2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2007 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
46 mt = ch_calloc( sizeof( metatarget_t ), 1 );
48 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
49 if ( mt->mt_rwmap.rwm_rw == NULL ) {
55 * the filter rewrite as a string must be disabled
56 * by default; it can be re-enabled by adding rules;
57 * this creates an empty rewriteContext
59 rargv[ 0 ] = "rewriteContext";
60 rargv[ 1 ] = "searchFilter";
62 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
64 rargv[ 0 ] = "rewriteContext";
65 rargv[ 1 ] = "default";
67 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
69 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
71 mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
72 mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
73 mt->mt_idassert_tls = SB_TLS_DEFAULT;
75 /* by default, use proxyAuthz control on each operation */
76 mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
84 check_true_false( char *str )
86 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
90 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
107 metainfo_t *mi = ( metainfo_t * )be->be_private;
109 assert( mi != NULL );
111 /* URI of server to query */
112 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
113 int i = mi->mi_ntargets;
114 LDAPURLDesc *ludp, *tmpludp;
124 Debug( LDAP_DEBUG_ANY,
125 "%s: line %d: missing URI "
126 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
134 Debug( LDAP_DEBUG_ANY,
135 "%s: line %d: too many args "
136 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
141 if ( be->be_nsuffix == NULL ) {
142 Debug( LDAP_DEBUG_ANY,
143 "%s: line %d: the suffix must be defined before any target.\n",
150 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
151 sizeof( metatarget_t * ) * mi->mi_ntargets );
152 if ( mi->mi_targets == NULL ) {
153 Debug( LDAP_DEBUG_ANY,
154 "%s: line %d: out of memory while storing server name"
155 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
160 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
161 Debug( LDAP_DEBUG_ANY,
162 "%s: line %d: unable to init server"
163 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
168 mt = mi->mi_targets[ i ];
170 mt->mt_rebind_f = mi->mi_rebind_f;
171 mt->mt_urllist_f = mi->mi_urllist_f;
172 mt->mt_urllist_p = mt;
174 mt->mt_nretries = mi->mi_nretries;
175 mt->mt_quarantine = mi->mi_quarantine;
176 if ( META_BACK_QUARANTINE( mi ) ) {
177 ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
179 mt->mt_flags = mi->mi_flags;
180 mt->mt_version = mi->mi_version;
181 mt->mt_network_timeout = mi->mi_network_timeout;
182 mt->mt_bind_timeout = mi->mi_bind_timeout;
183 for ( c = 0; c < SLAP_OP_LAST; c++ ) {
184 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
190 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t",
191 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS )
193 Debug( LDAP_DEBUG_ANY,
194 "%s: line %d: unable to parse URI"
195 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
201 * uri MUST have the <dn> part!
203 if ( ludp->lud_dn == NULL ) {
204 Debug( LDAP_DEBUG_ANY,
205 "%s: line %d: missing <naming context> "
206 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
210 } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
213 for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
214 if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
219 if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
220 Debug( LDAP_DEBUG_ANY,
221 "%s: line %d: missing <naming context> "
222 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
229 * copies and stores uri and suffix
231 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
232 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
233 &mt->mt_nsuffix, NULL );
234 if( rc != LDAP_SUCCESS ) {
235 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
236 "target \"%s\" DN is invalid\n",
237 fname, lineno, argv[ 1 ] );
241 ludp->lud_dn[ 0 ] = '\0';
243 switch ( ludp->lud_scope ) {
244 case LDAP_SCOPE_DEFAULT:
245 mt->mt_scope = LDAP_SCOPE_SUBTREE;
248 case LDAP_SCOPE_SUBTREE:
249 case LDAP_SCOPE_SUBORDINATE:
250 mt->mt_scope = ludp->lud_scope;
254 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
255 "invalid scope for target \"%s\"\n",
256 fname, lineno, argv[ 1 ] );
260 /* check all, to apply the scope check on the first one */
261 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
262 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
263 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
264 "multiple URIs must have "
272 mt->mt_uri = ldap_url_list2urls( ludp );
273 ldap_free_urllist( ludp );
274 if ( mt->mt_uri == NULL) {
275 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
281 * uri MUST be a branch of suffix!
283 tmp_bd = select_backend( &mt->mt_nsuffix, 0 );
284 if ( tmp_bd == NULL || tmp_bd->be_private != be->be_private )
286 Debug( LDAP_DEBUG_ANY,
287 "%s: line %d: <naming context> of URI does not resolve to this database.\n",
292 /* subtree-exclude */
293 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
294 int i = mi->mi_ntargets - 1;
295 struct berval dn, ndn;
298 Debug( LDAP_DEBUG_ANY,
299 "%s: line %d: need \"uri\" directive first\n",
306 Debug( LDAP_DEBUG_ANY,
307 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
315 Debug( LDAP_DEBUG_ANY,
316 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
321 ber_str2bv( argv[ 1 ], 0, 0, &dn );
322 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
325 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
326 "subtree-exclude DN=\"%s\" is invalid\n",
327 fname, lineno, argv[ 1 ] );
331 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
332 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
333 "subtree-exclude DN=\"%s\" "
334 "must be subtree of target\n",
335 fname, lineno, argv[ 1 ] );
336 ber_memfree( ndn.bv_val );
340 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
343 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
345 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
346 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
347 "subtree-exclude DN=\"%s\" "
348 "is suffix of another subtree-exclude\n",
349 fname, lineno, argv[ 1 ] );
350 /* reject, because it might be superior
351 * to more than one subtree-exclude */
352 ber_memfree( ndn.bv_val );
355 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
356 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
357 "another subtree-exclude is suffix of "
358 "subtree-exclude DN=\"%s\"\n",
359 fname, lineno, argv[ 1 ] );
360 ber_memfree( ndn.bv_val );
366 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
368 /* default target directive */
369 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
370 int i = mi->mi_ntargets - 1;
374 Debug( LDAP_DEBUG_ANY,
375 "%s: line %d: \"default-target\" alone need be"
376 " inside a \"uri\" directive\n",
380 mi->mi_defaulttarget = i;
383 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
385 Debug( LDAP_DEBUG_ANY,
386 "%s: line %d: \"default-target none\""
387 " should go before uri definitions\n",
390 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
394 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
395 || mi->mi_defaulttarget < 0
396 || mi->mi_defaulttarget >= i - 1 )
398 Debug( LDAP_DEBUG_ANY,
399 "%s: line %d: illegal target number %d\n",
400 fname, lineno, mi->mi_defaulttarget );
406 /* ttl of dn cache */
407 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
409 Debug( LDAP_DEBUG_ANY,
410 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
415 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
416 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
418 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
419 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
424 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
425 Debug( LDAP_DEBUG_ANY,
426 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
427 fname, lineno, argv[ 1 ] );
430 mi->mi_cache.ttl = (time_t)t;
433 /* network timeout when connecting to ldap servers */
434 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
436 time_t *tp = mi->mi_ntargets ?
437 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
438 : &mi->mi_network_timeout;
441 Debug( LDAP_DEBUG_ANY,
442 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
447 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
448 Debug( LDAP_DEBUG_ANY,
449 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
450 fname, lineno, argv[ 1 ] );
457 /* idle timeout when connecting to ldap servers */
458 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
463 Debug( LDAP_DEBUG_ANY,
464 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
470 Debug( LDAP_DEBUG_ANY,
471 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
476 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
477 Debug( LDAP_DEBUG_ANY,
478 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
479 fname, lineno, argv[ 1 ] );
484 mi->mi_idle_timeout = (time_t)t;
487 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
492 Debug( LDAP_DEBUG_ANY,
493 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
499 Debug( LDAP_DEBUG_ANY,
500 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
505 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
506 Debug( LDAP_DEBUG_ANY,
507 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
508 fname, lineno, argv[ 1 ] );
513 mi->mi_conn_ttl = (time_t)t;
515 /* bind timeout when connecting to ldap servers */
516 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
518 struct timeval *tp = mi->mi_ntargets ?
519 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
520 : &mi->mi_bind_timeout;
524 Debug( LDAP_DEBUG_ANY,
525 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
531 Debug( LDAP_DEBUG_ANY,
532 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
537 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
538 Debug( LDAP_DEBUG_ANY,
539 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
540 fname, lineno, argv[ 1 ] );
545 tp->tv_sec = t/1000000;
546 tp->tv_usec = t%1000000;
548 /* name to use for meta_back_group */
549 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
550 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
552 int i = mi->mi_ntargets - 1;
556 Debug( LDAP_DEBUG_ANY,
557 "%s: line %d: need \"uri\" directive first\n",
563 Debug( LDAP_DEBUG_ANY,
564 "%s: line %d: missing name in \"binddn <name>\" line\n",
569 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
570 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
571 "\"binddn\" statement is deprecated; "
572 "use \"acl-authcDN\" instead\n",
574 /* FIXME: some day we'll need to throw an error */
577 ber_str2bv( argv[ 1 ], 0, 0, &dn );
578 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
579 NULL ) != LDAP_SUCCESS )
581 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
582 "bind DN '%s' is invalid\n",
583 fname, lineno, argv[ 1 ] );
587 /* password to use for meta_back_group */
588 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
589 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
591 int i = mi->mi_ntargets - 1;
594 Debug( LDAP_DEBUG_ANY,
595 "%s: line %d: need \"uri\" directive first\n",
601 Debug( LDAP_DEBUG_ANY,
602 "%s: line %d: missing password in \"bindpw <password>\" line\n",
607 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
608 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
609 "\"bindpw\" statement is deprecated; "
610 "use \"acl-passwd\" instead\n",
612 /* FIXME: some day we'll need to throw an error */
615 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
617 /* save bind creds for referral rebinds? */
618 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
620 Debug( LDAP_DEBUG_ANY,
621 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
627 Debug( LDAP_DEBUG_ANY,
628 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
630 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
633 switch ( check_true_false( argv[ 1 ] ) ) {
635 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
639 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
643 Debug( LDAP_DEBUG_ANY,
644 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
645 fname, lineno, argv[ 1 ] );
650 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
651 unsigned *flagsp = mi->mi_ntargets ?
652 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
656 Debug( LDAP_DEBUG_ANY,
657 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
662 /* this is the default; we add it because the default might change... */
663 switch ( check_true_false( argv[ 1 ] ) ) {
665 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
669 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
675 fname, lineno, argv[ 1 ] );
679 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
680 unsigned *flagsp = mi->mi_ntargets ?
681 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
685 Debug( LDAP_DEBUG_ANY,
686 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
692 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
693 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
696 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
697 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
698 *flagsp |= LDAP_BACK_F_USE_TLS;
700 /* propagate start tls */
701 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
702 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
705 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
706 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
707 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
710 Debug( LDAP_DEBUG_ANY,
711 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
712 fname, lineno, argv[ 1 ] );
716 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
717 unsigned *flagsp = mi->mi_ntargets ?
718 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
722 Debug( LDAP_DEBUG_ANY,
723 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
728 switch ( check_true_false( argv[ 1 ] ) ) {
730 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
734 *flagsp |= LDAP_BACK_F_T_F;
738 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
739 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
742 Debug( LDAP_DEBUG_ANY,
743 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
744 fname, lineno, argv[ 1 ] );
751 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
753 Debug( LDAP_DEBUG_ANY,
754 "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
759 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
760 mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
762 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
763 mi->mi_flags |= META_BACK_F_ONERR_STOP;
765 } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
766 mi->mi_flags |= META_BACK_F_ONERR_REPORT;
769 Debug( LDAP_DEBUG_ANY,
770 "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
771 fname, lineno, argv[ 1 ] );
776 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
777 || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
780 Debug( LDAP_DEBUG_ANY,
781 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
786 switch ( check_true_false( argv[ 1 ] ) ) {
788 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
792 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
796 Debug( LDAP_DEBUG_ANY,
797 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
798 fname, lineno, argv[ 1 ] );
803 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
805 Debug( LDAP_DEBUG_ANY,
806 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
811 if ( mi->mi_ntargets > 0 ) {
812 Debug( LDAP_DEBUG_ANY,
813 "%s: line %d: \"single-conn\" must appear before target definitions\n",
818 switch ( check_true_false( argv[ 1 ] ) ) {
820 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
824 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
828 Debug( LDAP_DEBUG_ANY,
829 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
830 fname, lineno, argv[ 1 ] );
834 /* use-temporaries? */
835 } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
837 Debug( LDAP_DEBUG_ANY,
838 "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
843 if ( mi->mi_ntargets > 0 ) {
844 Debug( LDAP_DEBUG_ANY,
845 "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
850 switch ( check_true_false( argv[ 1 ] ) ) {
852 mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
856 mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
860 Debug( LDAP_DEBUG_ANY,
861 "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
862 fname, lineno, argv[ 1 ] );
866 /* privileged connections pool max size ? */
867 } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
869 Debug( LDAP_DEBUG_ANY,
870 "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
875 if ( mi->mi_ntargets > 0 ) {
876 Debug( LDAP_DEBUG_ANY,
877 "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
882 if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
883 || mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
884 || mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
886 Debug( LDAP_DEBUG_ANY,
887 "%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
888 fname, lineno, argv[ 1 ] );
892 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
894 unsigned *flagsp = mi->mi_ntargets ?
895 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
899 Debug( LDAP_DEBUG_ANY,
900 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
905 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
906 flag = LDAP_BACK_F_CANCEL_ABANDON;
908 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
909 flag = LDAP_BACK_F_CANCEL_IGNORE;
911 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
912 flag = LDAP_BACK_F_CANCEL_EXOP;
914 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
915 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
918 Debug( LDAP_DEBUG_ANY,
919 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
920 fname, lineno, argv[ 1 ] );
924 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
927 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
929 time_t *tv = mi->mi_ntargets ?
930 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
935 Debug( LDAP_DEBUG_ANY,
936 "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
941 for ( c = 1; c < argc; c++ ) {
945 sep = strchr( argv[ c ], '=' );
947 size_t len = sep - argv[ c ];
949 if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
950 t = &tv[ SLAP_OP_BIND ];
951 /* unbind makes little sense */
952 } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
953 t = &tv[ SLAP_OP_ADD ];
954 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
955 t = &tv[ SLAP_OP_DELETE ];
956 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
957 t = &tv[ SLAP_OP_MODRDN ];
958 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
959 t = &tv[ SLAP_OP_MODIFY ];
960 } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
961 t = &tv[ SLAP_OP_COMPARE ];
962 } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
963 t = &tv[ SLAP_OP_SEARCH ];
964 /* abandon makes little sense */
965 #if 0 /* not implemented yet */
966 } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
967 t = &tv[ SLAP_OP_EXTENDED ];
970 char buf[ SLAP_TEXT_BUFLEN ];
971 snprintf( buf, sizeof( buf ),
972 "unknown/unhandled operation \"%s\" for timeout #%d",
974 Debug( LDAP_DEBUG_ANY,
975 "%s: line %d: %s.\n",
976 fname, lineno, buf );
985 if ( lutil_parse_time( sep, &val ) != 0 ) {
986 Debug( LDAP_DEBUG_ANY,
987 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
988 fname, lineno, sep );
998 for ( i = 0; i < SLAP_OP_LAST; i++ ) {
999 tv[ i ] = (time_t)val;
1004 /* name to use as pseudo-root dn */
1005 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
1006 int i = mi->mi_ntargets - 1;
1009 Debug( LDAP_DEBUG_ANY,
1010 "%s: line %d: need \"uri\" directive first\n",
1016 Debug( LDAP_DEBUG_ANY,
1017 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
1023 * exact replacement:
1026 idassert-bind bindmethod=simple
1027 binddn=<pseudorootdn>
1028 credentials=<pseudorootpw>
1030 flags=non-prescriptive
1031 idassert-authzFrom "dn:<rootdn>"
1033 * so that only when authc'd as <rootdn> the proxying occurs
1034 * rebinding as the <pseudorootdn> without proxyAuthz.
1037 Debug( LDAP_DEBUG_ANY,
1038 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1039 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1043 char binddn[ SLAP_TEXT_BUFLEN ];
1046 "bindmethod=simple",
1049 "flags=non-prescriptive",
1055 if ( BER_BVISNULL( &be->be_rootndn ) ) {
1056 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
1061 if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
1062 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
1066 cargv[ 2 ] = binddn;
1068 rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1072 if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
1073 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
1075 ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
1076 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
1079 assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
1081 bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
1082 bv.bv_val = ber_memalloc( bv.bv_len + 1 );
1083 AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
1084 AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
1086 ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
1092 /* password to use as pseudo-root */
1093 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
1094 int i = mi->mi_ntargets - 1;
1097 Debug( LDAP_DEBUG_ANY,
1098 "%s: line %d: need \"uri\" directive first\n",
1104 Debug( LDAP_DEBUG_ANY,
1105 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
1110 Debug( LDAP_DEBUG_ANY,
1111 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1112 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1115 if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
1116 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
1121 if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
1122 memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
1123 mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
1124 ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
1126 ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
1129 } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
1130 if ( mi->mi_ntargets == 0 ) {
1131 Debug( LDAP_DEBUG_ANY,
1132 "%s: line %d: \"idassert-bind\" "
1133 "must appear inside a target specification.\n",
1138 return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1140 /* idassert-authzFrom */
1141 } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
1142 if ( mi->mi_ntargets == 0 ) {
1143 Debug( LDAP_DEBUG_ANY,
1144 "%s: line %d: \"idassert-bind\" "
1145 "must appear inside a target specification.\n",
1155 Debug( LDAP_DEBUG_ANY,
1156 "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
1161 Debug( LDAP_DEBUG_ANY,
1162 "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
1167 return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1170 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
1171 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1172 slap_retry_info_t *ri = mi->mi_ntargets ?
1173 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
1174 : &mi->mi_quarantine;
1176 if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
1177 || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
1179 Debug( LDAP_DEBUG_ANY,
1180 "%s: line %d: quarantine already defined.\n",
1190 Debug( LDAP_DEBUG_ANY,
1191 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1196 Debug( LDAP_DEBUG_ANY,
1197 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1202 if ( ri != &mi->mi_quarantine ) {
1203 ri->ri_interval = NULL;
1207 if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
1208 ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
1211 if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1212 Debug( LDAP_DEBUG_ANY,
1213 "%s line %d: %s.\n",
1214 fname, lineno, buf );
1218 if ( mi->mi_ntargets ) {
1219 mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
1222 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
1225 /* session tracking request */
1226 } else if ( strcasecmp( argv[ 0 ], "session-tracking-request" ) == 0 ) {
1227 unsigned *flagsp = mi->mi_ntargets ?
1228 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
1232 Debug( LDAP_DEBUG_ANY,
1233 "%s: line %d: \"session-tracking-request {TRUE|false}\" needs 1 argument.\n",
1238 /* this is the default; we add it because the default might change... */
1239 switch ( check_true_false( argv[ 1 ] ) ) {
1241 *flagsp |= LDAP_BACK_F_ST_REQUEST;
1245 *flagsp &= ~LDAP_BACK_F_ST_REQUEST;
1249 Debug( LDAP_DEBUG_ANY,
1250 "%s: line %d: \"session-tracking-request {TRUE|false}\": unknown argument \"%s\".\n",
1251 fname, lineno, argv[ 1 ] );
1256 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1258 int i = mi->mi_ntargets - 1, rc;
1259 struct berval dn, nvnc, pvnc, nrnc, prnc;
1262 Debug( LDAP_DEBUG_ANY,
1263 "%s: line %d: need \"uri\" directive first\n",
1271 * suffixmassage <suffix> <massaged suffix>
1273 * the <suffix> field must be defined as a valid suffix
1274 * (or suffixAlias?) for the current database;
1275 * the <massaged suffix> shouldn't have already been
1276 * defined as a valid suffix or suffixAlias for the
1280 Debug( LDAP_DEBUG_ANY,
1281 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1286 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1287 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1288 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1289 "suffix '%s' is invalid\n",
1290 fname, lineno, argv[ 1 ] );
1294 tmp_be = select_backend( &nvnc, 0 );
1295 if ( tmp_be != NULL && tmp_be != be ) {
1296 Debug( LDAP_DEBUG_ANY,
1297 "%s: line %d: suffix already in use by another backend in"
1298 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1300 free( pvnc.bv_val );
1301 free( nvnc.bv_val );
1305 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1306 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1307 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1308 "massaged suffix '%s' is invalid\n",
1309 fname, lineno, argv[ 2 ] );
1310 free( pvnc.bv_val );
1311 free( nvnc.bv_val );
1316 tmp_be = select_backend( &nrnc, 0 );
1317 if ( tmp_be != NULL ) {
1318 Debug( LDAP_DEBUG_ANY,
1319 "%s: line %d: massaged suffix already in use by another backend in"
1320 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1322 free( pvnc.bv_val );
1323 free( nvnc.bv_val );
1324 free( prnc.bv_val );
1325 free( nrnc.bv_val );
1331 * The suffix massaging is emulated by means of the
1332 * rewrite capabilities
1333 * FIXME: no extra rewrite capabilities should be added
1336 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1337 &pvnc, &nvnc, &prnc, &nrnc );
1339 free( pvnc.bv_val );
1340 free( nvnc.bv_val );
1341 free( prnc.bv_val );
1342 free( nrnc.bv_val );
1346 /* rewrite stuff ... */
1347 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1348 int i = mi->mi_ntargets - 1;
1351 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1352 "statement outside target definition.\n",
1357 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1358 fname, lineno, argc, argv );
1360 /* objectclass/attribute mapping */
1361 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1362 int i = mi->mi_ntargets - 1;
1365 Debug( LDAP_DEBUG_ANY,
1366 "%s: line %d: need \"uri\" directive first\n",
1371 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1372 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1373 fname, lineno, argc, argv );
1375 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1376 int i = mi->mi_ntargets - 1;
1377 int nretries = META_RETRY_UNDEFINED;
1380 Debug( LDAP_DEBUG_ANY,
1381 "%s: line %d: need value in \"nretries <value>\"\n",
1386 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1387 nretries = META_RETRY_FOREVER;
1389 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1390 nretries = META_RETRY_NEVER;
1393 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1394 Debug( LDAP_DEBUG_ANY,
1395 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1396 fname, lineno, argv[ 1 ] );
1402 mi->mi_nretries = nretries;
1405 mi->mi_targets[ i ]->mt_nretries = nretries;
1408 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1409 int *version = mi->mi_ntargets ?
1410 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1414 Debug( LDAP_DEBUG_ANY,
1415 "%s: line %d: need value in \"protocol-version <version>\"\n",
1420 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1421 Debug( LDAP_DEBUG_ANY,
1422 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1423 fname, lineno, argv[ 1 ] );
1427 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1428 Debug( LDAP_DEBUG_ANY,
1429 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1430 fname, lineno, argv[ 1 ] );
1436 return SLAP_CONF_UNKNOWN;
1442 ldap_back_map_config(
1443 struct ldapmap *oc_map,
1444 struct ldapmap *at_map,
1450 struct ldapmap *map;
1451 struct ldapmapping *mapping;
1455 if ( argc < 3 || argc > 4 ) {
1456 Debug( LDAP_DEBUG_ANY,
1457 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1462 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1466 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1470 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1471 "\"map {objectclass | attribute} [<local> | *] "
1472 "{<foreign> | *}\"\n",
1477 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1478 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1479 map->drop_missing = ( argc < 4 );
1480 goto success_return;
1482 src = dst = argv[ 3 ];
1484 } else if ( argc < 4 ) {
1490 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1493 if ( ( map == at_map )
1494 && ( strcasecmp( src, "objectclass" ) == 0
1495 || strcasecmp( dst, "objectclass" ) == 0 ) )
1497 Debug( LDAP_DEBUG_ANY,
1498 "%s: line %d: objectclass attribute cannot be mapped\n",
1502 mapping = (struct ldapmapping *)ch_calloc( 2,
1503 sizeof(struct ldapmapping) );
1504 if ( mapping == NULL ) {
1505 Debug( LDAP_DEBUG_ANY,
1506 "%s: line %d: out of memory\n",
1510 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1511 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1512 mapping[ 1 ].src = mapping[ 0 ].dst;
1513 mapping[ 1 ].dst = mapping[ 0 ].src;
1519 if ( src[ 0 ] != '\0' ) {
1520 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1521 Debug( LDAP_DEBUG_ANY,
1522 "%s: line %d: warning, source objectClass '%s' "
1523 "should be defined in schema\n",
1524 fname, lineno, src );
1527 * FIXME: this should become an err
1533 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1534 Debug( LDAP_DEBUG_ANY,
1535 "%s: line %d: warning, destination objectClass '%s' "
1536 "is not defined in schema\n",
1537 fname, lineno, dst );
1541 const char *text = NULL;
1542 AttributeDescription *ad = NULL;
1544 if ( src[ 0 ] != '\0' ) {
1545 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1546 if ( rc != LDAP_SUCCESS ) {
1547 Debug( LDAP_DEBUG_ANY,
1548 "%s: line %d: warning, source attributeType '%s' "
1549 "should be defined in schema\n",
1550 fname, lineno, src );
1553 * FIXME: this should become an err
1556 * we create a fake "proxied" ad
1560 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1561 &ad, &text, SLAP_AD_PROXIED );
1562 if ( rc != LDAP_SUCCESS ) {
1563 char buf[ SLAP_TEXT_BUFLEN ];
1565 snprintf( buf, sizeof( buf ),
1566 "source attributeType \"%s\": %d (%s)",
1567 src, rc, text ? text : "" );
1568 Debug( LDAP_DEBUG_ANY,
1569 "%s: line %d: %s\n",
1570 fname, lineno, buf );
1578 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1579 if ( rc != LDAP_SUCCESS ) {
1580 Debug( LDAP_DEBUG_ANY,
1581 "%s: line %d: warning, destination attributeType '%s' "
1582 "is not defined in schema\n",
1583 fname, lineno, dst );
1586 * we create a fake "proxied" ad
1590 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1591 &ad, &text, SLAP_AD_PROXIED );
1592 if ( rc != LDAP_SUCCESS ) {
1593 char buf[ SLAP_TEXT_BUFLEN ];
1595 snprintf( buf, sizeof( buf ),
1596 "source attributeType \"%s\": %d (%s)\n",
1597 dst, rc, text ? text : "" );
1598 Debug( LDAP_DEBUG_ANY,
1599 "%s: line %d: %s\n",
1600 fname, lineno, buf );
1606 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1607 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1609 Debug( LDAP_DEBUG_ANY,
1610 "%s: line %d: duplicate mapping found.\n",
1615 if ( src[ 0 ] != '\0' ) {
1616 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1617 mapping_cmp, mapping_dup );
1619 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1620 mapping_cmp, mapping_dup );
1623 if ( !is_oc && map->map == NULL ) {
1624 /* only init if required */
1625 ldap_back_map_init( map, &mapping );
1632 ch_free( mapping[ 0 ].src.bv_val );
1633 ch_free( mapping[ 0 ].dst.bv_val );
1641 #ifdef ENABLE_REWRITE
1643 suffix_massage_regexize( const char *s )
1649 if ( s[ 0 ] == '\0' ) {
1650 return ch_strdup( "^(.+)$" );
1654 ( r = strchr( p, ',' ) ) != NULL;
1658 res = ch_calloc( sizeof( char ),
1660 + STRLENOF( "((.+),)?" )
1661 + STRLENOF( "[ ]?" ) * i
1662 + STRLENOF( "$" ) + 1 );
1664 ptr = lutil_strcopy( res, "((.+),)?" );
1666 ( r = strchr( p, ',' ) ) != NULL;
1668 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1669 ptr = lutil_strcopy( ptr, "[ ]?" );
1671 if ( r[ 1 ] == ' ' ) {
1675 ptr = lutil_strcopy( ptr, p );
1684 suffix_massage_patternize( const char *s, const char *p )
1691 if ( s[ 0 ] == '\0' ) {
1695 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1696 if ( res == NULL ) {
1700 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1701 if ( s[ 0 ] == '\0' ) {
1705 lutil_strcopy( ptr, p );
1711 suffix_massage_config(
1712 struct rewrite_info *info,
1713 struct berval *pvnc,
1714 struct berval *nvnc,
1715 struct berval *prnc,
1722 rargv[ 0 ] = "rewriteEngine";
1725 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1727 rargv[ 0 ] = "rewriteContext";
1728 rargv[ 1 ] = "default";
1730 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1732 rargv[ 0 ] = "rewriteRule";
1733 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1734 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1737 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1738 ch_free( rargv[ 1 ] );
1739 ch_free( rargv[ 2 ] );
1741 if ( BER_BVISEMPTY( pvnc ) ) {
1742 rargv[ 0 ] = "rewriteRule";
1744 rargv[ 2 ] = prnc->bv_val;
1747 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1750 rargv[ 0 ] = "rewriteContext";
1751 rargv[ 1 ] = "searchEntryDN";
1753 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1755 rargv[ 0 ] = "rewriteRule";
1756 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1757 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1760 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1761 ch_free( rargv[ 1 ] );
1762 ch_free( rargv[ 2 ] );
1764 if ( BER_BVISEMPTY( prnc ) ) {
1765 rargv[ 0 ] = "rewriteRule";
1767 rargv[ 2 ] = pvnc->bv_val;
1770 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1773 /* backward compatibility */
1774 rargv[ 0 ] = "rewriteContext";
1775 rargv[ 1 ] = "searchResult";
1776 rargv[ 2 ] = "alias";
1777 rargv[ 3 ] = "searchEntryDN";
1779 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1781 rargv[ 0 ] = "rewriteContext";
1782 rargv[ 1 ] = "matchedDN";
1783 rargv[ 2 ] = "alias";
1784 rargv[ 3 ] = "searchEntryDN";
1786 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1788 rargv[ 0 ] = "rewriteContext";
1789 rargv[ 1 ] = "searchAttrDN";
1790 rargv[ 2 ] = "alias";
1791 rargv[ 3 ] = "searchEntryDN";
1793 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1795 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1796 * see servers/slapd/overlays/rwm.h for details */
1797 rargv[ 0 ] = "rewriteContext";
1798 rargv[ 1 ] = "referralAttrDN";
1800 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1802 rargv[ 0 ] = "rewriteContext";
1803 rargv[ 1 ] = "referralDN";
1805 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1809 #endif /* ENABLE_REWRITE */