|
 |
dc8c34 |
From df22a314aa4a333e491b702fa020d7fbc3a38bad Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
dc8c34 |
Date: Mon, 24 Nov 2014 16:58:57 -0500
|
|
|
dc8c34 |
Subject: [PATCH 276/305] Ticket 47963 - RFE - memberOf - add option to skip
|
|
|
dc8c34 |
nested group lookups during delete operations
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description: The recursive nested group lookups performed during a group delete
|
|
|
dc8c34 |
operation can take a very long time to complete if there are very
|
|
|
dc8c34 |
large static groups(groups with with over 10K members).
|
|
|
dc8c34 |
|
|
|
dc8c34 |
If there are no nested groups, then it would be nice to have an option
|
|
|
dc8c34 |
to skip the nested group check, which would significantly improve
|
|
|
dc8c34 |
delete performance.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description: Added a new memberOf plugin configuration attribute:
|
|
|
dc8c34 |
|
|
|
dc8c34 |
memberOfSkipNested: on|off
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47963
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: rmeggins(Thanks!)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit b01cf4dbf9c8995081da81e39f8766d2df9e0c2d)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Conflicts:
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof.h
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof_config.c
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 9cce9c4bc7b212a7c819ee2c3ea040ed5b282017)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Conflicts:
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof.h
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof_config.c
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 250fcdbb463d2f4597a61ef1e364f71fa01ef1be)
|
|
|
dc8c34 |
(cherry picked from commit ec0b121e65800e4664fafb9001b0e9118ca45464)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof.c | 6 ++++--
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof.h | 3 +++
|
|
|
dc8c34 |
ldap/servers/plugins/memberof/memberof_config.c | 28 +++++++++++++++++++++++++
|
|
|
dc8c34 |
3 files changed, 35 insertions(+), 2 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
|
|
|
dc8c34 |
index 19fb8a5..d81d9ab 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/memberof/memberof.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/memberof/memberof.c
|
|
|
dc8c34 |
@@ -2465,8 +2465,10 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
|
|
|
dc8c34 |
memberof_del_dn_data del_data = {0, config->memberof_attr};
|
|
|
dc8c34 |
Slapi_ValueSet *groups = 0;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
- /* get a list of all of the groups this user belongs to */
|
|
|
dc8c34 |
- groups = memberof_get_groups(config, sdn);
|
|
|
dc8c34 |
+ if(!config->skip_nested){
|
|
|
dc8c34 |
+ /* get a list of all of the groups this user belongs to */
|
|
|
dc8c34 |
+ groups = memberof_get_groups(config, sdn);
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* If we found some groups, replace the existing memberOf attribute
|
|
|
dc8c34 |
* with the found values. */
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
|
|
|
dc8c34 |
index 65398aa..4add6f6 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/memberof/memberof.h
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/memberof/memberof.h
|
|
|
dc8c34 |
@@ -66,6 +66,8 @@
|
|
|
dc8c34 |
#define MEMBEROF_GROUP_ATTR "memberOfGroupAttr"
|
|
|
dc8c34 |
#define MEMBEROF_ATTR "memberOfAttr"
|
|
|
dc8c34 |
#define MEMBEROF_BACKEND_ATTR "memberOfAllBackends"
|
|
|
dc8c34 |
+#define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested"
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
#define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
|
|
|
dc8c34 |
#define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
|
|
|
dc8c34 |
|
|
|
dc8c34 |
@@ -79,6 +81,7 @@ typedef struct memberofconfig {
|
|
|
dc8c34 |
int allBackends;
|
|
|
dc8c34 |
Slapi_Filter *group_filter;
|
|
|
dc8c34 |
Slapi_Attr **group_slapiattrs;
|
|
|
dc8c34 |
+ int skip_nested;
|
|
|
dc8c34 |
} MemberOfConfig;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
|
|
|
dc8c34 |
index 3fd63a9..6c97c0f 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/memberof/memberof_config.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/memberof/memberof_config.c
|
|
|
dc8c34 |
@@ -165,6 +165,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
|
|
|
dc8c34 |
Slapi_Attr *memberof_attr = NULL;
|
|
|
dc8c34 |
Slapi_Attr *group_attr = NULL;
|
|
|
dc8c34 |
char *syntaxoid = NULL;
|
|
|
dc8c34 |
+ char *skip_nested = NULL;
|
|
|
dc8c34 |
int not_dn_syntax = 0;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
|
|
|
dc8c34 |
@@ -244,6 +245,18 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
|
|
|
dc8c34 |
MEMBEROF_GROUP_ATTR, MEMBEROF_ATTR);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+ if ((skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR))){
|
|
|
dc8c34 |
+ if(strcasecmp(skip_nested, "on") != 0 && strcasecmp(skip_nested, "off") != 0){
|
|
|
dc8c34 |
+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
|
|
|
dc8c34 |
+ "The %s configuration attribute must be set to "
|
|
|
dc8c34 |
+ "\"on\" or \"off\". (illegal value: %s)",
|
|
|
dc8c34 |
+ MEMBEROF_SKIP_NESTED_ATTR, skip_nested);
|
|
|
dc8c34 |
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ slapi_ch_free_string(&skip_nested);
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
if (*returncode != LDAP_SUCCESS)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
return SLAPI_DSE_CALLBACK_ERROR;
|
|
|
dc8c34 |
@@ -271,12 +284,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
|
|
|
dc8c34 |
int num_groupattrs = 0;
|
|
|
dc8c34 |
int groupattr_name_len = 0;
|
|
|
dc8c34 |
char *allBackends = NULL;
|
|
|
dc8c34 |
+ char *skip_nested = NULL;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
*returncode = LDAP_SUCCESS;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
|
|
|
dc8c34 |
memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
|
|
|
dc8c34 |
allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
|
|
|
dc8c34 |
+ skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* We want to be sure we don't change the config in the middle of
|
|
|
dc8c34 |
* a memberOf operation, so we obtain an exclusive lock here */
|
|
|
dc8c34 |
@@ -375,6 +390,14 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
|
|
|
dc8c34 |
memberof_attr = NULL; /* config now owns memory */
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+ if (skip_nested){
|
|
|
dc8c34 |
+ if(strcasecmp(skip_nested,"on") == 0){
|
|
|
dc8c34 |
+ theConfig.skip_nested = 1;
|
|
|
dc8c34 |
+ } else {
|
|
|
dc8c34 |
+ theConfig.skip_nested = 0;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
if (allBackends)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
if(strcasecmp(allBackends,"on")==0){
|
|
|
dc8c34 |
@@ -392,6 +415,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
|
|
|
dc8c34 |
slapi_ch_array_free(groupattrs);
|
|
|
dc8c34 |
slapi_ch_free_string(&memberof_attr);
|
|
|
dc8c34 |
slapi_ch_free_string(&allBackends);
|
|
|
dc8c34 |
+ slapi_ch_free_string(&skip_nested);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
if (*returncode != LDAP_SUCCESS)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
@@ -464,6 +488,10 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
|
|
|
dc8c34 |
dest->memberof_attr = slapi_ch_strdup(src->memberof_attr);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+ if(src->skip_nested){
|
|
|
dc8c34 |
+ dest->skip_nested = src->skip_nested;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
if(src->allBackends)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
dest->allBackends = src->allBackends;
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.9.3
|
|
|
dc8c34 |
|