Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.
Enhancements:
- re-styled code for better readability
- upgraded backend API to reflect recent changes
- LDAP schema is checked when loading SQL/LDAP mapping
- AttributeDescription/ObjectClass pointers used for more efficient
mapping lookup
- bervals used where string length is required often
- atomized write operations by committing at the end of each operation
and defaulting connection closure to rollback
- added LDAP access control to write operations
- fully implemented modrdn (with rdn attrs change, deleteoldrdn,
access check, parent/children check and more)
- added parent access control, children control to delete operation
- added structuralObjectClass operational attribute check and
value return on search
- added hasSubordinate operational attribute on demand
- search limits are appropriately enforced
- function backsql_strcat() has been made more efficient
- concat function has been made configurable by means of a pattern
- added config switches:
- fail_if_no_mapping write operations fail if there is no mapping
- has_ldapinfo_dn_ru overrides autodetect
- concat_pattern a string containing two '?' is used
(note that "?||?" should be more portable
than builtin function "CONCAT(?,?)")
- strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL)
- upper_needs_cast cast the argument of upper when required
(basically when building dn substring queries)
Todo:
- add security checks for SQL statements that can be injected (?)
- re-test with previously supported RDBMs
- replace dn_ru and so with normalized dn (no need for upper() and so
in dn match)
- implement a backsql_normalize() function to replace the upper()
conversion routines
- note that subtree deletion, subtree renaming and so could be easily
implemented (rollback and consistency checks are available :)
- implement "lastmod" and other operational stuff (ldap_entries table ?)
Jong Hyuk Choi [Wed, 21 Aug 2002 00:11:32 +0000 (00:11 +0000)]
Slapadd is changed to include Operational Attributes (entryUUID, entryCSN,
creatorsName, modifiersName, createTimestamp, modifyTimestamp) when it adds
from ldif file. Month field in time format in entryCSN is changed to 1~12.
CHANGES:
- now all write operations appear to work correctly with PostgeSQL 7.0
- all write operations have been made transactional (atomic writes to
entries are committed separately only in case of complete^1 success
while all other operations are rolled-back by default)
- more cleanup and handling of exceptional conditions
TODO:
- deen to check with different databases and more up to date versions
of both unixODBC and PostgreSQL.
^1: attribute add/modify/delete operations silently succeed if the
appropriate add/delete proc does not exist for each attribute;
this may be correct to hide undesired/unimplemented correspondence
between LDAP and SQL databases; however, a more appropriate
LDAP behavior would be a failure with LDAP_UNAVAILABLE if a
single write operation cannot be executed for such reason
changes:
- re-style according to the style giudelines for better readability
- updated to recent frontend/backend API changes
- fixed a few quirks about normalization
- "optimized" a few memory allocation/string handling functions
- fixed a few quirks about add/modify (still have to look ad modrdn)
todo:
- there is still something broken (at least with PostgreSQL and IBM db2,
the two RDBMS O have at hand) when adding
- move everything to struct bervals and try to save a few strlen
- try some LDAP/SQL syntax relation to use appropriate value bind if possible
- ...
Kurt Zeilenga [Tue, 13 Aug 2002 02:33:20 +0000 (02:33 +0000)]
Patch: lutil_progname() and lutil_strcopy() are not declared (ITS#2021)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
lutil_progname() and lutil_strcopy() are not declared, which can
be fatal since they do not return int.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
initialize struct timeval (fixes ITS#2014);
also, check for return value of dnNormalize2: if the returned
DN contains undefined attributes, the normalization fails.
Howard Chu [Wed, 7 Aug 2002 05:31:03 +0000 (05:31 +0000)]
In backend_operational don't add subschemaSubentry unless it was
requested. In send_search_entry don't malloc vrFilter flags unless
a matchedValue filter was given; malloc 1 contiguous block instead
of multiple sub-arrays.
Kurt Zeilenga [Tue, 6 Aug 2002 05:35:59 +0000 (05:35 +0000)]
For IA5, printable, telephone:
Don't allow empty string values.
Treat string values with only spaces as one space.
DirectoryString needs more work (space handling needs
to be done post normalization).
Kurt Zeilenga [Mon, 5 Aug 2002 17:53:39 +0000 (17:53 +0000)]
Patch: add OpenLDAPaci #public# access (ITS#2005)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
I couldn't find a way for an OpenLDAPaci to grant public access to an
entry, so I added a dnType #public# for that. It is in the position
of subjectDn in the draft, which seems kind of stupid, so I put it
in the position of dnType instead.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
Kurt Zeilenga [Mon, 5 Aug 2002 17:52:16 +0000 (17:52 +0000)]
Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
There is a bug in OpenLDAPaci's "access-id": If the specified DN is
invalid so dnNormalize2() fails, everyone gets access.
This means that e.g. "#access-id#[all]" gives public access, so it
might be considered a feature, but I fixed it anyway:-) I guess that
means the change should be documented in the release notes, though.
See also ITS#2005 (add OpenLDAPaci #public# access).
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.