Hi list!
I seem can't find a way to allow OpenLDAP to execute a shell script or exec binary whenever it gets modified by slurpd.
My agenda is to have master->slave LDAP replication and when the slave is modified via slurpd, it will then execute something (shell script/binary/anything) from the system and then resumes normal operation (returning success code to slurpd)
Here's what i understand with openLDAP replication:
Step 1: An LDAP client starts up and connects to a master /slapd/. Step 2: The LDAP client submits an LDAP modify operation to the master /slapd/. Step 4: The master /slapd/ performs the modify operation, writes out the change to its replication log file and returns a success code to the client. Step 5: The /slurpd/ process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave /slapd/ via LDAP. Step 6: The slave /slapd/ performs the modify operation and returns a success code to the /slurpd/ process.
in step6, is there a way that slapd performs the modify operation... and "execute a shell script or binary and when it exists", it returns a success code to slurpd process?
maybe a patch somewhere? or a clue where to set this hook? or any light on this?
Thanks
Ivan
Ivan R. Sy Jr. wrote:
I seem can't find a way to allow OpenLDAP to execute a shell script or exec binary whenever it gets modified by slurpd.
My agenda is to have master->slave LDAP replication and when the slave is modified via slurpd, it will then execute something (shell script/binary/anything) from the system and then resumes normal operation (returning success code to slurpd)
Here's what i understand with openLDAP replication:
Step 1: An LDAP client starts up and connects to a master /slapd/. Step 2: The LDAP client submits an LDAP modify operation to the master /slapd/. Step 4: The master /slapd/ performs the modify operation, writes out the change to its replication log file and returns a success code to the client. Step 5: The /slurpd/ process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave /slapd/ via LDAP. Step 6: The slave /slapd/ performs the modify operation and returns a success code to the /slurpd/ process.
in step6, is there a way that slapd performs the modify operation... and "execute a shell script or binary and when it exists", it returns a success code to slurpd process?
maybe a patch somewhere? or a clue where to set this hook? or any light on this?
You need to write a custom overlay that does what you require, and instantiate it on the replica. See servers/slapd/overlays/slapover.txt for a brief description, and in general anything in servers/slapd/overlays/*.c for inspiration. Back-shell and back-perl may serve as guidelines about executing code like shell/perl scripts, but as soon as you know what you want to obtain, coding it in C within your overlay might be a better solution.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
--On Saturday, March 10, 2007 3:02 AM +0800 "Ivan R. Sy Jr." isy@infoweapons.com wrote:
Hi list!
I seem can't find a way to allow OpenLDAP to execute a shell script or exec binary whenever it gets modified by slurpd.
My agenda is to have master->slave LDAP replication and when the slave is modified via slurpd, it will then execute something (shell script/binary/anything) from the system and then resumes normal operation (returning success code to slurpd)
Here's what i understand with openLDAP replication:
Step 1: An LDAP client starts up and connects to a master /slapd/. Step 2: The LDAP client submits an LDAP modify operation to the master /slapd/. Step 4: The master /slapd/ performs the modify operation, writes out the change to its replication log file and returns a success code to the client. Step 5: The /slurpd/ process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave /slapd/ via LDAP. Step 6: The slave /slapd/ performs the modify operation and returns a success code to the /slurpd/ process.
in step6, is there a way that slapd performs the modify operation... and "execute a shell script or binary and when it exists", it returns a success code to slurpd process?
maybe a patch somewhere? or a clue where to set this hook? or any light on this?
I would use OpenLDAP 2.3, set up an accesslog for the database, and then have a process that "listens" to changes made to the accesslog, that can do whatever it is you want done when changes are made.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
openldap-software@openldap.org
-
Ivan R. Sy Jr. -
Pierangelo Masarati -
Quanah Gibson-Mount