Bug 457846 (winsyncapi)

Summary: The Windows Sync API should have plug-in points
Product: [Retired] 389 Reporter: Rich Megginson <rmeggins>
Component: Sync ServiceAssignee: Rich Megginson <rmeggins>
Status: CLOSED WONTFIX QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.1.1CC: benl, nkinder, shaines
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-11 17:08:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 452721, 453489    
Attachments:
Description Flags
diffs
none
new winsync-plugin.h
none
new diffs
none
cvs commit log
none
diffs
none
cvs commit log - part deux
none
cvs commit log - DS8.0
none
diffs - part2
none
cvs commit log - part 2
none
cvs commit log - DS8.0 - part 2
none
diffs - part 3
none
cvs commit log - part 3
none
cvs commit log - DS8.0 - part 3 none

Description Rich Megginson 2008-08-04 22:35:03 UTC 
The Windows Sync feature needs have plug-in points which allow
* Intercept and change a user entry before it is sent from dirsrv to AD, including the DN, both in init mode and update mode
* Intercept and change an entry after it is received from AD but before it is processed further by dirsrv, including changing the DN, both in init mode and update mode
* To not send new users from the DS to AD - the users must also be added to AD, at which point changes to that user will be sync'd between DS and AD
* Sync new users added to AD - plug-in must be able to change the DN and schema before the entry is stored in DS
* Need to be able to specify the search base, scope, filter, attribute lists, and additional server controls in both internal searches and external (AD) searches
Comment 1 Rich Megginson 2008-08-04 23:00:38 UTC 
Created attachment 313410 [details]
diffs
Comment 2 Rich Megginson 2008-08-04 23:01:17 UTC 
Created attachment 313411 [details]
new winsync-plugin.h
Comment 3 Rich Megginson 2008-08-05 17:19:31 UTC 
Created attachment 313466 [details]
new diffs
Comment 4 Rich Megginson 2008-08-05 20:27:38 UTC 
Created attachment 313487 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: Several plug-in points have been added to the windows sync code, available to regular plug-ins that register with the winsync api via the slapi api broker interface.  winsync-plugin.h documents the use of these along with some example plug-in code.  The windows private data structure has been extended to add two additional fields:
raw_entry - the raw entry read from AD - this is passed to several plug-in callbacks to allow them to have access to all of the attributes and values in the entry in case further processing is needed.  This required a change to the function that reads the entry, to have it save the raw entry read each time from AD, in addition to the "cooked" entry it passes back to the caller.
api_cookie - this is the plug-in private data passed back to each plug-in callback and allows the plug-in to specify some additional context
Both of these are stored in the private data field in the agreement, so some of the existing functions had to be changed to pass in the connection object or the protocol object in order to gain access to the agreement object.
There were several small memory leaks in the existing code that have been fixed - these are the places where a free() function of some sort has been added.  Also the usage of slapi_sdn_init_dn_byval leaked - slapi_sdn_new_dn_byval must be used here instead - cannot mix slapi_sdn_new with slapi_sdn_init*
I also cleaned up several compiler warnings.
The slapi changes are not strictly necessary, but they provide some conveniences to the winsync code and to plug-in writers.  The good thing is that they were already private functions, so mostly just needed to have public api wrappers.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes - need to document the plugin api changes
Comment 5 Rich Megginson 2008-08-05 22:44:15 UTC 
Forgot to add #include "winsync-plugin.h"

Checking in windows_private.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_private.c,v  <--  windows_private.c
new revision: 1.19; previous revision: 1.18
done
Comment 6 Rich Megginson 2008-08-27 20:54:56 UTC 
Created attachment 315142 [details]
diffs
Comment 7 Rich Megginson 2008-08-27 21:47:46 UTC 
Created attachment 315153 [details]
cvs commit log - part deux

Reviewed by: nkinder (Thanks!)
Fix Description: Some additional changes to the api
1) added plugin points for begin update, end update, and agreement destruction
2) added debugging code to allow a regular DS to stand in for AD
3) fixed a couple of minor memory leaks
4) added the rest of the SLAPI DSE code to the public API to allow plugins to do dynamic configuration using the SLAPI public API
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
Comment 8 Rich Megginson 2008-09-11 19:18:21 UTC 
Created attachment 316473 [details]
cvs commit log - DS8.0

Fix Description: back ported fixes to 8.0 branch
Branch: Directory_Server_8_0_Branch
Comment 9 Rich Megginson 2008-09-23 01:56:14 UTC 
Created attachment 317429 [details]
diffs - part2
Comment 10 Rich Megginson 2008-09-23 21:15:09 UTC 
Created attachment 317534 [details]
cvs commit log - part 2

Reviewed by: nkinder (Thanks!)
Fix Description: Some additional changes to the api
The modify callbacks were not sufficient to handle all cases.  We need to have access to the DS entry.  This changes the API to add the DS entry to the modify callbacks.  I also had to change the handling of the userAccountControl - it cannot just overwrite the value, it must set the appropriate bit in the bit mask.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
Comment 11 Rich Megginson 2008-09-23 21:48:34 UTC 
Created attachment 317540 [details]
cvs commit log - DS8.0 - part 2

commit part 2 changes to ds80 branch
Comment 13 Rich Megginson 2008-09-24 18:56:18 UTC 
Reopened - there is a bug in the winsync code.  Patch forthcoming.
Comment 14 Rich Megginson 2008-09-24 19:00:36 UTC 
Created attachment 317614 [details]
diffs - part 3
Comment 15 Rich Megginson 2008-09-24 22:19:14 UTC 
Created attachment 317626 [details]
cvs commit log - part 3

Reviewed by: nkinder (Thanks!)
Fix Description: It turns out I was a little bit too aggressive in removing memory leaks, and broke outbound modify processing.  I should not have freed new_dn since it is used elsewhere.  There was an earlier memory leak related to the way new_dn was initialized, but that was fixed elsewhere.  The real fix is this:
-               slapi_sdn_free(&new_dn);
The other fixes are lots of log messages I added to help debug this problem.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
Comment 16 Rich Megginson 2008-09-24 22:26:12 UTC 
Created attachment 317628 [details]
cvs commit log - DS8.0 - part 3
Comment 18 Fedora Update System 2008-09-25 15:31:50 UTC 
fedora-ds-base-1.1.3-2.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/fedora-ds-base-1.1.3-2.fc8
Comment 19 Fedora Update System 2008-09-25 15:32:51 UTC 
fedora-ds-base-1.1.3-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/fedora-ds-base-1.1.3-2.fc9
Comment 20 Fedora Update System 2008-09-28 18:37:26 UTC 
fedora-ds-base-1.1.3-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2008-09-28 18:38:51 UTC 
fedora-ds-base-1.1.3-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.