svn commit: samba r12905 - in branches/SAMBA_4_0/source: ldap_server setup

Fri Jan 13 15:40:21 GMT 2006

Author: idra
Date: 2006-01-13 15:40:15 +0000 (Fri, 13 Jan 2006)
New Revision: 12905

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12905

Log:

add some ldap policies
not yet enforced except for the initial connection timeout


Modified:
   branches/SAMBA_4_0/source/ldap_server/ldap_server.c
   branches/SAMBA_4_0/source/setup/provision.ldif


Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c
===================================================================

--- branches/SAMBA_4_0/source/ldap_server/ldap_server.c	2006-01-13 14:55:08 UTC (rev 12904)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c	2006-01-13 15:40:15 UTC (rev 12905)
@@ -34,6 +34,8 @@
 #include "lib/tls/tls.h"
 #include "lib/messaging/irpc.h"
 #include "lib/stream/packet.h"
+#include "lib/ldb/include/ldb.h"
+#include "lib/ldb/include/ldb_errors.h"
 
 /*
   close the socket and shutdown a server_context
@@ -272,6 +274,101 @@
 	ldapsrv_terminate_connection(conn, "Timeout. No requests after initial connection");
 }
 
+static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *attrs[] = { "configurationNamingContext", NULL };
+	const char *attrs2[] = { "lDAPAdminLimits", NULL };
+	const char *conf_dn_s;
+	struct ldb_message_element *el;
+	struct ldb_result *res = NULL;
+	struct ldb_dn *basedn;
+	struct ldb_dn *conf_dn;
+	struct ldb_dn *policy_dn;
+	int i,ret;
+
+	/* set defaults limits in case of failure */
+	conn->limits.initial_timeout = 120;
+	conn->limits.conn_idle_time = 900;
+	conn->limits.max_page_size = 1000;
+	conn->limits.search_timeout = 120;
+
+
+	tmp_ctx = talloc_new(conn);
+	if (tmp_ctx == NULL) {
+		return -1;
+	}
+
+	basedn = ldb_dn_explode(tmp_ctx, "");
+	if (basedn == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res);
+	talloc_steal(tmp_ctx, res);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
+
+	conf_dn_s = ldb_msg_find_string(res->msgs[0], "configurationNamingContext", NULL);
+	if (conf_dn_s == NULL) {
+		goto failed;
+	}
+	conf_dn = ldb_dn_explode(tmp_ctx, conf_dn_s);
+	if (conf_dn == NULL) {
+		goto failed;
+	}
+
+	policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
+	if (policy_dn == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res);
+	talloc_steal(tmp_ctx, res);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
+	if (el == NULL) {
+		goto failed;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		char policy_name[256];
+		int policy_value, s;
+
+		s = sscanf(el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
+		if (ret != 2 || policy_value == 0)
+			continue;
+		
+		if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
+			conn->limits.initial_timeout = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
+			conn->limits.conn_idle_time = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxPageSize", policy_name) == 0) {
+			conn->limits.max_page_size = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
+			conn->limits.search_timeout = policy_value;
+			continue;
+		}
+	}
+
+	return 0;
+
+failed:
+	DEBUG(0, ("Failed to load ldap server query policies\n"));
+	talloc_free(tmp_ctx);
+	return -1;
+}
+
 /*
   initialise a server_context from a open socket and register a event handler
   for reading from that socket
@@ -356,14 +453,9 @@
 		return;
 	}
 
-	/* TODO: load limits from the conf partition */
-	
-	conn->limits.initial_timeout = 10;
-	conn->limits.conn_idle_time = 60;
-	conn->limits.max_page_size = 100;
-	conn->limits.search_timeout = 10;
+	/* load limits from the conf partition */
+	ldapsrv_load_limits(conn); /* should we fail on error ? */
 
-
 	/* register the server */	
 	irpc_add_name(c->msg_ctx, "ldap_server");
 

Modified: branches/SAMBA_4_0/source/setup/provision.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision.ldif	2006-01-13 14:55:08 UTC (rev 12904)
+++ branches/SAMBA_4_0/source/setup/provision.ldif	2006-01-13 15:40:15 UTC (rev 12905)
@@ -337,7 +337,40 @@
 objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
 sPNMappings: host=ldap,dns,cifs,http
 
+dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Query-Policies
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: queryPolicy
+cn: Default Query Policy
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN}
+lDAPAdminLimits: MaxValRange=1500
+lDAPAdminLimits: MaxReceiveBuffer=10485760
+lDAPAdminLimits: MaxDatagramRecv=4096
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: MaxConnections=5000
+
+
 ###############################
 # Schema Naming Context
 ###############################

