2 ldb database library - ildap backend
4 Copyright (C) Andrew Tridgell 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 This is a ldb backend for the internal ldap client library in
27 Samba4. By using this backend we are independent of a system ldap
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_private.h"
35 #include "libcli/ldap/ldap.h"
36 #include "libcli/ldap/ldap_client.h"
37 #include "lib/cmdline/popt_common.h"
40 struct ldap_connection *ldap;
42 struct ldb_message *rootDSE;
48 static int ildb_rename(struct ldb_module *module, const char *olddn, const char *newdn)
50 struct ildb_private *ildb = module->private_data;
53 const char *parentdn = "";
55 /* ignore ltdb specials */
56 if (olddn[0] == '@' ||newdn[0] == '@') {
60 newrdn = talloc_strdup(ildb, newdn);
65 p = strchr(newrdn, ',');
71 ildb->last_rc = ildap_rename(ildb->ldap, olddn, newrdn, parentdn, True);
72 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
84 static int ildb_delete(struct ldb_module *module, const char *dn)
86 struct ildb_private *ildb = module->private_data;
89 /* ignore ltdb specials */
94 ildb->last_rc = ildap_delete(ildb->ldap, dn);
95 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
103 static void ildb_rootdse(struct ldb_module *module);
106 search for matching records
108 static int ildb_search(struct ldb_module *module, const char *base,
109 enum ldb_scope scope, const char *expression,
110 const char * const *attrs, struct ldb_message ***res)
112 struct ildb_private *ildb = module->private_data;
114 struct ldap_message **ldapres, *msg;
116 if (scope == LDB_SCOPE_DEFAULT) {
117 scope = LDB_SCOPE_SUBTREE;
121 if (ildb->rootDSE == NULL) {
122 ildb_rootdse(module);
124 if (ildb->rootDSE != NULL) {
125 base = ldb_msg_find_string(ildb->rootDSE,
126 "defaultNamingContext", "");
130 if (expression == NULL || expression[0] == '\0') {
131 expression = "objectClass=*";
134 ildb->last_rc = ildap_search(ildb->ldap, base, scope, expression, attrs,
136 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
140 count = ildap_count_entries(ildb->ldap, ldapres);
141 if (count == -1 || count == 0) {
142 talloc_free(ldapres);
146 (*res) = talloc_array(ildb, struct ldb_message *, count+1);
148 talloc_free(ldapres);
154 /* loop over all messages */
155 for (i=0;i<count;i++) {
156 struct ldap_SearchResEntry *search;
159 search = &msg->r.SearchResultEntry;
161 (*res)[i] = talloc(*res, struct ldb_message);
167 (*res)[i]->dn = talloc_steal((*res)[i], search->dn);
168 (*res)[i]->num_elements = search->num_attributes;
169 (*res)[i]->elements = talloc_steal((*res)[i], search->attributes);
170 (*res)[i]->private_data = NULL;
173 talloc_free(ldapres);
178 if (*res) talloc_free(*res);
184 search for matching records using a ldb_parse_tree
186 static int ildb_search_bytree(struct ldb_module *module, const char *base,
187 enum ldb_scope scope, struct ldb_parse_tree *tree,
188 const char * const *attrs, struct ldb_message ***res)
190 struct ildb_private *ildb = module->private_data;
194 expression = ldb_filter_from_tree(ildb, tree);
195 if (expression == NULL) {
198 ret = ildb_search(module, base, scope, expression, attrs, res);
199 talloc_free(expression);
205 convert a ldb_message structure to a list of ldap_mod structures
206 ready for ildap_add() or ildap_modify()
208 static struct ldap_mod **ildb_msg_to_mods(struct ldb_context *ldb,
209 const struct ldb_message *msg, int use_flags)
211 struct ldap_mod **mods;
215 /* allocate maximum number of elements needed */
216 mods = talloc_array(ldb, struct ldap_mod *, msg->num_elements+1);
223 for (i=0;i<msg->num_elements;i++) {
224 const struct ldb_message_element *el = &msg->elements[i];
226 mods[num_mods] = talloc(ldb, struct ldap_mod);
227 if (!mods[num_mods]) {
230 mods[num_mods+1] = NULL;
231 mods[num_mods]->type = 0;
232 mods[num_mods]->attrib = *el;
234 switch (el->flags & LDB_FLAG_MOD_MASK) {
235 case LDB_FLAG_MOD_ADD:
236 mods[num_mods]->type = LDAP_MODIFY_ADD;
238 case LDB_FLAG_MOD_DELETE:
239 mods[num_mods]->type = LDAP_MODIFY_DELETE;
241 case LDB_FLAG_MOD_REPLACE:
242 mods[num_mods]->type = LDAP_MODIFY_REPLACE;
260 static int ildb_add(struct ldb_module *module, const struct ldb_message *msg)
262 struct ldb_context *ldb = module->ldb;
263 struct ildb_private *ildb = module->private_data;
264 struct ldap_mod **mods;
267 /* ignore ltdb specials */
268 if (msg->dn[0] == '@') {
272 mods = ildb_msg_to_mods(ldb, msg, 0);
274 ildb->last_rc = ildap_add(ildb->ldap, msg->dn, mods);
275 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
288 static int ildb_modify(struct ldb_module *module, const struct ldb_message *msg)
290 struct ldb_context *ldb = module->ldb;
291 struct ildb_private *ildb = module->private_data;
292 struct ldap_mod **mods;
295 /* ignore ltdb specials */
296 if (msg->dn[0] == '@') {
300 mods = ildb_msg_to_mods(ldb, msg, 1);
302 ildb->last_rc = ildap_modify(ildb->ldap, msg->dn, mods);
303 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
312 static int ildb_lock(struct ldb_module *module, const char *lockname)
316 if (lockname == NULL) {
320 /* TODO implement a local locking mechanism here */
325 static int ildb_unlock(struct ldb_module *module, const char *lockname)
329 if (lockname == NULL) {
333 /* TODO implement a local unlocking mechanism here */
339 return extended error information
341 static const char *ildb_errstring(struct ldb_module *module)
343 struct ildb_private *ildb = talloc_get_type(module->private_data,
344 struct ildb_private);
346 return "ildap not connected";
348 return ldap_errstr(ildb->ldap, ildb->last_rc);
352 static const struct ldb_module_ops ildb_ops = {
354 .search = ildb_search,
355 .search_bytree = ildb_search_bytree,
356 .add_record = ildb_add,
357 .modify_record = ildb_modify,
358 .delete_record = ildb_delete,
359 .rename_record = ildb_rename,
360 .named_lock = ildb_lock,
361 .named_unlock = ildb_unlock,
362 .errstring = ildb_errstring
369 static void ildb_rootdse(struct ldb_module *module)
371 struct ildb_private *ildb = module->private_data;
372 struct ldb_message **res = NULL;
374 ret = ildb_search(module, "", LDB_SCOPE_BASE, "dn=dc=rootDSE", NULL, &res);
376 ildb->rootDSE = talloc_steal(ildb, res[0]);
383 connect to the database
385 int ildb_connect(struct ldb_context *ldb, const char *url,
386 unsigned int flags, const char *options[])
388 struct ildb_private *ildb = NULL;
391 ildb = talloc(ldb, struct ildb_private);
397 ildb->rootDSE = NULL;
399 ildb->ldap = ldap_new_connection(ildb, NULL);
405 status = ldap_connect(ildb->ldap, url);
406 if (!NT_STATUS_IS_OK(status)) {
407 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
408 url, ldap_errstr(ildb->ldap, status));
412 ldb->modules = talloc(ldb, struct ldb_module);
417 ldb->modules->ldb = ldb;
418 ldb->modules->prev = ldb->modules->next = NULL;
419 ldb->modules->private_data = ildb;
420 ldb->modules->ops = &ildb_ops;
422 if (cmdline_credentials->username_obtained > CRED_GUESSED) {
423 status = ldap_bind_sasl(ildb->ldap, cmdline_credentials);
424 if (!NT_STATUS_IS_OK(status)) {
425 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
426 ldap_errstr(ildb->ldap, status));
435 ldb->modules->private_data = NULL;