[389-commits] Branch '389-ds-base-1.3.2' - ldap/servers

Tue Nov 25 18:47:05 UTC 2014

ldap/servers/plugins/memberof/memberof.c        |    6 +++--
 ldap/servers/plugins/memberof/memberof.h        |    3 ++
 ldap/servers/plugins/memberof/memberof_config.c |   28 ++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)

New commits:
commit 9cce9c4bc7b212a7c819ee2c3ea040ed5b282017
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Mon Nov 24 16:58:57 2014 -0500

    Ticket 47963 - RFE - memberOf - add option to skip nested
     group lookups during delete operations
    
    Bug Description:  The recursive nested group lookups performed during a group delete
                      operation can take a very long time to complete if there are very
                      large static groups(groups with with over 10K members).
    
                      If there are no nested groups, then it would be nice to have an option
                      to skip the nested group check, which would significantly improve
                      delete performance.
    
    Fix Description:  Added a new memberOf plugin configuration attribute:
    
                          memberOfSkipNested: on|off
    
    https://fedorahosted.org/389/ticket/47963
    
    Reviewed by: rmeggins(Thanks!)
    
    (cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d)
    
    Conflicts:
    	ldap/servers/plugins/memberof/memberof.h
    	ldap/servers/plugins/memberof/memberof_config.c

diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index a44f94b..be70f71 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -2540,8 +2540,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
 	memberof_del_dn_data del_data = {0, config->memberof_attr};
 	Slapi_ValueSet *groups = 0;
 
-	/* get a list of all of the groups this user belongs to */
-	groups = memberof_get_groups(config, sdn);
+	if(!config->skip_nested){
+		/* get a list of all of the groups this user belongs to */
+		groups = memberof_get_groups(config, sdn);
+	}
 
 	/* If we found some groups, replace the existing memberOf attribute
 	 * with the found values.  */
diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
index 008ae04..b5bc83a 100644
--- a/ldap/servers/plugins/memberof/memberof.h
+++ b/ldap/servers/plugins/memberof/memberof.h
@@ -67,6 +67,8 @@
 #define MEMBEROF_ATTR "memberOfAttr"
 #define MEMBEROF_BACKEND_ATTR "memberOfAllBackends"
 #define MEMBEROF_ENTRY_SCOPE_ATTR "memberOfEntryScope"
+#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested"
+
 #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
 #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
 
@@ -81,6 +83,7 @@ typedef struct memberofconfig {
 	Slapi_DN *entryScope;
 	Slapi_Filter *group_filter;
 	Slapi_Attr **group_slapiattrs;
+	int skip_nested;
 } MemberOfConfig;
 
 
diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
index 7b7a4f4..6d0fde8 100644
--- a/ldap/servers/plugins/memberof/memberof_config.c
+++ b/ldap/servers/plugins/memberof/memberof_config.c
@@ -165,6 +165,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
 	Slapi_Attr *memberof_attr = NULL;
 	Slapi_Attr *group_attr = NULL;
 	char *syntaxoid = NULL;
+	char *skip_nested = NULL;
 	int not_dn_syntax = 0;
 
 	*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
@@ -244,6 +245,18 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
 			MEMBEROF_GROUP_ATTR, MEMBEROF_ATTR); 
 	}
 
+	if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){
+		if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){
+			PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+				"The %s configuration attribute must be set to "
+				"\"on\" or \"off\".  (illegal value: %s)",
+				MEMBEROF_SKIP_NESTED_ATTR, skip_nested);
+			*returncode = LDAP_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	slapi_ch_free_string(&skip_nested);
+
 	if (*returncode != LDAP_SUCCESS)
 	{
 		return SLAPI_DSE_CALLBACK_ERROR;
@@ -272,6 +285,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
 	int groupattr_name_len = 0;
 	char *allBackends = NULL;
 	char *entryScope = NULL;
+	char *skip_nested = NULL;
 
 	*returncode = LDAP_SUCCESS;
 
@@ -279,6 +293,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
 	memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
 	allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
 	entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
+	skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
 
 	/* We want to be sure we don't change the config in the middle of
 	 * a memberOf operation, so we obtain an exclusive lock here */
@@ -377,6 +392,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
 		memberof_attr = NULL; /* config now owns memory */
 	}
 
+	if (skip_nested){
+		if(strcasecmp(skip_nested,"on") == 0){
+			theConfig.skip_nested = 1;
+		} else {
+			theConfig.skip_nested = 0;
+		}
+	}
+
 	if (allBackends)
 	{
 		if(strcasecmp(allBackends,"on")==0){
@@ -410,6 +433,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
 	slapi_ch_array_free(groupattrs);
 	slapi_ch_free_string(&memberof_attr);
 	slapi_ch_free_string(&allBackends);
+	slapi_ch_free_string(&skip_nested);
 
 	if (*returncode != LDAP_SUCCESS)
 	{
@@ -482,6 +506,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
 			dest->memberof_attr = slapi_ch_strdup(src->memberof_attr);
 		}
 
+		if(src->skip_nested){
+			dest->skip_nested = src->skip_nested;
+		}
+
 		if(src->allBackends)
 		{
 			dest->allBackends = src->allBackends;


