[fedfs-utils] [PATCH 00/11] Support following LDAP referrals
Chuck Lever
chuck.lever at oracle.com
Mon Dec 24 12:04:15 PST 2012
On Dec 14, 2012, at 5:37 PM, Chuck Lever <chuck.lever at oracle.com> wrote:
> A marquee feature of fedfs-utils 0.9 is the ability for our NSDB
> clients (the admin tools and the fileserver plug-in) to follow LDAP
> referrals returned by NSDBs. This can be useful for balancing NSDB
> load or migrating FedFS records to another NSDB to replace LDAP
> software or hardware.
>
> This patch series implements LDAP referral support in our NSDB
> clients.
>
> The key part of LDAP referral support is re-authenticating the
> referred-to NSDB. When connecting to a referred-to NSDB, an NSDB
> client is required to authenticate the new NSDB using the NSDB
> connection parameter rules that apply to any NSDB that is accessed
> directly (without a referral). That is, the client must have an
> entry for the new NSDB in its NSDB connection parameter database
> that tells the client how to find the NSDB and what security type
> to use.
>
> In our implementation, there is already a switch in each NSDB
> connection parameter database entry to control whether following
> LDAP referrals is allowed. This switch, which is is initially
> set to prevent following LDAP referrals, can be toggled by the
> nsdbparams command. Following LDAP referrals might be disabled
> to honor a site security policy, for example.
>
> Until now, this per-entry switch did nothing -- LDAP referrals
> caused an NSDB query sent by our NSDB clients to fail.
>
> Review period for this series ends at midnight on Monday, December
> 24, 2012.
>
> This is the final series I'll post during calendar year 2012. The
> next patch series for the fedfs-utils 0.9 development cycle, which
> will introduce support for FEDFS_SEC_TLS, should appear the second
> week of January 2013. Have a safe and happy Christmas holiday.
This patch series has been committed. See you next year!
> ---
>
> Chuck Lever (11):
> man: The "-R" option of "nsdbparams update" is incorrectly documented
> nfsref: Follow LDAP referrals when resolving FSNs
> plug-in: Follow LDAP referrals when resolving FSNs
> fedfsd: Follow LDAP referrals when resolving FSNs
> nsdbc: Do not follow LDAP referrals during administrator operations
> nsdbc: Follow LDAP referrals in some NSDB administrative tools
> libnsdb: Handle LDAP referrals correctly
> libnsdb: Proper rationalization for disabling LDAP_OPT_REFERRALS
> libnsdb: Remove nsdb_parse_reference()
> libnsdb: Handle LDAP referrals in an LDAP_RES_SEARCH_RESULT
> libnsdb: Free the results of ldap_parse_result(3)
>
>
> doc/man/nsdbparams.8 | 4 +
> src/fedfsd/svc.c | 59 ++++++++++++++++-
> src/include/nsdb.h | 6 ++
> src/libnsdb/administrator.c | 10 +--
> src/libnsdb/fileserver.c | 148 ++++++++++++++++++------------------------
> src/libnsdb/ldap.c | 117 ++++++++++++++++++++-------------
> src/libnsdb/nsdb-internal.h | 5 +
> src/libnsdb/nsdb.c | 67 +++++++++++++++++++
> src/nfsref/lookup.c | 53 +++++++++++++++
> src/nsdbc/nsdb-annotate.c | 4 +
> src/nsdbc/nsdb-create-fsl.c | 5 +
> src/nsdbc/nsdb-create-fsn.c | 5 +
> src/nsdbc/nsdb-delete-fsl.c | 5 +
> src/nsdbc/nsdb-delete-fsn.c | 5 +
> src/nsdbc/nsdb-delete-nsdb.c | 5 +
> src/nsdbc/nsdb-describe.c | 4 +
> src/nsdbc/nsdb-list.c | 53 +++++++++++++++
> src/nsdbc/nsdb-nces.c | 5 +
> src/nsdbc/nsdb-remove-nci.c | 5 +
> src/nsdbc/nsdb-resolve-fsn.c | 59 +++++++++++++++++
> src/nsdbc/nsdb-simple-nce.c | 5 +
> src/nsdbc/nsdb-update-fsl.c | 5 +
> src/nsdbc/nsdb-update-nci.c | 5 +
> src/plug-ins/nfs-plugin.c | 53 +++++++++++++++
> 24 files changed, 544 insertions(+), 148 deletions(-)
>
> --
> Chuck Lever
>
> _______________________________________________
> fedfs-utils-devel mailing list
> fedfs-utils-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
More information about the fedfs-utils-devel
mailing list