ITS#5593

diff --git a/CHANGES b/CHANGES
index 63c5ff1329659bb3e44122649906b2ecfee5f999..29c91f81b41435ae7f0a91c9bee80d8a3be48fc4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,7 @@ OpenLDAP 2.4.11 Engineering
        Fixed slapd sortvals binary search (ITS#5578)
        Fixed slapd syncrepl updates with multiple masters (ITS#5597)
        Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
+       Added slapd-ldap/slapd-meta option to filter out search references (ITS#5593)
        Fixed slapd-meta link to slapd-ldap (ITS#5355)
        Fixed slapd-sock, back-shell buffer count (ITS#5558)
        Fixed slapo-dynlist dg attrs lookup (ITS#5583)

diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index a65d1b6534a499b455e87cf8c18d8f1ff31e7649..4ce6d217951339071ea3b7f0bb18865a1dead58c 100644 (file)
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -384,6 +384,13 @@ returns in case of no activity.
 The value is in seconds, and it can be specified as for
 .BR idle-timeout .
 
+.TP
+.B norefs <NO|yes>
+If
+.BR yes ,
+do not return search reference responses.
+By default, they are returned unless request is LDAPv2.
+
 .TP
 .B protocol\-version {0,2,3}
 This directive indicates what protocol version must be used to contact

diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index 59488c2be5cf615c0f322e589dd3a6a8ef78c594..897578c22f84873a27ce87f641a24ff90273c500 100644 (file)
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -127,6 +127,15 @@ If the value is set to \fBreport\fP, the search is continuated to the end
 but, in case at least one target returned an error code, the first
 non-success error code is returned.
 
+.TP
+.B norefs <NO|yes>
+If
+.BR yes ,
+do not return search reference responses.
+By default, they are returned unless request is LDAPv2.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
 .TP
 .B protocol\-version {0,2,3}
 This directive indicates what protocol version must be used to contact

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 81a42501f057fc7ebed4ab7aabe2a200657cfd09..dedbe9da92ea8c5654ad27168fae7d4847c9bf4a 100644 (file)
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -315,6 +315,8 @@ typedef struct ldapinfo_t {
 #define        LDAP_BACK_F_ST_RESPONSE         (0x00040000U)
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+#define LDAP_BACK_F_NOREFS             (0x00080000U)
+
 #define        LDAP_BACK_ISSET_F(ff,f)         ( ( (ff) & (f) ) == (f) )
 #define        LDAP_BACK_ISMASK_F(ff,m,f)      ( ( (ff) & (m) ) == (f) )
 
@@ -353,6 +355,8 @@ typedef struct ldapinfo_t {
 #define        LDAP_BACK_ST_RESPONSE(li)       LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+#define        LDAP_BACK_NOREFS(li)            LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
+
        int                     li_version;
 
        /* cached connections; 

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 9f1659e7d044e737d771c6090a69f3ce89bcbf7d..bf8a8ff253c83fdae44d909ff6245490e6ae2485 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -70,6 +70,8 @@ enum {
        LDAP_BACK_CFG_CANCEL,
        LDAP_BACK_CFG_QUARANTINE,
        LDAP_BACK_CFG_ST_REQUEST,
+       LDAP_BACK_CFG_NOREFS,
+
        LDAP_BACK_CFG_REWRITE,
 
        LDAP_BACK_CFG_LAST
@@ -306,6 +308,14 @@ static ConfigTable ldapcfg[] = {
                        "SINGLE-VALUE )",
                NULL, NULL },
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+       { "norefs", "true|FALSE", 2, 2, 0,
+               ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOREFS,
+               ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
+                       "NAME 'olcDbNorefs' "
+                       "DESC 'Do not return search reference responses' "
+                       "SYNTAX OMsBoolean "
+                       "SINGLE-VALUE )",
+               NULL, NULL },
        { "suffixmassage", "[virtual]> <real", 2, 3, 0,
                ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
                ldap_back_cf_gen, NULL, NULL, NULL },
@@ -345,6 +355,10 @@ static ConfigOCs ldapocs[] = {
                        "$ olcDbQuarantine "
                        "$ olcDbUseTemporaryConn "
                        "$ olcDbConnectionPoolMax "
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+                       "$ olcDbSessionTrackingRequest "
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+                       "$ olcDbNorefs "
                ") )",
                        Cft_Database, ldapcfg},
        { NULL, 0, NULL }
@@ -1134,6 +1148,10 @@ ldap_back_cf_gen( ConfigArgs *c )
                        break;
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+               case LDAP_BACK_CFG_NOREFS:
+                       c->value_int = LDAP_BACK_NOREFS( li );
+                       break;
+
                default:
                        /* FIXME: we need to handle all... */
                        assert( 0 );
@@ -1256,6 +1274,10 @@ ldap_back_cf_gen( ConfigArgs *c )
                        break;
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+               case LDAP_BACK_CFG_NOREFS:
+                       li->li_flags &= ~LDAP_BACK_F_NOREFS;
+                       break;
+
                default:
                        /* FIXME: we need to handle all... */
                        assert( 0 );
@@ -1900,6 +1922,15 @@ done_url:;
                break;
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+       case LDAP_BACK_CFG_NOREFS:
+               if ( c->value_int ) {
+                       li->li_flags |= LDAP_BACK_F_NOREFS;
+
+               } else {
+                       li->li_flags &= ~LDAP_BACK_F_NOREFS;
+               }
+               break;
+
        case LDAP_BACK_CFG_REWRITE:
                snprintf( c->cr_msg, sizeof( c->cr_msg ),
                        "rewrite/remap capabilities have been moved "

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 3dcbcb65be6576d04b47fb96359c3375228b4fa7..79549b22aa71fa466ff6346ee2f2c8588f3de35e 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -363,6 +363,11 @@ retry:
                        }
 
                } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
+                       if ( LDAP_BACK_NOREFS( li ) ) {
+                               ldap_msgfree( res );
+                               continue;
+                       }
+
                        do_retry = 0;
                        rc = ldap_parse_reference( lc->lc_ld, res,
                                        &references, &rs->sr_ctrls, 1 );

diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 16d952bcb682a5c903af334c51aa2ca1be4e6a6f..8e73c1f272d8f67c9dba6349d95a0b3c19bca391 100644 (file)
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -315,6 +315,8 @@ typedef struct metatarget_t {
 #define        META_BACK_TGT_ST_RESPONSE(mt)           META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE )
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
+#define        META_BACK_TGT_NOREFS(mt)                META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
+
        int                     mt_version;
        time_t                  mt_network_timeout;
        struct timeval          mt_bind_timeout;

diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 1c02ccc248abe3f527db8b13e279c9ce903efe44..52795400efa26435b19aff9b677bcaf4c244607f 100644 (file)
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -1453,6 +1453,36 @@ idassert-authzFrom       "dn:<rootdn>"
                        return 1;
                }
 
+       /* do not return search references */
+       } else if ( strcasecmp( argv[ 0 ], "norefs" ) == 0 ) {
+               unsigned        *flagsp = mi->mi_ntargets ?
+                               &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+                               : &mi->mi_flags;
+
+               if ( argc != 2 ) {
+                       Debug( LDAP_DEBUG_ANY,
+       "%s: line %d: \"norefs {TRUE|false}\" needs 1 argument.\n",
+                               fname, lineno, 0 );
+                       return( 1 );
+               }
+
+               /* this is the default; we add it because the default might change... */
+               switch ( check_true_false( argv[ 1 ] ) ) {
+               case 1:
+                       *flagsp |= LDAP_BACK_F_NOREFS;
+                       break;
+
+               case 0:
+                       *flagsp &= ~LDAP_BACK_F_NOREFS;
+                       break;
+
+               default:
+                       Debug( LDAP_DEBUG_ANY,
+               "%s: line %d: \"norefs {TRUE|false}\": unknown argument \"%s\".\n",
+                               fname, lineno, argv[ 1 ] );
+                       return( 1 );
+               }
+
        /* anything else */
        } else {
                return SLAP_CONF_UNKNOWN;

diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index ea5a52bcb6c37d44a23d8d45d1b78a746215a9f6..1f50ce622beba122a79248f1224ab6f777677225 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -1155,6 +1155,10 @@ really_bad:;
                                        char            **references = NULL;
                                        int             cnt;
 
+                                       if ( META_BACK_TGT_NOREFS( mi->mi_targets[ i ] ) ) {
+                                               continue;
+                                       }
+
                                        if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
                                                /* don't retry any more... */
                                                candidates[ i ].sr_type = REP_RESULT;