Writing a SHELL backend database

Example

The following example illustrates a simple use of the SHELL backend to provide LDAP access to the /etc/passwd file on a machine.

Our example makes use of the following simple configuration file:

   referral    ldap://ldap.itd.antbear.com
   database    shell
   suffix      "o=Antbear, Lucid & Popp, c=us"
   search      /usr/local/bin/searchexample.sh

This configuration defines a single SHELL backend, for entries in the ``o=Antbear, Lucid & Popp, c=US'' subtree. Requests involving any other subtree will be sent to the LDAP server running on the host ldap.itd.antbear.com. A search operation will cause the command /usr/local/bin/searchexample.sh to be executed. Any other operation will result in an unwilling to perform error being returned to the client.

The search command in our example is implemented by the following Bourne shell script. It assumes a very simple filter of the form ``(uid=login)'' where login is a user's UNIX login. It extracts the login from the filter, does a simple grep(1) for it in the /etc/passwd file, and parses the resulting line (if any) using awk(1) to pull out the ``gecos'' field.

Note that our simple example does no error checking, handles only very simple filters, ignores the scope, sizelimit, timelimit and other parameters, and is meant for illustrative purposes only. A real example should do more error checking and handle more situations.

    1    #!/bin/sh
    2    while [ 1 ]; do
    3        read TAG VALUE
    4        if [ $? -ne 0 ]; then
    5        break
    6        fi
    7        case "$TAG" in
    8        base:
    9        BASE=$VALUE
   10        ;;
   11        filter:
   12        FILTER=$VALUE
   13        ;;
   14        esac
   15    done
   16    LOGIN=`echo $FILTER | sed -e 's/.\(**=\(.\(**\))/\1/'`
   17    PWLINE=`grep -i "^$LOGIN" /etc/passwd`
   18    if [ $? = 0 ]; then
   19        echo "DEBUG: passwd line is $PWLINE"
   20        echo $PWLINE | awk -F: '{
   21            printf("dn: cn=%s,%s\n", $1, base);
   22            printf("cn: %s\n", $1);
   23            printf("cn: %s\n", $5);
   24            printf("sn: %s\n", $1);
   25            printf("uid: %s\n", $1);
   26        }' base="$BASE"
   27        echo ""
   28    fi
   29    echo "RESULT"
   30    echo "code: 0"
   31    exit 0

The line numbers are for illustrative purposes only and do not appear in the actual file.

Note the debugging statement on line 19. The output from this statement is ignored by slapd because of the DEBUG: prefix, unless debugging is turned on, in which case it may be logged (depending on the debugging level) but will otherwise not affect the search results sent.