RE: Modifying backend...

["Howard Chu" <hyc@symas.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of asr@ufl.edu

> What are the appropriate functions to use to e.g. get a particular
> attribute
> from an entry -from within a backend- ?

> In our current production LDAP, we're running a custom
> authentication I hacked
> into the back-ldbm.  I pull the username out of the DN, because it
> happens to
> be there.  (don't ask. ;)

A beter way would be to add a scheme to liblutil/passwd.c. Another
alternative would be to use Cyrus SASL and add a module for your auth
mechanism to SASL.

> So, if I'm attempting to authenticate, I can locate the record,
> but the userid
> is no longer present in the DN, so I have to get an attribute.
>
> I've been digging through the back-end code and am pretty sure
> that I can get
> what I want from attr_find. Unfortunately all of the criteria and return
> values appear to be special BERish constructs. I haven't had much luck
> searching for the right helper functions to e.g. generate an
> AttributeDescription that means "use the attribute named 'uid'".  I can
> construct one by hand, but that seems like I'd be doing it the stupid way.

Look at how slapd does it. See slap_str2ad() and slap_bv2ad() in ad.c.

> Can anyone point me at the right chunk of documentation or source
> that would
> make the tools available to do this more clear?

The source code *is* the documentation. Text documents can be misinterpreted
or out of date. Source code never lies.

> I've looked some at the other backends, and they seem to use lower-level
> functions to glean data, so should I really be doing LDBM calls and parsing
> the contents by hand?  Ugh.

No.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support