1/* schema_prep.c - load builtin schema */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 1998-2011 The OpenLDAP Foundation. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted only as authorized by the OpenLDAP 10 * Public License. 11 * 12 * A copy of this license is available in the file LICENSE in the 13 * top-level directory of the distribution or, alternatively, at 14 * <http://www.OpenLDAP.org/license.html>. 15 */ 16 17#include "portable.h" 18 19#include <stdio.h> 20 21#include <ac/ctype.h> 22#include <ac/string.h> 23#include <ac/socket.h> 24 25#include "slap.h" 26 27#define OCDEBUG 0 28 29int schema_init_done = 0; 30 31struct slap_internal_schema slap_schema; 32 33static int 34oidValidate( 35 Syntax *syntax, 36 struct berval *in ) 37{ 38 struct berval val = *in; 39 40 if( val.bv_len == 0 ) { 41 /* disallow empty strings */ 42 return LDAP_INVALID_SYNTAX; 43 } 44 45 if( DESC_LEADCHAR( val.bv_val[0] ) ) { 46 val.bv_val++; 47 val.bv_len--; 48 if ( val.bv_len == 0 ) return LDAP_SUCCESS; 49 50 while( DESC_CHAR( val.bv_val[0] ) ) { 51 val.bv_val++; 52 val.bv_len--; 53 54 if ( val.bv_len == 0 ) return LDAP_SUCCESS; 55 } 56 57 } else { 58 int sep = 0; 59 while( OID_LEADCHAR( val.bv_val[0] ) ) { 60 val.bv_val++; 61 val.bv_len--; 62 63 if ( val.bv_val[-1] != '0' ) { 64 while ( OID_LEADCHAR( val.bv_val[0] )) { 65 val.bv_val++; 66 val.bv_len--; 67 } 68 } 69 70 if( val.bv_len == 0 ) { 71 if( sep == 0 ) break; 72 return LDAP_SUCCESS; 73 } 74 75 if( !OID_SEPARATOR( val.bv_val[0] )) break; 76 77 sep++; 78 val.bv_val++; 79 val.bv_len--; 80 } 81 } 82 83 return LDAP_INVALID_SYNTAX; 84} 85 86 87static int objectClassPretty( 88 Syntax *syntax, 89 struct berval *in, 90 struct berval *out, 91 void *ctx ) 92{ 93 ObjectClass *oc; 94 95 if( oidValidate( NULL, in )) return LDAP_INVALID_SYNTAX; 96 97 oc = oc_bvfind( in ); 98 if( oc == NULL ) return LDAP_INVALID_SYNTAX; 99 100 ber_dupbv_x( out, &oc->soc_cname, ctx ); 101 return LDAP_SUCCESS; 102} 103 104static int 105attributeTypeMatch( 106 int *matchp, 107 slap_mask_t flags, 108 Syntax *syntax, 109 MatchingRule *mr, 110 struct berval *value, 111 void *assertedValue ) 112{ 113 struct berval *a = (struct berval *) assertedValue; 114 AttributeType *at = at_bvfind( value ); 115 AttributeType *asserted = at_bvfind( a ); 116 117 if( asserted == NULL ) { 118 if( OID_LEADCHAR( *a->bv_val ) ) { 119 /* OID form, return FALSE */ 120 *matchp = 1; 121 return LDAP_SUCCESS; 122 } 123 124 /* desc form, return undefined */ 125 return LDAP_INVALID_SYNTAX; 126 } 127 128 if ( at == NULL ) { 129 /* unrecognized stored value */ 130 return LDAP_INVALID_SYNTAX; 131 } 132 133 *matchp = ( asserted != at ); 134 return LDAP_SUCCESS; 135} 136 137static int 138matchingRuleMatch( 139 int *matchp, 140 slap_mask_t flags, 141 Syntax *syntax, 142 MatchingRule *mr, 143 struct berval *value, 144 void *assertedValue ) 145{ 146 struct berval *a = (struct berval *) assertedValue; 147 MatchingRule *mrv = mr_bvfind( value ); 148 MatchingRule *asserted = mr_bvfind( a ); 149 150 if( asserted == NULL ) { 151 if( OID_LEADCHAR( *a->bv_val ) ) { 152 /* OID form, return FALSE */ 153 *matchp = 1; 154 return LDAP_SUCCESS; 155 } 156 157 /* desc form, return undefined */ 158 return LDAP_INVALID_SYNTAX; 159 } 160 161 if ( mrv == NULL ) { 162 /* unrecognized stored value */ 163 return LDAP_INVALID_SYNTAX; 164 } 165 166 *matchp = ( asserted != mrv ); 167 return LDAP_SUCCESS; 168} 169 170static int 171objectClassMatch( 172 int *matchp, 173 slap_mask_t flags, 174 Syntax *syntax, 175 MatchingRule *mr, 176 struct berval *value, 177 void *assertedValue ) 178{ 179 struct berval *a = (struct berval *) assertedValue; 180 ObjectClass *oc = oc_bvfind( value ); 181 ObjectClass *asserted = oc_bvfind( a ); 182 183 if( asserted == NULL ) { 184 if( OID_LEADCHAR( *a->bv_val ) ) { 185 /* OID form, return FALSE */ 186 *matchp = 1; 187 return LDAP_SUCCESS; 188 } 189 190 /* desc form, return undefined */ 191 return LDAP_INVALID_SYNTAX; 192 } 193 194 if ( oc == NULL ) { 195 /* unrecognized stored value */ 196 return LDAP_INVALID_SYNTAX; 197 } 198 199 *matchp = ( asserted != oc ); 200 return LDAP_SUCCESS; 201} 202 203static int 204objectSubClassMatch( 205 int *matchp, 206 slap_mask_t flags, 207 Syntax *syntax, 208 MatchingRule *mr, 209 struct berval *value, 210 void *assertedValue ) 211{ 212 struct berval *a = (struct berval *) assertedValue; 213 ObjectClass *oc = oc_bvfind( value ); 214 ObjectClass *asserted = oc_bvfind( a ); 215 216 if( asserted == NULL ) { 217 if( OID_LEADCHAR( *a->bv_val ) ) { 218 /* OID form, return FALSE */ 219 *matchp = 1; 220 return LDAP_SUCCESS; 221 } 222 223 /* desc form, return undefined */ 224 return LDAP_INVALID_SYNTAX; 225 } 226 227 if ( oc == NULL ) { 228 /* unrecognized stored value */ 229 return LDAP_INVALID_SYNTAX; 230 } 231 232 if( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( flags ) ) { 233 *matchp = ( asserted != oc ); 234 } else { 235 *matchp = !is_object_subclass( asserted, oc ); 236 } 237 238 return LDAP_SUCCESS; 239} 240 241static int objectSubClassIndexer( 242 slap_mask_t use, 243 slap_mask_t mask, 244 Syntax *syntax, 245 MatchingRule *mr, 246 struct berval *prefix, 247 BerVarray values, 248 BerVarray *keysp, 249 void *ctx ) 250{ 251 int rc, noc, i; 252 BerVarray ocvalues; 253 ObjectClass **socs; 254 255 for( noc=0; values[noc].bv_val != NULL; noc++ ) { 256 /* just count em */; 257 } 258 259 /* over allocate */ 260 socs = slap_sl_malloc( (noc+16) * sizeof( ObjectClass * ), ctx ); 261 262 /* initialize */ 263 for( i=0; i<noc; i++ ) { 264 socs[i] = oc_bvfind( &values[i] ); 265 } 266 267 /* expand values */ 268 for( i=0; i<noc; i++ ) { 269 int j; 270 ObjectClass *oc = socs[i]; 271 if( oc == NULL || oc->soc_sups == NULL ) continue; 272 273 for( j=0; oc->soc_sups[j] != NULL; j++ ) { 274 int found = 0; 275 ObjectClass *sup = oc->soc_sups[j]; 276 int k; 277 278 for( k=0; k<noc; k++ ) { 279 if( sup == socs[k] ) { 280 found++; 281 break; 282 } 283 } 284 285 if( !found ) { 286 socs = slap_sl_realloc( socs, 287 sizeof( ObjectClass * ) * (noc+2), ctx ); 288 289 assert( k == noc ); 290 socs[noc++] = sup; 291 } 292 } 293 } 294 295 ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+1), ctx ); 296 /* copy values */ 297 for( i=0; i<noc; i++ ) { 298 if ( socs[i] ) 299 ocvalues[i] = socs[i]->soc_cname; 300 else 301 ocvalues[i] = values[i]; 302 } 303 BER_BVZERO( &ocvalues[i] ); 304 305 rc = octetStringIndexer( use, mask, syntax, mr, 306 prefix, ocvalues, keysp, ctx ); 307 308 slap_sl_free( ocvalues, ctx ); 309 slap_sl_free( socs, ctx ); 310 return rc; 311} 312 313#define objectSubClassFilter octetStringFilter 314 315static ObjectClassSchemaCheckFN rootDseObjectClass; 316static ObjectClassSchemaCheckFN aliasObjectClass; 317static ObjectClassSchemaCheckFN referralObjectClass; 318static ObjectClassSchemaCheckFN subentryObjectClass; 319#ifdef LDAP_DYNAMIC_OBJECTS 320static ObjectClassSchemaCheckFN dynamicObjectClass; 321#endif 322 323static struct slap_schema_oc_map { 324 char *ssom_name; 325 char *ssom_defn; 326 ObjectClassSchemaCheckFN *ssom_check; 327 slap_mask_t ssom_flags; 328 size_t ssom_offset; 329} oc_map[] = { 330 { "top", "( 2.5.6.0 NAME 'top' " 331 "DESC 'top of the superclass chain' " 332 "ABSTRACT MUST objectClass )", 333 0, 0, offsetof(struct slap_internal_schema, si_oc_top) }, 334 { "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 " 335 "NAME 'extensibleObject' " 336 "DESC 'RFC4512: extensible object' " 337 "SUP top AUXILIARY )", 338 0, SLAP_OC_OPERATIONAL, 339 offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, 340 { "alias", "( 2.5.6.1 NAME 'alias' " 341 "DESC 'RFC4512: an alias' " 342 "SUP top STRUCTURAL " 343 "MUST aliasedObjectName )", 344 aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL, 345 offsetof(struct slap_internal_schema, si_oc_alias) }, 346 { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' " 347 "DESC 'namedref: named subordinate referral' " 348 "SUP top STRUCTURAL MUST ref )", 349 referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL, 350 offsetof(struct slap_internal_schema, si_oc_referral) }, 351 { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 " 352 "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) " 353 "DESC 'OpenLDAP Root DSE object' " 354 "SUP top STRUCTURAL MAY cn )", 355 rootDseObjectClass, SLAP_OC_OPERATIONAL, 356 offsetof(struct slap_internal_schema, si_oc_rootdse) }, 357 { "subentry", "( 2.5.17.0 NAME 'subentry' " 358 "DESC 'RFC3672: subentry' " 359 "SUP top STRUCTURAL " 360 "MUST ( cn $ subtreeSpecification ) )", 361 subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL, 362 offsetof(struct slap_internal_schema, si_oc_subentry) }, 363 { "subschema", "( 2.5.20.1 NAME 'subschema' " 364 "DESC 'RFC4512: controlling subschema (sub)entry' " 365 "AUXILIARY " 366 "MAY ( dITStructureRules $ nameForms $ dITContentRules $ " 367 "objectClasses $ attributeTypes $ matchingRules $ " 368 "matchingRuleUse ) )", 369 subentryObjectClass, SLAP_OC_OPERATIONAL, 370 offsetof(struct slap_internal_schema, si_oc_subschema) }, 371#ifdef LDAP_COLLECTIVE_ATTRIBUTES 372 { "collectiveAttributeSubentry", "( 2.5.17.2 " 373 "NAME 'collectiveAttributeSubentry' " 374 "DESC 'RFC3671: collective attribute subentry' " 375 "AUXILIARY )", 376 subentryObjectClass, 377 SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, 378 offsetof( struct slap_internal_schema, 379 si_oc_collectiveAttributeSubentry) }, 380#endif 381#ifdef LDAP_DYNAMIC_OBJECTS 382 { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 " 383 "NAME 'dynamicObject' " 384 "DESC 'RFC2589: Dynamic Object' " 385 "SUP top AUXILIARY )", 386 dynamicObjectClass, SLAP_OC_DYNAMICOBJECT, 387 offsetof(struct slap_internal_schema, si_oc_dynamicObject) }, 388#endif 389 { "glue", "( 1.3.6.1.4.1.4203.666.3.4 " 390 "NAME 'glue' " 391 "DESC 'Glue Entry' " 392 "SUP top STRUCTURAL )", 393 0, SLAP_OC_GLUE|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, 394 offsetof(struct slap_internal_schema, si_oc_glue) }, 395 { "syncConsumerSubentry", "( 1.3.6.1.4.1.4203.666.3.5 " 396 "NAME 'syncConsumerSubentry' " 397 "DESC 'Persistent Info for SyncRepl Consumer' " 398 "AUXILIARY " 399 "MAY syncreplCookie )", 400 0, SLAP_OC_SYNCCONSUMERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, 401 offsetof(struct slap_internal_schema, si_oc_syncConsumerSubentry) }, 402 { "syncProviderSubentry", "( 1.3.6.1.4.1.4203.666.3.6 " 403 "NAME 'syncProviderSubentry' " 404 "DESC 'Persistent Info for SyncRepl Producer' " 405 "AUXILIARY " 406 "MAY contextCSN )", 407 0, SLAP_OC_SYNCPROVIDERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, 408 offsetof(struct slap_internal_schema, si_oc_syncProviderSubentry) }, 409 { "container", "( 1.2.840.113556.1.3.23 " 410 "NAME 'container' " 411 "STRUCTURAL " 412 "MUST cn )", 413 0, 0, 414 offsetof(struct slap_internal_schema, si_oc_container) }, 415 416 { NULL, NULL, NULL, 0, 0 } 417}; 418 419static AttributeTypeSchemaCheckFN rootDseAttribute; 420static AttributeTypeSchemaCheckFN aliasAttribute; 421static AttributeTypeSchemaCheckFN referralAttribute; 422static AttributeTypeSchemaCheckFN subentryAttribute; 423static AttributeTypeSchemaCheckFN administrativeRoleAttribute; 424#ifdef LDAP_DYNAMIC_OBJECTS 425static AttributeTypeSchemaCheckFN dynamicAttribute; 426#endif 427 428static struct slap_schema_ad_map { 429 char *ssam_name; 430 char *ssam_defn; 431 AttributeTypeSchemaCheckFN *ssam_check; 432 slap_mask_t ssam_flags; 433 slap_syntax_validate_func *ssam_syn_validate; 434 slap_syntax_transform_func *ssam_syn_pretty; 435 slap_mr_convert_func *ssam_mr_convert; 436 slap_mr_normalize_func *ssam_mr_normalize; 437 slap_mr_match_func *ssam_mr_match; 438 slap_mr_indexer_func *ssam_mr_indexer; 439 slap_mr_filter_func *ssam_mr_filter; 440 size_t ssam_offset; 441} ad_map[] = { 442 { "objectClass", "( 2.5.4.0 NAME 'objectClass' " 443 "DESC 'RFC4512: object classes of the entity' " 444 "EQUALITY objectIdentifierMatch " 445 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", 446 NULL, SLAP_AT_FINAL, 447 oidValidate, objectClassPretty, 448 NULL, NULL, objectSubClassMatch, 449 objectSubClassIndexer, objectSubClassFilter, 450 offsetof(struct slap_internal_schema, si_ad_objectClass) }, 451 452 /* user entry operational attributes */ 453 { "structuralObjectClass", "( 2.5.21.9 NAME 'structuralObjectClass' " 454 "DESC 'RFC4512: structural object class of entry' " 455 "EQUALITY objectIdentifierMatch " 456 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " 457 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 458 NULL, 0, 459 oidValidate, objectClassPretty, 460 NULL, NULL, objectSubClassMatch, 461 objectSubClassIndexer, objectSubClassFilter, 462 offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) }, 463 { "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' " 464 "DESC 'RFC4512: time which object was created' " 465 "EQUALITY generalizedTimeMatch " 466 "ORDERING generalizedTimeOrderingMatch " 467 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " 468 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 469 NULL, SLAP_AT_MANAGEABLE, 470 NULL, NULL, 471 NULL, NULL, NULL, NULL, NULL, 472 offsetof(struct slap_internal_schema, si_ad_createTimestamp) }, 473 { "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' " 474 "DESC 'RFC4512: time which object was last modified' " 475 "EQUALITY generalizedTimeMatch " 476 "ORDERING generalizedTimeOrderingMatch " 477 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " 478 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 479 NULL, SLAP_AT_MANAGEABLE, 480 NULL, NULL, 481 NULL, NULL, NULL, NULL, NULL, 482 offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, 483 { "creatorsName", "( 2.5.18.3 NAME 'creatorsName' " 484 "DESC 'RFC4512: name of creator' " 485 "EQUALITY distinguishedNameMatch " 486 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 487 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 488 NULL, SLAP_AT_MANAGEABLE, 489 NULL, NULL, 490 NULL, NULL, NULL, NULL, NULL, 491 offsetof(struct slap_internal_schema, si_ad_creatorsName) }, 492 { "modifiersName", "( 2.5.18.4 NAME 'modifiersName' " 493 "DESC 'RFC4512: name of last modifier' " 494 "EQUALITY distinguishedNameMatch " 495 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 496 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 497 NULL, SLAP_AT_MANAGEABLE, 498 NULL, NULL, 499 NULL, NULL, NULL, NULL, NULL, 500 offsetof(struct slap_internal_schema, si_ad_modifiersName) }, 501 { "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' " 502 "DESC 'X.501: entry has children' " 503 "EQUALITY booleanMatch " 504 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 " 505 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 506 NULL, SLAP_AT_DYNAMIC, 507 NULL, NULL, 508 NULL, NULL, NULL, NULL, NULL, 509 offsetof(struct slap_internal_schema, si_ad_hasSubordinates) }, 510 { "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' " 511 "DESC 'RFC4512: name of controlling subschema entry' " 512 "EQUALITY distinguishedNameMatch " 513 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE " 514 "NO-USER-MODIFICATION USAGE directoryOperation )", 515 NULL, SLAP_AT_DYNAMIC, 516 NULL, NULL, 517 NULL, NULL, NULL, NULL, NULL, 518 offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, 519#ifdef LDAP_COLLECTIVE_ATTRIBUTES 520 { "collectiveAttributeSubentries", "( 2.5.18.12 " 521 "NAME 'collectiveAttributeSubentries' " 522 "DESC 'RFC3671: collective attribute subentries' " 523 "EQUALITY distinguishedNameMatch " 524 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 525 "NO-USER-MODIFICATION USAGE directoryOperation )", 526 NULL, SLAP_AT_HIDE, 527 NULL, NULL, 528 NULL, NULL, NULL, NULL, NULL, 529 offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) }, 530 { "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' " 531 "DESC 'RFC3671: collective attribute exclusions' " 532 "EQUALITY objectIdentifierMatch " 533 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " 534 "USAGE directoryOperation )", 535 NULL, SLAP_AT_HIDE, 536 NULL, NULL, 537 NULL, NULL, NULL, NULL, NULL, 538 offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, 539#endif 540 541 { "entryDN", "( 1.3.6.1.1.20 NAME 'entryDN' " 542 "DESC 'DN of the entry' " 543 "EQUALITY distinguishedNameMatch " 544 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 545 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 546 NULL, SLAP_AT_DYNAMIC, 547 NULL, NULL, 548 NULL, NULL, NULL, NULL, NULL, 549 offsetof(struct slap_internal_schema, si_ad_entryDN) }, 550 { "entryUUID", "( 1.3.6.1.1.16.4 NAME 'entryUUID' " 551 "DESC 'UUID of the entry' " 552 "EQUALITY UUIDMatch " 553 "ORDERING UUIDOrderingMatch " 554 "SYNTAX 1.3.6.1.1.16.1 " 555 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 556 NULL, SLAP_AT_MANAGEABLE, 557 NULL, NULL, 558 NULL, NULL, NULL, NULL, NULL, 559 offsetof(struct slap_internal_schema, si_ad_entryUUID) }, 560 { "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' " 561 "DESC 'change sequence number of the entry content' " 562 "EQUALITY CSNMatch " 563 "ORDERING CSNOrderingMatch " 564 "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " 565 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 566 NULL, SLAP_AT_HIDE, 567 NULL, NULL, 568 NULL, NULL, NULL, NULL, NULL, 569 offsetof(struct slap_internal_schema, si_ad_entryCSN) }, 570 { "namingCSN", "( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' " 571 "DESC 'change sequence number of the entry naming (RDN)' " 572 "EQUALITY CSNMatch " 573 "ORDERING CSNOrderingMatch " 574 "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " 575 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 576 NULL, SLAP_AT_HIDE, 577 NULL, NULL, 578 NULL, NULL, NULL, NULL, NULL, 579 offsetof(struct slap_internal_schema, si_ad_namingCSN) }, 580 581#ifdef LDAP_SUPERIOR_UUID 582 { "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' " 583 "DESC 'UUID of the superior entry' " 584 "EQUALITY UUIDMatch " 585 "ORDERING UUIDOrderingMatch " 586 "SYNTAX 1.3.6.1.1.16.1 " 587 "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", 588 NULL, SLAP_AT_HIDE, 589 NULL, NULL, 590 NULL, NULL, NULL, NULL, NULL, 591 offsetof(struct slap_internal_schema, si_ad_superiorUUID) }, 592#endif 593 594 { "syncreplCookie", "( 1.3.6.1.4.1.4203.666.1.23 " 595 "NAME 'syncreplCookie' " 596 "DESC 'syncrepl Cookie for shadow copy' " 597 "EQUALITY octetStringMatch " 598 "ORDERING octetStringOrderingMatch " 599 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " 600 "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", 601 NULL, SLAP_AT_HIDE, 602 NULL, NULL, 603 NULL, NULL, NULL, NULL, NULL, 604 offsetof(struct slap_internal_schema, si_ad_syncreplCookie) }, 605 606 { "contextCSN", "( 1.3.6.1.4.1.4203.666.1.25 " 607 "NAME 'contextCSN' " 608 "DESC 'the largest committed CSN of a context' " 609 "EQUALITY CSNMatch " 610 "ORDERING CSNOrderingMatch " 611 "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " 612 "NO-USER-MODIFICATION USAGE dSAOperation )", 613 NULL, SLAP_AT_HIDE, 614 NULL, NULL, 615 NULL, NULL, NULL, NULL, NULL, 616 offsetof(struct slap_internal_schema, si_ad_contextCSN) }, 617 618#ifdef LDAP_SYNC_TIMESTAMP 619 { "syncTimestamp", "( 1.3.6.1.4.1.4203.666.1.26 NAME 'syncTimestamp' " 620 "DESC 'Time which object was replicated' " 621 "EQUALITY generalizedTimeMatch " 622 "ORDERING generalizedTimeOrderingMatch " 623 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " 624 "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", 625 NULL, 0, 626 NULL, NULL, 627 NULL, NULL, NULL, NULL, NULL, 628 offsetof(struct slap_internal_schema, si_ad_syncTimestamp) }, 629#endif 630 631 /* root DSE attributes */ 632 { "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' " 633 "DESC 'RFC4512: alternative servers' " 634 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )", 635 rootDseAttribute, 0, 636 NULL, NULL, 637 NULL, NULL, NULL, NULL, NULL, 638 offsetof(struct slap_internal_schema, si_ad_altServer) }, 639 { "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 " 640 "NAME 'namingContexts' " 641 "DESC 'RFC4512: naming contexts' " 642 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )", 643 rootDseAttribute, 0, 644 NULL, NULL, 645 NULL, NULL, NULL, NULL, NULL, 646 offsetof(struct slap_internal_schema, si_ad_namingContexts) }, 647 { "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 " 648 "NAME 'supportedControl' " 649 "DESC 'RFC4512: supported controls' " 650 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", 651 rootDseAttribute, 0, 652 NULL, NULL, 653 NULL, NULL, NULL, NULL, NULL, 654 offsetof(struct slap_internal_schema, si_ad_supportedControl) }, 655 { "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 " 656 "NAME 'supportedExtension' " 657 "DESC 'RFC4512: supported extended operations' " 658 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", 659 rootDseAttribute, 0, 660 NULL, NULL, 661 NULL, NULL, NULL, NULL, NULL, 662 offsetof(struct slap_internal_schema, si_ad_supportedExtension) }, 663 { "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 " 664 "NAME 'supportedLDAPVersion' " 665 "DESC 'RFC4512: supported LDAP versions' " 666 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )", 667 rootDseAttribute, 0, 668 NULL, NULL, 669 NULL, NULL, NULL, NULL, NULL, 670 offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) }, 671 { "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 " 672 "NAME 'supportedSASLMechanisms' " 673 "DESC 'RFC4512: supported SASL mechanisms'" 674 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )", 675 rootDseAttribute, 0, 676 NULL, NULL, 677 NULL, NULL, NULL, NULL, NULL, 678 offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) }, 679 { "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 " 680 "NAME 'supportedFeatures' " 681 "DESC 'RFC4512: features supported by the server' " 682 "EQUALITY objectIdentifierMatch " 683 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " 684 "USAGE dSAOperation )", 685 rootDseAttribute, 0, 686 NULL, NULL, 687 NULL, NULL, NULL, NULL, NULL, 688 offsetof(struct slap_internal_schema, si_ad_supportedFeatures) }, 689 { "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 " 690 "NAME 'monitorContext' " 691 "DESC 'monitor context' " 692 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 693 "EQUALITY distinguishedNameMatch " 694 "SINGLE-VALUE NO-USER-MODIFICATION " 695 "USAGE dSAOperation )", 696 rootDseAttribute, SLAP_AT_HIDE, 697 NULL, NULL, 698 NULL, NULL, NULL, NULL, NULL, 699 offsetof(struct slap_internal_schema, si_ad_monitorContext) }, 700 { "configContext", "( 1.3.6.1.4.1.4203.1.12.2.1 " 701 "NAME 'configContext' " 702 "DESC 'config context' " 703 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 704 "EQUALITY distinguishedNameMatch " 705 "SINGLE-VALUE NO-USER-MODIFICATION " 706 "USAGE dSAOperation )", 707 rootDseAttribute, SLAP_AT_HIDE, 708 NULL, NULL, 709 NULL, NULL, NULL, NULL, NULL, 710 offsetof(struct slap_internal_schema, si_ad_configContext) }, 711 { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' " 712 "DESC 'RFC3045: name of implementation vendor' " 713 "EQUALITY caseExactMatch " 714 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 715 "SINGLE-VALUE NO-USER-MODIFICATION " 716 "USAGE dSAOperation )", 717 rootDseAttribute, 0, 718 NULL, NULL, 719 NULL, NULL, NULL, NULL, NULL, 720 offsetof(struct slap_internal_schema, si_ad_vendorName) }, 721 { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' " 722 "DESC 'RFC3045: version of implementation' " 723 "EQUALITY caseExactMatch " 724 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 725 "SINGLE-VALUE NO-USER-MODIFICATION " 726 "USAGE dSAOperation )", 727 rootDseAttribute, 0, 728 NULL, NULL, 729 NULL, NULL, NULL, NULL, NULL, 730 offsetof(struct slap_internal_schema, si_ad_vendorVersion) }, 731 { "operatingSystemVersion", "( 1.2.840.113556.1.4.364 NAME 'operatingSystemVersion' " 732 "DESC 'Operating system version' " 733 "EQUALITY caseExactMatch " 734 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 735 "SINGLE-VALUE NO-USER-MODIFICATION " 736 "USAGE dSAOperation )", 737 rootDseAttribute, 0, 738 NULL, NULL, 739 NULL, NULL, NULL, NULL, NULL, 740 offsetof(struct slap_internal_schema, si_ad_operatingSystemVersion) }, 741 { "saslRealm", "( 1.3.6.1.1.6 NAME 'saslRealm' " 742 "DESC 'SASL realm name' " 743 "EQUALITY caseExactMatch " 744 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 745 "SINGLE-VALUE )", 746 rootDseAttribute, 0, 747 NULL, NULL, 748 NULL, NULL, NULL, NULL, NULL, 749 offsetof(struct slap_internal_schema, si_ad_saslRealm) }, 750 751 /* subentry attributes */ 752 { "administrativeRole", "( 2.5.18.5 NAME 'administrativeRole' " 753 "DESC 'RFC3672: administrative role' " 754 "EQUALITY objectIdentifierMatch " 755 "USAGE directoryOperation " 756 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", 757 administrativeRoleAttribute, SLAP_AT_HIDE, 758 NULL, NULL, 759 NULL, NULL, NULL, NULL, NULL, 760 offsetof(struct slap_internal_schema, si_ad_administrativeRole) }, 761 { "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' " 762 "DESC 'RFC3672: subtree specification' " 763 "SINGLE-VALUE " 764 "USAGE directoryOperation " 765 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )", 766 subentryAttribute, SLAP_AT_HIDE, 767 NULL, NULL, 768 NULL, NULL, NULL, NULL, NULL, 769 offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) }, 770 771 /* subschema subentry attributes */ 772 { "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' " 773 "DESC 'RFC4512: DIT structure rules' " 774 "EQUALITY integerFirstComponentMatch " 775 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 " 776 "USAGE directoryOperation ) ", 777 subentryAttribute, SLAP_AT_HIDE, 778 NULL, NULL, 779 NULL, NULL, NULL, NULL, NULL, 780 offsetof(struct slap_internal_schema, si_ad_ditStructureRules) }, 781 { "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' " 782 "DESC 'RFC4512: DIT content rules' " 783 "EQUALITY objectIdentifierFirstComponentMatch " 784 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )", 785 subentryAttribute, SLAP_AT_HIDE, 786 oidValidate, NULL, 787 NULL, NULL, objectClassMatch, NULL, NULL, 788 offsetof(struct slap_internal_schema, si_ad_ditContentRules) }, 789 { "matchingRules", "( 2.5.21.4 NAME 'matchingRules' " 790 "DESC 'RFC4512: matching rules' " 791 "EQUALITY objectIdentifierFirstComponentMatch " 792 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )", 793 subentryAttribute, 0, 794 oidValidate, NULL, 795 NULL, NULL, matchingRuleMatch, NULL, NULL, 796 offsetof(struct slap_internal_schema, si_ad_matchingRules) }, 797 { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' " 798 "DESC 'RFC4512: attribute types' " 799 "EQUALITY objectIdentifierFirstComponentMatch " 800 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", 801 subentryAttribute, 0, 802 oidValidate, NULL, 803 NULL, NULL, attributeTypeMatch, NULL, NULL, 804 offsetof(struct slap_internal_schema, si_ad_attributeTypes) }, 805 { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' " 806 "DESC 'RFC4512: object classes' " 807 "EQUALITY objectIdentifierFirstComponentMatch " 808 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", 809 subentryAttribute, 0, 810 oidValidate, NULL, 811 NULL, NULL, objectClassMatch, NULL, NULL, 812 offsetof(struct slap_internal_schema, si_ad_objectClasses) }, 813 { "nameForms", "( 2.5.21.7 NAME 'nameForms' " 814 "DESC 'RFC4512: name forms ' " 815 "EQUALITY objectIdentifierFirstComponentMatch " 816 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )", 817 subentryAttribute, SLAP_AT_HIDE, 818 NULL, NULL, 819 NULL, NULL, NULL, NULL, NULL, 820 offsetof(struct slap_internal_schema, si_ad_nameForms) }, 821 { "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' " 822 "DESC 'RFC4512: matching rule uses' " 823 "EQUALITY objectIdentifierFirstComponentMatch " 824 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )", 825 subentryAttribute, 0, 826 oidValidate, NULL, 827 NULL, NULL, matchingRuleMatch, NULL, NULL, 828 offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) }, 829 830 { "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' " 831 "DESC 'RFC4512: LDAP syntaxes' " 832 "EQUALITY objectIdentifierFirstComponentMatch " 833 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )", 834 subentryAttribute, 0, 835 NULL, NULL, 836 NULL, NULL, NULL, NULL, NULL, 837 offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) }, 838 839 /* knowledge information */ 840 { "aliasedObjectName", "( 2.5.4.1 " 841 "NAME ( 'aliasedObjectName' 'aliasedEntryName' ) " 842 "DESC 'RFC4512: name of aliased object' " 843 "EQUALITY distinguishedNameMatch " 844 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", 845 aliasAttribute, SLAP_AT_FINAL, 846 NULL, NULL, 847 NULL, NULL, NULL, NULL, NULL, 848 offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) }, 849 { "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' " 850 "DESC 'RFC3296: subordinate referral URL' " 851 "EQUALITY caseExactMatch " 852 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 853 "USAGE distributedOperation )", 854 referralAttribute, 0, 855 NULL, NULL, 856 NULL, NULL, NULL, NULL, NULL, 857 offsetof(struct slap_internal_schema, si_ad_ref) }, 858 859 /* access control internals */ 860 { "entry", "( 1.3.6.1.4.1.4203.1.3.1 " 861 "NAME 'entry' " 862 "DESC 'OpenLDAP ACL entry pseudo-attribute' " 863 "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " 864 "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", 865 NULL, SLAP_AT_HIDE, 866 NULL, NULL, 867 NULL, NULL, NULL, NULL, NULL, 868 offsetof(struct slap_internal_schema, si_ad_entry) }, 869 { "children", "( 1.3.6.1.4.1.4203.1.3.2 " 870 "NAME 'children' " 871 "DESC 'OpenLDAP ACL children pseudo-attribute' " 872 "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " 873 "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", 874 NULL, SLAP_AT_HIDE, 875 NULL, NULL, 876 NULL, NULL, NULL, NULL, NULL, 877 offsetof(struct slap_internal_schema, si_ad_children) }, 878 879 /* access control externals */ 880 { "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 " 881 "NAME ( 'authzTo' 'saslAuthzTo' ) " 882 "DESC 'proxy authorization targets' " 883 "EQUALITY authzMatch " 884 "SYNTAX 1.3.6.1.4.1.4203.666.2.7 " 885 "X-ORDERED 'VALUES' " 886 "USAGE distributedOperation )", 887 NULL, SLAP_AT_HIDE, 888 NULL, NULL, 889 NULL, NULL, NULL, NULL, NULL, 890 offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) }, 891 { "authzFrom", "( 1.3.6.1.4.1.4203.666.1.9 " 892 "NAME ( 'authzFrom' 'saslAuthzFrom' ) " 893 "DESC 'proxy authorization sources' " 894 "EQUALITY authzMatch " 895 "SYNTAX 1.3.6.1.4.1.4203.666.2.7 " 896 "X-ORDERED 'VALUES' " 897 "USAGE distributedOperation )", 898 NULL, SLAP_AT_HIDE, 899 NULL, NULL, 900 NULL, NULL, NULL, NULL, NULL, 901 offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) }, 902 903#ifdef LDAP_DYNAMIC_OBJECTS 904 { "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' " 905 "DESC 'RFC2589: entry time-to-live' " 906 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE " 907 "NO-USER-MODIFICATION USAGE dSAOperation )", 908 dynamicAttribute, SLAP_AT_MANAGEABLE, 909 NULL, NULL, 910 NULL, NULL, NULL, NULL, NULL, 911 offsetof(struct slap_internal_schema, si_ad_entryTtl) }, 912 { "dynamicSubtrees", "( 1.3.6.1.4.1.1466.101.119.4 " 913 "NAME 'dynamicSubtrees' " 914 "DESC 'RFC2589: dynamic subtrees' " 915 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " 916 "USAGE dSAOperation )", 917 rootDseAttribute, 0, 918 NULL, NULL, 919 NULL, NULL, NULL, NULL, NULL, 920 offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) }, 921#endif 922 923 /* userApplication attributes (which system schema depends upon) */ 924 { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' " 925 "DESC 'RFC4519: common supertype of DN attributes' " 926 "EQUALITY distinguishedNameMatch " 927 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", 928 NULL, SLAP_AT_ABSTRACT, 929 NULL, NULL, 930 NULL, NULL, NULL, NULL, NULL, 931 offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, 932 { "name", "( 2.5.4.41 NAME 'name' " 933 "DESC 'RFC4519: common supertype of name attributes' " 934 "EQUALITY caseIgnoreMatch " 935 "SUBSTR caseIgnoreSubstringsMatch " 936 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", 937 NULL, SLAP_AT_ABSTRACT, 938 NULL, NULL, 939 NULL, NULL, NULL, NULL, NULL, 940 offsetof(struct slap_internal_schema, si_ad_name) }, 941 { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) " 942 "DESC 'RFC4519: common name(s) for which the entity is known by' " 943 "SUP name )", 944 NULL, 0, 945 NULL, NULL, 946 NULL, NULL, NULL, NULL, NULL, 947 offsetof(struct slap_internal_schema, si_ad_cn) }, 948 { "uid", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) " 949 "DESC 'RFC4519: user identifier' " 950 "EQUALITY caseIgnoreMatch " 951 "SUBSTR caseIgnoreSubstringsMatch " 952 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", 953 NULL, 0, 954 NULL, NULL, 955 NULL, NULL, NULL, NULL, NULL, 956 offsetof(struct slap_internal_schema, si_ad_uid) }, 957 { "uidNumber", /* for ldapi:// */ 958 "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' " 959 "DESC 'RFC2307: An integer uniquely identifying a user " 960 "in an administrative domain' " 961 "EQUALITY integerMatch " 962 "ORDERING integerOrderingMatch " 963 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", 964 NULL, 0, 965 NULL, NULL, 966 NULL, NULL, NULL, NULL, NULL, 967 offsetof(struct slap_internal_schema, si_ad_uidNumber) }, 968 { "gidNumber", /* for ldapi:// */ 969 "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' " 970 "DESC 'RFC2307: An integer uniquely identifying a group " 971 "in an administrative domain' " 972 "EQUALITY integerMatch " 973 "ORDERING integerOrderingMatch " 974 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", 975 NULL, 0, 976 NULL, NULL, 977 NULL, NULL, NULL, NULL, NULL, 978 offsetof(struct slap_internal_schema, si_ad_gidNumber) }, 979 { "userPassword", "( 2.5.4.35 NAME 'userPassword' " 980 "DESC 'RFC4519/2307: password of user' " 981 "EQUALITY octetStringMatch " 982 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )", 983 NULL, 0, 984 NULL, NULL, 985 NULL, NULL, NULL, NULL, NULL, 986 offsetof(struct slap_internal_schema, si_ad_userPassword) }, 987 988 { "labeledURI", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' " 989 "DESC 'RFC2079: Uniform Resource Identifier with optional label' " 990 "EQUALITY caseExactMatch " 991 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", 992 NULL, 0, 993 NULL, NULL, 994 NULL, NULL, NULL, NULL, NULL, 995 offsetof(struct slap_internal_schema, si_ad_labeledURI) }, 996 997#ifdef SLAPD_AUTHPASSWD 998 { "authPassword", "( 1.3.6.1.4.1.4203.1.3.4 " 999 "NAME 'authPassword' " 1000 "DESC 'RFC3112: authentication password attribute' " 1001 "EQUALITY 1.3.6.1.4.1.4203.1.2.2 " 1002 "SYNTAX 1.3.6.1.4.1.4203.1.1.2 )", 1003 NULL, 0, 1004 NULL, NULL, 1005 NULL, NULL, NULL, NULL, NULL, 1006 offsetof(struct slap_internal_schema, si_ad_authPassword) }, 1007 { "supportedAuthPasswordSchemes", "( 1.3.6.1.4.1.4203.1.3.3 " 1008 "NAME 'supportedAuthPasswordSchemes' " 1009 "DESC 'RFC3112: supported authPassword schemes' " 1010 "EQUALITY caseExactIA5Match " 1011 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} " 1012 "USAGE dSAOperation )", 1013 subschemaAttribute, 0, 1014 NULL, NULL, 1015 NULL, NULL, NULL, NULL, NULL, 1016 offsetof(struct slap_internal_schema, si_ad_authPasswordSchemes) }, 1017#endif 1018 { "krbName", "( 1.3.6.1.4.1.250.1.32 " 1019 "NAME ( 'krbName' 'kerberosName' ) " 1020 "DESC 'Kerberos principal associated with object' " 1021 "EQUALITY caseIgnoreIA5Match " 1022 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 " 1023 "SINGLE-VALUE )", 1024 NULL, 0, 1025 NULL, NULL, 1026 NULL, NULL, NULL, NULL, NULL, 1027 offsetof(struct slap_internal_schema, si_ad_krbName) }, 1028 { "authAuthority", "( 1.3.6.1.4.1.63.1000.1.1.2.16.2 " 1029 "NAME 'authAuthority' " 1030 "DESC 'password server authentication authority' " 1031 "EQUALITY caseExactMatch " 1032 "SUBSTR caseExactSubstringsMatch " 1033 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ", 1034 NULL, 0, 1035 NULL, NULL, 1036 NULL, NULL, NULL, NULL, NULL, 1037 offsetof(struct slap_internal_schema, si_ad_authAuthority) }, 1038 { "dNSHostName", "( 1.2.840.113556.1.4.619 " 1039 "NAME 'dNSHostName' " 1040 "DESC 'DNS fully qualified domain name' " 1041 "EQUALITY caseExactMatch " 1042 "SUBSTR caseExactSubstringsMatch " 1043 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) " 1044 "SINGLE-VALUE )", 1045 NULL, 0, 1046 NULL, NULL, 1047 NULL, NULL, NULL, NULL, NULL, 1048 offsetof(struct slap_internal_schema, si_ad_dnsHostName) }, 1049 1050 { "description", "( 2.5.4.13 NAME 'description' " 1051 "DESC 'RFC4519: descriptive information' " 1052 "EQUALITY caseIgnoreMatch " 1053 "SUBSTR caseIgnoreSubstringsMatch " 1054 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )", 1055 NULL, 0, 1056 NULL, NULL, 1057 NULL, NULL, NULL, NULL, NULL, 1058 offsetof(struct slap_internal_schema, si_ad_description) }, 1059 1060 { "seeAlso", "( 2.5.4.34 NAME 'seeAlso' " 1061 "DESC 'RFC4519: DN of related object' " 1062 "SUP distinguishedName )", 1063 NULL, 0, 1064 NULL, NULL, 1065 NULL, NULL, NULL, NULL, NULL, 1066 offsetof(struct slap_internal_schema, si_ad_seeAlso) }, 1067 1068 { NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 } 1069}; 1070 1071static AttributeType slap_at_undefined = { 1072 { "1.1.1", NULL, "Catchall for undefined attribute types", 1, NULL, 1073 NULL, NULL, NULL, NULL, 1074 0, 0, 0, 1, LDAP_SCHEMA_DSA_OPERATION, NULL }, /* LDAPAttributeType */ 1075 BER_BVC("UNDEFINED"), /* cname */ 1076 NULL, /* sup */ 1077 NULL, /* subtypes */ 1078 NULL, NULL, NULL, NULL, /* matching rules routines */ 1079 NULL, /* syntax (will be set later to "octetString") */ 1080 NULL, /* schema check function */ 1081 NULL, /* oidmacro */ 1082 NULL, /* soidmacro */ 1083 SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */ 1084 { NULL }, /* next */ 1085 NULL /* attribute description */ 1086 /* mutex (don't know how to initialize it :) */ 1087}; 1088 1089static AttributeType slap_at_proxied = { 1090 { "1.1.1", NULL, "Catchall for undefined proxied attribute types", 1, NULL, 1091 NULL, NULL, NULL, NULL, 1092 0, 0, 0, 0, LDAP_SCHEMA_USER_APPLICATIONS, NULL }, /* LDAPAttributeType */ 1093 BER_BVC("PROXIED"), /* cname */ 1094 NULL, /* sup */ 1095 NULL, /* subtypes */ 1096 NULL, NULL, NULL, NULL, /* matching rules routines (will be set later) */ 1097 NULL, /* syntax (will be set later to "octetString") */ 1098 NULL, /* schema check function */ 1099 NULL, /* oidmacro */ 1100 NULL, /* soidmacro */ 1101 SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */ 1102 { NULL }, /* next */ 1103 NULL /* attribute description */ 1104 /* mutex (don't know how to initialize it :) */ 1105}; 1106 1107static struct slap_schema_mr_map { 1108 char *ssmm_name; 1109 size_t ssmm_offset; 1110} mr_map[] = { 1111 { "caseExactIA5Match", 1112 offsetof(struct slap_internal_schema, si_mr_caseExactIA5Match) }, 1113 { "caseExactMatch", 1114 offsetof(struct slap_internal_schema, si_mr_caseExactMatch) }, 1115 { "caseExactSubstringsMatch", 1116 offsetof(struct slap_internal_schema, si_mr_caseExactSubstringsMatch) }, 1117 { "distinguishedNameMatch", 1118 offsetof(struct slap_internal_schema, si_mr_distinguishedNameMatch) }, 1119 { "dnSubtreeMatch", 1120 offsetof(struct slap_internal_schema, si_mr_dnSubtreeMatch) }, 1121 { "dnOneLevelMatch", 1122 offsetof(struct slap_internal_schema, si_mr_dnOneLevelMatch) }, 1123 { "dnSubordinateMatch", 1124 offsetof(struct slap_internal_schema, si_mr_dnSubordinateMatch) }, 1125 { "dnSuperiorMatch", 1126 offsetof(struct slap_internal_schema, si_mr_dnSuperiorMatch) }, 1127 { "integerMatch", 1128 offsetof(struct slap_internal_schema, si_mr_integerMatch) }, 1129 { "integerFirstComponentMatch", 1130 offsetof(struct slap_internal_schema, 1131 si_mr_integerFirstComponentMatch) }, 1132 { "objectIdentifierFirstComponentMatch", 1133 offsetof(struct slap_internal_schema, 1134 si_mr_objectIdentifierFirstComponentMatch) }, 1135 { "caseIgnoreMatch", 1136 offsetof(struct slap_internal_schema, si_mr_caseIgnoreMatch) }, 1137 { "caseIgnoreListMatch", 1138 offsetof(struct slap_internal_schema, si_mr_caseIgnoreListMatch) }, 1139 { NULL, 0 } 1140}; 1141 1142static struct slap_schema_syn_map { 1143 char *sssm_name; 1144 size_t sssm_offset; 1145} syn_map[] = { 1146 { "1.3.6.1.4.1.1466.115.121.1.15", 1147 offsetof(struct slap_internal_schema, si_syn_directoryString) }, 1148 { "1.3.6.1.4.1.1466.115.121.1.12", 1149 offsetof(struct slap_internal_schema, si_syn_distinguishedName) }, 1150 { "1.3.6.1.4.1.1466.115.121.1.27", 1151 offsetof(struct slap_internal_schema, si_syn_integer) }, 1152 { "1.3.6.1.4.1.1466.115.121.1.40", 1153 offsetof(struct slap_internal_schema, si_syn_octetString) }, 1154 { "1.3.6.1.4.1.1466.115.121.1.3", 1155 offsetof(struct slap_internal_schema, si_syn_attributeTypeDesc) }, 1156 { "1.3.6.1.4.1.1466.115.121.1.16", 1157 offsetof(struct slap_internal_schema, si_syn_ditContentRuleDesc) }, 1158 { "1.3.6.1.4.1.1466.115.121.1.54", 1159 offsetof(struct slap_internal_schema, si_syn_ldapSyntaxDesc) }, 1160 { "1.3.6.1.4.1.1466.115.121.1.30", 1161 offsetof(struct slap_internal_schema, si_syn_matchingRuleDesc) }, 1162 { "1.3.6.1.4.1.1466.115.121.1.31", 1163 offsetof(struct slap_internal_schema, si_syn_matchingRuleUseDesc) }, 1164 { "1.3.6.1.4.1.1466.115.121.1.35", 1165 offsetof(struct slap_internal_schema, si_syn_nameFormDesc) }, 1166 { "1.3.6.1.4.1.1466.115.121.1.37", 1167 offsetof(struct slap_internal_schema, si_syn_objectClassDesc) }, 1168 { "1.3.6.1.4.1.1466.115.121.1.17", 1169 offsetof(struct slap_internal_schema, si_syn_ditStructureRuleDesc) }, 1170 { NULL, 0 } 1171}; 1172 1173int 1174slap_schema_load( void ) 1175{ 1176 int i; 1177 1178 for( i=0; syn_map[i].sssm_name; i++ ) { 1179 Syntax ** synp = (Syntax **) 1180 &(((char *) &slap_schema)[syn_map[i].sssm_offset]); 1181 1182 assert( *synp == NULL ); 1183 1184 *synp = syn_find( syn_map[i].sssm_name ); 1185 1186 if( *synp == NULL ) { 1187 fprintf( stderr, "slap_schema_load: Syntax: " 1188 "No syntax \"%s\" defined in schema\n", 1189 syn_map[i].sssm_name ); 1190 return LDAP_INVALID_SYNTAX; 1191 } 1192 } 1193 1194 for( i=0; mr_map[i].ssmm_name; i++ ) { 1195 MatchingRule ** mrp = (MatchingRule **) 1196 &(((char *) &slap_schema)[mr_map[i].ssmm_offset]); 1197 1198 assert( *mrp == NULL ); 1199 1200 *mrp = mr_find( mr_map[i].ssmm_name ); 1201 1202 if( *mrp == NULL ) { 1203 fprintf( stderr, "slap_schema_load: MatchingRule: " 1204 "No matching rule \"%s\" defined in schema\n", 1205 mr_map[i].ssmm_name ); 1206 return LDAP_INAPPROPRIATE_MATCHING; 1207 } 1208 } 1209 1210 slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString; 1211 slap_schema.si_at_undefined = &slap_at_undefined; 1212 1213 slap_at_proxied.sat_equality = mr_find( "octetStringMatch" ); 1214 slap_at_proxied.sat_approx = mr_find( "octetStringMatch" ); 1215 slap_at_proxied.sat_ordering = mr_find( "octetStringOrderingMatch" ); 1216 slap_at_proxied.sat_substr = mr_find( "octetStringSubstringsMatch" ); 1217 slap_at_proxied.sat_syntax = slap_schema.si_syn_octetString; 1218 slap_schema.si_at_proxied = &slap_at_proxied; 1219 1220 ldap_pvt_thread_mutex_init( &ad_index_mutex ); 1221 ldap_pvt_thread_mutex_init( &ad_undef_mutex ); 1222 ldap_pvt_thread_mutex_init( &oc_undef_mutex ); 1223 1224 for( i=0; ad_map[i].ssam_name; i++ ) { 1225 assert( ad_map[i].ssam_defn != NULL ); 1226 { 1227 LDAPAttributeType *at; 1228 int code; 1229 const char *err; 1230 1231 at = ldap_str2attributetype( ad_map[i].ssam_defn, 1232 &code, &err, LDAP_SCHEMA_ALLOW_ALL ); 1233 if ( !at ) { 1234 fprintf( stderr, 1235 "slap_schema_load: AttributeType \"%s\": %s before %s\n", 1236 ad_map[i].ssam_name, ldap_scherr2str(code), err ); 1237 return code; 1238 } 1239 1240 if ( at->at_oid == NULL ) { 1241 fprintf( stderr, "slap_schema_load: " 1242 "AttributeType \"%s\": no OID\n", 1243 ad_map[i].ssam_name ); 1244 ldap_attributetype_free( at ); 1245 return LDAP_OTHER; 1246 } 1247 1248 code = at_add( at, 0, NULL, NULL, &err ); 1249 if ( code ) { 1250 ldap_attributetype_free( at ); 1251 fprintf( stderr, "slap_schema_load: AttributeType " 1252 "\"%s\": %s: \"%s\"\n", 1253 ad_map[i].ssam_name, scherr2str(code), err ); 1254 return code; 1255 } 1256 ldap_memfree( at ); 1257 } 1258 { 1259 int rc; 1260 const char *text; 1261 Syntax *syntax = NULL; 1262 1263 AttributeDescription ** adp = (AttributeDescription **) 1264 &(((char *) &slap_schema)[ad_map[i].ssam_offset]); 1265 1266 assert( *adp == NULL ); 1267 1268 rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); 1269 if( rc != LDAP_SUCCESS ) { 1270 fprintf( stderr, "slap_schema_load: AttributeType \"%s\": " 1271 "not defined in schema\n", 1272 ad_map[i].ssam_name ); 1273 return rc; 1274 } 1275 1276 if( ad_map[i].ssam_check ) { 1277 /* install check routine */ 1278 (*adp)->ad_type->sat_check = ad_map[i].ssam_check; 1279 } 1280 /* install flags */ 1281 (*adp)->ad_type->sat_flags |= ad_map[i].ssam_flags; 1282 1283 /* install custom syntax routines */ 1284 if( ad_map[i].ssam_syn_validate || 1285 ad_map[i].ssam_syn_pretty ) 1286 { 1287 Syntax *syn; 1288 1289 syntax = (*adp)->ad_type->sat_syntax; 1290 1291 syn = ch_malloc( sizeof( Syntax ) ); 1292 *syn = *syntax; 1293 1294 if( ad_map[i].ssam_syn_validate ) { 1295 syn->ssyn_validate = ad_map[i].ssam_syn_validate; 1296 } 1297 if( ad_map[i].ssam_syn_pretty ) { 1298 syn->ssyn_pretty = ad_map[i].ssam_syn_pretty; 1299 } 1300 1301 (*adp)->ad_type->sat_syntax = syn; 1302 } 1303 1304 /* install custom rule routines */ 1305 if( syntax != NULL || 1306 ad_map[i].ssam_mr_convert || 1307 ad_map[i].ssam_mr_normalize || 1308 ad_map[i].ssam_mr_match || 1309 ad_map[i].ssam_mr_indexer || 1310 ad_map[i].ssam_mr_filter ) 1311 { 1312 MatchingRule *mr = ch_malloc( sizeof( MatchingRule ) ); 1313 *mr = *(*adp)->ad_type->sat_equality; 1314 1315 if ( syntax != NULL ) { 1316 mr->smr_syntax = (*adp)->ad_type->sat_syntax; 1317 } 1318 if ( ad_map[i].ssam_mr_convert ) { 1319 mr->smr_convert = ad_map[i].ssam_mr_convert; 1320 } 1321 if ( ad_map[i].ssam_mr_normalize ) { 1322 mr->smr_normalize = ad_map[i].ssam_mr_normalize; 1323 } 1324 if ( ad_map[i].ssam_mr_match ) { 1325 mr->smr_match = ad_map[i].ssam_mr_match; 1326 } 1327 if ( ad_map[i].ssam_mr_indexer ) { 1328 mr->smr_indexer = ad_map[i].ssam_mr_indexer; 1329 } 1330 if ( ad_map[i].ssam_mr_filter ) { 1331 mr->smr_filter = ad_map[i].ssam_mr_filter; 1332 } 1333 1334 (*adp)->ad_type->sat_equality = mr; 1335 } 1336 } 1337 } 1338 1339 for( i=0; oc_map[i].ssom_name; i++ ) { 1340 assert( oc_map[i].ssom_defn != NULL ); 1341 { 1342 LDAPObjectClass *oc; 1343 int code; 1344 const char *err; 1345 1346 oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err, 1347 LDAP_SCHEMA_ALLOW_ALL ); 1348 if ( !oc ) { 1349 fprintf( stderr, "slap_schema_load: ObjectClass " 1350 "\"%s\": %s before %s\n", 1351 oc_map[i].ssom_name, ldap_scherr2str(code), err ); 1352 return code; 1353 } 1354 1355 if ( oc->oc_oid == NULL ) { 1356 fprintf( stderr, "slap_schema_load: ObjectClass " 1357 "\"%s\": no OID\n", 1358 oc_map[i].ssom_name ); 1359 ldap_objectclass_free( oc ); 1360 return LDAP_OTHER; 1361 } 1362 1363 code = oc_add(oc,0,NULL,NULL,&err); 1364 if ( code ) { 1365 ldap_objectclass_free( oc ); 1366 fprintf( stderr, "slap_schema_load: ObjectClass " 1367 "\"%s\": %s: \"%s\"\n", 1368 oc_map[i].ssom_name, scherr2str(code), err); 1369 return code; 1370 } 1371 ldap_memfree(oc); 1372 1373 } 1374 { 1375 ObjectClass ** ocp = (ObjectClass **) 1376 &(((char *) &slap_schema)[oc_map[i].ssom_offset]); 1377 1378 assert( *ocp == NULL ); 1379 1380 *ocp = oc_find( oc_map[i].ssom_name ); 1381 if( *ocp == NULL ) { 1382 fprintf( stderr, "slap_schema_load: " 1383 "ObjectClass \"%s\": not defined in schema\n", 1384 oc_map[i].ssom_name ); 1385 return LDAP_OBJECT_CLASS_VIOLATION; 1386 } 1387 1388 if( oc_map[i].ssom_check ) { 1389 /* install check routine */ 1390 (*ocp)->soc_check = oc_map[i].ssom_check; 1391 } 1392 /* install flags */ 1393 (*ocp)->soc_flags |= oc_map[i].ssom_flags; 1394 } 1395 } 1396 1397 return LDAP_SUCCESS; 1398} 1399 1400int 1401slap_schema_check( void ) 1402{ 1403 /* we should only be called once after schema_init() was called */ 1404 assert( schema_init_done == 1 ); 1405 1406 /* 1407 * cycle thru attributeTypes to build matchingRuleUse 1408 */ 1409 if ( matching_rule_use_init() ) { 1410 return LDAP_OTHER; 1411 } 1412 1413 ++schema_init_done; 1414 return LDAP_SUCCESS; 1415} 1416 1417static int rootDseObjectClass ( 1418 Backend *be, 1419 Entry *e, 1420 ObjectClass *oc, 1421 const char** text, 1422 char *textbuf, size_t textlen ) 1423{ 1424 *text = textbuf; 1425 1426 if( e->e_nname.bv_len ) { 1427 snprintf( textbuf, textlen, 1428 "objectClass \"%s\" only allowed in the root DSE", 1429 oc->soc_oid ); 1430 return LDAP_OBJECT_CLASS_VIOLATION; 1431 } 1432 1433 /* we should not be called for the root DSE */ 1434 assert( 0 ); 1435 return LDAP_SUCCESS; 1436} 1437 1438static int aliasObjectClass ( 1439 Backend *be, 1440 Entry *e, 1441 ObjectClass *oc, 1442 const char** text, 1443 char *textbuf, size_t textlen ) 1444{ 1445 *text = textbuf; 1446 1447 if( !SLAP_ALIASES(be) ) { 1448 snprintf( textbuf, textlen, 1449 "objectClass \"%s\" not supported in context", 1450 oc->soc_oid ); 1451 return LDAP_OBJECT_CLASS_VIOLATION; 1452 } 1453 1454 return LDAP_SUCCESS; 1455} 1456 1457static int referralObjectClass ( 1458 Backend *be, 1459 Entry *e, 1460 ObjectClass *oc, 1461 const char** text, 1462 char *textbuf, size_t textlen ) 1463{ 1464 *text = textbuf; 1465 1466 if( !SLAP_REFERRALS(be) ) { 1467 snprintf( textbuf, textlen, 1468 "objectClass \"%s\" not supported in context", 1469 oc->soc_oid ); 1470 return LDAP_OBJECT_CLASS_VIOLATION; 1471 } 1472 1473 return LDAP_SUCCESS; 1474} 1475 1476static int subentryObjectClass ( 1477 Backend *be, 1478 Entry *e, 1479 ObjectClass *oc, 1480 const char** text, 1481 char *textbuf, size_t textlen ) 1482{ 1483 *text = textbuf; 1484 1485 if( !SLAP_SUBENTRIES(be) ) { 1486 snprintf( textbuf, textlen, 1487 "objectClass \"%s\" not supported in context", 1488 oc->soc_oid ); 1489 return LDAP_OBJECT_CLASS_VIOLATION; 1490 } 1491 1492 if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) { 1493 snprintf( textbuf, textlen, 1494 "objectClass \"%s\" only allowed in subentries", 1495 oc->soc_oid ); 1496 return LDAP_OBJECT_CLASS_VIOLATION; 1497 } 1498 1499 return LDAP_SUCCESS; 1500} 1501 1502#ifdef LDAP_DYNAMIC_OBJECTS 1503static int dynamicObjectClass ( 1504 Backend *be, 1505 Entry *e, 1506 ObjectClass *oc, 1507 const char** text, 1508 char *textbuf, size_t textlen ) 1509{ 1510 *text = textbuf; 1511 1512 if( !SLAP_DYNAMIC(be) ) { 1513 snprintf( textbuf, textlen, 1514 "objectClass \"%s\" not supported in context", 1515 oc->soc_oid ); 1516 return LDAP_OBJECT_CLASS_VIOLATION; 1517 } 1518 1519 return LDAP_SUCCESS; 1520} 1521#endif /* LDAP_DYNAMIC_OBJECTS */ 1522 1523static int rootDseAttribute ( 1524 Backend *be, 1525 Entry *e, 1526 Attribute *attr, 1527 const char** text, 1528 char *textbuf, size_t textlen ) 1529{ 1530 *text = textbuf; 1531 1532 if( e->e_nname.bv_len ) { 1533 snprintf( textbuf, textlen, 1534 "attribute \"%s\" only allowed in the root DSE", 1535 attr->a_desc->ad_cname.bv_val ); 1536 return LDAP_OBJECT_CLASS_VIOLATION; 1537 } 1538 1539 /* we should not be called for the root DSE */ 1540 assert( 0 ); 1541 return LDAP_SUCCESS; 1542} 1543 1544static int aliasAttribute ( 1545 Backend *be, 1546 Entry *e, 1547 Attribute *attr, 1548 const char** text, 1549 char *textbuf, size_t textlen ) 1550{ 1551 *text = textbuf; 1552 1553 if( !SLAP_ALIASES(be) ) { 1554 snprintf( textbuf, textlen, 1555 "attribute \"%s\" not supported in context", 1556 attr->a_desc->ad_cname.bv_val ); 1557 return LDAP_OBJECT_CLASS_VIOLATION; 1558 } 1559 1560 if( !is_entry_alias( e ) ) { 1561 snprintf( textbuf, textlen, 1562 "attribute \"%s\" only allowed in the alias", 1563 attr->a_desc->ad_cname.bv_val ); 1564 return LDAP_OBJECT_CLASS_VIOLATION; 1565 } 1566 1567 return LDAP_SUCCESS; 1568} 1569 1570static int referralAttribute ( 1571 Backend *be, 1572 Entry *e, 1573 Attribute *attr, 1574 const char** text, 1575 char *textbuf, size_t textlen ) 1576{ 1577 *text = textbuf; 1578 1579 if( !SLAP_REFERRALS(be) ) { 1580 snprintf( textbuf, textlen, 1581 "attribute \"%s\" not supported in context", 1582 attr->a_desc->ad_cname.bv_val ); 1583 return LDAP_OBJECT_CLASS_VIOLATION; 1584 } 1585 1586 if( !is_entry_referral( e ) ) { 1587 snprintf( textbuf, textlen, 1588 "attribute \"%s\" only allowed in the referral", 1589 attr->a_desc->ad_cname.bv_val ); 1590 return LDAP_OBJECT_CLASS_VIOLATION; 1591 } 1592 1593 return LDAP_SUCCESS; 1594} 1595 1596static int subentryAttribute ( 1597 Backend *be, 1598 Entry *e, 1599 Attribute *attr, 1600 const char** text, 1601 char *textbuf, size_t textlen ) 1602{ 1603 *text = textbuf; 1604 1605 if( !SLAP_SUBENTRIES(be) ) { 1606 snprintf( textbuf, textlen, 1607 "attribute \"%s\" not supported in context", 1608 attr->a_desc->ad_cname.bv_val ); 1609 return LDAP_OBJECT_CLASS_VIOLATION; 1610 } 1611 1612 if( !is_entry_subentry( e ) ) { 1613 snprintf( textbuf, textlen, 1614 "attribute \"%s\" only allowed in the subentry", 1615 attr->a_desc->ad_cname.bv_val ); 1616 return LDAP_OBJECT_CLASS_VIOLATION; 1617 } 1618 1619 return LDAP_SUCCESS; 1620} 1621 1622static int administrativeRoleAttribute ( 1623 Backend *be, 1624 Entry *e, 1625 Attribute *attr, 1626 const char** text, 1627 char *textbuf, size_t textlen ) 1628{ 1629 *text = textbuf; 1630 1631 if( !SLAP_SUBENTRIES(be) ) { 1632 snprintf( textbuf, textlen, 1633 "attribute \"%s\" not supported in context", 1634 attr->a_desc->ad_cname.bv_val ); 1635 return LDAP_OBJECT_CLASS_VIOLATION; 1636 } 1637 1638 snprintf( textbuf, textlen, 1639 "attribute \"%s\" not supported!", 1640 attr->a_desc->ad_cname.bv_val ); 1641 return LDAP_OBJECT_CLASS_VIOLATION; 1642} 1643 1644#ifdef LDAP_DYNAMIC_OBJECTS 1645static int dynamicAttribute ( 1646 Backend *be, 1647 Entry *e, 1648 Attribute *attr, 1649 const char** text, 1650 char *textbuf, size_t textlen ) 1651{ 1652 *text = textbuf; 1653 1654 if( !SLAP_DYNAMIC(be) ) { 1655 snprintf( textbuf, textlen, 1656 "attribute \"%s\" not supported in context", 1657 attr->a_desc->ad_cname.bv_val ); 1658 return LDAP_OBJECT_CLASS_VIOLATION; 1659 } 1660 1661 if( !is_entry_dynamicObject( e ) ) { 1662 snprintf( textbuf, textlen, 1663 "attribute \"%s\" only allowed in dynamic object", 1664 attr->a_desc->ad_cname.bv_val ); 1665 return LDAP_OBJECT_CLASS_VIOLATION; 1666 } 1667 1668 return LDAP_SUCCESS; 1669} 1670#endif /* LDAP_DYNAMIC_OBJECTS */ 1671