instance into a virtual naming context, with attributeType
and objectClass manipulation, if required.
It requires the
-.B rwm
-.BR overlay .
+.BR slapo-rwm (5)
+overlay.
.LP
This backend and the above mentioned overlay are experimental.
.SH CONFIGURATION
.BR slapd.conf (5)
manual page; only the
.B suffix
-directive is required by the
+directive is allowed by the
.I relay
backend.
.TP
-.B relay <real naming context> [massage]
+.B relay <real naming context>
The naming context of the database that is presented
under a virtual naming context.
The presence of this directive implies that one specific database,
i.e. the one serving the
.BR "real naming context" ,
will be presented under a virtual naming context.
-This directive automatically instantiates the
-.IR "rwm overlay" .
-If the optional
-.B massage
-keyword is present, the suffix massaging is automatically
-configured as well; otherwise, specific massaging instructions
-are required by means of the
-.I rewrite
-directives described in
-.BR slapo-rwm (5).
+
+.SH MASSAGING
+The
+.B relay
+database does not automatically rewrite the naming context
+of requests and responses.
+For this purpose, the
+.BR slapo-rwm (5)
+overlay must be explicitly instantiated, and configured
+as appropriate.
+Usually, the
+.B rwm-suffixmassage
+directive suffices if only naming context rewriting is required.
.SH ACCESS RULES
One important issue is that access rules are based on the identity
databases based on details of the virtual naming context,
e.g. groups on one database and persons on another.
.LP
-.SH CAVEATS
-The
-.B rwm overlay
-is experimental.
-.LP
.SH EXAMPLES
To implement a plain virtual naming context mapping
that refers to a single database, use
.LP
.nf
- database relay
- suffix "dc=virtual,dc=naming,dc=context"
- relay "dc=real,dc=naming,dc=context" massage
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ relay "dc=real,dc=naming,dc=context"
+ overlay rwm
+ rwm-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
To implement a plain virtual naming context mapping
that looks up the real naming context for each operation, use
.LP
.nf
- database relay
- suffix "dc=virtual,dc=naming,dc=context"
- overlay rwm
- suffixmassage "dc=real,dc=naming,dc=context"
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ overlay rwm
+ rwm-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
This is useful, for instance, to relay different databases that
back from the real to the virtual naming context, use
.LP
.nf
- database relay
- suffix "dc=virtual,dc=naming,dc=context"
- relay "dc=real,dc=naming,dc=context"
- rewriteEngine on
- rewriteContext default
- rewriteRule "dc=virtual,dc=naming,dc=context"
- "dc=real,dc=naming,dc=context" ":@"
- rewriteContext searchFilter
- rewriteContext searchEntryDN
- rewriteContext searchAttrDN
- rewriteContext matchedDN
+ database relay
+ suffix "dc=virtual,dc=naming,dc=context"
+ relay "dc=real,dc=naming,dc=context"
+ overlay rwm
+ rwm-rewriteEngine on
+ rwm-rewriteContext default
+ rwm-rewriteRule "dc=virtual,dc=naming,dc=context"
+ "dc=real,dc=naming,dc=context" ":@"
+ rwm-rewriteContext searchFilter
+ rwm-rewriteContext searchEntryDN
+ rwm-rewriteContext searchAttrDN
+ rwm-rewriteContext matchedDN
.fi
.LP
-Note that the virtual database is bound to a single real database,
-so the
-.B rwm overlay
-is automatically instantiated, but the rewrite rules
-are written explicitly to map all the virtual to real
-naming context data flow, but none of the real to virtual.
+Note that the
+.BR slapo-rwm (5)
+overlay is instantiated, but the rewrite rules are written explicitly,
+rather than automatically as with the
+.B rwm-suffixmassage
+statement, to map all the virtual to real naming context data flow,
+but none of the real to virtual.
.LP
Access rules:
.LP
.nf
- database bdb
- suffix "dc=example,dc=com"
+ database bdb
+ suffix "dc=example,dc=com"
# skip...
access to dn.subtree="dc=example,dc=com"
by dn.exact="cn=Supervisor,dc=example,dc=com" write
by * read
- database relay
- suffix "o=Example,c=US"
- relay "dc=example,dc=com" massage
+ database relay
+ suffix "o=Example,c=US"
+ relay "dc=example,dc=com"
+ overlay rwm
+ rwm-suffixmassage "dc=example,dc=com"
# skip ...
access to dn.subtree="o=Example,c=US"
by dn.exact="cn=Supervisor,dc=example,dc=com" write
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
-SRCS = init.c config.c op.c
-OBJS = init.lo config.lo op.lo
+SRCS = init.c op.c
+OBJS = init.lo op.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
+++ /dev/null
-/* config.c - relay backend configuration file routine */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2004-2007 The OpenLDAP Foundation.
- * Portions Copyright 2004 Pierangelo Masarati.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by Pierangelo Masaratifor inclusion
- * in OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include "slap.h"
-#include "back-relay.h"
-
-int
-relay_back_db_config(
- BackendDB *be,
- const char *fname,
- int lineno,
- int argc,
- char **argv )
-{
- relay_back_info *ri = (struct relay_back_info *)be->be_private;
-
- if ( ri == NULL ) {
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: relay backend info is null.\n",
- fname, lineno );
- return 1;
- }
-
- /* real naming context */
- if ( strcasecmp( argv[ 0 ], "relay" ) == 0 ) {
- struct berval dn, ndn, pdn;
- int rc;
- BackendDB *bd;
-
- if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "relay dn already specified.\n",
- fname, lineno );
- return 1;
- }
-
- switch ( argc ) {
- case 3:
- if ( strcmp( argv[ 2 ], "massage" ) != 0 ) {
- Log3( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "unknown arg[#2]=\"%s\" "
- "in \"relay <dn> [massage]\" line\n",
- fname, lineno, argv[ 2 ] );
- return 1;
- }
-
- if ( be->be_nsuffix == NULL ) {
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "\"relay\" directive "
- "must appear after \"suffix\".\n",
- fname, lineno );
- return 1;
- }
-
- if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "relaying of multiple suffix "
- "database not supported.\n",
- fname, lineno );
- return 1;
- }
- /* fallthru */
-
- case 2:
- break;
-
- case 1:
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: missing relay suffix "
- "in \"relay <dn> [massage]\" line.\n",
- fname, lineno );
- return 1;
-
- default:
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: extra cruft "
- "in \"relay <dn> [massage]\" line.\n",
- fname, lineno );
- return 1;
- }
-
- /* The man page says that the "relay" directive
- * automatically instantiates slapo-rwm; I don't
- * like this very much any more, I'd prefer to
- * have automatic instantiation only when "massage"
- * is specified, so one has better control on
- * where the overlay gets instantiated, but this
- * would break compatibility. One can still control
- * where the overlay is instantiated by moving
- * around the "relay" directive, although this could
- * make slapd.conf a bit confusing. */
- if ( overlay_config( be, "rwm", -1, NULL ) ) {
- Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: unable to install "
- "rwm overlay "
- "in \"relay <dn> [massage]\" line\n",
- fname, lineno );
- return 1;
- }
-
- dn.bv_val = argv[ 1 ];
- dn.bv_len = strlen( argv[ 1 ] );
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
- if ( rc != LDAP_SUCCESS ) {
- Log3( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "relay dn \"%s\" is invalid "
- "in \"relay <dn> [massage]\" line\n",
- fname, lineno, argv[ 1 ] );
- return 1;
- }
-
- bd = select_backend( &ndn, 1 );
- if ( bd == NULL ) {
- Log3( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "cannot find database "
- "of relay dn \"%s\" "
- "in \"relay <dn> [massage]\" line\n",
- fname, lineno, argv[ 1 ] );
- rc = 1;
- goto relay_done;
-
- } else if ( bd->be_private == be->be_private ) {
- Log3( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
- "%s: line %d: "
- "relay dn \"%s\" would call self "
- "in \"relay <dn> [massage]\" line\n",
- fname, lineno, pdn.bv_val );
- rc = 1;
- goto relay_done;
- }
-
- ri->ri_realsuffix = ndn;
-
- if ( argc == 3 ) {
- char *cargv[ 4 ];
-
- cargv[ 0 ] = "rwm-suffixmassage";
- cargv[ 1 ] = be->be_suffix[0].bv_val;
- cargv[ 2 ] = pdn.bv_val;
- cargv[ 3 ] = NULL;
-
- rc = be->be_config( be, fname, lineno, 3, cargv );
- }
-
-relay_done:;
- ch_free( pdn.bv_val );
-
- return rc;
- }
-
- /* anything else */
- return SLAP_CONF_UNKNOWN;
-}
-
#include "config.h"
#include "back-relay.h"
+static ConfigDriver relay_back_cf;
+
+static ConfigTable relaycfg[] = {
+ { "relay", "relay", 2, 2, 0,
+ ARG_MAGIC|ARG_DN,
+ relay_back_cf, "( OLcfgDbAt:5.1 "
+ "NAME 'olcRelay' "
+ "DESC 'Relay DN' "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { NULL }
+};
+
+static ConfigOCs relayocs[] = {
+ { "( OLcfgDbOc:5.1 "
+ "NAME 'olcRelayConfig' "
+ "DESC 'Relay backend configuration' "
+ "SUP olcDatabaseConfig "
+ "MAY ( olcRelay "
+ ") )",
+ Cft_Database, relaycfg},
+ { NULL, 0, NULL }
+};
+
+static int
+relay_back_cf( ConfigArgs *c )
+{
+ relay_back_info *ri = ( relay_back_info * )c->be->be_private;
+ int rc = 0;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ if ( ri != NULL && !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ value_add_one( &c->rvalue_vals, &ri->ri_realsuffix );
+ return 0;
+ }
+ return 1;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ch_free( ri->ri_realsuffix.bv_val );
+ BER_BVZERO( &ri->ri_realsuffix );
+ ri->ri_bd = NULL;
+ return 0;
+ }
+ return 1;
+
+ } else {
+ BackendDB *bd;
+
+ assert( ri != NULL );
+ assert( BER_BVISNULL( &ri->ri_realsuffix ) );
+
+ if ( c->be->be_nsuffix == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "\"relay\" directive "
+ "must appear after \"suffix\"" );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ if ( !BER_BVISNULL( &c->be->be_nsuffix[ 1 ] ) ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "relaying of multiple suffix "
+ "database not supported" );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ bd = select_backend( &c->value_ndn, 1 );
+ if ( bd == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "cannot find database "
+ "of relay dn \"%s\" "
+ "in \"olcRelay <dn>\"\n",
+ c->value_dn.bv_val );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+
+ } else if ( bd->be_private == c->be->be_private ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "relay dn \"%s\" would call self "
+ "in \"relay <dn>\" line\n",
+ c->value_dn.bv_val );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ ri->ri_realsuffix = c->value_ndn;
+ BER_BVZERO( &c->value_ndn );
+
+relay_done:;
+ ch_free( c->value_dn.bv_val );
+ ch_free( c->value_ndn.bv_val );
+ }
+
+ return rc;
+}
+
int
relay_back_initialize( BackendInfo *bi )
{
bi->bi_destroy = 0;
bi->bi_db_init = relay_back_db_init;
- bi->bi_db_config = relay_back_db_config;
+ bi->bi_db_config = config_generic_wrapper;
bi->bi_db_open = relay_back_db_open;
#if 0
- bi->bi_db_close =relay_back_db_close;
+ bi->bi_db_close = relay_back_db_close;
#endif
bi->bi_db_destroy = relay_back_db_destroy;
bi->bi_connection_init = relay_back_connection_init;
bi->bi_connection_destroy = relay_back_connection_destroy;
- return 0;
+ bi->bi_cf_ocs = relayocs;
+
+ return config_register_schema( relaycfg, relayocs );
}
int
BER_BVZERO( &ri->ri_realsuffix );
ri->ri_massage = 0;
+ be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
be->be_private = (void *)ri;
return 0;
extern BI_init relay_back_initialize;
extern BI_db_init relay_back_db_init;
-extern BI_db_config relay_back_db_config;
extern BI_db_open relay_back_db_open;
extern BI_db_close relay_back_db_close;
extern BI_db_destroy relay_back_db_destroy;
* OLcfg{Bk|Db}{Oc|At}:2 -> back-ldif
* OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap
* OLcfg{Bk|Db}{Oc|At}:4 -> back-monitor
+ * OLcfg{Bk|Db}{Oc|At}:5 -> back-relay
*/
/*
database @RELAY@
suffix "o=Example,c=US"
### back-relay can automatically instantiate the rwm overlay
-#relay-relay#relay "dc=example,dc=com" massage
+#relay-relay#relay "dc=example,dc=com"
+#relay-relay#overlay rwm
+#relay-relay#rwm-suffixmassage "dc=example,dc=com"
#relay-relay#rwm-map objectClass groupOfNames groupOfUniqueNames
#relay-relay#rwm-map objectClass uidObject dcObject
#relay-relay#rwm-map attribute member uniqueMember
database @RELAY@
suffix "o=Beispiel,c=DE"
### back-relay can automatically instantiate the rwm overlay
-#relay-relay#relay "dc=example,dc=com" massage
+#relay-relay#relay "dc=example,dc=com"
+#relay-relay#overlay rwm
+#relay-relay#rwm-suffixmassage "dc=example,dc=com"
### back-ldap needs explicit instantiation of the rwm overlay
#relay-ldap#uri "@URI1@"
#relay-ldap#overlay rwm
projects / openldap / commitdiff