X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=3256dd05f09e106feb7d0f70fb1bfcec29881ddb;hb=21be582df7e13ae2c8d44e1f7f02478eb9ec0762;hp=be7c78de3501ef2d608cf5b288100c814243eacc;hpb=cfb3f815823d9a5903e71cf9162b25b152629740;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index be7c78de35..3256dd05f0 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -37,15 +37,6 @@ #include "lutil.h" #include "lber_pvt.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static void init_group_pblock( Operation *op, Entry *target, - Entry *e, struct berval *op_ndn, AttributeDescription *group_at ); -static int call_group_preop_plugins( Operation *op ); -static void call_group_postop_plugins( Operation *op ); -#endif /* LDAP_SLAPI */ - /* * If a module is configured as dynamic, its header should not * get included into slapd. While this is a general rule and does @@ -98,9 +89,8 @@ int backend_init(void) return -1; } - for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) - { - assert( bi->bi_init ); + for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) { + assert( bi->bi_init != 0 ); rc = bi->bi_init( bi ); @@ -203,10 +193,10 @@ int backend_startup_one(Backend *be) { int rc = 0; - assert( be ); + assert( be != NULL ); be->be_pending_csn_list = (struct be_pcl *) - ch_calloc( 1, sizeof( struct be_pcl )); + ch_calloc( 1, sizeof( struct be_pcl ) ); LDAP_TAILQ_INIT( be->be_pending_csn_list ); @@ -332,7 +322,6 @@ int backend_num( Backend *be ) int backend_shutdown( Backend *be ) { - int i; int rc = 0; BackendInfo *bi; @@ -393,50 +382,77 @@ int backend_shutdown( Backend *be ) return 0; } -int backend_destroy(void) +void backend_destroy_one( BackendDB *bd, int dynamic ) { - int i; - BackendDB *bd; - BackendInfo *bi; - struct slap_csn_entry *csne; + if ( dynamic ) { + LDAP_STAILQ_REMOVE(&backendDB, bd, slap_backend_db, be_next ); + } - /* destroy each backend database */ - while (( bd = LDAP_STAILQ_FIRST(&backendDB))) { - LDAP_STAILQ_REMOVE_HEAD(&backendDB, be_next); + if ( bd->be_syncinfo ) { + syncinfo_free( bd->be_syncinfo ); + } + + if ( bd->be_pending_csn_list ) { + struct slap_csn_entry *csne; + csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list ); + while ( csne ) { + struct slap_csn_entry *tmp_csne = csne; - if ( bd->be_syncinfo ) { - syncinfo_free( bd->be_syncinfo ); + LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link ); + ch_free( csne->ce_csn.bv_val ); + csne = LDAP_TAILQ_NEXT( csne, ce_csn_link ); + ch_free( tmp_csne ); } + ch_free( bd->be_pending_csn_list ); + } - if ( bd->be_pending_csn_list ) { - csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list ); - while ( csne ) { - struct slap_csn_entry *tmp_csne = csne; + if ( bd->bd_info->bi_db_destroy ) { + bd->bd_info->bi_db_destroy( bd ); + } + ber_bvarray_free( bd->be_suffix ); + ber_bvarray_free( bd->be_nsuffix ); + if ( !BER_BVISNULL( &bd->be_rootdn ) ) { + free( bd->be_rootdn.bv_val ); + } + if ( !BER_BVISNULL( &bd->be_rootndn ) ) { + free( bd->be_rootndn.bv_val ); + } + if ( !BER_BVISNULL( &bd->be_rootpw ) ) { + free( bd->be_rootpw.bv_val ); + } + acl_destroy( bd->be_acl, frontendDB->be_acl ); + limits_destroy( bd->be_limits ); + if ( bd->be_replogfile ) { + ch_free( bd->be_replogfile ); + } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } + destroy_replica_info( bd ); + if ( !BER_BVISNULL( &bd->be_update_ndn ) ) { + ch_free( bd->be_update_ndn.bv_val ); + } + if ( bd->be_update_refs ) { + ber_bvarray_free( bd->be_update_refs ); + } - LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link ); - ch_free( csne->ce_csn.bv_val ); - csne = LDAP_TAILQ_NEXT( csne, ce_csn_link ); - ch_free( tmp_csne ); - } - } - - if ( bd->bd_info->bi_db_destroy ) { - bd->bd_info->bi_db_destroy( bd ); - } - ber_bvarray_free( bd->be_suffix ); - ber_bvarray_free( bd->be_nsuffix ); - if ( !BER_BVISNULL( &bd->be_rootdn ) ) { - free( bd->be_rootdn.bv_val ); - } - if ( !BER_BVISNULL( &bd->be_rootndn ) ) { - free( bd->be_rootndn.bv_val ); - } - if ( !BER_BVISNULL( &bd->be_rootpw ) ) { - free( bd->be_rootpw.bv_val ); - } - acl_destroy( bd->be_acl, frontendDB->be_acl ); + if ( dynamic ) { free( bd ); } +} + +int backend_destroy(void) +{ + BackendDB *bd; + BackendInfo *bi; + + /* destroy each backend database */ + while (( bd = LDAP_STAILQ_FIRST(&backendDB))) { + backend_destroy_one( bd, 1 ); + } /* destroy each backend type */ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next ) { @@ -466,6 +482,17 @@ int backend_destroy(void) free( bd->be_rootpw.bv_val ); } acl_destroy( bd->be_acl, frontendDB->be_acl ); + + if ( bd->be_replogfile != NULL ) { + free( bd->be_replogfile ); + } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } + assert( bd->be_replica == NULL ); } return 0; @@ -488,9 +515,9 @@ BackendInfo* backend_info(const char *type) BackendDB * backend_db_init( - const char *type ) + const char *type, + BackendDB *be ) { - Backend *be; BackendInfo *bi = backend_info(type); int rc = 0; @@ -499,9 +526,14 @@ backend_db_init( return NULL; } - be = ch_calloc( 1, sizeof(Backend) ); - nbackends++; - LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next); + /* If be is provided, treat it as private. Otherwise allocate + * one and add it to the global list. + */ + if ( !be ) { + be = ch_calloc( 1, sizeof(Backend) ); + nbackends++; + LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next); + } be->bd_info = bi; @@ -536,7 +568,6 @@ void be_db_close( void ) { BackendDB *be; - int i; LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { if ( be->bd_info->bi_db_close ) { @@ -556,7 +587,7 @@ select_backend( int manageDSAit, int noSubs ) { - int i, j; + int j; ber_len_t len, dnlen = dn->bv_len; Backend *be, *b2 = NULL; @@ -600,7 +631,13 @@ select_backend( continue; } } else { - b2 = be; + /* If any parts of the tree are glued, use the first + * match regardless of manageDSAit. Otherwise use the + * last match. + */ + if( !( SLAP_DBFLAGS( be ) & ( SLAP_DBFLAG_GLUE_INSTANCE | + SLAP_DBFLAG_GLUE_SUBORDINATE ))) + b2 = be; } return b2; } @@ -722,45 +759,13 @@ be_entry_release_rw( int backend_unbind( Operation *op, SlapReply *rs ) { - int i = 0; BackendDB *be; LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { -#if defined( LDAP_SLAPI ) - if ( op->o_pb ) { - int rc; - if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)be ); - rc = slapi_int_call_plugins( be, - SLAPI_PLUGIN_PRE_UNBIND_FN, (Slapi_PBlock *)op->o_pb ); - if ( rc < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, - "do_bind: Unbind preoperation plugin failed\n", - 0, 0, 0); - return 0; - } - } -#endif /* defined( LDAP_SLAPI ) */ - if ( be->be_unbind ) { op->o_bd = be; be->be_unbind( op, rs ); } - -#if defined( LDAP_SLAPI ) - if ( op->o_pb != NULL && slapi_int_call_plugins( be, - SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 ) - { - Debug(LDAP_DEBUG_TRACE, - "do_unbind: Unbind postoperation plugins failed\n", - 0, 0, 0); - } -#endif /* defined( LDAP_SLAPI ) */ - i++; } return 0; @@ -774,7 +779,7 @@ backend_connection_init( LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { if ( be->be_connection_init ) { - be->be_connection_init( be, conn); + be->be_connection_init( be, conn ); } } @@ -855,6 +860,15 @@ backend_check_controls( } } + /* temporarily removed */ +#if 0 + /* check should be generalized */ + if( get_manageDIT(op) && !be_isroot(op)) { + rs->sr_text = "requires manager authorization"; + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + } +#endif + done:; return rs->sr_err; } @@ -1195,23 +1209,21 @@ be_entry_get_rw( int rw, Entry **e ) { - int rc; - *e = NULL; - if (op->o_bd == NULL) { - rc = LDAP_NO_SUCH_OBJECT; - } else if ( op->o_bd->be_fetch ) { - rc = ( op->o_bd->be_fetch )( op, ndn, - oc, at, rw, e ); - } else { - rc = LDAP_UNWILLING_TO_PERFORM; + if ( op->o_bd == NULL ) { + return LDAP_NO_SUCH_OBJECT; } - return rc; + + if ( op->o_bd->be_fetch ) { + return op->o_bd->be_fetch( op, ndn, oc, at, rw, e ); + } + + return LDAP_UNWILLING_TO_PERFORM; } int -backend_group( +fe_acl_group( Operation *op, Entry *target, struct berval *gr_ndn, @@ -1220,13 +1232,12 @@ backend_group( AttributeDescription *group_at ) { Entry *e; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a; int rc; GroupAssertion *g; Backend *be = op->o_bd; - if ( op->o_abandon ) return SLAPD_ABANDON; - op->o_bd = select_backend( gr_ndn, 0, 0 ); for ( g = op->o_groups; g; g = g->ga_next ) { @@ -1249,20 +1260,12 @@ backend_group( e = target; rc = 0; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { -#ifdef LDAP_SLAPI - if ( op->o_pb != NULL ) { - init_group_pblock( op, target, e, op_ndn, group_at ); - - rc = call_group_preop_plugins( op ); - if ( rc == LDAP_SUCCESS ) { - goto done; - } - } -#endif /* LDAP_SLAPI */ - a = attr_find( e->e_attrs, group_at ); if ( a ) { /* If the attribute is a subtype of labeledURI, treat this as @@ -1276,13 +1279,17 @@ backend_group( struct berval bv, nbase; Filter *filter; Entry *user; + void *user_priv = NULL; Backend *b2 = op->o_bd; if ( target && dn_match( &target->e_nname, op_ndn ) ) { user = target; } else { op->o_bd = select_backend( op_ndn, 0, 0 ); + op->o_private = NULL; rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user ); + user_priv = op->o_private; + op->o_private = o_priv; } if ( rc == 0 ) { @@ -1324,14 +1331,12 @@ backend_group( goto loopit; } break; -#ifdef LDAP_SCOPE_SUBORDINATE case LDAP_SCOPE_SUBORDINATE: if ( dn_match( &nbase, op_ndn ) || !dnIsSuffix( op_ndn, &nbase ) ) { goto loopit; } -#endif } filter = str2filter_x( op, ludp->lud_filter ); if ( filter ) { @@ -1350,7 +1355,9 @@ loopit: if ( rc == 0 ) break; } if ( user != target ) { + op->o_private = user_priv; be_entry_release_r( op, user ); + op->o_private = o_priv; } } op->o_bd = b2; @@ -1365,17 +1372,15 @@ loopit: } else { rc = LDAP_NO_SUCH_ATTRIBUTE; } - if (e != target ) { + if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } } else { rc = LDAP_NO_SUCH_OBJECT; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_group_postop_plugins( op ); -#endif /* LDAP_SLAPI */ - if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) { g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len, op->o_tmpmemctx ); @@ -1393,60 +1398,38 @@ done: return rc; } -#ifdef LDAP_SLAPI -static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) +int +backend_group( + Operation *op, + Entry *target, + struct berval *gr_ndn, + struct berval *op_ndn, + ObjectClass *group_oc, + AttributeDescription *group_at ) { - BerVarray v; - int rc; - BerVarray *vals = (BerVarray *)c->cac_private; - Operation *op = NULL; - int i, j; - - slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op ); - if ( op == NULL ) { - return 1; - } + int rc; + BackendDB *be_orig; - if ( op->o_conn && access_allowed( op, - e, a->a_desc, NULL, ACL_AUTH, - &c->cac_acl_state ) == 0 ) { - return 1; + if ( op->o_abandon ) { + return SLAPD_ABANDON; } - for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ; - - v = op->o_tmpalloc( sizeof(struct berval) * (i+1), - op->o_tmpmemctx ); - for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) { - if ( op->o_conn && access_allowed( op, - e, a->a_desc, - &a->a_nvals[i], - ACL_AUTH, &c->cac_acl_state ) == 0 ) { - continue; - } - ber_dupbv_x( &v[j], - &a->a_nvals[i], op->o_tmpmemctx ); - if ( !BER_BVISNULL( &v[j] ) ) { - j++; - } - } - - if ( j == 0 ) { - op->o_tmpfree( v, op->o_tmpmemctx ); - *vals = NULL; - rc = 1; - } else { - BER_BVZERO( &v[j] ); - *vals = v; - rc = 0; - } + be_orig = op->o_bd; + op->o_bd = frontendDB; +#ifdef SLAP_OVERLAY_ACCESS + rc = frontendDB->be_group( op, target, gr_ndn, + op_ndn, group_oc, group_at ); +#else /* ! SLAP_OVERLAY_ACCESS */ + rc = fe_acl_group( op, target, gr_ndn, + op_ndn, group_oc, group_at ); +#endif /* ! SLAP_OVERLAY_ACCESS */ + op->o_bd = be_orig; return rc; } -#endif /* LDAP_SLAPI */ int -backend_attribute( +fe_acl_attribute( Operation *op, Entry *target, struct berval *edn, @@ -1455,6 +1438,7 @@ backend_attribute( slap_access_t access ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a = NULL; int freeattr = 0, i, j, rc = LDAP_SUCCESS; AccessControlState acl_state = ACL_STATE_INIT; @@ -1466,10 +1450,26 @@ backend_attribute( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { + if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children ) { + assert( vals == NULL ); + + rc = LDAP_SUCCESS; + if ( op->o_conn && access > ACL_NONE && + access_allowed( op, e, entry_at, NULL, + access, &acl_state ) == 0 ) + { + rc = LDAP_INSUFFICIENT_ACCESS; + } + goto freeit; + } + a = attr_find( e->e_attrs, entry_at ); if ( a == NULL ) { SlapReply rs = { 0 }; @@ -1541,31 +1541,10 @@ backend_attribute( rc = LDAP_SUCCESS; } } -#ifdef LDAP_SLAPI - else if ( op->o_pb ) { - /* try any computed attributes */ - computed_attr_context ctx; - - slapi_int_pblock_set_operation( op->o_pb, op ); - - ctx.cac_pb = op->o_pb; - ctx.cac_attrs = NULL; - ctx.cac_userattrs = 0; - ctx.cac_opattrs = 0; - ctx.cac_acl_state = acl_state; - ctx.cac_private = (void *)vals; - - rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ); - if ( rc == 1 ) { - rc = LDAP_INSUFFICIENT_ACCESS; - - } else { - rc = LDAP_SUCCESS; - } - } -#endif /* LDAP_SLAPI */ freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a ); @@ -1576,20 +1555,31 @@ freeit: if ( e != target ) { return rc; } -#ifdef LDAP_SLAPI -static int backend_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) +int +backend_attribute( + Operation *op, + Entry *target, + struct berval *edn, + AttributeDescription *entry_at, + BerVarray *vals, + slap_access_t access ) { - struct berval *nval = (struct berval *)c->cac_private; - Operation *op = NULL; + int rc; + BackendDB *be_orig; - slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op ); - if ( op == NULL ) { - return 1; - } + be_orig = op->o_bd; + op->o_bd = frontendDB; +#ifdef SLAP_OVERLAY_ACCESS + rc = frontendDB->be_attribute( op, target, edn, + entry_at, vals, access ); +#else /* !SLAP_OVERLAY_ACCESS */ + rc = fe_acl_attribute( op, target, edn, + entry_at, vals, access ); +#endif /* !SLAP_OVERLAY_ACCESS */ + op->o_bd = be_orig; - return access_allowed( op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0; + return rc; } -#endif /* LDAP_SLAPI */ int backend_access( @@ -1602,13 +1592,14 @@ backend_access( slap_mask_t *mask ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; int rc = LDAP_INSUFFICIENT_ACCESS; Backend *be = op->o_bd; /* pedantic */ - assert( op ); - assert( op->o_conn ); - assert( edn ); + assert( op != NULL ); + assert( op->o_conn != NULL ); + assert( edn != NULL ); assert( access > ACL_NONE ); op->o_bd = select_backend( edn, 0, 0 ); @@ -1617,7 +1608,10 @@ backend_access( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { @@ -1679,31 +1673,11 @@ backend_access( } rc = LDAP_SUCCESS; } -#ifdef LDAP_SLAPI - else if ( op->o_pb ) { - /* try any computed attributes */ - computed_attr_context ctx; - - slapi_int_pblock_set_operation( op->o_pb, op ); - - ctx.cac_pb = op->o_pb; - ctx.cac_attrs = NULL; - ctx.cac_userattrs = 0; - ctx.cac_opattrs = 0; - ctx.cac_private = (void *)nval; - - rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr_access ); - if ( rc == 1 ) { - rc = LDAP_INSUFFICIENT_ACCESS; - - } else { - rc = LDAP_SUCCESS; - } - } -#endif /* LDAP_SLAPI */ } freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a ); @@ -1714,13 +1688,14 @@ freeit: if ( e != target ) { return rc; } -int backend_operational( +int +fe_aux_operational( Operation *op, SlapReply *rs ) { - Attribute **ap; - int rc = 0; - BackendDB *be_orig; + Attribute **ap; + int rc = 0; + BackendDB *be_orig; for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next ) /* just count them */ ; @@ -1744,59 +1719,35 @@ int backend_operational( ap = &(*ap)->a_next; } - /* Let the overlays have a chance at this */ - be_orig = op->o_bd; - if ( SLAP_ISOVERLAY( be_orig ) ) - op->o_bd = select_backend( be_orig->be_nsuffix, 0, 0 ); - - if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && - op->o_bd && op->o_bd->be_operational != NULL ) + if ( op->o_bd != NULL ) { - rc = op->o_bd->be_operational( op, rs ); + /* Let the overlays have a chance at this */ + be_orig = op->o_bd; + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + if ( !be_match( op->o_bd, frontendDB ) && + ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && + op->o_bd != NULL && op->o_bd->be_operational != NULL ) + { + rc = op->o_bd->be_operational( op, rs ); + } + op->o_bd = be_orig; } - op->o_bd = be_orig; return rc; } -#ifdef LDAP_SLAPI -static void init_group_pblock( Operation *op, Entry *target, - Entry *e, struct berval *op_ndn, AttributeDescription *group_at ) -{ - slapi_int_pblock_set_operation( op->o_pb, op ); - - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_ENTRY, (void *)e ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); -} - -static int call_group_preop_plugins( Operation *op ) +int backend_operational( Operation *op, SlapReply *rs ) { int rc; + BackendDB *be_orig; - rc = slapi_int_call_plugins( op->o_bd, - SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); - if ( rc < 0 ) { - if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) - { - rc = LDAP_NO_SUCH_ATTRIBUTE; - } - } else { - rc = LDAP_SUCCESS; - } + /* Moved this into the frontend so global overlays are called */ - return rc; -} + be_orig = op->o_bd; + op->o_bd = frontendDB; + rc = frontendDB->be_operational( op, rs ); + op->o_bd = be_orig; -static void call_group_postop_plugins( Operation *op ) -{ - (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb ); + return rc; } -#endif /* LDAP_SLAPI */