summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-10-19 22:29:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-10-19 22:34:58 +1100
commit439a1fe2d0db8a784431a4dbc070faef6e4f788e (patch)
tree11f78b611df0f2e3c5881d1d3fa7df151b699e13 /source4/dsdb
parent5650e8558eb703a5660cb3cef79bec89dc6ac5fc (diff)
downloadsamba-439a1fe2d0db8a784431a4dbc070faef6e4f788e.tar.gz
samba-439a1fe2d0db8a784431a4dbc070faef6e4f788e.tar.bz2
samba-439a1fe2d0db8a784431a4dbc070faef6e4f788e.zip
s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
If we send the full extended DN, then we risk standards-complient LDAP servers rejecting it as invalid. Only the DN portion is needed to resolve the record in any case, and any SID or GUID componenets have already been evaluated into the DN. Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba_dsdb.c4
-rw-r--r--source4/dsdb/samdb/ldb_modules/simple_dn.c73
-rw-r--r--source4/dsdb/samdb/ldb_modules/wscript_build8
3 files changed, 83 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 4d0f9465b0..9536981393 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -209,9 +209,9 @@ static int samba_dsdb_init(struct ldb_module *module)
const char **backend_modules;
static const char *fedora_ds_backend_modules[] = {
- "nsuniqueid", "paged_searches", NULL };
+ "nsuniqueid", "paged_searches", "simple_dn", NULL };
static const char *openldap_backend_modules[] = {
- "entryuuid", "paged_searches", NULL };
+ "entryuuid", "paged_searches", "simple_dn", NULL };
static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", NULL };
const char *backendType, *serverRole;
diff --git a/source4/dsdb/samdb/ldb_modules/simple_dn.c b/source4/dsdb/samdb/ldb_modules/simple_dn.c
new file mode 100644
index 0000000000..d863290a03
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/simple_dn.c
@@ -0,0 +1,73 @@
+/*
+ ldb database library
+
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * Name: ldb
+ *
+ * Component: ldb dn simplification module
+ *
+ * Description: Module to strip off extended componenets from search DNs (not accepted by OpenLDAP backends)
+ *
+ * Author: Andrew Bartlett
+ */
+
+
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+/* search */
+static int simple_dn_search(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+ struct ldb_request *down_req;
+ struct ldb_dn *new_base;
+ int ret;
+
+ ldb = ldb_module_get_ctx(module);
+
+ new_base = ldb_dn_copy(req, req->op.search.base);
+ if (!new_base) {
+ ldb_module_oom(module);
+ }
+
+ ldb_dn_remove_extended_components(new_base);
+
+ ret = ldb_build_search_req_ex(&down_req,
+ ldb, req,
+ new_base,
+ req->op.search.scope,
+ req->op.search.tree,
+ req->op.search.attrs,
+ req->controls,
+ req, dsdb_next_callback,
+ req);
+ LDB_REQ_SET_LOCATION(down_req);
+ if (ret != LDB_SUCCESS) {
+ return ldb_operr(ldb);
+ }
+ talloc_steal(down_req, new_base);
+
+ return ldb_next_request(module, down_req);
+}
+
+_PUBLIC_ const struct ldb_module_ops ldb_simple_dn_module_ops = {
+ .name = "simple_dn",
+ .search = simple_dn_search
+};
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build
index f6b1e9cdc5..e6f6956163 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build
@@ -350,3 +350,11 @@ bld.SAMBA_MODULE('ldb_aclread',
internal_module=False,
deps='talloc LIBEVENTS LIBSECURITY SAMDB',
)
+
+bld.SAMBA_MODULE('ldb_simple_dn',
+ source='simple_dn.c',
+ subsystem='ldb',
+ init_function='LDB_MODULE(simple_dn)',
+ internal_module=False,
+ deps='talloc DSDB_MODULE_HELPERS'
+ )