Add ldap_back_group routine.

servers/slapd/back-ldap/Makefile.in

 # $OpenLDAP$
 
 SRCS	= init.c config.c search.c bind.c unbind.c add.c compare.c \
-		delete.c modify.c modrdn.c
+		delete.c modify.c modrdn.c group.c
 OBJS	= init.lo config.lo search.lo bind.lo unbind.lo add.lo compare.lo \
-		delete.lo modify.lo modrdn.lo
+		delete.lo modify.lo modrdn.lo group.lo
 
 LDAP_INCDIR= ../../../include       
 LDAP_LIBDIR= ../../../libraries

servers/slapd/back-ldap/group.c

+/* group.c - ldap backend acl group routine */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+
+/* return 0 IFF op_dn is a value in member attribute
+ * of entry with gr_dn AND that entry has an objectClass
+ * value of groupOfNames
+ */
+int
+ldap_back_group(
+	Backend	*be,
+	Entry	*target,
+	const char	*gr_ndn,
+	const char	*op_ndn,
+	ObjectClass* group_oc,
+	AttributeDescription* group_at
+)
+{
+	struct ldapinfo *li = (struct ldapinfo *) be->be_private;    
+	int rc = 1;
+	Attribute   *attr;
+	Entry *e;
+	struct berval bv;
+	LDAPMessage	*result;
+	char *gattr[2];
+	char *filter;
+	LDAP *ld;
+
+	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
+	const char *group_oc_name = NULL;
+	const char *group_at_name = group_at->ad_cname->bv_val;
+
+	if( group_oc->soc_names && group_oc->soc_names[0] ) {
+		group_oc_name = group_oc->soc_names[0];
+	} else {
+		group_oc_name = group_oc->soc_oid;
+	}
+
+	if (target != NULL && strcmp(target->e_ndn, gr_ndn) == 0) {
+		/* we already have a copy of the entry */
+		e = target;
+
+		if( is_entry_objectclass( e, group_oc ) ) {
+			return(1);
+		}
+
+		if ((attr = attr_find(e->e_attrs, group_at)) == NULL)
+			return(1);
+
+		bv.bv_val = (char *) op_ndn;
+		bv.bv_len = strlen( op_ndn );         
+		if( value_find( group_at, attr->a_vals, &bv ) == 0  )
+			return(1);
+
+	} else {
+		filter = ch_malloc(sizeof("(&(objectclass=)(=))")
+							+ strlen(group_oc_name)
+							+ strlen(group_at_name)
+							+ strlen(op_ndn) + 1);
+		if (filter == NULL)
+			return(1);
+
+		if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) {
+			ch_free(filter);
+			return(1);
+		}
+
+		if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE) == LDAP_SUCCESS) {
+			strcpy(filter, "(&(objectclass=");
+			strcat(filter, group_oc_name);
+			strcat(filter, ")(");
+			strcat(filter, group_at_name);
+			strcat(filter, "=");
+			strcat(filter, op_ndn);
+			strcat(filter, "))");
+
+			gattr[0] = "objectclass";
+			gattr[1] = NULL;
+			if (ldap_search_ext_s(ld, gr_ndn, LDAP_SCOPE_BASE, filter,
+									gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
+									LDAP_NO_LIMIT, &result) == LDAP_SUCCESS)
+			{
+				if (ldap_first_entry(ld, result) != NULL)
+					rc = 0;
+				ldap_msgfree(result);
+			}
+		}
+		ldap_unbind(ld);
+		ch_free(filter);
+		return(rc);
+    }
+
+	return(0);
+}
+

servers/slapd/back-ldap/init.c

@@ -74,7 +74,7 @@ ldap_back_initialize(
 
 	bi->bi_extended = 0;
 
-	bi->bi_acl_group = 0;
+	bi->bi_acl_group = ldap_back_group;
 
 #ifdef HAVE_CYRUS_SASL
 	bi->bi_sasl_authorize = 0;