works in most cases ...

This commit is contained in:
Pierangelo Masarati 2004-03-17 22:37:59 +00:00
parent 802e3cc069
commit cd8e154e4f
6 changed files with 117 additions and 111 deletions

View File

@ -13,8 +13,7 @@ database. This also causes the rewrite-remap overlay
to be automatically instantiated. If the optional keyword to be automatically instantiated. If the optional keyword
"massage" is present, the rewrite-remap overlay is "massage" is present, the rewrite-remap overlay is
automatically configured to map the virtual to the real automatically configured to map the virtual to the real
naming context and vice-versa; in this case, the "suffix" naming context and vice-versa.
directive must precede the "relay" directive.
Otherwise, the rewrite-remap overlay must be explicitly Otherwise, the rewrite-remap overlay must be explicitly
instantiated, by using the "overlay" directive, as instantiated, by using the "overlay" directive, as
@ -26,10 +25,30 @@ not bound to a single target database; on the contrary,
the target database is selected on a per-operation basis. the target database is selected on a per-operation basis.
This allows, for instance, to relay one database for This allows, for instance, to relay one database for
authentication and anothe for search/modify, or allows authentication and anotheir for search/modify, or allows
to use one target for persons and another for groups to use one target for persons and another for groups
and so on. and so on.
To summarize: the "relay" directive:
- explicitly bounds the database to a single database
holding the real naming context;
- automatically instantiates the rewrite-remap overlay;
- automatically configures the naming context massaging
if the optional "massage" keyword is added
If the "relay" directive is not used, the rewrite-remap
overlay must be explicitly instantiated and the massaging
must be configured, either by using the "suffixmassage"
directive, or by issuing more sophisticate rewrite
instructions.
AttributeType/objectClass mapping must be explicitly
required.
Note that the rewrite-remap overlay is not complete nor
production- ready yet.
Examples are given of all the suggested usages.
# automatically massage from virtual to real naming context # automatically massage from virtual to real naming context
database relay database relay
suffix "dc=virtual,dc=naming,dc=context" suffix "dc=virtual,dc=naming,dc=context"
@ -38,6 +57,13 @@ relay "dc=real,dc=naming,dc=context" massage
# explicitly massage (same as above) # explicitly massage (same as above)
database relay database relay
suffix "dc=virtual,dc=naming,dc=context" suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
suffixmassage "dc=virtual,dc=naming,dc=context" \
"dc=real,dc=naming,dc=context"
# explicitly massage (same as above, but dynamic backend resolution)
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rewrite-remap overlay rewrite-remap
suffixmassage "dc=virtual,dc=naming,dc=context" \ suffixmassage "dc=virtual,dc=naming,dc=context" \
"dc=real,dc=naming,dc=context" "dc=real,dc=naming,dc=context"
@ -46,9 +72,12 @@ suffixmassage "dc=virtual,dc=naming,dc=context" \
# from virtual to real naming context, but not the reverse... # from virtual to real naming context, but not the reverse...
database relay database relay
suffix "dc=virtual,dc=naming,dc=context" suffix "dc=virtual,dc=naming,dc=context"
overlay rewrite-remap relay "dc=real,dc=naming,dc=context"
rewriteEngine on
rewriteContext default rewriteContext default
rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \ rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \
"$1dc=real,dc=naming,dc=context" "$1dc=real,dc=naming,dc=context"
rewriteContext searchFilter
rewriteContext searchResult
rewriteContext searchResultAttrDN
rewriteContext matchedDN

View File

@ -1,7 +1,7 @@
/* back-relay.h - relay backend header file */ /* back-relay.h - relay backend header file */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 1999-2004 The OpenLDAP Foundation. * Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati. * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved. * All rights reserved.
* *

View File

@ -1,7 +1,7 @@
/* config.c - relay backend configuration file routine */ /* config.c - relay backend configuration file routine */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 2003-2004 The OpenLDAP Foundation. * Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati. * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved. * All rights reserved.
* *
@ -66,7 +66,8 @@ relay_back_db_config(
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL ); rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
if ( rc != LDAP_SUCCESS ) { if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"relay dn \"%s\" is invalid\n", "relay dn \"%s\" is invalid "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, argv[ 1 ] ); fname, lineno, argv[ 1 ] );
return 1; return 1;
} }
@ -75,13 +76,15 @@ relay_back_db_config(
if ( bd == NULL ) { if ( bd == NULL ) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"cannot find database " "cannot find database "
"of relay dn \"%s\"\n", "of relay dn \"%s\" "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, argv[ 1 ] ); fname, lineno, argv[ 1 ] );
return 1; return 1;
} else if ( bd == be ) { } else if ( bd == be ) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"relay dn \"%s\" would call self\n", "relay dn \"%s\" would call self "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, pdn.bv_val ); fname, lineno, pdn.bv_val );
return 1; return 1;
} }
@ -91,33 +94,16 @@ relay_back_db_config(
if ( overlay_config( be, "rewrite-remap" ) ) { if ( overlay_config( be, "rewrite-remap" ) ) {
fprintf( stderr, "%s: line %d: unable to install " fprintf( stderr, "%s: line %d: unable to install "
"rewrite-remap overlay " "rewrite-remap overlay "
"in back-relay\n", "in back-relay "
"in \"relay <dn> [massage]\" line\n",
fname, lineno ); fname, lineno );
return 1; return 1;
} }
#if 0 if ( argc == 3 ) {
{
char *cargv[ 4 ]; char *cargv[ 4 ];
cargv[ 0 ] = "overlay"; if ( strcmp( argv[2], "massage" ) != 0 ) {
cargv[ 1 ] = "rewrite-remap";
cargv[ 2 ] = NULL;
be->be_config( be, fname, lineno, 2, cargv );
cargv[ 0 ] = "suffixmassage";
cargv[ 1 ] = be->be_suffix[0].bv_val;
cargv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
cargv[ 3 ] = NULL;
if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
return 1;
}
}
if ( argc == 3 ) {
if ( strcmp( argv[2], "massage" ) ) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"unknown directive \"%s\" " "unknown directive \"%s\" "
"in \"relay <dn> [massage]\" line\n", "in \"relay <dn> [massage]\" line\n",
@ -125,9 +111,17 @@ relay_back_db_config(
return 1; return 1;
} }
ri->ri_massage = 1; cargv[ 0 ] = "suffixmassage";
cargv[ 1 ] = be->be_suffix[0].bv_val;
cargv[ 2 ] = pdn.bv_val;
cargv[ 3 ] = NULL;
if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
return 1;
} }
#endif }
ch_free( pdn.bv_val );
/* anything else */ /* anything else */
} else { } else {

View File

@ -1,7 +1,7 @@
/* init.c - initialize relay backend */ /* init.c - initialize relay backend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 2003-2004 The OpenLDAP Foundation. * Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati. * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved. * All rights reserved.
* *
@ -110,29 +110,10 @@ relay_back_db_open( Backend *be )
if ( ri->ri_realsuffix.bv_val != NULL ) { if ( ri->ri_realsuffix.bv_val != NULL ) {
ri->ri_bd = select_backend( &ri->ri_realsuffix, 0, 1 ); ri->ri_bd = select_backend( &ri->ri_realsuffix, 0, 1 );
/* must be there: it was during config! */
assert( ri->ri_bd ); assert( ri->ri_bd );
} }
#if 0
if ( ri->ri_massage ) {
char *argv[ 4 ];
if ( be->be_suffix[0].bv_val == NULL ) {
fprintf( stderr, "suffix must be defined to require suffix massage\n" );
return 1;
}
argv[ 0 ] = "suffixmassage";
argv[ 1 ] = be->be_suffix[0].bv_val;
argv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
argv[ 3 ] = NULL;
if ( be->be_config( be, "back-relay", 1, 3, argv ) ) {
return 1;
}
}
#endif
return 0; return 0;
} }
@ -148,8 +129,12 @@ relay_back_db_destroy( Backend *be )
relay_back_info *ri = (relay_back_info *)be->be_private; relay_back_info *ri = (relay_back_info *)be->be_private;
if ( ri ) { if ( ri ) {
if ( ri->ri_realsuffix.bv_val ) {
ch_free( ri->ri_realsuffix.bv_val );
}
ch_free( ri ); ch_free( ri );
} }
return 0; return 0;
} }

View File

@ -1,7 +1,7 @@
/* op.c - relay backend operations */ /* op.c - relay backend operations */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 2003-2004 The OpenLDAP Foundation. * Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati. * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved. * All rights reserved.
* *
@ -37,6 +37,16 @@ relay_back_swap_bd( struct slap_op *op, struct slap_rep *rs )
return SLAP_CB_CONTINUE; return SLAP_CB_CONTINUE;
} }
static void
relay_back_add_cb( slap_callback *cb, struct slap_op *op )
{
cb->sc_next = op->o_callback;
cb->sc_response = relay_back_swap_bd;
cb->sc_cleanup = relay_back_swap_bd;
cb->sc_private = op->o_bd;
op->o_callback = cb;
}
static BackendDB * static BackendDB *
relay_back_select_backend( struct slap_op *op, struct slap_rep *rs, int err ) relay_back_select_backend( struct slap_op *op, struct slap_rep *rs, int err )
{ {
@ -95,11 +105,16 @@ relay_back_op_bind( struct slap_op *op, struct slap_rep *rs )
if ( bd->be_bind ) { if ( bd->be_bind ) {
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_bind )( op, rs ); rc = ( bd->be_bind )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -125,15 +140,13 @@ relay_back_op_unbind( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_unbind )( op, rs ); rc = ( bd->be_unbind )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} }
return 0; return 0;
@ -155,16 +168,14 @@ relay_back_op_search( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_search )( op, rs ); rc = ( bd->be_search )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -190,16 +201,14 @@ relay_back_op_compare( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_compare )( op, rs ); rc = ( bd->be_compare )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -225,16 +234,14 @@ relay_back_op_modify( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_modify )( op, rs ); rc = ( bd->be_modify )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -260,16 +267,14 @@ relay_back_op_modrdn( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_modrdn )( op, rs ); rc = ( bd->be_modrdn )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -295,16 +300,14 @@ relay_back_op_add( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_add )( op, rs ); rc = ( bd->be_add )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -330,15 +333,13 @@ relay_back_op_delete( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_delete )( op, rs ); rc = ( bd->be_delete )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} }
return rc; return rc;
@ -360,16 +361,14 @@ relay_back_op_abandon( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_abandon )( op, rs ); rc = ( bd->be_abandon )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -395,16 +394,14 @@ relay_back_op_cancel( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_cancel )( op, rs ); rc = ( bd->be_cancel )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -430,16 +427,14 @@ relay_back_op_extended( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_extended )( op, rs ); rc = ( bd->be_extended )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else { } else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported " "operation not supported "
@ -520,15 +515,13 @@ relay_back_chk_referrals( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb; slap_callback cb;
cb.sc_next = op->o_callback; relay_back_add_cb( &cb, op );
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_chk_referrals )( op, rs ); rc = ( bd->be_chk_referrals )( op, rs );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} }
return rc; return rc;
@ -553,10 +546,15 @@ relay_back_operational( struct slap_op *op, struct slap_rep *rs,
if ( bd->be_operational ) { if ( bd->be_operational ) {
BackendDB *be = op->o_bd; BackendDB *be = op->o_bd;
slap_callback cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd; op->o_bd = bd;
rc = ( bd->be_operational )( op, rs, opattrs, ap ); rc = ( bd->be_operational )( op, rs, opattrs, ap );
op->o_bd = be; op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} }
return rc; return rc;

View File

@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 2001-2004 The OpenLDAP Foundation. * Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati. * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved. * All rights reserved.
* *