Freigeben über


4.1.10.5.6 FilterAttribute

 procedure FilterAttribute(
   o: DSName,
   attribute: ATTRTYP,
   s: AttributeStamp,
   pUtd: ADDRESS OF UPTODATE_VECTOR_V1_EXT,
   partialAttrs: set of ATTRTYP,
   partialAttrsEx: set of ATTRTYP,
   dirSyncFlags: ULONG): boolean

Informative summary of behavior: The FilterAttribute procedure determines whether an update (attribute or link value) that is in scope should be filtered out of the set of changes to send in the replication cycle. The rules are as follows:

  • If the client's up-to-date vector pUtd asserts that the client has already applied the update with stamps, the update is filtered out, provided that attribute is not in the partialAttrsEx set. The elements of partialAttrsEx are not subject to filtering by the up-to-date vector.

  • If partialAttrs is not null (indicating the client has a partial replica) and attribute is not in partialAttrs + partialAttrsEx, then the update is filtered out.

  • If partialAttrs is not null, attribute is member, o is of class group, and o is not a universal group, then the update is filtered out.

  • If attribute is the naming attribute (that is, cn for objects of class container, as shown below) for the object class of o, the update is filtered out.

  • If LDAP_DIRSYNC_OBJECT_SECURITY is in dirSyncFlags, and the client does not have access rights to read the object, all the updates are filtered out except updates to the isDeleted and isRecycled attributes.

     filtered: boolean
     cursor: UPTODATE_CURSOR_V2
      
     filtered := false
      
     if pUtd ≠ null and partialAttrsEx ≠ null
           and not attribute in partialAttrsEx then
       /* Filter updates with stamps that the client's up-to-date vector
        * asserts the client has already applied to its NC replica.
        */
       cursor := select one c from pUtd^.rgCursors where c.uuidDsa =
           s.uuidOriginating
       if cursor ≠ null and cursor.usnHighPropUpdate >= s.usnOriginating 
           then
         filtered := true
       endif
     endif
      
     if not filtered and partialAttrs ≠ null then
       /* Filter updates to attributes that are not in the client's
        * partial replica.
        */
       if not attribute in partialAttrs + partialAttrsEx then
         filtered := true
       endif 
     endif
      
     if not filtered and partialAttrs ≠ null and attribute = member then
       /* Filter updates to the member attribute from the client's
        * partial replica if the group is not a universal group.
        */
       if group in o!objectClass and
           not GROUP_TYPE_UNIVERSAL_GROUP in o!groupType then
         filtered := true
       endif 
     endif
      
     if not filtered then
       /* Filter updates to the naming attribute of o. */
       if attribute = o!rdnType then
         filtered := true
       endif
     endif
      
     if not filtered then
       /* Filter non replicated attributes of o. */
       if AttrIsNonReplicated(attribute) then
         filtered := true
       endif
     endif
      
     if not filtered then
       /* If LDAP_DIRSYNC_OBJECT_SECURITY in dirSyncFlags, and the client does
          not have access rights to read the object, all the updates are filtered
          out except updates to isDeleted and isRecycled attributes. */
      
       if LDAP_DIRSYNC_OBJECT_SECURITY in dirSyncFlags and
          (AccessCheckObject(o, RIGHT_DS_LIST_OBJECT) = false or
           AccessCheckObject(o.parent, RIGHT_DS_LIST_CONTENTS) = false) and
          attribute ≠ isDeleted and
          attribute ≠ isRecycled then
         filtered := true
       endif
     endif 
     return filtered