Use defined Root DSE attributes.

Developed by Julius Enarusai/IBM Copyright IBM Corp. 2001 Use of this source code is subject to the terms of The OpenLDAP Public License Version 2.7, 7 September 2001. No trademarks of the IBM Corporation are to be used to identify, endorse or promote any products derived from this code without the prior written consent of IBM.
2025-02-05 13:40:08 +08:00 · 2001-10-23 23:29:41 +00:00 · 2001-10-23 23:29:41 +00:00 · fcd1ce0e28
commit fcd1ce0e28
parent d9fb94f1a8
9 changed files with 186 additions and 13 deletions
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@ -366,6 +366,11 @@ conditions are currently same.
 may be used to require no conditions (useful for clearly globally
 set conditions within a particular database).
 .TP
+.B rootDSEfile <file>
+Specify the name of an LDIF(5) file containing user defined attributes
+for the root DSE.  These attributes are returned in addition to the
+attributes normally produced by slapd.
+.TP
 .B sasl-host <fqdn>
 Used to specify the fully qualified domain name used for SASL processing.
 .TP
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@ -1833,6 +1833,34 @@ read_config( const char *fname )
 				replogfile = ch_strdup( cargv[1] );
 			}

+		/* file from which to read additional rootdse attrs */
+		} else if ( strcasecmp( cargv[0], "rootdse" ) == 0) {
+			if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+					"missing filename in \"rootDSEfile <filename>\" line.\n",
+					fname, lineno ));
+#else
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"missing filename in \"rootDSEfile <filename>\" line.\n",
+				    fname, lineno, 0 );
+#endif
+				return 1;
+			}
+
+			if( read_root_dse_file( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+					"could not read \"rootDSEfile <filename>\" line.\n",
+					fname, lineno ));
+#else
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"could not read \"rootDSEfile <filename>\" line\n",
+				    fname, lineno, 0 );
+#endif
+				return 1;
+			}
+
 		/* maintain lastmodified{by,time} attributes */
 		} else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
 			if ( cargc < 2 ) {
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -907,6 +907,9 @@ LDAP_SLAPD_F (int) root_dse_info LDAP_P((
 	Entry **e,
 	const char **text ));

+LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
+	const char *file));
+
 LDAP_SLAPD_F (int) do_abandon LDAP_P((Connection *conn, Operation *op));
 LDAP_SLAPD_F (int) do_add LDAP_P((Connection *conn, Operation *op));
 LDAP_SLAPD_F (int) do_bind LDAP_P((Connection *conn, Operation *op));
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@ -22,6 +22,7 @@ static char *supportedFeatures[] = {
 	NULL
 };

+static Entry	*usr_attr = NULL;

 int
 root_dse_info(
@ -45,6 +46,8 @@ root_dse_info(
 	AttributeDescription *ad_supportedFeatures = slap_schema.si_ad_supportedFeatures;
 	AttributeDescription *ad_ref = slap_schema.si_ad_ref;

+	Attribute *a;
+
 	vals[0] = &val;
 	vals[1] = NULL;

@ -123,7 +126,90 @@ root_dse_info(
 		attr_merge( e, ad_ref, default_referral );
 	}

+	if( usr_attr != NULL) {
+		for(a = usr_attr->e_attrs; a != NULL; a = a->a_next) {
+			attr_merge( e, a->a_desc, a->a_vals );
+		}
+	}
+
 	*entry = e;
 	return LDAP_SUCCESS;
 }

+/*
+ * Read the entries specified in fname and merge the attributes
+ * to the user defined rootDSE. Note thaat if we find any errors
+ * what so ever, we will discard the entire entries, print an
+ * error message and return.
+ */
+int read_root_dse_file( const char *fname )
+{
+	FILE	*fp;
+	char	*line, *savefname, *saveline;
+	int rc = 0, lineno = 0, lmax = 0;
+	char	*buf = NULL;
+
+	Attribute *a;
+
+	if ( (fp = fopen( fname, "r" )) == NULL ) {
+		Debug( LDAP_DEBUG_ANY,
+			"could not open rootdse attr file \"%s\" - absolute path?\n",
+			fname, 0, 0 );
+		perror( fname );
+		return EXIT_FAILURE;
+	}
+
+	usr_attr = (Entry *) ch_calloc( 1, sizeof(Entry) );
+	usr_attr->e_attrs = NULL;
+
+	while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+		ID id;
+		Entry *e = str2entry( buf );
+
+		if( e == NULL ) {
+			fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
+				lineno );
+			entry_free( e );
+			entry_free( usr_attr );
+			usr_attr = NULL;
+			return EXIT_FAILURE;
+		}
+
+		if( dn_normalize( e->e_ndn ) == NULL ) {
+			fprintf( stderr, "root_dse: invalid dn=\"%s\" (line=%d)\n",
+				e->e_dn, lineno );
+			entry_free( e );
+			entry_free( usr_attr );
+			usr_attr = NULL;
+			return EXIT_FAILURE;
+		}
+
+		/* make sure the DN is a valid rootdse(rootdse is a null string) */
+		if( strcmp(e->e_ndn, "") != 0 ) {
+			fprintf( stderr,
+				"root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
+				e->e_dn, lineno );
+			entry_free( e );
+			entry_free( usr_attr );
+			usr_attr = NULL;
+			return EXIT_FAILURE;
+		}
+
+		/*
+		 * we found a valid entry, so walk thru all the attributes in the
+		 * entry, and add each attribute type and description to the
+		 * usr_attr entry
+		 */
+
+		for(a = e->e_attrs; a != NULL; a = a->a_next) {
+			attr_merge( usr_attr, a->a_desc, a->a_vals );
+		}
+
+		entry_free( e );
+	}
+
+	ch_free( buf );
+
+	Debug(LDAP_DEBUG_CONFIG,"rootDSE file %s read.\n", fname, 0, 0);
+	return rc;
+}
--- a/servers/slapd/schema/README
+++ b/servers/slapd/schema/README
@ -2,19 +2,20 @@ This directory contains schema definitions for use with slapd(5).

 File                    Description
 ----                    -----------
-corba.schema            Corba Object (RFC 2714) schema
+corba.schema            Corba Object (RFC 2714)
 core.schema             OpenLDAP "core"
-cosine.schema           COSINE Pilot schema
-inetorgperson.schema    InetOrgPerson schema
-java.schema             Java Object (RFC 2713) schema
-krb5-kdc.schema         Kerberos V KDC schema
-microsoft.ext.schema    Microsoft schema
-microsoft.schema        Microsoft schema
-microsoft.std.schema    Microsoft schema
-misc.schema             misc. experimental schema
-nadf.schema             North America Directory Forum schema
-nis.schema              Network Information Service schema
-openldap.schema         OpenLDAP Project schema
+cosine.schema           COSINE Pilot
+inetorgperson.schema    InetOrgPerson
+java.schema             Java Object (RFC 2713)
+krb5-kdc.schema         Kerberos V KDC
+microsoft.ext.schema    Microsoft
+microsoft.schema        Microsoft
+microsoft.std.schema    Microsoft
+misc.schema             misc/experimental
+nadf.schema             North America Directory Forum
+nis.schema              Network Information Service
+openldap.schema         OpenLDAP Project
+vendor.schema			Vendor Information (RFC 3045) schema

 Additional schema definitions can be submitted using the OpenLDAP
 Issue Tracking System <http://www.openldap.org/its/>.  Such
--- a/servers/slapd/schema/vendor.schema
+++ b/servers/slapd/schema/vendor.schema
@ -0,0 +1,46 @@
+#
+# RFC 3045: Storing Vendor Information in the LDAP root DSE
+# 
+
+# 2.1 vendorName
+# 
+#  This attribute contains a single string, which represents the name of
+#  the LDAP server implementer.
+#
+#  All LDAP server implementations SHOULD maintain a vendorName, which
+#  is generally the name of the company that wrote the LDAP Server code
+#  like "Novell, Inc."
+
+attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
+	EQUALITY 1.3.6.1.4.1.1466.109.114.1
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
+
+# 2.2 vendorVersion
+#
+#  This attribute contains a string which represents the version of the
+#  LDAP server implementation.
+#
+#  All LDAP server implementations SHOULD maintain a vendorVersion.
+#  Note that this value is typically a release value--comprised of a
+#  string and/or a string of numbers--used by the developer of the LDAP
+#  server product (as opposed to the supportedLDAPVersion, which
+#  specifies the version of the LDAP protocol supported by this server).
+#  This is single-valued so that it will only have one version value.
+#  This string MUST be unique between two versions, but there are no
+#  other syntactic restrictions on the value or the way it is formatted.
+
+attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
+	EQUALITY 1.3.6.1.4.1.1466.109.114.1
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE NO-USER-MODIFICATION
+	USAGE dSAOperation )
+
+#  The intent behind the equality match on vendorVersion is to not allow
+#  a less than or greater than type of query.  Say release "LDAPv3 8.0"
+#  has a problem that is fixed in the next release "LDAPv3 8.5", but in
+#  the mean time there is also an update release say version "LDAPv3
+#  8.01" that fixes the problem.  This will hopefully stop the client
+#  from saying it will not work with a version less than "LDAPv3 8.5"
+#  when it would also work with "LDAPv3 8.01".  With the equality match
+#  the client would have to exactly match what it is looking for.
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@ -230,7 +230,6 @@ int oc_check_allowed(
 		return LDAP_SUCCESS;
 	}

-
 	/*
 	 * All operational attributions are allowed by schema rules.
 	 */
--- a/servers/slapd/tools/mimic.c
+++ b/servers/slapd/tools/mimic.c
@ -219,3 +219,7 @@ int get_limits( Backend *be, const char *ndn, struct slap_limits_set **limit )
 	return 0;
 }

+int read_root_dse_file ( const char *file )
+{
+	return 0;
+}
--- a/tests/data/slapd-schema.conf
+++ b/tests/data/slapd-schema.conf
@ -16,6 +16,7 @@ include ./schema/misc.schema
 include ./schema/nadf.schema
 include ./schema/nis.schema
 include ./schema/openldap.schema
+include ./schema/vendor.schema
 #
 schemacheck	on
 pidfile     ./test-db/slapd.pid