...
ModifyDN Operation handling
Search Operation handling
The ModifyDN operation is slightly more complicated, as we may change two things which might affect the operation :
- the new DN (it's a rename)
- the new Superior (it's a move)
And we can combine those two modifications (it's a move and rename).
One more important thing : the RFC states that :
| No Format | ||
|---|---|---|
| ||
If the newSuperior is a referral object or is subordinate to a
referral object, the server SHOULD return affectsMultipleDSAs. If
the newRDN already exists but is a referral object, the server SHOULD
return affectsMultipleDSAs instead of entryAlreadyExists.
|
We will analyze those three kind of modifications separately.
Rename operation
Move operation
Move and rename operation
Search Operation handling
target exists | has an ancestor | ManageDsaIT present | JNDI/protocol handling | Description |
|---|---|---|---|---|
no | no | no | JNDI | Returns a NoSuchObject result |
|
|
| protocol | Returns a NoSuchObject result |
|
| yes | JNDI | Returns a NoSuchObject result |
|
|
| ||
target exists | has an ancestor | ManageDsaIT present | JNDI/protocol handling | Description |
no | no | no | JNDI | Returns a NoSuchObject result |
|
|
| protocol | Returns a NoSuchObject result |
|
| yes | JNDI | Returns a NoSuchObject result |
|
|
| protocol | Returns a NoSuchObject result |
| yes | no | JNDI | Returns a Referral LdapResult, with the ancestor's URLs |
|
|
| protocol | Returns a Referral LdapResult, with the ancestor's URLs |
|
| yes | JNDI | Returns a NoSuchObject result |
|
|
| protocol | Returns a NoSuchObject result |
yes | no | no | JNDI | Deletes the object |
|
|
| protocol | Deletes the object |
|
| yes | JNDI | Deletes the object |
|
|
| protocol | Deletes the object |
...
In this situation, without the ManageDsaIT control, the ApacheDS LDAP frontend (MINA provider) will set the value of the Context.REFFERAL property to "throw" before issuing JNDI calls to the core. The JNDI operation on the ApacheDS JNDI DirContext will throw a ReferralException which shall contain everything needed for the LDAP frontend to respond properly. This also allows, embedding applications to see the same results they would encounter from the SUN JNDI LDAP Provider operating against a remote LDAP server.
MINA provider handling
With the ManageDsaIT control present
JNDI handling
...
Case #3: Target's parent is a referral
...
I won't elaborate on Case #4 since it's pretty much the same concept.
...
Back on track with search continuations
...
Here is the list of operations defined in the interface, and the list of operations we implement in ReferralService ReferralInterceptor (the missing methods are already implemented in the intermediate abstract class) :
| Section | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Section | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Add
AddContextPartition
Compare
Delete
Init
Modify
Modify DN
| No Format | ||
|---|---|---|
| ||
If the newSuperior is a referral object or is subordinate to a
referral object, the server SHOULD return affectsMultipleDSAs. If
the newRDN already exists but is a referral object, the server SHOULD
return affectsMultipleDSAs instead of entryAlreadyExists.
|
Move
RemoveContextPartition
Search
...
|
Conclusion
We will need to alter the ApacheDS JNDI provider, and the LDAP server frontend (MINA LDAP protocol provider) to handle referrals correctly. Here are the changes required for each subsystem.
...