1 /* search.c - ldap backend search function */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1999-2015 The OpenLDAP Foundation.
6 * Portions Copyright 1999-2003 Howard Chu.
7 * Portions Copyright 2000-2003 Pierangelo Masarati.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by the Howard Chu for inclusion
20 * in OpenLDAP Software and subsequently enhanced by Pierangelo
28 #include <ac/socket.h>
29 #include <ac/string.h>
33 #include "back-ldap.h"
34 #include "../../../libraries/liblber/lber-int.h"
39 ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
43 * replaces (&) with (objectClass=*) and (|) with (!(objectClass=*))
44 * as the best replacement for RFC 4526 absolute true/absolute false
45 * filters; the only difference (AFAIK) is that they require search
46 * access to objectClass.
48 * filter->bv_val may be alloc'd on the thread's slab, if equal to
49 * op->ors_filterstr.bv_val, or realloc'd on the thread's slab otherwise.
52 ldap_back_munge_filter(
54 struct berval *filter )
59 Debug( LDAP_DEBUG_ARGS, "=> ldap_back_munge_filter \"%s\"\n",
60 filter->bv_val, 0, 0 );
62 for ( ptr = strchr( filter->bv_val, '(' );
64 ptr = strchr( ptr, '(' ) )
67 bv_t = BER_BVC( "(&)" ),
68 bv_f = BER_BVC( "(|)" ),
69 bv_T = BER_BVC( "(objectClass=*)" ),
70 bv_F = BER_BVC( "(!(objectClass=*))" );
71 struct berval *oldbv = NULL,
73 oldfilter = BER_BVNULL;
75 if ( ptr[2] != ')' ) {
92 /* should be an error */
97 filter->bv_len += newbv->bv_len - oldbv->bv_len;
98 if ( filter->bv_val == op->ors_filterstr.bv_val ) {
99 filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
102 AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
103 ptr - oldfilter.bv_val );
106 filter->bv_val = op->o_tmprealloc( filter->bv_val,
107 filter->bv_len + 1, op->o_tmpmemctx );
110 ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
112 AC_MEMCPY( &ptr[ newbv->bv_len ],
113 &ptr[ oldbv->bv_len ],
114 oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
115 AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len );
117 ptr += newbv->bv_len;
122 Debug( LDAP_DEBUG_ARGS, "<= ldap_back_munge_filter \"%s\" (%d)\n",
123 filter->bv_val, gotit, 0 );
133 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
135 ldapconn_t *lc = NULL;
137 time_t stoptime = (time_t)(-1);
142 struct berval match = BER_BVNULL,
146 int freetext = 0, filter_undef = 0;
147 int do_retry = 1, dont_retry = 0;
148 LDAPControl **ctrls = NULL;
149 char **references = NULL;
151 rs_assert_ready( rs );
152 rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
154 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
159 * FIXME: in case of values return filter, we might want
160 * to map attrs and maybe rewrite value
163 if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
164 tv.tv_sec = op->ors_tlimit;
166 stoptime = op->o_time + op->ors_tlimit;
169 LDAP_BACK_TV_SET( &tv );
173 if ( op->ors_attrs ) {
174 for ( ; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )
175 /* just count attrs */ ;
179 if ( op->o_bd->be_extra_anlist ) {
180 for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
181 /* just count attrs */ ;
184 if ( i > 0 || x > 0 ) {
187 attrs = op->o_tmpalloc( ( i + x + 1 )*sizeof( char * ),
189 if ( attrs == NULL ) {
190 rs->sr_err = LDAP_NO_MEMORY;
196 for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++, j++ ) {
197 attrs[ j ] = op->ors_attrs[i].an_name.bv_val;
202 for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++, j++ ) {
203 if ( op->o_bd->be_extra_anlist[x].an_desc &&
204 ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, op->ors_attrs ) )
209 attrs[ j ] = op->o_bd->be_extra_anlist[x].an_name.bv_val;
217 rc = ldap_back_controls_add( op, rs, lc, &ctrls );
218 if ( rc != LDAP_SUCCESS ) {
222 /* deal with <draft-zeilenga-ldap-t-f> filters */
223 filter = op->ors_filterstr;
225 /* this goes after retry because ldap_back_munge_filter()
226 * optionally replaces RFC 4526 T-F filters (&) (|)
227 * if already computed, they will be re-installed
228 * by filter2bv_undef_x() later */
229 if ( !LDAP_BACK_T_F( li ) ) {
230 ldap_back_munge_filter( op, &filter );
233 rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
234 op->ors_scope, filter.bv_val,
235 attrs, op->ors_attrsonly, ctrls, NULL,
236 tv.tv_sec ? &tv : NULL,
237 op->ors_slimit, op->ors_deref, &msgid );
239 ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
240 ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_SEARCH ], 1 );
241 ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
243 if ( rs->sr_err != LDAP_SUCCESS ) {
244 switch ( rs->sr_err ) {
245 case LDAP_SERVER_DOWN:
248 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
254 /* reset by ldap_back_retry ... */
255 rs->sr_err = slap_map_api2result( rs );
258 rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
263 case LDAP_FILTER_ERROR:
265 if ( !filter_undef &&
266 strstr( filter.bv_val, "(?" ) &&
267 !LDAP_BACK_NOUNDEFFILTER( li ) )
269 BER_BVZERO( &filter );
270 filter2bv_undef_x( op, op->ors_filter, 1, &filter );
275 /* invalid filters return success with no data */
276 rs->sr_err = LDAP_SUCCESS;
281 rs->sr_err = slap_map_api2result( rs );
287 /* if needed, initialize timeout */
288 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
289 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
290 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
295 /* We pull apart the ber result, stuff it into a slapd entry, and
296 * let send_search_entry stuff it back into ber format. Slow & ugly,
297 * but this is necessary for version matching, and for ACL processing.
300 for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
302 /* check for abandon */
303 if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
307 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
312 if ( rc == 0 || rc == -2 ) {
313 ldap_pvt_thread_yield();
316 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
318 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
319 rs->sr_text = "Operation timed out";
320 rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
321 LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
326 LDAP_BACK_TV_SET( &tv );
329 /* check time limit */
330 if ( op->ors_tlimit != SLAP_NO_LIMIT
331 && slap_get_time() > stoptime )
333 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
334 rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
340 /* only touch when activity actually took place... */
341 if ( li->li_idle_timeout ) {
342 lc->lc_time = op->o_time;
345 /* don't retry any more */
350 if ( rc == LDAP_RES_SEARCH_ENTRY ) {
352 struct berval bdn = BER_BVNULL;
356 e = ldap_first_entry( lc->lc_ld, res );
357 rc = ldap_build_entry( op, e, &ent, &bdn );
358 if ( rc == LDAP_SUCCESS ) {
359 ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
361 rs->sr_attrs = op->ors_attrs;
362 rs->sr_operational_attrs = NULL;
364 rs->sr_err = LDAP_SUCCESS;
365 rc = rs->sr_err = send_search_entry( op, rs );
366 if ( rs->sr_ctrls ) {
367 ldap_controls_free( rs->sr_ctrls );
372 if ( !BER_BVISNULL( &ent.e_name ) ) {
373 assert( ent.e_name.bv_val != bdn.bv_val );
374 op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
375 BER_BVZERO( &ent.e_name );
377 if ( !BER_BVISNULL( &ent.e_nname ) ) {
378 op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
379 BER_BVZERO( &ent.e_nname );
386 case LDAP_INSUFFICIENT_ACCESS:
390 if ( rc == LDAP_UNAVAILABLE ) {
391 rc = rs->sr_err = LDAP_OTHER;
393 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
398 } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
399 if ( LDAP_BACK_NOREFS( li ) ) {
405 rc = ldap_parse_reference( lc->lc_ld, res,
406 &references, &rs->sr_ctrls, 1 );
408 if ( rc != LDAP_SUCCESS ) {
412 /* FIXME: there MUST be at least one */
413 if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
416 for ( cnt = 0; references[ cnt ]; cnt++ )
419 /* FIXME: there MUST be at least one */
420 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
423 for ( cnt = 0; references[ cnt ]; cnt++ ) {
424 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
426 BER_BVZERO( &rs->sr_ref[ cnt ] );
428 /* ignore return value by now */
429 RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
431 ( void )send_search_reference( op, rs );
434 Debug( LDAP_DEBUG_ANY,
435 "%s ldap_back_search: "
436 "got SEARCH_REFERENCE "
437 "with no referrals\n",
438 op->o_log_prefix, 0, 0 );
443 ber_memvfree( (void **)references );
444 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
449 if ( rs->sr_ctrls ) {
450 ldap_controls_free( rs->sr_ctrls );
454 } else if ( rc == LDAP_RES_INTERMEDIATE ) {
455 /* FIXME: response controls
456 * are passed without checks */
457 rc = ldap_parse_intermediate( lc->lc_ld,
459 (char **)&rs->sr_rspoid,
463 if ( rc != LDAP_SUCCESS ) {
467 slap_send_ldap_intermediate( op, rs );
469 if ( rs->sr_rspoid != NULL ) {
470 ber_memfree( (char *)rs->sr_rspoid );
471 rs->sr_rspoid = NULL;
474 if ( rs->sr_rspdata != NULL ) {
475 ber_bvfree( rs->sr_rspdata );
476 rs->sr_rspdata = NULL;
479 if ( rs->sr_ctrls != NULL ) {
480 ldap_controls_free( rs->sr_ctrls );
487 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
489 &references, &rs->sr_ctrls, 1 );
490 if ( rc == LDAP_SUCCESS ) {
498 rs->sr_err = slap_map_api2result( rs );
500 /* RFC 4511: referrals can only appear
501 * if result code is LDAP_REFERRAL */
504 && references[ 0 ][ 0 ] )
506 if ( rs->sr_err != LDAP_REFERRAL ) {
507 Debug( LDAP_DEBUG_ANY,
508 "%s ldap_back_search: "
509 "got referrals with err=%d\n",
516 for ( cnt = 0; references[ cnt ]; cnt++ )
519 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
522 for ( cnt = 0; references[ cnt ]; cnt++ ) {
524 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
526 BER_BVZERO( &rs->sr_ref[ cnt ] );
529 } else if ( rs->sr_err == LDAP_REFERRAL ) {
530 Debug( LDAP_DEBUG_ANY,
531 "%s ldap_back_search: "
532 "got err=%d with null "
533 "or empty referrals\n",
537 rs->sr_err = LDAP_NO_SUCH_OBJECT;
540 if ( match.bv_val != NULL ) {
541 match.bv_len = strlen( match.bv_val );
548 /* if needed, restore timeout */
549 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
550 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
551 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
558 if ( dont_retry == 0 ) {
561 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
566 rs->sr_err = LDAP_SERVER_DOWN;
567 rs->sr_err = slap_map_api2result( rs );
570 } else if ( LDAP_BACK_ONERR_STOP( li ) ) {
571 /* if onerr == STOP */
572 rs->sr_err = LDAP_SERVER_DOWN;
573 rs->sr_err = slap_map_api2result( rs );
579 * Rewrite the matched portion of the search base, if required
581 if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
582 struct berval pmatch;
584 if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) {
585 pmatch.bv_val = match.bv_val;
588 rs->sr_matched = pmatch.bv_val;
589 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
593 if ( !BER_BVISNULL( &match ) ) {
594 ber_memfree( match.bv_val );
597 if ( rs->sr_v2ref ) {
598 rs->sr_err = LDAP_REFERRAL;
601 if ( LDAP_BACK_QUARANTINE( li ) ) {
602 ldap_back_quarantine( op, rs );
605 if ( filter.bv_val != op->ors_filterstr.bv_val ) {
606 op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
610 /* let send_ldap_result play cleanup handlers (ITS#4645) */
611 if ( rc != SLAPD_ABANDON )
614 send_ldap_result( op, rs );
617 (void)ldap_back_controls_free( op, rs, &ctrls );
619 if ( rs->sr_ctrls ) {
620 ldap_controls_free( rs->sr_ctrls );
626 ber_memfree( (char *)rs->sr_text );
632 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
637 ber_memvfree( (void **)references );
641 op->o_tmpfree( attrs, op->o_tmpmemctx );
645 ldap_back_release_conn( li, lc );
648 if ( rs->sr_err == LDAP_UNAVAILABLE &&
649 /* if we originally bound and wanted rebind-as-user, must drop
650 * the connection now because we just discarded the credentials.
653 LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
654 rs->sr_err = SLAPD_DISCONNECT;
666 BerElement ber = *ldap_get_message_ber( e );
667 Attribute *attr, **attrp;
673 /* safe assumptions ... */
674 assert( ent != NULL );
675 BER_BVZERO( &ent->e_bv );
677 if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
678 return LDAP_DECODING_ERROR;
682 * Note: this may fail if the target host(s) schema differs
683 * from the one known to the meta, and a DN with unknown
684 * attributes is returned.
686 * FIXME: should we log anything, or delegate to dnNormalize?
688 /* Note: if the distinguished values or the naming attributes
689 * change, should we massage them as well?
691 if ( dnPrettyNormal( NULL, bdn, &ent->e_name, &ent->e_nname,
692 op->o_tmpmemctx ) != LDAP_SUCCESS )
694 return LDAP_INVALID_DN_SYNTAX;
698 if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
702 attrp = &ent->e_attrs;
703 while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
704 ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
706 slap_syntax_validate_func *validate;
707 slap_syntax_transform_func *pretty;
709 attr = attr_alloc( NULL );
710 if ( attr == NULL ) {
713 if ( slap_bv2ad( &a, &attr->a_desc, &text )
716 if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
717 SLAP_AD_PROXIED ) != LDAP_SUCCESS )
719 Debug( LDAP_DEBUG_ANY,
720 "%s ldap_build_entry: "
721 "slap_bv2undef_ad(%s): %s\n",
722 op->o_log_prefix, a.bv_val, text );
724 ( void )ber_scanf( &ber, "x" /* [W] */ );
730 /* no subschemaSubentry */
731 if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
732 || attr->a_desc == slap_schema.si_ad_entryDN )
736 * We eat target's subschemaSubentry because
737 * a search for this value is likely not
738 * to resolve to the appropriate backend;
739 * later, the local subschemaSubentry is
742 * We also eat entryDN because the frontend
743 * will reattach it without checking if already
746 ( void )ber_scanf( &ber, "x" /* [W] */ );
751 if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
752 || attr->a_vals == NULL )
755 * Note: attr->a_vals can be null when using
756 * values result filter
758 attr->a_vals = (struct berval *)&slap_dummy_bv;
761 validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
762 pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
764 if ( !validate && !pretty ) {
765 attr->a_nvals = NULL;
770 for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;
774 * check that each value is valid per syntax
775 * and pretty if appropriate
777 for ( i = 0; i<last; i++ ) {
782 rc = ordered_value_pretty( attr->a_desc,
783 &attr->a_vals[i], &pval, NULL );
786 rc = ordered_value_validate( attr->a_desc,
787 &attr->a_vals[i], 0 );
790 if ( rc != LDAP_SUCCESS ) {
793 /* check if, by chance, it's an undefined objectClass */
794 if ( attr->a_desc == slap_schema.si_ad_objectClass &&
795 ( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )
797 ber_dupbv( &pval, &oc->soc_cname );
801 ber_memfree( attr->a_vals[i].bv_val );
803 BER_BVZERO( &attr->a_vals[i] );
806 attr->a_vals[i] = attr->a_vals[last];
807 BER_BVZERO( &attr->a_vals[last] );
812 if ( rc == LDAP_SUCCESS && pretty ) {
813 ber_memfree( attr->a_vals[i].bv_val );
814 attr->a_vals[i] = pval;
817 attr->a_numvals = last = i;
818 if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
819 attr->a_nvals = NULL;
824 if ( last && attr->a_desc->ad_type->sat_equality &&
825 attr->a_desc->ad_type->sat_equality->smr_normalize )
827 attr->a_nvals = ch_malloc( ( last + 1 )*sizeof( struct berval ) );
828 for ( i = 0; i < last; i++ ) {
831 rc = ordered_value_normalize(
832 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
834 attr->a_desc->ad_type->sat_equality,
835 &attr->a_vals[i], &attr->a_nvals[i],
838 if ( rc != LDAP_SUCCESS ) {
839 ber_memfree( attr->a_vals[i].bv_val );
841 BER_BVZERO( &attr->a_vals[i] );
844 attr->a_vals[i] = attr->a_vals[last];
845 BER_BVZERO( &attr->a_vals[last] );
849 BER_BVZERO( &attr->a_nvals[i] );
856 attr->a_nvals = attr->a_vals;
859 attr->a_numvals = last;
861 /* Handle sorted vals, strip dups but keep the attr */
862 if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
863 while ( attr->a_numvals > 1 ) {
864 int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
865 if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
868 /* Strip duplicate values */
869 if ( attr->a_nvals != attr->a_vals )
870 ber_memfree( attr->a_nvals[i].bv_val );
871 ber_memfree( attr->a_vals[i].bv_val );
875 if ( (unsigned)i < attr->a_numvals ) {
876 attr->a_vals[i] = attr->a_vals[attr->a_numvals];
877 if ( attr->a_nvals != attr->a_vals )
878 attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
880 BER_BVZERO(&attr->a_vals[attr->a_numvals]);
881 if ( attr->a_nvals != attr->a_vals )
882 BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
884 attr->a_flags |= SLAP_ATTR_SORTED_VALS;
888 attrp = &attr->a_next;
896 /* return 0 IFF we can retrieve the entry with ndn
903 AttributeDescription *at,
907 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
909 ldapconn_t *lc = NULL;
912 LDAPMessage *result = NULL,
914 char *attr[3], **attrp = NULL;
918 LDAPControl **ctrls = NULL;
923 /* Tell getconn this is a privileged op */
924 op2.o_do_not_cache = 1;
925 /* use rootdn to be doubly explicit this is privileged */
926 op2.o_dn = op->o_bd->be_rootdn;
927 op2.o_ndn = op->o_bd->be_rootndn;
928 /* ldap_back_entry_get() is an entry lookup, so it does not need
929 * to know what the entry is being looked up for */
930 op2.o_tag = LDAP_REQ_SEARCH;
932 rc = ldap_back_dobind( &lc, &op2, &rs, LDAP_BACK_DONTSEND );
939 if ( oc && at != slap_schema.si_ad_objectClass ) {
940 attr[0] = slap_schema.si_ad_objectClass->ad_cname.bv_val;
941 attr[1] = at->ad_cname.bv_val;
945 attr[0] = at->ad_cname.bv_val;
953 filter = op->o_tmpalloc( STRLENOF( "(objectClass=" ")" )
954 + oc->soc_cname.bv_len + 1, op->o_tmpmemctx );
955 ptr = lutil_strcopy( filter, "(objectClass=" );
956 ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
963 rc = ldap_back_controls_add( &op2, &rs, lc, &ctrls );
964 if ( rc != LDAP_SUCCESS ) {
969 rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
970 attrp, LDAP_DEREF_NEVER, ctrls, NULL,
971 NULL, LDAP_NO_LIMIT, 0, &result );
972 if ( rc != LDAP_SUCCESS ) {
973 if ( rc == LDAP_SERVER_DOWN && do_retry ) {
975 if ( ldap_back_retry( &lc, &op2, &rs, LDAP_BACK_DONTSEND ) ) {
976 /* if the identity changed, there might be need to re-authz */
977 (void)ldap_back_controls_free( &op2, &rs, &ctrls );
984 e = ldap_first_entry( lc->lc_ld, result );
986 /* the entry exists, but it doesn't match the filter? */
990 *ent = entry_alloc();
991 if ( *ent == NULL ) {
996 rc = ldap_build_entry( op, e, *ent, &bdn );
998 if ( rc != LDAP_SUCCESS ) {
1004 (void)ldap_back_controls_free( &op2, &rs, &ctrls );
1007 ldap_msgfree( result );
1011 op->o_tmpfree( filter, op->o_tmpmemctx );
1015 ldap_back_release_conn( li, lc );
projects / openldap / blob