cleanup null mapping detection

[openldap] / servers / slapd / back-ldap / Changes

Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>

The backend back-ldap has been modified as follows:

* The LDAP handlers have been put under an avl tree, in an attempt
  to improve the access to connections in heavy loaded environments
  (many clients connecting simultaneously for long times, e.g.
  authenticators that make successive searches and binds without
  renewing the handler).
  This required to change the lcs member of struct ldapinfo into
  an (Avlnode *) member called conntree.
  The member next in the ldapconn struct has been eliminated because
  it is no longer needed.

* The ldap_back_dobind function has been forced to return the value
  of the bound flag instead of void; there is no longer need to test 
  for the flag outside the function as a test was already in. 
  Now the function can be called as 

        if ( !ldap_back_dobind( lc, op ) ) {
                /* handle error */
        }

* The suffix of the operations can be "massaged", i.e. changed to
  a different suffix to implement what has been termed a 
  "virtual naming context": an incoming request with a certain
  base or related to a certain dn is turned into a request to a different
  server with the base or the dn changed in its terminal part (the naming
  context). The resulting entries, if any, have the real naming context
  changed back into the virtual naming context.

  This required to add a suffixMassage configuration line of the form

        suffix          "virtual naming context"
        suffixMassage   "virtual naming context"        "real naming context"

  (the name of the configuration parameter will be changed to something
  more appropriate as will result from a debate in the -devel mailing
  list).
  The "virtual naming context" must appear in a suffix configuration line
  so the server can select the appropriate backend; then the suffixMassage
  configuration line maps the "virtual" and the "real" naming contexts
  back and forth.
  This allows one to map multiple real naming contexts as branches
  of a single naming context, provided these reside on the same server:

        suffix          "ou=Branch 1, o=My Org, c=IT"
        suffixMassage   "ou=Branch 1, o=My Org, c=IT"   "o=Org 1, c=IT"
        suffix          "ou=Branch 2, o=My Org, c=IT"
        suffixMassage   "ou=Branch 2, o=My Org, c=IT"   "dc=host, dc=net"
        suffix          "o=My Org, c=IT"
        suffixMassage   "o=My Org, c=IT"                "dc=host, dc=it"

  Note that the "same server" limitation can be overcome by using
  multiple back-ldap databases, each pointing to the appropriate
  server.
  
  Another choice, which would not allow multiple naming contexts
  being served by the same database, is to use the "dn" part of the 
  "uri" configuration parameter, e.g.:

        suffix  "virtual naming context"
        uri     "ldap://ldap.my.org:port/real naming context"
  
  This has not been implemented yet.

  A possible future enhancement will allow the ldap backend to handle
  multiple servers within a single naming context.
  
  Two functions, ldap_back_dn_massage and ldap_back_dn_restore, have
  been added. The former changes the bind dn or the search base,
  in case its terminal portion matches the "virtual naming context"
  of a suffixMassage entry, to the corresponding "real naming context"
  suffixed value.
  The latter turns the entry's dn back to the "virtual naming context" 
  suffixed form if the real dn terminal portion matches any "real naming
  context" part of a suffixMassage configuration line.
  The deferred bind required to add the bound_dn member to the ldapconn
  struct.
  As of the time of this writing, all the backend operations that
  require writing (add, delete, modify, modrdn) have been added the 
  massaging capability; it can be safely turned off by turning on
  the readonly mode at the backend level. The massaging is performed
  only on the dn of the entry that is modified, and in the modrdn 
  operation it affects both the old and the newSuperior dn.

* Cleanup/minor bug fixes/software enhancements:

  - the suffix member (unused) has been eliminated (commented out) 
    from the ldapinfo struct.

  - bind.c:ldap_back_op_result: a check of the value of "match" and
    "msg" variables is added before freeing them (got a NULL "match"
    when the server the backend points to was restarted).
    
  - search.c:ldap_send_entry: the member a_desc in the (Attribute *)
    "attr" must be set to NULL before calling slap_str2ad, otherwise
    an assertion fails (ITS #919).

  - search.c:ldap_send_entry: the entry's ent.e_dn and ent.e_ndn members
    need be freed before returning because they were allocated inside
    the routine.

  - modify.c:ldap_back_modify: the Modifications member sml_op needs be
    ORed with LDAP_MOD_BVALUES to force the ldap_modify_s routine
    handle the modifications as bervals:

        mods[i].mod_op = ml->sml_op | LDAP_MOD_BVALUES;

* Notes:
  - there a possible memory leak in the backend, because the memory 
    occupation of the slapd processes steadily grows when it is 
    repeatedly accessed.

  - when writing (add/modify) lastmod must be set to OFF otherwise
    the lastmod attributes will be added to the entry mods and the
    target server will complain about

        ldap_modify: Constraint violation
        ldap_modify: additional info: no user modification allowed