Commit f7e3566c authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Add back-ndb

parent cb81db38
......@@ -159,6 +159,7 @@ LUTIL_LIBS = @LUTIL_LIBS@
LTHREAD_LIBS = @LTHREAD_LIBS@
BDB_LIBS = @BDB_LIBS@
SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
LDAP_LIBLDAP_LA = $(LDAP_LIBDIR)/libldap/libldap.la
......
This diff is collapsed.
......@@ -286,6 +286,7 @@ Backends="bdb \
ldap \
meta \
monitor \
ndb \
null \
passwd \
perl \
......@@ -311,6 +312,8 @@ OL_ARG_ENABLE(meta,[ --enable-meta enable metadirectory backend],
no, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(monitor,[ --enable-monitor enable monitor backend],
yes, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(ndb,[ --enable-ndb enable MySQL NDB Cluster backend],
no, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(null,[ --enable-null enable null backend],
no, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(passwd,[ --enable-passwd enable passwd backend],
......@@ -460,6 +463,7 @@ elif test $ol_enable_modules != yes &&
test $ol_enable_ldap = no &&
test $ol_enable_meta = no &&
test $ol_enable_monitor = no &&
test $ol_enable_ndb = no &&
test $ol_enable_null = no &&
test $ol_enable_passwd = no &&
test $ol_enable_perl = no &&
......@@ -500,6 +504,8 @@ dnl ----------------------------------------------------------------
dnl Initialize vars
LDAP_LIBS=
BDB_LIBS=
SLAPD_NDB_LIBS=
SLAPD_NDB_INCS=
LTHREAD_LIBS=
LUTIL_LIBS=
......@@ -518,6 +524,7 @@ BUILD_HDB=no
BUILD_LDAP=no
BUILD_META=no
BUILD_MONITOR=no
BUILD_NDB=no
BUILD_NULL=no
BUILD_PASSWD=no
BUILD_PERL=no
......@@ -1973,6 +1980,47 @@ if test $ol_enable_sql != no ; then
fi
fi
dnl ----------------------------------------------------------------
dnl MySQL NDBapi
dnl Note: uses C++, but we don't want to add C++ test overhead to
dnl the rest of the libtool machinery.
ol_link_ndb=no
if test $ol_enable_ndb != no ; then
AC_CHECK_PROG(MYSQL,mysql_config,yes)
if test "$MYSQL" != yes ; then
AC_MSG_ERROR([could not locate mysql_config])
fi
SQL_INC=`mysql_config --include`
SLAPD_NDB_INCS="$SQL_INC $SQL_INC/storage/ndb $SQL_INC/storage/ndb/ndbapi"
save_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$SLAPD_NDB_INCS"
AC_MSG_CHECKING(for NdbApi.hpp)
AC_PREPROC_IFELSE(
[AC_LANG_SOURCE([[#include <NdbApi.hpp>]])],
AC_MSG_RESULT(yes),
AC_MSG_ERROR([could not locate NdbApi headers])
)
CPPFLAGS="$save_CPPFLAGS"
SQL_LIB=`mysql_config --libs_r`
SLAPD_NDB_LIBS="$SQL_LIB -lndbclient -lstdc++"
save_LDFLAGS="$LDFLAGS"
save_LIBS="$LIBS"
LDFLAGS="$SQL_LIB"
AC_CHECK_LIB(ndbclient,ndb_init,[],[
AC_MSG_ERROR([could not locate ndbclient library])
],[-lstdc++])
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
if test "$ol_enable_ndb" = yes ; then
SLAPD_LIBS="$SLAPD_LIBS \$(SLAPD_NDB_LIBS)"
fi
fi
dnl ----------------------------------------------------------------
dnl International Components for Unicode
OL_ICU
......@@ -2579,6 +2627,19 @@ if test "$ol_enable_meta" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_META,$MFLAG,[define to support LDAP Metadirectory backend])
fi
if test "$ol_enable_ndb" != no ; then
BUILD_SLAPD=yes
BUILD_NDB=$ol_enable_ndb
if test "$ol_enable_ndb" = mod ; then
SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ndb"
MFLAG=SLAPD_MOD_DYNAMIC
else
SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ndb"
MFLAG=SLAPD_MOD_STATIC
fi
AC_DEFINE_UNQUOTED(SLAPD_NDB,$MFLAG,[define to support NDB backend])
fi
if test "$ol_enable_null" != no ; then
BUILD_SLAPD=yes
BUILD_NULL=$ol_enable_null
......@@ -2923,6 +2984,7 @@ dnl backends
AC_SUBST(BUILD_LDAP)
AC_SUBST(BUILD_META)
AC_SUBST(BUILD_MONITOR)
AC_SUBST(BUILD_NDB)
AC_SUBST(BUILD_NULL)
AC_SUBST(BUILD_PASSWD)
AC_SUBST(BUILD_RELAY)
......@@ -2954,6 +3016,8 @@ dnl overlays
AC_SUBST(LDAP_LIBS)
AC_SUBST(SLAPD_LIBS)
AC_SUBST(BDB_LIBS)
AC_SUBST(SLAPD_NDB_LIBS)
AC_SUBST(SLAPD_NDB_INCS)
AC_SUBST(LTHREAD_LIBS)
AC_SUBST(LUTIL_LIBS)
AC_SUBST(WRAP_LIBS)
......@@ -3024,6 +3088,7 @@ AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
[servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk]
[servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk]
[servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk]
[servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk]
[servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk]
[servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk]
[servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk]
......
.TH SLAPD-NDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2008 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd-ndb \- MySQL NDB backend to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
The \fBndb\fP backend to
.BR slapd (8)
uses the MySQL Cluster package to store data, through its NDB API.
It provides fault tolerance with extreme scalability, along with
a degree of SQL compatibility.
.LP
This backend is designed to store LDAP information using tables that
are also visible from SQL. It uses a higher level SQL API for creating
these tables, while using the low level NDB API for storing and
retrieving the data within these tables. The NDB Cluster engine
allows data to be partitioned across multiple data nodes, and this
backend allows multiple slapd instances to operate against a given
database concurrently.
.LP
The general approach is to use distinct tables for each LDAP object class.
Entries comprised of multiple object classes will have their data
spread across multiple tables. The data tables use a 64 bit entryID
as their primary key. The DIT hierarchy is maintained in a separate
table, which maps DNs to entryIDs.
.LP
This backend is experimental. While intended to be a general-purpose
backend, it is currently missing a number of common LDAP features.
See the \fBTODO\fP file in the source directory for details.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the \fBndb\fP backend database.
That is, they must follow a "database ndb" line and
come before any subsequent "backend" or "database" lines.
Other database options are described in the
.BR slapd.conf (5)
manual page.
.SH DATA SOURCE CONFIGURATION
.TP
.B dbhost <hostname>
The name or IP address of the host running the MySQL server. The default
is "localhost". On Unix systems, the connection to a local server is made
using a Unix Domain socket, whose path is specified using the
.B dbsocket
directive.
.TP
.B dbuser <username>
The MySQL login ID to use when connecting to the MySQL server. The chosen
user must have sufficient privileges to manipulate the SQL tables in the
target database.
.TP
.B dbpasswd <password>
The password for the \fBdbuser\fP.
.TP
.B dbname <database name>
The name of the MySQL database to use.
.TP
.B dbport <port>
The port number to use for the TCP connection to the MySQL server.
.TP
.B dbsocket <path>
The socket to be used for connecting to a local MySQL server.
.TP
.B dbflag <integer>
Client flags for the MySQL session. See the MySQL documentation for details.
.TP
.B dbconnect <connectstring>
The name or IP address of the host running the cluster manager. The default
is "localhost".
.TP
.B dbconnections <integer>
The number of cluster connections to establish. Using up to 4 may improve
performance under heavier load. The default is 1.
.SH SCHEMA CONFIGURATION
.TP
.B attrlen <attribute> <length>
Specify the column length to use for a particular attribute. LDAP attributes are
stored in individual columns of the SQL tables. The maximum column lengths for
each column must be specified when creating these tables. If a length constraint
was specified in the attribute's LDAP schema definition, that value will be used
by default. If the schema didn't specify a constraint, the default is 128 bytes.
Currently the maximum is 1024.
.TP
.B index <attr[,attr...]>
Specify a list of attributes for which indexing should be maintained.
Currently there is no support for substring indexing; a single index structure
provides presence, equality, and inequality indexing for the specified attributes.
.TP
.B attrset <set> <attrs>
Specify a list of attributes to be treated as an attribute set. This directive
creates a table named \fIset\fP which will contain all of the listed attributes.
Ordinarily an attribute resides in a table named by an object class that uses
the attribute. However, attributes are only allowed to appear in a single table.
For attributes that are derived from an inherited object class definition,
the attribute will only be stored in the superior class's table.
Attribute sets should be defined for any attributes that are used in multiple
unrelated object classes, i.e., classes that are not connected by a simple
inheritance chain.
.SH ACCESS CONTROL
The
.B ndb
backend honors most access control semantics as indicated in
.BR slapd.access (5).
.SH FILES
.TP
.B ETCDIR/slapd.conf
default
.B slapd
configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd (8),
.BR slapadd (8),
.BR slapcat (8),
.BR slapindex (8),
MySQL Cluster documentation.
.SH AUTHOR
Howard Chu, with assistance from Johan Andersson et al @ MySQL.
......@@ -71,6 +71,11 @@ daemon. Only a single instance of the
.B monitor
backend may be defined.
.TP
.B ndb
This backend is experimental.
It uses the transactional database interface of the MySQL Cluster Engine
(NDB) to store data.
.TP
.B null
Operations in this backend succeed but do nothing.
.TP
......
......@@ -945,6 +945,9 @@
/* define to support cn=Monitor backend */
#undef SLAPD_MONITOR
/* define to support NDB backend */
#undef SLAPD_NDB
/* define to support NULL backend */
#undef SLAPD_NULL
......
# Makefile.in for back-ndb
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
##
## ACKNOWLEDGEMENTS:
## This work was initially developed by Howard Chu for inclusion
## in OpenLDAP Software. This work was sponsored by MySQL.
SRCS = init.cpp tools.cpp config.cpp ndbio.cpp \
add.cpp bind.cpp compare.cpp delete.cpp modify.cpp modrdn.cpp search.cpp
OBJS = init.lo tools.lo config.lo ndbio.lo \
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
BUILD_OPT = "--enable-ndb"
BUILD_MOD = @BUILD_NDB@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(@BUILD_NDB@_DEFS)
MOD_LIBS = $(SLAPD_NDB_LIBS)
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LIBBASE = back_ndb
XINCPATH = -I.. -I$(srcdir)/.. @SLAPD_NDB_INCS@
XDEFS = $(MODULES_CPPFLAGS)
AC_CXX = g++
CXX = $(AC_CXX)
LTCXX_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
$(CXX) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
all-local-lib: ../.backend
.SUFFIXES: .c .o .lo .cpp
.cpp.lo:
$(LTCXX_MOD) $<
../.backend: lib$(LIBBASE).a
@touch $@
LDAP features not currently supported:
tagged attributes
aliases
substring indexing
subtree rename
/* add.cpp - ldap NDB back-end add routine */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Howard Chu for inclusion
* in OpenLDAP Software. This work was sponsored by MySQL.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include "back-ndb.h"
extern "C" int
ndb_back_add(Operation *op, SlapReply *rs )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
Entry p = {0};
Attribute poc;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
NdbArgs NA;
NdbRdns rdns;
struct berval matched;
struct berval pdn, pndn;
int num_retries = 0;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(ndb_back_add) ": %s\n",
op->oq_add.rs_e->e_name.bv_val, 0, 0);
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
get_relax(op), 1, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* Get our NDB handle */
rs->sr_err = ndb_thread_handle( op, &NA.ndb );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
pdn = slap_empty_bv;
pndn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_name, &pdn );
dnParent( &op->ora_e->e_nname, &pndn );
}
p.e_name = op->ora_e->e_name;
p.e_nname = op->ora_e->e_nname;
op->ora_e->e_id = NOID;
rdns.nr_num = 0;
NA.rdns = &rdns;
if( 0 ) {
retry: /* transaction retry */
NA.txn->close();
NA.txn = NULL;
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
ndb_trans_backoff( ++num_retries );
}
NA.txn = NA.ndb->startTransaction();
rs->sr_text = NULL;
if( !NA.txn ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": startTransaction failed: %s (%d)\n",
NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or parent */
NA.e = &p;
NA.ocs = NULL;
rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
case LDAP_NO_SUCH_OBJECT:
break;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( NA.ocs ) {
int i;
for ( i=0; !BER_BVISNULL( &NA.ocs[i] ); i++ );
poc.a_numvals = i;
poc.a_desc = slap_schema.si_ad_objectClass;
poc.a_vals = NA.ocs;
poc.a_nvals = poc.a_vals;
poc.a_next = NULL;
p.e_attrs = &poc;
}
if ( ber_bvstrcasecmp( &pndn, &matched ) ) {
rs->sr_matched = matched.bv_val;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_text = "parent does not exist";
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( p.e_attrs && is_entry_referral( &p )) {
is_ref: p.e_attrs = NULL;
ndb_entry_get_data( op, &NA, 0 );
rs->sr_ref = get_entry_referrals( op, &p );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_REF_MUSTBEFREED;
attrs_free( p.e_attrs );
p.e_attrs = NULL;
}
goto return_results;
}
p.e_name = pdn;
p.e_nname = pndn;
rs->sr_err = access_allowed( op, &p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
if ( NA.ocs ) {
if ( is_entry_subentry( &p )) {
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;
}
if ( is_entry_alias( &p ) ) {
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;
}
if ( is_entry_referral( &p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = p.e_name.bv_val;
goto is_ref;
}
}
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/* acquire entry ID */
if ( op->ora_e->e_id == NOID ) {
rs->sr_err = ndb_next_id( op->o_bd, NA.ndb, &op->ora_e->e_id );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
if ( matched.bv_val )
rdns.nr_num++;
NA.e = op->ora_e;
/* dn2id index */
rs->sr_err = ndb_entry_put_info( op->o_bd, &NA, 0 );
if ( rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_info failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_text = "internal error";
goto return_results;
}
/* id2entry index */
rs->sr_err = ndb_entry_put_data( op->o_bd, &NA );
if ( rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_data failed (%d) %s(%d)\n",
rs->sr_err, NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_text = "internal error";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->oq_add.rs_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,