#47823 RFE: enforce attributes uniqueness over several subtrees
Closed: wontfix None Opened 9 years ago by tbordaz.

Attribute uniqueness plugin can scope severals subtrees. The Subtrees are specified with the configuration attribute 'nsslapd-pluginsarg1', 'nsslapd-pluginsarg2',...

Currently the plugin enforce that the attribute value is unique within EACH subtrees but not over all specified subtrees. For example if attribute uniqueness for 'uid' is enforced in subtree ou=people,dc=example,dc=com and ou=special people,dc=example,dc=com. Then an entry under 'ou=people' can contain 'uid=foo' and an other entry under 'ou=special people' can contain 'uid=foo'.

This ticket is to enforce the control of attribute uniqueness accross all the subtrees.

To preserve the current behavior it requires a new boolean configuration parameter: 'nsslapd-pluginAllSubtrees' (default value is 'off')

If this attribute is set and the (uniq) attribute is updated in a target entry, then if the target entry belongs to one of the subtrees it checks that the new attribute value does not exist in all the subtrees.

Taking the opportunity of this ticket to also support new configuration attribute:
old:

nsslapd-pluginarg0: uid
nsslapd-pluginarg1: ou=people,dc=example,dc=com
nsslapd-pluginarg2: ou=special people,dc=example,dc=com

new

nsslapd-pluginAttributeName: uid
nsslapd-pluginContainerScope: ou=people,dc=example,dc=com
nsslapd-pluginContainerScope: ou=special people,dc=example,dc=com

Use slapi_ch_free_string instead of slapi_ch_free for char * variables.

When comparing two DN values, where one is a char * and one is a Slapi_DN , convert the char * to a Slapi_DN (slapi_sdn_new_dn_byval, etc.), then compare the two Slapi_DN* using slapi_sdn_compare(). For example, config->plugin_dn should be a Slapi_DN * instead of a char * - in find_uniqueness_config_nolock() the parameter should be a Slapi_DN * - etc.

It looks like you need to include slap.h in order to have access to the internal plugin structure, specifically plugin->plg_dn? And you use this to associate the plugin config with a plugin by using the plugin DN? I think a better way to do this would be to store the plugin config in the plugin private area. You access this by using slapi_pblock_get/set(pb, SLAPI_PLUGIN_PRIVATE, &config/config). Then you don't need slap.h, and don't need to use the plugin DN. This serves the same purpose as using the SLAPI_PLUGIN_ARGC and SLAPI_PLUGIN_ARGV, which also gives you access to the plugin configuration for the specific plugin.

{{{

252                 /* Uniqueness may be enforced accross all the subtrees */ 
253                 value = slapi_entry_attr_get_charptr(config_entry, ATTR_UNIQUENESS_ACROSS_ALL_SUBTREES); 
254                 if (value) { 
255                         if (!strcasecmp(value, "off")) { 
256                                 tmp_config->unique_in_all_subtrees = PR_FALSE; 
257                         } else { 
258                                 tmp_config->unique_in_all_subtrees = PR_TRUE; 
259                         } 
260                         slapi_ch_free_string(&value); 
261                 }

}}}

Use slapi_entry_attr_get_bool[_ext] instead:
{{{
tmp_config->unique_in_all_subtrees = slapi_entry_attr_get_bool(config_entry, ATTR_UNIQUENESS_ACROSS_ALL_SUBTREES);
}}}
If you want the default value to be PR_TRUE if the attribute is not present, use slapi_entry_attr_get_bool_ext with the last argument of PR_TRUE.

I the future, I would suggest doing instead of
{{{
222 if ((value = slapi_entry_attr_get_charptr(config_entry, attrname))) {
223 tmp_config->attr = value;
224 }
}}}

just do

{{{
tmp_config->attr = slapi_entry_attr_get_charptr(config_entry, attrname);
}}}

in this case, since tmp_config->attr is NULL, you don't have to worry about overwriting it and leaking memory. But the code is correct as it is.

Otherwise, ack.

'''push in master'''

git merge ticket_47823
Updating 16e5ce7..c66b5e9
Fast-forward
dirsrvtests/tickets/ticket47823_test.py | 1046 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ldap/ldif/template-dse.ldif.in | 5 +-
ldap/servers/plugins/uiduniq/uid.c | 457 ++++++++++++++++++++++++++++--------
3 files changed, 1406 insertions(+), 102 deletions(-)
create mode 100644 dirsrvtests/tickets/ticket47823_test.py

git push origin master
Counting objects: 22, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (12/12), done.
Writing objects: 100% (12/12), 9.58 KiB, done.
Total 12 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
16e5ce7..c66b5e9 master -> master

commit c66b5e9
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Mon Jul 7 15:29:58 2014 +0200

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
- Issue set to the milestone: 1.3.3 backlog

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1154

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata