4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
30 #include <sys/types.h>
34 #include <rpcsvc/nis.h>
37 #include "ldap_util.h"
38 #include "ldap_attr.h"
39 #include "ldap_ruleval.h"
42 #include "ldap_nisplus.h"
43 #include "ldap_glob.h"
47 /* From yptol/dit_access_utils.h */
48 #define N2LKEY "rf_key"
49 #define N2LIPKEY "rf_ipkey"
51 __nis_hash_table_mt ldapMappingList
= NIS_HASH_TABLE_MT_INIT
;
56 setColumnNames(__nis_table_mapping_t
*t
) {
57 int i
, j
, nic
, noc
, stat
;
60 char *myself
= "setColumnNames";
67 nic
= (col
!= 0) ? t
->numColumns
: -1;
69 t
->objType
= NIS_BOGUS_OBJ
;
72 stat
= initializeColumnNames(t
->objName
, &t
->column
, &t
->numColumns
,
73 &t
->objType
, &t
->obj
);
74 if (stat
== LDAP_OBJECT_CLASS_VIOLATION
) {
75 /* Not a table object; that's OK */
78 } else if (justTesting
&& stat
!= LDAP_SUCCESS
) {
80 * Restore the parser initialization. This will only work
81 * correctly if the config file is consistent in the ordering
82 * of column names, and either no NIS+ lookups are needed,
83 * or the ordering is the same as in NIS+.
87 /* Make a guess at the object type, based on the name */
88 if (strstr(t
->objName
, ".org_dir") != 0)
89 t
->objType
= NIS_TABLE_OBJ
;
90 else if (strncmp(t
->objName
, "admin.groups_dir",
91 sizeof ("admin.groups_dir")) != 0)
92 t
->objType
= NIS_GROUP_OBJ
;
94 t
->objType
= NIS_DIRECTORY_OBJ
;
99 * If it's a table object, but there are no translation rules,
100 * this mapping is for the table object itself. In that case,
101 * we throw away the column names (if any).
103 if (t
->objType
== NIS_TABLE_OBJ
&& t
->numRulesFromLDAP
== 0 &&
104 t
->numRulesToLDAP
== 0) {
105 for (i
= 0; i
< t
->numColumns
; i
++)
114 * Verify that all column names found by the parser
115 * are present in the actual column list.
118 for (i
= 0, noc
= 0; i
< nic
; i
++) {
123 /* Skip the 'zo_*' special column names */
124 if (isObjAttrString(col
[i
]))
126 for (j
= 0; j
< t
->numColumns
; j
++) {
127 if (strcmp(col
[i
], t
->column
[j
]) == 0) {
134 logmsg(MSG_NOTIMECHECK
, LOG_WARNING
,
135 "%s: No column \"%s\" in \"%s\"",
136 myself
, NIL(col
[i
]), NIL(t
->objName
));
141 /* Remove any setup by the parser */
142 for (i
= 0; i
< nic
; i
++) {
151 freeSingleObjAttr(__nis_obj_attr_t
*attr
) {
155 sfree(attr
->zo_owner
);
156 sfree(attr
->zo_group
);
157 sfree(attr
->zo_domain
);
162 freeObjAttr(__nis_obj_attr_t
**attr
, int numAttr
) {
168 for (i
= 0; i
< numAttr
; i
++) {
169 freeSingleObjAttr(attr
[i
]);
176 cloneObjAttr(__nis_obj_attr_t
*old
) {
177 __nis_obj_attr_t
*new;
178 char *myself
= "cloneObjAttr";
183 new = am(myself
, sizeof (*new));
187 new->zo_owner
= sdup(myself
, T
, old
->zo_owner
);
188 if (new->zo_owner
== 0 && old
->zo_owner
!= 0)
191 new->zo_group
= sdup(myself
, T
, old
->zo_group
);
192 if (new->zo_group
== 0 && old
->zo_group
!= 0)
195 new->zo_domain
= sdup(myself
, T
, old
->zo_domain
);
196 if (new->zo_domain
== 0 && old
->zo_domain
!= 0)
199 new->zo_access
= old
->zo_access
;
200 new->zo_ttl
= old
->zo_ttl
;
205 freeSingleObjAttr(new);
212 * Obtain NIS+ entries (in the form of db_query's) from the supplied table
213 * mapping and db_query.
215 * If 'qin' is NULL, enumeration is desired.
217 * On exit, '*numQueries' contains the number of (db_query *)'s in the
218 * return array, '*ldapStat' the LDAP operation status, and '*objAttr'
219 * a pointer to an array (of '*numQueries elements) of object attributes
220 * (zo_owner, etc.). If no object attributes were retrieved, '*objAttr'
221 * is NULL; any and all of the (*objAttr)[i]'s may be NULL.
224 mapFromLDAP(__nis_table_mapping_t
*t
, db_query
*qin
, int *numQueries
,
225 char *dbId
, int *ldapStat
, __nis_obj_attr_t
***objAttr
) {
226 __nis_table_mapping_t
**tp
;
228 __nis_rule_value_t
*rv
;
229 __nis_ldap_search_t
*ls
;
230 int n
, numVals
, numMatches
= 0;
232 __nis_obj_attr_t
**attr
;
233 char *myself
= "mapFromLDAP";
238 if (t
== 0 || numQueries
== 0) {
239 *ldapStat
= LDAP_PARAM_ERROR
;
243 /* Select the correct table mapping(s) */
244 tp
= selectTableMapping(t
, qin
, 0, 0, dbId
, &numMatches
);
245 if (tp
== 0 || numMatches
<= 0) {
247 * Not really an error; just no matching mapping
250 *ldapStat
= LDAP_SUCCESS
;
257 /* For each mapping */
258 for (numVals
= 0, n
= 0; n
< numMatches
; n
++) {
260 int i
, nqt
= 0, filterOnQin
, res
= 0;
265 rv
= buildNisPlusRuleValue(t
, qin
, 0);
268 * Depending on the value of res, we shall
269 * proceed to next table mapping.
271 ls
= createLdapRequest(t
, rv
, 0, 1, &res
, NULL
);
276 /* Build enumeration request */
278 ls
= createLdapRequest(t
, 0, 0, 1, NULL
, NULL
);
281 freeRuleValue(rv
, 1);
285 * if the res is NP_LDAP_RULES_NO_VALUE, that means we
286 * have enough NIS+ columns for the rules to produce
287 * values, but none of them did, so continue to the
288 * next table mapping. Otherwise do cleanup and return
291 if (res
== NP_LDAP_RULES_NO_VALUE
)
293 for (i
= 0; i
< numVals
; i
++)
297 *ldapStat
= LDAP_OPERATIONS_ERROR
;
302 nqt
= (ls
->isDN
|| qin
!= 0) ? 0 : -1;
303 rv
= ldapSearch(ls
, &nqt
, 0, ldapStat
);
306 * If qin != 0, then we need to make sure that the
307 * LDAP search is filtered so that only entries that
308 * are compatible with 'qin' are retained. This will
309 * happen automatically if we do a DN search (in which
310 * case, no need to filter on 'qin').
312 if (ls
->isDN
|| qin
== 0)
319 /* Convert rule-values to db_query's */
320 if (rv
!= 0 && nqt
> 0) {
322 __nis_obj_attr_t
**at
= 0;
324 qt
= ruleValue2Query(t
, rv
,
325 (filterOnQin
) ? qin
: 0, &at
, &nqt
);
326 freeRuleValue(rv
, nrv
);
328 if (qt
!= 0 && q
== 0) {
332 } else if (qt
!= 0) {
334 __nis_obj_attr_t
**atmp
;
336 /* Extend the 'q' array */
338 (numVals
+nqt
) * sizeof (q
[0]));
339 /* ... and the 'attr' array */
341 (numVals
+nqt
) * sizeof (attr
[0]));
342 if (tmp
== 0 || atmp
== 0) {
343 logmsg(MSG_NOMEM
, LOG_ERR
,
344 "%s: realloc(%d) => NULL",
346 (numVals
+nqt
) * sizeof (q
[0]));
347 for (i
= 0; i
< numVals
; i
++)
349 for (i
= 0; i
< nqt
; i
++)
356 freeObjAttr(at
, nqt
);
357 freeObjAttr(attr
, numVals
);
358 *ldapStat
= LDAP_NO_MEMORY
;
363 /* Add the results for this 't' */
364 (void) memcpy(&q
[numVals
], qt
,
365 nqt
* sizeof (qt
[0]));
366 (void) memcpy(&attr
[numVals
], at
,
367 nqt
* sizeof (at
[0]));
376 *numQueries
= numVals
;
380 freeObjAttr(attr
, numVals
);
387 * Add the object attributes (zo_owner, etc.) to the rule-value 'rv'.
388 * Returns a pointer to the (possibly newly allocated) rule-value,
389 * or NULL in case of failure. If not returning 'rvIn', the latter
390 * will have been freed.
393 addObjAttr2RuleValue(nis_object
*obj
, __nis_rule_value_t
*rvIn
) {
394 __nis_rule_value_t
*rv
;
395 char abuf
[2 * sizeof (obj
->zo_access
) + 1];
396 char tbuf
[2 * sizeof (obj
->zo_ttl
) + 1];
404 rv
= initRuleValue(1, 0);
409 if (obj
->zo_owner
!= 0) {
410 if (addSCol2RuleValue("zo_owner", obj
->zo_owner
, rv
) != 0) {
411 freeRuleValue(rv
, 1);
416 if (obj
->zo_group
!= 0) {
417 if (addSCol2RuleValue("zo_group", obj
->zo_group
, rv
) != 0) {
418 freeRuleValue(rv
, 1);
423 if (obj
->zo_domain
!= 0) {
424 if (addSCol2RuleValue("zo_domain", obj
->zo_domain
, rv
) != 0) {
425 freeRuleValue(rv
, 1);
430 (void) memset(abuf
, 0, sizeof (abuf
));
431 (void) memset(tbuf
, 0, sizeof (tbuf
));
433 sprintf(abuf
, "%x", obj
->zo_access
);
434 sprintf(tbuf
, "%x", obj
->zo_ttl
);
436 if (addSCol2RuleValue("zo_access", abuf
, rv
) != 0) {
437 freeRuleValue(rv
, 1);
440 if (addSCol2RuleValue("zo_ttl", tbuf
, rv
) != 0) {
441 freeRuleValue(rv
, 1);
449 * Returns a pointer to (NOT a copy of) the value for the specified
450 * column 'col' in the rule-value 'rv'.
453 findColValue(char *col
, __nis_rule_value_t
*rv
) {
456 if (col
== 0 || rv
== 0 || rv
->numColumns
<= 0)
459 for (i
= 0; i
< rv
->numColumns
; i
++) {
460 if (strcmp(col
, rv
->colName
[i
]) == 0)
461 return (&rv
->colVal
[i
]);
468 * Return the NIS+ object attributes (if any) in the rule-value 'rv'.
471 ruleValue2ObjAttr(__nis_rule_value_t
*rv
) {
472 __nis_obj_attr_t
*attr
;
474 char *myself
= "ruleValue2ObjAttr";
476 if (rv
== 0 || rv
->numColumns
<= 0)
479 attr
= am(myself
, sizeof (*attr
));
481 if ((val
= findColValue("zo_owner", rv
)) != 0 &&
482 val
->type
== vt_string
&& val
->numVals
== 1 &&
483 val
->val
[0].value
!= 0) {
484 attr
->zo_owner
= sdup(myself
, T
, val
->val
[0].value
);
485 if (attr
->zo_owner
== 0) {
486 freeSingleObjAttr(attr
);
491 if ((val
= findColValue("zo_group", rv
)) != 0 &&
492 val
->type
== vt_string
&& val
->numVals
== 1 &&
493 val
->val
[0].value
!= 0) {
494 attr
->zo_group
= sdup(myself
, T
, val
->val
[0].value
);
495 if (attr
->zo_group
== 0) {
496 freeSingleObjAttr(attr
);
501 if ((val
= findColValue("zo_domain", rv
)) != 0 &&
502 val
->type
== vt_string
&& val
->numVals
== 1 &&
503 val
->val
[0].value
!= 0) {
504 attr
->zo_domain
= sdup(myself
, T
, val
->val
[0].value
);
505 if (attr
->zo_domain
== 0) {
506 freeSingleObjAttr(attr
);
511 if ((val
= findColValue("zo_access", rv
)) != 0 &&
512 val
->type
== vt_string
&& val
->numVals
== 1 &&
513 val
->val
[0].value
!= 0) {
514 if (sscanf(val
->val
[0].value
, "%x", &attr
->zo_access
) != 1) {
515 freeSingleObjAttr(attr
);
520 if ((val
= findColValue("zo_ttl", rv
)) != 0 &&
521 val
->type
== vt_string
&& val
->numVals
== 1 &&
522 val
->val
[0].value
!= 0) {
523 if (sscanf(val
->val
[0].value
, "%x", &attr
->zo_ttl
) != 1) {
524 freeSingleObjAttr(attr
);
533 * If the supplied string is one of the object attributes, return one.
534 * Otherwise, return zero.
537 isObjAttrString(char *str
) {
541 if (strcmp("zo_owner", str
) == 0 ||
542 strcmp("zo_group", str
) == 0 ||
543 strcmp("zo_domain", str
) == 0 ||
544 strcmp("zo_access", str
) == 0 ||
545 strcmp("zo_ttl", str
) == 0)
553 * If the supplied value is one of the object attribute strings, return
554 * a pointer to the string. Otherwise, return NULL.
557 isObjAttr(__nis_single_value_t
*val
) {
558 if (val
== 0 || val
->length
<= 0 || val
->value
== 0)
561 if (isObjAttrString(val
->value
))
568 setObjAttrField(char *attrName
, __nis_single_value_t
*val
,
569 __nis_obj_attr_t
**objAttr
) {
570 __nis_obj_attr_t
*attr
;
571 char *myself
= "setObjAttrField";
573 if (attrName
== 0 || val
== 0 || objAttr
== 0 ||
574 val
->value
== 0 || val
->length
<= 0)
580 attr
= am(myself
, sizeof (*attr
));
586 if (strcmp("zo_owner", attrName
) == 0) {
587 if (attr
->zo_owner
== 0) {
588 attr
->zo_owner
= sdup(myself
, T
, val
->value
);
589 if (attr
->zo_owner
== 0)
592 } else if (strcmp("zo_group", attrName
) == 0) {
593 if (attr
->zo_group
== 0) {
594 attr
->zo_group
= sdup(myself
, T
, val
->value
);
595 if (attr
->zo_group
== 0)
598 } else if (strcmp("zo_domain", attrName
) == 0) {
599 if (attr
->zo_domain
== 0) {
600 attr
->zo_domain
= sdup(myself
, T
, val
->value
);
601 if (attr
->zo_domain
== 0)
604 } else if (strcmp("zo_access", attrName
) == 0) {
605 if (attr
->zo_access
== 0) {
606 if (sscanf(val
->value
, "%x", &attr
->zo_access
) != 1)
609 } else if (strcmp("zo_ttl", attrName
) == 0) {
610 if (attr
->zo_ttl
== 0) {
611 if (sscanf(val
->value
, "%x", &attr
->zo_ttl
) != 1)
620 * Return a DN and rule-value for the supplied mapping, db_query's, and
621 * input rule-value. This function only works on a single mapping. See
622 * mapToLDAP() below for a description of the action depending on the
623 * values of 'old' and 'new'.
625 * If both 'old' and 'new' are supplied, and the modify would result
626 * in a change to the DN, '*oldDN' will contain the old DN. Otherwise
627 * (and normally), '*oldDN' will be NULL.
630 map1qToLDAP(__nis_table_mapping_t
*t
, db_query
*old
, db_query
*new,
631 __nis_rule_value_t
*rvIn
, __nis_rule_value_t
**rvOutP
,
634 __nis_rule_value_t
*rv
, *rvt
;
635 __nis_ldap_search_t
*ls
;
636 char *dn
= 0, *oldDn
= 0;
637 __nis_table_mapping_t del
;
638 char *myself
= "map1qToLDAP";
640 if (t
== 0 || (old
== 0 && new == 0) || rvOutP
== 0)
644 * If entry should be deleted, we look at the delete
645 * policy in the table mapping. Should it specify a
646 * rule set, we use that rule set to build a rule-
647 * value, and the delete actually becomes a modify
650 if (old
!= 0 && new == 0) {
651 if (t
->objectDN
->delDisp
== dd_perDbId
) {
653 * The functions that build a rule-value from a
654 * rule set expect a __nis_table_mapping_t, but the
655 * rule set in the __nis_object_dn_t isn't of that
656 * form. So, build a pseudo-__nis_table_mapping_t that
657 * borrows heavily from 't'.
661 del
.numRulesToLDAP
= del
.objectDN
->numDbIds
;
662 del
.ruleToLDAP
= del
.objectDN
->dbId
;
665 * Do a modify with the pseudo-table
666 * mapping, and the 'old' db_query
667 * supplying input to the delete rule
672 } else if (t
->objectDN
->delDisp
== dd_always
) {
674 /* Nothing to do here; all handled below */
676 } else if (t
->objectDN
->delDisp
== dd_never
) {
682 logmsg(MSG_INVALIDDELDISP
, LOG_WARNING
,
683 "%s: Invalid delete disposition %d for \"%s\"",
684 myself
, t
->objectDN
->delDisp
,
691 /* Make a copy of the input rule-value */
693 rv
= initRuleValue(1, rvIn
);
700 /* First get a rule-value from the supplied NIS+ entry. */
702 rv
= buildNisPlusRuleValue(t
, ((old
!= 0) ? old
: new), rvt
);
703 freeRuleValue(rvt
, 1);
705 logmsg(MSG_NORULEVALUE
, LOG_WARNING
,
706 "%s: No in-query rule-value derived for \"%s\"",
707 myself
, NIL(t
->dbId
));
712 * Create a request (really only care about the DN) from the
713 * supplied NIS+ entry data.
715 ls
= createLdapRequest(t
, rv
, &dn
, 0, NULL
, NULL
);
716 if (ls
== 0 || dn
== 0) {
717 logmsg(MSG_NOTIMECHECK
, LOG_ERR
,
718 "%s: Unable to create LDAP request for %s: %s",
719 myself
, NIL(t
->dbId
),
720 (dn
!= 0) ? dn
: rvId(rv
, mit_nisplus
));
723 freeRuleValue(rv
, 1);
731 * Create a rule-value from the new NIS+ entry.
732 * Don't want to mix in the rule-value derived
733 * from 'old', so delete it. However, we still
734 * want the owner, group, etc., from 'rvIn'.
737 freeRuleValue(rv
, 1);
739 rv
= initRuleValue(1, rvIn
);
749 rv
= buildNisPlusRuleValue(t
, new, rvt
);
750 freeRuleValue(rvt
, 1);
752 logmsg(MSG_NORULEVALUE
, LOG_WARNING
,
753 "%s: No new rule-value derived for \"%s: %s\"",
754 myself
, NIL(t
->dbId
), dn
);
759 * Check if the proposed modification would result in a
760 * a change to the DN.
765 ls
= createLdapRequest(t
, rv
, &dn
, 0, NULL
, NULL
);
766 if (ls
== 0 || dn
== 0) {
767 logmsg(MSG_NOTIMECHECK
, LOG_ERR
,
768 "%s: Unable to create new DN for \"%s: %s\"",
769 myself
, NIL(t
->dbId
), oldDn
);
772 freeRuleValue(rv
, 1);
776 if (strcasecmp(oldDn
, dn
) == 0) {
792 * Since the DN hash list is an automatic variable, there's no need for
793 * locking, and we remove the locking overhead by using the libnsl
797 #undef NIS_HASH_TABLE
798 #undef nis_insert_item
801 #undef nis_remove_item
810 * Update LDAP per the supplied table mapping and db_query's.
812 * 'nq' is the number of elements in the 'old', 'new', and 'rvIn'
813 * arrays. mapToLDAP() generally performs one update for each
814 * element; however, if one or more of the individual queries
815 * produce the same DN, they're merged into a single update.
817 * There are four cases, depending on the values of 'old[iq]' and
820 * (1) old[iq] == 0 && new[iq] == 0
821 * No action; skip to next query
823 * (2) old[iq] == 0 && new[iq] != 0
824 * Attempt to use the 'new' db_query to get a DN, and try to create
825 * the corresponding LDAP entry.
827 * (3) old[iq] != 0 && new[iq] == 0
828 * Use the 'old' db_query to get a DN, and try to delete the LDAP
829 * entry per the table mapping.
831 * (4) old[iq] != 0 && new[iq] != 0
832 * Use the 'old' db_query to get a DN, and update (possibly create)
833 * the corresponding LDAP entry per the 'new' db_query.
835 * If 'rvIn' is non-NULL, it is expected to contain the object attributes
836 * (zo_owner, etc.) to be written to LDAP. 'rvIn' is an array with 'nq'
839 * If 'firstOnly' is set, only the first old[iq]/new[iq] pair is used
840 * to perform the actual update. Any additional queries specified will
841 * have their values folded in, but are not used to derive update targets.
842 * This mode is inteded to support the case where multiple NIS+ entries
843 * map to one and the same LDAP entry. Note that 'rvIn' must still be
844 * an array of 'nq' elements, though if 'firstOnly' is set, it should be
845 * OK to leave all but 'rvIn[0]' empty.
847 * 'dbId' is used to further narow down the selection of mapping candidates
848 * to those matching the 'dbId' value.
851 mapToLDAP(__nis_table_mapping_t
*tm
, int nq
, db_query
**old
, db_query
**new,
852 __nis_rule_value_t
*rvIn
, int firstOnly
, char *dbId
) {
853 __nis_table_mapping_t
**tp
, **tpa
;
854 int i
, n
, rnq
, iq
, r
, ret
= LDAP_SUCCESS
;
855 int maxMatches
, numMatches
= 0;
856 __nis_ldap_search_t
*ls
;
857 char **dn
= 0, **odn
= 0;
858 __nis_rule_value_t
**rv
;
859 NIS_HASH_TABLE dntab
;
861 char *myself
= "mapToLDAP";
864 if (tm
== 0 || (old
== 0 && new == 0) || nq
<= 0)
865 return (LDAP_PARAM_ERROR
);
867 /* Determine maximum number of table mapping matches */
869 tp
= selectTableMapping(tm
,
870 (old
!= 0 && old
[0] != 0) ? old
[0] : new[0], 1, 0,
872 numMatches
= maxMatches
;
874 tp
= selectTableMapping(tm
, 0, 1, 0, dbId
, &maxMatches
);
878 * If no matching mapping, we're not mapping to LDAP in this
881 if (tp
== 0 || maxMatches
== 0) {
883 return (LDAP_SUCCESS
);
887 * Allocate the 'rv', 'dn', and 'tpa' arrays. Worst case is that
888 * we need nq * maxMatches elements in each array. However, if
889 * 'firstOnly' is set, we only need one element per matching
892 dn
= am(myself
, (firstOnly
? 1 : nq
) * maxMatches
* sizeof (dn
[0]));
893 odn
= am(myself
, (firstOnly
? 1 : nq
) * maxMatches
* sizeof (odn
[0]));
894 rv
= am(myself
, (firstOnly
? 1 : nq
) * maxMatches
* sizeof (rv
[0]));
895 tpa
= am(myself
, (firstOnly
? 1 : nq
) * maxMatches
* sizeof (tpa
[0]));
896 if (dn
== 0 || odn
== 0 || rv
== 0 || tpa
== 0) {
902 return (LDAP_NO_MEMORY
);
905 /* Unless nq == 1, we don't need the 'tp' value */
909 logmsg(MSG_NOTIMECHECK
,
910 #ifdef NISDB_LDAP_DEBUG
914 #endif /* NISDB_LDAP_DEBUG */
915 "%s: %s: %d * %d potential updates",
916 myself
, NIL(tm
->objName
), nq
, maxMatches
);
918 (void) memset(&dntab
, 0, sizeof (dntab
));
921 * Create DNs, column and attribute values, and merge duplicate DNs.
923 for (iq
= 0, rnq
= 0; iq
< nq
; iq
++) {
926 if ((old
== 0 || old
[iq
] == 0) &&
927 (new == 0 || new[iq
] == 0))
931 * Select matching table mappings; if nq == 1, we've already
932 * got the 'tp' array from above. We expect this to be the
933 * most common case, so it's worth special treatment.
936 tp
= selectTableMapping(tm
,
937 (old
!= 0 && old
[iq
] != 0) ? old
[iq
] : new[iq
], 1, 0,
941 else if (numMatches
<= 0) {
946 idx
= iq
* maxMatches
;
948 if (idx
== 0 || !firstOnly
)
949 (void) memcpy(&tpa
[idx
], tp
,
950 numMatches
* sizeof (tpa
[idx
]));
952 for (n
= 0; n
< numMatches
; n
++) {
954 __nis_rule_value_t
*rvt
= 0;
959 dnt
= map1qToLDAP(tp
[n
],
960 (old
!= 0) ? old
[iq
] : 0,
961 (new != 0) ? new[iq
] : 0,
962 (rvIn
!= 0) ? &rvIn
[iq
] : 0,
968 #ifdef NISDB_LDAP_DEBUG
974 #endif /* NISDB_LDAP_DEBUG */
978 * Create a request to get a rule-value with
979 * NIS+ data translated to LDAP equivalents.
981 ls
= createLdapRequest(tp
[n
], rvt
, 0, 0, NULL
, NULL
);
983 if (ret
== LDAP_SUCCESS
)
984 ret
= LDAP_OPERATIONS_ERROR
;
985 logmsg(MSG_NOTIMECHECK
, LOG_WARNING
,
986 "%s: Unable to map to LDAP attrs for %s:dn=%s",
987 myself
, NIL(tp
[n
]->dbId
), dnt
);
989 freeRuleValue(rvt
, 1);
995 * If the DN is the same as one we already know
996 * about, merge the rule-values.
999 dni
= (__dn_item_t
*)nis_find_item(dnt
, &dntab
);
1003 if (i
>= (firstOnly
? ((idx
< maxMatches
) ?
1004 idx
: maxMatches
) : idx
)) {
1005 goto update_cleanup
;
1008 if (odnt
!= 0 && (dni
->oldDn
== 0 ||
1009 strcasecmp(odnt
, dni
->oldDn
) !=
1011 logmsg(MSG_NOTIMECHECK
, LOG_WARNING
,
1012 "%s: DN mismatch while merging updates: %s: %s != %s",
1013 myself
, NIL(tpa
[i
]->dbId
),
1014 NIL(odnt
), NIL(dni
->oldDn
));
1015 goto update_cleanup
;
1018 if (mergeRuleValue(rv
[i
], rvt
)) {
1019 logmsg(MSG_NOTIMECHECK
, LOG_WARNING
,
1020 "%s: Error merging updates for %s:dn=%s",
1021 myself
, NIL(tpa
[i
]->dbId
),
1023 if ((dni
= (__dn_item_t
*)
1024 nis_remove_item(dnt
, &dntab
)) !=
1030 freeRuleValue(rv
[i
], 1);
1034 goto update_cleanup
;
1041 freeRuleValue(rvt
, 1);
1043 } else if ((iq
== 0 || !firstOnly
) && dnt
!= 0) {
1044 dni
= am(myself
, sizeof (*dni
));
1046 dni
->item
.name
= dnt
;
1047 dni
->index
= idx
+ n
;
1050 logmsg(MSG_NOTIMECHECK
, LOG_WARNING
,
1051 "%s: Skipping update for dn=\"%s\"",
1057 nis_insert_item((NIS_HASH_ITEM
*)dni
,
1059 logmsg(MSG_NOTIMECHECK
, LOG_ERR
,
1060 "%s: Unable to memorize dn=\"%s\"",
1073 freeRuleValue(rvt
, 1);
1076 } else if (dnt
!= 0) {
1079 freeRuleValue(rvt
, 1);
1085 /* Done with the dntab */
1086 while ((dni
= (__dn_item_t
*)nis_pop_item(&dntab
)) != 0) {
1090 logmsg(MSG_NOTIMECHECK
,
1091 #ifdef NISDB_LDAP_DEBUG
1095 #endif /* NISDB_LDAP_DEBUG */
1096 "%s: %s: %d update%s requested",
1097 myself
, NIL(tm
->objName
), rnq
, rnq
!= 1 ? "s" : "");
1099 /* Perform the updates */
1100 for (i
= rnq
= 0; i
< (firstOnly
? maxMatches
: nq
*maxMatches
); i
++) {
1106 #ifdef NISDB_LDAP_DEBUG
1107 logmsg(MSG_NOTIMECHECK
, LOG_INFO
,
1110 (new != 0 && new[i
/maxMatches
] != 0) ?
1111 "modify" : "delete",
1112 NIL(tpa
[i
]->dbId
), dn
[i
]);
1113 #endif /* NISDB_LDAP_DEBUG */
1115 delPerDbId
= (tpa
[i
]->objectDN
->delDisp
== dd_perDbId
);
1116 if ((new != 0 && new[i
/maxMatches
] != 0) || delPerDbId
) {
1118 * Try to modify/create the specified DN. First,
1119 * however, if the update changes the DN, make
1122 if (odn
[i
] == 0 || (r
= ldapChangeDN(odn
[i
], dn
[i
])) ==
1126 addFirst
= (new != 0 &&
1127 new[i
/maxMatches
] != 0 &&
1129 r
= ldapModify(dn
[i
], rv
[i
],
1130 tpa
[i
]->objectDN
->write
.attrs
,
1134 /* Try to delete the specified DN */
1135 r
= ldapModify(dn
[i
], 0,
1136 tpa
[i
]->objectDN
->write
.attrs
, 0);
1139 if (r
== LDAP_SUCCESS
) {
1142 if (ret
== LDAP_SUCCESS
)
1144 logmsg(MSG_NOTIMECHECK
, LOG_ERR
,
1145 "%s: LDAP %s request error %d for %s:dn=%s",
1147 (new != 0 && new[i
/maxMatches
] != 0) ?
1148 "modify" : "delete",
1149 r
, NIL(tpa
[i
]->dbId
), dn
[i
]);
1154 freeRuleValue(rv
[i
], 1);
1163 logmsg(MSG_NOTIMECHECK
,
1164 #ifdef NISDB_LDAP_DEBUG
1168 #endif /* NISDB_LDAP_DEBUG */
1169 "%s: %s: %d update%s performed",
1170 myself
, NIL(tm
->objName
), rnq
, rnq
!= 1 ? "s" : "");
1176 * In nis+2ldap, check if the query 'q' matches the selector index 'x->index'.
1178 * In nis2ldap, if 'name' is provided then check if its value in 'val'
1179 * matches the selector index. If 'name' is NULL, then check if rule-value 'rv'
1180 * matches the index.
1181 * To match the selector index, all fieldspecs in the indexlist should match
1182 * (AND). In nis2ldap, an exception is, if there are multiple fieldspecs with
1183 * the same fieldname then only one of them needs to match (OR).
1185 * Indexlist = [host="H*", host="I*", user="U*", domain="D*"]
1187 * host = "H1", user="U1", domain="D1" ==> pass
1188 * host = "I1", user="U1", domain="D1" ==> pass
1189 * host = "X1", user="U1", domain="D1" ==> fail
1190 * host = "H1", user="X1", domain="D1" ==> fail
1191 * host = "H1", user="U1" ==> fail
1193 * Return 1 in case of a match, 0 otherwise.
1196 verifyIndexMatch(__nis_table_mapping_t
*x
, db_query
*q
,
1197 __nis_rule_value_t
*rv
, char *name
, char *val
) {
1198 int i
, j
, k
, match
= 1;
1199 char *myself
= "verifyIndexMatch";
1202 * The pass and fail arrays are used by N2L to keep track of
1203 * index matches. This saves us from having matches in a
1204 * nested loop to decide OR or AND.
1207 char **pass
, **fail
;
1213 if (x
->index
.numIndexes
<= 0 || (!yp2ldap
&& q
== 0))
1217 if (!(pass
= am(myself
, x
->index
.numIndexes
* sizeof (char *))))
1219 if (!(fail
= am(myself
,
1220 x
->index
.numIndexes
* sizeof (char *)))) {
1227 /* Check each index */
1228 for (i
= 0; i
< x
->index
.numIndexes
; i
++) {
1232 /* Skip NULL index names */
1233 if (x
->index
.name
[i
] == 0)
1236 /* Check N2L values */
1239 if (strcasecmp(x
->index
.name
[i
], name
) == 0)
1244 if (strcasecmp(x
->index
.name
[i
], N2LKEY
) == 0 ||
1245 strcasecmp(x
->index
.name
[i
], N2LIPKEY
)
1248 value
= findVal(x
->index
.name
[i
], rv
,
1252 if (value
&& verifyMappingMatch(x
->index
.value
[i
],
1254 pass
[ppos
++] = x
->index
.name
[i
];
1256 fail
[fpos
++] = x
->index
.name
[i
];
1260 /* If here, means nis+2ldap */
1262 /* Is the index name a known column ? */
1263 for (j
= 0; j
< x
->numColumns
; j
++) {
1264 if (strcmp(x
->index
.name
[i
], x
->column
[j
]) == 0) {
1266 * Do we have a value for the column ?
1268 for (k
= 0; k
< q
->components
.components_len
;
1270 if (q
->components
.components_val
[k
].
1272 value
= q
->components
.
1277 len
= q
->components
.
1291 * If we found a value, check if it matches the
1292 * format. If no value found or no match, this
1293 * mapping is _not_ an alternative. Otherwise,
1294 * we continue checking any other indexes.
1297 !verifyMappingMatch(x
->index
.value
[i
],
1305 for (--fpos
; fpos
>= 0; fpos
--) {
1306 for (i
= 0; i
< ppos
; i
++) {
1307 if (strcmp(pass
[i
], fail
[fpos
]) == 0)
1323 * Return all table mappings that match the column values in 'q'.
1324 * If there's no match, return those alternative mappings that don't
1325 * have an index; if no such mapping exists, return NULL.
1327 * If 'wantWrite' is set, we want mappings for writing (i.e., data
1328 * to LDAP); otherwise, we want mappings for reading.
1330 * If 'wantObj' is set, we want object mappings only (i.e., _not_
1331 * those used to map entries in tables).
1333 * If 'dbId' is non-NULL, we select mappings with a matching dbId field.
1335 __nis_table_mapping_t
**
1336 selectTableMapping(__nis_table_mapping_t
*t
, db_query
*q
,
1337 int wantWrite
, int wantObj
, char *dbId
,
1339 __nis_table_mapping_t
*r
, *x
, **tp
;
1340 int i
, j
, k
, nm
, numap
;
1341 char *myself
= "selectTableMapping";
1343 if (numMatches
== 0)
1347 * Count the number of possible mappings, so that we can
1348 * allocate the 'tp' array up front.
1350 for (numap
= 0, x
= t
; x
!= 0; numap
++, x
= x
->next
);
1357 tp
= am(myself
, numap
* sizeof (tp
[0]));
1366 * q == 0 trivially matches any 't' of the correct object type
1368 * wantObj != 0 means we ignore 'q'
1370 if (q
== 0 || wantObj
) {
1371 for (i
= 0, x
= t
, nm
= 0; i
< numap
; i
++, x
= x
->next
) {
1372 if (x
->objectDN
== 0)
1375 if (x
->objectDN
->write
.scope
==
1379 if (x
->objectDN
->read
.scope
==
1384 if (x
->numColumns
> 0)
1387 if (x
->numColumns
<= 0)
1390 if (dbId
!= 0 && x
->dbId
!= 0 &&
1391 strcmp(dbId
, x
->dbId
) != 0)
1404 /* Scan all mappings, and collect candidates */
1405 for (nm
= 0, r
= 0, x
= t
; x
!= 0; x
= x
->next
) {
1406 if (x
->objectDN
== 0)
1409 if (x
->objectDN
->write
.scope
== LDAP_SCOPE_UNKNOWN
)
1412 if (x
->objectDN
->read
.scope
== LDAP_SCOPE_UNKNOWN
)
1415 /* Only want table/entry mappings */
1416 if (x
->numColumns
<= 0)
1418 if (dbId
!= 0 && x
->dbId
!= 0 &&
1419 strcmp(dbId
, x
->dbId
) != 0)
1422 * It's a match if: there are no indexes, or we actually
1423 * match the query with the indexes.
1425 if (x
->index
.numIndexes
<= 0 ||
1426 verifyIndexMatch(x
, q
, 0, 0, 0)) {
1443 * Return 1 if there's an indexed mapping, 0 otherwise.
1446 haveIndexedMapping(__nis_table_mapping_t
*t
) {
1447 __nis_table_mapping_t
*x
;
1449 for (x
= t
; x
!= 0; x
= x
->next
) {
1450 if (x
->index
.numIndexes
> 0)
1458 * Given an input string 'attrs' of the form "attr1=val1,attr2=val2,...",
1459 * or a filter, return the value associated with the attribute 'attrName'.
1460 * If no instance of 'attrName' is found, return 'default'. In all cases,
1461 * the return value is a copy, and must be freed by the caller.
1463 * Of course, return NULL in case of failure.
1466 attrVal(char *msg
, char *attrName
, char *def
, char *attrs
) {
1467 char *val
, *filter
, **fc
= 0;
1469 char *myself
= "attrVal";
1471 if (attrName
== 0 || attrs
== 0)
1479 filter
= makeFilter(attrs
);
1480 if (filter
!= 0 && (fc
= makeFilterComp(filter
, &nfc
)) != 0 &&
1482 for (i
= 0; i
< nfc
; i
++) {
1486 /* Skip if not of attr=value form */
1487 if ((value
= strchr(name
, '=')) == 0)
1493 if (strcasecmp(attrName
, name
) == 0) {
1501 val
= sdup(msg
, T
, val
);
1504 freeFilterComp(fc
, nfc
);
1509 extern bool_t
xdr_nis_object(register XDR
*xdrs
, nis_object
*objp
);
1512 * Copy an XDR:ed version of the NIS+ object 'o' (or the one indicated
1513 * by 't->objName' if 'o' is NULL) to the place indicated by
1514 * 't->objectDN->write'. Return an appropriate LDAP status code.
1517 objToLDAP(__nis_table_mapping_t
*t
, nis_object
*o
, entry_obj
**ea
, int numEa
) {
1518 __nis_table_mapping_t
**tp
;
1520 nis_result
*res
= 0;
1522 int stat
, osize
, n
, numMatches
= 0;
1524 __nis_rule_value_t
*rv
;
1526 __nis_single_value_t
*sv
;
1527 char **attrName
, *dn
;
1528 char *myself
= "objToLDAP";
1531 return (LDAP_PARAM_ERROR
);
1533 logmsg(MSG_NOTIMECHECK
,
1534 #ifdef NISDB_LDAP_DEBUG
1538 #endif /* NISDB_LDAP_DEBUG */
1539 "%s: %s", myself
, NIL(t
->objName
));
1541 tp
= selectTableMapping(t
, 0, 1, 1, 0, &numMatches
);
1542 if (tp
== 0 || numMatches
<= 0) {
1544 logmsg(MSG_NOTIMECHECK
,
1545 #ifdef NISDB_LDAP_DEBUG
1549 #endif /* NISDB_LDAP_DEBUG */
1550 "%s: %s (no mapping)", myself
, NIL(t
->objName
));
1551 return (LDAP_SUCCESS
);
1554 for (n
= 0; n
< numMatches
; n
++) {
1559 stat
= getNisPlusObj(t
->objName
, myself
, &res
);
1560 if (stat
!= LDAP_SUCCESS
) {
1566 * getNisPlusObj() only returns success when res != 0,
1567 * and res->objects.objects_len > 0, so no need to
1568 * check for those conditons.
1571 o
= res
->objects
.objects_val
;
1574 nis_freeresult(res
);
1575 return (LDAP_OPERATIONS_ERROR
);
1577 if (o
->zo_data
.zo_type
== NIS_DIRECTORY_OBJ
) {
1578 /* XXX??? get dir list, set 'ea' and 'numEa' */
1582 buf
= (char *)xdrNisObject(o
, ea
, numEa
, &osize
);
1584 nis_freeresult(res
);
1589 return (LDAP_OPERATIONS_ERROR
);
1593 * Prepare to build a rule-value containing the XDR:ed
1596 rv
= am(myself
, sizeof (*rv
));
1597 sv
= am(myself
, sizeof (*sv
));
1598 val
= am(myself
, sizeof (*val
));
1599 attrName
= am(myself
, sizeof (attrName
[0]));
1601 attrName
[0] = attrVal(myself
, "nisplusObject",
1603 t
->objectDN
->write
.attrs
);
1604 if (rv
== 0 || sv
== 0 || val
== 0 || attrName
== 0 ||
1612 return (LDAP_NO_MEMORY
);
1618 /* 'vt_ber' just means "not a NUL-terminated string" */
1625 rv
->attrName
= attrName
;
1629 * The 'write.base' is the actual DN of the entry (and the
1630 * scope had better be 'base', but we don't check that).
1632 dn
= t
->objectDN
->write
.base
;
1634 stat
= ldapModify(dn
, rv
, t
->objectDN
->write
.attrs
, 1);
1636 freeRuleValue(rv
, 1);
1638 logmsg(MSG_NOTIMECHECK
,
1639 #ifdef NISDB_LDAP_DEBUG
1643 #endif /* NISDB_LDAP_DEBUG */
1644 "%s: %s (%s)", myself
, NIL(t
->objName
), ldap_err2string(stat
));
1646 if (stat
!= LDAP_SUCCESS
)
1657 * Retrieve a copy of the 't->objName' object from LDAP, where it's
1658 * stored in XDR:ed form in the place indicated by 't->objectDN->read'.
1659 * Un-XDR the object, and return a pointer to it in '*obj'; it's the
1660 * responsibility of the caller to free the object when it's no
1663 * Returns an appropriate LDAP status.
1666 objFromLDAP(__nis_table_mapping_t
*t
, nis_object
**obj
,
1667 entry_obj
***eaP
, int *numEaP
) {
1668 __nis_table_mapping_t
**tp
;
1671 __nis_rule_value_t
*rv
;
1672 __nis_ldap_search_t
*ls
;
1673 char *attrs
[2], *filter
, **fc
= 0;
1675 int i
, j
, nfc
, nrv
, blen
, stat
= LDAP_SUCCESS
;
1677 char *myself
= "objFromLDAP";
1680 return (LDAP_PARAM_ERROR
);
1683 * If there's nowhere to store the result, we might as
1684 * well pretend all went well, and return right away.
1687 return (LDAP_SUCCESS
);
1689 /* Prepare for the worst */
1692 logmsg(MSG_NOTIMECHECK
,
1693 #ifdef NISDB_LDAP_DEBUG
1697 #endif /* NISDB_LDAP_DEBUG */
1698 "%s: %s", myself
, NIL(t
->objName
));
1700 tp
= selectTableMapping(t
, 0, 0, 1, 0, &numMatches
);
1701 if (tp
== 0 || numMatches
<= 0) {
1703 logmsg(MSG_NOTIMECHECK
,
1704 #ifdef NISDB_LDAP_DEBUG
1708 #endif /* NISDB_LDAP_DEBUG */
1709 "%s: %s (no mapping)", myself
, NIL(t
->objName
));
1710 return (LDAP_SUCCESS
);
1713 for (n
= 0; n
< numMatches
; n
++) {
1717 filter
= makeFilter(t
->objectDN
->read
.attrs
);
1718 if (filter
== 0 || (fc
= makeFilterComp(filter
, &nfc
)) == 0 ||
1722 freeFilterComp(fc
, nfc
);
1723 return ((t
->objectDN
->read
.attrs
!= 0) ?
1724 LDAP_NO_MEMORY
: LDAP_PARAM_ERROR
);
1726 /* Don't need the filter, just the components */
1730 * Look for a "nisplusObject" attribute, and (if found) copy
1731 * the value to attrs[0]. Also remove the "nisplusObject"
1732 * attribute and value from the filter components.
1734 attrs
[0] = sdup(myself
, T
, "nisplusObject");
1735 if (attrs
[0] == 0) {
1737 freeFilterComp(fc
, nfc
);
1738 return (LDAP_NO_MEMORY
);
1741 for (i
= 0; i
< nfc
; i
++) {
1746 /* Skip if not of attr=value form */
1747 if ((value
= strchr(name
, '=')) == 0)
1750 /* Temporarily overWrite the '=' with a '\0' */
1753 /* Compare with our target attribute name */
1754 compare
= strcasecmp("nisplusObject", name
);
1756 /* Put back the '=' */
1759 /* Is it the name we're looking for ? */
1762 attrs
[0] = sdup(myself
, T
, value
+1);
1763 if (attrs
[0] == 0) {
1765 freeFilterComp(fc
, nfc
);
1766 return (LDAP_NO_MEMORY
);
1770 (void) memmove(&fc
[i
], &fc
[i
+1],
1771 (nfc
-1-i
) * sizeof (fc
[i
]));
1777 ls
= buildLdapSearch(t
->objectDN
->read
.base
,
1778 t
->objectDN
->read
.scope
,
1779 nfc
, fc
, 0, attrs
, 0, 1);
1781 freeFilterComp(fc
, nfc
);
1784 return (LDAP_OPERATIONS_ERROR
);
1788 rv
= ldapSearch(ls
, &nrv
, 0, &stat
);
1795 for (i
= 0, buf
= 0; i
< nrv
&& buf
== 0; i
++) {
1796 for (j
= 0; j
< rv
[i
].numAttrs
; j
++) {
1797 if (strcasecmp(ls
->attrs
[0],
1798 rv
[i
].attrName
[j
]) == 0) {
1799 if (rv
[i
].attrVal
[j
].numVals
<= 0)
1801 buf
= rv
[i
].attrVal
[j
].val
[0].value
;
1802 blen
= rv
[i
].attrVal
[j
].val
[0].length
;
1809 o
= unXdrNisObject(buf
, blen
, eaP
, numEaP
);
1813 freeRuleValue(rv
, nrv
);
1814 return (LDAP_OPERATIONS_ERROR
);
1816 stat
= LDAP_SUCCESS
;
1819 stat
= LDAP_NO_SUCH_OBJECT
;
1823 freeRuleValue(rv
, nrv
);
1825 logmsg(MSG_NOTIMECHECK
,
1826 #ifdef NISDB_LDAP_DEBUG
1830 #endif /* NISDB_LDAP_DEBUG */
1831 "%s: %s (%s)", myself
, NIL(t
->objName
), ldap_err2string(stat
));
1833 if (stat
!= LDAP_SUCCESS
)
1844 deleteLDAPobj(__nis_table_mapping_t
*t
) {
1845 __nis_table_mapping_t
**tp
;
1846 int n
, stat
, numMatches
= 0;
1847 char *myself
= "deleteLDAPobj";
1850 return (LDAP_PARAM_ERROR
);
1852 logmsg(MSG_NOTIMECHECK
,
1853 #ifdef NISDB_LDAP_DEBUG
1857 #endif /* NISDB_LDAP_DEBUG */
1858 "%s: %s", myself
, NIL(t
->objName
));
1860 tp
= selectTableMapping(t
, 0, 1, 1, 0, &numMatches
);
1861 if (tp
== 0 || numMatches
<= 0) {
1863 logmsg(MSG_NOTIMECHECK
,
1864 #ifdef NISDB_LDAP_DEBUG
1868 #endif /* NISDB_LDAP_DEBUG */
1869 "%s: %s (no mapping)", myself
, NIL(t
->objName
));
1870 return (LDAP_SUCCESS
);
1873 for (n
= 0; n
< numMatches
; n
++) {
1877 if (t
->objectDN
->delDisp
== dd_always
) {
1878 /* Delete entire entry */
1879 stat
= ldapModify(t
->objectDN
->write
.base
, 0,
1880 t
->objectDN
->write
.attrs
, 1);
1881 } else if (t
->objectDN
->delDisp
== dd_perDbId
) {
1883 * Delete the attribute holding the object.
1884 * First, determine what that attribute is called.
1890 t
->objectDN
->write
.attrs
);
1891 __nis_rule_value_t rv
;
1894 if (attrName
== 0) {
1896 return (LDAP_NO_MEMORY
);
1900 * Build a __nis_value_t with 'numVals' < 0 to
1901 * indicate deletion.
1908 * Build a rule-value with the name we determined
1909 * above, and the deletion value.
1911 (void) memset(&rv
, 0, sizeof (rv
));
1913 rv
.attrName
= &attrName
;
1916 stat
= ldapModify(t
->objectDN
->write
.base
, &rv
,
1917 t
->objectDN
->write
.attrs
, 0);
1920 } else if (t
->objectDN
->delDisp
== dd_never
) {
1921 /* Nothing to do, so we're trivially successful */
1922 stat
= LDAP_SUCCESS
;
1924 stat
= LDAP_PARAM_ERROR
;
1927 logmsg(MSG_NOTIMECHECK
,
1928 #ifdef NISDB_LDAP_DEBUG
1932 #endif /* NISDB_LDAP_DEBUG */
1933 "%s: %s (%s)", myself
, NIL(t
->objName
), ldap_err2string(stat
));
1935 /* If there were no such object, we've trivially succeeded */
1936 if (stat
== LDAP_NO_SUCH_OBJECT
)
1937 stat
= LDAP_SUCCESS
;
1939 if (stat
!= LDAP_SUCCESS
)