On Dec 14, 2012, at 5:37 PM, Chuck Lever <[email protected]> wrote:
> A marquee feature of fedfs-utils 0.9 is the ability for our NSDB > clients (the admin tools and the fileserver plug-in) to follow LDAP > referrals returned by NSDBs. This can be useful for balancing NSDB > load or migrating FedFS records to another NSDB to replace LDAP > software or hardware. > > This patch series implements LDAP referral support in our NSDB > clients. > > The key part of LDAP referral support is re-authenticating the > referred-to NSDB. When connecting to a referred-to NSDB, an NSDB > client is required to authenticate the new NSDB using the NSDB > connection parameter rules that apply to any NSDB that is accessed > directly (without a referral). That is, the client must have an > entry for the new NSDB in its NSDB connection parameter database > that tells the client how to find the NSDB and what security type > to use. > > In our implementation, there is already a switch in each NSDB > connection parameter database entry to control whether following > LDAP referrals is allowed. This switch, which is is initially > set to prevent following LDAP referrals, can be toggled by the > nsdbparams command. Following LDAP referrals might be disabled > to honor a site security policy, for example. > > Until now, this per-entry switch did nothing -- LDAP referrals > caused an NSDB query sent by our NSDB clients to fail. > > Review period for this series ends at midnight on Monday, December > 24, 2012. > > This is the final series I'll post during calendar year 2012. The > next patch series for the fedfs-utils 0.9 development cycle, which > will introduce support for FEDFS_SEC_TLS, should appear the second > week of January 2013. Have a safe and happy Christmas holiday. This patch series has been committed. See you next year! > --- > > Chuck Lever (11): > man: The "-R" option of "nsdbparams update" is incorrectly documented > nfsref: Follow LDAP referrals when resolving FSNs > plug-in: Follow LDAP referrals when resolving FSNs > fedfsd: Follow LDAP referrals when resolving FSNs > nsdbc: Do not follow LDAP referrals during administrator operations > nsdbc: Follow LDAP referrals in some NSDB administrative tools > libnsdb: Handle LDAP referrals correctly > libnsdb: Proper rationalization for disabling LDAP_OPT_REFERRALS > libnsdb: Remove nsdb_parse_reference() > libnsdb: Handle LDAP referrals in an LDAP_RES_SEARCH_RESULT > libnsdb: Free the results of ldap_parse_result(3) > > > doc/man/nsdbparams.8 | 4 + > src/fedfsd/svc.c | 59 ++++++++++++++++- > src/include/nsdb.h | 6 ++ > src/libnsdb/administrator.c | 10 +-- > src/libnsdb/fileserver.c | 148 ++++++++++++++++++------------------------ > src/libnsdb/ldap.c | 117 ++++++++++++++++++++------------- > src/libnsdb/nsdb-internal.h | 5 + > src/libnsdb/nsdb.c | 67 +++++++++++++++++++ > src/nfsref/lookup.c | 53 +++++++++++++++ > src/nsdbc/nsdb-annotate.c | 4 + > src/nsdbc/nsdb-create-fsl.c | 5 + > src/nsdbc/nsdb-create-fsn.c | 5 + > src/nsdbc/nsdb-delete-fsl.c | 5 + > src/nsdbc/nsdb-delete-fsn.c | 5 + > src/nsdbc/nsdb-delete-nsdb.c | 5 + > src/nsdbc/nsdb-describe.c | 4 + > src/nsdbc/nsdb-list.c | 53 +++++++++++++++ > src/nsdbc/nsdb-nces.c | 5 + > src/nsdbc/nsdb-remove-nci.c | 5 + > src/nsdbc/nsdb-resolve-fsn.c | 59 +++++++++++++++++ > src/nsdbc/nsdb-simple-nce.c | 5 + > src/nsdbc/nsdb-update-fsl.c | 5 + > src/nsdbc/nsdb-update-nci.c | 5 + > src/plug-ins/nfs-plugin.c | 53 +++++++++++++++ > 24 files changed, 544 insertions(+), 148 deletions(-) > > -- > Chuck Lever > > _______________________________________________ > fedfs-utils-devel mailing list > [email protected] > https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel -- Chuck Lever chuck[dot]lever[at]oracle[dot]com _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
