1 files changed, 52 insertions, 10 deletions

diff --git a/src/back-sch.c b/src/back-sch.c
index 78f2627..1c388da 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -259,15 +259,6 @@ backend_set_config_read_config(struct plugin_state *state, Slapi_Entry *e,
 		free(nsswitch_min_id);
 	}
 
-	if (ret.check_nsswitch != SCH_NSSWITCH_NONE) {
-		/* If we're adding nsswitch-based entries to this map, make
-		 * sure that we copy the schema-compat-origin and SID
-		 * attributes, so that we can read the former during the BIND
-		 * callback. */
-		backend_shr_add_strlist(&ret.attribute_format, "objectClass=%ifeq(\"%{ipaNTSecurityIdentifier}\",\"\",\"\",\"extensibleObject\")");
-		backend_shr_add_strlist(&ret.attribute_format, "ipaNTSecurityIdentifier=%{ipaNTSecurityIdentifier}");
-	}
-
 	*pret = backend_copy_set_config(&ret);
 	if (*pret == NULL) {
 		if (strlen(container) > 0) {
@@ -1005,6 +996,7 @@ backend_search_entry_cb(const char *domain, const char *map, bool_t secure,
 			void *backend_data, void *cb_data)
 {
 	Slapi_DN *sdn;
+	Slapi_Entry *entry;
 	struct backend_search_cbdata *cbdata;
 	struct backend_entry_data *entry_data;
 	int result;
@@ -1043,9 +1035,25 @@ backend_search_entry_cb(const char *domain, const char *map, bool_t secure,
 				cbdata->state->plugin_desc->spd_id,
 				"search matched %s\n",
 				slapi_sdn_get_ndn(sdn));
-		slapi_send_ldap_search_entry(cbdata->pb, entry_data->e, NULL,
+		entry = entry_data->e;
+#ifdef USE_IPA_IDVIEWS
+		if (cbdata->idview != NULL) {
+			entry = slapi_entry_dup(entry_data->e);
+			idview_process_overrides(cbdata, key, map, domain, entry);
+		}
+
+		if (slapi_entry_attr_exists(entry, IPA_IDVIEWS_ATTR_ANCHORUUID) == 1) {
+			slapi_entry_attr_delete(entry, IPA_IDVIEWS_ATTR_ANCHORUUID);
+			slapi_entry_delete_string(entry, "objectClass", "ipaOverrideTarget");
+		}
+#endif
+		slapi_send_ldap_search_entry(cbdata->pb, entry, NULL,
 					     cbdata->attrs, cbdata->attrsonly);
 		cbdata->n_entries++;
+
+		if (entry != entry_data->e) {
+			slapi_entry_free(entry);
+		}
 		break;
 	}
 
@@ -1104,6 +1112,13 @@ backend_search_set_cb(const char *group, const char *set, bool_t flag,
 			slapi_log_error(SLAPI_LOG_PLUGIN,
 					cbdata->state->plugin_desc->spd_id,
 					"search matched %s\n", ndn);
+#ifdef USE_IPA_IDVIEWS
+			if (cbdata->idview != NULL) {
+				idview_process_overrides(cbdata, NULL,
+							 set_data->common.set,
+							 set_data->common.group, set_entry);
+			}
+#endif
 			slapi_send_ldap_search_entry(cbdata->pb, set_entry,
 						     NULL, cbdata->attrs,
 						     cbdata->attrsonly);
@@ -1216,6 +1231,11 @@ backend_search_group_cb(const char *group, void *cb_data)
 			slapi_log_error(SLAPI_LOG_PLUGIN,
 					cbdata->state->plugin_desc->spd_id,
 					"search matched %s\n", group);
+#ifdef USE_IPA_IDVIEWS
+			if (cbdata->idview != NULL) {
+				idview_process_overrides(cbdata, NULL, NULL, group, group_entry);
+			}
+#endif
 			slapi_send_ldap_search_entry(cbdata->pb, group_entry,
 						     NULL, cbdata->attrs,
 						     cbdata->attrsonly);
@@ -1313,11 +1333,16 @@ backend_search_cb(Slapi_PBlock *pb)
 	cbdata.n_entries = 0;
 	cbdata.staged = NULL;
 	cbdata.cur_staged = NULL;
+	cbdata.idview = NULL;
+	cbdata.overrides = NULL;
 	/* Okay, we can search. */
 	slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id,
 			"searching from \"%s\" for \"%s\" with scope %d%s\n",
 			cbdata.target, cbdata.strfilter, cbdata.scope,
 			backend_sch_scope_as_string(cbdata.scope));
+#ifdef USE_IPA_IDVIEWS
+	idview_replace_target_dn(&cbdata.target, &cbdata.idview);
+#endif
 	cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
 	/* Check if there's a backend handling this search. */
 	if (!slapi_be_exist(cbdata.target_dn)) {
@@ -1326,10 +1351,18 @@ backend_search_cb(Slapi_PBlock *pb)
 				"slapi_be_exists(\"%s\") = 0, "
 				"ignoring search\n", cbdata.target);
 		slapi_sdn_free(&cbdata.target_dn);
+		slapi_ch_free_string(&cbdata.idview);
+#ifdef USE_IPA_IDVIEWS
+		idview_free_overrides(&cbdata);
+#endif
 		return 0;
 	}
+
 	/* Walk the list of groups. */
 	wrap_inc_call_level();
+#ifdef USE_IPA_IDVIEWS
+	idview_replace_filter(&cbdata);
+#endif
 	if (map_rdlock() == 0) {
 		map_data_foreach_domain(cbdata.state, backend_search_group_cb,
 					&cbdata);
@@ -1468,6 +1501,10 @@ backend_search_cb(Slapi_PBlock *pb)
 				 cbdata.n_entries, NULL);
 	}
 	slapi_sdn_free(&cbdata.target_dn);
+	slapi_ch_free_string(&cbdata.idview);
+#ifdef USE_IPA_IDVIEWS
+	idview_free_overrides(&cbdata);
+#endif
 	free(cbdata.closest_match);
 	free(cbdata.text);
 	return cbdata.answer ? -1 : 0;
@@ -1525,6 +1562,7 @@ static void
 backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **group, const char**set)
 {
 	struct backend_locate_cbdata cbdata;
+	char *idview = NULL;
 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
 	if (cbdata.state->plugin_base == NULL) {
@@ -1533,6 +1571,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
 		return;
 	}
 	slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target);
+#ifdef USE_IPA_IDVIEWS
+	idview_replace_target_dn(&cbdata.target, &idview);
+#endif
 	cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
 	cbdata.entry_data = NULL;
 	cbdata.entry_group = NULL;
@@ -1542,6 +1583,7 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
 	*group = cbdata.entry_group;
 	*set = cbdata.entry_set;
 	slapi_sdn_free(&cbdata.target_dn);
+	slapi_ch_free_string(&idview);
 }
 
 /* Check if the target DN is part of this group's tree.  If it is, return an