Ticket 47667 - Allow nsDS5ReplicaBindDN to be a group DN

Bug Description:  The request is not to define a specific bind DN for a replica
			but to be able to specify a group and let all members
			be treated as replicaBindDN

Fix Description:   The fix adds a new attribute to the ndsdReplica object:
			nsDS5ReplicaBindDNGroup: <dn>
		   When this attr is set at startup or when the replica object is modified
			the group is expanded and its members and all mambers of its
			subgroups are added to a hash of replcabinddns. this is in
			parallel to the normal hash od replicabind dn specified using
			the existing attr nsDS5ReplicaBindDN.
		   Since groups can change, the list of bingdns based on groups has to be
			rebuilt when the spcified groups change. This check and the
			rebuilding of the group has a performance cost and will be done only
			in a specified interval, the interval can be configured by
			nsDS5ReplicaBindDNGroupCheckInterval.
			This attr takes the following values:
			-1 no dymanic check at runtime, admin must take care that groups are stable
				or restart to get changes accounted for
			0 everytime a binddn is verified the groupdns are rebuilt
			n only if n seconds have passed since last rebuild it is done again

https://fedorahosted.org/389/ticket/47667

Reviewed by: ?

ldap/servers/plugins/replication/repl5.h

@@ -155,6 +155,8 @@ extern const char *type_nsds5ReplicaHost;
 extern const char *type_nsds5ReplicaPort;
 extern const char *type_nsds5TransportInfo;
 extern const char *type_nsds5ReplicaBindDN;
+extern const char *type_nsds5ReplicaBindDNGroup;
+extern const char *type_nsds5ReplicaBindDNGroupCheckInterval;
 extern const char *type_nsds5ReplicaCredentials;
 extern const char *type_nsds5ReplicaBindMethod;
 extern const char *type_nsds5ReplicaRoot;
@@ -193,6 +195,8 @@ extern const char *attr_replicaId;
 extern const char *attr_replicaRoot;
 extern const char *attr_replicaType;
 extern const char *attr_replicaBindDn;
+extern const char *attr_replicaBindDnGroup;
+extern const char *attr_replicaBindDnGroupCheckInterval;
 extern const char *attr_state;
 extern const char *attr_flags;
 extern const char *attr_replicaName;
@@ -553,8 +557,9 @@ PRBool replica_is_legacy_consumer (const Replica *r);
 void replica_set_legacy_consumer (Replica *r, PRBool legacy);
 char *replica_get_legacy_purl (const Replica *r);
 void replica_set_legacy_purl (Replica *r, const char *purl);
-PRBool replica_is_updatedn (const Replica *r, const Slapi_DN *sdn);
+PRBool replica_is_updatedn (Replica *r, const Slapi_DN *sdn);
 void replica_set_updatedn (Replica *r, const Slapi_ValueSet *vs, int mod_op);
+void replica_set_groupdn (Replica *r, const Slapi_ValueSet *vs, int mod_op);
 char *replica_get_generation (const Replica *r);
 /* currently supported flags */
 #define REPLICA_LOG_CHANGES 0x1 /* enable change logging */
@@ -605,6 +610,7 @@ void replica_update_state (time_t when, void *arg);
 void replica_reset_csn_pl(Replica *r);
 PRUint64 replica_get_protocol_timeout(Replica *r);
 void replica_set_protocol_timeout(Replica *r, PRUint64 timeout);
+void replica_set_groupdn_checkinterval(Replica *r, int timeout);
 PRUint64 replica_get_backoff_min(Replica *r);
 PRUint64 replica_get_backoff_max(Replica *r);
 void replica_set_backoff_min(Replica *r, PRUint64 min);
@@ -702,10 +708,14 @@ void repl_set_repl_plugin_path(const char *path);
 typedef void *ReplicaUpdateDNList;
 typedef int (*FNEnumDN)(Slapi_DN *dn, void *arg);
 ReplicaUpdateDNList replica_updatedn_list_new(const Slapi_Entry *entry);
+Slapi_ValueSet *replica_updatedn_group_new(const Slapi_Entry *entry);
+ReplicaUpdateDNList replica_groupdn_list_new(const Slapi_ValueSet *vs);
 void replica_updatedn_list_free(ReplicaUpdateDNList list);
 void replica_updatedn_list_replace(ReplicaUpdateDNList list, const Slapi_ValueSet *vs);
+void replica_updatedn_list_group_replace(ReplicaUpdateDNList list, const Slapi_ValueSet *vs);
 void replica_updatedn_list_delete(ReplicaUpdateDNList list, const Slapi_ValueSet *vs);
 void replica_updatedn_list_add(ReplicaUpdateDNList list, const Slapi_ValueSet *vs);
+void replica_updatedn_list_add_ext(ReplicaUpdateDNList list, const Slapi_ValueSet *vs, int group_update);
 PRBool replica_updatedn_list_ismember(ReplicaUpdateDNList list, const Slapi_DN *dn);
 char *replica_updatedn_list_to_string(ReplicaUpdateDNList list, const char *delimiter);
 void replica_updatedn_list_enumerate(ReplicaUpdateDNList list, FNEnumDN fn, void *arg);

ldap/servers/plugins/replication/repl5_replica.c

@@ -59,11 +59,16 @@
  * A replica is a locally-held copy of a portion of the DIT.
  */
 struct replica {
-	Slapi_DN *repl_root;			/* top of the replicated area			*/
-	char *repl_name;                /* unique replica name                  */
+	Slapi_DN *repl_root;		/* top of the replicated are */
+	char *repl_name;                /* unique replica name */
 	PRBool new_name;                /* new name was generated - need to be saved */
 	ReplicaUpdateDNList updatedn_list;	/* list of dns with which a supplier should bind
-										   to update this replica				*/
+						   to update this replica				*/
+	Slapi_ValueSet			*updatedn_groups; /* set of groups whose memebers are
+							    * allowed to update replica */
+	ReplicaUpdateDNList groupdn_list;      /* exploded listof dns from update group */
+	PRUint32			updatedn_group_last_check;
+	int				updatedn_group_check_interval;
 	ReplicaType	 repl_type;			/* is this replica read-only ?			*/
 	PRBool  legacy_consumer;        /* if true, this replica is supplied by 4.0 consumer */
 	char*   legacy_purl;            /* partial url of the legacy supplier   */
@@ -341,33 +346,42 @@ replica_destroy(void **arg)
 	 */
 
 	if (r->repl_eqcxt_rs)
-    {
+	{
 		repl_name = slapi_eq_get_arg (r->repl_eqcxt_rs);
 		slapi_ch_free (&repl_name);
 		slapi_eq_cancel(r->repl_eqcxt_rs);
 		r->repl_eqcxt_rs = NULL;
-    }
+	}
 
 	if (r->repl_eqcxt_tr)
-    {
+	{
 		repl_name = slapi_eq_get_arg (r->repl_eqcxt_tr);
 		slapi_ch_free (&repl_name);
 		slapi_eq_cancel(r->repl_eqcxt_tr);
 		r->repl_eqcxt_tr = NULL;
-    }
+	}
 
 	if (r->repl_root)
-    {
+	{
 		slapi_sdn_free(&r->repl_root);
-    }
+	}
 
 	slapi_ch_free_string(&r->locking_purl);
 
 	if (r->updatedn_list)
-    {
+	{
 		replica_updatedn_list_free(r->updatedn_list);
 		r->updatedn_list = NULL;
-    }
+	}
+
+	if (r->groupdn_list)
+	{
+		replica_updatedn_list_free(r->groupdn_list);
+		r->groupdn_list = NULL;
+	}
+	if (r->updatedn_groups) {
+		slapi_valueset_free(r->updatedn_groups);
+	}
 
 	/* slapi_ch_free accepts NULL pointer */
 	slapi_ch_free ((void**)&r->repl_name);
@@ -823,6 +837,13 @@ replica_set_protocol_timeout(Replica *r, PRUint64 timeout)
 		slapi_counter_set_value(r->protocol_timeout, timeout);
 	}
 }
+void
+replica_set_groupdn_checkinterval(Replica *r, int interval)
+{
+	if(r){
+		r->updatedn_group_check_interval = interval ;
+	}
+}
 
 /* 
  * Sets the replica type.
@@ -932,7 +953,7 @@ replica_set_legacy_purl (Replica *r, const char *purl)
  * Returns true if sdn is the same as updatedn and false otherwise 
  */
 PRBool 
-replica_is_updatedn (const Replica *r, const Slapi_DN *sdn)
+replica_is_updatedn (Replica *r, const Slapi_DN *sdn)
 {
 	PRBool result;
 
@@ -940,24 +961,35 @@ replica_is_updatedn (const Replica *r, const Slapi_DN *sdn)
 
 	PR_Lock(r->repl_lock);
 
-    if (sdn == NULL)
-    {
-        result = (r->updatedn_list == NULL);    
-    }
-    else if (r->updatedn_list == NULL)
-    {
-        result = PR_FALSE;
-    }
-    else
-    {
-		result = replica_updatedn_list_ismember(r->updatedn_list, sdn);
-    }
+        if ((r->updatedn_list == NULL) &&
+	    (r->groupdn_list == NULL)) {
+    		if (sdn == NULL) {
+			result = PR_TRUE;
+		} else {
+			result = PR_FALSE;
+		}
+	} else {
+		result = PR_FALSE;
+    		if (r->updatedn_list ) {
+			result = replica_updatedn_list_ismember(r->updatedn_list, sdn);
+    		}
+		if ((result == PR_FALSE) && r->groupdn_list ) {
+			/* check and rebuild groupdns */
+			if (r->updatedn_group_check_interval > -1) {
+				time_t now = time(NULL); 
+				if (now - r->updatedn_group_last_check > r->updatedn_group_check_interval) {
+					replica_updatedn_list_replace( r->groupdn_list, r->updatedn_groups);
+					r->updatedn_group_last_check = now;
+				}
+			}
+			result = replica_updatedn_list_ismember(r->groupdn_list, sdn);
+		}
+	}
 
 	PR_Unlock(r->repl_lock);
 
 	return result;
 }
-
 /* 
  * Sets updatedn list for this replica 
  */
@@ -982,6 +1014,45 @@ replica_set_updatedn (Replica *r, const Slapi_ValueSet *vs, int mod_op)
 	PR_Unlock(r->repl_lock);
 }
 
+/* 
+ * Sets updatedn list for this replica 
+ */
+void 
+replica_set_groupdn (Replica *r, const Slapi_ValueSet *vs, int mod_op)
+{
+	PR_ASSERT (r);
+
+	PR_Lock(r->repl_lock);
+
+	if (!r->groupdn_list)
+		r->groupdn_list = replica_updatedn_list_new(NULL);
+	if (!r->updatedn_groups)
+		r->updatedn_groups = slapi_valueset_new();
+
+	if (SLAPI_IS_MOD_DELETE(mod_op) || vs == NULL ||
+		(0 == slapi_valueset_count(vs))) {
+		/* null value also causes list deletion */
+		slapi_valueset_free (r->updatedn_groups);
+		r->updatedn_groups = NULL;
+		replica_updatedn_list_delete(r->groupdn_list, vs);
+	} else if (SLAPI_IS_MOD_REPLACE(mod_op)) {
+		if (r->updatedn_groups) {
+			slapi_valueset_done(r->updatedn_groups);
+		} else {
+			r->updatedn_groups = slapi_valueset_new();
+		}
+		slapi_valueset_set_valueset(r->updatedn_groups, vs);
+		replica_updatedn_list_group_replace(r->groupdn_list, vs);
+	} else if (SLAPI_IS_MOD_ADD(mod_op)) {
+		if (!r->updatedn_groups) {
+			r->updatedn_groups = slapi_valueset_new();
+		}
+		slapi_valueset_join_attr_valueset(NULL, r->updatedn_groups, vs);
+		replica_updatedn_list_add_ext(r->groupdn_list, vs, 1);
+	}
+	PR_Unlock(r->repl_lock);
+}
+
 void
 replica_reset_csn_pl(Replica *r)
 {
@@ -1693,6 +1764,8 @@ _replica_check_validity (const Replica *r)
 	nsds5ReplicaType:	<type of the replica: primary, read-write or read-only>
 	nsState:		<state of the csn generator> missing the first time replica is started
 	nsds5ReplicaBindDN:		<supplier update dn> consumers only
+	nsds5ReplicaBindDNGroup: group, containing replicaBindDNs
+	nsds5ReplicaBindDNGroupCheckInterval: defines how frequently to check for update of bindGroup
 	nsds5ReplicaReferral: <referral URL to updatable replica> consumers only
 	nsds5ReplicaPurgeDelay: <time, in seconds, to keep purgeable CSNs, 0 == keep forever>
 	nsds5ReplicaTombstonePurgeInterval: <time, in seconds, between tombstone purge runs, 0 == don't reap>
@@ -1852,6 +1925,19 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext)
     /* get replication bind dn */
     r->updatedn_list = replica_updatedn_list_new(e);
 
+    /* get replication bind dn groups */
+    r->updatedn_groups = replica_updatedn_group_new(e);
+    r->groupdn_list = replica_groupdn_list_new(r->updatedn_groups);
+    r->updatedn_group_last_check = time(NULL);
+    /* get groupdn check interval */
+    val = slapi_entry_attr_get_charptr (e, attr_replicaBindDnGroupCheckInterval);
+    if (val) {
+	r->updatedn_group_check_interval = atoi(val);
+        slapi_ch_free ((void**)&val);
+    } else {
+	r->updatedn_group_check_interval = -1;
+    }
+
     /* get replica name */
     val = slapi_entry_attr_get_charptr (e, attr_replicaName);
     if (val) {

ldap/servers/plugins/replication/repl5_replica_config.c

@@ -81,6 +81,7 @@ static int replica_config_search (Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry*
 static int replica_cleanall_ruv_task(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,  int *returncode, char *returntext, void *arg);
 static int replica_config_change_type_and_id (Replica *r, const char *new_type, const char *new_id, char *returntext, int apply_mods);
 static int replica_config_change_updatedn (Replica *r, const LDAPMod *mod, char *returntext, int apply_mods);
+static int replica_config_change_updatedngroup (Replica *r, const LDAPMod *mod, char *returntext, int apply_mods);
 static int replica_config_change_flags (Replica *r, const char *new_flags,  char *returntext, int apply_mods);
 static int replica_execute_task (Object *r, const char *task_name, char *returntext, int apply_mods);
 static int replica_execute_cl2ldif_task (Object *r, char *returntext);
@@ -380,8 +381,16 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
                  */
                 if (strcasecmp (config_attr, attr_replicaBindDn) == 0)
                 {
-				    *returncode = replica_config_change_updatedn (r, mods[i], errortext, apply_mods);
+			*returncode = replica_config_change_updatedn (r, mods[i], errortext, apply_mods);
                 }
+                else if (strcasecmp (config_attr, attr_replicaBindDnGroup) == 0)
+                {
+			*returncode = replica_config_change_updatedngroup (r, mods[i], errortext, apply_mods);
+                }
+                else if (strcasecmp (config_attr, attr_replicaBindDnGroupCheckInterval) == 0)
+                {
+			replica_set_groupdn_checkinterval (r, -1);
+		}
                 else if (strcasecmp (config_attr, attr_replicaReferral) == 0)
                 {
                     if (apply_mods) {
@@ -438,9 +447,17 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
                     break;
                 }
 
-                if (strcasecmp (config_attr, attr_replicaBindDn) == 0)
-			    {
-				    *returncode = replica_config_change_updatedn (r, mods[i], errortext, apply_mods);
+                if (strcasecmp (config_attr, attr_replicaBindDn) == 0) {
+			*returncode = replica_config_change_updatedn (r, mods[i], errortext, apply_mods);
+                }
+                else if (strcasecmp (config_attr, attr_replicaBindDnGroup) == 0)
+                {
+			*returncode = replica_config_change_updatedngroup (r, mods[i], errortext, apply_mods);
+                }
+                else if (strcasecmp (config_attr, attr_replicaBindDnGroupCheckInterval) == 0)
+                {
+			int interval = atoi(config_attr_value);
+			replica_set_groupdn_checkinterval (r, interval);
                 }
                 else if (strcasecmp (config_attr, attr_replicaType) == 0)
 			    {
@@ -1021,6 +1038,26 @@ replica_config_change_updatedn (Replica *r, const LDAPMod *mod, char *returntext
     return LDAP_SUCCESS;
 }
 
+static int
+replica_config_change_updatedngroup (Replica *r, const LDAPMod *mod, char *returntext,
+                                int apply_mods)
+{
+    PR_ASSERT (r);
+
+    if (apply_mods)
+    {
+		Slapi_Mod smod;
+		Slapi_ValueSet *vs= slapi_valueset_new();
+		slapi_mod_init_byref(&smod, (LDAPMod *)mod); /* cast away const */
+		slapi_valueset_set_from_smod(vs, &smod);
+		replica_set_groupdn(r, vs, mod->mod_op);
+		slapi_mod_done(&smod);
+		slapi_valueset_free(vs);
+	}
+
+    return LDAP_SUCCESS;
+}
+
 static int replica_config_change_flags (Replica *r, const char *new_flags,
                                         char *returntext, int apply_mods)
 {

ldap/servers/plugins/replication/repl5_updatedn_list.c

@@ -100,6 +100,37 @@ replica_updatedn_list_new(const Slapi_Entry *entry)
     return (ReplicaUpdateDNList)hash;
 }
 
+Slapi_ValueSet *
+replica_updatedn_group_new(const Slapi_Entry *entry)
+{
+	Slapi_ValueSet *vs = NULL;
+	if (entry) {
+		Slapi_Attr *attr = NULL;
+		if (!slapi_entry_attr_find(entry, attr_replicaBindDnGroup, &attr)) {
+			slapi_attr_get_valueset(attr, &vs);
+		}
+	}	
+	return (vs);
+}
+
+ReplicaUpdateDNList
+replica_groupdn_list_new(const Slapi_ValueSet *vs)
+{
+    /* allocate table */
+    PLHashTable *hash = PL_NewHashTable(4, PL_HashString, PL_CompareStrings,
+						updatedn_compare_dns, NULL, NULL);
+    if (hash == NULL) {
+        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_new_updatedn_list: "
+                        "failed to allocate hash table; NSPR error - %d\n",
+                        PR_GetError ());	
+        return NULL;
+    }
+
+    replica_updatedn_list_delete(hash, NULL); /* delete all values */
+    replica_updatedn_list_add_ext(hash, vs, 1);
+
+    return (ReplicaUpdateDNList)hash;
+}
 void
 replica_updatedn_list_free(ReplicaUpdateDNList list)
 {
@@ -115,7 +146,14 @@ void
 replica_updatedn_list_replace(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
 {
 	replica_updatedn_list_delete(list, NULL); /* delete all values */
-	replica_updatedn_list_add(list, vs);
+	replica_updatedn_list_add_ext(list, vs, 0);
+}
+
+void
+replica_updatedn_list_group_replace(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
+{
+	replica_updatedn_list_delete(list, NULL); /* delete all values */
+	replica_updatedn_list_add_ext(list, vs, 1);
 }
 
 /* if vs is given, delete only those values - otherwise, delete all values */
@@ -153,8 +191,68 @@ replica_updatedn_list_delete(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
 	return;
 }
 
+Slapi_ValueSet *
+replica_updatedn_list_get_members(Slapi_DN *dn)
+{
+	static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))";
+	static char* const	type_member = "member";
+	static char* const	type_uniquemember = "uniquemember";
+	static char* const	type_memberURL = "memberURL";
+
+	int rval;
+	char *attrs[4]; 
+	Slapi_PBlock *mpb = slapi_pblock_new ();
+	Slapi_ValueSet *members = slapi_valueset_new();
+		
+	attrs[0] = type_member;
+	attrs[1] = type_uniquemember;
+	attrs[2] = type_memberURL;
+	attrs[3] = NULL;
+	slapi_search_internal_set_pb (  mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups,
+					&attrs[0], 0, NULL /* controls */, NULL /* uniqueid */,
+					repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
+	slapi_search_internal_pb(mpb);
+	slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
+	if (rval == LDAP_SUCCESS) {
+		Slapi_Entry	**ep;
+		slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep);
+		if ((ep != NULL) && (ep[0] != NULL)) {
+			Slapi_Attr *attr = NULL;
+			Slapi_Attr *nextAttr = NULL;
+			Slapi_ValueSet *vs = NULL;
+			char *attrType;
+			slapi_entry_first_attr ( ep[0],  &attr);
+			while (attr) {
+				slapi_attr_get_type ( attr, &attrType );
+
+				if ((strcasecmp (attrType, type_member) == 0) ||
+				    (strcasecmp (attrType, type_uniquemember) == 0 ))  {
+					slapi_attr_get_valueset(attr, &vs);
+					slapi_valueset_join_attr_valueset(attr, members, vs);
+					slapi_valueset_free(vs);
+				} else if (strcasecmp (attrType, type_memberURL) == 0) {
+					/* not yet supported */
+				}
+				slapi_entry_next_attr ( ep[0], attr, &nextAttr );
+				attr = nextAttr;
+			}
+		}
+	}
+	slapi_free_search_results_internal(mpb);
+	slapi_pblock_destroy (mpb);
+	return(members);
+}
+/* 
+ * add  a list of dns to the ReplicaUpdateDNList.
+ * The dn could be the dn of a group, so get the entry 
+ * and check the objectclass. If it is a static or dynamic group
+ * generate the list of member dns and recursively call 
+ * replica_updatedn_list_add().
+ * The dn of the group is added to the list, so it will detect 
+ * potential circular group definitions
+ */
 void
-replica_updatedn_list_add(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
+replica_updatedn_list_add_ext(ReplicaUpdateDNList list, const Slapi_ValueSet *vs, int group_update)
 {
 	PLHashTable *hash = list;
 	Slapi_ValueSet *vs_nc = (Slapi_ValueSet *)vs; /* cast away const */
@@ -176,12 +274,29 @@ replica_updatedn_list_add(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
 							ndn);
 			slapi_sdn_free(&dn);
 		} else {
+			Slapi_ValueSet *members = NULL;
 			PL_HashTableAdd(hash, ndn, dn);
+			/* add it, even if it is a group dn, this will 
+			 * prevent problems with circular group definitions
+			 * then check if it has mor members to add */
+			if (group_update) {
+				members = replica_updatedn_list_get_members(dn);
+				if (members) {
+					replica_updatedn_list_add_ext(list, members, 1);
+					/* free members */
+					slapi_valueset_free(members);
+				}
+			}
 		}
 	}
 
 	return;
 }
+void
+replica_updatedn_list_add(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
+{
+	replica_updatedn_list_add_ext(list, vs, 0);
+}
 
 PRBool
 replica_updatedn_list_ismember(ReplicaUpdateDNList list, const Slapi_DN *dn)

ldap/servers/plugins/replication/repl_globals.c

@@ -100,6 +100,8 @@ const char *attr_replicaId = "nsDS5ReplicaId";
 const char *attr_replicaRoot = "nsDS5ReplicaRoot";
 const char *attr_replicaType = "nsDS5ReplicaType";
 const char *attr_replicaBindDn = "nsDS5ReplicaBindDn";
+const char *attr_replicaBindDnGroup = "nsDS5ReplicaBindDnGroup";
+const char *attr_replicaBindDnGroupCheckInterval = "nsDS5ReplicaBindDnGroupCheckInterval";
 const char *attr_state = "nsState";
 const char *attr_flags = "nsds5Flags";
 const char *attr_replicaName = "nsds5ReplicaName";
@@ -122,6 +124,8 @@ const char *type_nsds5ReplicaHost = "nsds5ReplicaHost";
 const char *type_nsds5ReplicaPort = "nsds5ReplicaPort";
 const char *type_nsds5TransportInfo = "nsds5ReplicaTransportInfo";
 const char *type_nsds5ReplicaBindDN = "nsds5ReplicaBindDN";
+const char *type_nsds5ReplicaBindDNGroup = "nsds5ReplicaBindDNGroup";
+const char *type_nsds5ReplicaBindDNGroupCheckInterval = "nsds5ReplicaBindDNGroupCheckInterval";
 const char *type_nsds5ReplicaCredentials = "nsds5ReplicaCredentials";
 const char *type_nsds5ReplicaBindMethod = "nsds5ReplicaBindMethod";
 const char *type_nsds5ReplicaRoot = "nsds5ReplicaRoot";