diff options
| -rw-r--r-- | daemons/configure.ac | 1 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/Makefile.am | 1 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/dna/Makefile.am | 42 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/dna/dna-conf.ldif | 14 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/dna/dna.c | 1462 | ||||
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/bootstrap-template.ldif | 2 | ||||
| -rw-r--r-- | install/share/dna-posix.ldif | 17 | ||||
| -rw-r--r-- | ipa.spec.in | 7 |
9 files changed, 11 insertions, 1536 deletions
diff --git a/daemons/configure.ac b/daemons/configure.ac index 623b123bb..e726bd982 100644 --- a/daemons/configure.ac +++ b/daemons/configure.ac @@ -260,7 +260,6 @@ AC_CONFIG_FILES([ Makefile ipa-kpasswd/Makefile ipa-slapi-plugins/Makefile - ipa-slapi-plugins/dna/Makefile ipa-slapi-plugins/ipa-memberof/Makefile ipa-slapi-plugins/ipa-pwd-extop/Makefile ipa-slapi-plugins/ipa-winsync/Makefile diff --git a/daemons/ipa-slapi-plugins/Makefile.am b/daemons/ipa-slapi-plugins/Makefile.am index f316371c3..3b58ccb14 100644 --- a/daemons/ipa-slapi-plugins/Makefile.am +++ b/daemons/ipa-slapi-plugins/Makefile.am @@ -3,7 +3,6 @@ NULL = SUBDIRS = \ ipa-pwd-extop \ ipa-memberof \ - dna \ ipa-winsync \ $(NULL) diff --git a/daemons/ipa-slapi-plugins/dna/Makefile.am b/daemons/ipa-slapi-plugins/dna/Makefile.am deleted file mode 100644 index 4a54b8d5d..000000000 --- a/daemons/ipa-slapi-plugins/dna/Makefile.am +++ /dev/null @@ -1,42 +0,0 @@ -NULL = - -INCLUDES = \ - -I. \ - -I$(srcdir) \ - -DPREFIX=\""$(prefix)"\" \ - -DBINDIR=\""$(bindir)"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DLIBEXECDIR=\""$(libexecdir)"\" \ - -DDATADIR=\""$(datadir)"\" \ - $(MOZLDAP_CFLAGS) \ - $(KRB5_CFLAGS) \ - $(WARN_CFLAGS) \ - $(NULL) - -plugindir = $(libdir)/dirsrv/plugins -plugin_LTLIBRARIES = \ - libipa-dna-plugin.la \ - $(NULL) - -libipa_dna_plugin_la_SOURCES = \ - dna.c \ - $(NULL) - -libipa_dna_plugin_la_LDFLAGS = -avoid-version - -libipa_dna_plugin_la_LIBADD = \ - $(MOZLDAP_LIBS) \ - $(NULL) - -appdir = $(IPA_DATA_DIR) -app_DATA = \ - dna-conf.ldif \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/daemons/ipa-slapi-plugins/dna/dna-conf.ldif b/daemons/ipa-slapi-plugins/dna/dna-conf.ldif deleted file mode 100644 index 02532b4e4..000000000 --- a/daemons/ipa-slapi-plugins/dna/dna-conf.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-dna,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: ipa-dna -nsslapd-pluginpath: libipa-dna-plugin -nsslapd-plugininitfunc: ipa_dna_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-pluginid: ipa-dna -nsslapd-pluginversion: 1.0 -nsslapd-pluginvendor: Red Hat -nsslapd-plugindescription: IPA Distributed numeric assignment plugin diff --git a/daemons/ipa-slapi-plugins/dna/dna.c b/daemons/ipa-slapi-plugins/dna/dna.c deleted file mode 100644 index cb6a0629c..000000000 --- a/daemons/ipa-slapi-plugins/dna/dna.c +++ /dev/null @@ -1,1462 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * This Program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; version 2 of the License. - * - * This Program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along with - * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place, Suite 330, Boston, MA 02111-1307 USA. - * - * In addition, as a special exception, Red Hat, Inc. gives You the additional - * right to link the code of this Program with code not covered under the GNU - * General Public License ("Non-GPL Code") and to distribute linked combinations - * including the two, subject to the limitations in this paragraph. Non-GPL Code - * permitted under this exception must only link to the code of this Program - * through those well defined interfaces identified in the file named EXCEPTION - * found in the source code files (the "Approved Interfaces"). The files of - * Non-GPL Code may instantiate templates or use macros or inline functions from - * the Approved Interfaces without causing the resulting work to be covered by - * the GNU General Public License. Only Red Hat, Inc. may make changes or - * additions to the list of Approved Interfaces. You must obey the GNU General - * Public License in all respects for all of the Program code and other code used - * in conjunction with the Program except the Non-GPL Code covered by this - * exception. If you modify this file, you may extend this exception to your - * version of the file, but you are not obligated to do so. If you do not wish to - * provide this exception without modification, you must delete this exception - * statement from your version and license this file solely under the GPL without - * exception. - * - * - * Author: Pete Rowley - * - * Copyright (C) 2007 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - - -/** - * Distributed Numeric Assignment plug-in - */ - -#include <dirsrv/slapi-plugin.h> - -#include <stdio.h> -#include <ctype.h> -#include <string.h> -#include <errno.h> -/*#include "portable.h"*/ -#include "nspr.h" -/*#include "slapi-private.h"*/ -/*#include "dirlite_strings.h"*/ -/*#include "dirver.h"*/ - -#include "prclist.h" -#include "ldif.h" - -/* get file mode flags for unix */ -#ifndef _WIN32 -#include <sys/stat.h> -#endif - -#define DNA_PLUGIN_SUBSYSTEM "ipa-dna-plugin" -#define DNA_PLUGIN_VERSION 0x00020000 - -/* temporary */ -#define DNA_DN "cn=ipa-dna,cn=plugins,cn=config" - -#define DNA_SUCCESS 0 -#define DNA_FAILURE -1 - -/** - * DNA config types - */ -#define DNA_TYPE "dnaType" -#define DNA_PREFIX "dnaPrefix" -#define DNA_NEXTVAL "dnaNextValue" -#define DNA_INTERVAL "dnaInterval" -#define DNA_GENERATE "dnaMagicRegen" -#define DNA_FILTER "dnaFilter" -#define DNA_SCOPE "dnaScope" - -/* since v2 */ -#define DNA_MAXVAL "dnaMaxValue" -#define DNA_SHARED_CFG_DN "dnaSharedCfgDN" - -/* Shared Config */ -#define DNA_GLOBAL_RANGE "dnaGlobalRange" -#define DNA_RANGE "dnaRange" -#define DNA_MAX_RANGE_SIZE "dnaMaxRangeSize" -#define DNA_CHUNK_SIZE "dnaChunkSize" - - - -#define FEATURE_DESC "IPA Distributed Numeric Assignment" -#define PLUGIN_DESC "IPA Distributed Numeric Assignment plugin" -#define PLUGIN_DESC_INT_PREOP PLUGIN_DESC " preop internal" -#define PLUGIN_DESC_POSTOP PLUGIN_DESC " postop" -#define PLUGIN_DESC_INT_POSTOP PLUGIN_DESC " postop internal" - -static Slapi_PluginDesc pdesc = { FEATURE_DESC, - "FreeIPA project", "FreeIPA/1.0", - PLUGIN_DESC -}; - - -/** - * linked list of config entries - */ - -struct configEntry { - PRCList list; - char *dn; - char *type; - char *prefix; - PRUint64 nextval; - PRUint64 interval; - PRUint64 maxval; - char *filter; - struct slapi_filter *slapi_filter; - char *generate; - char *scope; -}; - -static PRCList *dna_global_config = NULL; -static PRRWLock *g_dna_cache_lock; - -static void *_PluginID = NULL; -static char *_PluginDN = NULL; - -static int g_plugin_started = 0; - - -/* - * new value lock - */ -static Slapi_Mutex *g_new_value_lock; - -/** - * - * DNA plug-in management functions - * - */ -int ipa_dna_init(Slapi_PBlock * pb); -static int dna_start(Slapi_PBlock * pb); -static int dna_close(Slapi_PBlock * pb); -static int dna_internal_preop_init(Slapi_PBlock *pb); -static int dna_postop_init(Slapi_PBlock * pb); - -/** - * - * Local operation functions - * - */ -static int loadPluginConfig(); -static int parseConfigEntry(Slapi_Entry * e); -static void deleteConfig(); -static void freeConfigEntry(struct configEntry ** entry); - -/** - * - * helpers - * - */ -static char *dna_get_dn(Slapi_PBlock * pb); -static int dna_dn_is_config(char *dn); -static int dna_get_next_value(struct configEntry * config_entry, - char **next_value_ret); - -/** - * - * the ops (where the real work is done) - * - */ -static int dna_config_check_post_op(Slapi_PBlock * pb); -static int dna_pre_op(Slapi_PBlock * pb, int modtype); -static int dna_mod_pre_op(Slapi_PBlock * pb); -static int dna_add_pre_op(Slapi_PBlock * pb); - -/** - * debug functions - global, for the debugger - */ -void dnaDumpConfig(); -void dnaDumpConfigEntry(struct configEntry *); - -/** - * set the debug level - */ -#ifdef _WIN32 -int *module_ldap_debug = 0; - -void plugin_init_debug_level(int *level_ptr) -{ - module_ldap_debug = level_ptr; -} -#endif - -/** - * - * Deal with cache locking - * - */ -void dna_read_lock() -{ - PR_RWLock_Rlock(g_dna_cache_lock); -} - -void dna_write_lock() -{ - PR_RWLock_Wlock(g_dna_cache_lock); -} - -void dna_unlock() -{ - PR_RWLock_Unlock(g_dna_cache_lock); -} - -/** - * - * Get the dna plug-in version - * - */ -int dna_version() -{ - return DNA_PLUGIN_VERSION; -} - -/** - * Plugin identity mgmt - */ -void setPluginID(void *pluginID) -{ - _PluginID = pluginID; -} - -void *getPluginID() -{ - return _PluginID; -} - -void setPluginDN(char *pluginDN) -{ - _PluginDN = pluginDN; -} - -char *getPluginDN() -{ - return _PluginDN; -} - -/* - dna_init - ------------- - adds our callbacks to the list -*/ -int ipa_dna_init(Slapi_PBlock * pb) -{ - int status = DNA_SUCCESS; - char *plugin_identity = NULL; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> ipa_dna_init\n"); - - /** - * Store the plugin identity for later use. - * Used for internal operations - */ - - slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity); - PR_ASSERT(plugin_identity); - setPluginID(plugin_identity); - - if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, - SLAPI_PLUGIN_VERSION_01) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, - (void *) dna_start) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, - (void *) dna_close) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, - (void *) &pdesc) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, - (void *) dna_mod_pre_op) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, - (void *) dna_add_pre_op) != 0 || - /* internal preoperation */ - slapi_register_plugin("internalpreoperation", /* op type */ - 1, /* Enabled */ - "dna_internal_preop_init", /* this function desc */ - dna_internal_preop_init, /* init func */ - PLUGIN_DESC_INT_PREOP, /* plugin desc */ - NULL, /* ? */ - plugin_identity /* access control */ - ) || - /* the config change checking post op */ - slapi_register_plugin("postoperation", /* op type */ - 1, /* Enabled */ - "dna_postop_init", /* this function desc */ - dna_postop_init, /* init func for post op */ - PLUGIN_DESC_POSTOP, /* plugin desc */ - NULL, /* ? */ - plugin_identity /* access control */ - ) - ) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "ipa_dna_init: failed to register plugin\n"); - status = DNA_FAILURE; - } - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- ipa_dna_init\n"); - return status; -} - - -static int -dna_internal_preop_init(Slapi_PBlock *pb) -{ - int status = DNA_SUCCESS; - - if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, - SLAPI_PLUGIN_VERSION_01) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, - (void *) &pdesc) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN, - (void *) dna_mod_pre_op) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN, - (void *) dna_add_pre_op) != 0) { - status = DNA_FAILURE; - } - - return status; -} - - -static int dna_postop_init(Slapi_PBlock * pb) -{ - int status = DNA_SUCCESS; - - if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, - SLAPI_PLUGIN_VERSION_01) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, - (void *) &pdesc) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, - (void *) dna_config_check_post_op) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODRDN_FN, - (void *) dna_config_check_post_op) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_POST_DELETE_FN, - (void *) dna_config_check_post_op) != 0 || - slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, - (void *) dna_config_check_post_op) != 0) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_postop_init: failed to register plugin\n"); - status = DNA_FAILURE; - } - - return status; -} - -/* - dna_start - -------------- - Kicks off the config cache. - It is called after dna_init. -*/ -static int dna_start(Slapi_PBlock * pb) -{ - char *plugindn = NULL; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_start\n"); - - /* Check if we're already started */ - if (g_plugin_started) { - goto done; - } - - g_dna_cache_lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "dna"); - g_new_value_lock = slapi_new_mutex(); - - if (!g_dna_cache_lock || !g_new_value_lock) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_start: lock creation failed\n"); - - return DNA_FAILURE; - } - - /** - * Get the plug-in target dn from the system - * and store it for future use. This should avoid - * hardcoding of DN's in the code. - */ - slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn); - if (NULL == plugindn || 0 == strlen(plugindn)) { - slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, - "dna_start: had to use hard coded config dn\n"); - plugindn = DNA_DN; - } else { - slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, - "dna_start: config at %s\n", plugindn); - - } - - setPluginDN(plugindn); - - /** - * Load the config for our plug-in - */ - dna_global_config = (PRCList *) - slapi_ch_calloc(1, sizeof(struct configEntry)); - PR_INIT_CLIST(dna_global_config); - - if (loadPluginConfig() != DNA_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_start: unable to load plug-in configuration\n"); - return DNA_FAILURE; - } - - g_plugin_started = 1; - slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, - "dna: ready for service\n"); - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_start\n"); - -done: - return DNA_SUCCESS; -} - -/* - dna_close - -------------- - closes down the cache -*/ -static int dna_close(Slapi_PBlock * pb) -{ - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_close\n"); - - deleteConfig(); - - slapi_ch_free((void **)&dna_global_config); - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_close\n"); - - return DNA_SUCCESS; -} - -/* - * config looks like this - * - cn=myplugin - * --- cn=posix - * ------ cn=accounts - * ------ cn=groups - * --- cn=samba - * --- cn=etc - * ------ cn=etc etc - */ -static int loadPluginConfig() -{ - int status = DNA_SUCCESS; - int result; - int i; - Slapi_PBlock *search_pb; - Slapi_Entry **entries = NULL; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> loadPluginConfig\n"); - - dna_write_lock(); - deleteConfig(); - - search_pb = slapi_pblock_new(); - - slapi_search_internal_set_pb(search_pb, getPluginDN(), - LDAP_SCOPE_SUBTREE, "objectclass=*", - NULL, 0, NULL, NULL, getPluginID(), 0); - slapi_search_internal_pb(search_pb); - slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); - - if (LDAP_SUCCESS != result) { - status = DNA_FAILURE; - goto cleanup; - } - - slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, - &entries); - if (NULL == entries || NULL == entries[0]) { - status = DNA_SUCCESS; - goto cleanup; - } - - for (i = 0; (entries[i] != NULL); i++) { - status = parseConfigEntry(entries[i]); - if (DNA_SUCCESS != status) - break; - } - - cleanup: - slapi_free_search_results_internal(search_pb); - slapi_pblock_destroy(search_pb); - dna_unlock(); - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- loadPluginConfig\n"); - - return status; -} - -static int parseConfigEntry(Slapi_Entry * e) -{ - char *value; - struct configEntry *entry; - struct configEntry *config_entry; - PRCList *list; - int entry_added = 0; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> parseConfigEntry\n"); - - entry = (struct configEntry *) - slapi_ch_calloc(1, sizeof(struct configEntry)); - if (NULL == entry) - goto bail; - - value = slapi_entry_get_ndn(e); - if (value) { - entry->dn = strdup(value); - } - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dn [%s]\n", entry->dn, 0, 0); - - value = slapi_entry_attr_get_charptr(e, DNA_TYPE); - if (value) { - entry->type = value; - } else - goto bail; - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaType [%s]\n", entry->type, 0, 0); - - /* FIXME: check the attribute type, it must suport matching rules and be - * indexed, these are requirements and failure to meet them should result in - * the configuration to be disarded and an ERROR logged prominently */ - - value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); - if (value) { - entry->nextval = strtoul(value, 0, 0); - slapi_ch_free_string(&value); - } else - goto bail; - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaNextValue [%d]\n", entry->nextval, 0, - 0); - - value = slapi_entry_attr_get_charptr(e, DNA_PREFIX); - if (value && value[0]) { - entry->prefix = value; - } - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaPrefix [%s]\n", entry->prefix, 0, 0); - - value = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); - if (value) { - entry->interval = strtoul(value, 0, 0); - } else - goto bail; - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaInterval [%s]\n", value, 0, 0); - - slapi_ch_free_string(&value); - - value = slapi_entry_attr_get_charptr(e, DNA_GENERATE); - if (value) { - entry->generate = value; - } - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaMagicRegen [%s]\n", entry->generate, - 0, 0); - - value = slapi_entry_attr_get_charptr(e, DNA_FILTER); - if (value) { - entry->filter = value; - entry->slapi_filter = slapi_str2filter(value); - } else - goto bail; - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaFilter [%s]\n", value, 0, 0); - - value = slapi_entry_attr_get_charptr(e, DNA_SCOPE); - if (value) { - entry->scope = slapi_dn_normalize(value); - } - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaScope [%s]\n", entry->scope, 0, 0); - - /* optional, if not specified set -1 which is converted to the max unisgnee - * value */ - value = slapi_entry_attr_get_charptr(e, DNA_MAXVAL); - if (value) { - entry->maxval = strtoul(value, 0, 0); - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "----------> dnaMaxValue [%ld]\n", value, 0, 0); - - slapi_ch_free_string(&value); - } else - entry->maxval = -1; - - - /** - * Finally add the entry to the list - * we group by type then by filter - * and finally sort by dn length with longer dn's - * first - this allows the scope checking - * code to be simple and quick and - * cunningly linear - */ - if (!PR_CLIST_IS_EMPTY(dna_global_config)) { - list = PR_LIST_HEAD(dna_global_config); - while (list != dna_global_config) { - config_entry = (struct configEntry *) list; - - if (slapi_attr_type_cmp(config_entry->type, entry->type, 1)) - goto next; - - if (slapi_filter_compare(config_entry->slapi_filter, - entry->slapi_filter)) - goto next; - - if (slapi_dn_issuffix(entry->scope, config_entry->scope)) { - PR_INSERT_BEFORE(&(entry->list), list); - slapi_log_error(SLAPI_LOG_CONFIG, - DNA_PLUGIN_SUBSYSTEM, - "store [%s] before [%s] \n", entry->scope, - config_entry->scope, 0); - entry_added = 1; - break; - } - - next: - list = PR_NEXT_LINK(list); - - if (dna_global_config == list) { - /* add to tail */ - PR_INSERT_BEFORE(&(entry->list), list); - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "store [%s] at tail\n", entry->scope, 0, - 0); - entry_added = 1; - break; - } - } - } else { - /* first entry */ - PR_INSERT_LINK(&(entry->list), dna_global_config); - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "store [%s] at head \n", entry->scope, 0, 0); - entry_added = 1; - } - - bail: - if (0 == entry_added) { - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "config entry [%s] skipped\n", entry->dn, 0, 0); - freeConfigEntry(&entry); - } - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- parseConfigEntry\n"); - - return DNA_SUCCESS; -} - -static void freeConfigEntry(struct configEntry ** entry) -{ - struct configEntry *e = *entry; - - if (e->dn) { - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, - "freeing config entry [%s]\n", e->dn, 0, 0); - slapi_ch_free_string(&e->dn); - } - - if (e->type) - slapi_ch_free_string(&e->type); - - if (e->prefix) - slapi_ch_free_string(&e->prefix); - - if (e->filter) - slapi_ch_free_string(&e->filter); - - if (e->slapi_filter) - slapi_filter_free(e->slapi_filter, 1); - - if (e->generate) - slapi_ch_free_string(&e->generate); - - if (e->scope) - slapi_ch_free_string(&e->scope); - - slapi_ch_free((void **) entry); -} - -static void deleteConfigEntry(PRCList * entry) -{ - PR_REMOVE_LINK(entry); - freeConfigEntry((struct configEntry **) & entry); -} - -static void deleteConfig() -{ - PRCList *list; - - while (!PR_CLIST_IS_EMPTY(dna_global_config)) { - list = PR_LIST_HEAD(dna_global_config); - deleteConfigEntry(list); - } - - return; -} - -/**************************************************** - Distributed ranges Helpers -****************************************************/ - -static int dna_fix_maxval(Slapi_DN *dn, PRUint64 *cur, PRUint64 *max) -{ - /* TODO: check the main partition to see if another range - * is available, and set the new local configuration - * accordingly. - * If a new range is not available run the retrieval task - * and simply return error - */ - - return LDAP_OPERATIONS_ERROR; -} - -static void dna_notice_allocation(Slapi_DN *dn, PRUint64 new) -{ - /* TODO: check if we passed a new chunk threshold and update - * the shared configuration on the public partition. - */ - - return; -} - -/**************************************************** - Helpers -****************************************************/ - -static char *dna_get_dn(Slapi_PBlock * pb) -{ - char *dn = 0; - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_get_dn\n"); - - if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn)) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_get_dn: failed to get dn of changed entry"); - goto bail; - } - -/* slapi_dn_normalize( dn ); -*/ - bail: - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_get_dn\n"); - - return dn; -} - -/* config check - matching config dn or a descendent reloads config -*/ -static int dna_dn_is_config(char *dn) -{ - int ret = 0; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_is_config\n"); - - if (slapi_dn_issuffix(dn, getPluginDN())) { - ret = 1; - } - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_is_config\n"); - - return ret; -} - -#define DNA_LDAP_TAG_SK_REVERSE 0x81L - -static LDAPControl *dna_build_sort_control(const char *attr) -{ - LDAPControl *ctrl; - BerElement *ber; - int rc; - - ber = ber_alloc(); - if (NULL == ber) - return NULL; - - rc = ber_printf(ber, "{{stb}}", attr, DNA_LDAP_TAG_SK_REVERSE, 1); - if (-1 == rc) { - ber_free(ber, 1); - return NULL; - } - - rc = slapi_build_control(LDAP_CONTROL_SORTREQUEST, ber, 1, &ctrl); - - ber_free(ber, 1); - - if (LDAP_SUCCESS != rc) - return NULL; - - return ctrl; -} - -/**************************************************** - Functions that actually do things other - than config and startup -****************************************************/ - -/* we do search all values between newval and maxval asking the - * server to sort them, then we check the first free spot and - * use it as newval */ -static int dna_first_free_value(struct configEntry *config_entry, - PRUint64 *newval, - PRUint64 maxval, - PRUint64 increment) -{ - Slapi_Entry **entries = NULL; - Slapi_PBlock *pb = NULL; - LDAPControl **ctrls; - char *attrs[2]; - char *filter; - char *prefix; - char *type; - int preflen; - int result, status; - PRUint64 tmpval, sval, i; - char *strval = NULL; - - prefix = config_entry->prefix; - type = config_entry->type; - tmpval = *newval; - - attrs[0] = type; - attrs[1] = NULL; - - ctrls = (LDAPControl **)slapi_ch_calloc(2, sizeof(LDAPControl)); - if (NULL == ctrls) - return LDAP_OPERATIONS_ERROR; - - ctrls[0] = dna_build_sort_control(config_entry->type); - if (NULL == ctrls[0]) { - slapi_ch_free((void **)&ctrls); - return LDAP_OPERATIONS_ERROR; - } - - filter = slapi_ch_smprintf("(&%s(&(%s>=%s%llu)(%s<=%s%llu)))", - config_entry->filter, - type, prefix?prefix:"", tmpval, - type, prefix?prefix:"", maxval); - if (NULL == filter) { - ldap_control_free(ctrls[0]); - slapi_ch_free((void **)&ctrls); - return LDAP_OPERATIONS_ERROR; - } - - pb = slapi_pblock_new(); - if (NULL == pb) { - ldap_control_free(ctrls[0]); - slapi_ch_free((void **)&ctrls); - slapi_ch_free_string(&filter); - return LDAP_OPERATIONS_ERROR; - } - - slapi_search_internal_set_pb(pb, config_entry->scope, - LDAP_SCOPE_SUBTREE, filter, - attrs, 0, ctrls, - NULL, getPluginID(), 0); - slapi_search_internal_pb(pb); -/* - ldap_control_free(ctrls[0]); -*/ - slapi_ch_free_string(&filter); - - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); - if (LDAP_SUCCESS != result) { - status = LDAP_OPERATIONS_ERROR; - goto cleanup; - } - - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, - &entries); - - if (NULL == entries || NULL == entries[0]) { - /* no values means we already have a good value */ - status = LDAP_SUCCESS; - goto cleanup; - } - - /* entries are sorted and filtered for value >= tval therefore if the - * first one does not match tval it means that the value is free, - * otherwise we need to cycle through values until we find a mismatch, - * the first mismatch is the first free pit */ - - preflen = prefix?strlen(prefix):0; - sval = 0; - for (i = 0; NULL != entries[i]; i++) { - strval = slapi_entry_attr_get_charptr(entries[i], type); - if (preflen) { - if (strlen(strval) <= preflen) { - /* something very wrong here ... */ - status = LDAP_OPERATIONS_ERROR; - goto cleanup; - } - strval = &strval[preflen-1]; - } - - errno = 0; - sval = strtoul(strval, 0, 0); - if (errno) { - /* something very wrong here ... */ - status = LDAP_OPERATIONS_ERROR; - goto cleanup; - } - slapi_ch_free_string(&strval); - - if (tmpval != sval) - break; - - if (maxval < sval) - break; - - tmpval += increment; - } - - *newval = tmpval; - status = LDAP_SUCCESS; - -cleanup: - slapi_ch_free_string(&strval); - slapi_free_search_results_internal(pb); - slapi_pblock_destroy(pb); - - return status; -} - -/* - * Perform ldap operationally atomic increment - * Return the next value to be assigned - * Method: - * 1. retrieve entry - * 2. do increment operations - * 3. remove current value, add new value in one operation - * 4. if failed, and less than 3 times, goto 1 - */ -static int dna_get_next_value(struct configEntry *config_entry, - char **next_value_ret) -{ - Slapi_PBlock *pb = NULL; - char *old_value = NULL; - Slapi_Entry *e = NULL; - Slapi_DN *dn = NULL; - char *attrlist[4]; - int attempts; - int ret; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_get_next_value\n"); - - /* get pre-requisites to search */ - dn = slapi_sdn_new_dn_byref(config_entry->dn); - attrlist[0] = DNA_NEXTVAL; - attrlist[1] = DNA_MAXVAL; - attrlist[2] = DNA_INTERVAL; - attrlist[3] = NULL; - - - /* the operation is constructed such that race conditions - * to increment the value are detected and avoided - one wins, - * one loses - however, there is no need for the server to compete - * with itself so we lock here - */ - - slapi_lock_mutex(g_new_value_lock); - - for (attempts = 0; attempts < 3; attempts++) { - - LDAPMod mod_add; - LDAPMod mod_delete; - LDAPMod *mods[3]; - char *delete_val[2]; - char *add_val[2]; - char new_value[16]; - char *interval; - char *max_value; - PRUint64 increment = 1; /* default increment */ - PRUint64 setval = 0; - PRUint64 newval = 0; - PRUint64 maxval = -1; - - /* do update */ - ret = slapi_search_internal_get_entry(dn, attrlist, &e, - getPluginID()); - if (LDAP_SUCCESS != ret) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - - old_value = slapi_entry_attr_get_charptr(e, DNA_NEXTVAL); - if (NULL == old_value) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - - setval = strtoul(old_value, 0, 0); - - max_value = slapi_entry_attr_get_charptr(e, DNA_MAXVAL); - if (max_value) { - maxval = strtoul(max_value, 0, 0); - slapi_ch_free_string(&max_value); - } - - /* if not present the default is 1 */ - interval = slapi_entry_attr_get_charptr(e, DNA_INTERVAL); - if (NULL != interval) { - increment = strtoul(interval, 0, 0); - } - - slapi_entry_free(e); - e = NULL; - - /* check the value is actually in range */ - - /* verify the new value is actually free and get the first - * one free if not*/ - ret = dna_first_free_value(config_entry, &setval, maxval, increment); - if (LDAP_SUCCESS != ret) - goto done; - - /* try for a new range or fail */ - if (setval > maxval) { - ret = dna_fix_maxval(dn, &setval, &maxval); - if (LDAP_SUCCESS != ret) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_get_next_value: no more IDs available!!\n"); - goto done; - } - - /* verify the new value is actually free and get the first - * one free if not */ - ret = dna_first_free_value(config_entry, &setval, maxval, increment); - if (LDAP_SUCCESS != ret) - goto done; - } - - if (setval > maxval) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - - newval = setval + increment; - - /* try for a new range or fail */ - if (newval > maxval) { - ret = dna_fix_maxval(dn, &newval, &maxval); - if (LDAP_SUCCESS != ret) { - slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, - "dna_get_next_value: no more IDs available!!\n"); - goto done; - } - } - - /* try to set the new value */ - - sprintf(new_value, "%llu", newval); - - delete_val[0] = old_value; - delete_val[1] = 0; - - mod_delete.mod_op = LDAP_MOD_DELETE; - mod_delete.mod_type = DNA_NEXTVAL; - mod_delete.mod_values = delete_val; - - add_val[0] = new_value; - add_val[1] = 0; - - mod_add.mod_op = LDAP_MOD_ADD; - mod_add.mod_type = DNA_NEXTVAL; - mod_add.mod_values = add_val; - - mods[0] = &mod_delete; - mods[1] = &mod_add; - mods[2] = 0; - - pb = slapi_pblock_new(); - if (NULL == pb) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - - slapi_modify_internal_set_pb(pb, config_entry->dn, - mods, 0, 0, getPluginID(), 0); - - slapi_modify_internal_pb(pb); - - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); - - slapi_pblock_destroy(pb); - pb = NULL; - slapi_ch_free_string(&interval); - slapi_ch_free_string(&old_value); - - if (LDAP_SUCCESS == ret) { - *next_value_ret = slapi_ch_smprintf("%llu", setval); - if (NULL == *next_value_ret) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - - dna_notice_allocation(dn, newval); - goto done; - } - - if (LDAP_NO_SUCH_ATTRIBUTE != ret) { - /* not the result of a race - to change the value - */ - goto done; - } - } - - done: - - slapi_unlock_mutex(g_new_value_lock); - - if (LDAP_SUCCESS != ret) - slapi_ch_free_string(&old_value); - - if (dn) - slapi_sdn_free(&dn); - - if (e) - slapi_entry_free(e); - - if (pb) - slapi_pblock_destroy(pb); - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_get_next_value\n"); - - return ret; -} - -/* for mods and adds: - where dn's are supplied, the closest in scope - is used as long as the type and filter - are identical - otherwise all matches count -*/ - -static int dna_pre_op(Slapi_PBlock * pb, int modtype) -{ - char *dn = 0; - PRCList *list = 0; - struct configEntry *config_entry = 0; - struct slapi_entry *e = 0; - char *last_type = 0; - char *value = 0; - int generate = 0; - Slapi_Mods *smods = 0; - Slapi_Mod *smod = 0; - LDAPMod **mods; - int free_entry = 0; - char *errstr = NULL; - int ret = 0; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_pre_op\n"); - - /* Just bail if we aren't ready to service requests yet. */ - if (!g_plugin_started) - goto bail; - - if (0 == (dn = dna_get_dn(pb))) - goto bail; - - if (dna_dn_is_config(dn)) - goto bail; - - if (LDAP_CHANGETYPE_ADD == modtype) { - slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e); - } else { - /* xxxPAR: Ideally SLAPI_MODIFY_EXISTING_ENTRY should be - * available but it turns out that is only true if you are - * a dbm backend pre-op plugin - lucky dbm backend pre-op - * plugins. - * I think that is wrong since the entry is useful for filter - * tests and schema checks and this plugin shouldn't be limited - * to a single backend type, but I don't want that fight right - * now so we go get the entry here - * - slapi_pblock_get( pb, SLAPI_MODIFY_EXISTING_ENTRY, &e); - */ - Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn); - if (tmp_dn) { - slapi_search_internal_get_entry(tmp_dn, 0, &e, getPluginID()); - slapi_sdn_free(&tmp_dn); - free_entry = 1; - } - - /* grab the mods - we'll put them back later with - * our modifications appended - */ - slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); - smods = slapi_mods_new(); - slapi_mods_init_passin(smods, mods); - } - - if (0 == e) - goto bailmod; - - dna_read_lock(); - - if (!PR_CLIST_IS_EMPTY(dna_global_config)) { - list = PR_LIST_HEAD(dna_global_config); - - while (list != dna_global_config && LDAP_SUCCESS == ret) { - config_entry = (struct configEntry *) list; - - /* did we already service this type? */ - if (last_type) { - if (!slapi_attr_type_cmp(config_entry->type, last_type, 1)) - goto next; - } - - /* is the entry in scope? */ - if (config_entry->scope) { - if (!slapi_dn_issuffix(dn, config_entry->scope)) - goto next; - } - - /* does the entry match the filter? */ - if (config_entry->slapi_filter) { - if (LDAP_SUCCESS != slapi_vattr_filter_test(pb, - e, - config_entry-> - slapi_filter, 0)) - goto next; - } - - - if (LDAP_CHANGETYPE_ADD == modtype) { - /* does attribute contain the magic value - or is the type not there? - */ - value = - slapi_entry_attr_get_charptr(e, config_entry->type); - if ((value - && !slapi_UTF8CASECMP(config_entry->generate, value)) - || 0 == value) { - generate = 1; - } - } else { - /* check mods for magic value */ - Slapi_Mod *next_mod = slapi_mod_new(); - smod = slapi_mods_get_first_smod(smods, next_mod); - while (smod) { - char *type = (char *) - slapi_mod_get_type(smod); - - if (slapi_attr_types_equivalent(type, - config_entry->type)) { - struct berval *bv = - slapi_mod_get_first_value(smod); - int len = strlen(config_entry->generate); - - - if (len == bv->bv_len) { - if (!slapi_UTF8NCASECMP(bv->bv_val, - config_entry->generate, - len)) - - generate = 1; - break; - } - } - - slapi_mod_done(next_mod); - smod = slapi_mods_get_next_smod(smods, next_mod); - } - - slapi_mod_free(&next_mod); - } - - if (generate) { - char *new_value; - int len; - - /* create the value to add */ - ret = dna_get_next_value(config_entry, &value); - if (DNA_SUCCESS != ret) { - errstr = slapi_ch_smprintf("Allocation of a new value for" - " %s failed! Unable to proceed.", - config_entry->type); - break; - } - - len = strlen(value) + 1; - if (config_entry->prefix) { - len += strlen(config_entry->prefix); - } - - new_value = slapi_ch_malloc(len); - - if (config_entry->prefix) { - strcpy(new_value, config_entry->prefix); - strcat(new_value, value); - } else - strcpy(new_value, value); - - /* do the mod */ - if (LDAP_CHANGETYPE_ADD == modtype) { - /* add - add to entry */ - slapi_entry_attr_set_charptr(e, - config_entry->type, - new_value); - } else { - /* mod - add to mods */ - slapi_mods_add_string(smods, - LDAP_MOD_REPLACE, - config_entry->type, new_value); - } - - /* free up */ - slapi_ch_free_string(&value); - slapi_ch_free_string(&new_value); - - /* make sure we don't generate for this - * type again - */ - if (LDAP_SUCCESS == ret) { - last_type = config_entry->type; - } - - generate = 0; - } - next: - list = PR_NEXT_LINK(list); - } - } - - dna_unlock(); - - bailmod: - if (LDAP_CHANGETYPE_MODIFY == modtype) { - /* these are the mods you made, really, - * I didn't change them, honest, just had a quick look - */ - mods = slapi_mods_get_ldapmods_passout(smods); - slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods); - slapi_mods_free(&smods); - } - - bail: - - if (free_entry && e) - slapi_entry_free(e); - - if (ret) { - slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, - "dna_pre_op: operation failure [%d]\n", ret); - slapi_send_ldap_result(pb, ret, NULL, errstr, 0, NULL); - slapi_ch_free((void **)&errstr); - ret = DNA_FAILURE; - } - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_pre_op\n"); - - return ret; -} - -static int dna_add_pre_op(Slapi_PBlock * pb) -{ - return dna_pre_op(pb, LDAP_CHANGETYPE_ADD); -} - -static int dna_mod_pre_op(Slapi_PBlock * pb) -{ - return dna_pre_op(pb, LDAP_CHANGETYPE_MODIFY); -} - -static int dna_config_check_post_op(Slapi_PBlock * pb) -{ - char *dn; - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_config_check_post_op\n"); - - if ((dn = dna_get_dn(pb))) { - if (dna_dn_is_config(dn)) - loadPluginConfig(); - } - - slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "<-- dna_config_check_post_op\n"); - - return 0; -} - -/**************************************************** - End of - Functions that actually do things other - than config and startup -****************************************************/ - -/** - * debug functions to print config - */ -void dnaDumpConfig() -{ - PRCList *list; - - dna_read_lock(); - - if (!PR_CLIST_IS_EMPTY(dna_global_config)) { - list = PR_LIST_HEAD(dna_global_config); - while (list != dna_global_config) { - dnaDumpConfigEntry((struct configEntry *) list); - list = PR_NEXT_LINK(list); - } - } - - dna_unlock(); -} - - -void dnaDumpConfigEntry(struct configEntry * entry) -{ - printf("<- type --------------> %s\n", entry->type); - printf("<---- prefix ---------> %s\n", entry->prefix); - printf("<---- next value -----> %lu\n", entry->nextval); - printf("<---- interval -------> %lu\n", entry->interval); - printf("<---- generate flag --> %s\n", entry->generate); -} diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 6ef43ba24..ef3cf9a71 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -17,6 +17,7 @@ app_DATA = \ bind.named.conf.template \ bind.zone.db.template \ certmap.conf.template \ + dna-conf.ldif \ kdc.conf.template \ krb5.conf.template \ krb5.ini.template \ diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 449b0af49..39a0817c4 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -115,6 +115,8 @@ dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: nestedGroup +objectClass: ipaUserGroup objectClass: posixGroup gidNumber: 1002 description: Default group for all users diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif index a88485456..6b5cef8cc 100644 --- a/install/share/dna-posix.ldif +++ b/install/share/dna-posix.ldif @@ -1,19 +1,10 @@ -# add container for posix configuration - -dn: cn=Posix,cn=ipa-dna,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: nsContainer -objectclass: extensibleObject -cn: Posix - # add plugin configuration for posix users -dn: cn=Accounts,cn=Posix,cn=ipa-dna,cn=plugins,cn=config +dn: cn=Posix Accounts,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: add objectclass: top objectclass: extensibleObject -cn: Accounts +cn: Posix Accounts dnaType: uidNumber dnaNextValue: 1100 dnaInterval: 1 @@ -24,11 +15,11 @@ dnaScope: $SUFFIX # add plugin configuration for posix groups -dn: cn=Groups,cn=Posix,cn=ipa-dna,cn=plugins,cn=config +dn: cn=Posix Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: add objectclass: top objectclass: extensibleObject -cn: Groups +cn: Posix Groups dnaType: gidNumber dnaNextValue: 1100 dnaInterval: 1 diff --git a/ipa.spec.in b/ipa.spec.in index 629773dd4..fc1932089 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -225,7 +225,6 @@ make install DESTDIR=%{buildroot} # these files rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la rm %{buildroot}/%{plugin_dir}/libipa-memberof-plugin.la -rm %{buildroot}/%{plugin_dir}/libipa-dna-plugin.la rm %{buildroot}/%{plugin_dir}/libipa_winsync.la # Some user-modifiable HTML files are provided. Move these to /etc @@ -351,7 +350,6 @@ fi %{_usr}/share/ipa/updates/* %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so %attr(755,root,root) %{plugin_dir}/libipa-memberof-plugin.so -%attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so %attr(755,root,root) %{plugin_dir}/libipa_winsync.so %dir %{_localstatedir}/lib/ipa %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore @@ -425,7 +423,10 @@ fi %endif %changelog -* Thu Mar 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2 +* Thu Mar 5 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-3 +- Remove the IPA DNA plugin, use the DS one + +* Wed Mar 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2 - Build radius separately - Fix a few minor issues |