ITS#9581 Implement lastbind precision

This commit is contained in:
Ondřej Kuzník 2021-06-07 15:50:46 +01:00 committed by Quanah Gibson-Mount
parent 681799da65
commit 9e1a961792
5 changed files with 37 additions and 3 deletions

View File

@ -1482,6 +1482,12 @@ Controls whether
will automatically maintain the pwdLastSuccess attribute for
entries. By default, olcLastBind is FALSE.
.TP
.B olcLastBindPrecision: <number>
If olcLastBind is enabled, a new value is written only if the
current one is more than
.B number
seconds in the past.
.TP
.B olcLimits: <selector> <limit> [<limit> [...]]
Specify time and size limits based on the operation's initiator or
base DN.

View File

@ -1386,6 +1386,12 @@ Controls whether
will automatically maintain the pwdLastSuccess attribute for
entries. By default, lastbind is off.
.TP
.B lastbind-precision <number>
If lastbind is enabled, a new value is written only if the
current one is more than
.B number
seconds in the past.
.TP
.B limits <selector> <limit> [<limit> [...]]
Specify time and size limits based on the operation's initiator or
base DN.

View File

@ -177,6 +177,7 @@ enum {
CFG_MODPATH,
CFG_LASTMOD,
CFG_LASTBIND,
CFG_LASTBIND_PRECISION,
CFG_AZPOLICY,
CFG_AZREGEXP,
CFG_AZDUC,
@ -450,6 +451,13 @@ static ConfigTable config_back_cf_table[] = {
&config_generic, "( OLcfgDbAt:0.22 NAME 'olcLastBind' "
"EQUALITY booleanMatch "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "lastbind-precision", "seconds difference", 2, 2, 0,
ARG_DB|ARG_MAGIC|ARG_UINT|CFG_LASTBIND_PRECISION,
&config_generic, "( OLcfgDbAt:0.23 NAME 'olcLastBindPrecision' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL,
{ .v_uint = 0 }
},
{ "ldapsyntax", "syntax", 2, 0, 0,
ARG_PAREN|ARG_MAGIC|CFG_SYNTAX,
&config_generic, "( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' "
@ -1009,8 +1017,8 @@ static ConfigOCs cf_ocs[] = {
"SUP olcConfig STRUCTURAL "
"MUST olcDatabase "
"MAY ( olcDisabled $ olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
"olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLastBindPrecision $ "
"olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
"olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ "
@ -1379,6 +1387,9 @@ config_generic(ConfigArgs *c) {
case CFG_LASTBIND:
c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
break;
case CFG_LASTBIND_PRECISION:
c->value_uint = c->be->be_lastbind_precision;
break;
case CFG_SYNC_SUBENTRY:
c->value_int = (SLAP_SYNC_SUBENTRY(c->be) != 0);
break;
@ -1532,6 +1543,10 @@ config_generic(ConfigArgs *c) {
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_SYNC_SUBENTRY;
break;
case CFG_LASTBIND_PRECISION:
c->be->be_lastbind_precision = 0;
break;
case CFG_RO:
c->be->be_restrictops &= ~SLAP_RESTRICT_READONLY;
break;
@ -2406,6 +2421,10 @@ sortval_reject:
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_LASTBIND;
break;
case CFG_LASTBIND_PRECISION:
c->be->be_lastbind_precision = c->value_uint;
break;
case CFG_MULTIPROVIDER:
if(c->value_int && !SLAP_SHADOW(c->be)) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> database is not a shadow",

View File

@ -437,7 +437,8 @@ fe_op_lastbind( Operation *op )
* TODO: If the recorded bind time is within configurable precision,
* it doesn't need to be updated (save a write for nothing)
*/
if ( bindtime != (time_t)-1 && op->o_time <= bindtime ) {
if ( bindtime != (time_t)-1 &&
op->o_time <= bindtime + op->o_bd->be_lastbind_precision ) {
be_entry_release_r( op, e );
return LDAP_SUCCESS;
}

View File

@ -1987,6 +1987,8 @@ struct BackendDB {
slap_access_t be_dfltaccess; /* access given if no acl matches */
AttributeName *be_extra_anlist; /* attributes that need to be added to search requests (ITS#6513) */
unsigned int be_lastbind_precision;
/* Consumer Information */
struct berval be_update_ndn; /* allowed to make changes (in replicas) */
BerVarray be_update_refs; /* where to refer modifying clients to */