Commit Graph

222 Commits

Author SHA1 Message Date
Pierangelo Masarati
0c67c0493b more cleanup; small improvements 2003-04-15 23:11:31 +00:00
Pierangelo Masarati
1f400adca7 honor attributes request 2003-04-15 22:43:56 +00:00
Pierangelo Masarati
adf3744dd6 fix backsql new API; use berbuf instead of berval 2003-04-15 21:55:25 +00:00
Pierangelo Masarati
805894be1d fix context memory and more cleanup 2003-04-11 23:23:03 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Pierangelo Masarati
9e66d3d1f0 fix referrals return 2003-04-07 23:21:55 +00:00
Kurt Zeilenga
c75be97ae9 #ifdef -DSLAP_NVALUES 2003-04-05 03:35:16 +00:00
Pierangelo Masarati
8995d8341f more new API ... back-sql should be OK 2003-04-03 00:35:16 +00:00
Pierangelo Masarati
09b92f0aeb more new API ... 2003-04-02 22:58:02 +00:00
Howard Chu
99950e4fe4 Deleted BackendInfo->bi_acl_attribute, bi_acl_group.
Replaced with bi_entry_get_rw.
Implemented for back-bdb, back-ldbm, back-ldap.
2003-03-26 11:50:03 +00:00
Pierangelo Masarati
26895b9fa5 fix bug in schema check 2003-03-25 14:34:01 +00:00
Kurt Zeilenga
c981ebcb61 Don't return LDAP_OPERATIONS_ERROR for internal errors 2003-03-01 20:17:52 +00:00
Pierangelo Masarati
7ab954d516 blind fix (accrding to back-monitor hack) 2003-02-26 19:41:27 +00:00
Pierangelo Masarati
06b981429a fix ITS#2309 2003-02-10 18:15:36 +00:00
Hallvard Furuseth
2bcb48361d Remove casts of AVL function pointers. 2002-12-14 22:25:52 +00:00
Pierangelo Masarati
59aea47963 improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform" 2002-11-21 12:58:59 +00:00
Pierangelo Masarati
76bf91f553 remove #ifdef SLAP_FILTER_HASSUBORDINATES 2002-11-10 19:48:36 +00:00
Pierangelo Masarati
5794b3a2dd Add checks for SQL headers in configure.in (need to rerun autoheader
and autoconf); #include "ac/string.h" instead of <string.h>
2002-11-09 17:03:07 +00:00
Pierangelo Masarati
7b3f889ec1 fix hasSubordinate filtering; now it can be safely turned on 2002-10-26 16:18:31 +00:00
Pierangelo Masarati
665cb3e86e fix typo 2002-10-23 14:10:21 +00:00
Kurt Zeilenga
c382c5efa2 blind fix for NULL pointer in Debug() bug (ITS#2143) 2002-10-17 17:45:44 +00:00
Pierangelo Masarati
eb38db1be5 various fixes and improvements 2002-09-02 19:39:31 +00:00
Pierangelo Masarati
c8cfbca64d fix extendedMatch and approx hfilter andling; get rid of subtree_cond (argh, need to trim it from config and docs ...) 2002-08-31 10:39:23 +00:00
Pierangelo Masarati
a1bb43946b better handling of children_cond 2002-08-31 10:38:29 +00:00
Pierangelo Masarati
95a99bd522 trace illegal condition in backsql_strfcat 2002-08-31 10:37:42 +00:00
Pierangelo Masarati
685363e880 add 'children_cond' config statement 2002-08-31 10:36:16 +00:00
Pierangelo Masarati
a8bf275221 cleaner handling of unchecked limit support 2002-08-29 19:43:29 +00:00
Pierangelo Masarati
fbc11bd16a - added the capability to filter based on hasSubordinate attribute
to back-bdb, back-ldbm and back-sql (the latter with limitations);
- added handling of ":dn" attributes to extended rfc2254 filters
  and to matched value filter
- altered the behavior of get_mra() when a matching rule is given:
  now it checks whether it is compatible with the attribute syntax
  and, in case it is, the given mr is used.  In case of no type,
  the check is delayed when filtering
2002-08-29 10:55:48 +00:00
Kurt Zeilenga
c67781d0ea use ldap_charray_free() instead of slapd's charray_free() 2002-08-24 00:40:25 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Pierangelo Masarati
05348c5fc5 CHANGES:
- now all write operations appear to work correctly with PostgeSQL 7.0
- all write operations have been made transactional (atomic writes to
  entries are committed separately only in case of complete^1 success
  while all other operations are rolled-back by default)
- more cleanup and handling of exceptional conditions

TODO:
- deen to check with different databases and more up to date versions
  of both unixODBC and PostgreSQL.

^1: attribute add/modify/delete operations silently succeed if the
    appropriate add/delete proc does not exist for each attribute;
    this may be correct to hide undesired/unimplemented correspondence
    between LDAP and SQL databases; however, a more appropriate
    LDAP behavior would be a failure with LDAP_UNAVAILABLE if a
    single write operation cannot be executed for such reason
2002-08-16 16:45:24 +00:00
Pierangelo Masarati
115408986c changes:
- re-style according to the style giudelines for better readability
- updated to recent frontend/backend API changes
- fixed a few quirks about normalization
- "optimized" a few memory allocation/string handling functions
- fixed a few quirks about add/modify (still have to look ad modrdn)

todo:
- there is still something broken (at least with PostgreSQL and IBM db2,
  the two RDBMS O have at hand) when adding
- move everything to struct bervals and try to save a few strlen
- try some LDAP/SQL syntax relation to use appropriate value bind if possible
- ...
2002-08-13 17:12:27 +00:00
Pierangelo Masarati
7c2de5721a VERY PRELIMINARY support for PostgreSQL and IBM db2 2002-08-13 17:07:40 +00:00
Howard Chu
7e8c77c5de Fix dynamic module linking 2002-06-21 01:34:53 +00:00
Pierangelo Masarati
d019bff7b8 First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1

================
Most of this text is taken from OpenLDAP.  The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain.  This software is not subject to any license of
the University of Oslo.
================

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-29 20:24:29 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-15 20:42:42 +00:00
Howard Chu
efecf4e121 ITS#1733 eliminate o_abandonmutex 2002-04-11 08:03:40 +00:00
Pierangelo Masarati
53a0980348 fix for acl state 2002-02-09 17:31:49 +00:00
Howard Chu
265a03c7bd Changed AttributeName back into an array instead of a linked list 2002-01-03 05:41:50 +00:00
Howard Chu
743c402265 Changed search attrs from struct berval ** to AttributeName * 2001-12-31 11:35:52 +00:00
Howard Chu
d474789d0d First pass at converting bind to struct bervals 2001-12-26 11:41:38 +00:00
Howard Chu
ede3abc8c7 Changed search attrs to struct berval **.
Use typedefs for all backend functions, to minimize work in future API
updates. (back-*/external.h will never need updating in the future.)
2001-12-26 08:47:04 +00:00
Howard Chu
68b1bbb89d Changed search attrs to struct berval **.
Use typedefs for all backend functions, to minimize work in future API
updates. (back-*/external.h will never need updating in the future.)
2001-12-26 08:17:44 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Howard Chu
2f3399265c Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,
conn->c_dn,c_ndn, Access->a_dn_pat)
2001-12-24 15:11:01 +00:00
Howard Chu
e2c2de11c3 Converted all use of dn_parent to the in-place version. (Fixed a pdn leak
in back-sql along the way.)
2001-12-08 10:37:42 +00:00
Howard Chu
0552b1c53f NT updates from jon@symas.com. 2001-12-07 04:03:25 +00:00
Howard Chu
0e16f6acf9 Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
   Deleted ad_free() everywhere
   Added ad_mutex to init.c

The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
2001-10-22 13:23:05 +00:00
Dmitry Kovalev
358835218a finish the prefious fixes... it is really hard to commit a truly good patch without even a chance to check if it is compilable ;) 2001-09-07 18:50:52 +00:00
Dmitry Kovalev
6bf69cbf39 some cosmetics and minor problems fixed, pointed out by Mei-Hui Su (c++-style comments, newlines etc.) 2001-09-07 13:04:11 +00:00
Dmitry Kovalev
2f4d324f60 A big bunch of improvements, contributed by Sam Drake and Raj Damani.
Summary of changes is cited below.
The patch still needs some cosmetic changes to be made, but is ready for testing.

-----Original Message-----
From: Sam Drake [mailto:drake@timesten.com]
Sent: Saturday, April 07, 2001 10:40 PM
To: 'mitya@seismic.ru'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Slapd frontend performance issues


FYI, here is a short description of the changes I made.  I'll package up the
changes asap, but it may take a couple of days.

The performance numbers quoted in this report were seen at my location with
a 100,000 object database ... the slower numbers I mentioned earlier were
reported by a customer with a 1,000,000 object database.

I also can't explain the very poor performance I saw with OpenLDAP and LDBM
with a 100,000 object database.

...Sam Drake / TimesTen Performance Software

----------

Work Performed

OpenLDAP 2.0.9, including back-sql, was built successfully on Solaris
8 using gcc.  The LDAP server itself, slapd, passed all tests bundled
with OpenLDAP.  OpenLDAP was built using Sleepycat LDBM release 3.1.17
as the "native" storage manager.

The experimental back-sql facility in slapd was also built
successfully.  It was built using Oracle release 8.1.7 and the Oracle
ODBC driver and ODBC Driver Manager from Merant.  Rudimentary testing
was performed with the data and examples provided with back-sql, and
back-sql was found to be functional.

Slapd and back-sql were then tested with TimesTen, using TimesTen
4.1.1.  Back-sql was not immediately functional with TimesTen due to a
number of SQL limitations in the TimesTen product.

Functional issues encountered were:

1. Back-sql issued SELECT statements including the construct,
   "UPPER(?)".  While TimesTen supports UPPER, it does not support the
   use of parameters as input to builtin functions.  Back-sql was
   modified to convert the parameter to upper case prior to giving it
   to the underlying database ... a change that is appropriate for all
   databases.

2. Back-sql issued SELECT statements using the SQL CONCAT function.
   TimesTen does not support this function.  Back-sql was modified to
   concatentate the necessary strings itself (in "C" code) prior to
   passing the parameters to SQL.  This change is also appropriate for
   all databases, not just TimesTen.

Once these two issues were resolved, back-sql could successfully
process LDAP searches using the sample data and examples provided with
back-sql.

While performance was not measured at this point, numerous serious
performance problems were observed with the back-sql code and the
generated SQL.  In particular:

1. In the process of implementing an LDAP search, back-sql will
   generate and execute a SQL query for all object classes stored in
   back-sql.  During the source of generating each SQL query, it is
   common for back-sql to determine that a particular object class can
   not possibly have any members satisfying the search.  For example,
   this can occur if the query searches an attribute of the LDAP
   object that does not exist in the SQL schema.  In this case,
   back-sql would generate and issue the SQL query anyway, including a
   clause such as "WHERE 1=0" in the generated SELECT.  The overhead
   of parsing, optimizing and executing the query is non-trivial, and
   the answer (the empty set) is known in advance. Solution: Back-sql
   was modified to stop executing a SQL query when it can be
   predetermined that the query will return no rows.

2. Searches in LDAP are fundamentally case-insensitive ("abc" is equal
   to "aBc").  However, in SQL this is not normally the case.
   Back-sql thus generated SQL SELECT statements including clauses of
   the form, "WHERE UPPER(attribute) = 'JOE'".  Even if an index is
   defined on the attribute in the relational database, the index can
   not be used to satisfy the query, as the index is case sensitive.
   The relational database then is forced to scan all rows in the
   table in order to satisfy the query ... an expensive and
   non-scalable proposition.  Solution: Back-sql was modified to allow
   the schema designer to add additional "upper cased" columns to the
   SQL schema.  These columns, if present, contain an upper cased
   version of the "standard" field, and will be used preferentially
   for searching.  Such columns can be provided for all searchable
   columns, some columns, or no columns.  An application using
   database "triggers" or similar mechanisms can automatically
   maintain these upper cased columns when the standard column is
   changed.

3. In order to implement the hierarchical nature of LDAP object
   hierarchies, OpenLDAP uses suffix searches in SQL.  For example, to
   find all objects in the subtree "o=TimesTen,c=us", a SQL SELECT
   statement of the form, "WHERE UPPER(dn) LIKE '%O=TIMESTEN,C=US'"
   would be employed.  Aside from the UPPER issue discussed above, a
   second performance problem in this query is the use of suffix
   search.  In TimesTen (and most relational databases), indexes can
   be used to optimize exact-match searches and prefix searches.
   However, suffix searches must be performed by scanning every row in
   the table ... an expensive and non-scalable proposition.  Solution:
   Back-sql was modified to optionally add a new "dn_ru" column to the
   ldap_entries table.  This additional column, if present, contains a
   byte-reversed and upper cased version of the DN.  This allows
   back-sql to generate indexable prefix searches.  This column is
   also easily maintained automatically through the use of triggers.

Results

A simple database schema was generated holding the LDAP objects and
attributes specified by our customer.  An application was written to
generate test databases.  Both TimesTen and Oracle 8.1.7 were
populated with 100,000 entry databases.

Load Times

Using "slapadd" followed by "slapindex", loading and indexing 100,000
entries in an LDBM database ran for 19 minutes 10 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
a disk based RDBMS took 17 minutes 53 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
TimesTen took 1 minute 40 seconds.

Search Times

The command, "timex timesearch.sh '(cn=fname210100*)'" was used to
test search times.  This command issues the same LDAP search 4000
times over a single LDAP connection.  Both the client and server
(slapd) were run on the same machine.

With TimesTen as the database, 4000 queries took 14.93 seconds, for a
rate of 267.9 per second.

With a disk based RDBMS as the database, 4000 queries took 77.79 seconds,
for a
rate of 51.42 per second.

With LDBM as the database, 1 query takes 76 seconds, or 0.076 per
second.  Something is clearly broken.
2001-08-02 17:28:59 +00:00
Randy Kunkee
a9097044ea Remove global_backendsyncfreq code (code has been pushed down into back-ldbm). 2001-06-28 18:02:46 +00:00
Randy Kunkee
d492880870 Add sync_daemon to daemon.c, enabled by global configuration
backendsyncfreq <seconds>.  Setting this automatically enables
dbnosync (because the synchronizer takes care of it).
2001-06-22 08:38:58 +00:00
Dmitry Kovalev
a9b601290b Add 'distinct' to sql search query to prevent duplicate entries in results (suggested by Mathieu Guillaume) 2000-11-04 12:52:06 +00:00
Dmitry Kovalev
c77bd543bc fix even more stupid thing with the same issue ;) 2000-11-02 16:29:57 +00:00
Dmitry Kovalev
46a10706f5 fix _stupid_ thing with toupper -> ldap_pvt_str2upper 2000-11-02 13:18:45 +00:00
Dmitry Kovalev
6d94ecd1b0 fix ITS #855 (back-sql crashes with malformed filters),
also extend bind() to something less trivial (to support SIMPLE_AUTH mode)
2000-10-30 20:36:29 +00:00
Dmitry Kovalev
4411e0aa17 fix case-insensitive matching
+
documentation cleanup & update
2000-10-25 21:23:04 +00:00
Dmitry Kovalev
04939b7aca documentation update. this reflects recent changes (redesign, referral and multiple objectclasses support, and other), and provides new (hopefully more clear ;) description of concept 2000-09-05 18:16:58 +00:00
Dmitry Kovalev
f48f00f995 added missing SQL script to samples 2000-08-15 17:05:53 +00:00
Dmitry Kovalev
6078008495 minor fix (eliminate warnings) 2000-06-29 21:54:31 +00:00
Dmitry Kovalev
e90ef57645 changes for 2.0-beta
including:
- fixes according to new API changes
- closing db connection in connection_destroy callback, not unbind
- support of new schema code, samples changed accordingly
- support for multiple objectclasses (to distinguish from unique objectclass-to-tables mapping)
- auto 'ref' attribute support
- samples now include illustrations of using these 2 features to make named referrals as described in ldapext-namedref draft

more to come:
- documentation update
- different improvements to be more close to native directory (after beta?)
2000-06-29 21:14:43 +00:00
Mark Valence
51bd73ce7d New backend routine: back_attribute 2000-06-21 17:41:49 +00:00
Kurt Zeilenga
a3414536a4 Add backend_check_referrals() framework. 2000-06-16 01:46:42 +00:00
Kurt Zeilenga
a56c161bdb Misc code cleanup. 2000-06-10 22:39:30 +00:00
Dmitry Kovalev
b8af4a67ea Summary of changes:
- filter -> SQL translation bugfixes
- several memory leaks fixups
- improved configurability:
    - allows definition of  uppercasing function to support CIS matching on databases that do
    case sensitive compares (this fixes up Oracle issues, example updated)
    - allows more flexibility in stored procedures interface (different parameter order, optional return
      codes - see samples, and comments in backsql.h)
- synchronize function interfaces to recent changes in prototypes ("const" clauses etc.) made for all backends
  (those changes led to compile-time errors)
2000-05-26 16:03:32 +00:00
Kurt Zeilenga
60802201e3 Const'ification
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
  software install)
2000-05-22 03:46:57 +00:00
Howard Chu
3d5553abc2 Removed XLDFLAGS, unnecessary for modules. 2000-05-11 09:33:34 +00:00
Kurt Zeilenga
94d3673dbe wrap sql *.c files with #ifdef SLAPD_SQL to facilate NT builds
without -DSLAPD_SQL
2000-03-19 06:18:27 +00:00
Dmitry Kovalev
a16a87a412 even more back-sql files 2000-03-16 19:46:21 +00:00
Dmitry Kovalev
4e703c5261 more back-sql files + rdbms_dependent samples 2000-03-16 19:34:46 +00:00
Dmitry Kovalev
d63b3dc2fd added back-sql files 2000-03-16 19:08:22 +00:00