diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-07-29 11:15:50 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-29 20:18:34 -0600 |
| commit | 7c52ad591180095b747f08c92a1550d76c9e9532 (patch) | |
| tree | aa3c51ca74401d7bb160c8d996b1667dd67c3d26 /ldap/servers/slapd/slapi-plugin.h | |
| parent | ff6d5df121f3c1db93a8dac7ffe69c96a14ae74a (diff) | |
| download | ds-7c52ad591180095b747f08c92a1550d76c9e9532.tar.gz ds-7c52ad591180095b747f08c92a1550d76c9e9532.tar.xz ds-7c52ad591180095b747f08c92a1550d76c9e9532.zip | |
Dereference support
This adds support for the newly proposed LDAP Dereference feature (not to
be confused with alias dereferencing). The details of the proposed feature
can be found here:
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-masarati-ldap-deref-xx.txt
This adds a new deref plugin to the directory server. This is a pre op search
plugin. In order to allow the plugin to rewrite the controls sent back with
each entry, I changed the way pre-search and pre-entry plugins work. They now
have the ability to alter the entry and controls just before being sent back
to the client.
This plugin does not currently support internal operations. It should be easy
to add a call to register the plugin for internal ops if we need to do that.
The code supports real, computed (e.g. memberOf), and virtual attributes
both as the attibute to dereference and in the list of attributes to return
from each dereferenced entry. This will allow us to use attributes such as
nsRole as the derefattr.
Tested on RHEL5 x86_64 with various openldap 2.4.15+ and Net::LDAP clients.
valgrind output is clean
Diffstat (limited to 'ldap/servers/slapd/slapi-plugin.h')
| -rw-r--r-- | ldap/servers/slapd/slapi-plugin.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index d5efe4d5..e59df68b 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -3295,6 +3295,19 @@ typedef struct slapi_plugindesc { /* Copies of entry before and after add, mod, mod[r]dn operations */ #define SLAPI_ENTRY_PRE_OP 52 #define SLAPI_ENTRY_POST_OP 53 +/* a PRE_ENTRY_FN may alter the entry to be returned to the client - + SLAPI_SEARCH_ORIG_ENTRY holds the original entry from + the database - this must not be changed + SLAPI_SEARCH_ENTRY_COPY holds a copy of the original entry that + has been modified by the plugin - this will be NULL by default - + if a plugin needs to modify the entry, it should first check to + see if there is already a SLAPI_SEARCH_ENTRY_COPY - if not, the + plugin must use slapi_entry_dup() or similar to make a copy, edit + the copy, then store it in SLAPI_SEARCH_ENTRY_COPY - the internal + server code will free SLAPI_SEARCH_ENTRY_COPY +*/ +#define SLAPI_SEARCH_ENTRY_ORIG SLAPI_ENTRY_PRE_OP +#define SLAPI_SEARCH_ENTRY_COPY SLAPI_ENTRY_POST_OP /* LDAPv3 controls to be sent with the operation result */ #define SLAPI_RESCONTROLS 55 @@ -3466,6 +3479,10 @@ typedef struct slapi_plugindesc { #define SLAPI_NENTRIES 195 /* Any referrals encountered during the search */ #define SLAPI_SEARCH_REFERRALS 196 +/* for search operations, allows plugins to provide + controls to pass for each entry or referral returned + corresponds to pb_search_ctrls */ +#define SLAPI_SEARCH_CTRLS 198 #define SLAPI_RESULT_CODE 881 #define SLAPI_RESULT_TEXT 882 |