slap_schema.si_oc_dynamicObject, NULL, 0, &e );
if ( rc == LDAP_SUCCESS && e != NULL ) {
if ( !is_dynamicObject ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, e,
rc = rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
send_ldap_error( op, rs, rc, "no static subordinate entries allowed for dynamicObject" );
}
char ttlbuf[] = "31557600";
char tsbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
struct berval bv;
-
- ldap_pvt_thread_mutex_lock( &di->di_mutex );
- rs->sr_err = ( di->di_max_dynamicObjects &&
- di->di_num_dynamicObjects >= di->di_max_dynamicObjects );
- ldap_pvt_thread_mutex_unlock( &di->di_mutex );
- if ( rs->sr_err ) {
- op->o_bd->bd_info = (BackendInfo *)on->on_info;
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "too many dynamicObjects in context" );
- return rs->sr_err;
+
+ if ( !be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
+ ldap_pvt_thread_mutex_lock( &di->di_mutex );
+ rs->sr_err = ( di->di_max_dynamicObjects &&
+ di->di_num_dynamicObjects >= di->di_max_dynamicObjects );
+ ldap_pvt_thread_mutex_unlock( &di->di_mutex );
+ if ( rs->sr_err ) {
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "too many dynamicObjects in context" );
+ return rs->sr_err;
+ }
}
ttl = DDS_DEFAULT_TTL( di );
if ( BER_BVISEMPTY( &bv_entryTtl )
|| !bvmatch( &bv_entryTtl, &mod->sml_values[ 0 ] ) )
{
-#ifdef SLAP_ACL_HONOR_DISCLOSE
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
}
goto done;
assert( BER_BVISNULL( &mod->sml_values[ 1 ] ) );
if ( !BER_BVISEMPTY( &bv_entryTtl ) ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
rs->sr_text = "attribute 'entryTtl' cannot have multiple values";
rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
}
case LDAP_MOD_INCREMENT:
if ( BER_BVISEMPTY( &bv_entryTtl ) ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
rs->sr_text = "modify/increment: entryTtl: no such attribute";
}
}
if ( rs->sr_err != LDAP_SUCCESS ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
rc = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rc == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
goto done;
}
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
}
-#ifdef SLAP_ACL_HONOR_DISCLOSE
if ( rc != LDAP_SUCCESS ) {
rc = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
}
}
tmpmod->sml_op = LDAP_MOD_REPLACE;
value_add_one( &tmpmod->sml_values, &bv );
+ value_add_one( &tmpmod->sml_nvalues, &bv );
}
}
slap_schema.si_oc_dynamicObject, NULL, 0, &e );
if ( rc == LDAP_SUCCESS && e != NULL ) {
if ( !is_dynamicObject ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, e,
rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
"static entry cannot have dynamicObject as newSuperior" );
}
ttl = di->di_min_ttl;
}
-#ifndef SLAPD_MULTIMASTER
/* This does not apply to multi-master case */
- if ( !( !SLAP_SHADOW( op->o_bd ) || be_isupdate( op ) ) ) {
+ if ( !( !SLAP_SINGLE_SHADOW( op->o_bd ) || be_isupdate( op ) ) ) {
/* we SHOULD return a referral in this case */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
return rs->sr_err;
}
-#endif /* !SLAPD_MULTIMASTER */
assert( !BER_BVISNULL( &op->o_req_ndn ) );
rs->sr_err = be_entry_get_rw( op, &op->o_req_ndn,
NULL, NULL, 0, &e );
if ( rs->sr_err == LDAP_SUCCESS && e != NULL ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, e,
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
- {
+ } else {
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "refresh operation only applies to dynamic objects";
}
goto done;
}
-#ifndef SLAPD_MULTIMASTER
- if ( SLAP_SHADOW( be ) ) {
+ if ( SLAP_SINGLE_SHADOW( be ) ) {
Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"DDS incompatible with shadow database \"%s\".\n",
be->be_suffix[ 0 ].bv_val );
return 1;
}
-#endif /* ! SLAPD_MULTIMASTER */
if ( di->di_max_ttl == 0 ) {
di->di_max_ttl = DDS_RF2589_DEFAULT_TTL;
di->di_suffix = be->be_suffix;
di->di_nsuffix = be->be_nsuffix;
- /* force deletion of expired entries... */
- be->bd_info = (BackendInfo *)on->on_info;
- rc = dds_expire( thrctx, di );
- be->bd_info = (BackendInfo *)on;
- if ( rc != LDAP_SUCCESS ) {
- rc = 1;
- goto done;
- }
-
/* ... so that count, if required, is accurate */
if ( di->di_max_dynamicObjects > 0 ) {
+ /* force deletion of expired entries... */
+ be->bd_info = (BackendInfo *)on->on_info;
+ rc = dds_expire( thrctx, di );
+ be->bd_info = (BackendInfo *)on;
+ if ( rc != LDAP_SUCCESS ) {
+ rc = 1;
+ goto done;
+ }
+
rc = dds_count( thrctx, be );
if ( rc != LDAP_SUCCESS ) {
rc = 1;
} s_at[] = {
{ "entryExpireTimestamp", "( 1.3.6.1.4.1.4203.666.1.57 "
"NAME ( 'entryExpireTimestamp' ) "
- "DESC 'RFC2589 extension: expire time of a dynamic object, "
- "computed as modifyTimestamp + entryTtl' "
+ "DESC 'RFC2589 OpenLDAP extension: expire time of a dynamic object, "
+ "computed as now + entryTtl' "
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
do_not_load_schema = no;
} else {
- Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"DDS unknown module arg[#%d]=\"%s\".\n",
i, argv[ i ] );
return 1;