From 9005628254a247597bf7ee2b25df18585f02d953 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Thu, 17 Nov 2016 21:37:45 +0100 Subject: pre_search: Set filter to speed up the search for gold accounts We do not want to execute the pre_entry hooks for all accounts just to skip them in the result. --- service_passwords.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/service_passwords.c b/service_passwords.c index 5e9d87b..a5a3b3d 100644 --- a/service_passwords.c +++ b/service_passwords.c @@ -736,16 +736,23 @@ static int pre_search(Slapi_PBlock *pb) { char *bind_dn; char *base; + Slapi_Filter *search_filter = NULL; int is_replication; int is_internal; char *parent_dn = NULL; + char *service = NULL; + char *service_dn = NULL; + int gold_service = 0; + Slapi_Filter *gold_filter = NULL; + Slapi_Filter *joined_filter = NULL; int rc = 0; char fn[] = "pre_search in service_passwords plug-in"; rc |= slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn); rc |= slapi_pblock_get(pb, SLAPI_TARGET_DN, &base); + rc |= slapi_pblock_get(pb, SLAPI_SEARCH_FILTER, &search_filter); rc |= slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replication); rc |= slapi_pblock_get(pb, SLAPI_IS_INTERNAL_OPERATION, &is_internal); @@ -769,7 +776,7 @@ static int pre_search(Slapi_PBlock *pb) return 0; } - if (is_service(bind_dn, NULL, NULL) != 0) { + if (is_service(bind_dn, NULL, &gold_service) != 0) { parent_dn = slapi_dn_parent(bind_dn); rc |= is_user(parent_dn, NULL); slapi_ch_free_string(&parent_dn); @@ -777,6 +784,63 @@ static int pre_search(Slapi_PBlock *pb) if (rc != 0) { return 0; } + + service = get_virtual_service(bind_dn); + service_dn = get_service_dn(service); + rc |= is_service(service_dn, NULL, &gold_service); + slapi_ch_free_string(&service_dn); + slapi_ch_free_string(&service); + + if (rc != 0) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Invalid service in bind dn '%s'.\n", + bind_dn); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + } + + if (gold_service) { + /* modify search filter, to only get the gold accounts */ + gold_filter = slapi_str2filter("(|(objectClass=splineGoldAccounts)(!(objectClass=splineAccount)))"); + + if (gold_filter == NULL) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not build search filter\n"); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + + joined_filter = slapi_filter_join(LDAP_FILTER_AND, gold_filter, search_filter); + + if (joined_filter == NULL) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not join search filters\n"); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } + + rc |= slapi_pblock_set(pb, SLAPI_SEARCH_FILTER, joined_filter); + + if (rc != 0) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Could not set new search filter (error %d).\n", + rc); + + slapi_send_ldap_result( + pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); + return LDAP_OPERATIONS_ERROR; + } } parent_dn = slapi_dn_parent(base); -- cgit v1.2.3-1-g7c22