upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

add memberOf overlay

Browse source
This commit is contained in:
Pierangelo Masarati 2007-08-24 02:46:55 +00:00
parent 4154431a9f
commit ee8431b22d
7 changed files with 2135 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
configure vendored
View file

@ -1051,6 +1051,7 @@ SLAPD Overlay Options:
--enable-dds Dynamic Directory Services overlay no|yes|mod [no] --enable-dds Dynamic Directory Services overlay no|yes|mod [no]
--enable-dyngroup Dynamic Group overlay no|yes|mod [no] --enable-dyngroup Dynamic Group overlay no|yes|mod [no]
--enable-dynlist Dynamic List overlay no|yes|mod [no] --enable-dynlist Dynamic List overlay no|yes|mod [no]
--enable-memberof Reverse Group Membership overlay no|yes|mod [no]
--enable-ppolicy Password Policy overlay no|yes|mod [no] --enable-ppolicy Password Policy overlay no|yes|mod [no]
--enable-proxycache Proxy Cache overlay no|yes|mod [no] --enable-proxycache Proxy Cache overlay no|yes|mod [no]
--enable-refint Referential Integrity overlay no|yes|mod [no] --enable-refint Referential Integrity overlay no|yes|mod [no]
@ -3099,6 +3100,7 @@ Overlays="accesslog \
dds \ dds \
dyngroup \ dyngroup \
dynlist \ dynlist \
memberof \
ppolicy \ ppolicy \
proxycache \ proxycache \
refint \ refint \
@ -3281,6 +3283,30 @@ else
fi; fi;
# end --enable-dynlist # end --enable-dynlist
# OpenLDAP --enable-memberof
# Check whether --enable-memberof or --disable-memberof was given.
if test "${enable_memberof+set}" = set; then
enableval="$enable_memberof"
ol_arg=invalid
for ol_val in no yes mod ; do
if test "$enableval" = "$ol_val" ; then
ol_arg="$ol_val"
fi
done
if test "$ol_arg" = "invalid" ; then
{ { echo "$as_me:$LINENO: error: bad value $enableval for --enable-memberof" >&5
echo "$as_me: error: bad value $enableval for --enable-memberof" >&2;}
{ (exit 1); exit 1; }; }
fi
ol_enable_memberof="$ol_arg"
else
ol_enable_memberof=${ol_enable_overlays:-no}
fi;
# end --enable-memberof
# OpenLDAP --enable-ppolicy # OpenLDAP --enable-ppolicy
# Check whether --enable-ppolicy or --disable-ppolicy was given. # Check whether --enable-ppolicy or --disable-ppolicy was given.
@ -5567,7 +5593,7 @@ ia64-*-hpux*)
;; ;;
*-*-irix6*) *-*-irix6*)
# Find out which ABI we are using. # Find out which ABI we are using.
echo '#line 5570 "configure"' > conftest.$ac_ext echo '#line 5596 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5 (eval $ac_compile) 2>&5
ac_status=$? ac_status=$?
@ -7547,11 +7573,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7550: $lt_compile\"" >&5) (eval echo "\"\$as_me:7576: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:7554: \$? = $ac_status" >&5 echo "$as_me:7580: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -7809,11 +7835,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7812: $lt_compile\"" >&5) (eval echo "\"\$as_me:7838: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:7816: \$? = $ac_status" >&5 echo "$as_me:7842: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -7871,11 +7897,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7874: $lt_compile\"" >&5) (eval echo "\"\$as_me:7900: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:7878: \$? = $ac_status" >&5 echo "$as_me:7904: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -10119,7 +10145,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 10122 "configure" #line 10148 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -10217,7 +10243,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 10220 "configure" #line 10246 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -40560,6 +40586,22 @@ _ACEOF
fi fi
if test "$ol_enable_memberof" != no ; then
BUILD_MEMBEROF=$ol_enable_memberof
if test "$ol_enable_memberof" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS memberof.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS memberof.o"
fi
cat >>confdefs.h <<_ACEOF
#define SLAPD_OVER_MEMBEROF $MFLAG
_ACEOF
fi
if test "$ol_enable_ppolicy" != no ; then if test "$ol_enable_ppolicy" != no ; then
BUILD_PPOLICY=$ol_enable_ppolicy BUILD_PPOLICY=$ol_enable_ppolicy
if test "$ol_enable_ppolicy" = mod ; then if test "$ol_enable_ppolicy" = mod ; then

15
configure.in
View file

@ -331,6 +331,7 @@ Overlays="accesslog \
dds \ dds \
dyngroup \ dyngroup \
dynlist \ dynlist \
memberof \
ppolicy \ ppolicy \
proxycache \ proxycache \
refint \ refint \
@ -359,6 +360,8 @@ OL_ARG_ENABLE(dyngroup,[ --enable-dyngroup Dynamic Group overlay],
no, [no yes mod], ol_enable_overlays) no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(dynlist,[ --enable-dynlist Dynamic List overlay], OL_ARG_ENABLE(dynlist,[ --enable-dynlist Dynamic List overlay],
no, [no yes mod], ol_enable_overlays) no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(memberof,[ --enable-memberof Reverse Group Membership overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(ppolicy,[ --enable-ppolicy Password Policy overlay], OL_ARG_ENABLE(ppolicy,[ --enable-ppolicy Password Policy overlay],
no, [no yes mod], ol_enable_overlays) no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(proxycache,[ --enable-proxycache Proxy Cache overlay], OL_ARG_ENABLE(proxycache,[ --enable-proxycache Proxy Cache overlay],
@ -2716,6 +2719,18 @@ if test "$ol_enable_dynlist" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay]) AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay])
fi fi
if test "$ol_enable_memberof" != no ; then
BUILD_MEMBEROF=$ol_enable_memberof
if test "$ol_enable_memberof" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS memberof.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS memberof.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_MEMBEROF,$MFLAG,[define for Reverse Group Membership overlay])
fi
if test "$ol_enable_ppolicy" != no ; then if test "$ol_enable_ppolicy" != no ; then
BUILD_PPOLICY=$ol_enable_ppolicy BUILD_PPOLICY=$ol_enable_ppolicy
if test "$ol_enable_ppolicy" = mod ; then if test "$ol_enable_ppolicy" = mod ; then

114
doc/man/man5/slapo-memberof.5 Normal file
View file

@ -0,0 +1,114 @@
.TH SLAPO-MEMBEROF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
slapo-memberof \- Reverse Group Membership overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The
.B memberof
overlay to
.BR slapd (8)
allows automatic reverse group membership maintenance.
Any time a group entry is modified, its members are modified as appropriate
in order to keep a DN-valued "is member of" attribute updated with the DN
of the group.
.SH CONFIGURATION
The config directives that are specific to the
.B memberof
overlay must be prefixed by
.BR memberof\- ,
to avoid potential conflicts with directives specific to the underlying
database or to other stacked overlays.
.TP
.B overlay memberof
This directive adds the memberof overlay to the current database; see
.BR slapd.conf (5)
for details.
.LP
The following
.B slapd.conf
configuration options are defined for the memberofoverlay.
.TP
.B memberof-group-oc <group-oc>
The value
.B <group-oc>
is the name of the objectClass that triggers the reverse group membership
update.
It defaults to \fIgroupOfNames\fP.
.TP
.B memberof-member-ad <member-ad>
The value
.B <member-ad>
is the name of the attribute that contains the names of the members
in the group objects; it must be DN-valued.
It defaults to \fImember\fP.
.TP
.B memberof-memberof-ad <memberof-ad>
The value
.B <memberof-ad>
is the name of the attribute that contains the names of the groups
an entry is member of; it must be DN-valued. Its contents are
automatically updated by the overlay.
It defaults to \fImemberOf\fP.
.TP
.B memberof-dn <dn>
The value
.B <dn>
contains the DN that is used as \fImodifiersName\fP for internal
modifications performed to update the reverse group membership.
It defaults to the \fIrootdn\fP of the underlying database.
.TP
.B memberof-dangling {ignore, drop, error}
This option determines the behavior of the overlay when, during
a modification, it encounters dangling references.
The default is
.BR ignore ,
which may leave dangling references.
Other options are
.BR drop ,
which discards those modifications that would result in dangling
references, and
.BR error ,
which causes modifications that would result in dangling references
to fail.
.TP
.B memberof-refint {true|FALSE}
This option determines whether the overlay will try to preserve
referential integrity or not.
If set to
.BR TRUE ,
when an entry containing values of the "is member of" attribute is modified,
the corresponding groups are modified as well.
.LP
The memberof overlay may be used with any backend that provides full
read-write functionality, but it is mainly intended for use
with local storage backends.
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd (8).
The
.BR slapo-memberof (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
.P
This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.

3
include/portable.hin
View file

@ -966,6 +966,9 @@
/* define for Dynamic List overlay */ /* define for Dynamic List overlay */
#undef SLAPD_OVER_DYNLIST #undef SLAPD_OVER_DYNLIST
/* define for Reverse Group Membership overlay */
#undef SLAPD_OVER_MEMBEROF
/* define for Password Policy overlay */ /* define for Password Policy overlay */
#undef SLAPD_OVER_PPOLICY #undef SLAPD_OVER_PPOLICY

1
servers/slapd/bconfig.c
View file

@ -246,6 +246,7 @@ static OidRec OidMacros[] = {
* OLcfgOv{Oc|At}:15 -> auditlog * OLcfgOv{Oc|At}:15 -> auditlog
* OLcfgOv{Oc|At}:16 -> rwm * OLcfgOv{Oc|At}:16 -> rwm
* OLcfgOv{Oc|At}:17 -> dyngroup * OLcfgOv{Oc|At}:17 -> dyngroup
* OLcfgOv{Oc|At}:18 -> memberof
*/ */
/* alphabetical ordering */ /* alphabetical ordering */

4
servers/slapd/overlays/Makefile.in
View file

@ -20,6 +20,7 @@ SRCS = overlays.c \
dds.c \ dds.c \
dyngroup.c \ dyngroup.c \
dynlist.c \ dynlist.c \
memberof.c \
pcache.c \ pcache.c \
ppolicy.c \ ppolicy.c \
refint.c \ refint.c \
@ -76,6 +77,9 @@ dyngroup.la : dyngroup.lo
dynlist.la : dynlist.lo dynlist.la : dynlist.lo
$(LTLINK_MOD) -module -o $@ dynlist.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ dynlist.lo version.lo $(LINK_LIBS)
memberof.la : memberof.lo
$(LTLINK_MOD) -module -o $@ memberof.lo version.lo $(LINK_LIBS)
pcache.la : pcache.lo pcache.la : pcache.lo
$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)

1947
servers/slapd/overlays/memberof.c Normal file
View file

File diff suppressed because it is too large Load diff