2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2005 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
41 struct ldapmapping *mapping;
43 mt = ch_malloc( sizeof( metatarget_t ) );
47 memset( mt, 0, sizeof( metatarget_t ) );
49 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
50 if ( mt->mt_rwmap.rwm_rw == NULL ) {
59 * the filter rewrite as a string must be disabled
60 * by default; it can be re-enabled by adding rules;
61 * this creates an empty rewriteContext
63 rargv[ 0 ] = "rewriteContext";
64 rargv[ 1 ] = "searchFilter";
66 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>",
69 rargv[ 0 ] = "rewriteContext";
70 rargv[ 1 ] = "default";
72 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>",
76 ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
78 mt->mt_nretries = META_RETRY_UNDEFINED;
92 metainfo_t *mi = ( metainfo_t * )be->be_private;
96 "%s: line %d: meta backend info is null!\n",
101 /* URI of server to query */
102 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
103 int i = mi->mi_ntargets;
106 #endif /* uncomment if uri MUST be a branch of suffix */
107 LDAPURLDesc *ludp, *tmpludp;
113 "%s: line %d: missing address"
114 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
121 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
122 sizeof( metatarget_t * ) * mi->mi_ntargets );
123 if ( mi->mi_targets == NULL ) {
125 "%s: line %d: out of memory while storing server name"
126 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
131 if ( ( mi->mi_targets[ i ] = new_target() ) == NULL ) {
133 "%s: line %d: unable to init server"
134 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
139 mi->mi_targets[ i ]->mt_nretries = mi->mi_nretries;
144 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS ) {
146 "%s: line %d: unable to parse URI"
147 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
153 * uri MUST have the <dn> part!
155 if ( ludp->lud_dn == NULL || ludp->lud_dn[ 0 ] == '\0' ) {
157 "%s: line %d: missing <naming context> "
158 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
164 * copies and stores uri and suffix
166 dn.bv_val = ludp->lud_dn;
167 dn.bv_len = strlen( ludp->lud_dn );
169 rc = dnPrettyNormal( NULL, &dn, &mi->mi_targets[ i ]->mt_psuffix,
170 &mi->mi_targets[ i ]->mt_nsuffix, NULL );
171 if( rc != LDAP_SUCCESS ) {
172 fprintf( stderr, "%s: line %d: "
173 "target '%s' DN is invalid\n",
174 fname, lineno, argv[ 1 ] );
178 ludp->lud_dn[ 0 ] = '\0';
180 /* check all, to apply the scope check on the first one */
181 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
182 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
183 fprintf( stderr, "%s: line %d: "
184 "multiple URIs must have "
191 if ( tmpludp->lud_scope == LDAP_SCOPE_BASE ) {
192 tmpludp->lud_scope = LDAP_SCOPE_DEFAULT;
196 mi->mi_targets[ i ]->mt_uri = ldap_url_list2urls( ludp );
197 ldap_free_urllist( ludp );
198 if ( mi->mi_targets[ i ]->mt_uri == NULL) {
199 fprintf( stderr, "%s: line %d: no memory?\n",
205 * uri MUST be a branch of suffix!
207 #if 0 /* too strict a constraint */
208 if ( select_backend( &mi->mi_targets[ i ]->suffix, 0, 0 ) != be ) {
210 "%s: line %d: <naming context> of URI does not refer to current backend"
211 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
217 * uri MUST be a branch of a suffix!
219 if ( select_backend( &mi->mi_targets[ i ]->mt_nsuffix, 0, 0 ) == NULL ) {
221 "%s: line %d: <naming context> of URI does not resolve to a backend"
222 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
230 * uri MUST not be used by other URIs!
232 * FIXME: this limitation may be removed,
233 * or worked out, at least, in some manner
235 for ( j = 0; j < i-1; j++ ) {
236 if ( dn_match( &mi->mi_targets[ i ]->suffix,
237 &mi->mi_targets[ j ]->suffix ) ) {
239 "%s: line %d: naming context \"%s\" already used"
240 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
241 fname, lineno, last+1 );
248 fprintf(stderr, "%s: line %d: URI \"%s\", suffix \"%s\"\n",
249 fname, lineno, mi->mi_targets[ i ]->uri,
250 mi->mi_targets[ i ]->psuffix.bv_val );
253 /* default target directive */
254 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
255 int i = mi->mi_ntargets - 1;
260 "%s: line %d: \"default-target\" alone need be"
261 " inside a \"uri\" directive\n",
265 mi->mi_defaulttarget = i;
267 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
270 "%s: line %d: \"default-target none\""
271 " should go before uri definitions\n",
274 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
278 int n = strtol( argv[ 1 ], &next, 10 );
279 if ( n < 0 || n >= i - 1 ) {
281 "%s: line %d: illegal target number %d\n",
285 mi->mi_defaulttarget = n;
289 /* ttl of dn cache */
290 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
293 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
298 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
299 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
300 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
301 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
303 mi->mi_cache.ttl = atol( argv[ 1 ] );
306 /* network timeout when connecting to ldap servers */
307 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
310 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
314 mi->mi_network_timeout = atol(argv[ 1 ]);
316 /* name to use for meta_back_group */
317 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
318 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
320 int i = mi->mi_ntargets - 1;
325 "%s: line %d: need \"uri\" directive first\n",
332 "%s: line %d: missing name in \"binddn <name>\" line\n",
337 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
338 fprintf( stderr, "%s: line %d: "
339 "\"binddn\" statement is deprecated; "
340 "use \"acl-authcDN\" instead\n",
342 /* FIXME: some day we'll need to throw an error */
345 dn.bv_val = argv[ 1 ];
346 dn.bv_len = strlen( argv[ 1 ] );
347 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
348 NULL ) != LDAP_SUCCESS )
350 fprintf( stderr, "%s: line %d: "
351 "bind DN '%s' is invalid\n",
352 fname, lineno, argv[ 1 ] );
356 /* password to use for meta_back_group */
357 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
358 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
360 int i = mi->mi_ntargets - 1;
364 "%s: line %d: need \"uri\" directive first\n",
371 "%s: line %d: missing password in \"bindpw <password>\" line\n",
376 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
377 fprintf( stderr, "%s: line %d: "
378 "\"bindpw\" statement is deprecated; "
379 "use \"acl-passwd\" instead\n",
381 /* FIXME: some day we'll need to throw an error */
384 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
386 /* save bind creds for referral rebinds? */
387 } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
390 "%s: line %d: rebind-as-user takes no arguments\n",
395 mi->flags |= LDAP_BACK_F_SAVECRED;
397 } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
400 "%s: line %d: \"chase-referrals\" takes no arguments\n",
405 mi->flags |= LDAP_BACK_F_CHASE_REFERRALS;
407 } else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
410 "%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
415 mi->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
417 } else if ( strncasecmp( argv[0], "tls-", STRLENOF( "tls-" ) ) == 0 ) {
420 if ( strcasecmp( argv[0], "tls-start" ) == 0 ) {
423 "%s: line %d: tls-start takes no arguments\n",
427 mi->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
430 } else if ( strcasecmp( argv[0], "tls-try-start" ) == 0 ) {
433 "%s: line %d: tls-try-start takes no arguments\n",
437 mi->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
438 mi->flags |= LDAP_BACK_F_USE_TLS;
440 /* propagate start tls */
441 } else if ( strcasecmp( argv[0], "tls-propagate" ) == 0 ) {
444 "%s: line %d: tls-propagate takes no arguments\n",
448 mi->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
451 } else if ( strcasecmp( argv[0], "tls-try-propagate" ) == 0 ) {
454 "%s: line %d: tls-try-propagate takes no arguments\n",
458 mi->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
459 mi->flags |= LDAP_BACK_F_PROPAGATE_TLS;
462 /* name to use as pseudo-root dn */
463 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
464 int i = mi->mi_ntargets - 1;
469 "%s: line %d: need \"uri\" directive first\n",
476 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
481 dn.bv_val = argv[ 1 ];
482 dn.bv_len = strlen( argv[ 1 ] );
483 if ( dnNormalize( 0, NULL, NULL, &dn,
484 &mi->mi_targets[ i ]->mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
486 fprintf( stderr, "%s: line %d: "
487 "pseudoroot DN '%s' is invalid\n",
488 fname, lineno, argv[ 1 ] );
492 /* password to use as pseudo-root */
493 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
494 int i = mi->mi_ntargets - 1;
498 "%s: line %d: need \"uri\" directive first\n",
505 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
509 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_pseudorootpw );
512 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
514 int i = mi->mi_ntargets - 1;
515 struct berval dn, nvnc, pvnc, nrnc, prnc;
519 "%s: line %d: need \"uri\" directive first\n",
527 * suffixmassage <suffix> <massaged suffix>
529 * the <suffix> field must be defined as a valid suffix
530 * (or suffixAlias?) for the current database;
531 * the <massaged suffix> shouldn't have already been
532 * defined as a valid suffix or suffixAlias for the
537 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
542 dn.bv_val = argv[ 1 ];
543 dn.bv_len = strlen( argv[ 1 ] );
544 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
545 fprintf( stderr, "%s: line %d: "
546 "suffix '%s' is invalid\n",
547 fname, lineno, argv[ 1 ] );
551 tmp_be = select_backend( &nvnc, 0, 0 );
552 if ( tmp_be != NULL && tmp_be != be ) {
554 "%s: line %d: suffix already in use by another backend in"
555 " \"suffixMassage <suffix> <massaged suffix>\"\n",
562 dn.bv_val = argv[ 2 ];
563 dn.bv_len = strlen( argv[ 2 ] );
564 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
565 fprintf( stderr, "%s: line %d: "
566 "massaged suffix '%s' is invalid\n",
567 fname, lineno, argv[ 2 ] );
574 tmp_be = select_backend( &nrnc, 0, 0 );
575 if ( tmp_be != NULL ) {
577 "%s: line %d: massaged suffix already in use by another backend in"
578 " \"suffixMassage <suffix> <massaged suffix>\"\n",
589 * The suffix massaging is emulated by means of the
590 * rewrite capabilities
591 * FIXME: no extra rewrite capabilities should be added
594 return suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
595 &pvnc, &nvnc, &prnc, &nrnc );
597 /* rewrite stuff ... */
598 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
599 int i = mi->mi_ntargets - 1;
602 fprintf( stderr, "%s: line %d: \"rewrite\" "
603 "statement outside target definition.\n",
608 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
609 fname, lineno, argc, argv );
611 /* objectclass/attribute mapping */
612 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
613 int i = mi->mi_ntargets - 1;
617 "%s: line %d: need \"uri\" directive first\n",
622 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
623 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
624 fname, lineno, argc, argv );
626 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
627 int i = mi->mi_ntargets - 1;
628 int nretries = META_RETRY_UNDEFINED;
632 "%s: line %d: need value in \"nretries <value>\"\n",
637 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
638 nretries = META_RETRY_FOREVER;
640 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
641 nretries = META_RETRY_NEVER;
646 nretries = strtol( argv[ 1 ], &next, 10 );
647 if ( next == argv[ 1 ] || next[ 0 ] != '\0' ) {
649 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
650 fname, lineno, argv[ 1 ] );
656 mi->mi_nretries = nretries;
659 mi->mi_targets[ i ]->mt_nretries = nretries;
664 return SLAP_CONF_UNKNOWN;
670 ldap_back_map_config(
671 struct ldapmap *oc_map,
672 struct ldapmap *at_map,
679 struct ldapmapping *mapping;
683 if ( argc < 3 || argc > 4 ) {
685 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
690 if ( strcasecmp( argv[1], "objectclass" ) == 0 ) {
694 } else if ( strcasecmp( argv[1], "attribute" ) == 0 ) {
698 fprintf( stderr, "%s: line %d: syntax is "
699 "\"map {objectclass | attribute} [<local> | *] "
700 "{<foreign> | *}\"\n",
705 if ( strcmp( argv[2], "*" ) == 0 ) {
706 if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
707 map->drop_missing = ( argc < 4 );
712 } else if ( argc < 4 ) {
718 dst = ( strcmp( argv[3], "*" ) == 0 ? src : argv[3] );
721 if ( ( map == at_map )
722 && ( strcasecmp( src, "objectclass" ) == 0
723 || strcasecmp( dst, "objectclass" ) == 0 ) )
726 "%s: line %d: objectclass attribute cannot be mapped\n",
730 mapping = (struct ldapmapping *)ch_calloc( 2,
731 sizeof(struct ldapmapping) );
732 if ( mapping == NULL ) {
734 "%s: line %d: out of memory\n",
738 ber_str2bv( src, 0, 1, &mapping->src );
739 ber_str2bv( dst, 0, 1, &mapping->dst );
740 mapping[1].src = mapping->dst;
741 mapping[1].dst = mapping->src;
747 if ( src[0] != '\0' ) {
748 if ( oc_bvfind( &mapping->src ) == NULL ) {
750 "%s: line %d: warning, source objectClass '%s' "
751 "should be defined in schema\n",
752 fname, lineno, src );
755 * FIXME: this should become an err
761 if ( oc_bvfind( &mapping->dst ) == NULL ) {
763 "%s: line %d: warning, destination objectClass '%s' "
764 "is not defined in schema\n",
765 fname, lineno, dst );
769 const char *text = NULL;
770 AttributeDescription *ad = NULL;
772 if ( src[0] != '\0' ) {
773 rc = slap_bv2ad( &mapping->src, &ad, &text );
774 if ( rc != LDAP_SUCCESS ) {
776 "%s: line %d: warning, source attributeType '%s' "
777 "should be defined in schema\n",
778 fname, lineno, src );
781 * FIXME: this should become an err
789 rc = slap_bv2ad( &mapping->dst, &ad, &text );
790 if ( rc != LDAP_SUCCESS ) {
792 "%s: line %d: warning, destination attributeType '%s' "
793 "is not defined in schema\n",
794 fname, lineno, dst );
798 if ( (src[0] != '\0' && avl_find( map->map, (caddr_t)mapping, mapping_cmp ) != NULL)
799 || avl_find( map->remap, (caddr_t)&mapping[1], mapping_cmp ) != NULL)
802 "%s: line %d: duplicate mapping found (ignored)\n",
807 if ( src[0] != '\0' ) {
808 avl_insert( &map->map, (caddr_t)mapping,
809 mapping_cmp, mapping_dup );
811 avl_insert( &map->remap, (caddr_t)&mapping[1],
812 mapping_cmp, mapping_dup );
818 ch_free( mapping->src.bv_val );
819 ch_free( mapping->dst.bv_val );
827 #ifdef ENABLE_REWRITE
829 suffix_massage_regexize( const char *s )
836 ( r = strchr( p, ',' ) ) != NULL;
840 res = ch_calloc( sizeof( char ), strlen( s ) + 4 + 4*i + 1 );
842 ptr = lutil_strcopy( res, "(.*)" );
844 ( r = strchr( p, ',' ) ) != NULL;
846 ptr = lutil_strncopy( ptr, p, r - p + 1 );
847 ptr = lutil_strcopy( ptr, "[ ]?" );
849 if ( r[ 1 ] == ' ' ) {
853 lutil_strcopy( ptr, p );
859 suffix_massage_patternize( const char *s )
866 res = ch_calloc( sizeof( char ), len + sizeof( "%1" ) );
872 strcpy( res + sizeof( "%1" ) - 1, s );
878 suffix_massage_config(
879 struct rewrite_info *info,
889 rargv[ 0 ] = "rewriteEngine";
892 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
894 rargv[ 0 ] = "rewriteContext";
895 rargv[ 1 ] = "default";
897 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
899 rargv[ 0 ] = "rewriteRule";
900 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
901 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val );
904 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
905 ch_free( rargv[ 1 ] );
906 ch_free( rargv[ 2 ] );
908 rargv[ 0 ] = "rewriteContext";
909 rargv[ 1 ] = "searchEntryDN";
911 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
913 rargv[ 0 ] = "rewriteRule";
914 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
915 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val );
918 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
919 ch_free( rargv[ 1 ] );
920 ch_free( rargv[ 2 ] );
922 /* backward compatibility */
923 rargv[ 0 ] = "rewriteContext";
924 rargv[ 1 ] = "searchResult";
925 rargv[ 2 ] = "alias";
926 rargv[ 3 ] = "searchEntryDN";
928 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
930 rargv[ 0 ] = "rewriteContext";
931 rargv[ 1 ] = "matchedDN";
932 rargv[ 2 ] = "alias";
933 rargv[ 3 ] = "searchEntryDN";
935 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
937 rargv[ 0 ] = "rewriteContext";
938 rargv[ 1 ] = "searchAttrDN";
939 rargv[ 2 ] = "alias";
940 rargv[ 3 ] = "searchEntryDN";
942 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
944 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
945 * see servers/slapd/overlays/rwm.h for details */
946 rargv[ 0 ] = "rewriteContext";
947 rargv[ 1 ] = "referralAttrDN";
949 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
951 rargv[ 0 ] = "rewriteContext";
952 rargv[ 1 ] = "referralDN";
954 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
958 #endif /* ENABLE_REWRITE */