[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: commit: ldap/servers/slapd bind.c

To: hyc@highlandsun.com
Subject: RE: commit: ldap/servers/slapd bind.c
From: Luke Howard <lukeh@PADL.COM>
Date: Tue, 23 Sep 2003 16:42:44 +1000
Cc: openldap-commit2devel@OpenLDAP.org, ludovic.poitou@Sun.com
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.4c/makemail 2.9d

Howard,

Here are the rules as I understand them:

  o The general operation flow is:

	Pre-Op 1 .. Pre-Op N | Backend | Post_Op 1 .. Post-Op N

  o SLAPI plugins return 0 on success, -1 on failure

  o On failure, pre-op plugins send a result to the client by
    calling slapi_send_ldap_result()

  o Pre-op plugins abort on failure; post-op plugins do not. If
    a pre-op plugin fails, the backend is never called (except as
    defined below)

  o Bind pre-op plugins are a special case: they can return:

	0 -- success, nothing to do; continue with backend processing

	??? (1) -- success, plugin sent _authoritative_ result
	        -- set new bind DN and break (no backend processing)
	        -- hence this is both "failure" and "success" :-)

	SLAPI_BIND_FAIL (2) -- failure, front-end sends result

	SLAPI_BIND_ANONYMOUS (3) -- anon, plugin sends result

  o Extended operations are handled directly: the front-end looks
    up a plugin that handles the extop OID and calls it itself

  o Computed attribute and search rewriter plugins are also special
    cases, read the source :-)

doPluginFNs() returns 1 if there are no plugins called. That should
only be an issue for bind..

-- Luke

Follow-Ups:
- RE: commit: ldap/servers/slapd bind.c
  - From: Steve Omrani <somrani@us.ibm.com>

Prev by Date: RE: commit: ldap/servers/slapd bind.c
Next by Date: RE: commit: ldap/servers/slapd bind.c
Index(es):
- Chronological
- Thread