389-commits November 2014

389-commits@lists.fedoraproject.org

3 participants
46 discussions

Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds 27 Nov '14

27 Nov '14

ldap/servers/plugins/memberof/memberof.c | 5 ++++- ldap/servers/plugins/memberof/memberof.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) New commits: commit 116dcbd8094491b0249ed0bae4c00f08b478c3ab Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Wed Nov 26 16:57:05 2014 -0500 Ticket 47963 - skip nested groups breaks memberof fixup task Bug Description: Setting memberofskipnested to "on" breaks memberOf fixup task. Fix Description: We never want to skip nested group checking when performing a fixup task. Add a flag to distinguish that the fixup operation is a task, and not a delete. https://fedorahosted.org/389/ticket/47963 Reviewed by: nkinder(Thanks!) (cherry picked from commit d8e8119e92c6d872e317bbae5d59a08d80cb0966) Conflicts: ldap/servers/plugins/memberof/memberof.c diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index d81d9ab..0098829 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2301,6 +2301,9 @@ void memberof_fixup_task_thread(void *arg) memberof_copy_config(&configCopy, memberof_get_config()); memberof_unlock_config(); + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + /* get the memberOf operation lock */ memberof_lock(); @@ -2465,7 +2468,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - if(!config->skip_nested){ + if(!config->skip_nested || config->fixup_task){ /* get a list of all of the groups this user belongs to */ groups = memberof_get_groups(config, sdn); } diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 4add6f6..79e3557 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -82,6 +82,7 @@ typedef struct memberofconfig { Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; int skip_nested; + int fixup_task; } MemberOfConfig;

1 0

Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds 27 Nov '14

27 Nov '14

ldap/servers/plugins/memberof/memberof.c | 5 ++++- ldap/servers/plugins/memberof/memberof.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) New commits: commit 664b4f126b356854806762f880274b5531c83fb1 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Wed Nov 26 16:57:05 2014 -0500 Ticket 47963 - skip nested groups breaks memberof fixup task Bug Description: Setting memberofskipnested to "on" breaks memberOf fixup task. Fix Description: We never want to skip nested group checking when performing a fixup task. Add a flag to distinguish that the fixup operation is a task, and not a delete. https://fedorahosted.org/389/ticket/47963 Reviewed by: nkinder(Thanks!) (cherry picked from commit d8e8119e92c6d872e317bbae5d59a08d80cb0966) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 1931739..ec96b00 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2320,6 +2320,9 @@ void memberof_fixup_task_thread(void *arg) memberof_copy_config(&configCopy, memberof_get_config()); memberof_unlock_config(); + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + if (usetxn) { Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); Slapi_Backend *be = slapi_be_select(sdn); @@ -2513,7 +2516,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - if(!config->skip_nested){ + if(!config->skip_nested || config->fixup_task){ /* get a list of all of the groups this user belongs to */ groups = memberof_get_groups(config, sdn); } diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 4add6f6..79e3557 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -82,6 +82,7 @@ typedef struct memberofconfig { Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; int skip_nested; + int fixup_task; } MemberOfConfig;

1 0

Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds 27 Nov '14

27 Nov '14

ldap/servers/plugins/memberof/memberof.c | 5 ++++- ldap/servers/plugins/memberof/memberof.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) New commits: commit 919f30ca67e278584cfdbdf0c6c86ba38429b21b Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Wed Nov 26 16:57:05 2014 -0500 Ticket 47963 - skip nested groups breaks memberof fixup task Bug Description: Setting memberofskipnested to "on" breaks memberOf fixup task. Fix Description: We never want to skip nested group checking when performing a fixup task. Add a flag to distinguish that the fixup operation is a task, and not a delete. https://fedorahosted.org/389/ticket/47963 Reviewed by: nkinder(Thanks!) (cherry picked from commit d8e8119e92c6d872e317bbae5d59a08d80cb0966) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index be70f71..5a5a71a 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2347,6 +2347,9 @@ void memberof_fixup_task_thread(void *arg) memberof_copy_config(&configCopy, memberof_get_config()); memberof_unlock_config(); + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + if (usetxn) { Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); Slapi_Backend *be = slapi_be_select(sdn); @@ -2540,7 +2543,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - if(!config->skip_nested){ + if(!config->skip_nested || config->fixup_task){ /* get a list of all of the groups this user belongs to */ groups = memberof_get_groups(config, sdn); } diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index b5bc83a..5f7bbe6 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -84,6 +84,7 @@ typedef struct memberofconfig { Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; int skip_nested; + int fixup_task; } MemberOfConfig;

1 0

Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds 27 Nov '14

27 Nov '14

ldap/servers/plugins/memberof/memberof.c | 5 ++++- ldap/servers/plugins/memberof/memberof.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) New commits: commit ae06f9626255abe9687c110bcd85fc8287d3ec99 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Wed Nov 26 16:57:05 2014 -0500 Ticket 47963 - skip nested groups breaks memberof fixup task Bug Description: Setting memberofskipnested to "on" breaks memberOf fixup task. Fix Description: We never want to skip nested group checking when performing a fixup task. Add a flag to distinguish that the fixup operation is a task, and not a delete. https://fedorahosted.org/389/ticket/47963 Reviewed by: nkinder(Thanks!) (cherry picked from commit d8e8119e92c6d872e317bbae5d59a08d80cb0966) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 118d232..a594941 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2631,6 +2631,9 @@ void memberof_fixup_task_thread(void *arg) memberof_copy_config(&configCopy, memberof_get_config()); memberof_unlock_config(); + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + if (usetxn) { Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); Slapi_Backend *be = slapi_be_select(sdn); @@ -2816,7 +2819,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - if(!config->skip_nested){ + if(!config->skip_nested || config->fixup_task){ /* get a list of all of the groups this user belongs to */ groups = memberof_get_groups(config, sdn); } diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 93f031b..67fb310 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -86,6 +86,7 @@ typedef struct memberofconfig { Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; int skip_nested; + int fixup_task; } MemberOfConfig;

1 0

ldap/servers
by Mark Reynolds 27 Nov '14

27 Nov '14

ldap/servers/plugins/memberof/memberof.c | 5 ++++- ldap/servers/plugins/memberof/memberof.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) New commits: commit d8e8119e92c6d872e317bbae5d59a08d80cb0966 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Wed Nov 26 16:57:05 2014 -0500 Ticket 47963 - skip nested groups breaks memberof fixup task Bug Description: Setting memberofskipnested to "on" breaks memberOf fixup task. Fix Description: We never want to skip nested group checking when performing a fixup task. Add a flag to distinguish that the fixup operation is a task, and not a delete. https://fedorahosted.org/389/ticket/47963 Reviewed by: nkinder(Thanks!) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 118d232..a594941 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2631,6 +2631,9 @@ void memberof_fixup_task_thread(void *arg) memberof_copy_config(&configCopy, memberof_get_config()); memberof_unlock_config(); + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + if (usetxn) { Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); Slapi_Backend *be = slapi_be_select(sdn); @@ -2816,7 +2819,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - if(!config->skip_nested){ + if(!config->skip_nested || config->fixup_task){ /* get a list of all of the groups this user belongs to */ groups = memberof_get_groups(config, sdn); } diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 93f031b..67fb310 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -86,6 +86,7 @@ typedef struct memberofconfig { Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; int skip_nested; + int fixup_task; } MemberOfConfig;

1 0

Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds 25 Nov '14

25 Nov '14

ldap/servers/plugins/memberof/memberof.c | 6 +++-- ldap/servers/plugins/memberof/memberof.h | 3 ++ ldap/servers/plugins/memberof/memberof_config.c | 28 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) New commits: commit ec0b121e65800e4664fafb9001b0e9118ca45464 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Nov 24 16:58:57 2014 -0500 Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations Bug Description: The recursive nested group lookups performed during a group delete operation can take a very long time to complete if there are very large static groups(groups with with over 10K members). If there are no nested groups, then it would be nice to have an option to skip the nested group check, which would significantly improve delete performance. Fix Description: Added a new memberOf plugin configuration attribute: memberOfSkipNested: on|off https://fedorahosted.org/389/ticket/47963 Reviewed by: rmeggins(Thanks!) (cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d) Conflicts: ldap/servers/plugins/memberof/memberof.h ldap/servers/plugins/memberof/memberof_config.c (cherry picked from commit 9cce9c4bc7b212a7c819ee2c3ea040ed5b282017) Conflicts: ldap/servers/plugins/memberof/memberof.h ldap/servers/plugins/memberof/memberof_config.c (cherry picked from commit 250fcdbb463d2f4597a61ef1e364f71fa01ef1be) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 19fb8a5..d81d9ab 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2465,8 +2465,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - /* get a list of all of the groups this user belongs to */ - groups = memberof_get_groups(config, sdn); + if(!config->skip_nested){ + /* get a list of all of the groups this user belongs to */ + groups = memberof_get_groups(config, sdn); + } /* If we found some groups, replace the existing memberOf attribute * with the found values. */ diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 65398aa..4add6f6 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -66,6 +66,8 @@ #define MEMBEROF_GROUP_ATTR "memberOfGroupAttr" #define MEMBEROF_ATTR "memberOfAttr" #define MEMBEROF_BACKEND_ATTR "memberOfAllBackends" +#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested" + #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" @@ -79,6 +81,7 @@ typedef struct memberofconfig { int allBackends; Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; + int skip_nested; } MemberOfConfig; diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c index 3fd63a9..6c97c0f 100644 --- a/ldap/servers/plugins/memberof/memberof_config.c +++ b/ldap/servers/plugins/memberof/memberof_config.c @@ -165,6 +165,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr Slapi_Attr *memberof_attr = NULL; Slapi_Attr *group_attr = NULL; char *syntaxoid = NULL; + char *skip_nested = NULL; int not_dn_syntax = 0; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ @@ -244,6 +245,18 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr MEMBEROF_GROUP_ATTR, MEMBEROF_ATTR); } + if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){ + if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "The %s configuration attribute must be set to " + "\"on\" or \"off\". (illegal value: %s)", + MEMBEROF_SKIP_NESTED_ATTR, skip_nested); + *returncode = LDAP_UNWILLING_TO_PERFORM; + } + } + + slapi_ch_free_string(&skip_nested); + if (*returncode != LDAP_SUCCESS) { return SLAPI_DSE_CALLBACK_ERROR; @@ -271,12 +284,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* int num_groupattrs = 0; int groupattr_name_len = 0; char *allBackends = NULL; + char *skip_nested = NULL; *returncode = LDAP_SUCCESS; groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR); memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR); allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR); + skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); /* We want to be sure we don't change the config in the middle of * a memberOf operation, so we obtain an exclusive lock here */ @@ -375,6 +390,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = NULL; /* config now owns memory */ } + if (skip_nested){ + if(strcasecmp(skip_nested,"on") == 0){ + theConfig.skip_nested = 1; + } else { + theConfig.skip_nested = 0; + } + } + if (allBackends) { if(strcasecmp(allBackends,"on")==0){ @@ -392,6 +415,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* slapi_ch_array_free(groupattrs); slapi_ch_free_string(&memberof_attr); slapi_ch_free_string(&allBackends); + slapi_ch_free_string(&skip_nested); if (*returncode != LDAP_SUCCESS) { @@ -464,6 +488,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) dest->memberof_attr = slapi_ch_strdup(src->memberof_attr); } + if(src->skip_nested){ + dest->skip_nested = src->skip_nested; + } + if(src->allBackends) { dest->allBackends = src->allBackends;

1 0

Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds 25 Nov '14

25 Nov '14

ldap/servers/plugins/memberof/memberof.c | 6 +++-- ldap/servers/plugins/memberof/memberof.h | 3 ++ ldap/servers/plugins/memberof/memberof_config.c | 28 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) New commits: commit 250fcdbb463d2f4597a61ef1e364f71fa01ef1be Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Nov 24 16:58:57 2014 -0500 Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations Bug Description: The recursive nested group lookups performed during a group delete operation can take a very long time to complete if there are very large static groups(groups with with over 10K members). If there are no nested groups, then it would be nice to have an option to skip the nested group check, which would significantly improve delete performance. Fix Description: Added a new memberOf plugin configuration attribute: memberOfSkipNested: on|off https://fedorahosted.org/389/ticket/47963 Reviewed by: rmeggins(Thanks!) (cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d) Conflicts: ldap/servers/plugins/memberof/memberof.h ldap/servers/plugins/memberof/memberof_config.c (cherry picked from commit 9cce9c4bc7b212a7c819ee2c3ea040ed5b282017) Conflicts: ldap/servers/plugins/memberof/memberof.h ldap/servers/plugins/memberof/memberof_config.c diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index da7b568..1931739 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2513,8 +2513,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - /* get a list of all of the groups this user belongs to */ - groups = memberof_get_groups(config, sdn); + if(!config->skip_nested){ + /* get a list of all of the groups this user belongs to */ + groups = memberof_get_groups(config, sdn); + } /* If we found some groups, replace the existing memberOf attribute * with the found values. */ diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 65398aa..4add6f6 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -66,6 +66,8 @@ #define MEMBEROF_GROUP_ATTR "memberOfGroupAttr" #define MEMBEROF_ATTR "memberOfAttr" #define MEMBEROF_BACKEND_ATTR "memberOfAllBackends" +#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested" + #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" @@ -79,6 +81,7 @@ typedef struct memberofconfig { int allBackends; Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; + int skip_nested; } MemberOfConfig; diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c index 3fd63a9..6c97c0f 100644 --- a/ldap/servers/plugins/memberof/memberof_config.c +++ b/ldap/servers/plugins/memberof/memberof_config.c @@ -165,6 +165,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr Slapi_Attr *memberof_attr = NULL; Slapi_Attr *group_attr = NULL; char *syntaxoid = NULL; + char *skip_nested = NULL; int not_dn_syntax = 0; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ @@ -244,6 +245,18 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr MEMBEROF_GROUP_ATTR, MEMBEROF_ATTR); } + if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){ + if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "The %s configuration attribute must be set to " + "\"on\" or \"off\". (illegal value: %s)", + MEMBEROF_SKIP_NESTED_ATTR, skip_nested); + *returncode = LDAP_UNWILLING_TO_PERFORM; + } + } + + slapi_ch_free_string(&skip_nested); + if (*returncode != LDAP_SUCCESS) { return SLAPI_DSE_CALLBACK_ERROR; @@ -271,12 +284,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* int num_groupattrs = 0; int groupattr_name_len = 0; char *allBackends = NULL; + char *skip_nested = NULL; *returncode = LDAP_SUCCESS; groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR); memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR); allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR); + skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); /* We want to be sure we don't change the config in the middle of * a memberOf operation, so we obtain an exclusive lock here */ @@ -375,6 +390,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = NULL; /* config now owns memory */ } + if (skip_nested){ + if(strcasecmp(skip_nested,"on") == 0){ + theConfig.skip_nested = 1; + } else { + theConfig.skip_nested = 0; + } + } + if (allBackends) { if(strcasecmp(allBackends,"on")==0){ @@ -392,6 +415,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* slapi_ch_array_free(groupattrs); slapi_ch_free_string(&memberof_attr); slapi_ch_free_string(&allBackends); + slapi_ch_free_string(&skip_nested); if (*returncode != LDAP_SUCCESS) { @@ -464,6 +488,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) dest->memberof_attr = slapi_ch_strdup(src->memberof_attr); } + if(src->skip_nested){ + dest->skip_nested = src->skip_nested; + } + if(src->allBackends) { dest->allBackends = src->allBackends;

1 0

Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds 25 Nov '14

25 Nov '14

ldap/servers/plugins/memberof/memberof.c | 6 +++-- ldap/servers/plugins/memberof/memberof.h | 3 ++ ldap/servers/plugins/memberof/memberof_config.c | 28 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) New commits: commit 9cce9c4bc7b212a7c819ee2c3ea040ed5b282017 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Nov 24 16:58:57 2014 -0500 Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations Bug Description: The recursive nested group lookups performed during a group delete operation can take a very long time to complete if there are very large static groups(groups with with over 10K members). If there are no nested groups, then it would be nice to have an option to skip the nested group check, which would significantly improve delete performance. Fix Description: Added a new memberOf plugin configuration attribute: memberOfSkipNested: on|off https://fedorahosted.org/389/ticket/47963 Reviewed by: rmeggins(Thanks!) (cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d) Conflicts: ldap/servers/plugins/memberof/memberof.h ldap/servers/plugins/memberof/memberof_config.c diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index a44f94b..be70f71 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2540,8 +2540,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - /* get a list of all of the groups this user belongs to */ - groups = memberof_get_groups(config, sdn); + if(!config->skip_nested){ + /* get a list of all of the groups this user belongs to */ + groups = memberof_get_groups(config, sdn); + } /* If we found some groups, replace the existing memberOf attribute * with the found values. */ diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 008ae04..b5bc83a 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -67,6 +67,8 @@ #define MEMBEROF_ATTR "memberOfAttr" #define MEMBEROF_BACKEND_ATTR "memberOfAllBackends" #define MEMBEROF_ENTRY_SCOPE_ATTR "memberOfEntryScope" +#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested" + #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" @@ -81,6 +83,7 @@ typedef struct memberofconfig { Slapi_DN *entryScope; Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; + int skip_nested; } MemberOfConfig; diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c index 7b7a4f4..6d0fde8 100644 --- a/ldap/servers/plugins/memberof/memberof_config.c +++ b/ldap/servers/plugins/memberof/memberof_config.c @@ -165,6 +165,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr Slapi_Attr *memberof_attr = NULL; Slapi_Attr *group_attr = NULL; char *syntaxoid = NULL; + char *skip_nested = NULL; int not_dn_syntax = 0; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ @@ -244,6 +245,18 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr MEMBEROF_GROUP_ATTR, MEMBEROF_ATTR); } + if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){ + if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "The %s configuration attribute must be set to " + "\"on\" or \"off\". (illegal value: %s)", + MEMBEROF_SKIP_NESTED_ATTR, skip_nested); + *returncode = LDAP_UNWILLING_TO_PERFORM; + } + } + + slapi_ch_free_string(&skip_nested); + if (*returncode != LDAP_SUCCESS) { return SLAPI_DSE_CALLBACK_ERROR; @@ -272,6 +285,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* int groupattr_name_len = 0; char *allBackends = NULL; char *entryScope = NULL; + char *skip_nested = NULL; *returncode = LDAP_SUCCESS; @@ -279,6 +293,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR); allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR); entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR); + skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); /* We want to be sure we don't change the config in the middle of * a memberOf operation, so we obtain an exclusive lock here */ @@ -377,6 +392,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = NULL; /* config now owns memory */ } + if (skip_nested){ + if(strcasecmp(skip_nested,"on") == 0){ + theConfig.skip_nested = 1; + } else { + theConfig.skip_nested = 0; + } + } + if (allBackends) { if(strcasecmp(allBackends,"on")==0){ @@ -410,6 +433,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* slapi_ch_array_free(groupattrs); slapi_ch_free_string(&memberof_attr); slapi_ch_free_string(&allBackends); + slapi_ch_free_string(&skip_nested); if (*returncode != LDAP_SUCCESS) { @@ -482,6 +506,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) dest->memberof_attr = slapi_ch_strdup(src->memberof_attr); } + if(src->skip_nested){ + dest->skip_nested = src->skip_nested; + } + if(src->allBackends) { dest->allBackends = src->allBackends;

1 0

Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds 25 Nov '14

25 Nov '14

ldap/servers/plugins/memberof/memberof.c | 6 +++- ldap/servers/plugins/memberof/memberof.h | 2 + ldap/servers/plugins/memberof/memberof_config.c | 31 ++++++++++++++++++++++-- 3 files changed, 35 insertions(+), 4 deletions(-) New commits: commit ecd34a544fd0d34cab863b7e15983ca1e243ebe7 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Nov 24 16:58:57 2014 -0500 Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations Bug Description: The recursive nested group lookups performed during a group delete operation can take a very long time to complete if there are very large static groups(groups with with over 10K members). If there are no nested groups, then it would be nice to have an option to skip the nested group check, which would significantly improve delete performance. Fix Description: Added a new memberOf plugin configuration attribute: memberOfSkipNested: on|off https://fedorahosted.org/389/ticket/47963 Reviewed by: rmeggins(Thanks!) (cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d) diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index b1c51a1..118d232 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -2816,8 +2816,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data) memberof_del_dn_data del_data = {0, config->memberof_attr}; Slapi_ValueSet *groups = 0; - /* get a list of all of the groups this user belongs to */ - groups = memberof_get_groups(config, sdn); + if(!config->skip_nested){ + /* get a list of all of the groups this user belongs to */ + groups = memberof_get_groups(config, sdn); + } /* If we found some groups, replace the existing memberOf attribute * with the found values. */ diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 6d56081..93f031b 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -69,6 +69,7 @@ #define MEMBEROF_BACKEND_ATTR "memberOfAllBackends" #define MEMBEROF_ENTRY_SCOPE_ATTR "memberOfEntryScope" #define MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE "memberOfEntryScopeExcludeSubtree" +#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested" #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" @@ -84,6 +85,7 @@ typedef struct memberofconfig { Slapi_DN *entryScopeExcludeSubtree; Slapi_Filter *group_filter; Slapi_Attr **group_slapiattrs; + int skip_nested; } MemberOfConfig; diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c index df8ddcb..8efbe2f 100644 --- a/ldap/servers/plugins/memberof/memberof_config.c +++ b/ldap/servers/plugins/memberof/memberof_config.c @@ -193,6 +193,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr Slapi_DN *config_sdn = NULL; char *syntaxoid = NULL; char *config_dn = NULL; + char *skip_nested = NULL; int not_dn_syntax = 0; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ @@ -272,6 +273,16 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr goto done; } + if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){ + if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "The %s configuration attribute must be set to " + "\"on\" or \"off\". (illegal value: %s)", + MEMBEROF_SKIP_NESTED_ATTR, skip_nested); + goto done; + } + } + if ((config_dn = slapi_entry_attr_get_charptr(e, SLAPI_PLUGIN_SHARED_CONFIG_AREA))){ /* Now check the shared config attribute, validate it now */ @@ -305,6 +316,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr done: slapi_sdn_free(&config_sdn); slapi_ch_free_string(&config_dn); + slapi_ch_free_string(&skip_nested); if (*returncode != LDAP_SUCCESS) { @@ -336,8 +348,9 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* int groupattr_name_len = 0; char *allBackends = NULL; char *entryScope = NULL; - char *entryScopeExcludeSubtree = NULL; + char *entryScopeExcludeSubtree = NULL; char *sharedcfg = NULL; + char *skip_nested = NULL; *returncode = LDAP_SUCCESS; @@ -388,7 +401,8 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR); allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR); entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR); - entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE); + entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE); + skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); /* We want to be sure we don't change the config in the middle of * a memberOf operation, so we obtain an exclusive lock here */ @@ -487,6 +501,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* memberof_attr = NULL; /* config now owns memory */ } + if (skip_nested){ + if(strcasecmp(skip_nested,"on") == 0){ + theConfig.skip_nested = 1; + } else { + theConfig.skip_nested = 0; + } + } + if (allBackends) { if(strcasecmp(allBackends,"on")==0){ @@ -556,6 +578,7 @@ done: slapi_ch_array_free(groupattrs); slapi_ch_free_string(&memberof_attr); slapi_ch_free_string(&allBackends); + slapi_ch_free_string(&skip_nested); if (*returncode != LDAP_SUCCESS) { @@ -628,6 +651,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) dest->memberof_attr = slapi_ch_strdup(src->memberof_attr); } + if(src->skip_nested){ + dest->skip_nested = src->skip_nested; + } + if(src->allBackends) { dest->allBackends = src->allBackends;

1 0

Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds 25 Nov '14

25 Nov '14

ldap/servers/plugins/referint/referint.c | 32 ++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) New commits: commit 44f84b37086c409fc9375aef4b72336ccbdfada3 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Nov 24 12:39:52 2014 -0500 Ticket 47810 - RI plugin does not return result code if update fails Bug Description: If using backend txns the initial delete operation should fail if we fail to update the integrity. Fix Description: If using backend txns, stop and return an error if we fail to update the membership integrity. https://fedorahosted.org/389/ticket/47810 Reviewed by: rmeggins(Thanks!) (cherry picked from commit c5cc125915023d03caa3548b8d55c5b8b8ce59aa) diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c index 9ffd038..66bb95e 100644 --- a/ldap/servers/plugins/referint/referint.c +++ b/ldap/servers/plugins/referint/referint.c @@ -1250,7 +1250,18 @@ update_integrity(Slapi_DN *origSDN, slapi_sdn_get_dn(newsuperior), mod_pb); } - /* Should we stop if one modify returns an error? */ + if (rc) { + if (use_txn) { + /* + * We're using backend transactions, + * so we need to stop on failure. + */ + rc = SLAPI_PLUGIN_FAILURE; + goto free_and_return; + } else { + rc = SLAPI_PLUGIN_SUCCESS; + } + } } } } @@ -1267,17 +1278,16 @@ update_integrity(Slapi_DN *origSDN, } slapi_free_search_results_internal(search_result_pb); } - if (plugin_ContainerScope) { - /* at the moment only a single scope is supported - * so the loop ends after the first iteration - */ - sdn = NULL; - } else { - sdn = slapi_get_next_suffix( &node, 0 ); - } + if (plugin_ContainerScope) { + /* at the moment only a single scope is supported + * so the loop ends after the first iteration + */ + sdn = NULL; + } else { + sdn = slapi_get_next_suffix( &node, 0 ); + } } - /* if got here, then everything good rc = 0 */ - rc = SLAPI_PLUGIN_SUCCESS; + free_and_return: /* free filter and search_results_pb */

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits November 2014