mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

works in most cases ...

Browse Source
This commit is contained in:
Pierangelo Masarati 2004-03-17 22:37:59 +00:00
parent 802e3cc069
commit cd8e154e4f
6 changed files with 117 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
servers/slapd/back-relay/README
View File

@ -13,8 +13,7 @@ database. This also causes the rewrite-remap overlay
to be automatically instantiated. If the optional keyword
"massage" is present, the rewrite-remap overlay is
automatically configured to map the virtual to the real
naming context and vice-versa; in this case, the "suffix"
directive must precede the "relay" directive.
naming context and vice-versa.
Otherwise, the rewrite-remap overlay must be explicitly
instantiated, by using the "overlay" directive, as
@ -26,10 +25,30 @@ not bound to a single target database; on the contrary,
the target database is selected on a per-operation basis.
This allows, for instance, to relay one database for
authentication and anothe for search/modify, or allows
authentication and anotheir for search/modify, or allows
to use one target for persons and another for groups
and so on.
To summarize: the "relay" directive:
- explicitly bounds the database to a single database
holding the real naming context;
- automatically instantiates the rewrite-remap overlay;
- automatically configures the naming context massaging
if the optional "massage" keyword is added
If the "relay" directive is not used, the rewrite-remap
overlay must be explicitly instantiated and the massaging
must be configured, either by using the "suffixmassage"
directive, or by issuing more sophisticate rewrite
instructions.
AttributeType/objectClass mapping must be explicitly
required.
Note that the rewrite-remap overlay is not complete nor
production- ready yet.
Examples are given of all the suggested usages.
# automatically massage from virtual to real naming context
database relay
suffix "dc=virtual,dc=naming,dc=context"
@ -38,6 +57,13 @@ relay "dc=real,dc=naming,dc=context" massage
# explicitly massage (same as above)
database relay
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
suffixmassage "dc=virtual,dc=naming,dc=context" \
"dc=real,dc=naming,dc=context"
# explicitly massage (same as above, but dynamic backend resolution)
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rewrite-remap
suffixmassage "dc=virtual,dc=naming,dc=context" \
"dc=real,dc=naming,dc=context"
@ -46,9 +72,12 @@ suffixmassage "dc=virtual,dc=naming,dc=context" \
# from virtual to real naming context, but not the reverse...
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rewrite-remap
rewriteEngine on
relay "dc=real,dc=naming,dc=context"
rewriteContext default
rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \
"$1dc=real,dc=naming,dc=context"
rewriteContext searchFilter
rewriteContext searchResult
rewriteContext searchResultAttrDN
rewriteContext matchedDN

2
servers/slapd/back-relay/back-relay.h
View File

@ -1,7 +1,7 @@
/* back-relay.h - relay backend header file */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2004 The OpenLDAP Foundation.
* Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*

48
servers/slapd/back-relay/config.c
View File

@ -1,7 +1,7 @@
/* config.c - relay backend configuration file routine */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2004 The OpenLDAP Foundation.
* Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
@ -66,7 +66,8 @@ relay_back_db_config(
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"relay dn \"%s\" is invalid\n",
"relay dn \"%s\" is invalid "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, argv[ 1 ] );
return 1;
}
@ -75,13 +76,15 @@ relay_back_db_config(
if ( bd == NULL ) {
fprintf( stderr, "%s: line %d: "
"cannot find database "
"of relay dn \"%s\"\n",
"of relay dn \"%s\" "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, argv[ 1 ] );
return 1;
} else if ( bd == be ) {
fprintf( stderr, "%s: line %d: "
"relay dn \"%s\" would call self\n",
"relay dn \"%s\" would call self "
"in \"relay <dn> [massage]\" line\n",
fname, lineno, pdn.bv_val );
return 1;
}
@ -91,33 +94,16 @@ relay_back_db_config(
if ( overlay_config( be, "rewrite-remap" ) ) {
fprintf( stderr, "%s: line %d: unable to install "
"rewrite-remap overlay "
"in back-relay\n",
"in back-relay "
"in \"relay <dn> [massage]\" line\n",
fname, lineno );
return 1;
}
#if 0
{
if ( argc == 3 ) {
char *cargv[ 4 ];
cargv[ 0 ] = "overlay";
cargv[ 1 ] = "rewrite-remap";
cargv[ 2 ] = NULL;
be->be_config( be, fname, lineno, 2, cargv );
cargv[ 0 ] = "suffixmassage";
cargv[ 1 ] = be->be_suffix[0].bv_val;
cargv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
cargv[ 3 ] = NULL;
if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
return 1;
}
}
if ( argc == 3 ) {
if ( strcmp( argv[2], "massage" ) ) {
if ( strcmp( argv[2], "massage" ) != 0 ) {
fprintf( stderr, "%s: line %d: "
"unknown directive \"%s\" "
"in \"relay <dn> [massage]\" line\n",
@ -125,9 +111,17 @@ relay_back_db_config(
return 1;
}
ri->ri_massage = 1;
cargv[ 0 ] = "suffixmassage";
cargv[ 1 ] = be->be_suffix[0].bv_val;
cargv[ 2 ] = pdn.bv_val;
cargv[ 3 ] = NULL;
if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
return 1;
}
#endif
}
ch_free( pdn.bv_val );
/* anything else */
} else {

27
servers/slapd/back-relay/init.c
View File

@ -1,7 +1,7 @@
/* init.c - initialize relay backend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2004 The OpenLDAP Foundation.
* Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
@ -110,29 +110,10 @@ relay_back_db_open( Backend *be )
if ( ri->ri_realsuffix.bv_val != NULL ) {
ri->ri_bd = select_backend( &ri->ri_realsuffix, 0, 1 );
/* must be there: it was during config! */
assert( ri->ri_bd );
}
#if 0
if ( ri->ri_massage ) {
char *argv[ 4 ];
if ( be->be_suffix[0].bv_val == NULL ) {
fprintf( stderr, "suffix must be defined to require suffix massage\n" );
return 1;
}
argv[ 0 ] = "suffixmassage";
argv[ 1 ] = be->be_suffix[0].bv_val;
argv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
argv[ 3 ] = NULL;
if ( be->be_config( be, "back-relay", 1, 3, argv ) ) {
return 1;
}
}
#endif
return 0;
}
@ -148,8 +129,12 @@ relay_back_db_destroy( Backend *be )
relay_back_info *ri = (relay_back_info *)be->be_private;
if ( ri ) {
if ( ri->ri_realsuffix.bv_val ) {
ch_free( ri->ri_realsuffix.bv_val );
}
ch_free( ri );
}
return 0;
}

110
servers/slapd/back-relay/op.c
View File

@ -1,7 +1,7 @@
/* op.c - relay backend operations */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2004 The OpenLDAP Foundation.
* Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
@ -37,6 +37,16 @@ relay_back_swap_bd( struct slap_op *op, struct slap_rep *rs )
return SLAP_CB_CONTINUE;
}
static void
relay_back_add_cb( slap_callback *cb, struct slap_op *op )
{
cb->sc_next = op->o_callback;
cb->sc_response = relay_back_swap_bd;
cb->sc_cleanup = relay_back_swap_bd;
cb->sc_private = op->o_bd;
op->o_callback = cb;
}
static BackendDB *
relay_back_select_backend( struct slap_op *op, struct slap_rep *rs, int err )
{
@ -95,11 +105,16 @@ relay_back_op_bind( struct slap_op *op, struct slap_rep *rs )
if ( bd->be_bind ) {
BackendDB *be = op->o_bd;
slap_callback cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_bind )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -125,15 +140,13 @@ relay_back_op_unbind( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_unbind )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
}
return 0;
@ -155,16 +168,14 @@ relay_back_op_search( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_search )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -190,16 +201,14 @@ relay_back_op_compare( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_compare )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -225,16 +234,14 @@ relay_back_op_modify( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_modify )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -260,16 +267,14 @@ relay_back_op_modrdn( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_modrdn )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -295,16 +300,14 @@ relay_back_op_add( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_add )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -330,15 +333,13 @@ relay_back_op_delete( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_delete )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
}
return rc;
@ -360,16 +361,14 @@ relay_back_op_abandon( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_abandon )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -395,16 +394,14 @@ relay_back_op_cancel( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_cancel )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -430,16 +427,14 @@ relay_back_op_extended( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_extended )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported "
@ -520,15 +515,13 @@ relay_back_chk_referrals( struct slap_op *op, struct slap_rep *rs )
BackendDB *be = op->o_bd;
slap_callback cb;
cb.sc_next = op->o_callback;
cb.sc_response = relay_back_swap_bd;
cb.sc_cleanup = relay_back_swap_bd;
cb.sc_private = op->o_bd;
op->o_callback = &cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_chk_referrals )( op, rs );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
}
return rc;
@ -553,10 +546,15 @@ relay_back_operational( struct slap_op *op, struct slap_rep *rs,
if ( bd->be_operational ) {
BackendDB *be = op->o_bd;
slap_callback cb;
relay_back_add_cb( &cb, op );
op->o_bd = bd;
rc = ( bd->be_operational )( op, rs, opattrs, ap );
op->o_bd = be;
op->o_callback = op->o_callback->sc_next;
}
return rc;

2
servers/slapd/back-relay/proto-back-relay.h
View File

@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2004 The OpenLDAP Foundation.
* Copyright 2004 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*