From patchwork Tue Oct 29 19:41:54 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <chuck.lever@oracle.com>
X-Patchwork-Id: 287040
Return-Path: <fedfs-utils-devel-bounces@oss.oracle.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "userp1040.oracle.com",
	Issuer "VeriSign Class 3 International Server CA - G3" (not
	verified)) by ozlabs.org (Postfix) with ESMTPS id C27A82C036A
	for <incoming@patchwork.ozlabs.org>;
	Wed, 30 Oct 2013 06:42:25 +1100 (EST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237])
	by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1)
	with ESMTP id r9TJgLf3022841
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 29 Oct 2013 19:42:22 GMT
Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51])
	by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	r9TJgKgk020743
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 29 Oct 2013 19:42:20 GMT
Received: from localhost ([127.0.0.1] helo=oss.oracle.com)
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <fedfs-utils-devel-bounces@oss.oracle.com>)
	id 1VbFBE-0005QA-ED; Tue, 29 Oct 2013 12:42:20 -0700
Received: from acsinet21.oracle.com ([141.146.126.237])
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <chucklever@gmail.com>) id 1VbFAs-0005PR-R5
	for fedfs-utils-devel@oss.oracle.com; Tue, 29 Oct 2013 12:41:58 -0700
Received: from aserp1030.oracle.com (aserp1030.oracle.com [141.146.126.68])
	by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	r9TJfwms018656
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <fedfs-utils-devel@oss.oracle.com>; Tue, 29 Oct 2013 19:41:58 GMT
Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com
	[209.85.223.175])
	by aserp1030.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with
	ESMTP id r9TJfvNK009910
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK)
	for <fedfs-utils-devel@oss.oracle.com>; Tue, 29 Oct 2013 19:41:58 GMT
Received: by mail-ie0-f175.google.com with SMTP id aq17so579269iec.6
	for <fedfs-utils-devel@oss.oracle.com>;
	Tue, 29 Oct 2013 12:41:57 -0700 (PDT)
X-Received: by 10.43.48.7 with SMTP id uu7mr857404icb.68.1383075717282;
	Tue, 29 Oct 2013 12:41:57 -0700 (PDT)
Received: from seurat.1015granger.net (c-68-32-80-121.hsd1.mi.comcast.net.
	[68.32.80.121]) by mx.google.com with ESMTPSA id
	y10sm3638342igl.4.2013.10.29.12.41.56
	for <fedfs-utils-devel@oss.oracle.com>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 29 Oct 2013 12:41:56 -0700 (PDT)
To: fedfs-utils-devel@oss.oracle.com
From: Chuck Lever <chuck.lever@oracle.com>
Date: Tue, 29 Oct 2013 15:41:54 -0400
Message-ID: <20131029194154.19294.33846.stgit@seurat.1015granger.net>
In-Reply-To: <20131029192303.19294.65282.stgit@seurat.1015granger.net>
References: <20131029192303.19294.65282.stgit@seurat.1015granger.net>
User-Agent: StGit/0.16
MIME-Version: 1.0
X-Flow-Control-Info: class=Pass-to-MM reputation=ipRisk-All ip=209.85.223.175
	ct-class=R5 ct-vol1=0 ct-vol2=9 ct-vol3=8 ct-risk=50
	ct-spam1=80 ct-spam2=8 ct-bulk=6 rcpts=1 size=3125
X-SPF-Info: PASS::mail-ie0-f175.google.com
X-Sendmail-CM-Score: 0.00%
X-Sendmail-CM-Analysis: v=2.1 cv=LqSrlBtc c=1 sm=1 tr=0
	a=jPMj5SSQWkFzQb2gw/M1Bw==:117 a=lHl1VeN+WkZht9Pe5WE6vg==:17
	a=dzsqy3y4QnMA:10 a=faa12wUfJ70A:10 a=dPGociXpb70A:10
	a=IkcTkHD0fZMA:10 a=yPCof4ZbAAAA:8 a=Lb1rMZzfAAAA:8
	a=1XWaLZrsAAAA:8 a=C_IRinGWAAAA:8 a=lD
	pHTrBo7lUA:10 a=QtO2SwKZnGzMdCZLRT0A:9 a=QEXdDO2ut3YA:10
	a=7DSvI1NPTFQA:10
X-Sendmail-CT-Classification: not spam
X-Sendmail-CT-RefID: str=0001.0A090207.52700F86.004C, ss=1, re=0.100,
	recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
Subject: [fedfs-utils] [PATCH 1/5] schema: Add fedfsNsdbContainerEntry
	object class
X-BeenThere: fedfs-utils-devel@oss.oracle.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: fedfs-utils Developers <fedfs-utils-devel@oss.oracle.com>
List-Id: fedfs-utils Developers <fedfs-utils-devel.oss.oracle.com>
List-Unsubscribe: <https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=unsubscribe>
List-Archive: <http://oss.oracle.com/pipermail/fedfs-utils-devel>
List-Post: <mailto:fedfs-utils-devel@oss.oracle.com>
List-Help: <mailto:fedfs-utils-devel-request@oss.oracle.com?subject=help>
List-Subscribe: <https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=subscribe>
Sender: fedfs-utils-devel-bounces@oss.oracle.com
Errors-To: fedfs-utils-devel-bounces@oss.oracle.com
X-Source-IP: acsinet21.oracle.com [141.146.126.237]

When constructing an NSDB, part of the process currently involves
adding a fedfsNceDN attribute to one or more root suffix entries in
an LDAP server's root DSE.

Simo Source (FreeIPA) points out it may be difficult or impossible
for some LDAP server implementations to allow modification of their
root DSE.  Or it could be a problem for some deployments to allow
root DSE modification.  For this reason, LDAP applications typically
use an approach that does not require root DSE modification.

My own experience with OpenLDAP and 389-ds is that root DSE
modification is quite awkward.  Long-term, we'd like to replace
fedfsNsdbContainerInfo and fedfsNceDN with a form of NCE discovery
that is simpler to configure.

Old-style NCE discovery works like this: For each of the server's
naming contexts, an NSDB client performs this query:

  ldapsearch -b "naming_context" -s base (objectClass=*) fedfsNceDN

The fedfsNceDN attribute contains the full distinguished name of
the NCE residing under that naming context (root suffix).

New-style NCE discovery works like this:  An NCE contains an
auxiliary object class called fedfsNsdbContainerEntry.  For each of
the server's naming contexts, an NSDB client performs this query:

  ldapsearch -b "naming_context" -s subtree \
		(objectClass=fedfsNsdbContainerEntry)

The response carries the distinguished name of the NCE residing
under that naming context, or NO_SUCH_OBJECT.

Define the new object class that denotes an NSDB Container Entry.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 doc/ldap/fedfs-schema.ldif |   13 +++++++++++++
 doc/ldap/fedfs.schema      |   11 +++++++++++
 2 files changed, 24 insertions(+)

diff --git a/doc/ldap/fedfs-schema.ldif b/doc/ldap/fedfs-schema.ldif
index a81b35f..c41297d 100644
--- a/doc/ldap/fedfs-schema.ldif
+++ b/doc/ldap/fedfs-schema.ldif
@@ -102,6 +102,19 @@ objectClasses: (
 #
 #---------------------------------------------------------------------
 #
+# objectClasses: ( 1.3.6.1.4.1.31103.1.1005 NAME 'fedfsNsdbContainerEntry' DESC 'Denotes an Nsdb Container Entry' SUP top AUXILIARY MAY ( fedfsAnnotation $ fedfsDescr ) )
+#
+objectClasses: (
+ 1.3.6.1.4.1.31103.1.1005 
+ NAME 'fedfsNsdbContainerEntry' 
+ DESC 'Denotes an Nsdb Container Entry' 
+ SUP top 
+ AUXILIARY 
+ MAY ( fedfsAnnotation $ fedfsDescr ) 
+ )
+#
+#---------------------------------------------------------------------
+#
 # attributeTypes: ( 1.3.6.1.4.1.31103.1.1 NAME 'fedfsUuid' DESC 'A UUID used by NSDB' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE )
 #
 attributeTypes: (
diff --git a/doc/ldap/fedfs.schema b/doc/ldap/fedfs.schema
index 0880ec6..c80f41d 100644
--- a/doc/ldap/fedfs.schema
+++ b/doc/ldap/fedfs.schema
@@ -326,3 +326,14 @@ objectclass (
             $ fedfsNfsValidFor
     ))
 
+
+objectclass (
+    1.3.6.1.4.1.31103.1.1005 NAME 'fedfsNsdbContainerEntry'
+    DESC 'Denotes an Nsdb Container Entry'
+    SUP top AUXILIARY
+    MAY (
+            fedfsAnnotation
+            $ fedfsDescr
+    ))
+
+