Blame SOURCES/0004-Issue-51076-remove-unnecessary-slapi-entry-dups.patch

5873fa
From f13d630ff98eb5b5505f1db3e7f207175b51b237 Mon Sep 17 00:00:00 2001
5873fa
From: Mark Reynolds <mreynolds@redhat.com>
5873fa
Date: Tue, 12 May 2020 13:48:30 -0400
5873fa
Subject: [PATCH 04/12] Issue 51076 - remove unnecessary slapi entry dups
5873fa
5873fa
Description:  So the problem is that slapi_search_internal_get_entry()
5873fa
              duplicates the entry twice.  It does that as a convenience
5873fa
              where it will allocate a pblock, do the search, copy
5873fa
              the entry, free search results from the pblock, and then
5873fa
              free the pblock itself.  I basically split this function
5873fa
              into two functions.  One function allocates the pblock,
5873fa
              does the search and returns the entry.  The other function
5873fa
              frees the entries and pblock.
5873fa
5873fa
              99% of time when we call slapi_search_internal_get_entry()
5873fa
              we are just reading it and freeing it.  It's not being
5873fa
              consumed.  In these cases we can use the two function
5873fa
              approach eliminates an extra slapi_entry_dup().  Over the
5873fa
              time of an operation/connection we can save quite a bit
5873fa
              of mallocing/freeing.  This could also help with memory
5873fa
              fragmentation.
5873fa
5873fa
ASAN: passed
5873fa
5873fa
relates: https://pagure.io/389-ds-base/issue/51076
5873fa
5873fa
Reviewed by: firstyear & tbordaz(Thanks!)
5873fa
---
5873fa
 ldap/servers/plugins/acctpolicy/acct_config.c |  6 +--
5873fa
 ldap/servers/plugins/acctpolicy/acct_plugin.c | 36 +++++++-------
5873fa
 ldap/servers/plugins/acctpolicy/acct_util.c   |  6 +--
5873fa
 ldap/servers/plugins/automember/automember.c  | 17 +++----
5873fa
 ldap/servers/plugins/dna/dna.c                | 23 ++++-----
5873fa
 ldap/servers/plugins/memberof/memberof.c      | 16 +++----
5873fa
 .../plugins/pam_passthru/pam_ptconfig.c       | 10 ++--
5873fa
 .../servers/plugins/pam_passthru/pam_ptimpl.c |  7 +--
5873fa
 .../plugins/pam_passthru/pam_ptpreop.c        |  9 ++--
5873fa
 .../plugins/replication/repl5_tot_protocol.c  |  5 +-
5873fa
 ldap/servers/plugins/uiduniq/uid.c            | 23 ++++-----
5873fa
 ldap/servers/slapd/daemon.c                   | 11 ++---
5873fa
 ldap/servers/slapd/modify.c                   | 12 +++--
5873fa
 ldap/servers/slapd/plugin_internal_op.c       | 48 +++++++++++++++++++
5873fa
 ldap/servers/slapd/resourcelimit.c            | 13 ++---
5873fa
 ldap/servers/slapd/schema.c                   |  7 ++-
5873fa
 ldap/servers/slapd/slapi-plugin.h             | 23 ++++++++-
5873fa
 17 files changed, 161 insertions(+), 111 deletions(-)
5873fa
5873fa
diff --git a/ldap/servers/plugins/acctpolicy/acct_config.c b/ldap/servers/plugins/acctpolicy/acct_config.c
5873fa
index fe35ba5a0..01e4f319f 100644
5873fa
--- a/ldap/servers/plugins/acctpolicy/acct_config.c
5873fa
+++ b/ldap/servers/plugins/acctpolicy/acct_config.c
5873fa
@@ -37,6 +37,7 @@ static int acct_policy_entry2config(Slapi_Entry *e,
5873fa
 int
5873fa
 acct_policy_load_config_startup(Slapi_PBlock *pb __attribute__((unused)), void *plugin_id)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     acctPluginCfg *newcfg;
5873fa
     Slapi_Entry *config_entry = NULL;
5873fa
     Slapi_DN *config_sdn = NULL;
5873fa
@@ -44,8 +45,7 @@ acct_policy_load_config_startup(Slapi_PBlock *pb __attribute__((unused)), void *
5873fa
 
5873fa
     /* Retrieve the config entry */
5873fa
     config_sdn = slapi_sdn_new_normdn_byref(PLUGIN_CONFIG_DN);
5873fa
-    rc = slapi_search_internal_get_entry(config_sdn, NULL, &config_entry,
5873fa
-                                         plugin_id);
5873fa
+    rc = slapi_search_get_entry(&entry_pb, config_sdn, NULL, &config_entry, plugin_id);
5873fa
     slapi_sdn_free(&config_sdn);
5873fa
 
5873fa
     if (rc != LDAP_SUCCESS || config_entry == NULL) {
5873fa
@@ -60,7 +60,7 @@ acct_policy_load_config_startup(Slapi_PBlock *pb __attribute__((unused)), void *
5873fa
     rc = acct_policy_entry2config(config_entry, newcfg);
5873fa
     config_unlock();
5873fa
 
5873fa
-    slapi_entry_free(config_entry);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     return (rc);
5873fa
 }
5873fa
diff --git a/ldap/servers/plugins/acctpolicy/acct_plugin.c b/ldap/servers/plugins/acctpolicy/acct_plugin.c
5873fa
index 2a876ad72..c3c32b074 100644
5873fa
--- a/ldap/servers/plugins/acctpolicy/acct_plugin.c
5873fa
+++ b/ldap/servers/plugins/acctpolicy/acct_plugin.c
5873fa
@@ -209,6 +209,7 @@ done:
5873fa
 int
5873fa
 acct_bind_preop(Slapi_PBlock *pb)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     const char *dn = NULL;
5873fa
     Slapi_DN *sdn = NULL;
5873fa
     Slapi_Entry *target_entry = NULL;
5873fa
@@ -236,8 +237,7 @@ acct_bind_preop(Slapi_PBlock *pb)
5873fa
         goto done;
5873fa
     }
5873fa
 
5873fa
-    ldrc = slapi_search_internal_get_entry(sdn, NULL, &target_entry,
5873fa
-                                           plugin_id);
5873fa
+    ldrc = slapi_search_get_entry(&entry_pb, sdn, NULL, &target_entry, plugin_id);
5873fa
 
5873fa
     /* There was a problem retrieving the entry */
5873fa
     if (ldrc != LDAP_SUCCESS) {
5873fa
@@ -275,7 +275,7 @@ done:
5873fa
         slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL);
5873fa
     }
5873fa
 
5873fa
-    slapi_entry_free(target_entry);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     free_acctpolicy(&policy);
5873fa
 
5873fa
@@ -293,6 +293,7 @@ done:
5873fa
 int
5873fa
 acct_bind_postop(Slapi_PBlock *pb)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     char *dn = NULL;
5873fa
     int ldrc, tracklogin = 0;
5873fa
     int rc = 0; /* Optimistic default */
5873fa
@@ -327,8 +328,7 @@ acct_bind_postop(Slapi_PBlock *pb)
5873fa
        covered by an account policy to decide whether we should track */
5873fa
     if (tracklogin == 0) {
5873fa
         sdn = slapi_sdn_new_normdn_byref(dn);
5873fa
-        ldrc = slapi_search_internal_get_entry(sdn, NULL, &target_entry,
5873fa
-                                               plugin_id);
5873fa
+        ldrc = slapi_search_get_entry(&entry_pb, sdn, NULL, &target_entry, plugin_id);
5873fa
 
5873fa
         if (ldrc != LDAP_SUCCESS) {
5873fa
             slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
5873fa
@@ -355,7 +355,7 @@ done:
5873fa
         slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL);
5873fa
     }
5873fa
 
5873fa
-    slapi_entry_free(target_entry);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     slapi_sdn_free(&sdn);
5873fa
 
5873fa
@@ -370,11 +370,11 @@ done:
5873fa
 static int
5873fa
 acct_pre_op(Slapi_PBlock *pb, int modop)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_DN *sdn = 0;
5873fa
     Slapi_Entry *e = 0;
5873fa
     Slapi_Mods *smods = 0;
5873fa
     LDAPMod **mods;
5873fa
-    int free_entry = 0;
5873fa
     char *errstr = NULL;
5873fa
     int ret = SLAPI_PLUGIN_SUCCESS;
5873fa
 
5873fa
@@ -384,28 +384,25 @@ acct_pre_op(Slapi_PBlock *pb, int modop)
5873fa
 
5873fa
     if (acct_policy_dn_is_config(sdn)) {
5873fa
         /* Validate config changes, but don't apply them.
5873fa
-     * This allows us to reject invalid config changes
5873fa
-     * here at the pre-op stage.  Applying the config
5873fa
-     * needs to be done at the post-op stage. */
5873fa
+         * This allows us to reject invalid config changes
5873fa
+         * here at the pre-op stage.  Applying the config
5873fa
+         * needs to be done at the post-op stage. */
5873fa
 
5873fa
         if (LDAP_CHANGETYPE_ADD == modop) {
5873fa
             slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
5873fa
 
5873fa
-            /* If the entry doesn't exist, just bail and
5873fa
-     * let the server handle it. */
5873fa
+            /* If the entry doesn't exist, just bail and let the server handle it. */
5873fa
             if (e == NULL) {
5873fa
                 goto bail;
5873fa
             }
5873fa
         } else if (LDAP_CHANGETYPE_MODIFY == modop) {
5873fa
             /* Fetch the entry being modified so we can
5873fa
-     * create the resulting entry for validation. */
5873fa
+             * create the resulting entry for validation. */
5873fa
             if (sdn) {
5873fa
-                slapi_search_internal_get_entry(sdn, 0, &e, get_identity());
5873fa
-                free_entry = 1;
5873fa
+                slapi_search_get_entry(&entry_pb, sdn, 0, &e, get_identity());
5873fa
             }
5873fa
 
5873fa
-            /* If the entry doesn't exist, just bail and
5873fa
-     * let the server handle it. */
5873fa
+            /* If the entry doesn't exist, just bail and let the server handle it. */
5873fa
             if (e == NULL) {
5873fa
                 goto bail;
5873fa
             }
5873fa
@@ -418,7 +415,7 @@ acct_pre_op(Slapi_PBlock *pb, int modop)
5873fa
             /* Apply the  mods to create the resulting entry. */
5873fa
             if (mods && (slapi_entry_apply_mods(e, mods) != LDAP_SUCCESS)) {
5873fa
                 /* The mods don't apply cleanly, so we just let this op go
5873fa
-     * to let the main server handle it. */
5873fa
+                 * to let the main server handle it. */
5873fa
                 goto bailmod;
5873fa
             }
5873fa
         } else if (modop == LDAP_CHANGETYPE_DELETE) {
5873fa
@@ -439,8 +436,7 @@ bailmod:
5873fa
     }
5873fa
 
5873fa
 bail:
5873fa
-    if (free_entry && e)
5873fa
-        slapi_entry_free(e);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     if (ret) {
5873fa
         slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
5873fa
diff --git a/ldap/servers/plugins/acctpolicy/acct_util.c b/ldap/servers/plugins/acctpolicy/acct_util.c
5873fa
index f25a3202d..f432092fe 100644
5873fa
--- a/ldap/servers/plugins/acctpolicy/acct_util.c
5873fa
+++ b/ldap/servers/plugins/acctpolicy/acct_util.c
5873fa
@@ -85,6 +85,7 @@ get_attr_string_val(Slapi_Entry *target_entry, char *attr_name)
5873fa
 int
5873fa
 get_acctpolicy(Slapi_PBlock *pb __attribute__((unused)), Slapi_Entry *target_entry, void *plugin_id, acctPolicy **policy)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_DN *sdn = NULL;
5873fa
     Slapi_Entry *policy_entry = NULL;
5873fa
     Slapi_Attr *attr;
5873fa
@@ -123,8 +124,7 @@ get_acctpolicy(Slapi_PBlock *pb __attribute__((unused)), Slapi_Entry *target_ent
5873fa
     }
5873fa
 
5873fa
     sdn = slapi_sdn_new_dn_byref(policy_dn);
5873fa
-    ldrc = slapi_search_internal_get_entry(sdn, NULL, &policy_entry,
5873fa
-                                           plugin_id);
5873fa
+    ldrc = slapi_search_get_entry(&entry_pb, sdn, NULL, &policy_entry, plugin_id);
5873fa
     slapi_sdn_free(&sdn);
5873fa
 
5873fa
     /* There should be a policy but it can't be retrieved; fatal error */
5873fa
@@ -160,7 +160,7 @@ dopolicy:
5873fa
 done:
5873fa
     config_unlock();
5873fa
     slapi_ch_free_string(&policy_dn);
5873fa
-    slapi_entry_free(policy_entry);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
     return (rc);
5873fa
 }
5873fa
 
5873fa
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
5873fa
index 7c875c852..39350ad53 100644
5873fa
--- a/ldap/servers/plugins/automember/automember.c
5873fa
+++ b/ldap/servers/plugins/automember/automember.c
5873fa
@@ -1629,13 +1629,12 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
5873fa
     char *member_value = NULL;
5873fa
     int rc = 0;
5873fa
     Slapi_DN *group_sdn;
5873fa
-    Slapi_Entry *group_entry = NULL;
5873fa
 
5873fa
     /* First thing check that the group still exists */
5873fa
     group_sdn = slapi_sdn_new_dn_byval(group_dn);
5873fa
-    rc = slapi_search_internal_get_entry(group_sdn, NULL, &group_entry, automember_get_plugin_id());
5873fa
+    rc = slapi_search_internal_get_entry(group_sdn, NULL, NULL, automember_get_plugin_id());
5873fa
     slapi_sdn_free(&group_sdn);
5873fa
-    if (rc != LDAP_SUCCESS || group_entry == NULL) {
5873fa
+    if (rc != LDAP_SUCCESS) {
5873fa
         if (rc == LDAP_NO_SUCH_OBJECT) {
5873fa
             /* the automember group (default or target) does not exist, just skip this definition */
5873fa
             slapi_log_err(SLAPI_LOG_INFO, AUTOMEMBER_PLUGIN_SUBSYSTEM,
5873fa
@@ -1647,10 +1646,8 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
5873fa
                       "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n",
5873fa
                       group_dn, rc);
5873fa
         }
5873fa
-        slapi_entry_free(group_entry);
5873fa
         return rc;
5873fa
     }
5873fa
-    slapi_entry_free(group_entry);
5873fa
 
5873fa
     /* If grouping_value is dn, we need to fetch the dn instead. */
5873fa
     if (slapi_attr_type_cmp(grouping_value, "dn", SLAPI_TYPE_CMP_EXACT) == 0) {
5873fa
@@ -1752,11 +1749,11 @@ out:
5873fa
 static int
5873fa
 automember_pre_op(Slapi_PBlock *pb, int modop)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_DN *sdn = 0;
5873fa
     Slapi_Entry *e = 0;
5873fa
     Slapi_Mods *smods = 0;
5873fa
     LDAPMod **mods;
5873fa
-    int free_entry = 0;
5873fa
     char *errstr = NULL;
5873fa
     int ret = SLAPI_PLUGIN_SUCCESS;
5873fa
 
5873fa
@@ -1784,8 +1781,7 @@ automember_pre_op(Slapi_PBlock *pb, int modop)
5873fa
             /* Fetch the entry being modified so we can
5873fa
              * create the resulting entry for validation. */
5873fa
             if (sdn) {
5873fa
-                slapi_search_internal_get_entry(sdn, 0, &e, automember_get_plugin_id());
5873fa
-                free_entry = 1;
5873fa
+                slapi_search_get_entry(&entry_pb, sdn, 0, &e, automember_get_plugin_id());
5873fa
             }
5873fa
 
5873fa
             /* If the entry doesn't exist, just bail and
5873fa
@@ -1799,7 +1795,7 @@ automember_pre_op(Slapi_PBlock *pb, int modop)
5873fa
             smods = slapi_mods_new();
5873fa
             slapi_mods_init_byref(smods, mods);
5873fa
 
5873fa
-            /* Apply the  mods to create the resulting entry. */
5873fa
+            /* Apply the mods to create the resulting entry. */
5873fa
             if (mods && (slapi_entry_apply_mods(e, mods) != LDAP_SUCCESS)) {
5873fa
                 /* The mods don't apply cleanly, so we just let this op go
5873fa
                  * to let the main server handle it. */
5873fa
@@ -1831,8 +1827,7 @@ bailmod:
5873fa
     }
5873fa
 
5873fa
 bail:
5873fa
-    if (free_entry && e)
5873fa
-        slapi_entry_free(e);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     if (ret) {
5873fa
         slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
5873fa
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
5873fa
index 1ee271359..16c625bb0 100644
5873fa
--- a/ldap/servers/plugins/dna/dna.c
5873fa
+++ b/ldap/servers/plugins/dna/dna.c
5873fa
@@ -1178,7 +1178,6 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply)
5873fa
 
5873fa
     value = slapi_entry_attr_get_charptr(e, DNA_SHARED_CFG_DN);
5873fa
     if (value) {
5873fa
-        Slapi_Entry *shared_e = NULL;
5873fa
         Slapi_DN *sdn = NULL;
5873fa
         char *normdn = NULL;
5873fa
         char *attrs[2];
5873fa
@@ -1197,10 +1196,8 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply)
5873fa
         /* We don't need attributes */
5873fa
         attrs[0] = "cn";
5873fa
         attrs[1] = NULL;
5873fa
-        slapi_search_internal_get_entry(sdn, attrs, &shared_e, getPluginID());
5873fa
-
5873fa
         /* Make sure that the shared config entry exists. */
5873fa
-        if (!shared_e) {
5873fa
+        if(slapi_search_internal_get_entry(sdn, attrs, NULL, getPluginID()) != LDAP_SUCCESS) {
5873fa
             /* We didn't locate the shared config container entry. Log
5873fa
              * a message and skip this config entry. */
5873fa
             slapi_log_err(SLAPI_LOG_ERR, DNA_PLUGIN_SUBSYSTEM,
5873fa
@@ -1210,9 +1207,6 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry *e, int apply)
5873fa
             ret = DNA_FAILURE;
5873fa
             slapi_sdn_free(&sdn);
5873fa
             goto bail;
5873fa
-        } else {
5873fa
-            slapi_entry_free(shared_e);
5873fa
-            shared_e = NULL;
5873fa
         }
5873fa
 
5873fa
         normdn = (char *)slapi_sdn_get_dn(sdn);
5873fa
@@ -1539,6 +1533,7 @@ dna_delete_shared_servers(PRCList **servers)
5873fa
 static int
5873fa
 dna_load_host_port(void)
5873fa
 {
5873fa
+    Slapi_PBlock *pb = NULL;
5873fa
     int status = DNA_SUCCESS;
5873fa
     Slapi_Entry *e = NULL;
5873fa
     Slapi_DN *config_dn = NULL;
5873fa
@@ -1554,7 +1549,7 @@ dna_load_host_port(void)
5873fa
 
5873fa
     config_dn = slapi_sdn_new_ndn_byref("cn=config");
5873fa
     if (config_dn) {
5873fa
-        slapi_search_internal_get_entry(config_dn, attrs, &e, getPluginID());
5873fa
+        slapi_search_get_entry(&pb, config_dn, attrs, &e, getPluginID());
5873fa
         slapi_sdn_free(&config_dn);
5873fa
     }
5873fa
 
5873fa
@@ -1562,8 +1557,8 @@ dna_load_host_port(void)
5873fa
         hostname = slapi_entry_attr_get_charptr(e, "nsslapd-localhost");
5873fa
         portnum = slapi_entry_attr_get_charptr(e, "nsslapd-port");
5873fa
         secureportnum = slapi_entry_attr_get_charptr(e, "nsslapd-secureport");
5873fa
-        slapi_entry_free(e);
5873fa
     }
5873fa
+    slapi_search_get_entry_done(&pb);
5873fa
 
5873fa
     if (!hostname || !portnum) {
5873fa
         status = DNA_FAILURE;
5873fa
@@ -2876,6 +2871,7 @@ bail:
5873fa
 static int
5873fa
 dna_is_replica_bind_dn(char *range_dn, char *bind_dn)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     char *replica_dn = NULL;
5873fa
     Slapi_DN *replica_sdn = NULL;
5873fa
     Slapi_DN *range_sdn = NULL;
5873fa
@@ -2912,8 +2908,7 @@ dna_is_replica_bind_dn(char *range_dn, char *bind_dn)
5873fa
         attrs[2] = 0;
5873fa
 
5873fa
         /* Find cn=replica entry via search */
5873fa
-        slapi_search_internal_get_entry(replica_sdn, attrs, &e, getPluginID());
5873fa
-
5873fa
+        slapi_search_get_entry(&entry_pb, replica_sdn, attrs, &e, getPluginID());
5873fa
         if (e) {
5873fa
             /* Check if the passed in bind dn matches any of the replica bind dns. */
5873fa
             Slapi_Value *bind_dn_sv = slapi_value_new_string(bind_dn);
5873fa
@@ -2927,6 +2922,7 @@ dna_is_replica_bind_dn(char *range_dn, char *bind_dn)
5873fa
                 attrs[0] = "member";
5873fa
                 attrs[1] = "uniquemember";
5873fa
                 attrs[2] = 0;
5873fa
+                slapi_search_get_entry_done(&entry_pb);
5873fa
                 for (i = 0; bind_group_dn != NULL && bind_group_dn[i] != NULL; i++) {
5873fa
                     if (ret) {
5873fa
                         /* already found a member, just free group */
5873fa
@@ -2934,14 +2930,14 @@ dna_is_replica_bind_dn(char *range_dn, char *bind_dn)
5873fa
                         continue;
5873fa
                     }
5873fa
                     bind_group_sdn = slapi_sdn_new_normdn_passin(bind_group_dn[i]);
5873fa
-                    slapi_search_internal_get_entry(bind_group_sdn, attrs, &bind_group_entry, getPluginID());
5873fa
+                    slapi_search_get_entry(&entry_pb, bind_group_sdn, attrs, &bind_group_entry, getPluginID());
5873fa
                     if (bind_group_entry) {
5873fa
                         ret = slapi_entry_attr_has_syntax_value(bind_group_entry, "member", bind_dn_sv);
5873fa
                         if (ret == 0) {
5873fa
                             ret = slapi_entry_attr_has_syntax_value(bind_group_entry, "uniquemember", bind_dn_sv);
5873fa
                         }
5873fa
                     }
5873fa
-                    slapi_entry_free(bind_group_entry);
5873fa
+                    slapi_search_get_entry_done(&entry_pb);
5873fa
                     slapi_sdn_free(&bind_group_sdn);
5873fa
                 }
5873fa
                 slapi_ch_free((void **)&bind_group_dn);
5873fa
@@ -2956,7 +2952,6 @@ dna_is_replica_bind_dn(char *range_dn, char *bind_dn)
5873fa
     }
5873fa
 
5873fa
 done:
5873fa
-    slapi_entry_free(e);
5873fa
     slapi_sdn_free(&range_sdn);
5873fa
     slapi_sdn_free(&replica_sdn);
5873fa
 
5873fa
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
5873fa
index 40bd4b380..e9e1ec4c7 100644
5873fa
--- a/ldap/servers/plugins/memberof/memberof.c
5873fa
+++ b/ldap/servers/plugins/memberof/memberof.c
5873fa
@@ -884,7 +884,7 @@ memberof_postop_modrdn(Slapi_PBlock *pb)
5873fa
             pre_sdn = slapi_entry_get_sdn(pre_e);
5873fa
             post_sdn = slapi_entry_get_sdn(post_e);
5873fa
         }
5873fa
-        
5873fa
+
5873fa
         if (pre_sdn && post_sdn && slapi_sdn_compare(pre_sdn, post_sdn) == 0) {
5873fa
             /* Regarding memberof plugin, this rename is a no-op
5873fa
              * but it can be expensive to process it. So skip it
5873fa
@@ -1466,6 +1466,7 @@ memberof_modop_one_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod_op, Slapi
5873fa
 int
5873fa
 memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod_op, Slapi_DN *group_sdn, Slapi_DN *op_this_sdn, Slapi_DN *replace_with_sdn, Slapi_DN *op_to_sdn, memberofstringll *stack)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     int rc = 0;
5873fa
     LDAPMod mod;
5873fa
     LDAPMod replace_mod;
5873fa
@@ -1515,8 +1516,7 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod_o
5873fa
     }
5873fa
 
5873fa
     /* determine if this is a group op or single entry */
5873fa
-    slapi_search_internal_get_entry(op_to_sdn, config->groupattrs,
5873fa
-                                    &e, memberof_get_plugin_id());
5873fa
+    slapi_search_get_entry(&entry_pb, op_to_sdn, config->groupattrs, &e, memberof_get_plugin_id());
5873fa
     if (!e) {
5873fa
         /* In the case of a delete, we need to worry about the
5873fa
          * missing entry being a nested group.  There's a small
5873fa
@@ -1751,7 +1751,7 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod_o
5873fa
 bail:
5873fa
     slapi_value_free(&to_dn_val);
5873fa
     slapi_value_free(&this_dn_val);
5873fa
-    slapi_entry_free(e);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
     return rc;
5873fa
 }
5873fa
 
5873fa
@@ -2368,6 +2368,7 @@ bail:
5873fa
 int
5873fa
 memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, Slapi_Value *memberdn)
5873fa
 {
5873fa
+    Slapi_PBlock *pb = NULL;
5873fa
     int rc = 0;
5873fa
     Slapi_DN *sdn = 0;
5873fa
     Slapi_Entry *group_e = 0;
5873fa
@@ -2376,8 +2377,8 @@ memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, Slapi_Va
5873fa
 
5873fa
     sdn = slapi_sdn_new_normdn_byref(slapi_value_get_string(groupdn));
5873fa
 
5873fa
-    slapi_search_internal_get_entry(sdn, config->groupattrs,
5873fa
-                                    &group_e, memberof_get_plugin_id());
5873fa
+    slapi_search_get_entry(&pb, sdn, config->groupattrs,
5873fa
+                           &group_e, memberof_get_plugin_id());
5873fa
 
5873fa
     if (group_e) {
5873fa
         /* See if memberdn is referred to by any of the group attributes. */
5873fa
@@ -2388,9 +2389,8 @@ memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, Slapi_Va
5873fa
                 break;
5873fa
             }
5873fa
         }
5873fa
-
5873fa
-        slapi_entry_free(group_e);
5873fa
     }
5873fa
+    slapi_search_get_entry_done(&pb);
5873fa
 
5873fa
     slapi_sdn_free(&sdn);
5873fa
     return rc;
5873fa
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptconfig.c b/ldap/servers/plugins/pam_passthru/pam_ptconfig.c
5873fa
index 46a76d884..cbec2ec40 100644
5873fa
--- a/ldap/servers/plugins/pam_passthru/pam_ptconfig.c
5873fa
+++ b/ldap/servers/plugins/pam_passthru/pam_ptconfig.c
5873fa
@@ -749,22 +749,22 @@ pam_passthru_get_config(Slapi_DN *bind_sdn)
5873fa
             if (pam_passthru_check_suffix(cfg, bind_sdn) == LDAP_SUCCESS) {
5873fa
                 if (cfg->slapi_filter) {
5873fa
                     /* A filter is configured, so see if the bind entry is a match. */
5873fa
+                    Slapi_PBlock *entry_pb = NULL;
5873fa
                     Slapi_Entry *test_e = NULL;
5873fa
 
5873fa
                     /* Fetch the bind entry */
5873fa
-                    slapi_search_internal_get_entry(bind_sdn, NULL, &test_e,
5873fa
-                                                    pam_passthruauth_get_plugin_identity());
5873fa
+                    slapi_search_get_entry(&entry_pb, bind_sdn, NULL, &test_e,
5873fa
+                                           pam_passthruauth_get_plugin_identity());
5873fa
 
5873fa
                     /* If the entry doesn't exist, just fall through to the main server code */
5873fa
                     if (test_e) {
5873fa
                         /* Evaluate the filter. */
5873fa
                         if (LDAP_SUCCESS == slapi_filter_test_simple(test_e, cfg->slapi_filter)) {
5873fa
                             /* This is a match. */
5873fa
-                            slapi_entry_free(test_e);
5873fa
+                            slapi_search_get_entry_done(&entry_pb);
5873fa
                             goto done;
5873fa
                         }
5873fa
-
5873fa
-                        slapi_entry_free(test_e);
5873fa
+                        slapi_search_get_entry_done(&entry_pb);
5873fa
                     }
5873fa
                 } else {
5873fa
                     /* There is no filter to check, so this is a match. */
5873fa
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
5873fa
index 7f5fb02c4..5b43f8d1f 100644
5873fa
--- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
5873fa
+++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
5873fa
@@ -81,11 +81,12 @@ derive_from_bind_dn(Slapi_PBlock *pb __attribute__((unused)), const Slapi_DN *bi
5873fa
 static char *
5873fa
 derive_from_bind_entry(Slapi_PBlock *pb, const Slapi_DN *bindsdn, MyStrBuf *pam_id, char *map_ident_attr, int *locked)
5873fa
 {
5873fa
+	Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_Entry *entry = NULL;
5873fa
     char *attrs[] = {NULL, NULL};
5873fa
     attrs[0] = map_ident_attr;
5873fa
-    int rc = slapi_search_internal_get_entry((Slapi_DN *)bindsdn, attrs, &entry,
5873fa
-                                             pam_passthruauth_get_plugin_identity());
5873fa
+    int32_t rc = slapi_search_get_entry(&entry_pb, (Slapi_DN *)bindsdn, attrs, &entry,
5873fa
+                                        pam_passthruauth_get_plugin_identity());
5873fa
 
5873fa
     if (rc != LDAP_SUCCESS) {
5873fa
         slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
5873fa
@@ -108,7 +109,7 @@ derive_from_bind_entry(Slapi_PBlock *pb, const Slapi_DN *bindsdn, MyStrBuf *pam_
5873fa
         init_my_str_buf(pam_id, val);
5873fa
     }
5873fa
 
5873fa
-    slapi_entry_free(entry);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     return pam_id->str;
5873fa
 }
5873fa
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
5873fa
index 3d0067531..5bca823ff 100644
5873fa
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
5873fa
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
5873fa
@@ -526,6 +526,7 @@ done:
5873fa
 static int
5873fa
 pam_passthru_preop(Slapi_PBlock *pb, int modtype)
5873fa
 {
5873fa
+	Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_DN *sdn = NULL;
5873fa
     Slapi_Entry *e = NULL;
5873fa
     LDAPMod **mods;
5873fa
@@ -555,8 +556,8 @@ pam_passthru_preop(Slapi_PBlock *pb, int modtype)
5873fa
         case LDAP_CHANGETYPE_MODIFY:
5873fa
             /* Fetch the entry being modified so we can
5873fa
              * create the resulting entry for validation. */
5873fa
-            slapi_search_internal_get_entry(sdn, 0, &e,
5873fa
-                                            pam_passthruauth_get_plugin_identity());
5873fa
+            slapi_search_get_entry(&entry_pb, sdn, 0, &e,
5873fa
+                                   pam_passthruauth_get_plugin_identity());
5873fa
 
5873fa
             /* If the entry doesn't exist, just bail and
5873fa
              * let the server handle it. */
5873fa
@@ -576,9 +577,6 @@ pam_passthru_preop(Slapi_PBlock *pb, int modtype)
5873fa
                     /* Don't bail here, as we need to free the entry. */
5873fa
                 }
5873fa
             }
5873fa
-
5873fa
-            /* Free the entry. */
5873fa
-            slapi_entry_free(e);
5873fa
             break;
5873fa
         case LDAP_CHANGETYPE_DELETE:
5873fa
         case LDAP_CHANGETYPE_MODDN:
5873fa
@@ -591,6 +589,7 @@ pam_passthru_preop(Slapi_PBlock *pb, int modtype)
5873fa
     }
5873fa
 
5873fa
 bail:
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
     /* If we are refusing the operation, return the result to the client. */
5873fa
     if (ret) {
5873fa
         slapi_send_ldap_result(pb, ret, NULL, returntext, 0, NULL);
5873fa
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
5873fa
index 3b65d6b20..a25839f21 100644
5873fa
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
5873fa
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
5873fa
@@ -469,7 +469,8 @@ retry:
5873fa
          */
5873fa
         /* Get suffix */
5873fa
         Slapi_Entry *suffix = NULL;
5873fa
-        rc = slapi_search_internal_get_entry(area_sdn, NULL, &suffix, repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION));
5873fa
+        Slapi_PBlock *suffix_pb = NULL;
5873fa
+        rc = slapi_search_get_entry(&suffix_pb, area_sdn, NULL, &suffix, repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION));
5873fa
         if (rc) {
5873fa
             slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "repl5_tot_run -  Unable to "
5873fa
                                                            "get the suffix entry \"%s\".\n",
5873fa
@@ -517,7 +518,7 @@ retry:
5873fa
                                      LDAP_SCOPE_SUBTREE, "(parentid>=1)", NULL, 0, ctrls, NULL,
5873fa
                                      repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), OP_FLAG_BULK_IMPORT);
5873fa
         cb_data.num_entries = 0UL;
5873fa
-        slapi_entry_free(suffix);
5873fa
+        slapi_search_get_entry_done(&suffix_pb);
5873fa
     } else {
5873fa
         /* Original total update */
5873fa
         /* we need to provide managedsait control so that referral entries can
5873fa
diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
5873fa
index d7ccf0e07..e69012204 100644
5873fa
--- a/ldap/servers/plugins/uiduniq/uid.c
5873fa
+++ b/ldap/servers/plugins/uiduniq/uid.c
5873fa
@@ -1254,6 +1254,7 @@ preop_modify(Slapi_PBlock *pb)
5873fa
 static int
5873fa
 preop_modrdn(Slapi_PBlock *pb)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     int result = LDAP_SUCCESS;
5873fa
     Slapi_Entry *e = NULL;
5873fa
     Slapi_Value *sv_requiredObjectClass = NULL;
5873fa
@@ -1351,7 +1352,7 @@ preop_modrdn(Slapi_PBlock *pb)
5873fa
 
5873fa
     /* Get the entry that is being renamed so we can make a dummy copy
5873fa
      * of what it will look like after the rename. */
5873fa
-    err = slapi_search_internal_get_entry(sdn, NULL, &e, plugin_identity);
5873fa
+    err = slapi_search_get_entry(&entry_pb, sdn, NULL, &e, plugin_identity);
5873fa
     if (err != LDAP_SUCCESS) {
5873fa
         result = uid_op_error(35);
5873fa
         /* We want to return a no such object error if the target doesn't exist. */
5873fa
@@ -1371,24 +1372,24 @@ preop_modrdn(Slapi_PBlock *pb)
5873fa
 
5873fa
 
5873fa
     /*
5873fa
-         * Check if it has the required object class
5873fa
-         */
5873fa
+     * Check if it has the required object class
5873fa
+     */
5873fa
     if (requiredObjectClass &&
5873fa
         !slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS, sv_requiredObjectClass)) {
5873fa
         break;
5873fa
     }
5873fa
 
5873fa
     /*
5873fa
-         * Find any unique attribute data in the new RDN
5873fa
-         */
5873fa
+     * Find any unique attribute data in the new RDN
5873fa
+     */
5873fa
     for (i = 0; attrNames && attrNames[i]; i++) {
5873fa
         err = slapi_entry_attr_find(e, attrNames[i], &attr);
5873fa
         if (!err) {
5873fa
             /*
5873fa
-                 * Passed all the requirements - this is an operation we
5873fa
-                 * need to enforce uniqueness on. Now find all parent entries
5873fa
-                 * with the marker object class, and do a search for each one.
5873fa
-                 */
5873fa
+             * Passed all the requirements - this is an operation we
5873fa
+             * need to enforce uniqueness on. Now find all parent entries
5873fa
+             * with the marker object class, and do a search for each one.
5873fa
+             */
5873fa
             if (NULL != markerObjectClass) {
5873fa
                 /* Subtree defined by location of marker object class */
5873fa
                 result = findSubtreeAndSearch(slapi_entry_get_sdn(e), attrNames, attr, NULL,
5873fa
@@ -1407,8 +1408,8 @@ preop_modrdn(Slapi_PBlock *pb)
5873fa
     END
5873fa
         /* Clean-up */
5873fa
         slapi_value_free(&sv_requiredObjectClass);
5873fa
-    if (e)
5873fa
-        slapi_entry_free(e);
5873fa
+
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     if (result) {
5873fa
         slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
5873fa
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
5873fa
index 65f23363a..a70f40316 100644
5873fa
--- a/ldap/servers/slapd/daemon.c
5873fa
+++ b/ldap/servers/slapd/daemon.c
5873fa
@@ -1916,18 +1916,13 @@ slapd_bind_local_user(Connection *conn)
5873fa
             char *root_dn = config_get_ldapi_root_dn();
5873fa
 
5873fa
             if (root_dn) {
5873fa
+                Slapi_PBlock *entry_pb = NULL;
5873fa
                 Slapi_DN *edn = slapi_sdn_new_dn_byref(
5873fa
                     slapi_dn_normalize(root_dn));
5873fa
                 Slapi_Entry *e = 0;
5873fa
 
5873fa
                 /* root might be locked too! :) */
5873fa
-                ret = slapi_search_internal_get_entry(
5873fa
-                    edn, 0,
5873fa
-                    &e,
5873fa
-                    (void *)plugin_get_default_component_id()
5873fa
-
5873fa
-                        );
5873fa
-
5873fa
+                ret = slapi_search_get_entry(&entry_pb, edn, 0, &e, (void *)plugin_get_default_component_id());
5873fa
                 if (0 == ret && e) {
5873fa
                     ret = slapi_check_account_lock(
5873fa
                         0, /* pb not req */
5873fa
@@ -1955,7 +1950,7 @@ slapd_bind_local_user(Connection *conn)
5873fa
             root_map_free:
5873fa
                 /* root_dn consumed by bind creds set */
5873fa
                 slapi_sdn_free(&edn);
5873fa
-                slapi_entry_free(e);
5873fa
+                slapi_search_get_entry_done(&entry_pb);
5873fa
                 ret = 0;
5873fa
             }
5873fa
         }
5873fa
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
5873fa
index bbc0ab71a..259bedfff 100644
5873fa
--- a/ldap/servers/slapd/modify.c
5873fa
+++ b/ldap/servers/slapd/modify.c
5873fa
@@ -592,6 +592,7 @@ modify_internal_pb(Slapi_PBlock *pb)
5873fa
 static void
5873fa
 op_shared_modify(Slapi_PBlock *pb, int pw_change, char *old_pw)
5873fa
 {
5873fa
+    Slapi_PBlock *entry_pb = NULL;
5873fa
     Slapi_Backend *be = NULL;
5873fa
     Slapi_Entry *pse;
5873fa
     Slapi_Entry *referral;
5873fa
@@ -723,7 +724,7 @@ op_shared_modify(Slapi_PBlock *pb, int pw_change, char *old_pw)
5873fa
      * 2. If yes, then if the mods contain any passwdpolicy specific attributes.
5873fa
      * 3. If yes, then it invokes corrosponding checking function.
5873fa
      */
5873fa
-    if (!repl_op && !internal_op && normdn && (e = get_entry(pb, normdn))) {
5873fa
+    if (!repl_op && !internal_op && normdn && slapi_search_get_entry(&entry_pb, sdn, NULL, &e, NULL) == LDAP_SUCCESS) {
5873fa
         Slapi_Value target;
5873fa
         slapi_value_init(&target);
5873fa
         slapi_value_set_string(&target, "passwordpolicy");
5873fa
@@ -1072,7 +1073,7 @@ free_and_return : {
5873fa
     slapi_entry_free(epre);
5873fa
     slapi_entry_free(epost);
5873fa
 }
5873fa
-    slapi_entry_free(e);
5873fa
+    slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
     if (be)
5873fa
         slapi_be_Unlock(be);
5873fa
@@ -1202,12 +1203,13 @@ op_shared_allow_pw_change(Slapi_PBlock *pb, LDAPMod *mod, char **old_pw, Slapi_M
5873fa
     if (!internal_op) {
5873fa
         /* slapi_acl_check_mods needs an array of LDAPMods, but
5873fa
          * we're really only interested in the one password mod. */
5873fa
+        Slapi_PBlock *entry_pb = NULL;
5873fa
         LDAPMod *mods[2];
5873fa
         mods[0] = mod;
5873fa
         mods[1] = NULL;
5873fa
 
5873fa
         /* We need to actually fetch the target here to use for ACI checking. */
5873fa
-        slapi_search_internal_get_entry(&sdn, NULL, &e, (void *)plugin_get_default_component_id());
5873fa
+        slapi_search_get_entry(&entry_pb, &sdn, NULL, &e, NULL);
5873fa
 
5873fa
         /* Create a bogus entry with just the target dn if we were unable to
5873fa
          * find the actual entry.  This will only be used for checking the ACIs. */
5873fa
@@ -1238,9 +1240,12 @@ op_shared_allow_pw_change(Slapi_PBlock *pb, LDAPMod *mod, char **old_pw, Slapi_M
5873fa
             }
5873fa
             send_ldap_result(pb, res, NULL, errtxt, 0, NULL);
5873fa
             slapi_ch_free_string(&errtxt);
5873fa
+            slapi_search_get_entry_done(&entry_pb);
5873fa
             rc = -1;
5873fa
             goto done;
5873fa
         }
5873fa
+        /* done with slapi entry e */
5873fa
+        slapi_search_get_entry_done(&entry_pb);
5873fa
 
5873fa
         /*
5873fa
          * If this mod is being performed by a password administrator/rootDN,
5873fa
@@ -1353,7 +1358,6 @@ op_shared_allow_pw_change(Slapi_PBlock *pb, LDAPMod *mod, char **old_pw, Slapi_M
5873fa
     valuearray_free(&values);
5873fa
 
5873fa
 done:
5873fa
-    slapi_entry_free(e);
5873fa
     slapi_sdn_done(&sdn);
5873fa
     slapi_ch_free_string(&proxydn);
5873fa
     slapi_ch_free_string(&proxystr);
5873fa
diff --git a/ldap/servers/slapd/plugin_internal_op.c b/ldap/servers/slapd/plugin_internal_op.c
5873fa
index 9da266b61..a140e7988 100644
5873fa
--- a/ldap/servers/slapd/plugin_internal_op.c
5873fa
+++ b/ldap/servers/slapd/plugin_internal_op.c
5873fa
@@ -882,3 +882,51 @@ slapi_search_internal_get_entry(Slapi_DN *dn, char **attrs, Slapi_Entry **ret_en
5873fa
     int_search_pb = NULL;
5873fa
     return rc;
5873fa
 }
5873fa
+
5873fa
+int32_t
5873fa
+slapi_search_get_entry(Slapi_PBlock **pb, Slapi_DN *dn, char **attrs, Slapi_Entry **ret_entry, void *component_identity)
5873fa
+{
5873fa
+    Slapi_Entry **entries = NULL;
5873fa
+    int32_t rc = 0;
5873fa
+    void *component = component_identity;
5873fa
+
5873fa
+    if (ret_entry) {
5873fa
+        *ret_entry = NULL;
5873fa
+    }
5873fa
+
5873fa
+    if (component == NULL) {
5873fa
+        component = (void *)plugin_get_default_component_id();
5873fa
+    }
5873fa
+
5873fa
+    if (*pb == NULL) {
5873fa
+        *pb = slapi_pblock_new();
5873fa
+    }
5873fa
+    slapi_search_internal_set_pb(*pb, slapi_sdn_get_dn(dn), LDAP_SCOPE_BASE,
5873fa
+        "(|(objectclass=*)(objectclass=ldapsubentry))",
5873fa
+        attrs, 0, NULL, NULL, component, 0 );
5873fa
+    slapi_search_internal_pb(*pb);
5873fa
+    slapi_pblock_get(*pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
5873fa
+    if (LDAP_SUCCESS == rc) {
5873fa
+        slapi_pblock_get(*pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
5873fa
+        if (NULL != entries && NULL != entries[0]) {
5873fa
+            /* Only need to dup the entry if the caller passed ret_entry in. */
5873fa
+            if (ret_entry) {
5873fa
+                *ret_entry = entries[0];
5873fa
+            }
5873fa
+        } else {
5873fa
+            rc = LDAP_NO_SUCH_OBJECT;
5873fa
+        }
5873fa
+    }
5873fa
+
5873fa
+    return rc;
5873fa
+}
5873fa
+
5873fa
+void
5873fa
+slapi_search_get_entry_done(Slapi_PBlock **pb)
5873fa
+{
5873fa
+    if (pb && *pb) {
5873fa
+        slapi_free_search_results_internal(*pb);
5873fa
+        slapi_pblock_destroy(*pb);
5873fa
+        *pb = NULL;
5873fa
+    }
5873fa
+}
5873fa
diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c
5873fa
index 705344c84..9c2619716 100644
5873fa
--- a/ldap/servers/slapd/resourcelimit.c
5873fa
+++ b/ldap/servers/slapd/resourcelimit.c
5873fa
@@ -305,22 +305,17 @@ reslimit_get_ext(Slapi_Connection *conn, const char *logname, SLAPIResLimitConnD
5873fa
 int
5873fa
 reslimit_update_from_dn(Slapi_Connection *conn, Slapi_DN *dn)
5873fa
 {
5873fa
-    Slapi_Entry *e;
5873fa
+    Slapi_PBlock *pb = NULL;
5873fa
+    Slapi_Entry *e = NULL;
5873fa
     int rc;
5873fa
 
5873fa
-    e = NULL;
5873fa
     if (dn != NULL) {
5873fa
-
5873fa
         char **attrs = reslimit_get_registered_attributes();
5873fa
-        (void)slapi_search_internal_get_entry(dn, attrs, &e, reslimit_componentid);
5873fa
+        slapi_search_get_entry(&pb, dn, attrs, &e, reslimit_componentid);
5873fa
         charray_free(attrs);
5873fa
     }
5873fa
-
5873fa
     rc = reslimit_update_from_entry(conn, e);
5873fa
-
5873fa
-    if (NULL != e) {
5873fa
-        slapi_entry_free(e);
5873fa
-    }
5873fa
+    slapi_search_get_entry_done(&pb);
5873fa
 
5873fa
     return (rc);
5873fa
 }
5873fa
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
5873fa
index d44b03b0e..bf7e59f75 100644
5873fa
--- a/ldap/servers/slapd/schema.c
5873fa
+++ b/ldap/servers/slapd/schema.c
5873fa
@@ -341,6 +341,7 @@ schema_policy_add_action(Slapi_Entry *entry, char *attrName, schema_item_t **lis
5873fa
 static void
5873fa
 schema_load_repl_policy(const char *dn, repl_schema_policy_t *replica)
5873fa
 {
5873fa
+    Slapi_PBlock *pb = NULL;
5873fa
     Slapi_DN sdn;
5873fa
     Slapi_Entry *entry = NULL;
5873fa
     schema_item_t *schema_item, *next;
5873fa
@@ -369,8 +370,7 @@ schema_load_repl_policy(const char *dn, repl_schema_policy_t *replica)
5873fa
 
5873fa
     /* Load the replication policy of the schema  */
5873fa
     slapi_sdn_init_dn_byref(&sdn, dn);
5873fa
-    if (slapi_search_internal_get_entry(&sdn, NULL, &entry, plugin_get_default_component_id()) == LDAP_SUCCESS) {
5873fa
-
5873fa
+    if (slapi_search_get_entry(&pb, &sdn, NULL, &entry, plugin_get_default_component_id()) == LDAP_SUCCESS) {
5873fa
         /* fill the policies (accept/reject) regarding objectclass */
5873fa
         schema_policy_add_action(entry, ATTR_SCHEMA_UPDATE_OBJECTCLASS_ACCEPT, &replica->objectclasses);
5873fa
         schema_policy_add_action(entry, ATTR_SCHEMA_UPDATE_OBJECTCLASS_REJECT, &replica->objectclasses);
5873fa
@@ -378,9 +378,8 @@ schema_load_repl_policy(const char *dn, repl_schema_policy_t *replica)
5873fa
         /* fill the policies (accept/reject) regarding attribute */
5873fa
         schema_policy_add_action(entry, ATTR_SCHEMA_UPDATE_ATTRIBUTE_ACCEPT, &replica->attributes);
5873fa
         schema_policy_add_action(entry, ATTR_SCHEMA_UPDATE_ATTRIBUTE_REJECT, &replica->attributes);
5873fa
-
5873fa
-        slapi_entry_free(entry);
5873fa
     }
5873fa
+    slapi_search_get_entry_done(&pb);
5873fa
     slapi_sdn_done(&sdn);
5873fa
 }
5873fa
 
5873fa
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
5873fa
index 0e3857068..be1e52e4d 100644
5873fa
--- a/ldap/servers/slapd/slapi-plugin.h
5873fa
+++ b/ldap/servers/slapd/slapi-plugin.h
5873fa
@@ -5972,7 +5972,7 @@ void slapi_seq_internal_set_pb(Slapi_PBlock *pb, char *ibase, int type, char *at
5873fa
 
5873fa
 /*
5873fa
  * slapi_search_internal_get_entry() finds an entry given a dn.  It returns
5873fa
- * an LDAP error code (LDAP_SUCCESS if all goes well).
5873fa
+ * an LDAP error code (LDAP_SUCCESS if all goes well).  Caller must free ret_entry
5873fa
  */
5873fa
 int slapi_search_internal_get_entry(Slapi_DN *dn, char **attrlist, Slapi_Entry **ret_entry, void *caller_identity);
5873fa
 
5873fa
@@ -8296,6 +8296,27 @@ uint64_t slapi_atomic_decr_64(uint64_t *ptr, int memorder);
5873fa
 /* helper function */
5873fa
 const char * slapi_fetch_attr(Slapi_Entry *e, const char *attrname, char *default_val);
5873fa
 
5873fa
+/**
5873fa
+ * Get a Slapi_Entry via an internal search.  The caller then needs to call
5873fa
+ * slapi_get_entry_done() to free any resources allocated to get the entry
5873fa
+ *
5873fa
+ * \param pb - slapi_pblock pointer (the function will allocate if necessary)
5873fa
+ * \param dn - Slapi_DN of the entry to retrieve
5873fa
+ * \param attrs - char list of attributes to get
5873fa
+ * \param ret_entry - pointer to a Slapi_entry wer the returned entry is stored
5873fa
+ * \param component_identity - plugin component
5873fa
+ *
5873fa
+ * \return - ldap result code
5873fa
+ */
5873fa
+int32_t slapi_search_get_entry(Slapi_PBlock **pb, Slapi_DN *dn, char **attrs, Slapi_Entry **ret_entry, void *component_identity);
5873fa
+
5873fa
+/**
5873fa
+ * Free the resources allocated by slapi_search_get_entry()
5873fa
+ *
5873fa
+ * \param pb - slapi_pblock pointer
5873fa
+ */
5873fa
+void slapi_search_get_entry_done(Slapi_PBlock **pb);
5873fa
+
5873fa
 #ifdef __cplusplus
5873fa
 }
5873fa
 #endif
5873fa
-- 
5873fa
2.26.2
5873fa