1 /* common.c - common routines for the ldap client tools */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2003 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Kurt D. Zeilenga.
7 * Portions Copyright 2003 IBM Corporation.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This file was initially created by Hallvard B. Furuseth based (in
20 * part) upon argument parsing code for individual tools located in
21 * this directory. Additional contributors include:
22 * Kurt D. Zeilenga (additional common argument and control support)
29 #include <ac/stdlib.h>
30 #include <ac/signal.h>
31 #include <ac/string.h>
32 #include <ac/unistd.h>
37 #include "lutil_ldap.h"
38 #include "ldap_defaults.h"
51 char *ldaphost = NULL;
53 #ifdef HAVE_CYRUS_SASL
54 unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
55 char *sasl_realm = NULL;
56 char *sasl_authc_id = NULL;
57 char *sasl_authz_id = NULL;
58 char *sasl_mech = NULL;
59 char *sasl_secprops = NULL;
64 char *assertion = NULL;
69 char *preread_attrs = NULL;
71 char *postread_attrs = NULL;
75 struct berval passwd = { 0, NULL };
88 ldap_pvt_setlocale(LC_MESSAGES, "");
89 ldap_pvt_bindtextdomain(OPENLDAP_PACKAGE, LDAP_LOCALEDIR);
90 ldap_pvt_textdomain(OPENLDAP_PACKAGE);
94 tool_common_usage( void )
96 static const char *const descriptions[] = {
97 N_(" -c continuous operation mode (do not stop on errors)\n"),
98 N_(" -C chase referrals\n"),
99 N_(" -d level set LDAP debugging level to `level'\n"),
100 N_(" -D binddn bind DN\n"),
101 N_(" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n")
102 N_(" [!]assert=<filter> (an RFC 2254 Filter)\n")
103 N_(" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n")
104 N_(" [!]manageDSAit\n")
106 N_(" [!]postread[=<attrs>] (a comma-separated attribute list)\n"),
107 N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n"),
108 N_(" -f file read operations from `file'\n"),
109 N_(" -h host LDAP server\n"),
110 N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
111 N_(" -I use SASL Interactive mode\n"),
112 N_(" -k use Kerberos authentication\n"),
113 N_(" -K like -k, but do only step 1 of the Kerberos bind\n"),
114 N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
115 N_(" -n show what would be done but don't actually do it\n"),
116 N_(" -O props SASL security properties\n"),
117 N_(" -p port port on LDAP server\n"),
118 N_(" -P version procotol version (default: 3)\n"),
119 N_(" -Q use SASL Quiet mode\n"),
120 N_(" -R realm SASL realm\n"),
121 N_(" -U authcid SASL authentication identity\n"),
122 N_(" -v run in verbose mode (diagnostics to standard output)\n"),
123 N_(" -V print version info (-VV only)\n"),
124 N_(" -w passwd bind password (for simple authentication)\n"),
125 N_(" -W prompt for bind password\n"),
126 N_(" -x Simple authentication\n"),
127 N_(" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"),
128 N_(" -y file Read password from file\n"),
129 N_(" -Y mech SASL mechanism\n"),
130 N_(" -Z Start TLS request (-ZZ to require successful response)\n"),
133 const char *const *cpp;
135 fputs( _("Common options:\n"), stderr );
136 for( cpp = descriptions; *cpp != NULL; cpp++ ) {
137 if( strchr( options, (*cpp)[3] ) ) {
138 fputs( _(*cpp), stderr );
145 tool_args( int argc, char **argv )
149 while (( i = getopt( argc, argv, options )) != EOF ) {
151 char *control, *cvalue;
153 case 'c': /* continuous operation mode */
160 debug |= atoi( optarg );
162 case 'D': /* bind DN */
163 if( binddn != NULL ) {
164 fprintf( stderr, "%s: -D previously specified\n", prog );
165 exit( EXIT_FAILURE );
167 binddn = ber_strdup( optarg );
169 case 'e': /* general controls */
170 /* should be extended to support comma separated list of
171 * [!]key[=value] parameters, e.g. -e !foo,bar=567
176 if( optarg[0] == '!' ) {
181 control = ber_strdup( optarg );
182 if ( (cvalue = strchr( control, '=' )) != NULL ) {
186 if ( strcasecmp( control, "assert" ) == 0 ) {
188 fprintf( stderr, "assert control previously specified\n");
189 exit( EXIT_FAILURE );
191 if( cvalue == NULL ) {
192 fprintf( stderr, "assert: control value expected\n" );
196 assertctl = 1 + crit;
198 assert( assertion == NULL );
201 } else if ( strcasecmp( control, "authzid" ) == 0 ) {
202 if( authzid != NULL ) {
203 fprintf( stderr, "authzid control previously specified\n");
204 exit( EXIT_FAILURE );
206 if( cvalue == NULL ) {
207 fprintf( stderr, "authzid: control value expected\n" );
211 fprintf( stderr, "authzid: must be marked critical\n" );
215 assert( authzid == NULL );
218 } else if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
221 "manageDSAit control previously specified\n");
222 exit( EXIT_FAILURE );
224 if( cvalue != NULL ) {
226 "manageDSAit: no control value expected\n" );
230 manageDSAit = 1 + crit;
232 } else if ( strcasecmp( control, "noop" ) == 0 ) {
234 fprintf( stderr, "noop control previously specified\n");
235 exit( EXIT_FAILURE );
237 if( cvalue != NULL ) {
238 fprintf( stderr, "noop: no control value expected\n" );
244 } else if ( strcasecmp( control, "preread" ) == 0 ) {
246 fprintf( stderr, "preread control previously specified\n");
247 exit( EXIT_FAILURE );
251 preread_attrs = cvalue;
253 } else if ( strcasecmp( control, "postread" ) == 0 ) {
255 fprintf( stderr, "postread control previously specified\n");
256 exit( EXIT_FAILURE );
260 postread_attrs = cvalue;
263 fprintf( stderr, "Invalid general control name: %s\n",
268 case 'f': /* read from file */
269 if( infile != NULL ) {
270 fprintf( stderr, "%s: -f previously specified\n", prog );
271 exit( EXIT_FAILURE );
273 infile = ber_strdup( optarg );
275 case 'h': /* ldap host */
276 if( ldaphost != NULL ) {
277 fprintf( stderr, "%s: -h previously specified\n", prog );
278 exit( EXIT_FAILURE );
280 ldaphost = ber_strdup( optarg );
282 case 'H': /* ldap URI */
283 if( ldapuri != NULL ) {
284 fprintf( stderr, "%s: -H previously specified\n", prog );
285 exit( EXIT_FAILURE );
287 ldapuri = ber_strdup( optarg );
290 #ifdef HAVE_CYRUS_SASL
291 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
292 fprintf( stderr, "%s: incompatible previous "
293 "authentication choice\n",
295 exit( EXIT_FAILURE );
297 authmethod = LDAP_AUTH_SASL;
298 sasl_flags = LDAP_SASL_INTERACTIVE;
301 fprintf( stderr, "%s: was not compiled with SASL support\n",
303 exit( EXIT_FAILURE );
305 case 'k': /* kerberos bind */
306 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
307 if( authmethod != -1 ) {
308 fprintf( stderr, "%s: -k incompatible with previous "
309 "authentication choice\n", prog );
310 exit( EXIT_FAILURE );
312 authmethod = LDAP_AUTH_KRBV4;
314 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
315 exit( EXIT_FAILURE );
318 case 'K': /* kerberos bind, part one only */
319 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
320 if( authmethod != -1 ) {
321 fprintf( stderr, "%s: incompatible with previous "
322 "authentication choice\n", prog );
323 exit( EXIT_FAILURE );
325 authmethod = LDAP_AUTH_KRBV41;
327 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
328 exit( EXIT_FAILURE );
332 /* enable Manage DSA IT */
335 case 'n': /* print operations, don't actually do them */
339 #ifdef HAVE_CYRUS_SASL
340 if( sasl_secprops != NULL ) {
341 fprintf( stderr, "%s: -O previously specified\n", prog );
342 exit( EXIT_FAILURE );
344 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
345 fprintf( stderr, "%s: incompatible previous "
346 "authentication choice\n", prog );
347 exit( EXIT_FAILURE );
349 authmethod = LDAP_AUTH_SASL;
350 sasl_secprops = ber_strdup( optarg );
352 fprintf( stderr, "%s: not compiled with SASL support\n", prog );
353 exit( EXIT_FAILURE );
358 fprintf( stderr, "%s: -p previously specified\n", prog );
359 exit( EXIT_FAILURE );
361 ldapport = atoi( optarg );
364 switch( atoi(optarg) ) {
366 if( protocol == LDAP_VERSION3 ) {
367 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
369 exit( EXIT_FAILURE );
371 protocol = LDAP_VERSION2;
374 if( protocol == LDAP_VERSION2 ) {
375 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
377 exit( EXIT_FAILURE );
379 protocol = LDAP_VERSION3;
382 fprintf( stderr, "%s: protocol version should be 2 or 3\n",
388 #ifdef HAVE_CYRUS_SASL
389 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
390 fprintf( stderr, "%s: incompatible previous "
391 "authentication choice\n",
393 exit( EXIT_FAILURE );
395 authmethod = LDAP_AUTH_SASL;
396 sasl_flags = LDAP_SASL_QUIET;
399 fprintf( stderr, "%s: not compiled with SASL support\n",
401 exit( EXIT_FAILURE );
404 #ifdef HAVE_CYRUS_SASL
405 if( sasl_realm != NULL ) {
406 fprintf( stderr, "%s: -R previously specified\n", prog );
407 exit( EXIT_FAILURE );
409 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
410 fprintf( stderr, "%s: incompatible previous "
411 "authentication choice\n",
413 exit( EXIT_FAILURE );
415 authmethod = LDAP_AUTH_SASL;
416 sasl_realm = ber_strdup( optarg );
418 fprintf( stderr, "%s: not compiled with SASL support\n",
420 exit( EXIT_FAILURE );
424 #ifdef HAVE_CYRUS_SASL
425 if( sasl_authc_id != NULL ) {
426 fprintf( stderr, "%s: -U previously specified\n", prog );
427 exit( EXIT_FAILURE );
429 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
430 fprintf( stderr, "%s: incompatible previous "
431 "authentication choice\n",
433 exit( EXIT_FAILURE );
435 authmethod = LDAP_AUTH_SASL;
436 sasl_authc_id = ber_strdup( optarg );
438 fprintf( stderr, "%s: not compiled with SASL support\n",
440 exit( EXIT_FAILURE );
443 case 'v': /* verbose mode */
446 case 'V': /* version */
449 case 'w': /* password */
450 passwd.bv_val = ber_strdup( optarg );
454 for( p = optarg; *p != '\0'; p++ ) {
458 passwd.bv_len = strlen( passwd.bv_val );
467 #ifdef HAVE_CYRUS_SASL
468 if( sasl_mech != NULL ) {
469 fprintf( stderr, "%s: -Y previously specified\n", prog );
470 exit( EXIT_FAILURE );
472 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
474 "%s: incompatible with authentication choice\n", prog );
475 exit( EXIT_FAILURE );
477 authmethod = LDAP_AUTH_SASL;
478 sasl_mech = ber_strdup( optarg );
480 fprintf( stderr, "%s: not compiled with SASL support\n", prog );
481 exit( EXIT_FAILURE );
485 if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
486 fprintf( stderr, "%s: incompatible with previous "
487 "authentication choice\n", prog );
488 exit( EXIT_FAILURE );
490 authmethod = LDAP_AUTH_SIMPLE;
493 #ifdef HAVE_CYRUS_SASL
494 if( sasl_authz_id != NULL ) {
495 fprintf( stderr, "%s: -X previously specified\n", prog );
496 exit( EXIT_FAILURE );
498 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
499 fprintf( stderr, "%s: -X incompatible with "
500 "authentication choice\n", prog );
501 exit( EXIT_FAILURE );
503 authmethod = LDAP_AUTH_SASL;
504 sasl_authz_id = ber_strdup( optarg );
506 fprintf( stderr, "%s: not compiled with SASL support\n", prog );
507 exit( EXIT_FAILURE );
514 fprintf( stderr, "%s: not compiled with TLS support\n", prog );
515 exit( EXIT_FAILURE );
519 if( handle_private_option( i ) ) break;
520 fprintf( stderr, "%s: unrecognized option -%c\n",
527 /* prevent bad linking */
529 api.ldapai_info_version = LDAP_API_INFO_VERSION;
531 if ( ldap_get_option(NULL, LDAP_OPT_API_INFO, &api)
532 != LDAP_OPT_SUCCESS )
534 fprintf( stderr, "%s: ldap_get_option(API_INFO) failed\n", prog );
535 exit( EXIT_FAILURE );
538 if (api.ldapai_info_version != LDAP_API_INFO_VERSION) {
539 fprintf( stderr, "LDAP APIInfo version mismatch: "
540 "got %d, expected %d\n",
541 api.ldapai_info_version, LDAP_API_INFO_VERSION );
542 exit( EXIT_FAILURE );
545 if( api.ldapai_api_version != LDAP_API_VERSION ) {
546 fprintf( stderr, "LDAP API version mismatch: "
547 "got %d, expected %d\n",
548 api.ldapai_api_version, LDAP_API_VERSION );
549 exit( EXIT_FAILURE );
552 if( strcmp(api.ldapai_vendor_name, LDAP_VENDOR_NAME ) != 0 ) {
553 fprintf( stderr, "LDAP vendor name mismatch: "
554 "got %s, expected %s\n",
555 api.ldapai_vendor_name, LDAP_VENDOR_NAME );
556 exit( EXIT_FAILURE );
559 if( api.ldapai_vendor_version != LDAP_VENDOR_VERSION ) {
560 fprintf( stderr, "LDAP vendor version mismatch: "
561 "got %d, expected %d\n",
562 api.ldapai_vendor_version, LDAP_VENDOR_VERSION );
563 exit( EXIT_FAILURE );
567 fprintf( stderr, "%s: %s\t(LDAP library: %s %d)\n",
569 LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION );
570 if (version > 1) exit( EXIT_SUCCESS );
575 protocol = LDAP_VERSION3;
577 if (authmethod == -1 && protocol > LDAP_VERSION2) {
578 #ifdef HAVE_CYRUS_SASL
579 authmethod = LDAP_AUTH_SASL;
581 authmethod = LDAP_AUTH_SIMPLE;
585 if( ldapuri == NULL ) {
586 if( ldapport && ( ldaphost == NULL )) {
587 fprintf( stderr, "%s: -p without -h is invalid.\n", prog );
588 exit( EXIT_FAILURE );
591 if( ldaphost != NULL ) {
592 fprintf( stderr, "%s: -H incompatible with -h\n", prog );
593 exit( EXIT_FAILURE );
596 fprintf( stderr, "%s: -H incompatible with -p\n", prog );
597 exit( EXIT_FAILURE );
600 if( protocol == LDAP_VERSION2 ) {
601 if( authzid || manageDSAit || noop ) {
602 fprintf( stderr, "%s: -e/-M incompatible with LDAPv2\n", prog );
603 exit( EXIT_FAILURE );
607 fprintf( stderr, "%s: -Z incompatible with LDAPv2\n", prog );
608 exit( EXIT_FAILURE );
611 #ifdef HAVE_CYRUS_SASL
612 if( authmethod == LDAP_AUTH_SASL ) {
613 fprintf( stderr, "%s: -[IOQRUXY] incompatible with LDAPv2\n",
615 exit( EXIT_FAILURE );
619 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
620 if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
621 fprintf( stderr, "%s: -k/-K incompatible with LDAPv%d\n",
623 exit( EXIT_FAILURE );
631 tool_conn_setup( int not, void (*private_setup)( LDAP * ) )
636 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
637 != LBER_OPT_SUCCESS )
639 fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
641 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
642 != LDAP_OPT_SUCCESS )
644 fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
649 (void) SIGNAL( SIGPIPE, SIG_IGN );
653 /* connect to server */
654 if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
656 fprintf( stderr, "ldap_init( %s, %d )\n",
657 ldaphost != NULL ? ldaphost : "<DEFAULT>",
661 ld = ldap_init( ldaphost, ldapport );
663 char buf[20 + sizeof(": ldap_init")];
664 sprintf( buf, "%.20s: ldap_init", prog );
666 exit( EXIT_FAILURE );
672 fprintf( stderr, "ldap_initialize( %s )\n",
673 ldapuri != NULL ? ldapuri : "<DEFAULT>" );
675 rc = ldap_initialize( &ld, ldapuri );
676 if( rc != LDAP_SUCCESS ) {
678 "Could not create LDAP session handle (%d): %s\n",
679 rc, ldap_err2string(rc) );
680 exit( EXIT_FAILURE );
684 if( private_setup ) private_setup( ld );
687 if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
688 referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
690 fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
691 referrals ? "on" : "off" );
692 exit( EXIT_FAILURE );
695 if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
696 != LDAP_OPT_SUCCESS )
698 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
700 exit( EXIT_FAILURE );
704 ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ))
706 ldap_perror( ld, "ldap_start_tls" );
708 exit( EXIT_FAILURE );
718 tool_bind( LDAP *ld )
720 if ( authmethod == LDAP_AUTH_SASL ) {
721 #ifdef HAVE_CYRUS_SASL
725 if( sasl_secprops != NULL ) {
726 rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS,
727 (void *) sasl_secprops );
729 if( rc != LDAP_OPT_SUCCESS ) {
731 "Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n",
733 exit( EXIT_FAILURE );
737 defaults = lutil_sasl_defaults( ld,
744 rc = ldap_sasl_interactive_bind_s( ld, binddn,
745 sasl_mech, NULL, NULL,
746 sasl_flags, lutil_sasl_interact, defaults );
748 lutil_sasl_freedefs( defaults );
749 if( rc != LDAP_SUCCESS ) {
750 ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
751 exit( EXIT_FAILURE );
754 fprintf( stderr, "%s: not compiled with SASL support\n",
756 exit( EXIT_FAILURE );
759 if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
762 ldap_perror( ld, "ldap_bind" );
763 exit( EXIT_FAILURE );
769 /* Set server controls. Add controls extra_c[0..count-1], if set. */
771 tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
773 int i = 0, j, crit = 0, err;
774 LDAPControl c[6], **ctrls;
776 ctrls = (LDAPControl**) malloc(sizeof(c) + (count+1)*sizeof(LDAPControl*));
777 if ( ctrls == NULL ) {
778 fprintf( stderr, "No memory\n" );
779 exit( EXIT_FAILURE );
783 BerElementBuffer berbuf;
784 BerElement *ber = (BerElement *)&berbuf;
786 if( assertion == NULL || *assertion == '\0' ) {
787 fprintf( stderr, "Assertion=<empty>\n" );
788 exit( EXIT_FAILURE );
791 ber_init2( ber, NULL, LBER_USE_DER );
793 err = ldap_pvt_put_filter( ber, assertion );
795 fprintf( stderr, "assertion encode failed (%d)\n", err );
796 exit( EXIT_FAILURE );
799 err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
801 fprintf( stderr, "assertion flatten failed (%d)\n", err );
802 exit( EXIT_FAILURE );
805 c[i].ldctl_oid = LDAP_CONTROL_ASSERT;
806 c[i].ldctl_iscritical = assertctl > 1;
812 c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
813 c[i].ldctl_value.bv_val = authzid;
814 c[i].ldctl_value.bv_len = strlen( authzid );
815 c[i].ldctl_iscritical = 1;
821 c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
822 c[i].ldctl_value.bv_val = NULL;
823 c[i].ldctl_value.bv_len = 0;
824 c[i].ldctl_iscritical = manageDSAit > 1;
830 c[i].ldctl_oid = LDAP_CONTROL_NOOP;
831 c[i].ldctl_value.bv_val = NULL;
832 c[i].ldctl_value.bv_len = 0;
833 c[i].ldctl_iscritical = noop > 1;
839 char berbuf[LBER_ELEMENT_SIZEOF];
840 BerElement *ber = (BerElement *)berbuf;
843 if( preread_attrs ) {
844 attrs = ldap_str2charray( preread_attrs, "," );
847 ber_init2( ber, NULL, LBER_USE_DER );
849 if( ber_printf( ber, "{v}", attrs ) == -1 ) {
850 fprintf( stderr, "preread attrs encode failed.\n" );
851 exit( EXIT_FAILURE );
854 err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
856 fprintf( stderr, "preread flatten failed (%d)\n", err );
857 exit( EXIT_FAILURE );
860 c[i].ldctl_oid = LDAP_CONTROL_PRE_READ;
861 c[i].ldctl_iscritical = preread > 1;
865 if( attrs ) ldap_charray_free( attrs );
869 char berbuf[LBER_ELEMENT_SIZEOF];
870 BerElement *ber = (BerElement *)berbuf;
873 if( postread_attrs ) {
874 attrs = ldap_str2charray( postread_attrs, "," );
877 ber_init2( ber, NULL, LBER_USE_DER );
879 if( ber_printf( ber, "{v}", attrs ) == -1 ) {
880 fprintf( stderr, "postread attrs encode failed.\n" );
881 exit( EXIT_FAILURE );
884 err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
886 fprintf( stderr, "postread flatten failed (%d)\n", err );
887 exit( EXIT_FAILURE );
890 c[i].ldctl_oid = LDAP_CONTROL_POST_READ;
891 c[i].ldctl_iscritical = postread > 1;
895 if( attrs ) ldap_charray_free( attrs );
899 ctrls[i++] = extra_c++;
903 err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
905 if ( err != LDAP_OPT_SUCCESS ) {
906 for ( j = 0; j < i; j++ ) {
907 if ( ctrls[j]->ldctl_iscritical ) crit = 1;
909 fprintf( stderr, "Could not set %scontrols\n",
910 crit ? "critical " : "" );
915 exit( EXIT_FAILURE );