ITS#9581 Implement lastbind precision

author Ondřej Kuzník <ondra@mistotebe.net>

Mon, 7 Jun 2021 14:50:46 +0000 (15:50 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Mon, 21 Jun 2021 18:37:30 +0000 (18:37 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Mon, 7 Jun 2021 14:50:46 +0000 (15:50 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Mon, 21 Jun 2021 18:37:30 +0000 (18:37 +0000)
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5

index 6310539d1a9259bfe465b907fa64aa6509dc1fd6..f7e9029ffc26fe173ecd90b4bddab2e0f4862a7c 100644 (file)
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -1482,6 +1482,12 @@ Controls whether
  will automatically maintain the pwdLastSuccess attribute for
  entries. By default, olcLastBind is FALSE.
  .TP
+.B olcLastBindPrecision: <number>
+If olcLastBind is enabled, a new value is written only if the
+current one is more than
+.B number
+seconds in the past.
+.TP
  .B olcLimits: <selector> <limit> [<limit> [...]]
  Specify time and size limits based on the operation's initiator or
  base DN.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5

index f6ffddb5705696ec4139c4e70f8da9d0ece8426b..b0b2f4a9012527b71fbf1addcf56fa5c7865bff7 100644 (file)
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1386,6 +1386,12 @@ Controls whether
  will automatically maintain the pwdLastSuccess attribute for
  entries. By default, lastbind is off.
  .TP
+.B lastbind-precision <number>
+If lastbind is enabled, a new value is written only if the
+current one is more than
+.B number
+seconds in the past.
+.TP
  .B limits <selector> <limit> [<limit> [...]]
  Specify time and size limits based on the operation's initiator or
  base DN.
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c

index ca4e76cc7ae4daa236365492a9c757ef2176a33c..b019554a034f7ba2d0fac719d6775b2940457133 100644 (file)
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -177,6 +177,7 @@ enum {
         CFG_MODPATH,
         CFG_LASTMOD,
         CFG_LASTBIND,
+       CFG_LASTBIND_PRECISION,
         CFG_AZPOLICY,
         CFG_AZREGEXP,
         CFG_AZDUC,
@@ -450,6 +451,13 @@ static ConfigTable config_back_cf_table[] = {
                 &config_generic, "( OLcfgDbAt:0.22 NAME 'olcLastBind' "
                         "EQUALITY booleanMatch "
                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+       { "lastbind-precision", "seconds difference", 2, 2, 0,
+               ARG_DB|ARG_MAGIC|ARG_UINT|CFG_LASTBIND_PRECISION,
+               &config_generic, "( OLcfgDbAt:0.23 NAME 'olcLastBindPrecision' "
+                       "EQUALITY integerMatch "
+                       "SYNTAX OMsInteger SINGLE-VALUE )", NULL,
+                       { .v_uint = 0 }
+       },
         { "ldapsyntax", "syntax", 2, 0, 0,
                 ARG_PAREN|ARG_MAGIC|CFG_SYNTAX,
                 &config_generic, "( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' "
@@ -1009,8 +1017,8 @@ static ConfigOCs cf_ocs[] = {
                 "SUP olcConfig STRUCTURAL "
                 "MUST olcDatabase "
                 "MAY ( olcDisabled $ olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
-                "olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLimits $ "
-                "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
+                "olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLastBindPrecision $ "
+                "olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
                  "olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
                  "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
                  "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ "
@@ -1379,6 +1387,9 @@ config_generic(ConfigArgs *c) {
                 case CFG_LASTBIND:
                         c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
                         break;
+               case CFG_LASTBIND_PRECISION:
+                       c->value_uint = c->be->be_lastbind_precision;
+                       break;
                 case CFG_SYNC_SUBENTRY:
                         c->value_int = (SLAP_SYNC_SUBENTRY(c->be) != 0);
                         break;
@@ -1532,6 +1543,10 @@ config_generic(ConfigArgs *c) {
                         SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_SYNC_SUBENTRY;
                         break;
  
+               case CFG_LASTBIND_PRECISION:
+                       c->be->be_lastbind_precision = 0;
+                       break;
+
                 case CFG_RO:
                         c->be->be_restrictops &= ~SLAP_RESTRICT_READONLY;
                         break;
@@ -2406,6 +2421,10 @@ sortval_reject:
                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_LASTBIND;
                         break;
  
+               case CFG_LASTBIND_PRECISION:
+                       c->be->be_lastbind_precision = c->value_uint;
+                       break;
+
                 case CFG_MULTIPROVIDER:
                         if(c->value_int && !SLAP_SHADOW(c->be)) {
                                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> database is not a shadow",
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c

index 20800b2b88643b7a073278f0868fc0c5062fcd8d..9d6ffc6b12a4be72c68c06bce3f773f6705f07ae 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -437,7 +437,8 @@ fe_op_lastbind( Operation *op )
                  * TODO: If the recorded bind time is within configurable precision,
                  * it doesn't need to be updated (save a write for nothing)
                  */
-               if ( bindtime != (time_t)-1 && op->o_time <= bindtime ) {
+               if ( bindtime != (time_t)-1 &&
+                               op->o_time <= bindtime + op->o_bd->be_lastbind_precision ) {
                         be_entry_release_r( op, e );
                         return LDAP_SUCCESS;
                 }
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h

index 6ca22b0319f72047daec632e4ecc6af1f7085217..aa6a014079cea38ad49b406e97463983ec67ce96 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1987,6 +1987,8 @@ struct BackendDB {
         slap_access_t   be_dfltaccess;  /* access given if no acl matches          */
         AttributeName   *be_extra_anlist;       /* attributes that need to be added to search requests (ITS#6513) */
  
+       unsigned int be_lastbind_precision;
+
         /* Consumer Information */
         struct berval be_update_ndn;    /* allowed to make changes (in replicas) */
         BerVarray       be_update_refs; /* where to refer modifying clients to */
author	Ondřej Kuzník <ondra@mistotebe.net>
	Mon, 7 Jun 2021 14:50:46 +0000 (15:50 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Mon, 21 Jun 2021 18:37:30 +0000 (18:37 +0000)
doc/man/man5/slapd-config.5		patch \| blob \| blame \| history
doc/man/man5/slapd.conf.5		patch \| blob \| blame \| history
servers/slapd/bconfig.c		patch \| blob \| blame \| history
servers/slapd/bind.c		patch \| blob \| blame \| history
servers/slapd/slap.h		patch \| blob \| blame \| history