Show Table of Contents
7.6. Processing an LDAP Add Operation
When the Directory Server receives an LDAP add request from a client, the frontend normalizes the DN of the new entry. The frontend makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.
Table 7.5. Table of Information Processed during an LDAP Add Operation
| Parameter ID | Data Type | Description |
|---|---|---|
SLAPI_ADD_TARGET | char * | DN of the entry to be added. |
SLAPI_ADD_ENTRY | Slapi_Entry * | The entry to be added (specified as the opaque Slapi_Entry data type). |
The add function should check if the operation has been abandoned, and, if it has, the function should return
-1.
Note
It is not necessary to call slapi_send_ldap_result() to send an LDAP error code to the client. According to the LDAP protocol, the client does not expect a server response after an operation is abandoned.
These optional checks are not required. The plug-in can pass the operation to the regular frontend and backend processing which handle these cases.
- If the entry already exists in the database, the function should call
slapi_send_ldap_result()to send an LDAP error code LDAP_ALREADY_EXISTS and should return-1. - If the parent entry, or the closest matching entry, is a referral entry (that is, an entry with the object class
ref) and nomanageDSAITcontrol is included with the request, the function should call slapi_send_ldap_referral() to send a referral and return-1.To determine if amanageDSAITcontrol is present, call slapi_pblock_get() to get the value of theSLAPI_MANAGEDSAITparameter. If the value is1, the control is included in the request. If the value is0, the control is not included in the request. - If the parent entry does not exist, the function should call
slapi_send_ldap_result()to send an LDAP error code LDAP_NO_SUCH_OBJECT and return-1. - If the entry is not schema-compliant (call slapi_entry_schema_check() to determine this), the function should call
slapi_send_ldap_result()to send the LDAP error code LDAP_OBJECT_CLASS_VIOLATION and should return-1. - If the requestor does not have permission to add the entry (call slapi_access_allowed() to determine this), the function should call
slapi_send_ldap_result()to send the LDAP error code LDAP_INSUFFICIENT_ACCESS and should return-1.
You should also verify that the ACI syntax for the entry is correct; call slapi_acl_check_mods() to determine this.
If the
add function is successful, the function should call slapi_send_ldap_result() to send an LDAP_SUCCESS code back to the client and should return 0.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.