[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: commit: ldap/servers/slapd bind.c


Here are the rules as I understand them:

  o The general operation flow is:

	Pre-Op 1 .. Pre-Op N | Backend | Post_Op 1 .. Post-Op N

  o SLAPI plugins return 0 on success, -1 on failure

  o On failure, pre-op plugins send a result to the client by
    calling slapi_send_ldap_result()

  o Pre-op plugins abort on failure; post-op plugins do not. If
    a pre-op plugin fails, the backend is never called (except as
    defined below)

  o Bind pre-op plugins are a special case: they can return:

	0 -- success, nothing to do; continue with backend processing

	??? (1) -- success, plugin sent _authoritative_ result
	        -- set new bind DN and break (no backend processing)
	        -- hence this is both "failure" and "success" :-)

	SLAPI_BIND_FAIL (2) -- failure, front-end sends result

	SLAPI_BIND_ANONYMOUS (3) -- anon, plugin sends result

  o Extended operations are handled directly: the front-end looks
    up a plugin that handles the extop OID and calls it itself

  o Computed attribute and search rewriter plugins are also special
    cases, read the source :-)

doPluginFNs() returns 1 if there are no plugins called. That should
only be an issue for bind..

-- Luke