Hello,
We're running since ages with an OpenLDAP server 2.4 a plugin which publishes changes (add, modify, delete) in LDAP to an Identity Management Server (IDM). The plugin is written in C and configured in slpad.conf as a shared lib:
plugin postoperation /opt/openldap-2.6.1/lib64/idm.so idm_init "IDM Plugin" 10.23.33.52 3001
The function idm_init() registers static C functions the supposed way:
int idm_init(Slapi_PBlock * pb) { int rc = LDAP_SUCCESS;
log("idm-plugin:","now in idm_init()\n"); // first call, create new list and register the functions ... rc |= slapi_pblock_set( /* Plug-in API version */ pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_CURRENT_VERSION); rc |= slapi_pblock_set( /* Plug-in description */ pb, SLAPI_PLUGIN_DESCRIPTION, (void *) &desc); rc |= slapi_pblock_set( /* Modify function */ pb, SLAPI_PLUGIN_POST_MODIFY_FN, (void *) modify_user); ... // read arguments and add list entry rc |= read_arguments(pb);
log("idm-plugin", "idm_init() return rc:%d\n", rc); return rc; }
The function for modify_user() will later publish the change via network and without going into the details the start of the function looks like this:
static int modify_user(Slapi_PBlock * pb) { Slapi_Entry *entry; log("idm-plugin:", "now in modify_user\n"); if (slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &entry) != LDAP_SUCCESS) { log("IDM-Connector Plugin", "entry modified, but couldn't get entry"); return -1; } ...
The problem is, that after an update in LDAP this function is not called. The log shows only the attach and initialisation of the plugin but no further actions:
03/16/22 10:52:26 idm-plugin:: now in idm_init() 03/16/22 10:52:26 IDM-Connector Plugin: idm_init: Initializing plugin 03/16/22 10:52:26 idm-plugin:: now in read_arguments() 03/16/22 10:52:26 IDM Plugin: added idm connector: ip=10.23.33.52, port=3001 03/16/22 10:52:26 idm-plugin: idm_init() returns rc:0 03/16/22 10:52:26 plugin_pblock_new: Registered plugin OCLC-IDM-Connector-Notifier 1.0 [OCLC.org] (Notify the OCLC IDM-Connector of changes)
As I said, with OpenLDAP 2.4 this works fine. It does not work anymore with 2.6.1.
Is there some change in the slapi interface of which we are not aware off?
What could be done as debugging/logging to nail this down?
Thanks in advance and Regards
matthias
Honestly, I'm a bit surprised about not getting any feedback or reply at all. And about the low traffic in this list here in general :-( Regards, Matthias
guru@unixarea.de wrote:
Honestly, I'm a bit surprised about not getting any feedback or reply at all. And about the low traffic in this list here in general :-( Regards, Matthias
Nobody really uses SLAPI support. You're probably the first person to comment on it in at least a decade.
When a product just works there's no need for a flooded mailing list. Quiet is good.
On Mon, Mar 21, 2022 at 9:39 AM guru@unixarea.de wrote:
Honestly, I'm a bit surprised about not getting any feedback or reply at all. And about the low traffic in this list here in general :-( Regards, Matthias
On 3/21/22 14:39, guru@unixarea.de wrote:
Honestly, I'm a bit surprised about not getting any feedback or reply at all. And about the low traffic in this list here in general :-(
Well, my reaction would have been that I'd recommend to rethink your synchronous approach and rather implement an external process syncing the data.
But I didn't answer because you likely would have not appreciated this response anyway.
Ciao, Michael.
To terminate this thread: The problem was caused by a misconfiguration in our slapd.conf. The plugin line was at the wrong place. Details can be seen here: https://bugs.openldap.org/show_bug.cgi?id=9812
openldap-technical@openldap.org
-
guru@unixarea.de -
Howard Chu -
Matthias Apitz
-
Michael Ströder -
Nick Folino