From: Pierangelo Masarati Date: Tue, 21 Aug 2007 14:52:43 +0000 (+0000) Subject: add support for tree delete along with minor fixes (portions ITS#3497) X-Git-Tag: OPENLDAP_REL_ENG_2_4_MP~156 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9066d1429095c0648097fd9c9ded110c28e85e85;p=openldap add support for tree delete along with minor fixes (portions ITS#3497) --- diff --git a/servers/slapd/back-sql/back-sql.h b/servers/slapd/back-sql/back-sql.h index 7f336724ee..98d06bc5e6 100644 --- a/servers/slapd/back-sql/back-sql.h +++ b/servers/slapd/back-sql/back-sql.h @@ -266,31 +266,6 @@ typedef struct backsql_api { struct backsql_api *ba_next; } backsql_api; -/* - * Entry ID structure - */ -typedef struct backsql_entryID { - /* #define BACKSQL_ARBITRARY_KEY to allow a non-numeric key. - * It is required by some special applications that use - * strings as keys for the main table. - * In this case, #define BACKSQL_MAX_KEY_LEN consistently - * with the key size definition */ -#ifdef BACKSQL_ARBITRARY_KEY - struct berval eid_id; - struct berval eid_keyval; -#define BACKSQL_MAX_KEY_LEN 64 -#else /* ! BACKSQL_ARBITRARY_KEY */ - /* The original numeric key is maintained as default. */ - unsigned long eid_id; - unsigned long eid_keyval; -#endif /* ! BACKSQL_ARBITRARY_KEY */ - - unsigned long eid_oc_id; - struct berval eid_dn; - struct berval eid_ndn; - struct backsql_entryID *eid_next; -} backsql_entryID; - #ifdef BACKSQL_ARBITRARY_KEY #define BACKSQL_ENTRYID_INIT { BER_BVNULL, BER_BVNULL, 0, BER_BVNULL, BER_BVNULL, NULL } #else /* ! BACKSQL_ARBITRARY_KEY */ @@ -397,14 +372,43 @@ typedef struct berbuf { #define BB_NULL { BER_BVNULL, 0 } +/* + * Entry ID structure + */ +typedef struct backsql_entryID { + /* #define BACKSQL_ARBITRARY_KEY to allow a non-numeric key. + * It is required by some special applications that use + * strings as keys for the main table. + * In this case, #define BACKSQL_MAX_KEY_LEN consistently + * with the key size definition */ +#ifdef BACKSQL_ARBITRARY_KEY + struct berval eid_id; + struct berval eid_keyval; +#define BACKSQL_MAX_KEY_LEN 64 +#else /* ! BACKSQL_ARBITRARY_KEY */ + /* The original numeric key is maintained as default. */ + unsigned long eid_id; + unsigned long eid_keyval; +#endif /* ! BACKSQL_ARBITRARY_KEY */ + + unsigned long eid_oc_id; + backsql_oc_map_rec *eid_oc; + struct berval eid_dn; + struct berval eid_ndn; + struct backsql_entryID *eid_next; +} backsql_entryID; + /* the function must collect the entry associated to nbase */ #define BACKSQL_ISF_GET_ID 0x1U #define BACKSQL_ISF_GET_ENTRY ( 0x2U | BACKSQL_ISF_GET_ID ) -#define BACKSQL_ISF_MATCHED 0x4U +#define BACKSQL_ISF_GET_OC ( 0x4U | BACKSQL_ISF_GET_ID ) +#define BACKSQL_ISF_MATCHED 0x8U #define BACKSQL_IS_GET_ID(f) \ ( ( (f) & BACKSQL_ISF_GET_ID ) == BACKSQL_ISF_GET_ID ) #define BACKSQL_IS_GET_ENTRY(f) \ ( ( (f) & BACKSQL_ISF_GET_ENTRY ) == BACKSQL_ISF_GET_ENTRY ) +#define BACKSQL_IS_GET_OC(f) \ + ( ( (f) & BACKSQL_ISF_GET_OC ) == BACKSQL_ISF_GET_OC ) #define BACKSQL_IS_MATCHED(f) \ ( ( (f) & BACKSQL_ISF_MATCHED ) == BACKSQL_ISF_MATCHED ) typedef struct backsql_srch_info { diff --git a/servers/slapd/back-sql/delete.c b/servers/slapd/back-sql/delete.c index 8b3ec7c2ed..ac0f9f62a7 100644 --- a/servers/slapd/back-sql/delete.c +++ b/servers/slapd/back-sql/delete.c @@ -58,8 +58,7 @@ backsql_delete_all_attrs( Operation *op, SlapReply *rs, SQLHDBC dbh, - backsql_entryID *e_id, - backsql_oc_map_rec *oc ) + backsql_entryID *eid ) { backsql_delete_attr_t bda; int rc; @@ -67,9 +66,9 @@ backsql_delete_all_attrs( bda.op = op; bda.rs = rs; bda.dbh = dbh; - bda.e_id = e_id; + bda.e_id = eid; - rc = avl_apply( oc->bom_attrs, backsql_delete_attr_f, &bda, + rc = avl_apply( eid->eid_oc->bom_attrs, backsql_delete_attr_f, &bda, BACKSQL_AVL_STOP, AVL_INORDER ); if ( rc == BACKSQL_AVL_STOP ) { return rs->sr_err; @@ -78,187 +77,31 @@ backsql_delete_all_attrs( return LDAP_SUCCESS; } -int -backsql_delete( Operation *op, SlapReply *rs ) +static int +backsql_delete_int( + Operation *op, + SlapReply *rs, + SQLHDBC dbh, + SQLHSTMT *sthp, + backsql_entryID *eid, + Entry **ep ) { backsql_info *bi = (backsql_info*)op->o_bd->be_private; - SQLHDBC dbh = SQL_NULL_HDBC; SQLHSTMT sth = SQL_NULL_HSTMT; RETCODE rc; int prc = LDAP_SUCCESS; - backsql_oc_map_rec *oc = NULL; - backsql_srch_info bsi = { 0 }; - backsql_entryID e_id = { 0 }; - Entry d = { 0 }, p = { 0 }, *e = NULL; - struct berval pdn = BER_BVNULL; - int manageDSAit = get_manageDSAit( op ); /* first parameter no */ SQLUSMALLINT pno = 0; - Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n", - op->o_req_ndn.bv_val, 0, 0 ); - - rs->sr_err = backsql_get_db_conn( op, &dbh ); - if ( rs->sr_err != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "could not get connection handle - exiting\n", - 0, 0, 0 ); - rs->sr_text = ( rs->sr_err == LDAP_OTHER ) - ? "SQL-backend error" : NULL; - e = NULL; - goto done; - } - - /* - * Get the entry - */ - bsi.bsi_e = &d; - rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn, - LDAP_SCOPE_BASE, - (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs, - ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); - switch ( rs->sr_err ) { - case LDAP_SUCCESS: - break; - - case LDAP_REFERRAL: - if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && - dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) ) - { - rs->sr_err = LDAP_SUCCESS; - rs->sr_text = NULL; - rs->sr_matched = NULL; - if ( rs->sr_ref ) { - ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; - } - break; - } - e = &d; - /* fallthru */ - - default: - Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " - "could not retrieve deleteDN ID - no such entry\n", - 0, 0, 0 ); - if ( !BER_BVISNULL( &d.e_nname ) ) { - /* FIXME: should always be true! */ - e = &d; - - } else { - e = NULL; - } - goto done; - } - - if ( get_assert( op ) && - ( test_filter( op, &d, get_assertion( op ) ) - != LDAP_COMPARE_TRUE ) ) - { - rs->sr_err = LDAP_ASSERTION_FAILED; - e = &d; - goto done; - } - - if ( !access_allowed( op, &d, slap_schema.si_ad_entry, - NULL, ACL_WDEL, NULL ) ) - { - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "no write access to entry\n", - 0, 0, 0 ); - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - e = &d; - goto done; - } - - rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn ); - switch ( rs->sr_err ) { - case LDAP_COMPARE_FALSE: - rs->sr_err = LDAP_SUCCESS; - break; - - case LDAP_COMPARE_TRUE: - if ( get_treeDelete( op ) ) { - /* not supported yet */ ; - } - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "entry \"%s\" has children\n", - op->o_req_dn.bv_val, 0, 0 ); - rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; - rs->sr_text = "subordinate objects must be deleted first"; - /* fallthru */ - - default: - e = &d; - goto done; - } - - oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id ); - if ( oc == NULL ) { - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "cannot determine objectclass of entry -- aborting\n", - 0, 0, 0 ); - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - rs->sr_text = "operation not permitted within namingContext"; - e = NULL; - goto done; - } - - if ( oc->bom_delete_proc == NULL ) { - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "delete procedure is not defined " - "for this objectclass - aborting\n", 0, 0, 0 ); - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - rs->sr_text = "operation not permitted within namingContext"; - e = NULL; - goto done; - } - - /* - * Get the parent - */ - e_id = bsi.bsi_base_id; - if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { - dnParent( &op->o_req_ndn, &pdn ); - bsi.bsi_e = &p; - rs->sr_err = backsql_init_search( &bsi, &pdn, - LDAP_SCOPE_BASE, - (time_t)(-1), NULL, dbh, op, rs, - slap_anlist_no_attrs, - BACKSQL_ISF_GET_ENTRY ); - if ( rs->sr_err != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " - "could not retrieve deleteDN ID " - "- no such entry\n", - 0, 0, 0 ); - e = &p; - goto done; - } - - (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); - - /* check parent for "children" acl */ - if ( !access_allowed( op, &p, slap_schema.si_ad_children, - NULL, ACL_WDEL, NULL ) ) - { - Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " - "no write access to parent\n", - 0, 0, 0 ); - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - e = &p; - goto done; - - } - } + sth = *sthp; /* avl_apply ... */ - rs->sr_err = backsql_delete_all_attrs( op, rs, dbh, &e_id, oc ); + rs->sr_err = backsql_delete_all_attrs( op, rs, dbh, eid ); if ( rs->sr_err != LDAP_SUCCESS ) { - e = &d; goto done; } - rc = backsql_Prepare( dbh, &sth, oc->bom_delete_proc, 0 ); + rc = backsql_Prepare( dbh, &sth, eid->eid_oc->bom_delete_proc, 0 ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " @@ -268,42 +111,42 @@ backsql_delete( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; - e = NULL; + *ep = NULL; goto done; } - if ( BACKSQL_IS_DEL( oc->bom_expect_return ) ) { + if ( BACKSQL_IS_DEL( eid->eid_oc->bom_expect_return ) ) { pno = 1; rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &prc ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "error binding output parameter for objectClass %s\n", - oc->bom_oc->soc_cname.bv_val, 0, 0 ); + eid->eid_oc->bom_oc->soc_cname.bv_val, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; - e = NULL; + *ep = NULL; goto done; } } - rc = backsql_BindParamID( sth, pno + 1, SQL_PARAM_INPUT, &e_id.eid_keyval ); + rc = backsql_BindParamID( sth, pno + 1, SQL_PARAM_INPUT, &eid->eid_keyval ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "error binding keyval parameter for objectClass %s\n", - oc->bom_oc->soc_cname.bv_val, 0, 0 ); + eid->eid_oc->bom_oc->soc_cname.bv_val, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; - e = NULL; + *ep = NULL; goto done; } @@ -328,7 +171,6 @@ backsql_delete( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_OTHER; } SQLFreeStmt( sth, SQL_DROP ); - e = &d; goto done; } SQLFreeStmt( sth, SQL_DROP ); @@ -344,24 +186,24 @@ backsql_delete( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; - e = NULL; + *ep = NULL; goto done; } - rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id ); + rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &eid->eid_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "error binding auxiliary objectClasses " "entry ID parameter for objectClass %s\n", - oc->bom_oc->soc_cname.bv_val, 0, 0 ); + eid->eid_oc->bom_oc->soc_cname.bv_val, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; - e = NULL; + *ep = NULL; goto done; } @@ -381,7 +223,7 @@ backsql_delete( Operation *op, SlapReply *rs ) SQLFreeStmt( sth, SQL_DROP ); rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; - e = NULL; + *ep = NULL; goto done; } SQLFreeStmt( sth, SQL_DROP ); @@ -397,24 +239,24 @@ backsql_delete( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; - e = NULL; + *ep = NULL; goto done; } - rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id ); + rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &eid->eid_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "error binding entry ID parameter " "for objectClass %s\n", - oc->bom_oc->soc_cname.bv_val, 0, 0 ); + eid->eid_oc->bom_oc->soc_cname.bv_val, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; - e = NULL; + *ep = NULL; goto done; } @@ -427,12 +269,314 @@ backsql_delete( Operation *op, SlapReply *rs ) SQLFreeStmt( sth, SQL_DROP ); rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; - e = NULL; + *ep = NULL; goto done; } SQLFreeStmt( sth, SQL_DROP ); rs->sr_err = LDAP_SUCCESS; + *ep = NULL; + +done:; + *sthp = sth; + + return rs->sr_err; +} + +typedef struct backsql_tree_delete_t { + Operation *btd_op; + int btd_rc; + backsql_entryID *btd_eid; +} backsql_tree_delete_t; + +static int +backsql_tree_delete_search_cb( Operation *op, SlapReply *rs ) +{ + if ( rs->sr_type == REP_SEARCH ) { + backsql_info *bi = (backsql_info*)op->o_bd->be_private; + backsql_tree_delete_t *btd; + backsql_entryID *eid; + + btd = (backsql_tree_delete_t *)op->o_callback->sc_private; + + if ( !access_allowed( btd->btd_op, rs->sr_entry, + slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL ) + || !access_allowed( btd->btd_op, rs->sr_entry, + slap_schema.si_ad_children, NULL, ACL_WDEL, NULL ) ) + { + btd->btd_rc = LDAP_INSUFFICIENT_ACCESS; + return rs->sr_err = LDAP_UNAVAILABLE; + } + + assert( rs->sr_entry != NULL ); + assert( rs->sr_entry->e_private != NULL ); + + eid = (backsql_entryID *)rs->sr_entry->e_private; + assert( eid->eid_oc != NULL ); + if ( eid->eid_oc == NULL || eid->eid_oc->bom_delete_proc == NULL ) { + btd->btd_rc = LDAP_UNWILLING_TO_PERFORM; + return rs->sr_err = LDAP_UNAVAILABLE; + } + + eid = backsql_entryID_dup( eid, op->o_tmpmemctx ); + eid->eid_next = btd->btd_eid; + btd->btd_eid = eid; + } + + return 0; +} + +static int +backsql_tree_delete( + Operation *op, + SlapReply *rs, + SQLHDBC dbh, + SQLHSTMT *sthp ) +{ + Operation op2 = *op; + slap_callback sc = { 0 }; + SlapReply rs2 = { 0 }; + Filter f = { 0 }; + backsql_tree_delete_t btd = { 0 }; + + int rc; + + /* + * - perform an internal subtree search as the rootdn + * - for each entry + * - check access + * - check objectClass and delete method(s) + * - for each entry + * - delete + * - if successful, commit + */ + + op2.o_tag = LDAP_REQ_SEARCH; + op2.o_protocol = LDAP_VERSION3; + + btd.btd_op = op; + sc.sc_private = &btd; + sc.sc_response = backsql_tree_delete_search_cb; + op2.o_callback = ≻ + + op2.o_dn = op->o_bd->be_rootdn; + op2.o_ndn = op->o_bd->be_rootndn; + + op2.o_managedsait = SLAP_CONTROL_CRITICAL; + + op2.ors_scope = LDAP_SCOPE_SUBTREE; + op2.ors_deref = LDAP_DEREF_NEVER; + op2.ors_slimit = SLAP_NO_LIMIT; + op2.ors_tlimit = SLAP_NO_LIMIT; + op2.ors_filter = &f; + f.f_choice = LDAP_FILTER_PRESENT; + f.f_desc = slap_schema.si_ad_objectClass; + BER_BVSTR( &op2.ors_filterstr, "(objectClass=*)" ); + op2.ors_attrs = slap_anlist_all_attributes; + op2.ors_attrsonly = 0; + + rc = op->o_bd->be_search( &op2, &rs2 ); + if ( rc != LDAP_SUCCESS ) { + rc = rs->sr_err = btd.btd_rc; + rs->sr_text = "subtree delete not possible"; + send_ldap_result( op, rs ); + goto clean; + } + + for ( ; btd.btd_eid != NULL; + btd.btd_eid = backsql_free_entryID( btd.btd_eid, + 1, op->o_tmpmemctx ) ) + { + Entry *e = (void *)0xbad; + rc = backsql_delete_int( op, rs, dbh, sthp, btd.btd_eid, &e ); + if ( rc != LDAP_SUCCESS ) { + break; + } + } + +clean:; + for ( ; btd.btd_eid != NULL; + btd.btd_eid = backsql_free_entryID( btd.btd_eid, + 1, op->o_tmpmemctx ) ) + ; + + return rc; +} + +int +backsql_delete( Operation *op, SlapReply *rs ) +{ + backsql_info *bi = (backsql_info*)op->o_bd->be_private; + SQLHDBC dbh = SQL_NULL_HDBC; + SQLHSTMT sth = SQL_NULL_HSTMT; + backsql_oc_map_rec *oc = NULL; + backsql_srch_info bsi = { 0 }; + backsql_entryID e_id = { 0 }; + Entry d = { 0 }, p = { 0 }, *e = NULL; + struct berval pdn = BER_BVNULL; + int manageDSAit = get_manageDSAit( op ); + + Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n", + op->o_req_ndn.bv_val, 0, 0 ); + + rs->sr_err = backsql_get_db_conn( op, &dbh ); + if ( rs->sr_err != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " + "could not get connection handle - exiting\n", + 0, 0, 0 ); + rs->sr_text = ( rs->sr_err == LDAP_OTHER ) + ? "SQL-backend error" : NULL; + e = NULL; + goto done; + } + + /* + * Get the entry + */ + bsi.bsi_e = &d; + rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn, + LDAP_SCOPE_BASE, + (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs, + ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) ); + switch ( rs->sr_err ) { + case LDAP_SUCCESS: + break; + + case LDAP_REFERRAL: + if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && + dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) ) + { + rs->sr_err = LDAP_SUCCESS; + rs->sr_text = NULL; + rs->sr_matched = NULL; + if ( rs->sr_ref ) { + ber_bvarray_free( rs->sr_ref ); + rs->sr_ref = NULL; + } + break; + } + e = &d; + /* fallthru */ + + default: + Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " + "could not retrieve deleteDN ID - no such entry\n", + 0, 0, 0 ); + if ( !BER_BVISNULL( &d.e_nname ) ) { + /* FIXME: should always be true! */ + e = &d; + + } else { + e = NULL; + } + goto done; + } + + if ( get_assert( op ) && + ( test_filter( op, &d, get_assertion( op ) ) + != LDAP_COMPARE_TRUE ) ) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + e = &d; + goto done; + } + + if ( !access_allowed( op, &d, slap_schema.si_ad_entry, + NULL, ACL_WDEL, NULL ) ) + { + Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " + "no write access to entry\n", + 0, 0, 0 ); + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + e = &d; + goto done; + } + + rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn ); + switch ( rs->sr_err ) { + case LDAP_COMPARE_FALSE: + rs->sr_err = LDAP_SUCCESS; + break; + + case LDAP_COMPARE_TRUE: + if ( get_treeDelete( op ) ) { + rs->sr_err = LDAP_SUCCESS; + break; + } + + Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " + "entry \"%s\" has children\n", + op->o_req_dn.bv_val, 0, 0 ); + rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; + rs->sr_text = "subordinate objects must be deleted first"; + /* fallthru */ + + default: + e = &d; + goto done; + } + + assert( bsi.bsi_base_id.eid_oc != NULL ); + oc = bsi.bsi_base_id.eid_oc; + if ( oc->bom_delete_proc == NULL ) { + Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " + "delete procedure is not defined " + "for this objectclass - aborting\n", 0, 0, 0 ); + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + rs->sr_text = "operation not permitted within namingContext"; + e = NULL; + goto done; + } + + /* + * Get the parent + */ + e_id = bsi.bsi_base_id; + memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); + if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { + dnParent( &op->o_req_ndn, &pdn ); + bsi.bsi_e = &p; + rs->sr_err = backsql_init_search( &bsi, &pdn, + LDAP_SCOPE_BASE, + (time_t)(-1), NULL, dbh, op, rs, + slap_anlist_no_attrs, + BACKSQL_ISF_GET_ENTRY ); + if ( rs->sr_err != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " + "could not retrieve deleteDN ID " + "- no such entry\n", + 0, 0, 0 ); + e = &p; + goto done; + } + + (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); + + /* check parent for "children" acl */ + if ( !access_allowed( op, &p, slap_schema.si_ad_children, + NULL, ACL_WDEL, NULL ) ) + { + Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " + "no write access to parent\n", + 0, 0, 0 ); + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + e = &p; + goto done; + + } + } + + e = &d; + if ( get_treeDelete( op ) ) { + backsql_tree_delete( op, rs, dbh, &sth ); + if ( rs->sr_err == LDAP_OTHER || rs->sr_err == LDAP_SUCCESS ) + { + e = NULL; + } + + } else { + backsql_delete_int( op, rs, dbh, &sth, &e_id, &e ); + } /* * Commit only if all operations succeed diff --git a/servers/slapd/back-sql/entry-id.c b/servers/slapd/back-sql/entry-id.c index b86fc477a5..78f1da1445 100644 --- a/servers/slapd/back-sql/entry-id.c +++ b/servers/slapd/back-sql/entry-id.c @@ -58,6 +58,7 @@ backsql_entryID_dup( backsql_entryID *src, void *ctx ) dst->eid_keyval = src->eid_keyval; #endif /* ! BACKSQL_ARBITRARY_KEY */ + dst->eid_oc = src->eid_oc; dst->eid_oc_id = src->eid_oc_id; return dst; @@ -953,8 +954,11 @@ backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid ) bsi->bsi_e->e_attrs = NULL; bsi->bsi_e->e_private = NULL; - bsi->bsi_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private, + if ( eid->eid_oc == NULL ) { + eid->eid_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private, eid->eid_oc_id ); + } + bsi->bsi_oc = eid->eid_oc; bsi->bsi_c_eid = eid; #ifndef BACKSQL_ARBITRARY_KEY diff --git a/servers/slapd/back-sql/init.c b/servers/slapd/back-sql/init.c index 5f6bd0c2b8..0f9dc65c22 100644 --- a/servers/slapd/back-sql/init.c +++ b/servers/slapd/back-sql/init.c @@ -38,7 +38,7 @@ sql_back_initialize( LDAP_CONTROL_ASSERT, LDAP_CONTROL_MANAGEDSAIT, LDAP_CONTROL_NOOP, -#if 0 /* SLAP_CONTROL_X_TREE_DELETE */ +#ifdef SLAP_CONTROL_X_TREE_DELETE SLAP_CONTROL_X_TREE_DELETE, #endif /* SLAP_CONTROL_X_TREE_DELETE */ LDAP_CONTROL_PAGEDRESULTS, diff --git a/servers/slapd/back-sql/modify.c b/servers/slapd/back-sql/modify.c index 0d84b3fef5..ca1fc3ba79 100644 --- a/servers/slapd/back-sql/modify.c +++ b/servers/slapd/back-sql/modify.c @@ -67,7 +67,7 @@ backsql_modify( Operation *op, SlapReply *rs ) LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, - ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); + ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; @@ -124,8 +124,8 @@ backsql_modify( Operation *op, SlapReply *rs ) slap_mods_opattrs( op, &op->orm_modlist, 1 ); - oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id ); - assert( oc != NULL ); + assert( bsi.bsi_base_id.eid_oc != NULL ); + oc = bsi.bsi_base_id.eid_oc; if ( !acl_check_modlist( op, &m, op->orm_modlist ) ) { rs->sr_err = LDAP_INSUFFICIENT_ACCESS; diff --git a/servers/slapd/back-sql/modrdn.c b/servers/slapd/back-sql/modrdn.c index 92613faba8..1e6805a7fd 100644 --- a/servers/slapd/back-sql/modrdn.c +++ b/servers/slapd/back-sql/modrdn.c @@ -72,7 +72,7 @@ backsql_modrdn( Operation *op, SlapReply *rs ) LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, - ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); + ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; @@ -164,6 +164,7 @@ backsql_modrdn( Operation *op, SlapReply *rs ) */ bsi.bsi_e = &p; e_id = bsi.bsi_base_id; + memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); rs->sr_err = backsql_init_search( &bsi, &pndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, @@ -259,6 +260,8 @@ backsql_modrdn( Operation *op, SlapReply *rs ) new_npdn = &pndn; } + memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); + if ( newSuperior && dn_match( &pndn, new_npdn ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "newSuperior is equal to old parent - ignored\n", @@ -395,7 +398,8 @@ backsql_modrdn( Operation *op, SlapReply *rs ) slap_mods_opattrs( op, &op->orr_modlist, 1 ); - oc = backsql_id2oc( bi, e_id.eid_oc_id ); + assert( e_id.eid_oc != NULL ); + oc = e_id.eid_oc; rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, op->orr_modlist ); slap_graduate_commit_csn( op ); if ( rs->sr_err != LDAP_SUCCESS ) { diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c index db0ccb580e..e293151dea 100644 --- a/servers/slapd/back-sql/search.c +++ b/servers/slapd/back-sql/search.c @@ -339,6 +339,17 @@ backsql_init_search( rs->sr_err = rc; } } + + if ( gotit && BACKSQL_IS_GET_OC( flags ) ) { + bsi->bsi_base_id.eid_oc = backsql_id2oc( bi, + bsi->bsi_base_id.eid_oc_id ); + if ( bsi->bsi_base_id.eid_oc == NULL ) { + /* error? */ + backsql_free_entryID( &bsi->bsi_base_id, 1, + op->o_tmpmemctx ); + rc = rs->sr_err = LDAP_OTHER; + } + } } bsi->bsi_status = rc; @@ -1915,6 +1926,7 @@ backsql_oc_get_candidates( void *v_oc, void *v_bsi ) goto cleanup; } #endif /* ! BACKSQL_ARBITRARY_KEY */ + c_id->eid_oc = bsi->bsi_oc; c_id->eid_oc_id = bsi->bsi_oc->bom_id; c_id->eid_dn = pdn; @@ -2643,7 +2655,7 @@ backsql_entry_release( { backsql_entry_clean( op, e ); - ch_free( e ); + entry_free( e ); return 0; } diff --git a/tests/data/sql-write.out b/tests/data/sql-write.out index 9fb7d5340f..45fa164315 100644 --- a/tests/data/sql-write.out +++ b/tests/data/sql-write.out @@ -1,9 +1,26 @@ # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: documentTitle=book1,dc=example,dc=com objectClass: document @@ -49,9 +66,26 @@ telephoneNumber: 545-4563 # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: o=An Org,dc=example,dc=com objectClass: organization @@ -144,9 +178,26 @@ documentIdentifier: document 3 # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: o=An Org,dc=example,dc=com objectClass: organization @@ -242,9 +293,26 @@ documentIdentifier: document 3 # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: o=An Org,dc=example,dc=com objectClass: organization @@ -315,9 +383,26 @@ documentIdentifier: document 3 # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: dc=example,dc=com objectClass: organization @@ -402,9 +487,26 @@ ref: ldap://localhost:9009/ # Using ldapsearch to retrieve all the entries... dn: cn=Akakiy Zinberstein,dc=example,dc=com objectClass: inetOrgPerson +objectClass: pkiUser cn: Akakiy Zinberstein sn: Zinberstein givenName: Akakiy +userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV + QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH + RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc + NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs + aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI + EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ + UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q + nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi + mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q + gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO + iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U + EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0 + ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM + A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP + 05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j + ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN dn: dc=example,dc=com objectClass: organization