]> git.sur5r.net Git - openldap/blob - clients/tools/ldapsearch.c
9b349da6b09289d11aa0943742b4933ee13b62f7
[openldap] / clients / tools / ldapsearch.c
1 /* $OpenLDAP$ */
2 /*
3  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
5  */
6
7 #include "portable.h"
8
9 #include <stdio.h>
10
11 #include <ac/stdlib.h>
12
13 #include <ac/ctype.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
16 #include <ac/unistd.h>
17 #include <ac/errno.h>
18 #include <sys/stat.h>
19
20 #ifdef HAVE_FCNTL_H
21 #include <fcntl.h>
22 #endif
23 #ifdef HAVE_SYS_TYPES_H
24 #include <sys/types.h>
25 #endif
26 #ifdef HAVE_IO_H
27 #include <io.h>
28 #endif
29
30 #include <ldap.h>
31
32 #include "ldif.h"
33 #include "lutil.h"
34 #include "lutil_ldap.h"
35 #include "ldap_defaults.h"
36
37 static void
38 usage( const char *s )
39 {
40         fprintf( stderr,
41 "usage: %s [options] [filter [attributes...]]\nwhere:\n"
42 "  filter\tRFC-2254 compliant LDAP search filter\n"
43 "  attributes\twhitespace-separated list of attribute descriptions\n"
44 "    which may include:\n"
45 "      1.1   no attributes\n"
46 "      *     all user attributes\n"
47 "      +     all operational attributes\n"
48
49 "Search options:\n"
50 "  -a deref   one of never (default), always, search, or find\n"
51 "  -A         retrieve attribute names only (no values)\n"
52 "  -b basedn  base dn for search\n"
53 "  -l limit   time limit (in seconds) for search\n"
54 "  -L         print responses in LDIFv1 format\n"
55 "  -LL        print responses in LDIF format without comments\n"
56 "  -LLL       print responses in LDIF format without comments\n"
57 "             and version\n"
58 "  -s scope   one of base, one, or sub (search scope)\n"
59 "  -S attr    sort the results by attribute `attr'\n"
60 "  -t         write binary values to files in temporary directory\n"
61 "  -tt        write all values to files in temporary directory\n"
62 "  -T path    write files to directory specified by path (default:\n"
63 "             " LDAP_TMPDIR ")\n"
64 "  -u         include User Friendly entry names in the output\n"
65 "  -V prefix  URL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n"
66 "  -z limit   size limit (in entries) for search\n"
67
68 "Common options:\n"
69 "  -d level   set LDAP debugging level to `level'\n"
70 "  -D binddn  bind DN\n"
71 "  -f file    read operations from `file'\n"
72 "  -h host    LDAP server\n"
73 "  -I         use SASL Interactive mode\n"
74 "  -k         use Kerberos authentication\n"
75 "  -K         like -k, but do only step 1 of the Kerberos bind\n"
76 "  -M         enable Manage DSA IT control (-MM to make critical)\n"
77 "  -n         show what would be done but don't actually search\n"
78 "  -O props   SASL security properties\n"
79 "  -p port    port on LDAP server\n"
80 "  -P version procotol version (default: 3)\n"
81 "  -Q         use SASL Quiet mode\n"
82 "  -R realm   SASL realm\n"
83 "  -U user    SASL authentication identity (username)\n"
84 "  -v         run in verbose mode (diagnostics to standard output)\n"
85 "  -w passwd  bind passwd (for simple authentication)\n"
86 "  -W         prompt for bind passwd\n"
87 "  -x         Simple authentication\n"
88 "  -X id      SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
89 "  -Y mech    SASL mechanism\n"
90 "  -Z         Start TLS request (-ZZ to require successful response)\n"
91 , s );
92
93         exit( EXIT_FAILURE );
94 }
95
96 static void print_entry LDAP_P((
97         LDAP    *ld,
98         LDAPMessage     *entry,
99         int             attrsonly));
100
101 static void print_reference(
102         LDAP *ld,
103         LDAPMessage *reference );
104
105 static void print_extended(
106         LDAP *ld,
107         LDAPMessage *extended );
108
109 static void print_partial(
110         LDAP *ld,
111         LDAPMessage *partial );
112
113 static int print_result(
114         LDAP *ld,
115         LDAPMessage *result,
116         int search );
117
118 static void print_ctrls(
119         LDAPControl **ctrls );
120
121 static int write_ldif LDAP_P((
122         int type,
123         char *name,
124         char *value,
125         ber_len_t vallen ));
126
127 static int dosearch LDAP_P((
128         LDAP    *ld,
129         char    *base,
130         int             scope,
131         char    *filtpatt,
132         char    *value,
133         char    **attrs,
134         int             attrsonly,
135         LDAPControl **sctrls,
136         LDAPControl **cctrls,
137         struct timeval *timelimit,
138         int     sizelimit ));
139
140 static char *tmpdir = NULL;
141 static char *urlpre = NULL;
142
143 static char *prog = NULL;
144 static char     *binddn = NULL;
145 static struct berval passwd = { 0, NULL };
146 static char     *base = NULL;
147 static char     *ldaphost = NULL;
148 static char *ldapuri = NULL;
149 static int      ldapport = 0;
150 #ifdef HAVE_CYRUS_SASL
151 static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
152 static char     *sasl_realm = NULL;
153 static char     *sasl_authc_id = NULL;
154 static char     *sasl_authz_id = NULL;
155 static char     *sasl_mech = NULL;
156 static char     *sasl_secprops = NULL;
157 #endif
158 static int      use_tls = 0;
159 static char     *sortattr = NULL;
160 static int      verbose, not, includeufn, vals2tmp, ldif;
161
162 int
163 main( int argc, char **argv )
164 {
165         char            *infile, *filtpattern, **attrs, line[BUFSIZ];
166         FILE            *fp = NULL;
167         int                     rc, i, first, scope, deref, attrsonly, manageDSAit;
168         int                     referrals, timelimit, sizelimit, debug;
169         int             authmethod, version, want_bindpw;
170         LDAP            *ld = NULL;
171
172         infile = NULL;
173         debug = verbose = not = vals2tmp = referrals =
174                 attrsonly = manageDSAit = ldif = want_bindpw = 0;
175
176         deref = sizelimit = timelimit = version = -1;
177
178         scope = LDAP_SCOPE_SUBTREE;
179         authmethod = -1;
180
181     prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;
182
183         while (( i = getopt( argc, argv,
184                 "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF )
185         {
186         switch( i ) {
187         /* Search Options */
188         case 'a':       /* set alias deref option */
189                 if ( strcasecmp( optarg, "never" ) == 0 ) {
190                 deref = LDAP_DEREF_NEVER;
191                 } else if ( strncasecmp( optarg, "search", sizeof("search")-1 ) == 0 ) {
192                 deref = LDAP_DEREF_SEARCHING;
193                 } else if ( strncasecmp( optarg, "find", sizeof("find")-1 ) == 0 ) {
194                 deref = LDAP_DEREF_FINDING;
195                 } else if ( strcasecmp( optarg, "always" ) == 0 ) {
196                 deref = LDAP_DEREF_ALWAYS;
197                 } else {
198                 fprintf( stderr, "alias deref should be never, search, find, or always\n" );
199                 usage( argv[ 0 ] );
200                 }
201                 break;
202         case 'A':       /* retrieve attribute names only -- no values */
203                 ++attrsonly;
204                 break;
205         case 'b': /* search base */
206                 base = strdup( optarg );
207                 break;
208         case 'f':       /* input file */
209                 if( infile != NULL ) {
210                         fprintf( stderr, "%s: -f previously specified\n" );
211                         return EXIT_FAILURE;
212                 }
213                 infile = strdup( optarg );
214                 break;
215         case 'l':       /* time limit */
216                 timelimit = atoi( optarg );
217                 break;
218         case 'L':       /* print entries in LDIF format */
219                 ++ldif;
220                 break;
221         case 's':       /* search scope */
222                 if ( strcasecmp( optarg, "base" ) == 0 ) {
223                 scope = LDAP_SCOPE_BASE;
224                 } else if ( strncasecmp( optarg, "one", sizeof("one")-1 ) == 0 ) {
225                 scope = LDAP_SCOPE_ONELEVEL;
226                 } else if ( strncasecmp( optarg, "sub", sizeof("sub")-1 ) == 0 ) {
227                 scope = LDAP_SCOPE_SUBTREE;
228                 } else {
229                 fprintf( stderr, "scope should be base, one, or sub\n" );
230                 usage( argv[ 0 ] );
231                 }
232                 break;
233         case 'S':       /* sort attribute */
234                 sortattr = strdup( optarg );
235                 break;
236         case 'u':       /* include UFN */
237                 ++includeufn;
238                 break;
239         case 't':       /* write attribute values to TMPDIR files */
240                 ++vals2tmp;
241                 break;
242         case 'T':       /* tmpdir */
243                 if( tmpdir ) free( tmpdir );
244                 tmpdir = strdup( optarg );
245                 break;
246         case 'V':       /* uri prefix */
247                 if( urlpre ) free( urlpre );
248                 urlpre = strdup( optarg );
249                 break;
250         case 'z':       /* size limit */
251                 sizelimit = atoi( optarg );
252                 break;
253
254         /* Common Options */
255         case 'C':
256                 referrals++;
257                 break;
258         case 'd':
259             debug |= atoi( optarg );
260             break;
261         case 'D':       /* bind DN */
262                 if( binddn != NULL ) {
263                         fprintf( stderr, "%s: -D previously specified\n" );
264                         return EXIT_FAILURE;
265                 }
266             binddn = strdup( optarg );
267             break;
268         case 'h':       /* ldap host */
269                 if( ldapuri != NULL ) {
270                         fprintf( stderr, "%s: -h incompatible with -H\n" );
271                         return EXIT_FAILURE;
272                 }
273                 if( ldaphost != NULL ) {
274                         fprintf( stderr, "%s: -h previously specified\n" );
275                         return EXIT_FAILURE;
276                 }
277             ldaphost = strdup( optarg );
278             break;
279         case 'H':       /* ldap URI */
280                 if( ldaphost != NULL ) {
281                         fprintf( stderr, "%s: -H incompatible with -h\n" );
282                         return EXIT_FAILURE;
283                 }
284                 if( ldapport ) {
285                         fprintf( stderr, "%s: -H incompatible with -p\n" );
286                         return EXIT_FAILURE;
287                 }
288                 if( ldapuri != NULL ) {
289                         fprintf( stderr, "%s: -H previously specified\n" );
290                         return EXIT_FAILURE;
291                 }
292             ldapuri = strdup( optarg );
293             break;
294         case 'I':
295 #ifdef HAVE_CYRUS_SASL
296                 if( version == LDAP_VERSION2 ) {
297                         fprintf( stderr, "%s: -I incompatible with version %d\n",
298                                 prog, version );
299                         return EXIT_FAILURE;
300                 }
301                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
302                         fprintf( stderr, "%s: incompatible previous "
303                                 "authentication choice\n",
304                                 prog );
305                         return EXIT_FAILURE;
306                 }
307                 authmethod = LDAP_AUTH_SASL;
308                 version = LDAP_VERSION3;
309                 sasl_flags = LDAP_SASL_INTERACTIVE;
310                 break;
311 #else
312                 fprintf( stderr, "%s: was not compiled with SASL support\n",
313                         prog );
314                 return( EXIT_FAILURE );
315 #endif
316         case 'k':       /* kerberos bind */
317 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
318                 if( version > LDAP_VERSION2 ) {
319                         fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
320                                 prog, version );
321                         return EXIT_FAILURE;
322                 }
323
324                 if( authmethod != -1 ) {
325                         fprintf( stderr, "%s: -k incompatible with previous "
326                                 "authentication choice\n", prog );
327                         return EXIT_FAILURE;
328                 }
329                         
330                 authmethod = LDAP_AUTH_KRBV4;
331 #else
332                 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
333                 return EXIT_FAILURE;
334 #endif
335             break;
336         case 'K':       /* kerberos bind, part one only */
337 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
338                 if( version > LDAP_VERSION2 ) {
339                         fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
340                                 prog, version );
341                         return EXIT_FAILURE;
342                 }
343                 if( authmethod != -1 ) {
344                         fprintf( stderr, "%s: incompatible with previous "
345                                 "authentication choice\n", prog );
346                         return EXIT_FAILURE;
347                 }
348
349                 authmethod = LDAP_AUTH_KRBV41;
350 #else
351                 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
352                 return( EXIT_FAILURE );
353 #endif
354             break;
355         case 'M':
356                 /* enable Manage DSA IT */
357                 if( version == LDAP_VERSION2 ) {
358                         fprintf( stderr, "%s: -M incompatible with LDAPv%d\n",
359                                 prog, version );
360                         return EXIT_FAILURE;
361                 }
362                 manageDSAit++;
363                 version = LDAP_VERSION3;
364                 break;
365         case 'n':       /* print deletes, don't actually do them */
366             ++not;
367             break;
368         case 'O':
369 #ifdef HAVE_CYRUS_SASL
370                 if( sasl_secprops != NULL ) {
371                         fprintf( stderr, "%s: -O previously specified\n" );
372                         return EXIT_FAILURE;
373                 }
374                 if( version == LDAP_VERSION2 ) {
375                         fprintf( stderr, "%s: -O incompatible with LDAPv%d\n",
376                                 prog, version );
377                         return EXIT_FAILURE;
378                 }
379                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
380                         fprintf( stderr, "%s: incompatible previous "
381                                 "authentication choice\n", prog );
382                         return EXIT_FAILURE;
383                 }
384                 authmethod = LDAP_AUTH_SASL;
385                 version = LDAP_VERSION3;
386                 sasl_secprops = strdup( optarg );
387 #else
388                 fprintf( stderr, "%s: not compiled with SASL support\n",
389                         prog );
390                 return( EXIT_FAILURE );
391 #endif
392                 break;
393         case 'p':
394                 if( ldapport ) {
395                         fprintf( stderr, "%s: -p previously specified\n" );
396                         return EXIT_FAILURE;
397                 }
398             ldapport = atoi( optarg );
399             break;
400         case 'P':
401                 switch( atoi(optarg) ) {
402                 case 2:
403                         if( version == LDAP_VERSION3 ) {
404                                 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
405                                         prog, version );
406                                 return EXIT_FAILURE;
407                         }
408                         version = LDAP_VERSION2;
409                         break;
410                 case 3:
411                         if( version == LDAP_VERSION2 ) {
412                                 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
413                                         prog, version );
414                                 return EXIT_FAILURE;
415                         }
416                         version = LDAP_VERSION3;
417                         break;
418                 default:
419                         fprintf( stderr, "%s: protocol version should be 2 or 3\n",
420                                 prog );
421                         usage( prog );
422                         return( EXIT_FAILURE );
423                 } break;
424         case 'Q':
425 #ifdef HAVE_CYRUS_SASL
426                 if( version == LDAP_VERSION2 ) {
427                         fprintf( stderr, "%s: -Q incompatible with version %d\n",
428                                 prog, version );
429                         return EXIT_FAILURE;
430                 }
431                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
432                         fprintf( stderr, "%s: incompatible previous "
433                                 "authentication choice\n",
434                                 prog );
435                         return EXIT_FAILURE;
436                 }
437                 authmethod = LDAP_AUTH_SASL;
438                 version = LDAP_VERSION3;
439                 sasl_flags = LDAP_SASL_QUIET;
440                 break;
441 #else
442                 fprintf( stderr, "%s: not compiled with SASL support\n",
443                         prog );
444                 return( EXIT_FAILURE );
445 #endif
446         case 'R':
447 #ifdef HAVE_CYRUS_SASL
448                 if( sasl_realm != NULL ) {
449                         fprintf( stderr, "%s: -R previously specified\n" );
450                         return EXIT_FAILURE;
451                 }
452                 if( version == LDAP_VERSION2 ) {
453                         fprintf( stderr, "%s: -R incompatible with version %d\n",
454                                 prog, version );
455                         return EXIT_FAILURE;
456                 }
457                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
458                         fprintf( stderr, "%s: incompatible previous "
459                                 "authentication choice\n",
460                                 prog );
461                         return EXIT_FAILURE;
462                 }
463                 authmethod = LDAP_AUTH_SASL;
464                 version = LDAP_VERSION3;
465                 sasl_realm = strdup( optarg );
466 #else
467                 fprintf( stderr, "%s: not compiled with SASL support\n",
468                         prog );
469                 return( EXIT_FAILURE );
470 #endif
471                 break;
472         case 'U':
473 #ifdef HAVE_CYRUS_SASL
474                 if( sasl_authc_id != NULL ) {
475                         fprintf( stderr, "%s: -U previously specified\n" );
476                         return EXIT_FAILURE;
477                 }
478                 if( version == LDAP_VERSION2 ) {
479                         fprintf( stderr, "%s: -U incompatible with version %d\n",
480                                 prog, version );
481                         return EXIT_FAILURE;
482                 }
483                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
484                         fprintf( stderr, "%s: incompatible previous "
485                                 "authentication choice\n",
486                                 prog );
487                         return EXIT_FAILURE;
488                 }
489                 authmethod = LDAP_AUTH_SASL;
490                 version = LDAP_VERSION3;
491                 sasl_authc_id = strdup( optarg );
492 #else
493                 fprintf( stderr, "%s: not compiled with SASL support\n",
494                         prog );
495                 return( EXIT_FAILURE );
496 #endif
497                 break;
498         case 'v':       /* verbose mode */
499             verbose++;
500             break;
501         case 'w':       /* password */
502             passwd.bv_val = strdup( optarg );
503                 {
504                         char* p;
505
506                         for( p = optarg; *p == '\0'; p++ ) {
507                                 *p = '\0';
508                         }
509                 }
510                 passwd.bv_len = strlen( passwd.bv_val );
511             break;
512         case 'W':
513                 want_bindpw++;
514                 break;
515         case 'Y':
516 #ifdef HAVE_CYRUS_SASL
517                 if( sasl_mech != NULL ) {
518                         fprintf( stderr, "%s: -Y previously specified\n" );
519                         return EXIT_FAILURE;
520                 }
521                 if( version == LDAP_VERSION2 ) {
522                         fprintf( stderr, "%s: -Y incompatible with version %d\n",
523                                 prog, version );
524                         return EXIT_FAILURE;
525                 }
526                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
527                         fprintf( stderr, "%s: incompatible with authentication choice\n", prog );
528                         return EXIT_FAILURE;
529                 }
530                 authmethod = LDAP_AUTH_SASL;
531                 version = LDAP_VERSION3;
532                 sasl_mech = strdup( optarg );
533 #else
534                 fprintf( stderr, "%s: not compiled with SASL support\n",
535                         prog );
536                 return( EXIT_FAILURE );
537 #endif
538                 break;
539         case 'x':
540                 if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
541                         fprintf( stderr, "%s: incompatible with previous "
542                                 "authentication choice\n", prog );
543                         return EXIT_FAILURE;
544                 }
545                 authmethod = LDAP_AUTH_SIMPLE;
546                 break;
547         case 'X':
548 #ifdef HAVE_CYRUS_SASL
549                 if( sasl_authz_id != NULL ) {
550                         fprintf( stderr, "%s: -X previously specified\n" );
551                         return EXIT_FAILURE;
552                 }
553                 if( version == LDAP_VERSION2 ) {
554                         fprintf( stderr, "%s: -X incompatible with LDAPv%d\n",
555                                 prog, version );
556                         return EXIT_FAILURE;
557                 }
558                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
559                         fprintf( stderr, "%s: -X incompatible with "
560                                 "authentication choice\n", prog );
561                         return EXIT_FAILURE;
562                 }
563                 authmethod = LDAP_AUTH_SASL;
564                 version = LDAP_VERSION3;
565                 sasl_authz_id = strdup( optarg );
566 #else
567                 fprintf( stderr, "%s: not compiled with SASL support\n",
568                         prog );
569                 return( EXIT_FAILURE );
570 #endif
571                 break;
572         case 'Z':
573 #ifdef HAVE_TLS
574                 if( version == LDAP_VERSION2 ) {
575                         fprintf( stderr, "%s: -Z incompatible with version %d\n",
576                                 prog, version );
577                         return EXIT_FAILURE;
578                 }
579                 version = LDAP_VERSION3;
580                 use_tls++;
581 #else
582                 fprintf( stderr, "%s: not compiled with TLS support\n",
583                         prog );
584                 return( EXIT_FAILURE );
585 #endif
586                 break;
587         default:
588                 fprintf( stderr, "%s: unrecongized option -%c\n",
589                         prog, optopt );
590                 usage( argv[0] );
591         }
592         }
593
594         if (version == -1) {
595                 version = LDAP_VERSION3;
596         }
597         if (authmethod == -1 && version > LDAP_VERSION2) {
598 #ifdef HAVE_CYRUS_SASL
599                 authmethod = LDAP_AUTH_SASL;
600 #else
601                 authmethod = LDAP_AUTH_SIMPLE;
602 #endif
603         }
604
605         if (( argc - optind < 1 ) ||
606                 ( *argv[optind] != '(' /*')'*/ &&
607                 ( strchr( argv[optind], '=' ) == NULL ) ) )
608         {
609                 filtpattern = "(objectclass=*)";
610         } else {
611                 filtpattern = strdup( argv[optind++] );
612         }
613
614         if ( argv[optind] == NULL ) {
615                 attrs = NULL;
616         } else if ( sortattr == NULL || *sortattr == '\0' ) {
617                 attrs = &argv[optind];
618         }
619
620         if ( infile != NULL ) {
621                 if ( infile[0] == '-' && infile[1] == '\0' ) {
622                         fp = stdin;
623                 } else if (( fp = fopen( infile, "r" )) == NULL ) {
624                         perror( infile );
625                         return EXIT_FAILURE;
626                 }
627         }
628
629         if( tmpdir == NULL
630                 && (tmpdir = getenv("TMPDIR")) == NULL
631                 && (tmpdir = getenv("TMP")) == NULL
632                 && (tmpdir = getenv("TEMP")) == NULL )
633         {
634                 tmpdir = LDAP_TMPDIR;
635         }
636
637         if( urlpre == NULL ) {
638                 urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
639
640                 if( urlpre == NULL ) {
641                         perror( "malloc" );
642                         return EXIT_FAILURE;
643                 }
644
645                 sprintf( urlpre, "file:///%s/",
646                         tmpdir[0] == '/' ? &tmpdir[1] : tmpdir );
647
648                 /* urlpre should be URLized.... */
649         }
650
651         if ( debug ) {
652                 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
653                         fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
654                 }
655                 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
656                         fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
657                 }
658                 ldif_debug = debug;
659         }
660
661 #ifdef SIGPIPE
662         (void) SIGNAL( SIGPIPE, SIG_IGN );
663 #endif
664
665
666         if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
667                 if ( verbose ) {
668                         fprintf( stderr, "ldap_init( %s, %d )\n",
669                                 ldaphost != NULL ? ldaphost : "<DEFAULT>",
670                                 ldapport );
671                 }
672                 ld = ldap_init( ldaphost, ldapport );
673
674         } else {
675                 if ( verbose ) {
676                         fprintf( stderr, "ldap_initialize( %s )\n",
677                                 ldapuri != NULL ? ldapuri : "<DEFAULT>" );
678                 }
679                 (void) ldap_initialize( &ld, ldapuri );
680         }
681
682         if( ld == NULL ) {
683                 fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
684                         rc, ldap_err2string(rc) );
685                 return EXIT_FAILURE;
686         }
687
688         if (deref != -1 &&
689                 ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
690         {
691                 fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
692                 return EXIT_FAILURE;
693         }
694         if (timelimit != -1 &&
695                 ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
696         {
697                 fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
698                 return EXIT_FAILURE;
699         }
700         if (sizelimit != -1 &&
701                 ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
702         {
703                 fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
704                 return EXIT_FAILURE;
705         }
706
707         /* referrals */
708         if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
709                 referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
710         {
711                 fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
712                         referrals ? "on" : "off" );
713                 return EXIT_FAILURE;
714         }
715
716         if (version == -1 ) {
717                 version = 3;
718         }
719
720         if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
721                 != LDAP_OPT_SUCCESS )
722         {
723                 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
724                         version );
725                 return EXIT_FAILURE;
726         }
727
728         if ( use_tls ) {
729                 rc = ldap_start_tls_s( ld, NULL, NULL );
730
731                 if ( rc != LDAP_SUCCESS && use_tls > 1 ) {
732                         ldap_perror( ld, "ldap_start_tls" );
733                         fprintf( stderr, "Could not start TLS %d: %s\n",
734                                 rc, ldap_err2string( rc ) );
735                         return EXIT_FAILURE;
736                 }
737                 fprintf( stderr, "WARNING: could not start TLS\n" );
738         }
739
740         if (want_bindpw) {
741                 passwd.bv_val = getpassphrase("Enter LDAP Password: ");
742                 passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
743         }
744
745         if ( authmethod == LDAP_AUTH_SASL ) {
746 #ifdef HAVE_CYRUS_SASL
747                 void *defaults;
748
749                 if( sasl_secprops != NULL ) {
750                         rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS,
751                                 (void *) sasl_secprops );
752                         
753                         if( rc != LDAP_OPT_SUCCESS ) {
754                                 fprintf( stderr,
755                                         "Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n",
756                                         sasl_secprops );
757                                 return( EXIT_FAILURE );
758                         }
759                 }
760                 
761                 defaults = lutil_sasl_defaults( ld,
762                         sasl_mech,
763                         sasl_realm,
764                         sasl_authc_id,
765                         passwd.bv_val,
766                         sasl_authz_id );
767
768                 rc = ldap_sasl_interactive_bind_s( ld, binddn,
769                         sasl_mech, NULL, NULL,
770                         sasl_flags, lutil_sasl_interact, defaults );
771
772                 if( rc != LDAP_SUCCESS ) {
773                         ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
774                         return( EXIT_FAILURE );
775                 }
776 #else
777                 fprintf( stderr, "%s: not compiled with SASL support\n",
778                         prog, argv[0] );
779                 return( EXIT_FAILURE );
780 #endif
781         } else {
782                 if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
783                                 != LDAP_SUCCESS ) {
784                         ldap_perror( ld, "ldap_bind" );
785                         return( EXIT_FAILURE );
786                 }
787         }
788
789         if ( manageDSAit ) {
790                 int err;
791                 LDAPControl c;
792                 LDAPControl *ctrls[2];
793                 ctrls[0] = &c;
794                 ctrls[1] = NULL;
795
796                 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
797                 c.ldctl_value.bv_val = NULL;
798                 c.ldctl_value.bv_len = 0;
799                 c.ldctl_iscritical = manageDSAit > 1;
800
801                 err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
802
803                 if( err != LDAP_OPT_SUCCESS ) {
804                         fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
805                                 c.ldctl_iscritical ? "critical " : "" );
806                         if( c.ldctl_iscritical ) {
807                                 exit( EXIT_FAILURE );
808                         }
809                 }
810         }
811
812         if ( verbose ) {
813                 fprintf( stderr, "filter%s: %s\nrequesting: ",
814                         infile != NULL ? " pattern" : "",
815                         filtpattern );
816
817                 if ( attrs == NULL ) {
818                         fprintf( stderr, "ALL" );
819                 } else {
820                         for ( i = 0; attrs[ i ] != NULL; ++i ) {
821                                 fprintf( stderr, "%s ", attrs[ i ] );
822                         }
823                 }
824                 fprintf( stderr, "\n" );
825         }
826
827         if (ldif < 3 ) {
828                 printf( "version: %d\n\n", ldif ? 1 : 2 );
829         }
830
831         if (ldif < 2 ) {
832                 printf( "#\n# filter%s: %s\n# requesting: ",
833                         infile != NULL ? " pattern" : "",
834                         filtpattern );
835
836                 if ( attrs == NULL ) {
837                         printf( "ALL" );
838                 } else {
839                         for ( i = 0; attrs[ i ] != NULL; ++i ) {
840                                 printf( "%s ", attrs[ i ] );
841                         }
842                 }
843
844                 if ( manageDSAit ) {
845                         printf("\n# with manageDSAit %scontrol",
846                                 manageDSAit > 1 ? "critical " : "" );
847                 }
848
849                 printf( "\n#\n\n" );
850         }
851
852         if ( infile == NULL ) {
853                 rc = dosearch( ld, base, scope, NULL, filtpattern,
854                         attrs, attrsonly, NULL, NULL, NULL, -1 );
855
856         } else {
857                 rc = 0;
858                 first = 1;
859                 while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) { 
860                         line[ strlen( line ) - 1 ] = '\0';
861                         if ( !first ) {
862                                 putchar( '\n' );
863                         } else {
864                                 first = 0;
865                         }
866                         rc = dosearch( ld, base, scope, filtpattern, line,
867                                 attrs, attrsonly, NULL, NULL, NULL, -1 );
868                 }
869                 if ( fp != stdin ) {
870                         fclose( fp );
871                 }
872         }
873
874         ldap_unbind( ld );
875         return( rc );
876 }
877
878
879 static int dosearch(
880         LDAP    *ld,
881         char    *base,
882         int             scope,
883         char    *filtpatt,
884         char    *value,
885         char    **attrs,
886         int             attrsonly,
887         LDAPControl **sctrls,
888         LDAPControl **cctrls,
889         struct timeval *timelimit,
890         int sizelimit )
891 {
892         char            filter[ BUFSIZ ];
893         int                     rc, first;
894         int                     nresponses;
895         int                     nentries;
896         int                     nreferences;
897         int                     nextended;
898         int                     npartial;
899         LDAPMessage             *res, *msg;
900         ber_int_t       msgid;
901
902         if( filtpatt != NULL ) {
903                 sprintf( filter, filtpatt, value );
904
905                 if ( verbose ) {
906                         fprintf( stderr, "filter is: (%s)\n", filter );
907                 }
908
909                 if( ldif < 2 ) {
910                         printf( "#\n# filter: %s\n#\n", filter );
911                 }
912
913         } else {
914                 sprintf( filter, "%s", value );
915         }
916
917         if ( not ) {
918                 return LDAP_SUCCESS;
919         }
920
921         rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
922                 sctrls, cctrls, timelimit, sizelimit, &msgid );
923
924         if( rc != LDAP_SUCCESS ) {
925                 fprintf( stderr, "%s: ldap_search_ext: %s (%d)\n",
926                         prog, ldap_err2string( rc ), rc );
927                 return( rc );
928         }
929
930         nresponses = nentries = nreferences = nextended = npartial = 0;
931
932         res = NULL;
933
934         while ((rc = ldap_result( ld, LDAP_RES_ANY,
935                 sortattr ? LDAP_MSG_ALL : LDAP_MSG_ONE,
936                 NULL, &res )) > 0 )
937         {
938                 if( sortattr ) {
939                         (void) ldap_sort_entries( ld, &res,
940                                 ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
941                 }
942
943                 for ( msg = ldap_first_message( ld, res );
944                         msg != NULL;
945                         msg = ldap_next_message( ld, msg ) )
946                 {
947                         if( nresponses++ ) putchar('\n');
948
949                         switch( ldap_msgtype( msg ) ) {
950                         case LDAP_RES_SEARCH_ENTRY:
951                                 nentries++;
952                                 print_entry( ld, msg, attrsonly );
953                                 break;
954
955                         case LDAP_RES_SEARCH_REFERENCE:
956                                 nreferences++;
957                                 print_reference( ld, msg );
958                                 break;
959
960                         case LDAP_RES_EXTENDED:
961                                 nextended++;
962                                 print_extended( ld, msg );
963
964                                 if( ldap_msgid( msg ) == 0 ) {
965                                         /* unsolicited extended operation */
966                                         goto done;
967                                 }
968                                 break;
969
970                         case LDAP_RES_EXTENDED_PARTIAL:
971                                 npartial++;
972                                 print_partial( ld, msg );
973                                 break;
974
975                         case LDAP_RES_SEARCH_RESULT:
976                                 rc = print_result( ld, msg, 1 );
977                                 goto done;
978                         }
979                 }
980
981                 ldap_msgfree( res );
982         }
983
984         if ( rc == -1 ) {
985                 ldap_perror( ld, "ldap_result" );
986                 return( rc );
987         }
988
989 done:
990         if ( ldif < 2 ) {
991                 printf( "\n# numResponses: %d\n", nresponses );
992                 if( nentries ) printf( "# numEntries: %d\n", nentries );
993                 if( nextended ) printf( "# numExtended: %d\n", nextended );
994                 if( npartial ) printf( "# numPartial: %d\n", npartial );
995                 if( nreferences ) printf( "# numReferences: %d\n", nreferences );
996         }
997
998         return( rc );
999 }
1000
1001 static void
1002 print_entry(
1003         LDAP    *ld,
1004         LDAPMessage     *entry,
1005         int             attrsonly)
1006 {
1007         char            *a, *dn, *ufn;
1008         char    tmpfname[ 256 ];
1009         char    url[ 256 ];
1010         int                     i, rc;
1011         BerElement              *ber = NULL;
1012         struct berval   **bvals;
1013         LDAPControl **ctrls = NULL;
1014         FILE            *tmpfp;
1015
1016         dn = ldap_get_dn( ld, entry );
1017         ufn = NULL;
1018
1019         if ( ldif < 2 ) {
1020                 ufn = ldap_dn2ufn( dn );
1021                 write_ldif( LDIF_PUT_COMMENT, NULL, ufn, ufn ? strlen( ufn ) : 0 );
1022         }
1023         write_ldif( LDIF_PUT_VALUE, "dn", dn, dn ? strlen( dn ) : 0);
1024
1025         rc = ldap_get_entry_controls( ld, entry, &ctrls );
1026
1027         if( rc != LDAP_SUCCESS ) {
1028                 fprintf(stderr, "print_entry: %d\n", rc );
1029                 ldap_perror( ld, "ldap_get_entry_controls" );
1030                 exit( EXIT_FAILURE );
1031         }
1032
1033         if( ctrls ) {
1034                 print_ctrls( ctrls );
1035                 ldap_controls_free( ctrls );
1036         }
1037
1038         if ( includeufn ) {
1039                 if( ufn == NULL ) {
1040                         ufn = ldap_dn2ufn( dn );
1041                 }
1042                 write_ldif( LDIF_PUT_VALUE, "ufn", ufn, ufn ? strlen( ufn ) : 0 );
1043         }
1044
1045         if( ufn != NULL ) ldap_memfree( ufn );
1046         ldap_memfree( dn );
1047
1048         for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL;
1049                 a = ldap_next_attribute( ld, entry, ber ) )
1050         {
1051                 if ( attrsonly ) {
1052                         write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 );
1053
1054                 } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) {
1055                         for ( i = 0; bvals[i] != NULL; i++ ) {
1056                                 if ( vals2tmp > 1 || ( vals2tmp
1057                                         && ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) ))
1058                                 {
1059                                         int tmpfd;
1060                                         /* write value to file */
1061                                         sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
1062                                                 tmpdir, a );
1063                                         tmpfp = NULL;
1064
1065                                         if ( mktemp( tmpfname ) == NULL ) {
1066                                                 perror( tmpfname );
1067                                                 continue;
1068                                         }
1069
1070                                         if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) {
1071                                                 perror( tmpfname );
1072                                                 continue;
1073                                         }
1074
1075                                         if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
1076                                                 perror( tmpfname );
1077                                                 continue;
1078                                         }
1079
1080                                         if ( fwrite( bvals[ i ]->bv_val,
1081                                                 bvals[ i ]->bv_len, 1, tmpfp ) == 0 )
1082                                         {
1083                                                 perror( tmpfname );
1084                                                 fclose( tmpfp );
1085                                                 continue;
1086                                         }
1087
1088                                         fclose( tmpfp );
1089
1090                                         sprintf( url, "%s%s", urlpre,
1091                                                 &tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] );
1092
1093                                         write_ldif( LDIF_PUT_URL, a, url, strlen( url ));
1094
1095                                 } else {
1096                                         write_ldif( LDIF_PUT_VALUE, a,
1097                                                 bvals[ i ]->bv_val, bvals[ i ]->bv_len );
1098                                 }
1099                         }
1100                         ber_bvecfree( bvals );
1101                 }
1102         }
1103
1104         if( ber != NULL ) {
1105                 ber_free( ber, 0 );
1106         }
1107 }
1108
1109 static void print_reference(
1110         LDAP *ld,
1111         LDAPMessage *reference )
1112 {
1113         int rc;
1114         char **refs = NULL;
1115         LDAPControl **ctrls;
1116
1117         if( ldif < 2 ) {
1118                 printf("# search reference\n");
1119         }
1120
1121         rc = ldap_parse_reference( ld, reference, &refs, &ctrls, 0 );
1122
1123         if( rc != LDAP_SUCCESS ) {
1124                 ldap_perror(ld, "ldap_parse_reference");
1125                 exit( EXIT_FAILURE );
1126         }
1127
1128         if( refs ) {
1129                 int i;
1130                 for( i=0; refs[i] != NULL; i++ ) {
1131                         write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
1132                                 "ref", refs[i], strlen(refs[i]) );
1133                 }
1134                 ber_memvfree( (void **) refs );
1135         }
1136
1137         if( ctrls ) {
1138                 print_ctrls( ctrls );
1139                 ldap_controls_free( ctrls );
1140         }
1141 }
1142
1143 static void print_extended(
1144         LDAP *ld,
1145         LDAPMessage *extended )
1146 {
1147         int rc;
1148         char *retoid = NULL;
1149         struct berval *retdata = NULL;
1150
1151         if( ldif < 2 ) {
1152                 printf("# extended result response\n");
1153         }
1154
1155         rc = ldap_parse_extended_result( ld, extended,
1156                 &retoid, &retdata, 0 );
1157
1158         if( rc != LDAP_SUCCESS ) {
1159                 ldap_perror(ld, "ldap_parse_extended_result");
1160                 exit( EXIT_FAILURE );
1161         }
1162
1163         write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
1164                 "extended", retoid, retoid ? strlen(retoid) : 0 );
1165         ber_memfree( retoid );
1166
1167         if(retdata) {
1168                 write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
1169                         "data", retdata->bv_val, retdata->bv_len );
1170                 ber_bvfree( retdata );
1171         }
1172
1173         print_result( ld, extended, 0 );
1174 }
1175
1176 static void print_partial(
1177         LDAP *ld,
1178         LDAPMessage *partial )
1179 {
1180         int rc;
1181         char *retoid = NULL;
1182         struct berval *retdata = NULL;
1183         LDAPControl **ctrls = NULL;
1184
1185         if( ldif < 2 ) {
1186                 printf("# extended partial response\n");
1187         }
1188
1189         rc = ldap_parse_extended_partial( ld, partial,
1190                 &retoid, &retdata, &ctrls, 0 );
1191
1192         if( rc != LDAP_SUCCESS ) {
1193                 ldap_perror(ld, "ldap_parse_extended_partial");
1194                 exit( EXIT_FAILURE );
1195         }
1196
1197         write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
1198                 "partial", retoid, retoid ? strlen(retoid) : 0 );
1199
1200         ber_memfree( retoid );
1201
1202         if( retdata ) {
1203                 write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
1204                         "data", 
1205                         retdata->bv_val, retdata->bv_len );
1206
1207                 ber_bvfree( retdata );
1208         }
1209
1210         if( ctrls ) {
1211                 print_ctrls( ctrls );
1212                 ldap_controls_free( ctrls );
1213         }
1214 }
1215
1216 static int print_result(
1217         LDAP *ld,
1218         LDAPMessage *result, int search )
1219 {
1220         char rst[BUFSIZ];
1221         int rc;
1222         int err;
1223         char *matcheddn = NULL;
1224         char *text = NULL;
1225         char **refs = NULL;
1226         LDAPControl **ctrls = NULL;
1227
1228         if( search ) {
1229                 if ( ldif < 2 ) {
1230                         printf("# search result\n");
1231                 }
1232                 if ( ldif < 1 ) {
1233                         printf("%s: %d\n", "search", ldap_msgid(result) );
1234                 }
1235         }
1236
1237         rc = ldap_parse_result( ld, result,
1238                 &err, &matcheddn, &text, &refs, &ctrls, 0 );
1239
1240         if( rc != LDAP_SUCCESS ) {
1241                 ldap_perror(ld, "ldap_parse_result");
1242                 exit( EXIT_FAILURE );
1243         }
1244
1245
1246         if( !ldif ) {
1247                 printf( "result: %d %s\n", err, ldap_err2string(err) );
1248
1249         } else if ( err != LDAP_SUCCESS ) {
1250                 fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );
1251         }
1252
1253         if( matcheddn && *matcheddn ) {
1254                 if( !ldif ) {
1255                         write_ldif( LDIF_PUT_VALUE,
1256                                 "matchedDN", matcheddn, strlen(matcheddn) );
1257                 } else {
1258                         fprintf( stderr, "Matched DN: %s\n", matcheddn );
1259                 }
1260
1261                 ber_memfree( matcheddn );
1262         }
1263
1264         if( text && *text ) {
1265                 if( !ldif ) {
1266                         write_ldif( LDIF_PUT_TEXT, "text",
1267                                 text, strlen(text) );
1268                 } else {
1269                         fprintf( stderr, "Additional information: %s\n", text );
1270                 }
1271
1272                 ber_memfree( text );
1273         }
1274
1275         if( refs ) {
1276                 int i;
1277                 for( i=0; refs[i] != NULL; i++ ) {
1278                         if( !ldif ) {
1279                                 write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) );
1280                         } else {
1281                                 fprintf( stderr, "Referral: %s\n", refs[i] );
1282                         }
1283                 }
1284
1285                 ber_memvfree( (void **) refs );
1286         }
1287
1288         if( ctrls ) {
1289                 print_ctrls( ctrls );
1290                 ldap_controls_free( ctrls );
1291         }
1292
1293         return err;
1294 }
1295
1296 void print_ctrls( LDAPControl **ctrls ) {
1297         int i;
1298         for(i=0; ctrls[i] != NULL; i++ ) {
1299                 /* control: OID criticality base64value */
1300                 struct berval *b64 = NULL;
1301                 ber_len_t len;
1302                 char *str;
1303                         
1304                 len = strlen( ctrls[i]->ldctl_oid );
1305
1306                 /* add enough for space after OID and the critical value itself */
1307                 len += ctrls[i]->ldctl_iscritical
1308                         ? sizeof("true") : sizeof("false");
1309
1310                 /* convert to base64 */
1311                 if( ctrls[i]->ldctl_value.bv_len ) {
1312                         b64 = ber_memalloc( sizeof(struct berval) );
1313                         
1314                         b64->bv_len = LUTIL_BASE64_ENCODE_LEN(
1315                                 ctrls[i]->ldctl_value.bv_len ) + 1;
1316                         b64->bv_val = ber_memalloc( b64->bv_len + 1 );
1317
1318                         b64->bv_len = lutil_b64_ntop(
1319                                 ctrls[i]->ldctl_value.bv_val, ctrls[i]->ldctl_value.bv_len,
1320                                 b64->bv_val, b64->bv_len );
1321                 }
1322
1323                 if( b64 ) {
1324                         len += 1 + b64->bv_len;
1325                 }
1326
1327                 str = malloc( len + 1 );
1328                 strcpy( str, ctrls[i]->ldctl_oid );
1329                 strcat( str, ctrls[i]->ldctl_iscritical
1330                         ? " true" : " false" );
1331
1332                 if( b64 ) {
1333                         strcat(str, " ");
1334                         strcat(str, b64->bv_val );
1335                 }
1336
1337                 write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
1338                         "control", str, len );
1339
1340                 free( str );
1341                 ber_bvfree( b64 );
1342         }
1343 }
1344
1345 static int
1346 write_ldif( int type, char *name, char *value, ber_len_t vallen )
1347 {
1348         char    *ldif;
1349
1350         if (( ldif = ldif_put( type, name, value, vallen )) == NULL ) {
1351                 return( -1 );
1352         }
1353
1354         fputs( ldif, stdout );
1355         ber_memfree( ldif );
1356
1357         return( 0 );
1358 }