New pre-operation plugin:
General numeric sequencer that allows generation of sequenced unique
numbers such as posix uidNumber, posix gidNumber, Samba SambaSID etc. in
an MMR environment. Rather than network locking or number pooling
schemes, the approach taken is to allow the configuration of an interval
that should be equal to or greater than the number of masters in the
deployment. Then each master is assigned starting numbers in sequence
e.g. server 1, 500; server 2, 501; server 3, 502 etc. When the interval
is configured as 3, the servers will generate sequences like so: server
1, 500, 503, 506...; server 2, 501, 504, 507; server 3, 502, 505, 508.
Of course, in single master environments the interval may be set to one
for a monotonically increasing sequence. Adding masters that exceed the
interval requires that the configuration be reset, starting from a value
higher than the highest currently assigned value.
Multiple types may be configured. An LDAP search filter must be added to
the configuration for each type, the filter may be as complex as desired
and determines to which entries the configuration applies - at minimum
this filter should restrict the configuration to objectclasses that
allow the type since no schema checking is done by the plugin.
Generated values may have a pre-fix configured to be pre-pended to the
value (useful for systems such as Samba when it needs a new SID). Each
configuration entry may be scoped with a configuration attribute
containing a DN, where conflicts arise due to scope the closest scope wins.
Configuration is dynamic. That is, once the plugin entry has been added
to cn=plugins, cn=config and the server restarted, any configuration
change will be observed. Configuration entries that do not contain an
attribute type, a starting value, an interval value, and a filter will
be ignored. Which configuration entries have been skipped can be
determined by config level logging.
Example configuration ldif and test ldaifs along with some scripts are
included. The main source is in dna.c.
--
Pete
#
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
LDAP_SRC = ../../..
BUILD_ROOT = ../../../..
NOSTDCLEAN=true # don't let nsconfig.mk define target clean
NOSTDSTRIP=true # don't let nsconfig.mk define target strip
OBJDEST = $(OBJDIR)/lib/libdna
LIBDIR = $(LDAP_PLUGIN_RELDIR)
include $(BUILD_ROOT)/nsdefs.mk
include $(BUILD_ROOT)/nsconfig.mk
include $(LDAP_SRC)/nsldap.mk
ifeq ($(ARCH), WINNT)
DEF_FILE:=./dna.def
endif
DNA_OBJS = dna.o
OBJS = $(addprefix $(OBJDEST)/, $(DNA_OBJS))
DNA_DLL = libdna-plugin
INCLUDES += -I../http -I../../slapd -I../../../include
CFLAGS+=$(SLCFLAGS) -DSLAPD_LOGGING
ifeq ($(ARCH), WINNT)
EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP)
EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP)
EXTRA_LIBS += $(NSPRLINK) $(LIBSLAPD) $(LDAP_SDK_LIBLDAP_DLL)
EXTRA_LIBS += $(LDAP_COMMON_LIBS)
DNA_DLL_OBJ = $(addprefix $(OBJDEST)/, dllmain.o)
endif
ifeq ($(ARCH), AIX)
EXTRA_LIBS_DEP += $(LIBSLAPD) $(NSPR_DEP) $(LDAPSDK_DEP)
EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP)
EXTRA_LIBS += $(LIBSLAPDLINK) $(NSPRLINK) $(LDAP_SDK_LIBLDAP_DLL)
EXTRA_LIBS += $(LDAP_COMMON_LIBS)
LD=ld
endif
ifeq ($(ARCH), HPUX)
EXTRA_LIBS_DEP += $(LIBSLAPD_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(SECURITY_DEP)
EXTRA_LIBS_DEP += $(LDAP_COMMON_LIBS_DEP)
EXTRA_LIBS += $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) $(ICULINK)
EXTRA_LIBS += $(LDAP_COMMON_LIBS)
endif
DNA= $(addprefix $(LIBDIR)/, $(DNA_DLL).$(DLL_SUFFIX))
clientSDK:
all: $(OBJDEST) $(LIBDIR) $(DNA)
ifeq ($(ARCH), WINNT)
$(DNA): $(OBJS) $(DNA_DLL_OBJ) $(DEF_FILE)
$(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS) /DEF:$(DEF_FILE)
else
$(DNA): $(OBJS) $(DNA_DLL_OBJ)
$(LINK_DLL) $(DNA_DLL_OBJ) $(EXTRA_LIBS)
endif
veryclean: clean
clean:
$(RM) $(OBJS)
ifeq ($(ARCH), WINNT)
$(RM) $(DNA_DLL_OBJ)
endif
$(RM) $(DNA)
$(OBJDEST):
$(MKDIR) $(OBJDEST)
$(LIBDIR):
$(MKDIR) $(LIBDIR)
uid=add_has_magic_number, dc=example, dc=com
uid=add_second_has_magic_number, dc=example, dc=com
uid=no_uid_number, dc=example, dc=com
uid=add_has_uid_number_550, dc=example, dc=com
uid=add_is_sub, ou=sub, dc=example, dc=com
ou=sub, dc=example, dc=com
# --- BEGIN COPYRIGHT BLOCK ---
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
# plugin configuration entry
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
objectclass: nsContainer
cn: Distributed Numeric Assignment Plugin
nsslapd-plugininitfunc: dna_init
nsslapd-plugintype: preoperation
nsslapd-pluginenabled: on
nsslapd-plugindescription: Distributed Numeric Assignment plugin
nsslapd-pluginvendor: Fedora Project
nsslapd-pluginVersion: 1.1
nsslapd-pluginId: distributed-numeric-assignment
nsslapd-pluginPath: /home/prowley/srv/lib/fedora-ds/plugins/libdna-plugin.so
# --- BEGIN COPYRIGHT BLOCK ---
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
# add plugin configuration for posix users
dn: cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: nsContainer
objectclass: extensibleObject
cn: Posix
dn: cn=Accounts,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
cn: Accounts
dnaType: uidNumber
dnaNextValue: 500
dnaInterval: 4
dnaMagicRegen: 499
dnaFilter: (objectclass=posixAccount)
# add plugin configuration for posix groups
dn: cn=Groups,cn=Posix,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
cn: Groups
dnaType: gidNumber
dnaNextValue: 500
dnaInterval: 4
dnaMagicRegen: 499
dnaFilter: (objectclass=posixGroup)
dn: uid=add_has_magic_number, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 1
sn: test
uid: add_has_uid_number
uidNumber: 499
gidNumber: 550
homeDirectory: /
dn: uid=add_has_magic_number, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 1
sn: test
uid: add_has_uid_number
uidNumber: 499
gidNumber: 550
homeDirectory: /
dn: uid=add_second_has_magic_number, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 2
sn: test
uid: add_second_has_magic_number
uidNumber: 499
gidNumber: 550
homeDirectory: /
dn: uid=no_uid_number, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 3
sn: test
uid: no_uid_number
gidNumber: 550
homeDirectory: /
dn: uid=add_has_uid_number_550, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 4
sn: test
uid: add_has_uid_number
uidNumber: 550
gidNumber: 550
homeDirectory: /
dn: ou=sub, dc=example, dc=com
objectclass: top
objectclass: organizationalunit
ou: sub
dn: uid=add_is_sub, ou=sub, dc=example, dc=com
objectclass: top
objectclass: organizationalperson
objectclass: posixaccount
cn: 4
sn: test
uidNumber: 499
gidNumber: 550
homeDirectory: /
# --- BEGIN COPYRIGHT BLOCK ---
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception.
#
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
# add Samba SIDs
dn: cn=Example top level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
dnaType: title
dnaPrefix: example-
dnaNextValue: 600
dnaInterval: 4
dnaMagicRegen: assign
dnaFilter: (objectclass=organizationalperson)
dnaScope: dc=example, dc=com
dn: cn=Example sub level,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
dnaType: title
dnaPrefix: sub-example-
dnaNextValue: 600
dnaInterval: 4
dnaMagicRegen: assign
dnaFilter: (objectclass=organizationalperson)
dnaScope: ou=sub, dc=example, dc=com