Ticket #426 - support posix schema for user and group sync

https://fedorahosted.org/389/ticket/426
Resolves: Ticket #426
Bug Description: support posix schema for user and group sync
Reviewed by: nhosoi, mreynolds (Thanks!)
Branch: master
Fix Description: This is a new winsync plugin.  By default it works with the
posixaccount and posixgroup schema included with user and group entries in
Windows 2003 R2 and later Active Directory.  There is a switch that can be
set to use the older MSSFU schema.
This is not entirely bi-directional - when you add new entries to DS, the
posix attributes in those new user/group entries are not synced to AD -
this is due to a limitation in the old winsync api v1.  Future work is
planned to add that capability.
This was copied from the upstream at
https://github.com/cgrzemba/Posix-Winsync-Plugin-for-389-directory-server
with permission from the author.
Platforms tested: RHEL6 x86_64, Windows 2008 R2
Flag Day: no
Doc impact: no

Makefile.am

@@ -80,6 +80,11 @@ LIBCRYPT=@LIBCRYPT@
 BUILT_SOURCES = dberrstrs.h \
 	$(POLICY_FC)
 
+if enable_posix_winsync
+LIBPOSIX_WINSYNC_PLUGIN = libposix-winsync-plugin.la
+POSIX_WINSYNC_PLUGIN_LDIF = ldap/ldif/50posix-winsync-plugin.ldif
+endif
+
 CLEANFILES =  dberrstrs.h ns-slapd.properties \
 	ldap/admin/src/scripts/template-dbverify ldap/admin/src/template-initconfig \
 	ldap/admin/src/scripts/dscreate.map ldap/admin/src/scripts/remove-ds.pl \
@@ -112,7 +117,8 @@ CLEANFILES =  dberrstrs.h ns-slapd.properties \
 	ldap/ldif/template-ldapi-autobind.ldif ldap/ldif/template-ldapi-default.ldif \
 	ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \
 	ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \
-	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif
+	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \
+	$(POSIX_WINSYNC_PLUGIN_LDIF)
 
 clean-local:
 	-rm -rf selinux-built
@@ -207,7 +213,7 @@ serverplugin_LTLIBRARIES = libacl-plugin.la libattr-unique-plugin.la \
 	libviews-plugin.la libschemareload-plugin.la libusn-plugin.la \
 	libacctusability-plugin.la librootdn-access-plugin.la $(LIBACCTPOLICY_PLUGIN) \
 	$(LIBPAM_PASSTHRU_PLUGIN) $(LIBDNA_PLUGIN) \
-	$(LIBBITWISE_PLUGIN) $(LIBPRESENCE_PLUGIN)
+	$(LIBBITWISE_PLUGIN) $(LIBPRESENCE_PLUGIN) $(LIBPOSIX_WINSYNC_PLUGIN)
 
 nodist_property_DATA = ns-slapd.properties
 
@@ -485,6 +491,7 @@ update_DATA = ldap/admin/src/scripts/exampleupdate.pl \
 	ldap/admin/src/scripts/50guidesyntaxplugin.ldif \
 	ldap/ldif/50replication-plugins.ldif \
 	ldap/admin/src/scripts/50linkedattrsplugin.ldif \
+	$(POSIX_WINSYNC_PLUGIN_LDIF) \
 	ldap/admin/src/scripts/50usnplugin.ldif \
 	ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif \
 	ldap/admin/src/scripts/50refintprecedence.ldif \
@@ -1019,6 +1026,19 @@ libpassthru_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
 libpassthru_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK)
 libpassthru_plugin_la_LDFLAGS = -avoid-version
 
+#------------------------
+# libposix-winsync-plugin
+#------------------------
+libposix_winsync_plugin_la_SOURCES = ldap/servers/plugins/posix-winsync/posix-winsync.c \
+	ldap/servers/plugins/posix-winsync/posix-group-func.c \
+	ldap/servers/plugins/posix-winsync/posix-group-task.c \
+	ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+
+libposix_winsync_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) -DWINSYNC_TEST_POSIX \
+	-I$(srcdir)/ldap/servers/plugins/replication
+libposix_winsync_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK)
+libposix_winsync_plugin_la_LDFLAGS = -avoid-version
+
 #------------------------
 # libpresence-plugin
 #------------------------

Makefile.in

@@ -462,6 +462,20 @@ libpassthru_plugin_la_OBJECTS = $(am_libpassthru_plugin_la_OBJECTS)
 libpassthru_plugin_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libpassthru_plugin_la_LDFLAGS) $(LDFLAGS) -o $@
+libposix_winsync_plugin_la_DEPENDENCIES = libslapd.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_libposix_winsync_plugin_la_OBJECTS = ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo \
+	ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo \
+	ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo \
+	ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo
+libposix_winsync_plugin_la_OBJECTS =  \
+	$(am_libposix_winsync_plugin_la_OBJECTS)
+libposix_winsync_plugin_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) $(libposix_winsync_plugin_la_LDFLAGS) \
+	$(LDFLAGS) -o $@
+@enable_posix_winsync_TRUE@am_libposix_winsync_plugin_la_rpath =  \
+@enable_posix_winsync_TRUE@	-rpath $(serverplugindir)
 libpresence_plugin_la_DEPENDENCIES = libslapd.la
 am_libpresence_plugin_la_OBJECTS = ldap/servers/plugins/presence/libpresence_plugin_la-presence.lo
 libpresence_plugin_la_OBJECTS = $(am_libpresence_plugin_la_OBJECTS)
@@ -1005,6 +1019,7 @@ SOURCES = $(libavl_a_SOURCES) $(libldaputil_a_SOURCES) \
 	$(libmemberof_plugin_la_SOURCES) $(libns_dshttpd_la_SOURCES) \
 	$(libpam_passthru_plugin_la_SOURCES) \
 	$(libpassthru_plugin_la_SOURCES) \
+	$(libposix_winsync_plugin_la_SOURCES) \
 	$(libpresence_plugin_la_SOURCES) \
 	$(libpwdstorage_plugin_la_SOURCES) \
 	$(libreferint_plugin_la_SOURCES) \
@@ -1038,6 +1053,7 @@ DIST_SOURCES = $(libavl_a_SOURCES) $(libldaputil_a_SOURCES) \
 	$(libmemberof_plugin_la_SOURCES) $(libns_dshttpd_la_SOURCES) \
 	$(libpam_passthru_plugin_la_SOURCES) \
 	$(libpassthru_plugin_la_SOURCES) \
+	$(libposix_winsync_plugin_la_SOURCES) \
 	$(libpresence_plugin_la_SOURCES) \
 	$(libpwdstorage_plugin_la_SOURCES) \
 	$(libreferint_plugin_la_SOURCES) \
@@ -1100,7 +1116,6 @@ CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -1133,7 +1148,6 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
 NETSNMP_CONFIG = @NETSNMP_CONFIG@
 NM = @NM@
@@ -1148,12 +1162,9 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 RANLIB = @RANLIB@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
@@ -1165,7 +1176,6 @@ abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
@@ -1232,6 +1242,7 @@ libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
 localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
 mandir = @mandir@
 mibdir = $(datadir)@mibdir@
 mkdir_p = @mkdir_p@
@@ -1362,6 +1373,8 @@ KERBEROS_LINK = $(kerberos_lib)
 BUILT_SOURCES = dberrstrs.h \
 	$(POLICY_FC)
 
+@enable_posix_winsync_TRUE@LIBPOSIX_WINSYNC_PLUGIN = libposix-winsync-plugin.la
+@enable_posix_winsync_TRUE@POSIX_WINSYNC_PLUGIN_LDIF = ldap/ldif/50posix-winsync-plugin.ldif
 CLEANFILES = dberrstrs.h ns-slapd.properties \
 	ldap/admin/src/scripts/template-dbverify ldap/admin/src/template-initconfig \
 	ldap/admin/src/scripts/dscreate.map ldap/admin/src/scripts/remove-ds.pl \
@@ -1394,7 +1407,8 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
 	ldap/ldif/template-ldapi-autobind.ldif ldap/ldif/template-ldapi-default.ldif \
 	ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \
 	ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \
-	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif
+	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \
+	$(POSIX_WINSYNC_PLUGIN_LDIF)
 
 taskdir = $(datadir)@scripttemplatedir@
 systemdsystemunitdir = @with_systemdsystemunitdir@
@@ -1429,7 +1443,7 @@ serverplugin_LTLIBRARIES = libacl-plugin.la libattr-unique-plugin.la \
 	libviews-plugin.la libschemareload-plugin.la libusn-plugin.la \
 	libacctusability-plugin.la librootdn-access-plugin.la $(LIBACCTPOLICY_PLUGIN) \
 	$(LIBPAM_PASSTHRU_PLUGIN) $(LIBDNA_PLUGIN) \
-	$(LIBBITWISE_PLUGIN) $(LIBPRESENCE_PLUGIN)
+	$(LIBBITWISE_PLUGIN) $(LIBPRESENCE_PLUGIN) $(LIBPOSIX_WINSYNC_PLUGIN)
 
 nodist_property_DATA = ns-slapd.properties
 noinst_LIBRARIES = libavl.a libldaputil.a
@@ -1703,6 +1717,7 @@ update_DATA = ldap/admin/src/scripts/exampleupdate.pl \
 	ldap/admin/src/scripts/50guidesyntaxplugin.ldif \
 	ldap/ldif/50replication-plugins.ldif \
 	ldap/admin/src/scripts/50linkedattrsplugin.ldif \
+	$(POSIX_WINSYNC_PLUGIN_LDIF) \
 	ldap/admin/src/scripts/50usnplugin.ldif \
 	ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif \
 	ldap/admin/src/scripts/50refintprecedence.ldif \
@@ -2173,6 +2188,20 @@ libpassthru_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
 libpassthru_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK)
 libpassthru_plugin_la_LDFLAGS = -avoid-version
 
+#------------------------
+# libposix-winsync-plugin
+#------------------------
+libposix_winsync_plugin_la_SOURCES = ldap/servers/plugins/posix-winsync/posix-winsync.c \
+	ldap/servers/plugins/posix-winsync/posix-group-func.c \
+	ldap/servers/plugins/posix-winsync/posix-group-task.c \
+	ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+
+libposix_winsync_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) -DWINSYNC_TEST_POSIX \
+	-I$(srcdir)/ldap/servers/plugins/replication
+
+libposix_winsync_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK)
+libposix_winsync_plugin_la_LDFLAGS = -avoid-version
+
 #------------------------
 # libpresence-plugin
 #------------------------
@@ -3534,6 +3563,26 @@ ldap/servers/plugins/passthru/libpassthru_plugin_la-ptutil.lo:  \
 	ldap/servers/plugins/passthru/$(DEPDIR)/$(am__dirstamp)
 libpassthru-plugin.la: $(libpassthru_plugin_la_OBJECTS) $(libpassthru_plugin_la_DEPENDENCIES) 
 	$(libpassthru_plugin_la_LINK) -rpath $(serverplugindir) $(libpassthru_plugin_la_OBJECTS) $(libpassthru_plugin_la_LIBADD) $(LIBS)
+ldap/servers/plugins/posix-winsync/$(am__dirstamp):
+	@$(MKDIR_P) ldap/servers/plugins/posix-winsync
+	@: > ldap/servers/plugins/posix-winsync/$(am__dirstamp)
+ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ldap/servers/plugins/posix-winsync/$(DEPDIR)
+	@: > ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo:  \
+	ldap/servers/plugins/posix-winsync/$(am__dirstamp) \
+	ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo:  \
+	ldap/servers/plugins/posix-winsync/$(am__dirstamp) \
+	ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo:  \
+	ldap/servers/plugins/posix-winsync/$(am__dirstamp) \
+	ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo:  \
+	ldap/servers/plugins/posix-winsync/$(am__dirstamp) \
+	ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+libposix-winsync-plugin.la: $(libposix_winsync_plugin_la_OBJECTS) $(libposix_winsync_plugin_la_DEPENDENCIES) 
+	$(libposix_winsync_plugin_la_LINK) $(am_libposix_winsync_plugin_la_rpath) $(libposix_winsync_plugin_la_OBJECTS) $(libposix_winsync_plugin_la_LIBADD) $(LIBS)
 ldap/servers/plugins/presence/$(am__dirstamp):
 	@$(MKDIR_P) ldap/servers/plugins/presence
 	@: > ldap/servers/plugins/presence/$(am__dirstamp)
@@ -4898,6 +4947,14 @@ mostlyclean-compile:
 	-rm -f ldap/servers/plugins/passthru/libpassthru_plugin_la-ptpreop.lo
 	-rm -f ldap/servers/plugins/passthru/libpassthru_plugin_la-ptutil.$(OBJEXT)
 	-rm -f ldap/servers/plugins/passthru/libpassthru_plugin_la-ptutil.lo
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.$(OBJEXT)
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.$(OBJEXT)
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.$(OBJEXT)
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.$(OBJEXT)
+	-rm -f ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo
 	-rm -f ldap/servers/plugins/presence/libpresence_plugin_la-presence.$(OBJEXT)
 	-rm -f ldap/servers/plugins/presence/libpresence_plugin_la-presence.lo
 	-rm -f ldap/servers/plugins/pwdstorage/libpwdstorage_plugin_la-clear_pwd.$(OBJEXT)
@@ -5675,6 +5732,10 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/passthru/$(DEPDIR)/libpassthru_plugin_la-ptdebug.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/passthru/$(DEPDIR)/libpassthru_plugin_la-ptpreop.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/passthru/$(DEPDIR)/libpassthru_plugin_la-ptutil.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-func.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-task.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync-config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/presence/$(DEPDIR)/libpresence_plugin_la-presence.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/pwdstorage/$(DEPDIR)/libpwdstorage_plugin_la-clear_pwd.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/pwdstorage/$(DEPDIR)/libpwdstorage_plugin_la-crypt_pwd.Plo@am__quote@
@@ -7266,6 +7327,34 @@ ldap/servers/plugins/passthru/libpassthru_plugin_la-ptutil.lo: ldap/servers/plug
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libpassthru_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/passthru/libpassthru_plugin_la-ptutil.lo `test -f 'ldap/servers/plugins/passthru/ptutil.c' || echo '$(srcdir)/'`ldap/servers/plugins/passthru/ptutil.c
 
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo: ldap/servers/plugins/posix-winsync/posix-winsync.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo -MD -MP -MF ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync.Tpo -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-winsync.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-winsync.c
+@am__fastdepCC_TRUE@	$(am__mv) ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync.Tpo ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/plugins/posix-winsync/posix-winsync.c' object='ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-winsync.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-winsync.c
+
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo: ldap/servers/plugins/posix-winsync/posix-group-func.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo -MD -MP -MF ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-func.Tpo -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-group-func.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-group-func.c
+@am__fastdepCC_TRUE@	$(am__mv) ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-func.Tpo ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-func.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/plugins/posix-winsync/posix-group-func.c' object='ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-func.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-group-func.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-group-func.c
+
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo: ldap/servers/plugins/posix-winsync/posix-group-task.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo -MD -MP -MF ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-task.Tpo -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-group-task.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-group-task.c
+@am__fastdepCC_TRUE@	$(am__mv) ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-task.Tpo ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-group-task.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/plugins/posix-winsync/posix-group-task.c' object='ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-group-task.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-group-task.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-group-task.c
+
+ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo: ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo -MD -MP -MF ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync-config.Tpo -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-winsync-config.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+@am__fastdepCC_TRUE@	$(am__mv) ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync-config.Tpo ldap/servers/plugins/posix-winsync/$(DEPDIR)/libposix_winsync_plugin_la-posix-winsync-config.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/plugins/posix-winsync/posix-winsync-config.c' object='ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libposix_winsync_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/posix-winsync/libposix_winsync_plugin_la-posix-winsync-config.lo `test -f 'ldap/servers/plugins/posix-winsync/posix-winsync-config.c' || echo '$(srcdir)/'`ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+
 ldap/servers/plugins/presence/libpresence_plugin_la-presence.lo: ldap/servers/plugins/presence/presence.c
 @am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libpresence_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/presence/libpresence_plugin_la-presence.lo -MD -MP -MF ldap/servers/plugins/presence/$(DEPDIR)/libpresence_plugin_la-presence.Tpo -c -o ldap/servers/plugins/presence/libpresence_plugin_la-presence.lo `test -f 'ldap/servers/plugins/presence/presence.c' || echo '$(srcdir)/'`ldap/servers/plugins/presence/presence.c
 @am__fastdepCC_TRUE@	$(am__mv) ldap/servers/plugins/presence/$(DEPDIR)/libpresence_plugin_la-presence.Tpo ldap/servers/plugins/presence/$(DEPDIR)/libpresence_plugin_la-presence.Plo
@@ -9819,6 +9908,7 @@ clean-libtool:
 	-rm -rf ldap/servers/plugins/mep/.libs ldap/servers/plugins/mep/_libs
 	-rm -rf ldap/servers/plugins/pam_passthru/.libs ldap/servers/plugins/pam_passthru/_libs
 	-rm -rf ldap/servers/plugins/passthru/.libs ldap/servers/plugins/passthru/_libs
+	-rm -rf ldap/servers/plugins/posix-winsync/.libs ldap/servers/plugins/posix-winsync/_libs
 	-rm -rf ldap/servers/plugins/presence/.libs ldap/servers/plugins/presence/_libs
 	-rm -rf ldap/servers/plugins/pwdstorage/.libs ldap/servers/plugins/pwdstorage/_libs
 	-rm -rf ldap/servers/plugins/referint/.libs ldap/servers/plugins/referint/_libs
@@ -10459,6 +10549,8 @@ distclean-generic:
 	-rm -f ldap/servers/plugins/pam_passthru/$(am__dirstamp)
 	-rm -f ldap/servers/plugins/passthru/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ldap/servers/plugins/passthru/$(am__dirstamp)
+	-rm -f ldap/servers/plugins/posix-winsync/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ldap/servers/plugins/posix-winsync/$(am__dirstamp)
 	-rm -f ldap/servers/plugins/presence/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ldap/servers/plugins/presence/$(am__dirstamp)
 	-rm -f ldap/servers/plugins/pwdstorage/$(DEPDIR)/$(am__dirstamp)
@@ -10525,7 +10617,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool clean-local \
 
 distclean: distclean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -rf ldap/libraries/libavl/$(DEPDIR) ldap/servers/plugins/acct_usability/$(DEPDIR) ldap/servers/plugins/acctpolicy/$(DEPDIR) ldap/servers/plugins/acl/$(DEPDIR) ldap/servers/plugins/automember/$(DEPDIR) ldap/servers/plugins/bitwise/$(DEPDIR) ldap/servers/plugins/chainingdb/$(DEPDIR) ldap/servers/plugins/collation/$(DEPDIR) ldap/servers/plugins/cos/$(DEPDIR) ldap/servers/plugins/deref/$(DEPDIR) ldap/servers/plugins/distrib/$(DEPDIR) ldap/servers/plugins/dna/$(DEPDIR) ldap/servers/plugins/http/$(DEPDIR) ldap/servers/plugins/linkedattrs/$(DEPDIR) ldap/servers/plugins/memberof/$(DEPDIR) ldap/servers/plugins/mep/$(DEPDIR) ldap/servers/plugins/pam_passthru/$(DEPDIR) ldap/servers/plugins/passthru/$(DEPDIR) ldap/servers/plugins/presence/$(DEPDIR) ldap/servers/plugins/pwdstorage/$(DEPDIR) ldap/servers/plugins/referint/$(DEPDIR) ldap/servers/plugins/replication/$(DEPDIR) ldap/servers/plugins/retrocl/$(DEPDIR) ldap/servers/plugins/rever/$(DEPDIR) ldap/servers/plugins/roles/$(DEPDIR) ldap/servers/plugins/rootdn_access/$(DEPDIR) ldap/servers/plugins/schema_reload/$(DEPDIR) ldap/servers/plugins/statechange/$(DEPDIR) ldap/servers/plugins/syntaxes/$(DEPDIR) ldap/servers/plugins/uiduniq/$(DEPDIR) ldap/servers/plugins/usn/$(DEPDIR) ldap/servers/plugins/views/$(DEPDIR) ldap/servers/slapd/$(DEPDIR) ldap/servers/slapd/back-ldbm/$(DEPDIR) ldap/servers/slapd/tools/$(DEPDIR) ldap/servers/slapd/tools/ldclt/$(DEPDIR) ldap/servers/slapd/tools/rsearch/$(DEPDIR) ldap/servers/snmp/$(DEPDIR) ldap/systools/$(DEPDIR) lib/base/$(DEPDIR) lib/ldaputil/$(DEPDIR) lib/libaccess/$(DEPDIR) lib/libadmin/$(DEPDIR) lib/libsi18n/$(DEPDIR)
+	-rm -rf ldap/libraries/libavl/$(DEPDIR) ldap/servers/plugins/acct_usability/$(DEPDIR) ldap/servers/plugins/acctpolicy/$(DEPDIR) ldap/servers/plugins/acl/$(DEPDIR) ldap/servers/plugins/automember/$(DEPDIR) ldap/servers/plugins/bitwise/$(DEPDIR) ldap/servers/plugins/chainingdb/$(DEPDIR) ldap/servers/plugins/collation/$(DEPDIR) ldap/servers/plugins/cos/$(DEPDIR) ldap/servers/plugins/deref/$(DEPDIR) ldap/servers/plugins/distrib/$(DEPDIR) ldap/servers/plugins/dna/$(DEPDIR) ldap/servers/plugins/http/$(DEPDIR) ldap/servers/plugins/linkedattrs/$(DEPDIR) ldap/servers/plugins/memberof/$(DEPDIR) ldap/servers/plugins/mep/$(DEPDIR) ldap/servers/plugins/pam_passthru/$(DEPDIR) ldap/servers/plugins/passthru/$(DEPDIR) ldap/servers/plugins/posix-winsync/$(DEPDIR) ldap/servers/plugins/presence/$(DEPDIR) ldap/servers/plugins/pwdstorage/$(DEPDIR) ldap/servers/plugins/referint/$(DEPDIR) ldap/servers/plugins/replication/$(DEPDIR) ldap/servers/plugins/retrocl/$(DEPDIR) ldap/servers/plugins/rever/$(DEPDIR) ldap/servers/plugins/roles/$(DEPDIR) ldap/servers/plugins/rootdn_access/$(DEPDIR) ldap/servers/plugins/schema_reload/$(DEPDIR) ldap/servers/plugins/statechange/$(DEPDIR) ldap/servers/plugins/syntaxes/$(DEPDIR) ldap/servers/plugins/uiduniq/$(DEPDIR) ldap/servers/plugins/usn/$(DEPDIR) ldap/servers/plugins/views/$(DEPDIR) ldap/servers/slapd/$(DEPDIR) ldap/servers/slapd/back-ldbm/$(DEPDIR) ldap/servers/slapd/tools/$(DEPDIR) ldap/servers/slapd/tools/ldclt/$(DEPDIR) ldap/servers/slapd/tools/rsearch/$(DEPDIR) ldap/servers/snmp/$(DEPDIR) ldap/systools/$(DEPDIR) lib/base/$(DEPDIR) lib/ldaputil/$(DEPDIR) lib/libaccess/$(DEPDIR) lib/libadmin/$(DEPDIR) lib/libsi18n/$(DEPDIR)
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-hdr distclean-libtool distclean-tags
@@ -10581,7 +10673,7 @@ installcheck-am:
 maintainer-clean: maintainer-clean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
 	-rm -rf $(top_srcdir)/autom4te.cache
-	-rm -rf ldap/libraries/libavl/$(DEPDIR) ldap/servers/plugins/acct_usability/$(DEPDIR) ldap/servers/plugins/acctpolicy/$(DEPDIR) ldap/servers/plugins/acl/$(DEPDIR) ldap/servers/plugins/automember/$(DEPDIR) ldap/servers/plugins/bitwise/$(DEPDIR) ldap/servers/plugins/chainingdb/$(DEPDIR) ldap/servers/plugins/collation/$(DEPDIR) ldap/servers/plugins/cos/$(DEPDIR) ldap/servers/plugins/deref/$(DEPDIR) ldap/servers/plugins/distrib/$(DEPDIR) ldap/servers/plugins/dna/$(DEPDIR) ldap/servers/plugins/http/$(DEPDIR) ldap/servers/plugins/linkedattrs/$(DEPDIR) ldap/servers/plugins/memberof/$(DEPDIR) ldap/servers/plugins/mep/$(DEPDIR) ldap/servers/plugins/pam_passthru/$(DEPDIR) ldap/servers/plugins/passthru/$(DEPDIR) ldap/servers/plugins/presence/$(DEPDIR) ldap/servers/plugins/pwdstorage/$(DEPDIR) ldap/servers/plugins/referint/$(DEPDIR) ldap/servers/plugins/replication/$(DEPDIR) ldap/servers/plugins/retrocl/$(DEPDIR) ldap/servers/plugins/rever/$(DEPDIR) ldap/servers/plugins/roles/$(DEPDIR) ldap/servers/plugins/rootdn_access/$(DEPDIR) ldap/servers/plugins/schema_reload/$(DEPDIR) ldap/servers/plugins/statechange/$(DEPDIR) ldap/servers/plugins/syntaxes/$(DEPDIR) ldap/servers/plugins/uiduniq/$(DEPDIR) ldap/servers/plugins/usn/$(DEPDIR) ldap/servers/plugins/views/$(DEPDIR) ldap/servers/slapd/$(DEPDIR) ldap/servers/slapd/back-ldbm/$(DEPDIR) ldap/servers/slapd/tools/$(DEPDIR) ldap/servers/slapd/tools/ldclt/$(DEPDIR) ldap/servers/slapd/tools/rsearch/$(DEPDIR) ldap/servers/snmp/$(DEPDIR) ldap/systools/$(DEPDIR) lib/base/$(DEPDIR) lib/ldaputil/$(DEPDIR) lib/libaccess/$(DEPDIR) lib/libadmin/$(DEPDIR) lib/libsi18n/$(DEPDIR)
+	-rm -rf ldap/libraries/libavl/$(DEPDIR) ldap/servers/plugins/acct_usability/$(DEPDIR) ldap/servers/plugins/acctpolicy/$(DEPDIR) ldap/servers/plugins/acl/$(DEPDIR) ldap/servers/plugins/automember/$(DEPDIR) ldap/servers/plugins/bitwise/$(DEPDIR) ldap/servers/plugins/chainingdb/$(DEPDIR) ldap/servers/plugins/collation/$(DEPDIR) ldap/servers/plugins/cos/$(DEPDIR) ldap/servers/plugins/deref/$(DEPDIR) ldap/servers/plugins/distrib/$(DEPDIR) ldap/servers/plugins/dna/$(DEPDIR) ldap/servers/plugins/http/$(DEPDIR) ldap/servers/plugins/linkedattrs/$(DEPDIR) ldap/servers/plugins/memberof/$(DEPDIR) ldap/servers/plugins/mep/$(DEPDIR) ldap/servers/plugins/pam_passthru/$(DEPDIR) ldap/servers/plugins/passthru/$(DEPDIR) ldap/servers/plugins/posix-winsync/$(DEPDIR) ldap/servers/plugins/presence/$(DEPDIR) ldap/servers/plugins/pwdstorage/$(DEPDIR) ldap/servers/plugins/referint/$(DEPDIR) ldap/servers/plugins/replication/$(DEPDIR) ldap/servers/plugins/retrocl/$(DEPDIR) ldap/servers/plugins/rever/$(DEPDIR) ldap/servers/plugins/roles/$(DEPDIR) ldap/servers/plugins/rootdn_access/$(DEPDIR) ldap/servers/plugins/schema_reload/$(DEPDIR) ldap/servers/plugins/statechange/$(DEPDIR) ldap/servers/plugins/syntaxes/$(DEPDIR) ldap/servers/plugins/uiduniq/$(DEPDIR) ldap/servers/plugins/usn/$(DEPDIR) ldap/servers/plugins/views/$(DEPDIR) ldap/servers/slapd/$(DEPDIR) ldap/servers/slapd/back-ldbm/$(DEPDIR) ldap/servers/slapd/tools/$(DEPDIR) ldap/servers/slapd/tools/ldclt/$(DEPDIR) ldap/servers/slapd/tools/rsearch/$(DEPDIR) ldap/servers/snmp/$(DEPDIR) ldap/systools/$(DEPDIR) lib/base/$(DEPDIR) lib/ldaputil/$(DEPDIR) lib/libaccess/$(DEPDIR) lib/libadmin/$(DEPDIR) lib/libsi18n/$(DEPDIR)
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 

aclocal.m4

@@ -13,14 +13,13 @@
 
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],,
-[m4_warning([this file was generated for autoconf 2.68.
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
 You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically `autoreconf'.])])
 
 # pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
-# serial 1 (pkg-config-0.24)
 # 
 # Copyright © 2004 Scott James Remnant <[email protected]>.
 #
@@ -48,10 +47,7 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
 AC_DEFUN([PKG_PROG_PKG_CONFIG],
 [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
 m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
 if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
 	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
 fi
@@ -64,6 +60,7 @@ if test -n "$PKG_CONFIG"; then
 		AC_MSG_RESULT([no])
 		PKG_CONFIG=""
 	fi
+		
 fi[]dnl
 ])# PKG_PROG_PKG_CONFIG
 
@@ -72,20 +69,21 @@ fi[]dnl
 # Check to see whether a particular set of modules exists.  Similar
 # to PKG_CHECK_MODULES(), but does not set variables or print errors.
 #
-# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-# only at the first occurence in configure.ac, so if the first place
-# it's called might be skipped (such as if it is within an "if", you
-# have to call PKG_CHECK_EXISTS manually
+#
+# Similar to PKG_CHECK_MODULES, make sure that the first instance of
+# this or PKG_CHECK_MODULES is called, or make sure to call
+# PKG_CHECK_EXISTS manually
 # --------------------------------------------------------------
 AC_DEFUN([PKG_CHECK_EXISTS],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 if test -n "$PKG_CONFIG" && \
     AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_default([$2], [:])
+  m4_ifval([$2], [$2], [:])
 m4_ifvaln([$3], [else
   $3])dnl
 fi])
 
+
 # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
 # ---------------------------------------------
 m4_define([_PKG_CONFIG],
@@ -138,7 +136,6 @@ and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 
 if test $pkg_failed = yes; then
-   	AC_MSG_RESULT([no])
         _PKG_SHORT_ERRORS_SUPPORTED
         if test $_pkg_short_errors_supported = yes; then
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
@@ -148,7 +145,7 @@ if test $pkg_failed = yes; then
 	# Put the nasty error message in config.log where it belongs
 	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
 
-	m4_default([$4], [AC_MSG_ERROR(
+	ifelse([$4], , [AC_MSG_ERROR(dnl
 [Package requirements ($2) were not met:
 
 $$1_PKG_ERRORS
@@ -156,24 +153,25 @@ $$1_PKG_ERRORS
 Consider adjusting the PKG_CONFIG_PATH environment variable if you
 installed software in a non-standard prefix.
 
-_PKG_TEXT])
-        ])
+_PKG_TEXT
+])],
+		[AC_MSG_RESULT([no])
+                $4])
 elif test $pkg_failed = untried; then
-     	AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
+	ifelse([$4], , [AC_MSG_FAILURE(dnl
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
 
 _PKG_TEXT
 
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])
-        ])
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
+		[$4])
 else
 	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
 	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
         AC_MSG_RESULT([yes])
-	$3
+	ifelse([$3], , :, [$3])
 fi[]dnl
 ])# PKG_CHECK_MODULES
 

config.h.in

@@ -54,6 +54,9 @@
 /* enable the pam passthru auth plugin */
 #undef ENABLE_PAM_PASSTHRU
 
+/* enable support for POSIX user/group attributes in winsync */
+#undef ENABLE_POSIX_WINSYNC
+
 /* enable the presence plugin */
 #undef ENABLE_PRESENCE
 
@@ -250,9 +253,6 @@
    */
 #undef HAVE_SYS_NDIR_H
 
-/* Define to 1 if you have the <sys/param.h> header file. */
-#undef HAVE_SYS_PARAM_H
-
 /* Define to 1 if you have the <sys/socket.h> header file. */
 #undef HAVE_SYS_SOCKET_H
 
@@ -369,9 +369,6 @@
 /* Define to the one symbol short name of this package. */
 #undef PACKAGE_TARNAME
 
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 

configure.ac

@@ -209,6 +209,21 @@ else
 fi
 AM_CONDITIONAL(enable_acctpolicy,test "$enable_acctpolicy" = "yes")
 
+if test -z "$enable_posix_winsync" ; then
+   enable_posix_winsync=yes # if not set on cmdline, set default
+fi
+AC_MSG_CHECKING(for --enable-posix-winsync)
+AC_ARG_ENABLE(posix_winsync,
+        AS_HELP_STRING([--enable-posix-winsync],
+                       [enable support for POSIX user/group attributes in winsync (default: yes)]))
+if test "$enable_posix_winsync" = yes ; then
+  AC_MSG_RESULT(yes)
+  AC_DEFINE([ENABLE_POSIX_WINSYNC], [1], [enable support for POSIX user/group attributes in winsync])
+else
+  AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(enable_posix_winsync,test "$enable_posix_winsync" = "yes")
+
 # the default prefix - override with --prefix or --with-fhs
 AC_PREFIX_DEFAULT([/opt/$PACKAGE_NAME])
 

ldap/admin/src/scripts/DSCreate.pm.in

@@ -378,6 +378,9 @@ sub createConfigFile {
     if (-f "$inf->{General}->{prefix}@updatedir@/50replication-plugins.ldif") {
         push @ldiffiles, "$inf->{General}->{prefix}@updatedir@/50replication-plugins.ldif";
     }
+    if (-f "$inf->{General}->{prefix}@updatedir@/50posix-winsync-plugin.ldif") {
+        push @ldiffiles, "$inf->{General}->{prefix}@updatedir@/50posix-winsync-plugin.ldif";
+    }
 
     if (-f "$inf->{General}->{prefix}@templatedir@/90betxn-plugins.ldif") {
         push @ldiffiles, "$inf->{General}->{prefix}@templatedir@/90betxn-plugins.ldif";

ldap/ldif/50posix-winsync-plugin.ldif

@@ -0,0 +1,15 @@
+dn: cn=Posix Winsync API,cn=plugins,cn=config
+objectclass: top
+objectclass: nsSlapdPlugin
+objectclass: extensibleObject
+cn: Posix Winsync API
+nsslapd-pluginpath: libposix-winsync-plugin
+nsslapd-plugininitfunc: posix_winsync_plugin_init
+nsslapd-plugintype: preoperation
+nsslapd-pluginenabled: off
+nsslapd-plugin-depends-on-type: database
+posixWinsyncMsSFUSchema: false
+posixWinsyncMapMemberUID: true
+posixWinsyncCreateMemberOfTask: false
+posixWinsyncLowerCaseUID: false
+nsslapd-pluginprecedence: 25

ldap/servers/plugins/posix-winsync/README

@@ -0,0 +1,50 @@
+This is a winsync plugin for the 389 directory server. http://port389.org
+
+The Posix Winsync Plugin syncs Posix attributes between 389 DS and MS
+AD for users and groups, if the attributes are available in one of the
+tow worlds. For syncing from AD to DS it will add the objectclass
+posixAccount and ShadowAccount or posixGroup for the ldap entry.
+For sync a user or group from DS to AD AD needs a nisdomain name, the
+nisdomin name I have stored in the upper container of the users and
+groups, e.g.:
+dn: dc=example,dc=dom
+nisDomain: example
+objectClass: top
+objectClass: domain
+objectClass: nisdomainobject
+dc: example
+It can be stored in any container above the user and group container
+and below the replicated DS subtree.
+The MSFU35 and the RFC2307 schema of AD is supported, but must
+configured in the plugin.  User lock/unlock will sync and lock the user
+on DS with nsmanageddisabledrole.  The code is borrowed from the
+freeIPA project.
+It is also possible to generate memberUid Attributes in Posix Groups
+corresponding the group members, if the members are Posix Users.
+After syncing from AD with a change in group membership, it will
+schedule a 'Member of Plugin' task, so that users get the memberOf
+attributes. For that the posix user get the objectclass inetUser
+
+Configuration
+
+The configuration entry DN is cn=Posix Winsync API,cn=plugins,cn=config
+
+there are 4 Config attributes:
+
+posixWinsyncMsSFUSchema -- set this true for the old MSFU schema on W2k3 AD's
+	default: false
+
+posixWinsyncMapMemberUID -- set this false, if you don't want generate memberUid attributs in posix Groups
+	default: true
+
+posixWinsyncCreateMemberOfTask -- create a task for the member of plugin to
+	generate the memberOf attributes in a user, if a group membership in
+	any user is changed while syncing. The postop-/preop plugins will not
+	called through winsync, thats why create a task.
+	default: false
+
+posixWinsyncLowerCaseUID: some customers use uppercase letters in samAccountName
+ 	which is mapped to uid. uid should be case insensitve and works on
+	Unix/Linux for users, but makes problems with supplementary groups (a least on Solaris)
+	so you can set this to true, so that memberUid attributes will convert to lowercase.
+	default: false

ldap/servers/plugins/posix-winsync/posix-group-func.c

@@ -0,0 +1,490 @@
+/** Author: Carsten Grzemba [email protected]>
+ *
+ * Copyright (C) 2011 contac Datentechnik GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; version 2 only
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ $Id: posix-group-func.c 28 2011-05-13 14:35:29Z grzemba $
+ */
+#include "slapi-plugin.h"
+
+#include <string.h>
+#include <nspr.h>
+#include "posix-wsp-ident.h"
+
+Slapi_Value **
+valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
+static PRMonitor *memberuid_operation_lock = 0;
+
+void
+memberUidLock()
+{
+    PR_EnterMonitor(memberuid_operation_lock);
+}
+
+void
+memberUidUnlock()
+{
+    PR_ExitMonitor(memberuid_operation_lock);
+}
+
+int
+memberUidLockInit()
+{
+    return (memberuid_operation_lock = PR_NewMonitor()) != NULL;
+}
+
+/* search the user with DN udn and returns uid*/
+char *
+searchUid(const char *udn)
+{
+    Slapi_PBlock *int_search_pb = slapi_pblock_new();
+    Slapi_Entry **entries = NULL;
+    char *attrs[] = { "uid", NULL };
+    char *uid = NULL;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search Uid: search %s\n", udn);
+
+    slapi_search_internal_set_pb(int_search_pb, udn, LDAP_SCOPE_BASE,
+                                 "(|(objectclass=posixAccount)(objectclass=ldapsubentry))", attrs,
+                                 0 /* attrsonly */, NULL /* controls */, NULL /* uniqueid */,
+                                 posix_winsync_get_plugin_identity(), 0 /* actions */);
+    if (slapi_search_internal_pb(int_search_pb)) {
+        /* get result and log an error */
+        int res = 0;
+        slapi_pblock_get(int_search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
+        slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
+                        "searchUid: error searching for uid: %d", res);
+    } else {
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "searchUid: searched %s\n",
+                        udn);
+        slapi_pblock_get(int_search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+        if (NULL != entries && NULL != entries[0]) {
+            Slapi_Attr *attr = NULL;
+            Slapi_Value *v = NULL;
+
+            if (slapi_entry_attr_find(entries[0], "uid", &attr) == 0) {
+                slapi_attr_first_value(attr, &v);
+                uid = slapi_ch_strdup(slapi_value_get_string(v));
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                "searchUid: return uid %s\n", uid);
+                /* slapi_value_free(&v); */
+            } else {
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                "searchUid: uid in %s not found\n", udn);
+            }
+            slapi_free_search_results_internal(int_search_pb);
+            slapi_pblock_destroy(int_search_pb);
+            if (posix_winsync_config_get_lowercase()) {
+                return slapi_dn_ignore_case(uid);
+            }
+            return uid;
+        }
+    }
+    slapi_free_search_results_internal(int_search_pb);
+    slapi_pblock_destroy(int_search_pb);
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                    "searchUid: posix user %s not found\n", udn);
+    return NULL;
+}
+
+int
+dn_in_set(const char* uid, char **uids)
+{
+    int i;
+    Slapi_DN *sdn_uid = slapi_sdn_new_dn_byval(uid);
+    Slapi_DN *sdn_ul = slapi_sdn_new();
+
+    if (uids == NULL || uid == NULL)
+        return false;
+    for (i = 0; uids[i]; i++) {
+        slapi_sdn_set_dn_byref(sdn_ul, uids[i]);
+        if (slapi_sdn_compare(sdn_uid, sdn_ul) == 0) {
+            slapi_sdn_free(&sdn_ul);
+            slapi_sdn_free(&sdn_uid);
+            return true;
+        }
+        slapi_sdn_done(sdn_ul);
+    }
+    slapi_sdn_free(&sdn_ul);
+    slapi_sdn_free(&sdn_uid);
+    return false;
+}
+
+int
+uid_in_set(const char* uid, char **uids)
+{
+    int i;
+
+    if (uid == NULL)
+        return false;
+    for (i = 0; uids != NULL && uids[i] != NULL; i++) {
+        Slapi_RDN *i_rdn = NULL;
+        char *i_uid = NULL;
+        char *t = NULL;
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "uid_in_set: comp %s %s \n",
+                        uid, uids[i]);
+        i_rdn = slapi_rdn_new_dn(uids[i]);
+        if (slapi_rdn_get_first(i_rdn, &t, &i_uid) == 1) {
+            if (strncasecmp(uid, i_uid, 256) == 0) {
+                slapi_rdn_free(&i_rdn);
+                return true;
+            }
+        }
+        slapi_rdn_free(&i_rdn);
+    }
+    return false;
+}
+
+/* return 1 if smods already has the given mod - 0 otherwise */
+static int
+smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
+{
+    int rc = 0;
+    Slapi_Mod *smod = slapi_mod_new(), *smodp = NULL;
+
+    for (smodp = slapi_mods_get_first_smod(smods, smod);
+         (rc == 0) && smods && (smodp != NULL);
+         smodp = slapi_mods_get_next_smod(smods, smod)) {
+        if (slapi_attr_types_equivalent(slapi_mod_get_type(smod), type)
+            && ((slapi_mod_get_operation(smod) | LDAP_MOD_BVALUES) == (modtype | LDAP_MOD_BVALUES))) {
+            /* type and op are equal - see if val is in the mod's list of values */
+            Slapi_Value *sval = slapi_value_new_string((char *) val);
+            Slapi_Attr *attr = slapi_attr_new();
+            struct berval *bvp = NULL;
+
+            slapi_attr_init(attr, type);
+            for (bvp = slapi_mod_get_first_value(smodp); (rc == 0) && (bvp != NULL);
+                 bvp = slapi_mod_get_next_value(smodp)) {
+                Slapi_Value *modval = slapi_value_new_berval(bvp);
+
+                rc = (slapi_value_compare(attr, sval, modval) == 0);
+                slapi_value_free(&modval);
+            }
+            slapi_value_free(&sval);
+            slapi_attr_free(&attr);
+        }
+    }
+    slapi_mod_free(&smod);
+    return rc;
+}
+
+int
+modGroupMembership(Slapi_Entry *entry, Slapi_Mods *smods, int *do_modify)
+{
+    int rc = 0;
+    Slapi_Attr * obj_attr = NULL; /* Entry attributes        */
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "modGroupMembership: ==>\n");
+
+    rc = slapi_entry_attr_find(entry, "objectclass", &obj_attr);
+    if (rc == 0) { /* Found objectclasses, so...  */
+        int i;
+        Slapi_Value * value = NULL; /* Attribute values        */
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "modGroupMembership scan objectclasses\n");
+        for (i = slapi_attr_first_value(obj_attr, &value); i != -1;
+             i = slapi_attr_next_value(obj_attr, i, &value)) {
+            const char * oc = NULL;
+
+            oc = slapi_value_get_string(value);
+            if (strncasecmp(oc, "posixGroup", 11) == 0) { /* entry has objectclass posixGroup */
+                Slapi_Mod *smod = NULL;
+                Slapi_Mod *nextMod = slapi_mod_new();
+                int del_mod = 0;
+                char **smod_adduids = NULL;
+                char **smod_deluids = NULL;
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                "modGroupMembership: posixGroup -> look for uniquemember\n");
+                if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN))
+                    slapi_mods_dump(smods, "memberUid - mods dump - initial");
+                for (smod = slapi_mods_get_first_smod(smods, nextMod); smod; smod
+                    = slapi_mods_get_next_smod(smods, nextMod)) {
+                    if (slapi_attr_types_equivalent(slapi_mod_get_type(smod), "uniqueMember")) {
+                        struct berval *bv;
+
+                        del_mod = slapi_mod_get_operation(smod);
+                        for (bv = slapi_mod_get_first_value(smod); bv;
+                             bv = slapi_mod_get_next_value(smod)) {
+                            Slapi_Value *sv = slapi_value_new();
+
+                            slapi_value_init_berval(sv, bv); /* copies bv_val */
+                            if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) {
+                                slapi_ch_array_add(&smod_deluids,
+                                                   slapi_ch_strdup(slapi_value_get_string(sv)));
+                                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                                "modGroupMembership: add to deluids %s\n",
+                                                bv->bv_val);
+                            } else {
+                                slapi_ch_array_add(&smod_adduids,
+                                                   slapi_ch_strdup(slapi_value_get_string(sv)));
+                                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                                "modGroupMembership: add to adduids %s\n",
+                                                bv->bv_val);
+                            }
+                            slapi_value_free(&sv);
+                        }
+                    }
+                }
+                slapi_mod_free(&nextMod);
+                if (!del_mod) {
+                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                    "modGroupMembership: no uniquemember mod, nothing to do<==\n");
+                    return 0;
+                }
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                "modGroupMembership: entry is posixGroup\n");
+
+                Slapi_Attr * muid_attr = NULL; /* Entry attributes        */
+                Slapi_Value * uid_value = NULL; /* Attribute values        */
+
+                char **adduids = NULL;
+                char **moduids = NULL;
+                char **deluids = NULL;
+                int doModify = false;
+                int j = 0;
+
+                if (SLAPI_IS_MOD_DELETE(del_mod) || smod_deluids != NULL) {
+                    Slapi_Attr * mu_attr = NULL; /* Entry attributes        */
+                    rc = slapi_entry_attr_find(entry, "memberUid", &mu_attr);
+                    if (rc != 0 || mu_attr == NULL) {
+                        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                        "modGroupMembership end: attribute memberUid not found\n");
+                        return 0;
+                    }
+                    /* found attribute uniquemember */
+                    if (smod_deluids == NULL) { /* deletion of the last value, deletes the Attribut from entry complete, this operation has no value, so we must look by self */
+                        Slapi_Attr * um_attr = NULL; /* Entry attributes        */
+                        Slapi_Value * uid_dn_value = NULL; /* Attribute values        */
+                        int rc = slapi_entry_attr_find(entry, "uniquemember", &um_attr);
+                        if (rc != 0 || um_attr == NULL) {
+                            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                            "modGroupMembership end: attribute uniquemember not found\n");
+                            return 0;
+                        }
+                        /* found attribute uniquemember */
+                        /* ...loop for value...    */
+                        for (j = slapi_attr_first_value(um_attr, &uid_dn_value); j != -1;
+                             j = slapi_attr_next_value(um_attr, j, &uid_dn_value)) {
+                            slapi_ch_array_add(&smod_deluids,
+                                               slapi_ch_strdup(slapi_value_get_string(uid_dn_value)));
+                        }
+                    }
+                    /* ...loop for value...    */
+                    for (j = slapi_attr_first_value(mu_attr, &uid_value); j != -1;
+                         j = slapi_attr_next_value(mu_attr, j, &uid_value)) {
+                        /* remove from uniquemember: remove from memberUid also */
+                        const char *uid = NULL;
+                        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                        "modGroupMembership: test dellist \n");
+                        uid = slapi_value_get_string(uid_value);
+                        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                        "modGroupMembership: test dellist %s\n", uid);
+                        if (uid_in_set(uid, smod_deluids)) {
+                            slapi_ch_array_add(&deluids, slapi_ch_strdup(uid));
+                            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                            "modGroupMembership: add to dellist %s\n", uid);
+                            doModify = true;
+                        }
+                    }
+                }
+                if (smod_adduids != NULL) { /* not MOD_DELETE */
+                    const char *uid_dn = NULL;
+
+                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                    "modGroupMembership: posixGroup -> look for uniquemember\n");
+                    /* found attribute uniquemember */
+                    for (j = 0; smod_adduids[j]; j++) {
+                        static char *uid = NULL;
+
+                        uid_dn = smod_adduids[j];
+                        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                        "modGroupMembership: perform user %s\n", uid_dn);
+
+                        uid = searchUid(uid_dn);
+
+                        if (uid == NULL) {
+                            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                            "modGroupMembership: uid not found for %s, cannot do anything\n",
+                                            uid_dn); /* member on longer on server, do nothing */
+                        } else {
+                            rc |= slapi_entry_attr_find(entry, "memberUid", &muid_attr);
+                            if (rc != 0 || muid_attr == NULL) { /* Found no memberUid list, so create  */
+                                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                                "modGroupMembership: no attribute memberUid, add with %s \n",
+                                                uid_dn);
+                                slapi_ch_array_add(&adduids, uid);
+                                doModify = true;
+                            } else { /* Found a memberUid list, so modify */
+                                Slapi_ValueSet *vs = NULL;
+                                Slapi_Value *v = slapi_value_new();
+
+                                slapi_value_init_string_passin(v, uid);
+                                slapi_attr_get_valueset(muid_attr, &vs);
+                                if (slapi_valueset_find(muid_attr, vs, v) != NULL) { /* already exist, all ok */
+                                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                                    "modGroupMembership: uid found in memberuid list %s nothing to do\n",
+                                                    uid);
+                                } else {
+                                    slapi_ch_array_add(&moduids, uid);
+                                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                                    "modGroupMembership: add to modlist %s\n", uid);
+                                    doModify = true;
+                                }
+                                /*                                slapi_value_free(&v); */
+                            }
+                        }
+                    }
+                }
+                if (doModify) {
+                    if (adduids) {
+                        int i;
+                        for (i = 0; adduids[i]; i++) {
+                            if (!smods_has_mod(smods, LDAP_MOD_ADD, "memberUid", adduids[i])) {
+                                slapi_mods_add_string(smods, LDAP_MOD_ADD, "memberUid", adduids[i]);
+                            }
+                        }
+                    } else {
+                        int i;
+                        for (i = 0; moduids && moduids[i]; i++) {
+                            if (!smods_has_mod(smods, LDAP_MOD_ADD, "memberUid", moduids[i])) {
+                                slapi_mods_add_string(smods, LDAP_MOD_ADD, "memberUid", moduids[i]);
+                            }
+                        }
+                        slapi_ch_array_free(moduids);
+                        moduids = NULL;
+                        for (i = 0; deluids && deluids[i]; i++) {
+                            if (!smods_has_mod(smods, LDAP_MOD_DELETE, "memberUid", deluids[i])) {
+                                slapi_mods_add_string(smods, LDAP_MOD_DELETE, "memberUid",
+                                                      deluids[i]);
+                            }
+                        }
+                    }
+                    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN))
+                        slapi_mods_dump(smods, "memberUid - mods dump");
+                    *do_modify = 1;
+                    posix_winsync_config_set_MOFTaskCreated();
+
+                    slapi_ch_array_free(smod_adduids);
+                    smod_adduids = NULL;
+                    slapi_ch_array_free(adduids);
+                    adduids = NULL;
+                    slapi_ch_array_free(smod_deluids);
+                    smod_deluids = NULL;
+                    slapi_ch_array_free(deluids);
+                    deluids = NULL;
+                    slapi_ch_array_free(moduids);
+                    moduids = NULL;
+                    break;
+                }
+                slapi_ch_array_free(smod_adduids);
+                smod_adduids = NULL;
+                slapi_ch_array_free(adduids);
+                adduids = NULL;
+                slapi_ch_array_free(smod_deluids);
+                smod_deluids = NULL;
+                slapi_ch_array_free(deluids);
+                deluids = NULL;
+                slapi_ch_array_free(moduids);
+                moduids = NULL;
+            }
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "modGroupMembership: <==\n");
+    return 0;
+}
+
+int
+addGroupMembership(Slapi_Entry *entry, Slapi_Entry *ad_entry)
+{
+    int rc = 0;
+    Slapi_Attr * obj_attr = NULL; /* Entry attributes        */
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "addGroupMembership: ==>\n");
+
+    rc = slapi_entry_attr_find(entry, "objectclass", &obj_attr);
+    if (rc == 0) { /* Found objectclasses, so...  */
+        int i;
+        Slapi_Value * value = NULL; /* Attribute values        */
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "addGroupMembership scan objectclasses\n");
+        for (i = slapi_attr_first_value(obj_attr, &value); i != -1;
+             i = slapi_attr_next_value(obj_attr, i, &value)) {
+            Slapi_Attr * um_attr = NULL; /* Entry attributes uniquemember        */
+            Slapi_Attr * muid_attr = NULL; /* Entry attributes memebrof       */
+            Slapi_Value * uid_value = NULL; /* uniquemember Attribute values        */
+            const char * oc = NULL;
+
+            oc = slapi_value_get_string(value);
+            if (strncasecmp(oc, "posixGroup", 11) == 0) { /* entry has objectclass posixGroup */
+                Slapi_ValueSet *newvs = NULL;
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                "addGroupMembership: posixGroup -> look for uniquemember\n");
+                rc = slapi_entry_attr_find(entry, "uniquemember", &um_attr);
+                if (rc != 0 || um_attr == NULL) {
+                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                    "addGroupMembership end: attribute uniquemember not found\n");
+                    return 0;
+                }
+                /* found attribute uniquemember */
+                rc = slapi_entry_attr_find(entry, "memberUid", &muid_attr);
+                if (rc != 0 || muid_attr == NULL) { /* Found no memberUid list, so create  */
+                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                    "addGroupMembership: no attribute memberUid\n");
+                }
+                newvs = slapi_valueset_new();
+                /* ...loop for value...    */
+                for (i = slapi_attr_first_value(um_attr, &uid_value); i != -1;
+                     i = slapi_attr_next_value(um_attr, i, &uid_value)) {
+                    const char *uid_dn = NULL;
+                    static char *uid = NULL;
+                    Slapi_Value *v = NULL;
+
+                    uid_dn = slapi_value_get_string(uid_value);
+                    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                    "addGroupMembership: perform member %s\n", uid_dn);
+                    uid = searchUid(uid_dn);
+                    if (uid == NULL) {
+                        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                                        "addGroupMembership: uid not found for %s, cannot do anything\n",
+                                        uid_dn); /* member on longer on server, do nothing */
+                    } else {
+                        v = slapi_value_new_string(uid);
+                        slapi_ch_free_string(&uid);
+                        if (slapi_attr_value_find(muid_attr, slapi_value_get_berval(v)) == 0) {
+                            slapi_value_free(&v);
+                            continue;
+                        }
+                        slapi_valueset_add_value(newvs, v);
+                        slapi_value_free(&v);
+                    }
+                }
+                slapi_entry_add_valueset(entry, "memberUid", newvs);
+                slapi_valueset_free(newvs);
+                posix_winsync_config_get_MOFTaskCreated();
+
+                break;
+            }
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "addGroupMembership: <==\n");
+    return 0;
+}
+

ldap/servers/plugins/posix-winsync/posix-group-func.h

@@ -0,0 +1,21 @@
+/*
+	$Id: posix-group-func.h 11 2011-03-30 12:38:14Z grzemba $
+*/
+
+#ifndef POSIX_GROUP_WINSYNC_H
+#define POSIX_GROUP_WINSYNC_H
+
+/*
+Slapi_PBlock *searchDN( const char *baseDN, const char *filter, char *attrs[] );
+Slapi_PBlock * dnHasObjectClass( const char *baseDN, const char *objectClass, Slapi_Entry **entry );
+char * searchUid(const char *udn);
+int dn_in_set(const char* uid, char **uids);
+*/
+int modGroupMembership(Slapi_Entry *entry, Slapi_Mods *smods, int *do_modify);
+int addGroupMembership(Slapi_Entry *entry, Slapi_Entry *ad_entry);
+char * searchUid(const char *udn);
+void memberUidLock();
+void memberUidUnlock();
+int memberUidLockInit();
+
+#endif

ldap/servers/plugins/posix-winsync/posix-group-task.c

@@ -0,0 +1,303 @@
+#include "slapi-plugin.h"
+#include "nspr.h"
+
+#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
+
+typedef struct _task_data
+{
+    char *dn; /* search base */
+    char *filter_str; /* search filter */
+} task_data;
+
+typedef struct _cb_data
+{
+    char *dn;
+    void *txn;
+} cb_data;
+/*
+ typedef struct _posix_group_task_data
+ {
+ POSIX_WinSync_Config *config;
+ Slapi_Value *memberdn_val;
+ Slapi_ValueSet **uidvals;
+ void *txn;
+ } posix_group_data_data;
+ */
+
+/* interface function */
+int
+posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode,
+    char *returntext, void *arg);
+
+static void
+posix_group_task_destructor(Slapi_Task *task);
+static void
+posix_group_fixup_task_thread(void *arg);
+static int
+posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data);
+
+/* extract a single value from the entry (as a string) -- if it's not in the
+ * entry, the default will be returned (which can be NULL).
+ * you do not need to free anything returned by this.
+ */
+static const char *
+fetch_attr(Slapi_Entry *e, const char *attrname, const char *default_val)
+{
+    Slapi_Attr *attr;
+    Slapi_Value *val = NULL;
+
+    if (slapi_entry_attr_find(e, attrname, &attr) != 0)
+        return default_val;
+    slapi_attr_first_value(attr, &val);
+    return slapi_value_get_string(val);
+}
+
+/* e configEntry */
+int
+posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode,
+    char *returntext, void *arg)
+{
+    PRThread *thread = NULL;
+    int rv = SLAPI_DSE_CALLBACK_OK;
+    task_data *mytaskdata = NULL;
+    Slapi_Task *task = NULL;
+    const char *filter;
+    const char *dn = 0;
+
+    *returncode = LDAP_SUCCESS;
+
+    /* get arg(s) */
+    /* default: set replication basedn */
+    if ((dn = fetch_attr(e, "basedn", slapi_sdn_get_dn(posix_winsync_config_get_suffix()))) == NULL) {
+        *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+        rv = SLAPI_DSE_CALLBACK_ERROR;
+        goto out;
+    }
+
+    if ((filter = fetch_attr(e, "filter", "(&(objectclass=posixGroup)(uniquemember=*))")) == NULL) {
+        *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+        rv = SLAPI_DSE_CALLBACK_ERROR;
+        goto out;
+    }
+
+    /* setup our task data */
+    mytaskdata = (task_data*) slapi_ch_malloc(sizeof(task_data));
+    if (mytaskdata == NULL) {
+        *returncode = LDAP_OPERATIONS_ERROR;
+        rv = SLAPI_DSE_CALLBACK_ERROR;
+        goto out;
+    }
+    mytaskdata->dn = slapi_ch_strdup(dn);
+    mytaskdata->filter_str = slapi_ch_strdup(filter);
+
+    /* allocate new task now */
+    task = slapi_new_task(slapi_entry_get_ndn(e));
+
+    /* register our destructor for cleaning up our private data */
+    slapi_task_set_destructor_fn(task, posix_group_task_destructor);
+
+    /* Stash a pointer to our data in the task */
+    slapi_task_set_data(task, mytaskdata);
+
+    /* start the sample task as a separate thread */
+    thread = PR_CreateThread(PR_USER_THREAD, posix_group_fixup_task_thread, (void *) task,
+                             PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_UNJOINABLE_THREAD,
+                             SLAPD_DEFAULT_THREAD_STACKSIZE);
+    if (thread == NULL) {
+        slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
+                        "unable to create task thread!\n");
+        *returncode = LDAP_OPERATIONS_ERROR;
+        rv = SLAPI_DSE_CALLBACK_ERROR;
+        slapi_task_finish(task, *returncode);
+    } else {
+        rv = SLAPI_DSE_CALLBACK_OK;
+    }
+
+    out: return rv;
+}
+
+static void
+posix_group_task_destructor(Slapi_Task *task)
+{
+    if (task) {
+        task_data *mydata = (task_data *) slapi_task_get_data(task);
+        if (mydata) {
+            slapi_ch_free_string(&mydata->dn);
+            slapi_ch_free_string(&mydata->filter_str);
+            /* Need to cast to avoid a compiler warning */
+            slapi_ch_free((void **) &mydata);
+        }
+    }
+}
+
+static int
+posix_group_del_memberuid_callback(Slapi_Entry *e, void *callback_data)
+{
+    int rc = 0;
+    LDAPMod mod;
+    LDAPMod *mods[2];
+    char *val[2];
+    Slapi_PBlock *mod_pb = 0;
+    cb_data *the_cb_data = (cb_data *) callback_data;
+
+    mod_pb = slapi_pblock_new();
+
+    mods[0] = &mod;
+    mods[1] = 0;
+
+    val[0] = 0; /* all */
+    val[1] = 0;
+
+    mod.mod_op = LDAP_MOD_DELETE;
+    mod.mod_type = "memberuid";
+    mod.mod_values = val;
+
+    slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(e), mods, 0, 0,
+                                     posix_winsync_get_plugin_identity(), 0);
+
+    slapi_pblock_set(mod_pb, SLAPI_TXN, the_cb_data->txn);
+    slapi_modify_internal_pb(mod_pb);
+
+    slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+
+    slapi_pblock_destroy(mod_pb);
+
+    return rc;
+}
+
+static int
+posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
+{
+    int rc = 0;
+    struct _cb_data callback_data = { dn, txn };
+    Slapi_PBlock *search_pb = slapi_pblock_new();
+
+    /* char *attrs[]={"uniquemember","memberuid",NULL}; */
+
+    slapi_search_internal_set_pb(search_pb, dn, LDAP_SCOPE_SUBTREE, filter_str, 0, 0, 0, 0,
+                                 posix_winsync_get_plugin_identity(), 0);
+
+    slapi_pblock_set(search_pb, SLAPI_TXN, txn); /* set transaction id */
+    rc = slapi_search_internal_callback_pb(search_pb, &callback_data, 0,
+                                           posix_group_fix_memberuid_callback, 0);
+
+    slapi_pblock_destroy(search_pb);
+
+    return rc;
+}
+
+/* posix_group_fix_memberuid_callback()
+ * Add initial and/or fix up broken group list in entry
+ *
+ * 1. forall uniquemember search if posixAccount ? add uid : ""
+ */
+static int
+posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
+{
+    int rc = 0;
+    char *dn = slapi_entry_get_dn(e);
+    Slapi_DN *sdn = slapi_entry_get_sdn(e);
+
+    Slapi_Attr *obj_attr = NULL;
+
+    rc = slapi_entry_attr_find(e, "uniquemember", &obj_attr);
+    if (rc == 0) { /* Found uniquemember, so...  */
+        int i;
+        Slapi_Value * value = slapi_value_new(); /* new memberuid Attribute values        */
+        Slapi_Value * uniqval = NULL; /* uniquemeber Attribute values        */
+        Slapi_ValueSet *uids = slapi_valueset_new();
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "_fix_memberuid scan uniquemember, group %s\n", dn);
+        for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
+             i = slapi_attr_next_value(obj_attr, i, &uniqval)) {
+            const char *member = NULL;
+            char * uid = NULL;
+            member = slapi_value_get_string(uniqval);
+            /* search uid for member (DN) */
+            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
+            if ((uid = searchUid(member)) != NULL) {
+                slapi_value_set_string(value, uid);
+                /* add uids ValueSet */
+                slapi_valueset_add_value(uids, value);
+            }
+        }
+        slapi_value_free(&value);
+
+        /* If we found some posix members, replace the existing memberuid attribute
+         * with the found values.  */
+        if (uids && slapi_valueset_count(uids)) {
+            Slapi_PBlock *mod_pb = slapi_pblock_new();
+            Slapi_Value *val = 0;
+            Slapi_Mod *smod;
+            LDAPMod **mods = (LDAPMod **) slapi_ch_malloc(2 * sizeof(LDAPMod *));
+            int hint = 0;
+            cb_data *the_cb_data = (cb_data *) callback_data;
+
+            smod = slapi_mod_new();
+            slapi_mod_init(smod, 0);
+            slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+            slapi_mod_set_type(smod, "memberuid");
+
+            /* Loop through all of our values and add them to smod */
+            hint = slapi_valueset_first_value(uids, &val);
+            while (val) {
+                /* this makes a copy of the berval */
+                slapi_mod_add_value(smod, slapi_value_get_berval(val));
+                hint = slapi_valueset_next_value(uids, hint, &val);
+            }
+
+            mods[0] = slapi_mod_get_ldapmod_passout(smod);
+            mods[1] = 0;
+
+            slapi_modify_internal_set_pb_ext(mod_pb, sdn, mods, 0, 0,
+                                             posix_winsync_get_plugin_identity(), 0);
+
+            slapi_pblock_set(mod_pb, SLAPI_TXN, the_cb_data->txn);
+            slapi_modify_internal_pb(mod_pb);
+
+            slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+
+            ldap_mods_free(mods, 1);
+            slapi_mod_free(&smod);
+            slapi_pblock_destroy(mod_pb);
+        } else {
+            /* No member were found, so remove the memberuid attribute
+             * from this entry. */
+            posix_group_del_memberuid_callback(e, callback_data);
+        }
+        slapi_valueset_free(uids);
+    }
+    return rc;
+}
+
+static void
+posix_group_fixup_task_thread(void *arg)
+{
+    Slapi_Task *task = (Slapi_Task *) arg;
+    task_data *td = NULL;
+    int rc = 0;
+
+    /* Fetch our task data from the task */
+    td = (task_data *) slapi_task_get_data(task);
+
+    slapi_task_begin(task, 1);
+    slapi_task_log_notice(task, "posix_group task starts (arg: %s) ...\n", td->filter_str);
+
+    /* get the memberOf operation lock */
+    memberUidLock();
+
+    /* do real work */
+    rc = posix_group_fix_memberuid(td->dn, td->filter_str, NULL /* no txn? */);
+
+    /* release the memberOf operation lock */
+    memberUidUnlock();
+
+    slapi_task_log_notice(task, "posix_group task finished.");
+    slapi_task_log_status(task, "posix_group task finished.");
+    slapi_task_inc_progress(task);
+
+    /* this will queue the destruction of the task */
+    slapi_task_finish(task, rc);
+}

ldap/servers/plugins/posix-winsync/posix-winsync-config.c

@@ -0,0 +1,284 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code
+ * used in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish
+ * to provide this exception without modification, you must delete this
+ * exception statement from your version and license this file solely under the
+ * GPL without exception.
+ *
+ * END COPYRIGHT BLOCK **/
+/* 
+ $Id: posix-winsync-config.c 42 2011-06-10 08:39:50Z grzemba $
+ $HeadURL: file:///storejet/svn/posix-winsync-plugin/trunk/posix-winsync-config.c $
+ */
+
+#ifdef WINSYNC_TEST_POSIX
+#include <slapi-plugin.h>
+#include "winsync-plugin.h"
+#else
+#include <dirsrv/slapi-plugin.h>
+#include <dirsrv/winsync-plugin.h>
+#endif
+#include "posix-wsp-ident.h"
+#include <string.h>
+#include "posix-group-func.h"
+
+#define POSIX_WINSYNC_CONFIG_FILTER "(objectclass=*)"
+/*
+ * static variables
+ */
+/* for now, there is only one configuration and it is global to the plugin  */
+static POSIX_WinSync_Config theConfig;
+static int inited = 0;
+
+/* This is called when a new agreement is created or loaded
+ at startup.
+ */
+
+void *
+posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
+{
+    void *cbdata = NULL;
+    void *node = NULL;
+    Slapi_DN *sdn = NULL;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                    "--> posix_winsync_agmt_init [%s] [%s] -- begin\n",
+                    slapi_sdn_get_dn(ds_subtree), slapi_sdn_get_dn(ad_subtree));
+
+    sdn = slapi_get_first_suffix(&node, 0);
+    while (sdn) {
+        if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
+            theConfig.rep_suffix = sdn;
+            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
+                            slapi_sdn_get_dn(sdn));
+            break;
+        }
+        sdn = slapi_get_next_suffix(&node, 0);
+    }
+    if (!sdn) {
+        slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, "suffix not found for '%s'\n",
+                        slapi_dn_parent(slapi_sdn_get_dn(ds_subtree)));
+    }
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                    "<-- posix_winsync_agmt_init -- end\n");
+
+    return cbdata;
+}
+
+static int
+posix_winsync_apply_config(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
+    int *returncode, char *returntext, void *arg);
+
+POSIX_WinSync_Config *
+posix_winsync_get_config()
+{
+    return &theConfig;
+}
+
+PRBool
+posix_winsync_config_get_mapMemberUid()
+{
+    return theConfig.mapMemberUID;
+}
+
+PRBool
+posix_winsync_config_get_lowercase()
+{
+    return theConfig.lowercase;
+}
+
+PRBool
+posix_winsync_config_get_createMOFTask()
+{
+    return theConfig.createMemberOfTask;
+}
+void
+posix_winsync_config_set_MOFTaskCreated()
+{
+    theConfig.MOFTaskCreated = PR_TRUE;
+}
+void
+posix_winsync_config_reset_MOFTaskCreated()
+{
+    theConfig.MOFTaskCreated = PR_FALSE;
+}
+PRBool
+posix_winsync_config_get_MOFTaskCreated()
+{
+    return theConfig.MOFTaskCreated;
+}
+
+PRBool
+posix_winsync_config_get_msSFUSchema()
+{
+    return theConfig.mssfuSchema;
+}
+
+Slapi_DN *
+posix_winsync_config_get_suffix()
+{
+    return theConfig.rep_suffix;
+}
+/*
+ * Read configuration and create a configuration data structure.
+ * This is called after the server has configured itself so we can check
+ * schema and whatnot.
+ * Returns an LDAP error code (LDAP_SUCCESS if all goes well).
+ */
+int
+posix_winsync_config(Slapi_Entry *config_e)
+{
+    int returncode = LDAP_SUCCESS;
+    char returntext[SLAPI_DSE_RETURNTEXT_SIZE];
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "--> _config %s -- begin\n",
+                    slapi_entry_get_dn_const(config_e));
+    if (inited) {
+        slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
+                        "Error: POSIX WinSync plug-in already configured.  "
+                            "Please remove the plugin config entry [%s]\n",
+                        slapi_entry_get_dn_const(config_e));
+        return (LDAP_PARAM_ERROR);
+    }
+
+    /* initialize fields */
+    if ((theConfig.lock = slapi_new_mutex()) == NULL) {
+        return (LDAP_LOCAL_ERROR);
+    }
+
+    /* init defaults */
+    theConfig.config_e = slapi_entry_alloc();
+    slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
+    theConfig.mssfuSchema = PR_FALSE;
+    theConfig.mapMemberUID = PR_TRUE;
+    theConfig.lowercase = PR_FALSE;
+    theConfig.createMemberOfTask = PR_FALSE;
+    theConfig.MOFTaskCreated = PR_FALSE;
+
+    posix_winsync_apply_config(NULL, NULL, config_e, &returncode, returntext, NULL);
+    /* config DSE must be initialized before we get here */
+    {
+        int rc = 0;
+        const char *config_dn = slapi_entry_get_dn_const(config_e);
+
+        if (!memberUidLockInit()) {
+            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                            "posix_winsync_config -- init Monitor failed\n");
+        }
+
+        slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, config_dn,
+                                       LDAP_SCOPE_BASE, POSIX_WINSYNC_CONFIG_FILTER,
+                                       posix_winsync_apply_config, NULL);
+
+        rc = slapi_task_register_handler("memberuid task", posix_group_task_add);
+        if (rc) {
+            slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                            "posix_winsync_config -- register memberuid task failed\n");
+        }
+    }
+
+    inited = 1;
+
+    if (returncode != LDAP_SUCCESS) {
+        slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, "Error %d: %s\n", returncode,
+                        returntext);
+    }
+
+    return returncode;
+}
+
+static int
+posix_winsync_apply_config(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
+    int *returncode, char *returntext, void *arg)
+{
+    PRBool mssfuSchema = PR_FALSE;
+    PRBool mapMemberUID = PR_TRUE;
+    PRBool createMemberOfTask = PR_FALSE;
+    PRBool lowercase = PR_FALSE;
+    Slapi_Attr *testattr = NULL;
+
+    *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
+
+    /* get msfuSchema value */
+    if (!slapi_entry_attr_find(e, POSIX_WINSYNC_MSSFU_SCHEMA, &testattr) && (NULL != testattr)) {
+        mssfuSchema = slapi_entry_attr_get_bool(e, POSIX_WINSYNC_MSSFU_SCHEMA);
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "_apply_config: Config paramter %s: %d\n", POSIX_WINSYNC_MSSFU_SCHEMA,
+                        mssfuSchema);
+    }
+
+    /* get memberUid value */
+    if (!slapi_entry_attr_find(e, POSIX_WINSYNC_MAP_MEMBERUID, &testattr) && (NULL != testattr)) {
+        mapMemberUID = slapi_entry_attr_get_bool(e, POSIX_WINSYNC_MAP_MEMBERUID);
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "_apply_config: Config paramter %s: %d\n", POSIX_WINSYNC_MAP_MEMBERUID,
+                        mapMemberUID);
+    }
+    /* get create task value */
+    if (!slapi_entry_attr_find(e, POSIX_WINSYNC_CREATE_MEMBEROFTASK, &testattr) && (NULL
+        != testattr)) {
+        createMemberOfTask = slapi_entry_attr_get_bool(e, POSIX_WINSYNC_CREATE_MEMBEROFTASK);
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "_apply_config: Config paramter %s: %d\n",
+                        POSIX_WINSYNC_CREATE_MEMBEROFTASK, createMemberOfTask);
+    }
+    /* get lower case UID in memberUID */
+    if (!slapi_entry_attr_find(e, POSIX_WINSYNC_LOWER_CASE, &testattr) && (NULL != testattr)) {
+        lowercase = slapi_entry_attr_get_bool(e, POSIX_WINSYNC_LOWER_CASE);
+        slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                        "_apply_config: Config paramter %s: %d\n", POSIX_WINSYNC_LOWER_CASE,
+                        lowercase);
+    }
+    /* if we got here, we have valid values for everything
+     set the config entry */
+    slapi_lock_mutex(theConfig.lock);
+    slapi_entry_free(theConfig.config_e);
+    theConfig.config_e = slapi_entry_alloc();
+    slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
+
+    /* all of the attrs and vals have been set - set the other values */
+    theConfig.mssfuSchema = mssfuSchema;
+    theConfig.mapMemberUID = mapMemberUID;
+    theConfig.createMemberOfTask = createMemberOfTask;
+    theConfig.lowercase = lowercase;
+
+    /* success */
+    slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
+                    "<-- _apply_config: config evaluated\n");
+    *returncode = LDAP_SUCCESS;
+
+    slapi_unlock_mutex(theConfig.lock);
+
+    if (*returncode != LDAP_SUCCESS) {
+        return SLAPI_DSE_CALLBACK_ERROR;
+    } else {
+        return SLAPI_DSE_CALLBACK_OK;
+    }
+}
+

ldap/servers/plugins/posix-winsync/posix-winsync.c

@@ -0,0 +1,1459 @@
+/** Author: Carsten Grzemba [email protected]>
+ *
+ * Copyright (C) 2011 contac Datentechnik GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; version 2 only
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ $Id: posix-winsync.c 40 2011-06-10 08:28:56Z grzemba $
+ **/
+
+/* 
+ * - AD needs for Posix attributes a NIS Domainname, this software expect a attribute nisDomain with the name in a upper container on DS side
+ * - currently the winsync API has no callbacks for new created entries on DS side
+
+ compile:
+ gcc -g -shared -m64 -fPIC -c -D WINSYNC_TEST_POSIX \
+               -I ../fedora-ds/ds/ldap/servers/slapd  \
+               -I ../fedora-ds/ds/ldap/servers/plugins/replication \
+               -I /usr/include/mps posix-winsync.c
+ link:
+ ld -G posix-winsync.o -o libposix-winsync.so
+
+ configure DS with
+
+ dn: cn=Posix Winsync API,cn=plugins,cn=config
+ objectclass: top
+ objectclass: nsSlapdPlugin
+ objectclass: extensibleObject
+ cn: Posix Winsync API
+ nsslapd-pluginpath: libposix-winsync
+ nsslapd-plugininitfunc: posix_winsync_plugin_init
+ nsslapd-plugintype: preoperation
+ nsslapd-pluginenabled: on
+ nsslapd-plugin-depends-on-type: database
+ nsslapd-pluginDescription: Sync Posix Attributes for users and groups between AD and DS if available and user lock/unlock
+ nsslapd-pluginVendor: contac Datentechnik GmbH
+ nsslapd-pluginId: posix-winsync-plugin
+ nsslapd-pluginVersion: POSIX/1.0
+
+ AFTER that make new replication aggrements
+
+ for details see: Red_Hat_Directory_Server-8.2-Plug-in_Guide-en-US.pdf
+ */
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif
+
+#ifdef WINSYNC_TEST_POSIX
+#include <slapi-plugin.h>
+#include "winsync-plugin.h"
+#else
+#include <dirsrv/slapi-plugin.h>
+#include <dirsrv/winsync-plugin.h>
+#endif
+#include <plstr.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
+
+#define MEMBEROFTASK "memberof task"
+Slapi_Value **
+valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
+void *
+posix_winsync_get_plugin_identity();
+void *
+posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
+
+/**
+ * Plugin identifiers
+ */
+static Slapi_PluginDesc posix_winsync_pdesc =
+    { "posix-winsync-plugin", VENDOR, DS_PACKAGE_VERSION,
+      "Sync Posix Attributs for users and groups between AD and DS if available" };
+typedef struct _windows_attr_map
+{
+    char *windows_attribute_name;
+    char *ldap_attribute_name;
+} windows_attribute_map;
+
+static windows_attribute_map user_attribute_map[] = { { "unixHomeDirectory", "homeDirectory" },
+                                                      { "loginShell", "loginShell" },
+                                                      { "uidNumber", "uidNumber" },
+                                                      { "gidNumber", "gidNumber" },
+                                                      { "gecos", "gecos" },
+                                                      { NULL, NULL } };
+
+static windows_attribute_map user_mssfu_attribute_map[] =
+    { { "msSFU30homedirectory", "homeDirectory" },
+      { "msSFU30loginshell", "loginShell" },
+      { "msSFU30uidnumber", "uidNumber" },
+      { "msSFU30gidnumber", "gidNumber" },
+      { "msSFU30gecos", "gecos" },
+      { NULL, NULL } };
+
+static windows_attribute_map group_attribute_map[] = { { "memberUid", "memberUid" },
+                                                       { "gidNumber", "gidNumber" },
+                                                       { NULL, NULL } };
+
+static windows_attribute_map group_mssfu_attribute_map[] = { { "msSFU30memberUid", "memberUid" },
+                                                             { "msSFU30gidNumber", "gidNumber" },
+                                                             { NULL, NULL } };
+
+static char *posix_winsync_plugin_name = POSIX_WINSYNC_PLUGIN_NAME;
+
+enum
+{
+    ACCT_DISABLE_INVALID, /* the invalid value */
+    ACCT_DISABLE_NONE, /* do not sync acct disable status */
+    ACCT_DISABLE_TO_AD, /* sync only from ds to ad */
+    ACCT_DISABLE_TO_DS, /* sync only from ad to ds */
+    ACCT_DISABLE_BOTH
+/* bi-directional sync */
+};
+
+/*
+ * Check if the given entry has account lock on (i.e. entry is disabled)
+ * Mostly copied from check_account_lock in the server code.
+ * Returns: 0 - account is disabled (lock == "true")
+ *          1 - account is enabled (lock == "false" or empty)
+ *         -1 - some sort of error
+ */
+static int
+check_account_lock(Slapi_Entry *ds_entry, int *isvirt)
+{
+    int rc = 1;
+    Slapi_ValueSet *values = NULL;
+    int type_name_disposition = 0;
+    char *actual_type_name = NULL;
+    int attr_free_flags = 0;
+    char *strval;
+
+    /* first, see if the attribute is a "real" attribute */
+    strval = slapi_entry_attr_get_charptr(ds_entry, "nsAccountLock");
+    if (strval) { /* value is real */
+        *isvirt = 0; /* value is real */
+        rc = 1; /* default to enabled */
+        if (PL_strncasecmp(strval, "true", 4) == 0) {
+            rc = 0; /* account is disabled */
+        }
+        slapi_ch_free_string(&strval);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "<-- check_account_lock - entry [%s] has real "
+                            "attribute nsAccountLock and entry %s locked\n",
+                        slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
+        return rc;
+    }
+
+    rc = slapi_vattr_values_get(ds_entry, "nsAccountLock", &values, &type_name_disposition,
+                                &actual_type_name, SLAPI_VIRTUALATTRS_REQUEST_POINTERS,
+                                &attr_free_flags);
+    if (rc == 0) {
+        Slapi_Value *v = NULL;
+        const struct berval *bvp = NULL;
+
+        rc = 1; /* default is enabled */
+        *isvirt = 1; /* value is virtual */
+        if ((slapi_valueset_first_value(values, &v) != -1) &&
+            ((bvp = slapi_value_get_berval(v)) != NULL)) {
+            if ((bvp != NULL) && (PL_strncasecmp(bvp->bv_val, "true", 4) == 0)) {
+                slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
+                rc = 0; /* account is disabled */
+            }
+        }
+
+        if (values != NULL) {
+            slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
+        }
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "<-- check_account_lock - entry [%s] has virtual "
+                            "attribute nsAccountLock and entry %s locked\n",
+                        slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
+    } else {
+        rc = 1; /* no attr == entry is enabled */
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "<-- check_account_lock - entry [%s] does not "
+                            "have attribute nsAccountLock - entry %s locked\n",
+                        slapi_entry_get_dn_const(ds_entry), rc ? "is not" : "is");
+    }
+
+    return rc;
+}
+
+/*
+ * This can be used either in the to ad direction or the to ds direction, since in both
+ * cases we have to read both entries and compare the values.
+ * ad_entry - entry from AD
+ * ds_entry - entry from DS
+ * direction - either ACCT_DISABLE_TO_AD or ACCT_DISABLE_TO_DS
+ *
+ * If smods is given, this is the list of mods to send in the given direction.  The
+ * appropriate modify operation will be added to this list or changed to the correct
+ * value if it already exists.
+ * Otherwise, if a destination entry is given, the value will be written into
+ * that entry.
+ */
+static void
+sync_acct_disable(void *cbdata, /* the usual domain config data */
+    const Slapi_Entry *ad_entry, /* the AD entry */
+    Slapi_Entry *ds_entry, /* the DS entry */
+    int direction, /* the direction - TO_AD or TO_DS */
+    Slapi_Entry *update_entry, /* the entry to update for ADDs */
+    Slapi_Mods *smods, /* the mod list for MODIFYs */
+    int *do_modify /* if not NULL, set this to true if mods were added */
+)
+{
+    int ds_is_enabled = 1; /* default to true */
+    int ad_is_enabled = 1; /* default to true */
+    unsigned long adval = 0; /* raw account val from ad entry */
+    int isvirt = 0;
+
+    /* get the account lock state of the ds entry */
+    if (0 == check_account_lock(ds_entry, &isvirt)) {
+        ds_is_enabled = 0;
+    }
+    if (isvirt)
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "<-- sync_acct_disable - %s DS nsaccountlock is virtual!!!!\n",
+                        slapi_entry_get_dn_const(ds_entry));
+    /* get the account lock state of the ad entry */
+    adval = slapi_entry_attr_get_ulong(ad_entry, "UserAccountControl");
+    if (adval & 0x2) {
+        /* account is disabled */
+        ad_is_enabled = 0;
+    }
+
+    if (ad_is_enabled == ds_is_enabled) { /* both have same value - nothing to do */
+        return;
+    }
+
+    /* have to enable or disable */
+    if (direction == ACCT_DISABLE_TO_AD) {
+        unsigned long mask;
+        /* set the mod or entry */
+        if (ds_is_enabled) {
+            mask = ~0x2;
+            adval &= mask; /* unset the 0x2 disable bit */
+        } else {
+            mask = 0x2;
+            adval |= mask; /* set the 0x2 disable bit */
+        }
+        if (update_entry) {
+            slapi_entry_attr_set_ulong(update_entry, "userAccountControl", adval);
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- sync_acct_disable - %s AD account [%s] - "
+                                "new value is [%ld]\n", (ds_is_enabled) ? "enabled" : "disabled",
+                            slapi_entry_get_dn_const(update_entry), adval);
+        } else {
+            /* iterate through the mods - if there is already a mod
+             for userAccountControl, change it - otherwise, add it */
+            char acctvalstr[32];
+            LDAPMod *mod = NULL;
+            struct berval *mod_bval = NULL;
+            for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+                if (!PL_strcasecmp(mod->mod_type, "userAccountControl") && mod->mod_bvalues
+                    && mod->mod_bvalues[0]) {
+                    mod_bval = mod->mod_bvalues[0];
+                    /* mod_bval points directly to value inside mod list */
+                    break;
+                }
+            }
+            if (!mod_bval) { /* not found - add it */
+                struct berval tmpbval = { 0, NULL };
+                Slapi_Mod *smod = slapi_mod_new();
+                slapi_mod_init(smod, 1); /* one element */
+                slapi_mod_set_type(smod, "userAccountControl");
+                slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+                slapi_mod_add_value(smod, &tmpbval);
+                /* add_value makes a copy of the bval - so let's get a pointer
+                 to that new value - we will change the bval in place */
+                mod_bval = slapi_mod_get_first_value(smod);
+                /* mod_bval points directly to value inside mod list */
+                /* now add the new mod to smods */
+                slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+                /* smods now owns the ldapmod */
+                slapi_mod_free(&smod);
+                if (do_modify) {
+                    *do_modify = 1; /* added mods */
+                }
+            }
+            if (mod_bval) {
+                /* this is where we set or update the actual value
+                 mod_bval points directly into the mod list we are
+                 sending */
+                if (mod_bval->bv_val && (mod_bval->bv_len > 0)) {
+                    /* get the old val */
+                    adval = strtol(mod_bval->bv_val, NULL, 10);
+                }
+                if (ds_is_enabled) {
+                    mask = ~0x2;
+                    adval &= mask; /* unset the 0x2 disable bit */
+                } else {
+                    mask = 0x2;
+                    adval |= mask; /* set the 0x2 disable bit */
+                }
+                PR_snprintf(acctvalstr, sizeof(acctvalstr), "%lu", adval);
+                slapi_ch_free_string(&mod_bval->bv_val);
+                mod_bval->bv_val = slapi_ch_strdup(acctvalstr);
+                mod_bval->bv_len = strlen(acctvalstr);
+            }
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- sync_acct_disable - %s AD account [%s] - "
+                                "new value is [%ld]\n", (ds_is_enabled) ? "enabled" : "disabled",
+                            slapi_entry_get_dn_const(ad_entry), adval);
+        }
+    }
+
+    if (direction == ACCT_DISABLE_TO_DS) {
+        char *attrtype = NULL;
+        char *attrval;
+        char *val = NULL;
+
+        attrtype = (isvirt) ? "nsRoleDN" : "nsAccountLock";
+        if (ad_is_enabled) {
+            attrval = NULL; /* will delete the value */
+        } else {
+            if (isvirt) {
+                val = slapi_create_dn_string("cn=nsManagedDisabledRole,%s",
+                                             slapi_sdn_get_dn(posix_winsync_config_get_suffix()));
+                attrval = val;
+            } else {
+                attrval = "true";
+            }
+        }
+
+        if (update_entry) {
+            slapi_entry_attr_set_charptr(update_entry, attrtype, attrval);
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- sync_acct_disable - %s DS account [%s]\n", (ad_is_enabled)
+                                ? "enable" : "disable", slapi_entry_get_dn_const(ds_entry));
+        } else { /* do mod */
+            Slapi_Mod *smod = slapi_mod_new();
+
+            slapi_mod_init(smod, 1); /* one element */
+            slapi_mod_set_type(smod, attrtype);
+            if (attrval == NULL) {
+                slapi_mod_set_operation(smod, LDAP_MOD_DELETE | LDAP_MOD_BVALUES);
+            } else {
+                Slapi_Value *v = NULL;
+                v = slapi_value_new_string(attrval);
+                slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+                slapi_mod_add_value(smod, slapi_value_get_berval(v));
+                slapi_value_free(&v);
+            }
+            slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+            slapi_mod_free(&smod);
+
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- sync_acct_disable - %s DS account [%s]\n", (ad_is_enabled)
+                                ? "enable" : "disable", slapi_entry_get_dn_const(ds_entry));
+            if (do_modify) {
+                *do_modify = 1; /* added mods */
+            }
+        }
+        slapi_ch_free_string(&val);
+    }
+    return;
+}
+
+/* Returns non-zero if the attribute value sets are identical.  */
+static int
+attr_compare_equal(Slapi_Attr *a, Slapi_Attr *b)
+{
+    int i = 0;
+    Slapi_Value *va = NULL;
+
+    /* Iterate through values in attr a and search for each in attr b */
+    for (i = slapi_attr_first_value(a, &va); va && (i != -1); i = slapi_attr_next_value(a, i, &va)) {
+
+        /* Compare the entire attribute value */
+        if (slapi_attr_value_find(b, slapi_value_get_berval(va)) != 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int
+addNisDomainName(Slapi_Mod *smod, const Slapi_Entry *ds_entry)
+{
+    Slapi_Entry *entry = NULL;
+    char *type_NisDomain = "nisDomain";
+    Slapi_PBlock * pb;
+    int rc = -1;
+
+    char* nisdomainname = NULL;
+    Slapi_DN* entry_sdn = slapi_entry_get_sdn((Slapi_Entry *) ds_entry);
+    Slapi_DN* subtree_sdn = slapi_sdn_new();
+    Slapi_DN *childparent = slapi_sdn_new();
+    struct berval **vals;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "addNisDomainName start DN:%s\n",
+                    slapi_sdn_get_dn(entry_sdn));
+    slapi_sdn_get_parent(entry_sdn, subtree_sdn);
+    pb = slapi_pblock_new();
+    do {
+        Slapi_Attr *attr = NULL;
+        char *nisDomainAttr[] = { type_NisDomain, NULL };
+
+        slapi_sdn_get_parent(subtree_sdn, childparent);
+        if (slapi_sdn_isempty(childparent)) {
+            rc = -1;
+            break;
+        }
+        rc = slapi_search_internal_get_entry(childparent, nisDomainAttr, &entry,
+                                             posix_winsync_get_plugin_identity());
+        if (rc == 0) {
+            if (rc == 0 && entry) {
+                rc = slapi_entry_attr_find(entry, type_NisDomain, &attr);
+                if (attr) {
+                    rc = slapi_attr_get_bervals_copy(attr, &vals);
+                    break;
+                } else {
+                    rc = LDAP_NO_SUCH_ATTRIBUTE;
+                }
+            }
+        }
+        slapi_sdn_copy(childparent, subtree_sdn);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "addNisDomainName iterate DN:%s\n", slapi_sdn_get_dn(subtree_sdn));
+        slapi_entry_free(entry);
+        entry = NULL;
+    } while (PR_TRUE);
+    slapi_pblock_destroy(pb);
+    if (rc != 0) {
+        slapi_log_error(SLAPI_LOG_REPL, posix_winsync_plugin_name,
+                        "addNisDomainName: no nisdomainname found in %s, LDAP Err%d\n",
+                        slapi_sdn_get_dn(subtree_sdn), rc);
+    } else {
+        slapi_mod_init(smod, 1);
+        slapi_mod_set_type(smod, "msSFU30NisDomain");
+        slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+        slapi_mod_add_value(smod, vals[0]);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "addNisDomainName NisDomain %s found in DN:%s\n", vals[0]->bv_val,
+                        slapi_sdn_get_dn(childparent));
+        if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN))
+            slapi_mod_dump((LDAPMod*) slapi_mod_get_ldapmod_byref(smod), 0);
+        ber_bvecfree(vals);
+
+    }
+    slapi_sdn_free(&childparent);
+    slapi_entry_free(entry);
+    entry = NULL;
+    slapi_sdn_free(&subtree_sdn);
+
+    slapi_ch_free_string(&nisdomainname);
+    return rc;
+}
+
+static void
+posix_winsync_dirsync_search_params_cb(void *cbdata, const char *agmt_dn, char **base, int *scope,
+    char **filter, char ***attrs, LDAPControl ***serverctrls)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_dirsync_search_params_cb -- begin\n");
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_dirsync_search_params_cb -- end\n");
+
+    return;
+}
+
+/* called before searching for a single entry from AD - agmt_dn will be NULL */
+static void
+posix_winsync_pre_ad_search_cb(void *cbdata, const char *agmt_dn, char **base, int *scope,
+    char **filter, char ***attrs, LDAPControl ***serverctrls)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_pre_ad_search_cb -- begin\n");
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_pre_ad_search_cb -- end\n");
+
+    return;
+}
+
+/* called before an internal search to get a single DS entry - agmt_dn will be NULL */
+static void
+posix_winsync_pre_ds_search_entry_cb(void *cbdata, const char *agmt_dn, char **base, int *scope,
+    char **filter, char ***attrs, LDAPControl ***serverctrls)
+{
+    /*
+     char *tmpbase=slapi_ch_strdup(*base);
+     char *d = *base;
+     char *s = tmpbase;
+     int i=0;
+     */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "--> _pre_ds_search_cb -- begin\n");
+    /* skip the first subtree container ou=xyz, */
+    /*    if (strlen(*base) > 3) {
+     s++;
+     while(*s !='\0'){
+     if (((*(s) == ',') || (*(s) == ';' )) && (*((s)-1) != '\\')){
+     s++;
+     while(*s !='\0'){
+     *d++ = *s++;
+     }
+     *d='\0';
+     break;
+     }
+     s++;
+     }
+     }
+     */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "-- _pre_ds_search_cb - base [%s] "
+                        "scope [%d] filter [%s]\n", *base, *scope, *filter);
+    /*    slapi_ch_free_string(&tmpbase); */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_search_cb -- end\n");
+    return;
+}
+
+/* called before the total update to get all entries from the DS to sync to AD */
+static void
+posix_winsync_pre_ds_search_all_cb(void *cbdata, const char *agmt_dn, char **base, int *scope,
+    char **filter, char ***attrs, LDAPControl ***serverctrls)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_pre_ds_search_all_cb -- orig filter [%s] -- begin\n",
+                    ((filter && *filter) ? *filter : "NULL"));
+
+    /*    slapi_ch_free_string(filter);
+     *filter = slapi_ch_strdup("(|(objectclass=posixaccount)(objectclass=posixgroup))");
+     */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_pre_ds_search_all_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ad_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify)
+{
+    LDAPMod *mod = NULL;
+    int rc = 0;
+    Slapi_Attr *attr = NULL;
+    windows_attribute_map *attr_map = user_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_pre_ad_mod_user_cb -- begin DS account [%s]\n",
+                    slapi_entry_get_dn_const(ds_entry));
+    if (posix_winsync_config_get_msSFUSchema()) {
+        attr_map = user_mssfu_attribute_map;
+    }
+
+    /* called if init Replica: add nisDomain, uidnumber, ... if avail */
+    for (rc = slapi_entry_first_attr(ds_entry, &attr); rc == 0;
+         rc = slapi_entry_next_attr(ds_entry, attr, &attr)) {
+        char *type = NULL;
+
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "_pre_ad_mod_user_cb -- check modify type %s\n", type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(type, attr_map[i].ldap_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Attr *ad_attr = NULL;
+                Slapi_ValueSet *vs = NULL;
+                char *ad_type = NULL;
+                int is_present_local;
+
+                slapi_attr_get_valueset(attr, &vs);
+                ad_type = slapi_ch_strdup(attr_map[i].windows_attribute_name);
+                slapi_entry_attr_find(ad_entry, ad_type, &ad_attr);
+                is_present_local = (NULL == ad_attr) ? 0 : 1;
+                if (is_present_local) {
+                    int values_equal = 0;
+                    values_equal = attr_compare_equal(attr, ad_attr);
+                    if (!values_equal) {
+                        slapi_log_error(
+                                        SLAPI_LOG_PLUGIN,
+                                        posix_winsync_plugin_name,
+                                        "_pre_ad_mod_user_cb -- update mods: %s, %s : values are different -> modify\n",
+                                        slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)),
+                                        ad_type);
+
+                        slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, ad_type,
+                                                  valueset_get_valuearray(vs));
+                        *do_modify = 1;
+                    }
+                } else {
+                    slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, ad_type,
+                                              valueset_get_valuearray(vs));
+                    if (0 == slapi_attr_type_cmp(type, "uidNumber", SLAPI_TYPE_CMP_SUBTYPE)) {
+                        Slapi_Mod *mysmod = slapi_mod_new();
+                        addNisDomainName(mysmod, ds_entry);
+                        slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(mysmod));
+                        slapi_mod_free(&mysmod);
+                    }
+                    *do_modify = 1;
+                }
+                slapi_ch_free((void**) &ad_type);
+                slapi_valueset_free(vs);
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "_pre_ad_mod_user_cb -- add modify %s DS account [%s]\n",
+                                attr_map[i].windows_attribute_name,
+                                slapi_entry_get_dn_const(ds_entry));
+
+            }
+            i++;
+        }
+        if (0 == slapi_attr_type_cmp(type, "nsAccountLock", SLAPI_TYPE_CMP_SUBTYPE))
+            sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_AD, NULL, smods,
+                              do_modify);
+    }
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_pre_ad_mod_user_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ad_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify)
+{
+    LDAPMod *mod = NULL;
+    int rc = 0;
+    Slapi_Attr *attr = NULL;
+    windows_attribute_map *attr_map = group_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = group_mssfu_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ad_mod_group_cb -- begin DS account [%s]\n",
+                    slapi_entry_get_dn_const(ds_entry));
+
+    /* called if init Replica: add nisDomain, gidnumber, memberuid, if avail */
+    for (rc = slapi_entry_first_attr(ds_entry, &attr); rc == 0;
+         rc = slapi_entry_next_attr(ds_entry, attr, &attr)) {
+        char *type = NULL;
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "_pre_ad_mod_group_cb -- check modify type %s\n", type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(type, attr_map[i].ldap_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Attr *ad_attr = NULL;
+                Slapi_ValueSet *vs = NULL;
+                char *ad_type = NULL;
+                int is_present_local;
+
+                slapi_attr_get_valueset(attr, &vs);
+                ad_type = slapi_ch_strdup(attr_map[i].windows_attribute_name);
+                slapi_entry_attr_find(ad_entry, ad_type, &ad_attr);
+                is_present_local = (NULL == ad_attr) ? 0 : 1;
+                if (is_present_local) {
+                    int values_equal = 0;
+                    values_equal = attr_compare_equal(attr, ad_attr);
+                    if (!values_equal) {
+                        slapi_log_error(
+                                        SLAPI_LOG_PLUGIN,
+                                        posix_winsync_plugin_name,
+                                        "_pre_ad_mod_group_cb -- update mods: %s, %s : values are different -> modify\n",
+                                        slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)),
+                                        ad_type);
+
+                        slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, ad_type,
+                                                  valueset_get_valuearray(vs));
+                        *do_modify = 1;
+                    }
+                } else {
+
+                    slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, ad_type,
+                                              valueset_get_valuearray(vs));
+                    if (0 == slapi_attr_type_cmp(type, "gidNumber", SLAPI_TYPE_CMP_SUBTYPE)) {
+                        Slapi_Mod *mysmod = slapi_mod_new();
+                        addNisDomainName(mysmod, ds_entry);
+                        slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(mysmod));
+                        slapi_mod_free(&mysmod);
+                    }
+                    *do_modify = 1;
+                }
+                slapi_ch_free((void**) &ad_type);
+                slapi_valueset_free(vs);
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "_pre_ad_mod_group_cb -- add modify %s DS account [%s]\n",
+                                attr_map[i].windows_attribute_name,
+                                slapi_entry_get_dn_const(ds_entry));
+            }
+            i++;
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "_pre_ad_mod_group_cb -- step\n");
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- _pre_ad_mod_group_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ds_mod_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify)
+{
+    LDAPMod* mod = NULL;
+    Slapi_Attr *attr = NULL;
+    int is_present_local = 0;
+    int do_modify_local = 0;
+    int rc;
+    windows_attribute_map *attr_map = user_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = user_mssfu_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ds_mod_user_cb -- begin\n");
+
+    /* add objectclass: posixAccount, uidnumber ,gidnumber ,homeDirectory, loginshell */
+    /* in the ad to ds case we have no changelog, so we have to compare the entries */
+    for (rc = slapi_entry_first_attr(ad_entry, &attr); rc == 0;
+         rc = slapi_entry_next_attr(ad_entry, attr, &attr)) {
+        char *type = NULL;
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(type, attr_map[i].windows_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Attr *local_attr = NULL;
+                char *local_type = NULL;
+                Slapi_ValueSet *vs = NULL;
+
+                slapi_attr_get_valueset(attr, &vs);
+                local_type = slapi_ch_strdup(attr_map[i].ldap_attribute_name);
+                slapi_entry_attr_find(ds_entry, local_type, &local_attr);
+                is_present_local = (NULL == local_attr) ? 0 : 1;
+                if (is_present_local) {
+                    int values_equal = 0;
+                    values_equal = attr_compare_equal(attr, local_attr);
+                    if (!values_equal) {
+                        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                        "_pre_ds_mod_user_cb -- update mods: %s, %s : values are different -> modify\n",
+                                        slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)),
+                                        local_type);
+
+                        slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, local_type,
+                                                  valueset_get_valuearray(vs));
+                        *do_modify = 1;
+                    }
+                } else {
+
+                    slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type,
+                                              valueset_get_valuearray(vs));
+                    *do_modify = do_modify_local = 1;
+                }
+                slapi_valueset_free(vs);
+                slapi_ch_free((void**) &local_type);
+                /* what about if delete all values on windows ????? */
+            }
+            i++;
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- _pre_ds_mod_user_cb present %d modify %d\n", is_present_local,
+                    do_modify_local);
+
+    if (!is_present_local && do_modify_local) {
+        Slapi_Attr *oc_attr = NULL;
+        Slapi_Value *voc = slapi_value_new();
+
+        slapi_value_init_string(voc, "posixAccount");
+        rc = slapi_entry_attr_find(ds_entry, "objectClass", &oc_attr);
+        if (rc == 0) {
+            const struct berval *bv = slapi_value_get_berval(voc);
+            if (bv && slapi_attr_value_find(oc_attr, bv) != 0) {
+                Slapi_ValueSet *oc_vs = slapi_valueset_new();
+                Slapi_Value *oc_nv = slapi_value_new();
+
+                slapi_attr_get_valueset(oc_attr, &oc_vs);
+                slapi_value_init_string(oc_nv, "posixAccount");
+                slapi_valueset_add_value(oc_vs, oc_nv);
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "<-- _pre_ds_mod_user_cb add oc:posixAccount\n");
+
+                slapi_value_init_string(voc, "shadowAccount");
+                if (slapi_attr_value_find(oc_attr, slapi_value_get_berval(voc)) != 0) {
+                    Slapi_Value *oc_nv = slapi_value_new();
+
+                    slapi_value_init_string(oc_nv, "shadowAccount");
+                    slapi_valueset_add_value(oc_vs, oc_nv);
+                    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                    "<-- _pre_ds_mod_user_cb add oc:shadowAccount\n");
+                }
+                slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, "objectClass",
+                                          valueset_get_valuearray(oc_vs));
+                slapi_value_free(&oc_nv);
+                slapi_valueset_free(oc_vs);
+            }
+        }
+        slapi_value_free(&voc);
+    }
+    sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, NULL, smods, do_modify);
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_mod_user_cb %s %s\n",
+                    slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)), (do_modify) ? "modified"
+                        : "not modified");
+
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_mod_user_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ds_mod_group_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify)
+{
+    LDAPMod* mod = NULL;
+    Slapi_Attr *attr = NULL;
+    int is_present_local = 0;
+    int do_modify_local = 0;
+    int rc;
+    windows_attribute_map *attr_map = group_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = group_mssfu_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ds_mod_group_cb -- begin\n");
+    /* in the ad to ds case we have no changelog, so we have to compare the entries */
+    for (rc = slapi_entry_first_attr(ad_entry, &attr); rc == 0; rc
+        = slapi_entry_next_attr(ad_entry, attr, &attr)) {
+        char *type = NULL;
+        Slapi_ValueSet *vs = NULL;
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(type, attr_map[i].windows_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Attr *local_attr = NULL;
+                char *local_type = NULL;
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "1.\n");
+                slapi_attr_get_valueset(attr, &vs);
+                local_type = slapi_ch_strdup(attr_map[i].ldap_attribute_name);
+                slapi_entry_attr_find(ds_entry, local_type, &local_attr);
+                is_present_local = (NULL == local_attr) ? 0 : 1;
+                if (is_present_local) {
+                    int values_equal = 0;
+                    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "2.\n");
+                    values_equal = attr_compare_equal(attr, local_attr);
+                    if (!values_equal) {
+                        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                        "_pre_ds_mod_group_cb -- update mods: %s, %s : values are different -> modify\n",
+                                        slapi_sdn_get_dn(slapi_entry_get_sdn_const(ds_entry)),
+                                        local_type);
+
+                        slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, local_type,
+                                                  valueset_get_valuearray(vs));
+                        *do_modify = 1;
+                    }
+                } else {
+                    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "3.\n");
+
+                    slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type,
+                                              valueset_get_valuearray(vs));
+                    *do_modify = do_modify_local = 1;
+                }
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "4.\n");
+
+                slapi_ch_free((void**) &local_type);
+                slapi_valueset_free(vs);
+                /* what about if delete all values on windows ???? */
+            }
+            i++;
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "_pre_ds_mod_group_cb present %d modify %d before\n", is_present_local,
+                    do_modify_local);
+    if (posix_winsync_config_get_mapMemberUid()) {
+        memberUidLock();
+        modGroupMembership(ds_entry, smods, do_modify);
+        memberUidUnlock();
+    }
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "_pre_ds_mod_group_cb present %d modify %d\n", is_present_local,
+                    do_modify_local);
+
+    if (!is_present_local && do_modify_local) {
+        Slapi_Attr *oc_attr = NULL;
+        Slapi_Value *voc = slapi_value_new();
+
+        slapi_value_init_string(voc, "posixGroup");
+        slapi_entry_attr_find(ds_entry, "objectClass", &oc_attr);
+        if (slapi_attr_value_find(oc_attr, slapi_value_get_berval(voc)) != 0) {
+            Slapi_ValueSet *oc_vs = slapi_valueset_new();
+            Slapi_Value *oc_nv = slapi_value_new();
+
+            slapi_attr_get_valueset(oc_attr, &oc_vs);
+            slapi_value_init_string(oc_nv, "posixGroup");
+            slapi_valueset_add_value(oc_vs, oc_nv);
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "_pre_ds_mod_group_cb add oc:posixGroup\n");
+            slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, "objectClass",
+                                      valueset_get_valuearray(oc_vs));
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "_pre_ds_mod_group_cb step\n");
+            slapi_value_free(&oc_nv);
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "_pre_ds_mod_group_cb step\n");
+            /* slapi_valuset_free(oc_vs); */
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "_pre_ds_mod_group_cb step\n");
+        }
+        slapi_value_free(&voc);
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "_pre_ds_mod_group_cb step\n");
+
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- _pre_ds_mod_group_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry)
+{
+    Slapi_Attr *attr = NULL;
+    char *type = NULL;
+    PRBool posixval = PR_FALSE;
+    windows_attribute_map *attr_map = user_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = user_mssfu_attribute_map;
+
+    /* add objectclass: posixAccount, uidnumber, gidnumber, homeDirectory, loginShell */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ds_add_user_cb -- begin\n");
+
+    for (slapi_entry_first_attr(ad_entry, &attr); attr; slapi_entry_next_attr(ad_entry, attr, &attr)) {
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        if (!type) {
+            continue;
+        }
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "--> _pre_ds_add_user_cb -- "
+            "look for [%s] to new entry [%s]\n", type, slapi_entry_get_dn_const(ds_entry));
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (slapi_attr_type_cmp(attr_map[i].windows_attribute_name, type,
+                                    SLAPI_TYPE_CMP_SUBTYPE) == 0) {
+                Slapi_ValueSet *svs = NULL;
+                slapi_attr_get_valueset(attr, &svs);
+                slapi_entry_add_valueset(ds_entry, attr_map[i].ldap_attribute_name, svs);
+                slapi_valueset_free(svs);
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "--> _pre_ds_add_user_cb -- "
+                                    "adding val for [%s] to new entry [%s]\n", type,
+                                slapi_entry_get_dn_const(ds_entry));
+                posixval = PR_TRUE;
+            }
+            i++;
+        }
+    }
+    if (posixval) {
+        int rc;
+        rc = slapi_entry_add_string(ds_entry, "objectClass", "posixAccount");
+        rc |= slapi_entry_add_string(ds_entry, "objectClass", "shadowAccount");
+        rc |= slapi_entry_add_string(ds_entry, "objectClass", "inetUser");
+        if (rc != 0)
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- _pre_ds_add_user_cb -- adding objectclass for new entry failed %d\n",
+                            rc);
+    }
+    sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS, ds_entry, NULL, NULL);
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "<-- _pre_ds_add_user_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ds_add_group_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry,
+    Slapi_Entry *ds_entry)
+{
+    Slapi_Attr *attr = NULL;
+    char *type = NULL;
+    PRBool posixval = PR_FALSE;
+    windows_attribute_map *attr_map = group_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = group_mssfu_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_pre_ds_add_group_cb -- begin\n");
+
+    for (slapi_entry_first_attr(ad_entry, &attr); attr; slapi_entry_next_attr(ad_entry, attr, &attr)) {
+        size_t i = 0;
+
+        slapi_attr_get_type(attr, &type);
+        if (!type) {
+            continue;
+        }
+
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "--> _pre_ds_add_group_cb -- "
+            "look for [%s] to new entry [%s]\n", type, slapi_entry_get_dn_const(ds_entry));
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (slapi_attr_type_cmp(attr_map[i].windows_attribute_name, type,
+                                    SLAPI_TYPE_CMP_SUBTYPE) == 0) {
+                Slapi_ValueSet *svs = NULL;
+                slapi_attr_get_valueset(attr, &svs);
+                slapi_entry_add_valueset(ds_entry, attr_map[i].ldap_attribute_name, svs);
+                slapi_valueset_free(svs);
+
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "--> _pre_ds_add_group_cb -- "
+                                    "adding val for [%s] to new entry [%s]\n", type,
+                                slapi_entry_get_dn_const(ds_entry));
+                posixval = PR_TRUE;
+            }
+            i++;
+        }
+    }
+    if (posixval) {
+        int rc;
+        rc = slapi_entry_add_string(ds_entry, "objectClass", "posixGroup");
+        if (rc != 0) {
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "<-- _pre_ds_add_group_cb -- adding objectclass for new entry failed %d\n",
+                            rc);
+        } else {
+            if (posix_winsync_config_get_mapMemberUid()) {
+                memberUidLock();
+                addGroupMembership(ds_entry, ad_entry);
+                memberUidUnlock();
+            }
+        }
+    }
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_pre_ds_add_group_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
+    Slapi_Entry *ad_entry, char **new_dn_string, const Slapi_DN *ds_suffix,
+    const Slapi_DN *ad_suffix)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_get_new_ds_user_dn_cb -- old dn [%s] -- begin\n",
+                    *new_dn_string);
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n",
+                    *new_dn_string);
+
+    return;
+}
+
+static void
+posix_winsync_get_new_ds_group_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
+    Slapi_Entry *ad_entry, char **new_dn_string, const Slapi_DN *ds_suffix,
+    const Slapi_DN *ad_suffix)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_get_new_ds_group_dn_cb -- begin\n");
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_get_new_ds_group_dn_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ad_mod_user_mods_cb(void *cbdata, const Slapi_Entry *rawentry,
+    const Slapi_DN *local_dn, const Slapi_Entry *ds_entry, LDAPMod * const *origmods,
+    Slapi_DN *remote_dn, LDAPMod ***modstosend)
+{
+    Slapi_Mods *smods = slapi_mods_new();
+    Slapi_Mods *new_smods = slapi_mods_new();
+    LDAPMod *mod = NULL;
+    windows_attribute_map *attr_map = user_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = user_mssfu_attribute_map;
+
+    /* mod if changed objectclass: posixAccount, uidnumber, gidnumber, homeDirectory, loginShell */
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ad_mod_user_mods_cb -- begin DS account [%s] \n",
+                    slapi_entry_get_dn_const(ds_entry));
+
+    /* wrap the modstosend in a Slapi_Mods for convenience */
+    slapi_mods_init_passin(new_smods, *modstosend);
+    slapi_mods_init_byref(smods, (LDAPMod**) origmods);
+
+    for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+        size_t i = 0;
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "_pre_ad_mod_user_mods_cb -- check modify type %s\n", mod->mod_type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(mod->mod_type, attr_map[i].ldap_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Mod *mysmod = slapi_mod_new();
+                slapi_mod_init_byval(mysmod, mod);
+                slapi_mod_set_type(mysmod, attr_map[i].windows_attribute_name);
+                slapi_mods_add_ldapmod(new_smods, slapi_mod_get_ldapmod_passout(mysmod));
+                slapi_mod_free(&mysmod);
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "_pre_ad_mod_user_mods_cb -- add modify %s DS account [%s]\n",
+                                attr_map[i].windows_attribute_name,
+                                slapi_entry_get_dn_const(ds_entry));
+                if (0 == slapi_attr_type_cmp(mod->mod_type, "uidNumber", SLAPI_TYPE_CMP_SUBTYPE)) {
+                    Slapi_Mod *ocsmod = slapi_mod_new();
+                    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                    "_pre_ad_mod_user_mods_cb -- add NisDomain\n");
+                    addNisDomainName(ocsmod, ds_entry);
+                    slapi_mods_add_ldapmod(new_smods, slapi_mod_get_ldapmod_passout(ocsmod));
+                    slapi_mod_free(&ocsmod);
+                }
+            }
+            i++;
+        }
+        if (0 == slapi_attr_type_cmp(mod->mod_type, "nsRoleDN", SLAPI_TYPE_CMP_SUBTYPE)) {
+            int dummy = 0;
+            sync_acct_disable(cbdata, rawentry, (Slapi_Entry *) ds_entry, ACCT_DISABLE_TO_AD, NULL,
+                              new_smods, &dummy);
+        }
+    }
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(new_smods); mod; mod
+            = slapi_mods_get_next_mod(new_smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+    *modstosend = slapi_mods_get_ldapmods_passout(new_smods);
+
+    slapi_mods_free(&smods);
+    slapi_mods_free(&new_smods);
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- _pre_ad_mod_user_mods_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_pre_ad_mod_group_mods_cb(void *cbdata, const Slapi_Entry *rawentry,
+    const Slapi_DN *local_dn, const Slapi_Entry *ds_entry, LDAPMod * const *origmods,
+    Slapi_DN *remote_dn, LDAPMod ***modstosend)
+{
+    Slapi_Mods *smods = slapi_mods_new();
+    Slapi_Mods *new_smods = slapi_mods_new();
+    LDAPMod *mod = NULL;
+    windows_attribute_map *attr_map = group_attribute_map;
+
+    if (posix_winsync_config_get_msSFUSchema())
+        attr_map = group_mssfu_attribute_map;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> _pre_ad_mod_group_mods_cb -- begin\n");
+    /* wrap the modstosend in a Slapi_Mods for convenience */
+    slapi_mods_init_passin(new_smods, *modstosend);
+    slapi_mods_init_byref(smods, (LDAPMod**) origmods);
+
+    for (mod = slapi_mods_get_first_mod(smods); mod; mod = slapi_mods_get_next_mod(smods)) {
+        size_t i = 0;
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "_pre_ad_mod_group_mods_cb -- check modify type %s\n", mod->mod_type);
+        while (attr_map[i].windows_attribute_name != NULL) {
+            if (0 == slapi_attr_type_cmp(mod->mod_type, attr_map[i].ldap_attribute_name,
+                                         SLAPI_TYPE_CMP_SUBTYPE)) {
+                Slapi_Mod *mysmod = slapi_mod_new();
+                if (mod->mod_op & LDAP_MOD_DELETE) {
+                    slapi_mod_init(mysmod, 0);
+                    slapi_mod_set_operation(mysmod, LDAP_MOD_DELETE | LDAP_MOD_BVALUES);
+                    slapi_mod_set_type(mysmod, attr_map[i].windows_attribute_name);
+                } else {
+                    slapi_mod_init_byval(mysmod, mod);
+                    slapi_mod_set_type(mysmod, attr_map[i].windows_attribute_name);
+                    if (0
+                        == slapi_attr_type_cmp(mod->mod_type, "gidNumber", SLAPI_TYPE_CMP_SUBTYPE)) {
+                        Slapi_Mod *ocsmod = slapi_mod_new();
+                        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                        "_pre_ad_mod_group_mods_cb -- add NisDomain\n");
+                        addNisDomainName(ocsmod, ds_entry);
+                        slapi_mods_add_ldapmod(new_smods, slapi_mod_get_ldapmod_passout(ocsmod));
+                        slapi_mod_free(&ocsmod);
+                    }
+                }
+                slapi_mods_add_ldapmod(new_smods, slapi_mod_get_ldapmod_passout(mysmod));
+                slapi_mod_free(&mysmod);
+                slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                                "_pre_ad_mod_group_mods_cb -- add modify %s DS account [%s]\n",
+                                attr_map[i].windows_attribute_name,
+                                slapi_entry_get_dn_const(ds_entry));
+            }
+            i++;
+        }
+    }
+    *modstosend = slapi_mods_get_ldapmods_passout(new_smods);
+    if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) {
+        for (mod = slapi_mods_get_first_mod(new_smods); mod;
+             mod = slapi_mods_get_next_mod(new_smods)) {
+            slapi_mod_dump(mod, 0);
+        }
+    }
+    slapi_mods_free(&smods);
+    slapi_mods_free(&new_smods);
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- _pre_ad_mod_group_mods_cb -- end\n");
+
+    return;
+}
+
+static int
+posix_winsync_can_add_entry_to_ad_cb(void *cbdata, const Slapi_Entry *local_entry,
+    const Slapi_DN *remote_dn)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_can_add_entry_to_ad_cb -- begin\n");
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_can_add_entry_to_ad_cb -- end\n");
+
+    return 1; /* false - do not allow entries to be added to ad */
+}
+
+static void
+posix_winsync_begin_update_cb(void *cbdata, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree,
+    int is_total)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_begin_update_cb -- begin\n");
+
+    posix_winsync_config_reset_MOFTaskCreated();
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_begin_update_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_end_update_cb(void *cbdata, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree,
+    int is_total)
+{
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_end_update_cb -- begin %d %d\n",
+                    posix_winsync_config_get_MOFTaskCreated(),
+                    posix_winsync_config_get_createMOFTask());
+    if (posix_winsync_config_get_MOFTaskCreated() && posix_winsync_config_get_createMOFTask()) {
+        /* add a task to schedule memberof Plugin for fix memebrof attributs */
+        Slapi_PBlock *pb = slapi_pblock_new();
+        Slapi_Entry *e_task = slapi_entry_alloc();
+        int rc = 0;
+        char *dn = slapi_create_dn_string("cn=%s,cn=%s,cn=tasks,cn=config",
+                                          posix_winsync_plugin_name, MEMBEROFTASK);
+        slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                        "--> posix_winsync_end_update_cb, create task %s\n", dn);
+        if (NULL == dn) {
+            slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name,
+                            "posix_winsync_end_update_cb: "
+                                "failed to create task dn: cn=%s,%s,cn=tasks,cn=config\n",
+                            posix_winsync_plugin_name, MEMBEROFTASK);
+            return;
+        }
+        slapi_entry_init(e_task, slapi_ch_strdup(dn), NULL);
+        slapi_entry_add_string(e_task, "cn", slapi_ch_strdup(posix_winsync_plugin_name));
+        slapi_entry_add_string(e_task, "objectClass", "extensibleObject");
+        slapi_entry_add_string(e_task, "basedn", slapi_sdn_get_dn(ds_subtree));
+
+        slapi_add_entry_internal_set_pb(pb, e_task, NULL, posix_winsync_get_plugin_identity(), 0);
+        slapi_add_internal_pb(pb);
+        slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+        if (rc != 0) {
+            slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name,
+                            "posix_winsync_end_update_cb: "
+                                "failed to add task entry\n");
+        } else {
+
+            slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                            "posix_winsync_end_update_cb: "
+                                "add task entry\n");
+        }
+        /* slapi_entry_free(e_task); */
+        slapi_pblock_destroy(pb);
+        pb = NULL;
+        posix_winsync_config_reset_MOFTaskCreated();
+    }
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_end_update_cb -- end\n");
+
+    return;
+}
+
+static void
+posix_winsync_destroy_agmt_cb(void *cbdata, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_destroy_agmt_cb -- begin\n");
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_destroy_agmt_cb -- end\n");
+
+    return;
+}
+
+static void *posix_winsync_api[] = { NULL, /* reserved for api broker use, must be zero */
+                                     posix_winsync_agmt_init,
+                                     posix_winsync_dirsync_search_params_cb,
+                                     posix_winsync_pre_ad_search_cb,
+                                     posix_winsync_pre_ds_search_entry_cb,
+                                     posix_winsync_pre_ds_search_all_cb,
+                                     posix_winsync_pre_ad_mod_user_cb,
+                                     posix_winsync_pre_ad_mod_group_cb,
+                                     posix_winsync_pre_ds_mod_user_cb,
+                                     posix_winsync_pre_ds_mod_group_cb,
+                                     posix_winsync_pre_ds_add_user_cb,
+                                     posix_winsync_pre_ds_add_group_cb,
+                                     posix_winsync_get_new_ds_user_dn_cb,
+                                     posix_winsync_get_new_ds_group_dn_cb,
+                                     posix_winsync_pre_ad_mod_user_mods_cb,
+                                     posix_winsync_pre_ad_mod_group_mods_cb,
+                                     posix_winsync_can_add_entry_to_ad_cb,
+                                     posix_winsync_begin_update_cb,
+                                     posix_winsync_end_update_cb,
+                                     posix_winsync_destroy_agmt_cb };
+
+static Slapi_ComponentId *posix_winsync_plugin_id = NULL;
+
+/*
+ ** Plugin identity mgmt
+ */
+
+void
+posix_winsync_set_plugin_identity(void * identity)
+{
+    posix_winsync_plugin_id = identity;
+}
+
+void *
+posix_winsync_get_plugin_identity()
+{
+    return posix_winsync_plugin_id;
+}
+
+static int
+posix_winsync_plugin_start(Slapi_PBlock *pb)
+{
+    int rc;
+    Slapi_Entry *config_e = NULL; /* entry containing plugin config */
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_plugin_start -- begin\n");
+
+    if (slapi_apib_register(WINSYNC_v1_0_GUID, posix_winsync_api)) {
+        slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name,
+                        "<-- posix_winsync_plugin_start -- failed to register winsync api -- end\n");
+        return -1;
+    }
+
+    if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &config_e) != 0) {
+        slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name, "missing config entry\n");
+        return (-1);
+    }
+    if ((rc = posix_winsync_config(config_e)) != LDAP_SUCCESS) {
+        slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name, "configuration failed (%s)\n",
+                        ldap_err2string(rc));
+        return (-1);
+    }
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_plugin_start -- registered; end\n");
+    return 0;
+}
+
+static int
+posix_winsync_plugin_close(Slapi_PBlock *pb)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_plugin_close -- begin\n");
+
+    slapi_apib_unregister(WINSYNC_v1_0_GUID);
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_plugin_close -- end\n");
+    return 0;
+}
+
+/* this is the slapi plugin init function,
+ not the one used by the winsync api
+ */
+int
+posix_winsync_plugin_init(Slapi_PBlock *pb)
+{
+    void *plugin_id = NULL;
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "--> posix_winsync_plugin_init -- begin\n");
+
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01) != 0
+        || slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *) posix_winsync_plugin_start) != 0
+        || slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *) posix_winsync_plugin_close) != 0
+        || slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *) &posix_winsync_pdesc) != 0) {
+        slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name,
+                        "<-- posix_winsync_plugin_init -- failed to register plugin -- end\n");
+        return -1;
+    }
+
+    /* Retrieve and save the plugin identity to later pass to
+     internal operations */
+    if (slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_id) != 0) {
+        slapi_log_error(SLAPI_LOG_FATAL, posix_winsync_plugin_name,
+                        "<-- posix_winsync_plugin_init -- failed to retrieve plugin identity -- end\n");
+        return -1;
+    }
+
+    posix_winsync_set_plugin_identity(plugin_id);
+
+    slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name,
+                    "<-- posix_winsync_plugin_init -- end\n");
+    return 0;
+}
+

ldap/servers/plugins/posix-winsync/posix-wsp-ident.h

@@ -0,0 +1,51 @@
+/**
+	$Id: posix-wsp-ident.h 39 2011-06-10 08:22:11Z grzemba $
+**/
+
+#ifndef POSIX_WINSYNC_H
+#define POSIX_WINSYNC_H
+
+
+#define POSIX_WINSYNC_PLUGIN_NAME "posix-winsync"
+
+#define PLUGIN_MAGIC_VENDOR_STR "contac Datentechnik GmbH"
+#define PRODUCTTEXT "1.1"
+#define null NULL
+#define true -1
+#define false 0
+#define POSIX_WINSYNC_MSSFU_SCHEMA "posixWinsyncMsSFUSchema"
+#define POSIX_WINSYNC_MAP_MEMBERUID "posixWinsyncMapMemberUID"
+#define POSIX_WINSYNC_CREATE_MEMBEROFTASK "posixWinsyncCreateMemberOfTask"
+#define POSIX_WINSYNC_LOWER_CASE "posixWinsyncLowerCaseUID"
+
+
+void * posix_winsync_get_plugin_identity();
+
+typedef struct posix_winsync_config_struct {
+    Slapi_Mutex *lock; /* for config access */
+    Slapi_Entry *config_e; /* configuration entry */
+    PRBool mssfuSchema; /* use W2k3 Schema msSFU30 */
+    PRBool mapMemberUID; /* map uniqueMember to memberUid  */
+    PRBool lowercase; /* store the uid in group memberuid in lower case */
+    PRBool createMemberOfTask; /* should memberOf Plugin Task run after AD sync */
+    PRBool MOFTaskCreated;
+    Slapi_DN *rep_suffix; /* namingContext in DS of the replicated suffix */  
+} POSIX_WinSync_Config;
+
+int posix_winsync_config(Slapi_Entry *config_e);
+POSIX_WinSync_Config *posix_winsync_get_config();
+PRBool posix_winsync_config_get_mapMemberUid();
+PRBool posix_winsync_config_get_msSFUSchema();
+PRBool posix_winsync_config_get_lowercase();
+PRBool posix_winsync_config_get_createMOFTask();
+Slapi_DN *posix_winsync_config_get_suffix();
+void posix_winsync_config_reset_MOFTaskCreated();
+void posix_winsync_config_set_MOFTaskCreated();
+PRBool posix_winsync_config_get_MOFTaskCreated();
+
+int posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
+    Slapi_Entry *eAfter, int *returncode, char *returntext,
+    void *arg);
+
+
+#endif