0.1:3389/o=NetscapeRoot ConfigDirectoryAdminID= administrator AdminDomain= localdomain ConfigDirectoryAdminPwd= penguin Components= svrcore,base,slapd [slapd] ServerPort= 3389 Suffix= dc=samba,dc=example,dc=com RootDN= cn=Manager,dc=samba,dc=example,dc=com RootDNPwd= penguin Components= slapd ServerIdentifier= samba4 InstallLdifFile=/home/abartlet/samba/samba4/svn/source/st/ldap/fedorads-initial-ldif.inf [base] Components= base -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From nhosoi at redhat.com Tue Jan 30 02:45:00 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 29 Jan 2007 18:45:00 -0800 Subject: [Fedora-directory-devel] Help with silent installs In-Reply-To: <1170119933.4292.35.camel@amy.samba4.abartlet.net> References: <1170109146.4292.11.camel@amy.samba4.abartlet.net> <45BE73C7.3060708@boreham.org> <1170109632.4292.15.camel@amy.samba4.abartlet.net> <1170119933.4292.35.camel@amy.samba4.abartlet.net> Message-ID: <45BEB12C.7020708@redhat.com> Hi Andrew, What happens if you remove "prefix" and set the path for the server instance to ServerRoot? That's what we are doing for our acceptance test (installing server instances apart from the binaries)... [General] SuiteSpotUserID = abartlet FullMachineName= localhost ServerRoot=/home/abartlet/samba/samba4/svn/source/st/ldap ConfigDirectoryLdapURL= ldap://127.0.0.1:3389/o=NetscapeRoot ConfigDirectoryAdminID= administrator AdminDomain= localdomain ConfigDirectoryAdminPwd= penguin --noriko Andrew Bartlett wrote: > On Tue, 2007-01-30 at 09:27 +1100, Andrew Bartlett wrote: > >> On Mon, 2007-01-29 at 15:23 -0700, David Boreham wrote: >> >>> Andrew, I think you may have a stale previous install on the machine. >>> The fact that the installer wants to talk to a configuration DS is >>> a clue -- it won't do that in a bare-metal first server install. >>> That might also explain the permission stuff. >>> >> I'm certain I do. And I expect to keep such stale installs, because >> this must be a reproducible, contained, self test environment. >> >> How do I convince Fedora DS that it's universe is to be found only >> inside a certain prefix? >> >> (I would really like something like the way we run OpenLDAP and Samba4 >> itself, where we run some commands to prep the prefix, then run the main >> binary with a 'config file here' option. It then only every looks where >> that config file points). >> > > I've moved up to FDS 1.1 on richm's advise, and am now stuck with the > behaviour of the 'prefix' command in the inf file: > > See my attached file, which I thought would install the configuration > and data into the prefix, using the binaries in ServerRoot. > > It seems to me that prefix is being appended unconditionally, and that > it still doesn't want to just put the configuration outside the > ServerRoot. > > [abartlet at amy source]$ > perl /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst.pl /home/abartlet/samba/samba4/svn/source/st/ldap/fedorads.inf > CGI /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst failed with > 1: here is the output: > Content-type: text/plain > > error:could not create server samba4 - Could not > write /home/abartlet/samba/samba4/svn/source/st/ldap/media/usbdisk/fedora-ds/prefix/share/fedora-ds/script-templates/template-ldif2db.pl to /home/abartlet/samba/samba4/svn/source/st/ldap/media/usbdisk/fedora-ds/prefix/lib/fedora-ds/slapd-samba4/ldif2db.pl (No such file or director). > NMC_Status: 1 > Error: could not > run /media/usbdisk/fedora-ds/prefix/lib/fedora-ds/ds_newinst: 1 > Error: Could not create new directory server instance > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Wed Jan 31 00:05:17 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Wed, 31 Jan 2007 11:05:17 +1100 Subject: [Fedora-directory-devel] Help with silent installs In-Reply-To: <1170119933.4292.35.camel@amy.samba4.abartlet.net> References: <1170109146.4292.11.camel@amy.samba4.abartlet.net> <45BE73C7.3060708@boreham.org> <1170109632.4292.15.camel@amy.samba4.abartlet.net> <1170119933.4292.35.camel@amy.samba4.abartlet.net> Message-ID: <1170201917.4292.72.camel@amy.samba4.abartlet.net> On Tue, 2007-01-30 at 12:18 +1100, Andrew Bartlett wrote: > On Tue, 2007-01-30 at 09:27 +1100, Andrew Bartlett wrote: > > On Mon, 2007-01-29 at 15:23 -0700, David Boreham wrote: > > > Andrew, I think you may have a stale previous install on the machine. > > > The fact that the installer wants to talk to a configuration DS is > > > a clue -- it won't do that in a bare-metal first server install. > > > That might also explain the permission stuff. > > > > I'm certain I do. And I expect to keep such stale installs, because > > this must be a reproducible, contained, self test environment. > > > > How do I convince Fedora DS that it's universe is to be found only > > inside a certain prefix? > > > > (I would really like something like the way we run OpenLDAP and Samba4 > > itself, where we run some commands to prep the prefix, then run the main > > binary with a 'config file here' option. It then only every looks where > > that config file points). > > I've moved up to FDS 1.1 on richm's advise, and am now stuck with the > behaviour of the 'prefix' command in the inf file: > > See my attached file, which I thought would install the configuration > and data into the prefix, using the binaries in ServerRoot. For the record, I ended up getting it to work, and fedora DS now starts outside it's installed box. This was only achieved with a lot of help and patience from richm on IRC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- [General] SuiteSpotUserID = abartlet FullMachineName= localhost ServerRoot= /home/abartlet/samba/samba4/svn/source/st/ldap ConfigDirectoryLdapURL= ldap://127.0.0.1:3389/o=NetscapeRoot ConfigDirectoryAdminID= administrator AdminDomain= localdomain ConfigDirectoryAdminPwd= penguin Components= svrcore,base,slapd [slapd] ServerPort= 3389 Suffix= dc=samba,dc=example,dc=com RootDN= cn=Manager,dc=samba,dc=example,dc=com RootDNPwd= penguin Components= slapd ServerIdentifier= samba4 InstallLdifFile=/home/abartlet/samba/samba4/svn/source/st/ldap/fedorads-initial-ldif.inf inst_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4 config_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4 schema_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/schema lock_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/lock log_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/logs run_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/logs db_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/db bak_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/bak tmp_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/tmp ldif_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4/ldif cert_dir= /home/abartlet/samba/samba4/svn/source/st/ldap/slapd-samba4 [base] Components= base -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Wed Jan 31 00:14:08 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Wed, 31 Jan 2007 11:14:08 +1100 Subject: [Fedora-directory-devel] New blockers for Samba4/FDS testing Message-ID: <1170202448.4292.81.camel@amy.samba4.abartlet.net> While I'm past the installation-related blockers, I have a new challenge: In an attempt to make Samba4's test environment as reproducible as possible, and to avoid issues with root privilages as low ports, Samba4 operates a virtual network known as 'socket_wrapper'. This wrapper is a #define macro based system, which overloads all socket calls, and redirects them to a series of unix domain sockets. The challenge I have is that our testsuite relies on this, but Fedora DS does not support it. As such, attempts to connect to localhost:3389 (for example) are redirected to a local unix domain socket, where of course Fedora DS is not listening. For OpenLDAP, we work around this by using ldapi://, which is unmolested by socket_wrapper. Has there been any progress on https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 I would rather not waste time constructing proxies in/out of socket_wrapper if I don't need to. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Wed Jan 31 02:08:05 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 30 Jan 2007 19:08:05 -0700 Subject: [Fedora-directory-devel] New blockers for Samba4/FDS testing In-Reply-To: <1170202448.4292.81.camel@amy.samba4.abartlet.net> References: <1170202448.4292.81.camel@amy.samba4.abartlet.net> Message-ID: <45BFFA05.5020202@redhat.com> Andrew Bartlett wrote: > While I'm past the installation-related blockers, I have a new > challenge: > > In an attempt to make Samba4's test environment as reproducible as > possible, and to avoid issues with root privilages as low ports, Samba4 > operates a virtual network known as 'socket_wrapper'. > > This wrapper is a #define macro based system, which overloads all socket > calls, and redirects them to a series of unix domain sockets. > > The challenge I have is that our testsuite relies on this, but Fedora DS > does not support it. As such, attempts to connect to localhost:3389 > (for example) are redirected to a local unix domain socket, where of > course Fedora DS is not listening. > > For OpenLDAP, we work around this by using ldapi://, which is unmolested > by socket_wrapper. > > Has there been any progress on > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 > No, no progress AFAIK. I'm not really sure how to do it without adding support for unix domain sockets to NSPR. > I would rather not waste time constructing proxies in/out of > socket_wrapper if I don't need to. > > Thanks, > > Andrew Bartlett > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Wed Jan 31 15:07:55 2007 From: prowley at redhat.com (Pete Rowley) Date: Wed, 31 Jan 2007 07:07:55 -0800 Subject: [Fedora-directory-devel] New blockers for Samba4/FDS testing In-Reply-To: <1170202448.4292.81.camel@amy.samba4.abartlet.net> References: <1170202448.4292.81.camel@amy.samba4.abartlet.net> Message-ID: <45C0B0CB.1090607@redhat.com> Andrew Bartlett wrote: > Has there been any progress on > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 > > I'm planning on taking a look at this shortly. > I would rather not waste time constructing proxies in/out of > socket_wrapper if I don't need to. > > Thanks, > > Andrew Bartlett > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From prowley at redhat.com Wed Jan 31 22:57:43 2007 From: prowley at redhat.com (Pete Rowley) Date: Wed, 31 Jan 2007 14:57:43 -0800 Subject: [Fedora-directory-devel] Please review: distributed numeric assignment plugin In-Reply-To: <45B13D2F.4050202@redhat.com> References: <45B13D2F.4050202@redhat.com> Message-ID: <45C11EE7.2080305@redhat.com> Pete Rowley wrote: > New pre-operation plugin: committed > > General numeric sequencer that allows generation of sequenced unique > numbers such as posix uidNumber, posix gidNumber, Samba SambaSID etc. > in an MMR environment. Rather than network locking or number pooling > schemes, the approach taken is to allow the configuration of an > interval that should be equal to or greater than the number of masters > in the deployment. Then each master is assigned starting numbers in > sequence e.g. server 1, 500; server 2, 501; server 3, 502 etc. When > the interval is configured as 3, the servers will generate sequences > like so: server 1, 500, 503, 506...; server 2, 501, 504, 507; server > 3, 502, 505, 508. Of course, in single master environments the > interval may be set to one for a monotonically increasing sequence. > Adding masters that exceed the interval requires that the > configuration be reset, starting from a value higher than the highest > currently assigned value. > > Multiple types may be configured. An LDAP search filter must be added > to the configuration for each type, the filter may be as complex as > desired and determines to which entries the configuration applies - at > minimum this filter should restrict the configuration to objectclasses > that allow the type since no schema checking is done by the plugin. > Generated values may have a pre-fix configured to be pre-pended to the > value (useful for systems such as Samba when it needs a new SID). Each > configuration entry may be scoped with a configuration attribute > containing a DN, where conflicts arise due to scope the closest scope > wins. > > Configuration is dynamic. That is, once the plugin entry has been > added to cn=plugins, cn=config and the server restarted, any > configuration change will be observed. Configuration entries that do > not contain an attribute type, a starting value, an interval value, > and a filter will be ignored. Which configuration entries have been > skipped can be determined by config level logging. > > Example configuration ldif and test ldaifs along with some scripts are > included. The main source is in dna.c. > > ------------------------------------------------------------------------ > > # > # BEGIN COPYRIGHT BLOCK > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # END COPYRIGHT BLOCK > # > LDAP_SRC = ../../.. > BUILD_ROOT = ../../../.. > > NOSTDCLEAN=true # don't let nsconfig.mk define target clean > NOSTDSTRIP=true # don't let nsconfig.mk define target strip > > OBJDEST = $(OBJDIR)/lib/libdna > LIBDIR = $(LDAP_PLUGIN_RELDIR) > > include $(BUILD_ROOT)/nsdefs.mk > include $(BUILD_ROOT)/nsconfig.mk > include $(LDAP_SRC)/nsldap.mk > > ifeq ($(ARCH), WINNT) > DEF_FILE:=./dna.def > endif > > DNA_OBJS = dna.o > OBJS = $(addprefix $(OBJDEST)/, $(DNA_OBJS)) > > DNA_DLL = libdna-plugin > > INCLUDES += -I../http -I../../slapd -I../../../include > CFLAGS+=$(SLCFLAGS) -DSLAPD_LOGGING > > ifeq ($(ARCH), WINNT) > EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(NSPRLINK) $(LIBSLAPD) $(LDAP_SDK_LIBLDAP_DLL) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > DNA_DLL_OBJ = $(addprefix $(OBJDEST)/, dllmain.o) > endif > > ifeq ($(ARCH), AIX) > EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(LIBSLAPDLINK) $(NSPRLINK) $(LDAP_SDK_LIBLDAP_DLL) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > LD=ld > endif > > ifeq ($(ARCH), HPUX) > EXTRA_LIBS_DEP += $(LIBSLAPD_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(SECURITY_DEP) > EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP) > EXTRA_LIBS += $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) $(ICULINK) > EXTRA_LIBS += $(LDAP_COMMON_LIBS) > endif > > DNA= $(addprefix $(LIBDIR)/, $(DNA_DLL).$(DLL_SUFFIX)) > > clientSDK: > > all: $(OBJDEST) $(LIBDIR) $(DNA) > > ifeq ($(ARCH), WINNT) > $(DNA): $(OBJS) $(DNA_DLL_OBJ) $(DEF_FILE) > $(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS) /DEF:$(DEF_FILE) > else > $(DNA): $(OBJS) $(DNA_DLL_OBJ) > $(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS) > endif > > > veryclean: clean > > clean: > $(RM) $(OBJS) > ifeq ($(ARCH), WINNT) > $(RM) $(DNA_DLL_OBJ) > endif > $(RM) $(DNA) > > $(OBJDEST): > $(MKDIR) $(OBJDEST) > > $(LIBDIR): > $(MKDIR) $(LIBDIR) > ------------------------------------------------------------------------ > > uid=add_has_magic_number, dc=example, dc=com > uid=add_second_has_magic_number, dc=example, dc=com > uid=no_uid_number, dc=example, dc=com > uid=add_has_uid_number_550, dc=example, dc=com > uid=add_is_sub, ou=sub, dc=example, dc=com > ou=sub, dc=example, dc=com > ------------------------------------------------------------------------ > > /** BEGIN COPYRIGHT BLOCK > * This Program is free software; you can redistribute it and/or modify it under > * the terms of the GNU General Public License as published by the Free Software > * Foundation; version 2 of the License. > * > * This Program is distributed in the hope that it will be useful, but WITHOUT > * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > * > * You should have received a copy of the GNU General Public License along with > * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > * Place, Suite 330, Boston, MA 02111-1307 USA. > * > * In addition, as a special exception, Red Hat, Inc. gives You the additional > * right to link the code of this Program with code not covered under the GNU > * General Public License ("Non-GPL Code") and to distribute linked combinations > * including the two, subject to the limitations in this paragraph. Non-GPL Code > * permitted under this exception must only link to the code of this Program > * through those well defined interfaces identified in the file named EXCEPTION > * found in the source code files (the "Approved Interfaces"). The files of > * Non-GPL Code may instantiate templates or use macros or inline functions from > * the Approved Interfaces without causing the resulting work to be covered by > * the GNU General Public License. Only Red Hat, Inc. may make changes or > * additions to the list of Approved Interfaces. You must obey the GNU General > * Public License in all respects for all of the Program code and other code used > * in conjunction with the Program except the Non-GPL Code covered by this > * exception. If you modify this file, you may extend this exception to your > * version of the file, but you are not obligated to do so. If you do not wish to > * provide this exception without modification, you must delete this exception > * statement from your version and license this file solely under the GPL without > * exception. > * > * > * Copyright (C) 2007 Red Hat, Inc. > * All rights reserved. > * END COPYRIGHT BLOCK **/ > > #ifdef HAVE_CONFIG_H > # include > #endif > > > /** > * Distributed Numeric Assignment plug-in > */ > #include > #include > #include > #include "portable.h" > #include "nspr.h" > #include "slapi-private.h" > #include "dirlite_strings.h" > #include "dirver.h" > #include "prclist.h" > #include "ldif.h" > > /* get file mode flags for unix */ > #ifndef _WIN32 > #include > #endif > > #define DNA_PLUGIN_SUBSYSTEM "dna-plugin" > #define DNA_PLUGIN_VERSION 0x00010000 > > #define DNA_DN "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" /* temporary */ > > #define DNA_SUCCESS 0 > #define DNA_FAILURE -1 > > /** > * DNA config types > */ > #define DNA_TYPE "dnaType" > #define DNA_PREFIX "dnaPrefix" > #define DNA_NEXTVAL "dnaNextValue" > #define DNA_INTERVAL "dnaInterval" > #define DNA_GENERATE "dnaMagicRegen" > #define DNA_FILTER "dnaFilter" > #define DNA_SCOPE "dnaScope" > > #define FEATURE_DESC "Distributed Numeric Assignment" > #define PLUGIN_DESC "Distributed Numeric Assignment plugin" > > static Slapi_PluginDesc pdesc = { FEATURE_DESC, > PLUGIN_MAGIC_VENDOR_STR, > PRODUCTTEXT, > PLUGIN_DESC }; > > > /** > * linked list of config entries > */ > > struct _defs { > PRCList list; > char *dn; > char *type; > char *prefix; > int nextval; > int interval; > struct slapi_filter *filter; > char *generate; > char *scope; > } dna_anchor; > typedef struct _defs configEntry; > static PRCList *config; > static PRRWLock *g_dna_cache_lock; > > static void *_PluginID = NULL; > static char *_PluginDN = NULL; > > > > /** > * > * DNA plug-in management functions > * > */ > int dna_init(Slapi_PBlock *pb); > static int dna_start(Slapi_PBlock *pb); > static int dna_close(Slapi_PBlock *pb); > static int dna_postop_init(Slapi_PBlock *pb); > > /** > * > * Local operation functions > * > */ > static int loadPluginConfig(); > static int parseConfigEntry(Slapi_Entry *e); > static void deleteConfig(); > static void freeConfigEntry(configEntry **entry); > > /** > * > * helpers > * > */ > static char *dna_get_dn(Slapi_PBlock *pb); > static int dna_dn_is_config(char *dn); > static int dna_get_next_value(configEntry *config_entry, char **next_value_ret); > > /** > * > * the ops (where the real work is done) > * > */ > static int dna_config_check_post_op(Slapi_PBlock *pb); > static int dna_pre_op( Slapi_PBlock *pb, int modtype ); > static int dna_mod_pre_op( Slapi_PBlock *pb ); > static int dna_add_pre_op( Slapi_PBlock *pb ); > > /** > * debug functions - global, for the debugger > */ > void dnaDumpConfig(); > void dnaDumpConfigEntry(configEntry *); > > /** > * set the debug level > */ > #ifdef _WIN32 > int *module_ldap_debug = 0; > > void plugin_init_debug_level(int *level_ptr) > { > module_ldap_debug = level_ptr; > } > #endif > > /** > * > * Deal with cache locking > * > */ > void dna_read_lock() > { > PR_RWLock_Rlock(g_dna_cache_lock); > } > > void dna_write_lock() > { > PR_RWLock_Wlock(g_dna_cache_lock); > } > > void dna_unlock() > { > PR_RWLock_Unlock(g_dna_cache_lock); > } > > /** > * > * Get the dna plug-in version > * > */ > int dna_version() > { > return DNA_PLUGIN_VERSION; > } > > /** > * Plugin identity mgmt > */ > void setPluginID(void * pluginID) > { > _PluginID=pluginID; > } > > void * getPluginID() > { > return _PluginID; > } > > void setPluginDN(char *pluginDN) > { > _PluginDN = pluginDN; > } > > char * getPluginDN() > { > return _PluginDN; > } > > /* > dna_init > ------------- > adds our callbacks to the list > */ > int dna_init( Slapi_PBlock *pb ) > { > int status = DNA_SUCCESS; > char * plugin_identity=NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_init\n"); > > /** > * Store the plugin identity for later use. > * Used for internal operations > */ > > slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity); > PR_ASSERT (plugin_identity); > setPluginID(plugin_identity); > > if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, > SLAPI_PLUGIN_VERSION_01 ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, > (void *) dna_start ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, > (void *) dna_close ) != 0 || > slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, > (void *)&pdesc ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, > (void *) dna_mod_pre_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, > (void *) dna_add_pre_op ) != 0 || > /* the config change checking post op */ > slapi_register_plugin( > "postoperation", /* op type */ > 1, /* Enabled */ > "dna_init", /* this function desc */ > dna_postop_init, /* init func for post op */ > PLUGIN_DESC, /* plugin desc */ > NULL, /* ? */ > plugin_identity /* access control */ > ) > ) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_init: failed to register plugin\n" ); > status = DNA_FAILURE; > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_init\n"); > return status; > } > > > static int dna_postop_init(Slapi_PBlock *pb) > { > int status = DNA_SUCCESS; > > if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, > SLAPI_PLUGIN_VERSION_01 ) != 0 || > slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, > (void *)&pdesc ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODRDN_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_DELETE_FN, > (void *) dna_config_check_post_op ) != 0 || > slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, > (void *) dna_config_check_post_op ) != 0 > ) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_postop_init: failed to register plugin\n" ); > status = DNA_FAILURE; > } > > return status; > } > > /* > dna_start > -------------- > Kicks off the config cache. > It is called after dna_init. > */ > static int dna_start( Slapi_PBlock *pb ) > { > char * plugindn = NULL; > char * httpRootDir = NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_start\n"); > > config = &dna_anchor.list; > g_dna_cache_lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "dna"); > > > /** > * Get the plug-in target dn from the system > * and store it for future use. This should avoid > * hardcoding of DN's in the code. > */ > slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn); > if (plugindn == NULL || strlen(plugindn) == 0) > { > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , > "dna_start: had to use hard coded config dn\n"); > plugindn = DNA_DN; > } > else > { > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , > "dna_start: config at %s\n", plugindn); > > } > > setPluginDN(plugindn); > > /** > * Load the config for our plug-in > */ > PR_INIT_CLIST(config); > if (loadPluginConfig() != DNA_SUCCESS) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, > "dna_start: unable to load plug-in configuration\n" ); > return DNA_FAILURE; > } > > slapi_log_error( SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM , "dna: ready for service\n"); > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_start\n"); > > return DNA_SUCCESS; > } > > /* > dna_close > -------------- > closes down the cache > */ > static int dna_close( Slapi_PBlock *pb ) > { > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_close\n"); > > deleteConfig(); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_close\n"); > > return DNA_SUCCESS; > } > > /* > * config looks like this > * - cn=myplugin > * --- ou=posix > * ------ cn=accounts > * ------ cn=groups > * --- cn=samba > * --- cn=etc > * ------ cn=etc etc > */ > static int loadPluginConfig() > { > int status = DNA_SUCCESS; > int result; > int i; > Slapi_PBlock *search_pb; > Slapi_Entry **entries = NULL; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> loadPluginConfig\n"); > > dna_write_lock(); > deleteConfig(); > > search_pb = slapi_pblock_new(); > > slapi_search_internal_set_pb(search_pb, DNA_DN, LDAP_SCOPE_SUBTREE, > "objectclass=*", NULL, 0, NULL, NULL, getPluginID(), 0); > slapi_search_internal_pb(search_pb); > slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); > > if (status != DNA_SUCCESS) > { > status = DNA_SUCCESS; > goto cleanup; > } > > slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); > if (NULL == entries || entries[0] == NULL) > { > status = DNA_SUCCESS; > goto cleanup; > } > > for (i = 0; (entries[i] != NULL); i++) > { > status = parseConfigEntry(entries[i]); > } > > cleanup: > slapi_free_search_results_internal(search_pb); > slapi_pblock_destroy(search_pb); > dna_unlock(); > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- loadPluginConfig\n"); > > return status; > } > > static int parseConfigEntry(Slapi_Entry *e) > { > char *key = NULL; > char *value = NULL; > configEntry *entry = NULL; > configEntry *config_entry = NULL; > Slapi_Attr *attr = NULL; > PRCList *list = NULL; > int entry_added = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> parseConfigEntry\n"); > > entry = (configEntry*) slapi_ch_calloc(1, sizeof(configEntry)); > if(0 == entry) > goto bail; > > value = slapi_entry_get_ndn(e); > if(value) { > entry->dn = strdup(value); > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dn [%s] \n",entry->dn,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_TYPE); > if(value) { > entry->type = value; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaType [%s] \n",entry->type,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); > if (value) { > entry->nextval = atoi(value); > slapi_ch_free_string(&value); > value = 0; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaNextValue [%d] \n",entry->nextval,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_PREFIX); > if (value) { > entry->prefix = value; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaPrefix [%s] \n",entry->prefix,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); > if (value) { > entry->interval = atoi(value); > slapi_ch_free_string(&value); > value = 0; > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaInterval [%s] \n",value,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_GENERATE); > if (value) { > entry->generate = value; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaMagicRegen [%s] \n",entry->generate,0,0); > > value = slapi_entry_attr_get_charptr(e, DNA_FILTER); > if (value) { > entry->filter = slapi_str2filter(value); > } > else > goto bail; > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaFilter [%s] \n",value,0,0); > > slapi_ch_free_string(&value); > value = 0; > > value = slapi_entry_attr_get_charptr(e, DNA_SCOPE); > if (value) { > char *canonical_dn = slapi_dn_normalize(value); > entry->scope = canonical_dn; > } > > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "----------> dnaScope [%s] \n",entry->scope,0,0); > > > /** > * Finally add the entry to the list > * we group by type then by filter > * and finally sort by dn length with longer dn's > * first - this allows the scope checking > * code to be simple and quick and > * cunningly linear > */ > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > while(list != config) > { > config_entry = (configEntry*)list; > > if(slapi_attr_type_cmp(config_entry->type, entry->type,1)) > goto next; > > if(slapi_filter_compare(config_entry->filter, entry->filter)) > goto next; > > if(slapi_dn_issuffix(entry->scope,config_entry->scope)) > { > PR_INSERT_BEFORE(&(entry->list), list); > slapi_log_error( SLAPI_LOG_CONFIG, > DNA_PLUGIN_SUBSYSTEM , > "store [%s] before [%s] \n",entry->scope,config_entry->scope,0); > entry_added = 1; > break; > } > > next: > list = PR_NEXT_LINK (list); > > if(config == list) > { > /* add to tail */ > PR_INSERT_BEFORE(&(entry->list), list); > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "store [%s] at tail\n",entry->scope,0,0); > entry_added = 1; > break; > } > } > } > else > { > /* first entry */ > PR_INSERT_LINK(&(entry->list), config); > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , "store [%s] at head \n",entry->scope,0,0); > entry_added = 1; > } > > bail: > if(0 == entry_added) > { > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , > "config entry [%s] skipped\n",entry->dn,0,0); > freeConfigEntry(&entry); > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- parseConfigEntry\n"); > > return DNA_SUCCESS; > } > > static void freeConfigEntry(configEntry **entry) > { > configEntry *e = *entry; > > if(e->dn) > { > slapi_log_error( SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM , > "freeing config entry [%s]\n",e->dn,0,0); > slapi_ch_free_string(&e->dn); > } > > if(e->type) > slapi_ch_free_string(&e->type); > > if(e->prefix) > slapi_ch_free_string(&e->prefix); > > if(e->filter) > slapi_filter_free(e->filter,1); > > if(e->generate) > slapi_ch_free_string(&e->generate); > > if(e->scope) > slapi_ch_free_string(&e->scope); > > slapi_ch_free((void**)entry); > } > > static void deleteConfigEntry(PRCList *entry) > { > PR_REMOVE_LINK(entry); > freeConfigEntry((configEntry**)&entry); > } > > static void deleteConfig() > { > PRCList *list; > > while(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > deleteConfigEntry(list); > } > > return; > } > > > /**************************************************** > Helpers > ****************************************************/ > > static char *dna_get_dn(Slapi_PBlock *pb) > { > char *dn = 0; > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_get_dn\n"); > > if(slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn )) > { > slapi_log_error( SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_get_dn: failed to get dn of changed entry"); > goto bail; > } > > slapi_dn_normalize( dn ); > > bail: > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_get_dn\n"); > > return dn; > } > > /* config check > matching config dn or a descendent reloads config > */ > static int dna_dn_is_config(char *dn) > { > int ret = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_is_config\n"); > > if(slapi_dn_issuffix(dn, getPluginDN())) > { > ret=1; > } > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_is_config\n"); > > return ret; > } > > > /**************************************************** > Functions that actually do things other > than config and startup > ****************************************************/ > > > /* > * Perform ldap operationally atomic increment > * Return the next value to be assigned > * Method: > * 1. retrieve entry > * 2. remove current value, add new value in one operation > * 3. if failed, and less than 3 times, goto 1 > */ > static int dna_get_next_value(configEntry *config_entry, char **next_value_ret) > { > int ret = -1; > Slapi_DN *dn = 0; > char *attrlist[2]; > Slapi_Entry *e = 0; > int attempts = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_get_next_value\n"); > > /* get pre-requisites to search */ > dn = slapi_sdn_new_dn_byref(config_entry->dn); > attrlist[0] = DNA_NEXTVAL; > attrlist[1] = 0; > > > while(attempts < 3) > { > attempts++; > > /* do update */ > if(e) > { > slapi_entry_free(e); > e = 0; > } > > ret = slapi_search_internal_get_entry( dn, attrlist, &e,getPluginID()); > if(LDAP_SUCCESS == ret) > { > char *old_value; > > old_value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); > if(old_value) > { > LDAPMod mod_add; > LDAPMod mod_delete; > LDAPMod *mods[3]; > Slapi_PBlock *pb = slapi_pblock_new(); > char *delete_val[2]; > char *add_val[2]; > char new_value[16]; > > mods[0] = &mod_delete; > mods[1] = &mod_add; > mods[2] = 0; > > if(0 == pb) > goto bail; > > /* perform increment */ > > sprintf(new_value, "%d", > config_entry->interval + > atoi(old_value)); > > delete_val[0] = old_value; > delete_val[1] = 0; > > mod_delete.mod_op = LDAP_MOD_DELETE; > mod_delete.mod_type = DNA_NEXTVAL; > mod_delete.mod_values = delete_val; > > add_val[0] = new_value; > add_val[1] = 0; > > mod_add.mod_op = LDAP_MOD_ADD; > mod_add.mod_type = DNA_NEXTVAL; > mod_add.mod_values = add_val; > > > mods[0] = &mod_delete; > mods[1] = &mod_add; > mods[2] = 0; > > slapi_modify_internal_set_pb( > pb, config_entry->dn, > mods, 0, 0, > getPluginID(), 0); > > slapi_modify_internal_pb(pb); > > slapi_pblock_get(pb, > SLAPI_PLUGIN_INTOP_RESULT, > &ret); > > slapi_pblock_destroy(pb); > > if(LDAP_SUCCESS == ret) > { > *next_value_ret = old_value; > break; > } > else > slapi_ch_free((void**)&old_value); > } > else > break; > } > else > break; > } > > bail: > if(dn) > slapi_sdn_free(&dn); > > if(e) > slapi_entry_free(e); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_get_next_value\n"); > > return ret; > } > > /* for mods and adds: > where dn's are supplied, the closest in scope > is used as long as the type and filter > are identical - otherwise all matches count > */ > > static int dna_pre_op(Slapi_PBlock *pb, int modtype) > { > char *dn = 0; > PRCList *list = 0; > configEntry *config_entry = 0; > struct slapi_entry *e = 0; > char *last_type = 0; > char *value = 0; > int generate = 0; > Slapi_Mods *smods = 0; > Slapi_Mod *smod = 0; > LDAPMod **mods; > int free_entry = 0; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_pre_op\n"); > > if(0 == (dn = dna_get_dn(pb))) > goto bail; > > if(dna_dn_is_config(dn)) > goto bail; > > if(LDAP_CHANGETYPE_ADD == modtype) > { > slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e); > } > else > { > /* xxxPAR: Ideally SLAPI_MODIFY_EXISTING_ENTRY should be > * available but it turns out that is only true if you are > * a dbm backend pre-op plugin - lucky dbm backend pre-op > * plugins. > * I think that is wrong since the entry is useful for filter > * tests and schema checks and this plugin shouldn't be limited > * to a single backend type, but I don't want that fight right > * now so we go get the entry here > * > slapi_pblock_get( pb, SLAPI_MODIFY_EXISTING_ENTRY, &e); > */ > Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn); > if(tmp_dn) > { > slapi_search_internal_get_entry( > tmp_dn, 0, &e,getPluginID()); > slapi_sdn_free(&tmp_dn); > free_entry = 1; > } > > /* grab the mods - we'll put them back later with > * our modifications appended > */ > slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods); > smods = slapi_mods_new(); > slapi_mods_init_passin(smods, mods); > } > > if(0 == e) > goto bailmod; > > dna_read_lock(); > > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > > while(list != config) > { > config_entry = (configEntry*)list; > > /* did we already service this type? */ > if(last_type) > { > if(!slapi_attr_type_cmp(config_entry->type, last_type,1)) > goto next; > } > > /* is the entry in scope? */ > if(config_entry->scope) > { > if(!slapi_dn_issuffix(dn, config_entry->scope)) > goto next; > } > > /* does the entry match the filter? */ > if(config_entry->filter) > { > if(LDAP_SUCCESS != slapi_vattr_filter_test(pb, > e, > config_entry->filter,0)) > goto next; > } > > > if(LDAP_CHANGETYPE_ADD == modtype) > { > /* does attribute contain the magic value > or is the type not there? > */ > value = slapi_entry_attr_get_charptr( > e, config_entry->type); > if((value && > !slapi_utf8casecmp( > config_entry->generate, > value)) || > 0 == value) > { > generate = 1; > } > } > else > { > /* check mods for magic value */ > Slapi_Mod *next_mod = slapi_mod_new(); > smod = slapi_mods_get_first_smod( > smods, > next_mod); > while(smod) > { > char *type = (char *) > slapi_mod_get_type(smod); > > if(slapi_attr_types_equivalent( > type, > config_entry->type)) > { > struct berval *bv = > slapi_mod_get_first_value( > smod); > int len = strlen( > config_entry-> > generate); > > > if(len == bv->bv_len) > { > if(!slapi_utf8ncasecmp( > bv->bv_val, > config_entry-> > generate, > len)) > > generate = 1; > break; > } > } > > slapi_mod_done(next_mod); > smod = slapi_mods_get_next_smod( > smods, > next_mod); > } > > slapi_mod_free(&next_mod); > } > > if(generate) > { > char *new_value; > int len; > int ret = 0; > > /* create the value to add */ > if(dna_get_next_value(config_entry,&value)) > break; > > len = strlen(value) + 1; > if(config_entry->prefix) > { > len += strlen(config_entry->prefix); > } > > new_value = slapi_ch_malloc(len); > > if(config_entry->prefix) > { > strcpy(new_value, > config_entry->prefix); > strcat(new_value, value); > } > else > strcpy(new_value, value); > > /* do the mod */ > if(LDAP_CHANGETYPE_ADD == modtype) > { > /* add - add to entry */ > slapi_entry_attr_set_charptr( > e, > config_entry->type, > new_value); > } > else > { > /* mod - add to mods */ > slapi_mods_add_string( > smods, > LDAP_MOD_REPLACE, > config_entry->type, > new_value); > } > > /* free up */ > slapi_ch_free_string(&value); > slapi_ch_free_string(&new_value); > > /* make sure we don't generate for this > * type again > */ > if(LDAP_SUCCESS == ret) > { > last_type = config_entry->type; > } > > generate = 0; > } > next: > list = PR_NEXT_LINK (list); > } > } > > dna_unlock(); > > bailmod: > if(LDAP_CHANGETYPE_MODIFY == modtype) > { > /* these are the mods you made, really, > * I didn't change them, honest, just had a quick look > */ > mods = slapi_mods_get_ldapmods_passout(smods); > slapi_pblock_set( pb, SLAPI_MODIFY_MODS, mods); > slapi_mods_free(&smods); > } > > bail: > > if(free_entry && e) > slapi_entry_free(e); > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_pre_op\n"); > > return 0; > } > > > static int dna_add_pre_op( Slapi_PBlock *pb ) > { > return dna_pre_op(pb, LDAP_CHANGETYPE_ADD); > } > > static int dna_mod_pre_op( Slapi_PBlock *pb ) > { > return dna_pre_op(pb, LDAP_CHANGETYPE_MODIFY); > } > > static int dna_config_check_post_op(Slapi_PBlock *pb) > { > char *dn; > > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "--> dna_config_check_post_op\n"); > > if(dn = dna_get_dn(pb)) > { > if(dna_dn_is_config(dn)) > loadPluginConfig(); > } > > bail: > slapi_log_error( SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM , "<-- dna_config_check_post_op\n"); > > return 0; > } > > /**************************************************** > End of > Functions that actually do things other > than config and startup > ****************************************************/ > > /** > * debug functions to print config > */ > void dnaDumpConfig() > { > PRCList *list; > > dna_read_lock(); > > if(!PR_CLIST_IS_EMPTY(config)) > { > list = PR_LIST_HEAD(config); > while(list != config) > { > dnaDumpConfigEntry((configEntry*)list); > list = PR_NEXT_LINK (list); > } > } > > dna_unlock(); > } > > > void dnaDumpConfigEntry(configEntry *entry) > { > printf("<- type --------------> %s\n", entry->type); > printf("<---- prefix ---------> %s\n", entry->prefix); > printf("<---- next value -----> %d\n", entry->nextval); > printf("<---- interval -------> %d\n", entry->interval); > printf("<---- filter ---------> %s\n", entry->filter); > printf("<---- generate flag --> %s\n", entry->generate); > } > > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # plugin configuration entry > dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: nsSlapdPlugin > objectclass: extensibleObject > objectclass: nsContainer > cn: Distributed Numeric Assignment Plugin > nsslapd-plugininitfunc: dna_init > nsslapd-plugintype: preoperation > nsslapd-pluginenabled: on > nsslapd-plugindescription: Distributed Numeric Assignment plugin > nsslapd-pluginvendor: Fedora Project > nsslapd-pluginVersion: 1.1 > nsslapd-pluginId: distributed-numeric-assignment > nsslapd-pluginPath: /home/prowley/srv/lib/fedora-ds/plugins/libdna-plugin.so > > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # add plugin configuration for posix users > > dn: cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: nsContainer > objectclass: extensibleObject > cn: Posix > > dn: cn=Accounts,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > cn: Accounts > dnaType: uidNumber > dnaNextValue: 500 > dnaInterval: 4 > dnaMagicRegen: 499 > dnaFilter: (objectclass=posixAccount) > > # add plugin configuration for posix groups > > dn: cn=Groups,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > cn: Groups > dnaType: gidNumber > dnaNextValue: 500 > dnaInterval: 4 > dnaMagicRegen: 499 > dnaFilter: (objectclass=posixGroup) > > ------------------------------------------------------------------------ > > dn: uid=add_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 1 > sn: test > uid: add_has_uid_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > ------------------------------------------------------------------------ > > dn: uid=add_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 1 > sn: test > uid: add_has_uid_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > dn: uid=add_second_has_magic_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 2 > sn: test > uid: add_second_has_magic_number > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > dn: uid=no_uid_number, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 3 > sn: test > uid: no_uid_number > gidNumber: 550 > homeDirectory: / > > dn: uid=add_has_uid_number_550, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 4 > sn: test > uid: add_has_uid_number > uidNumber: 550 > gidNumber: 550 > homeDirectory: / > > dn: ou=sub, dc=example, dc=com > objectclass: top > objectclass: organizationalunit > ou: sub > > dn: uid=add_is_sub, ou=sub, dc=example, dc=com > objectclass: top > objectclass: organizationalperson > objectclass: posixaccount > cn: 4 > sn: test > uidNumber: 499 > gidNumber: 550 > homeDirectory: / > > ------------------------------------------------------------------------ > > # --- BEGIN COPYRIGHT BLOCK --- > # This Program is free software; you can redistribute it and/or modify it under > # the terms of the GNU General Public License as published by the Free Software > # Foundation; version 2 of the License. > # > # This Program is distributed in the hope that it will be useful, but WITHOUT > # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License along with > # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple > # Place, Suite 330, Boston, MA 02111-1307 USA. > # > # In addition, as a special exception, Red Hat, Inc. gives You the additional > # right to link the code of this Program with code not covered under the GNU > # General Public License ("Non-GPL Code") and to distribute linked combinations > # including the two, subject to the limitations in this paragraph. Non-GPL Code > # permitted under this exception must only link to the code of this Program > # through those well defined interfaces identified in the file named EXCEPTION > # found in the source code files (the "Approved Interfaces"). The files of > # Non-GPL Code may instantiate templates or use macros or inline functions from > # the Approved Interfaces without causing the resulting work to be covered by > # the GNU General Public License. Only Red Hat, Inc. may make changes or > # additions to the list of Approved Interfaces. You must obey the GNU General > # Public License in all respects for all of the Program code and other code used > # in conjunction with the Program except the Non-GPL Code covered by this > # exception. If you modify this file, you may extend this exception to your > # version of the file, but you are not obligated to do so. If you do not wish to > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2007 Red Hat, Inc. > # All rights reserved. > # --- END COPYRIGHT BLOCK --- > > # add Samba SIDs > > dn: cn=Example top level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > dnaType: title > dnaPrefix: example- > dnaNextValue: 600 > dnaInterval: 4 > dnaMagicRegen: assign > dnaFilter: (objectclass=organizationalperson) > dnaScope: dc=example, dc=com > > dn: cn=Example sub level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > dnaType: title > dnaPrefix: sub-example- > dnaNextValue: 600 > dnaInterval: 4 > dnaMagicRegen: assign > dnaFilter: (objectclass=organizationalperson) > dnaScope: ou=sub, dc=example, dc=com > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: