diff options
| author | Alexander Sulfrian <alexander@sulfrian.net> | 2016-11-17 21:37:45 +0100 |
|---|---|---|
| committer | Alexander Sulfrian <alexander@sulfrian.net> | 2016-11-19 21:40:52 +0100 |
| commit | 9005628254a247597bf7ee2b25df18585f02d953 (patch) | |
| tree | e59ec54820f6ce9d9a2c1b3a19940f35a32e725a | |
| parent | 6803a3975b3d473831b261f69435b5dc76bb63ca (diff) | |
| download | ldap-plugin-9005628254a247597bf7ee2b25df18585f02d953.tar.gz ldap-plugin-9005628254a247597bf7ee2b25df18585f02d953.tar.bz2 ldap-plugin-9005628254a247597bf7ee2b25df18585f02d953.zip | |
pre_search: Set filter to speed up the search for gold accounts
We do not want to execute the pre_entry hooks for all accounts just to
skip them in the result.
| -rw-r--r-- | service_passwords.c | 66 |
1 files changed, 65 insertions, 1 deletions
diff --git a/service_passwords.c b/service_passwords.c index 5e9d87b..a5a3b3d 100644 --- a/service_passwords.c +++ b/service_passwords.c @@ -736,16 +736,23 @@ static int pre_search(Slapi_PBlock *pb) { char *bind_dn; char *base; + Slapi_Filter *search_filter = NULL; int is_replication; int is_internal; char *parent_dn = NULL; + char *service = NULL; + char *service_dn = NULL; + int gold_service = 0; + Slapi_Filter *gold_filter = NULL; + Slapi_Filter *joined_filter = NULL; int rc = 0; char fn[] = "pre_search in service_passwords plug-in"; rc |= slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn); rc |= slapi_pblock_get(pb, SLAPI_TARGET_DN, &base); + rc |= slapi_pblock_get(pb, SLAPI_SEARCH_FILTER, &search_filter); rc |= slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replication); rc |= slapi_pblock_get(pb, SLAPI_IS_INTERNAL_OPERATION, &is_internal); @@ -769,7 +776,7 @@ static int pre_search(Slapi_PBlock *pb) return 0; } - if (is_service(bind_dn, NULL, NULL) != 0) { + if (is_service(bind_dn, NULL, &gold_service) != 0) { parent_dn = slapi_dn_parent(bind_dn); rc |= is_user(parent_dn, NULL); slapi_ch_free_string(&parent_dn); @@ -777,6 +784,63 @@ static int pre_search(Slapi_PBlock *pb) if (rc != 0) { return 0; } + + service = get_virtual_service(bind_dn); + service_dn = get_service_dn(service); + rc |= is_service(service_dn, NULL, &gold_service); + slapi_ch_free_string(&service_dn); + slapi_ch_free_string(&service); + + if (rc != 0) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Invalid service in bind dn '%s'.\n", + bind_dn); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + } + + if (gold_service) { + /* modify search filter, to only get the gold accounts */ + gold_filter = slapi_str2filter("(|(objectClass=splineGoldAccounts)(!(objectClass=splineAccount)))"); + + if (gold_filter == NULL) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not build search filter\n"); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + + joined_filter = slapi_filter_join(LDAP_FILTER_AND, gold_filter, search_filter); + + if (joined_filter == NULL) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not join search filters\n"); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + + rc |= slapi_pblock_set(pb, SLAPI_SEARCH_FILTER, joined_filter); + + if (rc != 0) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not set new search filter (error %d).\n", + rc); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } } parent_dn = slapi_dn_parent(base); |