Add an OpenLDAP-specific extended_dn_in module

Don't "fix" plain DNs before sending them to OpenLDAP

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 034d22a2ca30c95d410399145cef949acfce3306..df45f75265a2ae8efbafbf81c4df0c62a97f2d48 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -56,6 +56,9 @@ static const char *wkattr[] = {
        "otherWellKnownObjects",
        NULL
 };
+
+static const struct ldb_module_ops ldb_extended_dn_in_openldap_module_ops;
+
 /* An extra layer of indirection because LDB does not allow the original request to be altered */
 
 static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
@@ -376,7 +379,14 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
        has_extended_component = (memchr(tree->u.equality.value.data, '<',
                                         tree->u.equality.value.length) != NULL);
 
-       if (!attribute->one_way_link && !has_extended_component) {
+       /*
+        * Don't turn it into an extended DN if we're talking to OpenLDAP.
+        * We just check the module_ops pointer instead of adding a private
+        * pointer and a boolean to tell us the exact same thing.
+        */
+       if (!has_extended_component) {
+               if (!attribute->one_way_link ||
+                   ldb_module_get_ops(filter_ctx->module) == &ldb_extended_dn_in_openldap_module_ops)
                return LDB_SUCCESS;
        }
 
@@ -706,8 +716,21 @@ static const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
        .rename            = extended_dn_in_rename,
 };
 
+static const struct ldb_module_ops ldb_extended_dn_in_openldap_module_ops = {
+       .name              = "extended_dn_in_openldap",
+       .search            = extended_dn_in_search,
+       .modify            = extended_dn_in_modify,
+       .del               = extended_dn_in_del,
+       .rename            = extended_dn_in_rename,
+};
+
 int ldb_extended_dn_in_module_init(const char *version)
 {
+       int ret;
        LDB_MODULE_CHECK_VERSION(version);
+       ret = ldb_register_module(&ldb_extended_dn_in_openldap_module_ops);
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
        return ldb_register_module(&ldb_extended_dn_in_module_ops);
 }

diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index cde53bc9cec17e3ad1152a03b4bfb0677e689045..060a9d75fbf45e44bb09f83c99245d32601d72ae 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -253,7 +253,7 @@ static int samba_dsdb_init(struct ldb_module *module)
          stack visually - the code below then handles the creation of the list
          based on the parameters loaded from the database.
        */
-       static const char *modules_list[] = {"resolve_oids",
+       static const char *modules_list1[] = {"resolve_oids",
                                             "rootdse",
                                             "schema_load",
                                             "lazy_commit",
@@ -264,8 +264,9 @@ static int samba_dsdb_init(struct ldb_module *module)
                                             "server_sort",
                                             "asq",
                                             "extended_dn_store",
-                                            "extended_dn_in",
-                                            "objectclass",
+                                            NULL };
+       /* extended_dn_in or extended_dn_in_openldap goes here */
+       static const char *modules_list1a[] = {"objectclass",
                                             "descriptor",
                                             "acl",
                                             "aclread",
@@ -293,6 +294,7 @@ static int samba_dsdb_init(struct ldb_module *module)
        const char *extended_dn_module_ldb = "extended_dn_out_ldb";
        const char *extended_dn_module_fds = "extended_dn_out_fds";
        const char *extended_dn_module_openldap = "extended_dn_out_openldap";
+       const char *extended_dn_in_module = "extended_dn_in";
 
        static const char *modules_list2[] = {"show_deleted",
                                              "new_partition",
@@ -357,6 +359,7 @@ static int samba_dsdb_init(struct ldb_module *module)
                        link_modules = openldap_modules;
                        backend_modules = openldap_backend_modules;
                        extended_dn_module = extended_dn_module_openldap;
+                       extended_dn_in_module = "extended_dn_in_openldap";
                } else {
                        return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "invalid backend type");
                }
@@ -382,7 +385,13 @@ static int samba_dsdb_init(struct ldb_module *module)
                }                                               \
        } while (0)
 
-       final_module_list = str_list_copy_const(tmp_ctx, modules_list);
+       final_module_list = str_list_copy_const(tmp_ctx, modules_list1);
+       CHECK_MODULE_LIST;
+
+       final_module_list = str_list_add_const(final_module_list, extended_dn_in_module);
+       CHECK_MODULE_LIST;
+
+       final_module_list = str_list_append_const(final_module_list, modules_list1a);
        CHECK_MODULE_LIST;
 
        final_module_list = str_list_append_const(final_module_list, link_modules);