[fedfs-utils] [PATCH 00/11] Support following LDAP referrals
Chuck Lever
chuck.lever at oracle.com
Fri Dec 14 14:37:17 PST 2012
A marquee feature of fedfs-utils 0.9 is the ability for our NSDB
clients (the admin tools and the fileserver plug-in) to follow LDAP
referrals returned by NSDBs. This can be useful for balancing NSDB
load or migrating FedFS records to another NSDB to replace LDAP
software or hardware.
This patch series implements LDAP referral support in our NSDB
clients.
The key part of LDAP referral support is re-authenticating the
referred-to NSDB. When connecting to a referred-to NSDB, an NSDB
client is required to authenticate the new NSDB using the NSDB
connection parameter rules that apply to any NSDB that is accessed
directly (without a referral). That is, the client must have an
entry for the new NSDB in its NSDB connection parameter database
that tells the client how to find the NSDB and what security type
to use.
In our implementation, there is already a switch in each NSDB
connection parameter database entry to control whether following
LDAP referrals is allowed. This switch, which is is initially
set to prevent following LDAP referrals, can be toggled by the
nsdbparams command. Following LDAP referrals might be disabled
to honor a site security policy, for example.
Until now, this per-entry switch did nothing -- LDAP referrals
caused an NSDB query sent by our NSDB clients to fail.
Review period for this series ends at midnight on Monday, December
24, 2012.
This is the final series I'll post during calendar year 2012. The
next patch series for the fedfs-utils 0.9 development cycle, which
will introduce support for FEDFS_SEC_TLS, should appear the second
week of January 2013. Have a safe and happy Christmas holiday.
---
Chuck Lever (11):
man: The "-R" option of "nsdbparams update" is incorrectly documented
nfsref: Follow LDAP referrals when resolving FSNs
plug-in: Follow LDAP referrals when resolving FSNs
fedfsd: Follow LDAP referrals when resolving FSNs
nsdbc: Do not follow LDAP referrals during administrator operations
nsdbc: Follow LDAP referrals in some NSDB administrative tools
libnsdb: Handle LDAP referrals correctly
libnsdb: Proper rationalization for disabling LDAP_OPT_REFERRALS
libnsdb: Remove nsdb_parse_reference()
libnsdb: Handle LDAP referrals in an LDAP_RES_SEARCH_RESULT
libnsdb: Free the results of ldap_parse_result(3)
doc/man/nsdbparams.8 | 4 +
src/fedfsd/svc.c | 59 ++++++++++++++++-
src/include/nsdb.h | 6 ++
src/libnsdb/administrator.c | 10 +--
src/libnsdb/fileserver.c | 148 ++++++++++++++++++------------------------
src/libnsdb/ldap.c | 117 ++++++++++++++++++++-------------
src/libnsdb/nsdb-internal.h | 5 +
src/libnsdb/nsdb.c | 67 +++++++++++++++++++
src/nfsref/lookup.c | 53 +++++++++++++++
src/nsdbc/nsdb-annotate.c | 4 +
src/nsdbc/nsdb-create-fsl.c | 5 +
src/nsdbc/nsdb-create-fsn.c | 5 +
src/nsdbc/nsdb-delete-fsl.c | 5 +
src/nsdbc/nsdb-delete-fsn.c | 5 +
src/nsdbc/nsdb-delete-nsdb.c | 5 +
src/nsdbc/nsdb-describe.c | 4 +
src/nsdbc/nsdb-list.c | 53 +++++++++++++++
src/nsdbc/nsdb-nces.c | 5 +
src/nsdbc/nsdb-remove-nci.c | 5 +
src/nsdbc/nsdb-resolve-fsn.c | 59 +++++++++++++++++
src/nsdbc/nsdb-simple-nce.c | 5 +
src/nsdbc/nsdb-update-fsl.c | 5 +
src/nsdbc/nsdb-update-nci.c | 5 +
src/plug-ins/nfs-plugin.c | 53 +++++++++++++++
24 files changed, 544 insertions(+), 148 deletions(-)
--
Chuck Lever
More information about the fedfs-utils-devel
mailing list