2 ldb database library - ildap backend
4 Copyright (C) Andrew Tridgell 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 This is a ldb backend for the internal ldap client library in
27 Samba4. By using this backend we are independent of a system ldap
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_private.h"
35 #include "libcli/ldap/ldap.h"
36 #include "libcli/ldap/ldap_client.h"
37 #include "lib/cmdline/popt_common.h"
41 struct ldap_connection *ldap;
48 static int ildb_rename(struct ldb_module *module, const char *olddn, const char *newdn)
50 struct ildb_private *ildb = module->private_data;
53 const char *parentdn = "";
55 /* ignore ltdb specials */
56 if (olddn[0] == '@' ||newdn[0] == '@') {
60 newrdn = talloc_strdup(ildb, newdn);
65 p = strchr(newrdn, ',');
71 ildb->last_rc = ildap_rename(ildb->ldap, olddn, newrdn, parentdn, True);
72 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
84 static int ildb_delete(struct ldb_module *module, const char *dn)
86 struct ildb_private *ildb = module->private_data;
89 /* ignore ltdb specials */
94 ildb->last_rc = ildap_delete(ildb->ldap, dn);
95 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
104 search for matching records
106 static int ildb_search(struct ldb_module *module, const char *base,
107 enum ldb_scope scope, const char *expression,
108 const char * const *attrs, struct ldb_message ***res)
110 struct ildb_private *ildb = module->private_data;
112 struct ldap_message **ldapres, *msg;
114 if (scope == LDB_SCOPE_DEFAULT) {
115 scope = LDB_SCOPE_SUBTREE;
122 if (expression == NULL || expression[0] == '\0') {
123 expression = "objectClass=*";
126 ildb->last_rc = ildap_search(ildb->ldap, base, scope, expression, attrs,
128 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
132 count = ildap_count_entries(ildb->ldap, ldapres);
133 if (count == -1 || count == 0) {
134 talloc_free(ldapres);
138 (*res) = talloc_array(ildb, struct ldb_message *, count+1);
140 talloc_free(ldapres);
146 /* loop over all messages */
147 for (i=0;i<count;i++) {
148 struct ldap_SearchResEntry *search;
151 search = &msg->r.SearchResultEntry;
153 (*res)[i] = talloc(*res, struct ldb_message);
159 (*res)[i]->dn = talloc_steal((*res)[i], search->dn);
160 (*res)[i]->num_elements = search->num_attributes;
161 (*res)[i]->elements = talloc_steal((*res)[i], search->attributes);
162 (*res)[i]->private_data = NULL;
165 talloc_free(ldapres);
170 if (*res) talloc_free(*res);
176 search for matching records using a ldb_parse_tree
178 static int ildb_search_bytree(struct ldb_module *module, const char *base,
179 enum ldb_scope scope, struct ldb_parse_tree *tree,
180 const char * const *attrs, struct ldb_message ***res)
182 struct ildb_private *ildb = module->private_data;
186 expression = ldb_filter_from_tree(ildb, tree);
187 if (expression == NULL) {
190 ret = ildb_search(module, base, scope, expression, attrs, res);
191 talloc_free(expression);
197 convert a ldb_message structure to a list of ldap_mod structures
198 ready for ildap_add() or ildap_modify()
200 static struct ldap_mod **ildb_msg_to_mods(struct ldb_context *ldb,
201 const struct ldb_message *msg, int use_flags)
203 struct ldap_mod **mods;
207 /* allocate maximum number of elements needed */
208 mods = talloc_array(ldb, struct ldap_mod *, msg->num_elements+1);
215 for (i=0;i<msg->num_elements;i++) {
216 const struct ldb_message_element *el = &msg->elements[i];
218 mods[num_mods] = talloc(ldb, struct ldap_mod);
219 if (!mods[num_mods]) {
222 mods[num_mods+1] = NULL;
223 mods[num_mods]->type = 0;
224 mods[num_mods]->attrib = *el;
226 switch (el->flags & LDB_FLAG_MOD_MASK) {
227 case LDB_FLAG_MOD_ADD:
228 mods[num_mods]->type = LDAP_MODIFY_ADD;
230 case LDB_FLAG_MOD_DELETE:
231 mods[num_mods]->type = LDAP_MODIFY_DELETE;
233 case LDB_FLAG_MOD_REPLACE:
234 mods[num_mods]->type = LDAP_MODIFY_REPLACE;
252 static int ildb_add(struct ldb_module *module, const struct ldb_message *msg)
254 struct ldb_context *ldb = module->ldb;
255 struct ildb_private *ildb = module->private_data;
256 struct ldap_mod **mods;
259 /* ignore ltdb specials */
260 if (msg->dn[0] == '@') {
264 mods = ildb_msg_to_mods(ldb, msg, 0);
266 ildb->last_rc = ildap_add(ildb->ldap, msg->dn, mods);
267 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
280 static int ildb_modify(struct ldb_module *module, const struct ldb_message *msg)
282 struct ldb_context *ldb = module->ldb;
283 struct ildb_private *ildb = module->private_data;
284 struct ldap_mod **mods;
287 /* ignore ltdb specials */
288 if (msg->dn[0] == '@') {
292 mods = ildb_msg_to_mods(ldb, msg, 1);
294 ildb->last_rc = ildap_modify(ildb->ldap, msg->dn, mods);
295 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
304 static int ildb_lock(struct ldb_module *module, const char *lockname)
308 if (lockname == NULL) {
312 /* TODO implement a local locking mechanism here */
317 static int ildb_unlock(struct ldb_module *module, const char *lockname)
321 if (lockname == NULL) {
325 /* TODO implement a local unlocking mechanism here */
331 return extended error information
333 static const char *ildb_errstring(struct ldb_module *module)
335 struct ildb_private *ildb = module->private_data;
336 return ldap_errstr(ildb->ldap, ildb->last_rc);
340 static const struct ldb_module_ops ildb_ops = {
342 .search = ildb_search,
343 .search_bytree = ildb_search_bytree,
344 .add_record = ildb_add,
345 .modify_record = ildb_modify,
346 .delete_record = ildb_delete,
347 .rename_record = ildb_rename,
348 .named_lock = ildb_lock,
349 .named_unlock = ildb_unlock,
350 .errstring = ildb_errstring
355 connect to the database
357 int ildb_connect(struct ldb_context *ldb, const char *url,
358 unsigned int flags, const char *options[])
360 struct ildb_private *ildb = NULL;
363 ildb = talloc(ldb, struct ildb_private);
369 ildb->ldap = ldap_new_connection(ildb, NULL);
375 status = ldap_connect(ildb->ldap, url);
376 if (!NT_STATUS_IS_OK(status)) {
377 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
378 url, ldap_errstr(ildb->ldap, status));
382 ldb->modules = talloc(ldb, struct ldb_module);
387 ldb->modules->ldb = ldb;
388 ldb->modules->prev = ldb->modules->next = NULL;
389 ldb->modules->private_data = ildb;
390 ldb->modules->ops = &ildb_ops;
392 if (cmdline_credentials->username_obtained > CRED_GUESSED) {
393 status = ldap_bind_sasl(ildb->ldap, cmdline_credentials);
394 if (!NT_STATUS_IS_OK(status)) {
395 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
396 ldap_errstr(ildb->ldap, status));