Attribute uniqueness plugin can scope severals subtrees. The Subtrees are specified with the configuration attribute 'nsslapd-pluginsarg1', 'nsslapd-pluginsarg2',...
Currently the plugin enforce that the attribute value is unique within EACH subtrees but not over all specified subtrees. For example if attribute uniqueness for 'uid' is enforced in subtree ou=people,dc=example,dc=com and ou=special people,dc=example,dc=com. Then an entry under 'ou=people' can contain 'uid=foo' and an other entry under 'ou=special people' can contain 'uid=foo'.
This ticket is to enforce the control of attribute uniqueness accross all the subtrees.
To preserve the current behavior it requires a new boolean configuration parameter: 'nsslapd-pluginAllSubtrees' (default value is 'off')
If this attribute is set and the (uniq) attribute is updated in a target entry, then if the target entry belongs to one of the subtrees it checks that the new attribute value does not exist in all the subtrees.
Taking the opportunity of this ticket to also support new configuration attribute: old:
nsslapd-pluginarg0: uid nsslapd-pluginarg1: ou=people,dc=example,dc=com nsslapd-pluginarg2: ou=special people,dc=example,dc=com
new
nsslapd-pluginAttributeName: uid nsslapd-pluginContainerScope: ou=people,dc=example,dc=com nsslapd-pluginContainerScope: ou=special people,dc=example,dc=com
attachment 0002-Ticket-47823-test-case-enforce-attributes-uniqueness.patch
attachment 0001-Ticket-47823-attribute-uniqueness-enforced-on-all-su.patch
Use slapi_ch_free_string instead of slapi_ch_free for char * variables.
When comparing two DN values, where one is a char * and one is a Slapi_DN , convert the char * to a Slapi_DN (slapi_sdn_new_dn_byval, etc.), then compare the two Slapi_DN* using slapi_sdn_compare(). For example, config->plugin_dn should be a Slapi_DN * instead of a char * - in find_uniqueness_config_nolock() the parameter should be a Slapi_DN * - etc.
attachment 0002-Ticket-47823-attribute-uniqueness-enforced-on-all-su.patch
It looks like you need to include slap.h in order to have access to the internal plugin structure, specifically plugin->plg_dn? And you use this to associate the plugin config with a plugin by using the plugin DN? I think a better way to do this would be to store the plugin config in the plugin private area. You access this by using slapi_pblock_get/set(pb, SLAPI_PLUGIN_PRIVATE, &config/config). Then you don't need slap.h, and don't need to use the plugin DN. This serves the same purpose as using the SLAPI_PLUGIN_ARGC and SLAPI_PLUGIN_ARGV, which also gives you access to the plugin configuration for the specific plugin.
attachment 0003-Ticket-47823-attribute-uniqueness-enforced-on-all-su.patch
{{{
252 /* Uniqueness may be enforced accross all the subtrees */ 253 value = slapi_entry_attr_get_charptr(config_entry, ATTR_UNIQUENESS_ACROSS_ALL_SUBTREES); 254 if (value) { 255 if (!strcasecmp(value, "off")) { 256 tmp_config->unique_in_all_subtrees = PR_FALSE; 257 } else { 258 tmp_config->unique_in_all_subtrees = PR_TRUE; 259 } 260 slapi_ch_free_string(&value); 261 }
}}}
Use slapi_entry_attr_get_bool[_ext] instead: {{{ tmp_config->unique_in_all_subtrees = slapi_entry_attr_get_bool(config_entry, ATTR_UNIQUENESS_ACROSS_ALL_SUBTREES); }}} If you want the default value to be PR_TRUE if the attribute is not present, use slapi_entry_attr_get_bool_ext with the last argument of PR_TRUE.
I the future, I would suggest doing instead of {{{ 222 if ((value = slapi_entry_attr_get_charptr(config_entry, attrname))) { 223 tmp_config->attr = value; 224 } }}}
just do
{{{ tmp_config->attr = slapi_entry_attr_get_charptr(config_entry, attrname); }}}
in this case, since tmp_config->attr is NULL, you don't have to worry about overwriting it and leaking memory. But the code is correct as it is.
Otherwise, ack.
attachment 0004-Ticket-47823-attribute-uniqueness-enforced-on-all-su.patch
'''push in master'''
git merge ticket_47823 Updating 16e5ce7..c66b5e9 Fast-forward dirsrvtests/tickets/ticket47823_test.py | 1046 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ldap/ldif/template-dse.ldif.in | 5 +- ldap/servers/plugins/uiduniq/uid.c | 457 ++++++++++++++++++++++++++++-------- 3 files changed, 1406 insertions(+), 102 deletions(-) create mode 100644 dirsrvtests/tickets/ticket47823_test.py
git push origin master Counting objects: 22, done. Delta compression using up to 4 threads. Compressing objects: 100% (12/12), done. Writing objects: 100% (12/12), 9.58 KiB, done. Total 12 (delta 8), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 16e5ce7..c66b5e9 master -> master
commit c66b5e9 Author: Thierry bordaz (tbordaz) tbordaz@redhat.com Date: Mon Jul 7 15:29:58 2014 +0200
Metadata Update from @tbordaz: - Issue assigned to tbordaz - Issue set to the milestone: 1.3.3 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1154
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.