From aa557896bfc28a212e2a87303c0b3f8abdb329e6 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Jul 24 2013 22:09:39 +0000 Subject: Ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to replay change Bug description: modrdn on AD is synchronized to DS, but the other way does not get synchronized. Fix description: 1) process_replay_rename (windows_protocol_util.c): If newparent was NULL, the rename operation was skipped. This patch sets the original parent dn to the newparent. 2) process_replay_rename (windows_protocol_util.c): AD does not accept deleteoldrdn == 0 (Old RDN must be deleted). If deleteoldrdn is 0, it is replaced with 1 before sending the request to AD. 3) is_subject_of_agreement_remote (windows_protocol_util.c): When checking if the entry was in the subtree defined in the agreement or not, it returned true only if the entry is a direct child of the agreement subtree top. This patch returns true if the entry is the further descendent of the subtree. 4) This patch adds more NULL reference checks. 5) When the given dn is already normalized, sets it to Slapi_DN as a normlized dn. It saves an unnecessary dn normalization. 6) Logs in windows sync specific code are prefixed with "NSMMReplicationPlugin - windows sync". Reviewed by Mark and Rich (Thank you!!) https://fedorahosted.org/389/ticket/521 --- diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c index 7dfeb9b..b934354 100644 --- a/ldap/servers/plugins/replication/repl_globals.c +++ b/ldap/servers/plugins/replication/repl_globals.c @@ -45,7 +45,7 @@ #include "repl.h" char *repl_plugin_name = REPL_PLUGIN_NAME; -char *windows_repl_plugin_name = REPL_PLUGIN_NAME; +char *windows_repl_plugin_name = REPL_PLUGIN_NAME " - windows sync"; char *repl_plugin_name_cl = REPL_PLUGIN_NAME " - changelog program"; /* String constants (no need to change these for I18N) */ diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c index 105c205..3063e34 100644 --- a/ldap/servers/plugins/replication/windows_connection.c +++ b/ldap/servers/plugins/replication/windows_connection.c @@ -376,7 +376,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, char *s = NULL; rc = slapi_ldap_get_lderrno(conn->ld, NULL, &s); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Received error %d: %s for %s operation\n", agmt_get_long_name(conn->agmt), rc, s ? s : "NULL", op_string); @@ -461,7 +461,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, * enough information to allow them to fix the problem * and retry - bug 170350 */ if (conn->last_ldap_error == LDAP_CONSTRAINT_VIOLATION) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Received error [%s] when attempting to %s" " entry [%s]: Please correct the attribute specified " "in the error message. Refer to the Windows Active " @@ -469,7 +469,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, agmt_get_long_name(conn->agmt), errmsg, op_string, dn); } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Received result code %d (%s) for %s operation %s%s\n", agmt_get_long_name(conn->agmt), conn->last_ldap_error, errmsg, @@ -493,7 +493,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Failed to send %s operation: LDAP error %d (%s)\n", agmt_get_long_name(conn->agmt), op_string ? op_string : "NULL", rc, ldap_err2string(rc)); @@ -658,7 +658,7 @@ windows_search_entry_ext(Repl_Connection *conn, char* searchbase, char *filter, &conn->timeout, 0 /* sizelimit */, &res); if ((LDAP_SUCCESS != ldap_rc) && !IS_DISCONNECT_ERROR(ldap_rc)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "Could not retrieve entry from Windows using search " "base [%s] scope [%d] filter [%s]: error %d:%s\n", searchbase_copy, scope, filter_copy, ldap_rc, @@ -776,7 +776,7 @@ send_dirsync_search(Repl_Connection *conn) } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Failed to get %s operation: LDAP error %d (%s)\n", agmt_get_long_name(conn->agmt), op_string, rc, ldap_err2string(rc)); @@ -1055,7 +1055,7 @@ windows_conn_cancel_linger(Repl_Connection *conn) PR_Lock(conn->lock); if (conn->linger_active) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Cancelling linger on the connection\n", agmt_get_long_name(conn->agmt)); conn->linger_active = PR_FALSE; @@ -1068,7 +1068,7 @@ windows_conn_cancel_linger(Repl_Connection *conn) } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: No linger to cancel on the connection\n", agmt_get_long_name(conn->agmt)); } @@ -1092,7 +1092,7 @@ linger_timeout(time_t event_time, void *arg) LDAPDebug( LDAP_DEBUG_TRACE, "=> linger_timeout\n", 0, 0, 0 ); PR_ASSERT(NULL != conn); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Linger timeout has expired on the connection\n", agmt_get_long_name(conn->agmt)); PR_Lock(conn->lock); @@ -1124,12 +1124,12 @@ windows_conn_start_linger(Repl_Connection *conn) LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_conn_start_linger\n", 0, 0, 0 ); PR_ASSERT(NULL != conn); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Beginning linger on the connection\n", agmt_get_long_name(conn->agmt)); if (!windows_conn_connected(conn)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: No linger on the closed conn\n", agmt_get_long_name(conn->agmt)); return; @@ -1138,7 +1138,7 @@ windows_conn_start_linger(Repl_Connection *conn) PR_Lock(conn->lock); if (conn->linger_active) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Linger already active on the connection\n", agmt_get_long_name(conn->agmt)); } @@ -1208,7 +1208,7 @@ windows_conn_connect(Repl_Connection *conn) /* Pb occured in decryption: stop now, binding will fail */ if ( pw_ret == -1 ) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Decoding of the credentials failed.\n", agmt_get_long_name(conn->agmt)); @@ -1235,7 +1235,7 @@ windows_conn_connect(Repl_Connection *conn) if (secure > 0) { if (!NSS_IsInitialized()) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: SSL Not Initialized, Replication over SSL FAILED\n", agmt_get_long_name(conn->agmt)); return_value = CONN_SSL_NOT_ENABLED; @@ -1251,7 +1251,7 @@ windows_conn_connect(Repl_Connection *conn) #endif /* Now we initialize the LDAP Structure and set options */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Trying %s%s slapi_ldap_init_ext\n", agmt_get_long_name(conn->agmt), secure ? "secure" : "non-secure", @@ -1264,7 +1264,7 @@ windows_conn_connect(Repl_Connection *conn) conn->state = STATE_DISCONNECTED; conn->last_operation = CONN_INIT; conn->last_ldap_error = LDAP_LOCAL_ERROR; - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Failed to establish %s%sconnection to the consumer\n", agmt_get_long_name(conn->agmt), secure ? "secure " : "", @@ -1275,7 +1275,7 @@ windows_conn_connect(Repl_Connection *conn) /* slapi_ch_strdup is OK with NULL strings */ binddn = slapi_ch_strdup(conn->binddn); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: binddn = %s, passwd = %s\n", agmt_get_long_name(conn->agmt), binddn?binddn:"NULL", creds->bv_val?creds->bv_val:"NULL"); @@ -1377,7 +1377,7 @@ close_connection_internal(Repl_Connection *conn) conn->state = STATE_DISCONNECTED; conn->status = STATUS_DISCONNECTED; conn->supports_ds50_repl = -1; - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Disconnected from the consumer\n", agmt_get_long_name(conn->agmt)); LDAPDebug( LDAP_DEBUG_TRACE, "<= close_connection_internal\n", 0, 0, 0 ); } @@ -1758,7 +1758,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) if (conn->last_ldap_error != rc) { conn->last_ldap_error = rc; - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Replication bind with %s auth resumed\n", agmt_get_long_name(conn->agmt), mech ? mech : "SIMPLE"); @@ -1772,7 +1772,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) if ( !(strcmp( ctrls[ i ]->ldctl_oid, LDAP_CONTROL_PWEXPIRED)) ) { /* Bind is successfull but password has expired */ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Successfully bound %s to consumer, " "but password has expired on consumer.\n", agmt_get_long_name(conn->agmt), binddn); @@ -1784,7 +1784,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) (ctrls[ i ]->ldctl_value.bv_len > 0) ) { int password_expiring = atoi( ctrls[ i ]->ldctl_value.bv_val ); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Successfully bound %s to consumer, " "but password is expiring on consumer in %d seconds.\n", agmt_get_long_name(conn->agmt), binddn, password_expiring); @@ -1809,7 +1809,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) conn->last_ldap_error = rc; /* errmsg is a pointer directly into the ld structure - do not free */ rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg ); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n", agmt_get_long_name(conn->agmt), mech ? mech : "SIMPLE", rc, @@ -1818,7 +1818,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) char *errmsg = NULL; /* errmsg is a pointer directly into the ld structure - do not free */ rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg ); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n", agmt_get_long_name(conn->agmt), mech ? mech : "SIMPLE", rc, @@ -1854,13 +1854,13 @@ windows_check_user_password(Repl_Connection *conn, Slapi_DN *sdn, char *password rc = ldap_result(conn->ld, msgid, LDAP_MSG_ALL, NULL, &res); if (0 > rc) { /* error */ rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Error reading bind response for id " "[%s]: error %d (%s)\n", binddn ? binddn : "(anon)", rc, ldap_err2string(rc)); } else if (rc == 0) { /* timeout */ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Error: timeout reading " "bind response for [%s]\n", binddn ? binddn : "(anon)"); @@ -1868,7 +1868,7 @@ windows_check_user_password(Repl_Connection *conn, Slapi_DN *sdn, char *password } else { parse_rc = ldap_parse_result( conn->ld, res, &rc, NULL, NULL, NULL, NULL, 1 /* Free res */); if (parse_rc != LDAP_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Error: unable to parse " "bind result for [%s]: " "error %d\n", @@ -1902,7 +1902,7 @@ do_simple_bind (Repl_Connection *conn, LDAP *ld, char * binddn, char *password) if (conn->last_ldap_error != ldaperr) { conn->last_ldap_error = ldaperr; - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Simple bind failed, " SLAPI_COMPONENT_NAME_LDAPSDK " error %d (%s) (%s), " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n", @@ -1915,7 +1915,7 @@ do_simple_bind (Repl_Connection *conn, LDAP *ld, char * binddn, char *password) else if (conn->last_ldap_error != LDAP_SUCCESS) { conn->last_ldap_error = LDAP_SUCCESS; - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Simple bind resumed\n", agmt_get_long_name(conn->agmt)); } @@ -1975,7 +1975,7 @@ repl5_debug_timeout_callback(time_t when, void *arg) sprintf(buf, "%d", s_debug_level); config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "repl5_debug_timeout_callback: set debug level to %d at %ld\n", s_debug_level, when); diff --git a/ldap/servers/plugins/replication/windows_inc_protocol.c b/ldap/servers/plugins/replication/windows_inc_protocol.c index 58f48f2..55c8b87 100644 --- a/ldap/servers/plugins/replication/windows_inc_protocol.c +++ b/ldap/servers/plugins/replication/windows_inc_protocol.c @@ -819,14 +819,14 @@ windows_inc_run(Private_Repl_Protocol *prp) replica = NULL; if (rc == CSN_LIMIT_EXCEEDED) /* too much skew */ { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Incremental protocol: fatal error - too much time skew between replicas!\n", agmt_get_long_name(prp->agmt)); next_state = STATE_STOP_FATAL_ERROR; } else if (rc != 0) /* internal error */ { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: Incremental protocol: fatal internal error updating the CSN generator!\n", agmt_get_long_name(prp->agmt)); next_state = STATE_STOP_FATAL_ERROR; diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c index e0dc8ca..26c965c 100644 --- a/ldap/servers/plugins/replication/windows_private.c +++ b/ldap/servers/plugins/replication/windows_private.c @@ -126,7 +126,7 @@ check_update_allowed(Repl_Agmt *ra, const char *type, Slapi_Entry *e, int *retva while (get_next_disallow_attr_type(&ii, &distype)) { if (slapi_attr_types_equivalent(type, distype)) { char *tmpstr = slapi_entry_attr_get_charptr(e, type); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "windows_parse_config_entry: setting %s to %s will be " "deferred until current update is completed\n", type, tmpstr); @@ -231,7 +231,7 @@ windows_parse_config_entry(Repl_Agmt *ra, const char *type, Slapi_Entry *e) } else if (strcasecmp(tmpstr, "toWindows") == 0) { windows_private_set_one_way(ra, ONE_WAY_SYNC_TO_AD); } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Ignoring illegal setting for %s attribute in replication " "agreement \"%s\". Valid values are \"toWindows\" or " "\"fromWindows\".\n", type_oneWaySync, slapi_entry_get_dn(e)); @@ -258,7 +258,7 @@ windows_parse_config_entry(Repl_Agmt *ra, const char *type, Slapi_Entry *e) } else if (strcasecmp(tmpstr, "none") == 0) { windows_private_set_move_action(ra, MOVE_DOES_NOTHING); } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "Ignoring illegal setting for %s attribute in replication " "agreement \"%s\". Valid values are \"delete\" or " "\"unsync\".\n", type_winsyncMoveAction, slapi_entry_get_dn(e)); diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c index 964566a..dfc4df5 100644 --- a/ldap/servers/plugins/replication/windows_protocol_util.c +++ b/ldap/servers/plugins/replication/windows_protocol_util.c @@ -1097,7 +1097,7 @@ process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Ent ConnResult return_value = 0; int rc = 0; - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: process_replay_add: dn=\"%s\" (%s,%s)\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn), missing_entry ? "not present" : "already present", remote_add_allowed ? "add allowed" : "add not allowed"); @@ -1112,7 +1112,7 @@ process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Ent char *cn_string = NULL; Slapi_DN *tombstone_dn = NULL; - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: process_replay_add: dn=\"%s\" appears to have been" " deleted on remote side. Searching for tombstone.\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn)); @@ -1140,13 +1140,13 @@ process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Ent * does not exist, we'll create a new entry in AD, which * will end up getting a new GUID generated by AD. */ if (tstone_exists) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: process_replay_add: Reanimating tombstone (dn=\"%s\") to" " normal entry (dn=\"%s\").\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(tombstone_dn), new_dn_string); reanimate_rc = windows_reanimate_tombstone(prp, tombstone_dn, (const char *)new_dn_string); if (reanimate_rc != 0) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: process_replay_add: Reanimation of tombstone" " (dn=\"%s\") failed. A new entry (dn=\"%s\")" " will be added instead.\n", agmt_get_long_name(prp->agmt), @@ -1157,7 +1157,12 @@ process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Ent /* Clear out the old GUID DN and use the new one. We hand off the memory * for new_dn_string into the remote_dn. */ slapi_sdn_done(remote_dn); - slapi_sdn_set_dn_passin(remote_dn, new_dn_string); + /* + * new_dn_string is created by slapi_create_dn_string, + * which is normalized. Thus, we can use _normdn_. + */ + /* This remote_dn is freed by the caller. */ + slapi_sdn_set_normdn_passin(remote_dn, new_dn_string); } slapi_ch_free_string(&cn_string); @@ -1242,7 +1247,7 @@ process_replay_add(Private_Repl_Protocol *prp, Slapi_Entry *add_entry, Slapi_Ent } } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: process_replay_add: failed to create mapped entry dn=\"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn)); } @@ -1297,11 +1302,10 @@ process_replay_rename(Private_Repl_Protocol *prp, char *remote_dn = NULL; char *local_pndn = NULL; - if (NULL == newparent || NULL == local_origsdn || NULL == local_newentry) { + if (NULL == local_origsdn || NULL == local_newentry) { slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, - "process_replay_rename: %s is empty\n", - NULL==newparent?"newparent":NULL==local_origsdn?"local sdn": - "local entry"); + "process_replay_rename: %s is empty\n", + (NULL==local_origsdn)?"local sdn":"local entry"); goto bail; } if (0 == is_user && 0 == is_group) { @@ -1323,8 +1327,14 @@ process_replay_rename(Private_Repl_Protocol *prp, remote_subtree?remote_subtree:"empty"); goto bail; } - /* newparent is already normzlized; just ignore the case */ - norm_newparent = slapi_ch_strdup(newparent); + /* if given, newparent is already normzlized; just ignore the case */ + if (newparent) { + norm_newparent = slapi_ch_strdup(newparent); + } else { + /* newparent is NULL; set the original parent */ + /* slapi_dn_parent returns the dup'ed dn */ + norm_newparent = slapi_dn_parent(slapi_sdn_get_ndn(local_origsdn)); + } slapi_dn_ignore_case(norm_newparent); p = strstr(norm_newparent, local_subtree); if (NULL == p) { @@ -1377,7 +1387,21 @@ process_replay_rename(Private_Repl_Protocol *prp, /* generate a remote dn */ remote_dn = PR_smprintf("%s,%s%s", remote_rdn, local_pndn, remote_subtree); - + if (!deleteoldrdn) { + /* AD does not accept deleteoldrdn == 0 */ + /* + * ldap_rename: Server is unwilling to perform (53) + * additional info: 00000057: LdapErr: DSID-0C090AAB, + * comment: Old RDN must be deleted, data 0, v1db1 + */ + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: windows_replay_rename: renaming %s to %s,%s; " + "set deleteoldrdn to 1 " + "since AD does not allow old RDN left\n", + agmt_get_long_name(prp->agmt), remote_dn, + is_user?remote_rdn:newrdn, newsuperior); + deleteoldrdn = 1; + } if (is_user) { rval = windows_conn_send_rename(prp->conn, remote_dn, remote_rdn, (const char *)newsuperior, @@ -1439,7 +1463,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op rc = windows_get_local_entry_by_uniqueid(prp, op->target_address.uniqueid, &local_entry, 1 /* is_global */); if (rc) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: windows_replay_update: failed to fetch local entry " "for %s operation dn=\"%s\"\n", agmt_get_long_name(prp->agmt), @@ -1453,13 +1477,13 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op /* We only searched within the subtree in the agreement, so we should not print * an error if we didn't find the entry and the DN is outside of the agreement scope. */ if (is_dn_subject_of_agreement_local(local_dn, prp->agmt)) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n", agmt_get_long_name(prp->agmt), op2string(op->operation_type), REPL_GET_DN(&op->target_address)); } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s)\n", agmt_get_long_name(prp->agmt), op2string(op->operation_type), @@ -1478,7 +1502,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op } windows_is_local_entry_user_or_group(local_entry,&is_user,&is_group); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s,%s,%s)\n", agmt_get_long_name(prp->agmt), op2string(op->operation_type), @@ -1491,8 +1515,8 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op rc = map_entry_dn_outbound(local_entry,&remote_dn,prp,&missing_entry, 1); if (rc || NULL == remote_dn) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: windows_replay_update: failed map dn for %s operation dn=\"%s\"" + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, + "%s: windows_replay_update: failed map dn for %s operation dn=\"%s\" " "rc=%d remote_dn = [%s]\n", agmt_get_long_name(prp->agmt), op2string(op->operation_type), @@ -1500,7 +1524,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op rc, remote_dn ? slapi_sdn_get_dn(remote_dn) : "(null)"); goto error; } - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: Processing %s operation local dn=\"%s\" remote dn=\"%s\"\n", agmt_get_long_name(prp->agmt), op2string(op->operation_type), @@ -1523,7 +1547,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op Slapi_Entry *ad_entry = NULL; return_value = process_replay_add(prp,local_entry,local_entry,local_dn,remote_dn,is_user,missing_entry,&password); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: " "The modify operation added the sync objectclass and attribute, so " "the entry was added to windows - result [%d]\n", @@ -1559,7 +1583,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op /* Check if a naming attribute is being modified. */ if (windows_check_mods_for_rdn_change(prp, op->p.p_modify.modify_mods, local_entry, remote_dn, &newrdn)) { /* Issue MODRDN */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "%s: renaming remote entry \"%s\" with new RDN of \"%s\"\n", + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: renaming remote entry \"%s\" with new RDN of \"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn), newrdn); return_value = windows_conn_send_rename(prp->conn, slapi_sdn_get_dn(remote_dn), newrdn, NULL, 1 /* delete old RDN */, @@ -1578,7 +1602,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { int i = 0; - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,"dump mods for replay update:"); + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"dump mods for replay update:"); for(i=0;mapped_mods[i];i++) { slapi_mod_dump(mapped_mods[i],i); @@ -1623,19 +1647,19 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op if (delete_remote_entry_allowed(local_entry)) { if (missing_entry) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: remote entry doesn't exist. " "Skipping operation, dn=\"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn)); } else { return_value = windows_conn_send_delete(prp->conn, slapi_sdn_get_dn(remote_dn), NULL, NULL /* returned controls */); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: deleted remote entry, dn=\"%s\", result=%d\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn), return_value); } } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_replay_update: delete not allowed on remote entry, dn=\"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(remote_dn)); } @@ -1985,7 +2009,7 @@ windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_ent char *new_initials = PL_strndup(initials_value, AD_INITIALS_LENGTH); /* the below hands off memory */ slapi_value_set_string_passin(value, new_initials); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_create_remote_entry: " "Trimming initials attribute to %d characters.\n", agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH); @@ -2068,7 +2092,7 @@ windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_ent if (LDAP_INVALID_CREDENTIALS == rc) { /* This password is stored in a non-cleartext format. * We can only sync cleartext passwords. */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_create_remote_entry: " "Password is already hashed. Not syncing.\n", agmt_get_long_name(prp->agmt)); @@ -2076,7 +2100,7 @@ windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_ent } if ((rc && (LDAP_INVALID_CREDENTIALS != rc)) || (NULL == password_value)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_create_remote_entry: " "Failed to retrieve clear text password. " "Not syncing.\n", @@ -2102,7 +2126,7 @@ windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_ent if (LDAP_INVALID_CREDENTIALS == rc) { /* This password is stored in a non-cleartext format. * We can only sync cleartext passwords. */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_create_remote_entry: " "Password is already hashed. Not syncing.\n", agmt_get_long_name(prp->agmt)); @@ -2110,7 +2134,7 @@ windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_ent slapi_ch_free_string(&password_value); } if ((rc && (LDAP_INVALID_CREDENTIALS != rc)) || (NULL == *password)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_create_remote_entry: " "Failed to retrieve clear text password. " "Not syncing.\n", @@ -2220,7 +2244,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en const char *type = NULL; if (!slapi_mod_isvalid(smod)) { /* bogus */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "modify operation is null - skipping.\n", agmt_get_long_name(prp->agmt)); @@ -2228,7 +2252,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en } if (!ad_entry) { /* mods cannot already have been made */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "AD entry not found\n", agmt_get_long_name(prp->agmt)); @@ -2244,7 +2268,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en Slapi_Value *sv = slapi_value_new(); slapi_value_init_berval(sv, bv); /* copies bv_val */ if (slapi_entry_attr_has_syntax_value(ad_entry, type, sv)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "remote entry attr [%s] already has value [%s] - will not send.\n", agmt_get_long_name(prp->agmt), type, @@ -2255,7 +2279,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en } /* if all values were removed, no need to send the mod */ if (slapi_mod_get_num_values(smod) == 0) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "remote entry attr [%s] had all mod values removed - will not send.\n", agmt_get_long_name(prp->agmt), type); @@ -2266,7 +2290,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en /* if attribute does not exist, no need to send the delete */ if (slapi_entry_attr_find(ad_entry, type, &attr) || !attr) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "remote entry attr [%s] already deleted - will not send.\n", agmt_get_long_name(prp->agmt), type); @@ -2279,7 +2303,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en Slapi_Value *sv = slapi_value_new(); slapi_value_init_berval(sv, bv); /* copies bv_val */ if (!slapi_entry_attr_has_syntax_value(ad_entry, type, sv)) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "remote entry attr [%s] already deleted value [%s] - will not send.\n", agmt_get_long_name(prp->agmt), type, @@ -2290,7 +2314,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en } /* if all values were removed, no need to send the mod */ if (slapi_mod_get_num_values(smod) == 0) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "remote entry attr [%s] had all mod values removed - will not send.\n", agmt_get_long_name(prp->agmt), type); @@ -2298,7 +2322,7 @@ mod_already_made(Private_Repl_Protocol *prp, Slapi_Mod *smod, Slapi_Entry *ad_en } } /* else if no values specified, this means delete the attribute */ } else { /* allow this mod */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: mod_already_made: " "skipping mod op [%d]\n", agmt_get_long_name(prp->agmt), op); @@ -2655,7 +2679,7 @@ windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, if (mod->mod_bvalues[i]->bv_len > AD_INITIALS_LENGTH) { mod->mod_bvalues[i]->bv_val[AD_INITIALS_LENGTH] = '\0'; mod->mod_bvalues[i]->bv_len = AD_INITIALS_LENGTH; - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_map_mods_for_replay: " "Trimming initials attribute to %d characters.\n", agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH); @@ -2754,7 +2778,7 @@ windows_map_mods_for_replay(Private_Repl_Protocol *prp,LDAPMod **original_mods, } else { /* This password is stored in a non-cleartext format. * We can only sync cleartext passwords. */ - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_map_mods_for_replay: " "Password is already hashed. Not syncing.\n", agmt_get_long_name(prp->agmt)); @@ -3263,6 +3287,12 @@ map_windows_tombstone_dn(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *p Slapi_Entry *tombstone = NULL; /* Initialize the output values */ + if ((NULL == dn) || (NULL == exists)) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: map_windows_tombstone_dn: arg dn or exists is NULL.\n", + agmt_get_long_name(prp->agmt)); + return 1; + } *dn = NULL; *exists = 0; @@ -3299,7 +3329,7 @@ map_windows_tombstone_dn(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *p slapi_entry_free(tombstone); } } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_windows_tombstone_dn: Failed to map dn=\"%s\" " "to windows tombstone dn.\n", agmt_get_long_name(prp->agmt), slapi_entry_get_dn(e)); @@ -3392,8 +3422,11 @@ static Slapi_DN *make_dn_from_guid(char *guid, int is_nt4, const char* suffix) { dn_string = PR_smprintf("",guid); } - new_dn = slapi_sdn_new_dn_byval(dn_string); - PR_smprintf_free(dn_string); + /* + * guid and suffix are both normalized. + * thus, we could pass it as normdn. + */ + new_dn = slapi_sdn_new_normdn_passin(dn_string); } /* dn string is now inside the Slapi_DN, and will be freed by its owner */ return new_dn; @@ -3463,11 +3496,17 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, * this entry already exists, we handle that problem at the time. We don't * check here. Note: for NT4 we always use ntUserDomainId for the samaccountname rdn, never cn. */ - + if ((NULL == dn) || (NULL == missing_entry)) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: map_entry_dn_outbound: arg dn or missing_entry is NULL.\n", + agmt_get_long_name(prp->agmt)); + return -1; + } + *dn = NULL; *missing_entry = 0; guid = slapi_entry_attr_get_charptr(e,"ntUniqueId"); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: looking for AD entry for DS " "dn=\"%s\" guid=\"%s\"\n", agmt_get_long_name(prp->agmt), @@ -3479,7 +3518,7 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, Slapi_Entry *remote_entry = NULL; new_dn = make_dn_from_guid(guid, is_nt4, suffix); if (!new_dn) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: unable to make dn from guid %s.\n", agmt_get_long_name(prp->agmt), guid); retval = -1; @@ -3490,7 +3529,7 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, * without removing the ntUniqueID attribute. We should verify that the entry really * exists in AD. */ rc = windows_get_remote_entry(prp, new_dn, &remote_entry); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: return code %d from search " "for AD entry dn=\"%s\" or dn=\"%s\"\n", agmt_get_long_name(prp->agmt), rc, @@ -3498,7 +3537,7 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, remote_entry ? slapi_entry_get_dn_const(remote_entry) : "(null)"); if (0 == rc && remote_entry) { if (!is_subject_of_agreement_remote(remote_entry,prp->agmt)) { - /* The remote entry is our of scope of the agreement. + /* The remote entry is out of scope of the agreement. * Thus, we don't map the entry_dn. * This occurs when the remote entry is moved out. */ slapi_sdn_free(&new_dn); @@ -3506,7 +3545,7 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, } slapi_entry_free(remote_entry); } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: entry not found - rc %d\n", agmt_get_long_name(prp->agmt), rc); /* We need to re-write the DN to a non-GUID DN if we're syncing to a @@ -3532,9 +3571,9 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, new_dn_string = slapi_create_dn_string("cn=\"%s\",%s%s", cn_string, container_str, suffix); if (new_dn_string) { - slapi_sdn_free(&new_dn); - new_dn = slapi_sdn_new_dn_byval(new_dn_string); - PR_smprintf_free(new_dn_string); + slapi_sdn_done(new_dn); + /* new_dn_string is normalized. we could pass it in as normdn. */ + slapi_sdn_set_normdn_passin(new_dn, new_dn_string); } slapi_ch_free_string(&cn_string); @@ -3542,12 +3581,11 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, } } } - } else - { + } else { /* No GUID found, try ntUserDomainId */ Slapi_Entry *remote_entry = NULL; char *username = slapi_entry_attr_get_charptr(e,"ntUserDomainId"); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: looking for AD entry for DS " "dn=\"%s\" username=\"%s\"\n", agmt_get_long_name(prp->agmt), @@ -3560,12 +3598,12 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, /* Get the entry's DN */ new_dn = slapi_sdn_new(); slapi_sdn_copy(slapi_entry_get_sdn_const(remote_entry), new_dn); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: found AD entry dn=\"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(new_dn)); } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: entry not found - rc %d\n", agmt_get_long_name(prp->agmt), retval); if (0 == retval) @@ -3603,8 +3641,8 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, new_dn_string = slapi_create_dn_string(rdnstr,cn_string,container_str,suffix); if (new_dn_string) { - new_dn = slapi_sdn_new_dn_byval(new_dn_string); - PR_smprintf_free(new_dn_string); + /* new_dn_string is normalized. we could pass it in as normdn. */ + new_dn = slapi_sdn_new_normdn_passin(new_dn_string); } slapi_ch_free_string(&cn_string); slapi_ch_free_string(&container_str); @@ -3612,7 +3650,7 @@ map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, } else { /* This means that we failed to talk to the AD for some reason, the operation should be re-tried */ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: map_entry_dn_outbound: failed to fetch entry from AD: dn=\"%s\", err=%d\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), retval); @@ -3630,6 +3668,8 @@ done: if (new_dn) { *dn = new_dn; + /* Clear any earlier error */ + retval = 0; } slapi_ch_free_string(&guid); return retval; @@ -3649,9 +3689,16 @@ map_tombstone_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra) * CN=vpdxtAD_07\ DEL:d4ca4e16-e35b-400d-834a-f02db600f3fa,CN=Deleted Objects,DC=magpie,DC=com */ + if (NULL == dn) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: map_tombstone_dn_inbound: arg dn is NULL.\n", + agmt_get_long_name(ra)); + return -1; + } *dn = NULL; - dn_string = slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)); /* This is a pointer from inside the sdn, no need to free */ + /* This is a pointer from inside the sdn, no need to free */ + dn_string = slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)); guid = extract_guid_from_tombstone_dn(dn_string); if (guid) @@ -3680,6 +3727,8 @@ map_tombstone_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra) if (new_dn) { *dn = new_dn; + /* Clear any earlier error */ + retval = 0; } if (guid) @@ -3718,11 +3767,17 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int /* To map a non-tombstone's DN we need to first try to look it up by GUID. * If we do not find it, then we need to generate the DN that it would have if added as a new entry. */ + if (NULL == dn) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: map_entry_dn_inbound: arg dn is NULL.\n", + agmt_get_long_name(ra)); + return -1; + } *dn = NULL; windows_is_remote_entry_user_or_group(e,&is_user,&is_group); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: looking for local entry " "matching AD entry [%s]\n", agmt_get_long_name(ra), @@ -3731,7 +3786,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int guid = extract_guid_from_entry(e, is_nt4); if (guid) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: looking for local entry " "by guid [%s]\n", agmt_get_long_name(ra), @@ -3739,7 +3794,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int retval = find_entry_by_guid(guid,&matching_entry,ra); if (retval) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: problem looking for guid: %d\n", agmt_get_long_name(ra), retval); if (ENTRY_NOTFOUND == retval) @@ -3758,7 +3813,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int { /* We found the matching entry : get its DN */ new_dn = slapi_sdn_dup(slapi_entry_get_sdn_const(matching_entry)); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: found local entry [%s]\n", agmt_get_long_name(ra), slapi_sdn_get_dn(new_dn)); @@ -3766,7 +3821,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: AD entry has no guid!\n", agmt_get_long_name(ra)); } @@ -3778,7 +3833,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int username = extract_username_from_entry(e); if (use_username) { if (username) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: looking for local entry " "by uid [%s]\n", agmt_get_long_name(ra), @@ -3786,7 +3841,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int retval = find_entry_by_username(username,&matching_entry,ra); if (retval) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: problem looking for username: %d\n", agmt_get_long_name(ra), retval); if (ENTRY_NOTFOUND == retval) @@ -3805,7 +3860,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int { /* We found the matching entry : get its DN */ new_dn = slapi_sdn_dup(slapi_entry_get_sdn_const(matching_entry)); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: found local entry by name [%s]\n", agmt_get_long_name(ra), slapi_sdn_get_dn(new_dn)); @@ -3813,7 +3868,7 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int } else { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: map_entry_dn_inbound: AD entry has no username!\n", agmt_get_long_name(ra)); } @@ -3864,8 +3919,6 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int */ new_dn = slapi_sdn_new_normdn_passin(new_dn_string); slapi_ch_free_string(&container_str); - /* Clear any earlier error */ - retval = 0; } else { /* Error, no username */ @@ -3874,6 +3927,8 @@ map_entry_dn_inbound_ext(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra, int if (new_dn) { *dn = new_dn; + /* Clear any earlier error */ + retval = 0; } error: if (guid) @@ -3950,7 +4005,12 @@ error: return retval; } -/* Tests if the entry is subject to our agreement (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) */ +/* + * Tests if the entry is subject to our agreement + * (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) + * return value: 1 -- it is subject to the agreement + * 0 -- out of scope + */ static int is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra) { @@ -3981,7 +4041,8 @@ is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra) * 'e' as out of scope. */ slapi_sdn_get_parent(sdn, &psdn); - if (0 == slapi_sdn_compare(&psdn, agreement_subtree)) { + if (slapi_sdn_issuffix(&psdn, agreement_subtree)) { + /* parent is in agreement_subtree. */ retval = 1; } else { /* If parent entry is not local, the entry is out of scope */ @@ -4373,7 +4434,7 @@ windows_generate_update_mods(Private_Repl_Protocol *prp,Slapi_Entry *remote_entr char *new_initials = PL_strndup(initials_value, AD_INITIALS_LENGTH); /* the below hands off memory */ slapi_value_set_string_passin(value, new_initials); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_generate_update_mods: " "Trimming initials attribute to %d characters.\n", agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH); @@ -4517,7 +4578,7 @@ windows_generate_update_mods(Private_Repl_Protocol *prp,Slapi_Entry *remote_entr char *new_initials = PL_strndup(initials_value, AD_INITIALS_LENGTH); /* the below hands off memory */ slapi_value_set_string_passin(value, new_initials); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_generate_update_mods: " "Trimming initials attribute to %d characters.\n", agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH); @@ -4952,7 +5013,7 @@ int windows_process_total_entry(Private_Repl_Protocol *prp,Slapi_Entry *e) const Slapi_DN *local_dn = slapi_entry_get_sdn_const(e); /* First check if the entry is for us */ is_ours = is_subject_of_agreement_local(e, prp->agmt); - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "%s: windows_process_total_entry: Looking dn=\"%s\" (%s)\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), is_ours ? "ours" : "not ours"); if (is_ours) @@ -4960,7 +5021,7 @@ int windows_process_total_entry(Private_Repl_Protocol *prp,Slapi_Entry *e) retval = map_entry_dn_outbound(e,&remote_dn,prp,&missing_entry,0 /* we don't want the GUID */); if (retval || NULL == remote_dn) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, "%s: windows_replay_update: failed map dn for total update dn=\"%s\"\n", agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(local_dn)); goto error;