+++ /dev/null
-Copyright 2004-2022 The OpenLDAP Foundation. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted only as authorized by the OpenLDAP
-Public License.
-
-This directory contains a native slapd plugin, dsaschema, that permits the
-loading of DSA-specific schema from configuration files (including operational
-attributes).
-
-To use the plugin, add:
-
-moduleload dsaschema.so
- /etc/openldap/schema/foo1.schema
- ...etc...
- /etc/openldap/schema/fooN.schema
-
-to your slapd configuration file.
-
-Use Makefile to compile this plugin or use a command line similar to:
-
-gcc -shared -I../../../include -Wall -g -o dsaschema.so dsaschema.c
-
int init_module(int argc, char *argv[]);
+static ConfigDriver dsaschema_config_attribute;
+
+static ConfigTable dsaschemacfg[] = {
+ /* Only attribute loading is currently restricted in slapd, rest can be
+ * delegated to default */
+ { "", "attribute", 2, 0, 0,
+ ARG_PAREN|ARG_MAGIC,
+ &dsaschema_config_attribute,
+ "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
+ "DESC 'OpenLDAP attributeTypes' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
+ NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigLDAPadd dsaschema_ldadd;
+
+static ConfigOCs dsaschemaocs[] = {
+ { "( OLcfgOvOc:11.1 "
+ "NAME 'olcDSASchemaConfig' "
+ "DESC 'DSA schema object' "
+ "SUP olcSchemaConfig STRUCTURAL )",
+ Cft_Schema, dsaschemacfg,
+ dsaschema_ldadd,
+ },
+ { NULL, 0, NULL }
+};
+
+static int
+dsaschema_config_attribute( ConfigArgs *c )
+{
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ return 1;
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ return 1;
+ }
+
+ if ( register_at( c->line, NULL, 0 ) ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "<%s> attribute definition invalid",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->cr_msg );
+ return 1;
+ }
+}
+
+static int
+dsaschema_ldadd( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
+{
+ if ( p->ce_type != Cft_Schema )
+ return LDAP_CONSTRAINT_VIOLATION;
+
+ return LDAP_SUCCESS;
+}
+
+
static int dsaschema_parse_cr(const char *fname, int lineno, char *line, char **argv)
{
struct config_args_s c = { .line = line };
for (i = 0; i < argc; i++) {
rc = dsaschema_read_config(argv[i], 0);
if (rc != 0) {
- break;
+ return rc;
}
}
- return rc;
+ return config_register_schema( dsaschemacfg, dsaschemaocs );
}
--- /dev/null
+.TH SLAPD-DSASCHEMA 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2008-2022 The OpenLDAP Foundation. All rights reserved.
+.\" $OpenLDAP$
+.SH NAME
+slapd-dsaschema \- Define DSA-specific schema
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+OpenLDAP restricts admin-provided schemas to regular attributes, operational
+attributes cannot be added by normal means. This module allows one to bypass
+this restriction.
+
+.SH CONFIGURATION
+To use the plugin, add the following to your slapd configuration file (similar
+with
+.BR olcModuleLoad ):
+
+.RS
+.nf
+moduleload dsaschema.so [<path-to-schema-file> ...]
+.fi
+.RE
+
+
+With
+.B cn=config
+you can also use the
+.B olcDSASchemaConfig
+objectclass in entries under
+.BR cn=schema,cn=config
+to lift the restriction on defining operational attributes.
+
+.SH EXAMPLES
+.LP
+.RS
+.nf
+moduleload dsaschema.so
+ /etc/openldap/schema/foo1.schema
+ ...etc...
+ /etc/openldap/schema/fooN.schema
+.fi
+.RE
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR slapd-config (5),
+.BR slapd.conf (5).
+.SH ACKNOWLEDGEMENTS
+This module was written in 2008 by Emmanuel Dreyfus.
+.so ../Project
projects / thirdparty / openldap.git / commitdiff
