[389-devel] Please review: [389 Project] #460: support multiple subtrees and filters

Noriko Hosoi nhosoi at redhat.com
Thu Sep 12 23:59:29 UTC 2013 

https://fedorahosted.org/389/ticket/460

https://fedorahosted.org/389/attachment/ticket/460/0001-Ticket-460-support-multiple-subtrees-and-filters.patch

Description:
1. support multiple subtrees
    new config parameter in windwows sync agreement:
    winSyncSubtreePair: <DS Subtree>:<AD Subtree>

    Example:
    winSyncSubtreePair: ou=OU1,dc=DSexample,dc=com:ou=OU1,DC=ADexample,DC=com
    winSyncSubtreePair: ou=OU2,dc=DSexample,dc=com:ou=OU2,DC=ADexample,DC=com
    winSyncSubtreePair: ou=OU3,dc=DSexample,dc=com:ou=OU3,DC=ADexample,DC=com

  . Attribute type "winSyncSubtreePair" is added to the objectclass
    "nsDSWindowsReplicationAgreement".
  . If "winSyncSubtreePair" is not set, there is not behavioral
    difference: the AD subtree "nsds7WindowsReplicaSubtree" and the
    DS subtree "nsds7DirectoryReplicaSubtree" are used for the sync
    target checks.
  . When "winSyncSubtreePair" is set, the above 2 config parameters
    are ignored.
    To determine if an entry is the target of the synchronization,
    the DN is examined whether the DN is a descendent of any of the
    subtrees or not. If it is, the subtree of the counter part is
    retrieved.
    Moving an entry from one subtree to another is synchronized.
    Members of a group is synchronized as long as the member entry
    is in any of the defined subtrees.

2. support filters
    new config parameters in windwows sync agreement:
    nsds7WindowsFilter: <additional filter on AD>
    nsds7DirectoryFilter: <additional filter on DS>

    Example:
    nsds7WindowsFilter: (|(cn=*user*)(cn=*group*))
    nsds7DirectoryFilter: (|(uid=*user*)(cn=*group*))

  . The filters are set to the windows_userfilter and directory_
    userfilter in the private area in the windows agreement.  And
    when each server is searched the filters are added to the internal
    filter.  For instance, filters shown in the above Example allow
    synchronizing the entries which CN contains "user" or "group".

3. Misc
  . Added slapi_sdn_set_ndn_byref, slapi_sdn_set_ndn_passin, and
    slapi_sdn_common_ancestor to dn.c (see also slapi-plugin.h).
  . Fixed memory leaks.
  . Fixed some of the mixed indentations.

More information about the 389-devel mailing list