2 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
3 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
5 * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
7 * This work has been developed to fulfill the requirements
8 * of SysNet s.n.c. <http:www.sys-net.it> and it has been donated
9 * to the OpenLDAP Foundation in the hope that it may be useful
10 * to the Open Source community, but WITHOUT ANY WARRANTY.
12 * Permission is granted to anyone to use this software for any purpose
13 * on any computer system, and to alter it and redistribute it, subject
14 * to the following restrictions:
16 * 1. The author and SysNet s.n.c. are not responsible for the consequences
17 * of use of this software, no matter how awful, even if they arise from
20 * 2. The origin of this software must not be misrepresented, either by
21 * explicit claim or by omission. Since few users ever read sources,
22 * credits should appear in the documentation.
24 * 3. Altered versions must be plainly marked as such, and must not be
25 * misrepresented as being the original software. Since few users
26 * ever read sources, credits should appear in the documentation.
27 * SysNet s.n.c. cannot be responsible for the consequences of the
30 * 4. This notice may not be removed or altered.
33 * This software is based on the backend back-ldap, implemented
34 * by Howard Chu <hyc@highlandsun.com>, and modified by Mark Valence
35 * <kurash@sassafras.com>, Pierangelo Masarati <ando@sys-net.it> and other
36 * contributors. The contribution of the original software to the present
37 * implementation is acknowledged in this copyright statement.
39 * A special acknowledgement goes to Howard for the overall architecture
40 * (and for borrowing large pieces of code), and to Mark, who implemented
41 * from scratch the attribute/objectclass mapping.
43 * The original copyright statement follows.
45 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
47 * Permission is granted to anyone to use this software for any purpose
48 * on any computer system, and to alter it and redistribute it, subject
49 * to the following restrictions:
51 * 1. The author is not responsible for the consequences of use of this
52 * software, no matter how awful, even if they arise from flaws in it.
54 * 2. The origin of this software must not be misrepresented, either by
55 * explicit claim or by omission. Since few users ever read sources,
56 * credits should appear in the documentation.
58 * 3. Altered versions must be plainly marked as such, and must not be
59 * misrepresented as being the original software. Since few users
60 * ever read sources, credits should appear in the
63 * 4. This notice may not be removed or altered.
71 #include <ac/string.h>
72 #include <ac/socket.h>
75 #include "../back-ldap/back-ldap.h"
76 #undef ldap_debug /* silence a warning in ldap-int.h */
77 #include "../../../libraries/libldap/ldap-int.h"
78 #include "back-meta.h"
80 static struct metatarget *
83 struct metatarget *lt;
84 struct ldapmapping *mapping;
86 lt = ch_calloc( sizeof( struct metatarget ), 1 );
91 lt->rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
92 if ( lt->rwmap.rwm_rw == NULL ) {
97 ldap_back_map_init( <->rwmap.rwm_at, &mapping );
111 struct metainfo *li = ( struct metainfo * )be->be_private;
115 "%s: line %d: meta backend info is null!\n",
120 /* URI of server to query */
121 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
122 int i = li->ntargets;
125 #endif /* uncomment if uri MUST be a branch of suffix */
126 LDAPURLDesc *ludp, *tmpludp;
132 "%s: line %d: missing address"
133 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
140 li->targets = ch_realloc( li->targets,
141 sizeof( struct metatarget *)*li->ntargets );
142 if ( li->targets == NULL ) {
144 "%s: line %d: out of memory while storing server name"
145 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
150 if ( ( li->targets[ i ] = new_target() ) == NULL ) {
152 "%s: line %d: unable to init server"
153 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
161 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS ) {
163 "%s: line %d: unable to parse URI"
164 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
170 * uri MUST have the <dn> part!
172 if ( ludp->lud_dn == NULL || ludp->lud_dn[ 0 ] == '\0' ) {
174 "%s: line %d: missing <naming context> "
175 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
181 * copies and stores uri and suffix
183 dn.bv_val = ludp->lud_dn;
184 dn.bv_len = strlen( ludp->lud_dn );
186 rc = dnPrettyNormal( NULL, &dn, &li->targets[ i ]->psuffix,
187 &li->targets[ i ]->suffix, NULL );
188 if( rc != LDAP_SUCCESS ) {
189 fprintf( stderr, "%s: line %d: "
190 "target '%s' DN is invalid\n",
191 fname, lineno, argv[ 1 ] );
195 ludp->lud_dn[ 0 ] = '\0';
197 for ( tmpludp = ludp->lud_next; tmpludp; tmpludp = tmpludp->lud_next ) {
198 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
199 fprintf( stderr, "%s: line %d: "
200 "multiple URIs must have "
208 li->targets[ i ]->uri = ldap_url_list2urls( ludp );
209 ldap_free_urllist( ludp );
210 if ( li->targets[ i ]->uri == NULL) {
211 fprintf( stderr, "%s: line %d: no memory?\n",
217 * uri MUST be a branch of suffix!
219 #if 0 /* too strict a constraint */
220 if ( select_backend( &li->targets[ i ]->suffix, 0, 0 ) != be ) {
222 "%s: line %d: <naming context> of URI does not refer to current backend"
223 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
229 * uri MUST be a branch of a suffix!
231 if ( select_backend( &li->targets[ i ]->suffix, 0, 0 ) == NULL ) {
233 "%s: line %d: <naming context> of URI does not resolve to a backend"
234 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
242 * uri MUST not be used by other URIs!
244 * FIXME: this limitation may be removed,
245 * or worked out, at least, in some manner
247 for ( j = 0; j < i-1; j++ ) {
248 if ( dn_match( &li->targets[ i ]->suffix,
249 &li->targets[ j ]->suffix ) ) {
251 "%s: line %d: naming context \"%s\" already used"
252 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
253 fname, lineno, last+1 );
260 fprintf(stderr, "%s: line %d: URI \"%s\", suffix \"%s\"\n",
261 fname, lineno, li->targets[ i ]->uri,
262 li->targets[ i ]->psuffix.bv_val );
265 /* default target directive */
266 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
267 int i = li->ntargets-1;
272 "%s: line %d: \"default-target\" alone need be"
273 " inside a \"uri\" directive\n",
277 li->defaulttarget = i;
279 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
282 "%s: line %d: \"default-target none\""
283 " should go before uri definitions\n",
286 li->defaulttarget = META_DEFAULT_TARGET_NONE;
288 int n = atoi( argv[ 1 ] );
289 if ( n < 1 || n >= i ) {
291 "%s: line %d: illegal target number %d\n",
295 li->defaulttarget = n-1;
299 /* ttl of dn cache */
300 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
303 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
308 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
309 li->cache.ttl = META_DNCACHE_FOREVER;
310 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
311 li->cache.ttl = META_DNCACHE_DISABLED;
313 li->cache.ttl = atol( argv[ 1 ] );
316 /* network timeout when connecting to ldap servers */
317 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
320 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
324 li->network_timeout = atol(argv[ 1 ]);
326 /* name to use for meta_back_group */
327 } else if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
328 int i = li->ntargets-1;
333 "%s: line %d: need \"uri\" directive first\n",
340 "%s: line %d: missing name in \"binddn <name>\" line\n",
345 dn.bv_val = argv[ 1 ];
346 dn.bv_len = strlen( argv[ 1 ] );
347 if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->binddn,
348 NULL ) != LDAP_SUCCESS )
350 fprintf( stderr, "%s: line %d: "
351 "bind DN '%s' is invalid\n",
352 fname, lineno, argv[ 1 ] );
356 /* password to use for meta_back_group */
357 } else if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
358 int i = li->ntargets-1;
362 "%s: line %d: need \"uri\" directive first\n",
369 "%s: line %d: missing password in \"bindpw <password>\" line\n",
373 ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->bindpw );
375 /* save bind creds for referral rebinds? */
376 } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
379 "%s: line %d: rebind-as-user takes no arguments\n",
385 /* name to use as pseudo-root dn */
386 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
387 int i = li->ntargets-1;
392 "%s: line %d: need \"uri\" directive first\n",
399 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
404 dn.bv_val = argv[ 1 ];
405 dn.bv_len = strlen( argv[ 1 ] );
406 if ( dnNormalize( 0, NULL, NULL, &dn,
407 &li->targets[ i ]->pseudorootdn, NULL ) != LDAP_SUCCESS )
409 fprintf( stderr, "%s: line %d: "
410 "pseudoroot DN '%s' is invalid\n",
411 fname, lineno, argv[ 1 ] );
415 /* password to use as pseudo-root */
416 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
417 int i = li->ntargets-1;
421 "%s: line %d: need \"uri\" directive first\n",
428 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
432 ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->pseudorootpw );
435 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
437 int i = li->ntargets-1;
438 struct berval dn, nvnc, pvnc, nrnc, prnc;
442 "%s: line %d: need \"uri\" directive first\n",
450 * suffixmassage <suffix> <massaged suffix>
452 * the <suffix> field must be defined as a valid suffix
453 * (or suffixAlias?) for the current database;
454 * the <massaged suffix> shouldn't have already been
455 * defined as a valid suffix or suffixAlias for the
460 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
465 dn.bv_val = argv[ 1 ];
466 dn.bv_len = strlen( argv[ 1 ] );
467 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
468 fprintf( stderr, "%s: line %d: "
469 "suffix '%s' is invalid\n",
470 fname, lineno, argv[ 1 ] );
474 tmp_be = select_backend( &nvnc, 0, 0 );
475 if ( tmp_be != NULL && tmp_be != be ) {
477 "%s: line %d: suffix already in use by another backend in"
478 " \"suffixMassage <suffix> <massaged suffix>\"\n",
485 dn.bv_val = argv[ 2 ];
486 dn.bv_len = strlen( argv[ 2 ] );
487 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
488 fprintf( stderr, "%s: line %d: "
489 "massaged suffix '%s' is invalid\n",
490 fname, lineno, argv[ 2 ] );
497 tmp_be = select_backend( &nrnc, 0, 0 );
498 if ( tmp_be != NULL ) {
500 "%s: line %d: massaged suffix already in use by another backend in"
501 " \"suffixMassage <suffix> <massaged suffix>\"\n",
512 * The suffix massaging is emulated by means of the
513 * rewrite capabilities
514 * FIXME: no extra rewrite capabilities should be added
517 return suffix_massage_config( li->targets[ i ]->rwmap.rwm_rw,
518 &pvnc, &nvnc, &prnc, &nrnc );
520 /* rewrite stuff ... */
521 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
522 int i = li->ntargets-1;
527 "%s: line %d: need \"uri\" directive first\n",
529 #else /* LDAP_CACHING */
530 if ( strcasecmp( argv[0], "rewriteEngine" ) == 0 ) {
531 li->rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
533 return rewrite_parse(li->rwinfo, fname, lineno,
535 #endif /* LDAP_CACHING */
538 return rewrite_parse( li->targets[ i ]->rwmap.rwm_rw, fname, lineno,
541 /* objectclass/attribute mapping */
542 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
543 int i = li->ntargets-1;
547 "%s: line %d: need \"uri\" directive first\n",
552 return ldap_back_map_config( &li->targets[ i ]->rwmap.rwm_oc,
553 &li->targets[ i ]->rwmap.rwm_at,
554 fname, lineno, argc, argv );
558 if ( meta_back_cache_config( be, fname, lineno, argc, argv ) == 0 ) {
561 #endif /* LDAP_CACHING */
564 "%s: line %d: unknown directive \"%s\" in meta database definition"
566 fname, lineno, argv[0] );