2005-06-20 06:39:44 +08:00
|
|
|
.TH SLAPO-RETCODE5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
|
|
|
.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
|
|
|
|
.\" Copying restrictions apply. See the COPYRIGHT file.
|
|
|
|
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
|
2005-07-04 14:57:10 +08:00
|
|
|
.\" $OpenLDAP$
|
2005-06-20 06:39:44 +08:00
|
|
|
.SH NAME
|
2005-07-04 14:57:10 +08:00
|
|
|
slapo-retcode \- return code overlay
|
2005-06-20 06:39:44 +08:00
|
|
|
.SH SYNOPSIS
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The
|
|
|
|
.B retcode
|
|
|
|
overlay to
|
|
|
|
.BR slapd (8)
|
2005-07-04 14:57:10 +08:00
|
|
|
is useful to test the behavior of clients when server-generated erroneous
|
2005-06-20 06:39:44 +08:00
|
|
|
and/or unusual responses occur, e.g. error codes, referrals,
|
|
|
|
excessive response times and so on.
|
|
|
|
|
|
|
|
The error responses are generated according to different strategies.
|
|
|
|
.LP
|
|
|
|
In the first case, all operations targeted at a specific configurable
|
|
|
|
subtree cause the object related to the request DN to be looked up
|
|
|
|
and checked for return code data: a response code, plus an optional
|
|
|
|
textual message, an optional configurable delay, and, when the response code
|
|
|
|
is referral, a (list of) referral(s).
|
|
|
|
.LP
|
|
|
|
Well-known response codes from standard track documents are provided
|
|
|
|
in \fBretcode.conf\fP, which can be included after instantiating
|
|
|
|
the overlay.
|
|
|
|
.LP
|
2005-08-20 19:39:08 +08:00
|
|
|
In the second case, objects of \fBerrObject\fP or \fBerrAuxObject\fP class,
|
|
|
|
when returned as intermediate responses of a search request, are changed into
|
2005-06-20 06:39:44 +08:00
|
|
|
the response dictated by their content.
|
|
|
|
.LP
|
|
|
|
A third mode causes objects to be looked up from the underlying database
|
2005-08-20 19:39:08 +08:00
|
|
|
to discover if their class is \fBerrObject\fPor \fBerrAuxObject\fP;
|
|
|
|
in that case, their content is used to compute the corresponding response.
|
2005-06-20 06:39:44 +08:00
|
|
|
.LP
|
|
|
|
The behavior is disabled by using the \fBmanageDSAit\fP control (RFC 3296);
|
|
|
|
in that case, the resulting object, either present in the directory
|
|
|
|
or dynamically generated by the overlay, or contained in the request,
|
|
|
|
is handled as usual.
|
|
|
|
.LP
|
|
|
|
The config directives that are specific to the
|
|
|
|
.B retcode
|
|
|
|
overlay must be prefixed by
|
|
|
|
.BR retcode\- ,
|
|
|
|
to avoid conflicts with directives specific to the underlying database
|
|
|
|
or to other stacked overlays. The following specific directives
|
|
|
|
can be used to configure the retcode overlay:
|
|
|
|
.TP
|
|
|
|
.B retcode\-parent <DN>
|
|
|
|
This directive defines the parent DN where dynamically generated
|
|
|
|
entries reside.
|
|
|
|
If not defined, the suffix of the database is used.
|
|
|
|
.HP
|
|
|
|
.hy 0
|
|
|
|
.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
|
|
|
|
.B [ref=<referral>] [sleeptime=<sec>]
|
|
|
|
.RS
|
|
|
|
A dynamically generated entry, located below \fBretcode\-parent\fP.
|
|
|
|
The \fB<errCode>\fP is the number of the response code;
|
|
|
|
it can be in any format supported by strtol.
|
|
|
|
The optional \fB<oplist>\fP is a list of operations that cause
|
|
|
|
response code generation; if absent, all operations are affected.
|
|
|
|
The \fBref\fP field is only allowed for the \fBreferral\fP
|
|
|
|
response code.
|
|
|
|
.RE
|
|
|
|
.TP
|
|
|
|
.B retcode\-indir
|
2005-08-20 19:39:08 +08:00
|
|
|
Enables exploitation of in-directory stored errObject/errAuxObject.
|
|
|
|
May result in a lot of unnecessary overhead.
|
2005-06-20 06:39:44 +08:00
|
|
|
|
|
|
|
.SH SCHEMA
|
|
|
|
The following schema items are created and used by the overlay:
|
|
|
|
.LP
|
|
|
|
The error code:
|
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.1.1
|
|
|
|
NAME ( 'errCode' )
|
|
|
|
DESC 'LDAP error code'
|
|
|
|
EQUALITY integerMatch
|
|
|
|
ORDERING integerOrderingMatch
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
|
|
SINGLE-VALUE )
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
The operations that trigger the response code:
|
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.1.2
|
|
|
|
NAME ( 'errOp' )
|
|
|
|
DESC 'Operations the errObject applies to'
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
The text message:
|
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.1.3
|
|
|
|
NAME ( 'errText' )
|
|
|
|
DESC 'LDAP error textual description'
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
|
|
SINGLE-VALUE )
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
The sleep time before the response is actually returned to the client:
|
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.1.4
|
|
|
|
NAME ( 'errSleepTime' )
|
|
|
|
DESC 'Time to wait before returning the error'
|
|
|
|
EQUALITY integerMatch
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
|
|
SINGLE-VALUE )
|
|
|
|
.RE
|
|
|
|
.LP
|
2005-08-20 19:39:08 +08:00
|
|
|
The standalone structural objectclass for specifically created data:
|
2005-06-20 06:39:44 +08:00
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.3.1
|
|
|
|
NAME ( 'errObject' )
|
|
|
|
SUP top STRUCTURAL
|
|
|
|
MUST ( errCode )
|
|
|
|
MAY ( cn $ description $ errOp $ errText $ errSleepTime ) )
|
|
|
|
.RE
|
2005-08-20 19:39:08 +08:00
|
|
|
.LP
|
|
|
|
The auxiliary objectclass to alter the behavior of existing objects:
|
|
|
|
.RS 4
|
|
|
|
( 1.3.6.1.4.1.4203.666.11.4.3.2
|
|
|
|
NAME ( 'errAuxObject' )
|
|
|
|
SUP top AUXILIARY
|
|
|
|
MUST ( errCode )
|
|
|
|
MAY ( cn $ description $ errOp $ errText $ errSleepTime ) )
|
|
|
|
.RE
|
2005-06-20 06:39:44 +08:00
|
|
|
|
|
|
|
.SH EXAMPLE
|
|
|
|
.LP
|
|
|
|
.RS
|
|
|
|
.nf
|
|
|
|
overlay retcode
|
|
|
|
retcode-parent "ou=RetCodes,dc=example,dc=com"
|
|
|
|
include ./retcode.conf
|
|
|
|
|
|
|
|
# Wait 10 seconds, then return success (0x00)
|
|
|
|
retcode-item "cn=Success after 10 seconds" 0x00 sleeptime=10
|
|
|
|
# Wait 10 seconds, then return timelimitExceeded (0x03)
|
|
|
|
retcode-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
|
|
|
|
.fi
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
.LP
|
|
|
|
|
|
|
|
.SH FILES
|
|
|
|
.TP
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
default slapd configuration file
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR slapd.conf (5),
|
|
|
|
.BR slapd (8),
|
2005-08-20 20:20:58 +08:00
|
|
|
.SH ACKNOWLEDGEMENTS
|
|
|
|
.P
|
|
|
|
This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.
|