User Life Cycle: Exclude subtree for ipaUniqueID generation

IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX' Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree' https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-08-08 09:37:23 +02:00 · 2014-08-08 09:37:23 +02:00 · c3ede5f1e9
commit c3ede5f1e9
parent b92136cba2
1 changed files with 16 additions and 0 deletions
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@ -64,6 +64,7 @@
 #define IPAUUID_GENERATE         "ipaUuidMagicRegen"
 #define IPAUUID_FILTER           "ipaUuidFilter"
 #define IPAUUID_SCOPE            "ipaUuidScope"
+#define IPAUUID_EXCLUDE_SUBTREE  "ipaUuidExcludeSubtree"
 #define IPAUUID_ENFORCE          "ipaUuidEnforce"

 #define IPAUUID_FEATURE_DESC      "IPA UUID"
@ -91,6 +92,7 @@ struct configEntry {
    Slapi_Filter *slapi_filter;
    char *generate;
    char *scope;
+    char *exclude_subtree;
    bool enforce;
 };

@ -537,6 +539,10 @@ ipauuid_parse_config_entry(Slapi_Entry * e, bool apply)
    }
    LOG_CONFIG("----------> %s [%s]\n", IPAUUID_SCOPE, entry->scope);

+    value = slapi_entry_attr_get_charptr(e, IPAUUID_EXCLUDE_SUBTREE);
+    entry->exclude_subtree = value;
+    LOG_CONFIG("----------> %s [%s]\n", IPAUUID_EXCLUDE_SUBTREE, entry->exclude_subtree);
+
    entry->enforce = slapi_entry_attr_get_bool(e, IPAUUID_ENFORCE);
    LOG_CONFIG("----------> %s [%s]\n",
               IPAUUID_ENFORCE, entry->enforce ? "True" : "False");
@ -640,6 +646,10 @@ ipauuid_free_config_entry(struct configEntry **entry)
        slapi_ch_free_string(&e->scope);
    }

+    if (e->exclude_subtree) {
+        slapi_ch_free_string(&e->exclude_subtree);
+    }
+
    slapi_ch_free((void **)entry);
 }

@ -918,6 +928,12 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
            }
        }

+        if (cfgentry->exclude_subtree) {
+                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                        continue;
+                }
+        }
+
        /* does the entry match the filter? */
        if (cfgentry->slapi_filter) {
            Slapi_Entry *test_e = NULL;