2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2010 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
46 mt = ch_calloc( sizeof( metatarget_t ), 1 );
48 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
49 if ( mt->mt_rwmap.rwm_rw == NULL ) {
55 * the filter rewrite as a string must be disabled
56 * by default; it can be re-enabled by adding rules;
57 * this creates an empty rewriteContext
59 rargv[ 0 ] = "rewriteContext";
60 rargv[ 1 ] = "searchFilter";
62 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
64 rargv[ 0 ] = "rewriteContext";
65 rargv[ 1 ] = "default";
67 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
69 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
71 mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
72 mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
73 mt->mt_idassert_tls = SB_TLS_DEFAULT;
75 /* by default, use proxyAuthz control on each operation */
76 mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
84 check_true_false( char *str )
86 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
90 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
107 metainfo_t *mi = ( metainfo_t * )be->be_private;
109 assert( mi != NULL );
111 /* URI of server to query */
112 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
113 int i = mi->mi_ntargets;
124 Debug( LDAP_DEBUG_ANY,
125 "%s: line %d: missing URI "
126 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
131 if ( be->be_nsuffix == NULL ) {
132 Debug( LDAP_DEBUG_ANY,
133 "%s: line %d: the suffix must be defined before any target.\n",
140 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
141 sizeof( metatarget_t * ) * mi->mi_ntargets );
142 if ( mi->mi_targets == NULL ) {
143 Debug( LDAP_DEBUG_ANY,
144 "%s: line %d: out of memory while storing server name"
145 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
150 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
151 Debug( LDAP_DEBUG_ANY,
152 "%s: line %d: unable to init server"
153 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
158 mt = mi->mi_targets[ i ];
160 mt->mt_rebind_f = mi->mi_rebind_f;
161 mt->mt_urllist_f = mi->mi_urllist_f;
162 mt->mt_urllist_p = mt;
164 mt->mt_nretries = mi->mi_nretries;
165 mt->mt_quarantine = mi->mi_quarantine;
166 if ( META_BACK_QUARANTINE( mi ) ) {
167 ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
169 mt->mt_flags = mi->mi_flags;
170 mt->mt_version = mi->mi_version;
171 #ifdef SLAPD_META_CLIENT_PR
172 mt->mt_ps = mi->mi_ps;
173 #endif /* SLAPD_META_CLIENT_PR */
174 mt->mt_network_timeout = mi->mi_network_timeout;
175 mt->mt_bind_timeout = mi->mi_bind_timeout;
176 for ( c = 0; c < SLAP_OP_LAST; c++ ) {
177 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
180 for ( c = 1; c < argc; c++ ) {
181 char **tmpuris = ldap_str2charray( argv[ c ], "\t" );
183 if ( tmpuris == NULL ) {
184 Debug( LDAP_DEBUG_ANY,
185 "%s: line %d: unable to parse URIs #%d"
186 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
187 fname, lineno, c - 1 );
195 ldap_charray_merge( &uris, tmpuris );
196 ldap_charray_free( tmpuris );
200 for ( c = 0; uris[ c ] != NULL; c++ ) {
206 if ( ldap_url_parselist_ext( &ludp, uris[ c ], "\t",
207 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS
208 || ludp->lud_next != NULL )
210 Debug( LDAP_DEBUG_ANY,
211 "%s: line %d: unable to parse URI #%d"
212 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
214 ldap_charray_free( uris );
221 * uri MUST have the <dn> part!
223 if ( ludp->lud_dn == NULL ) {
224 Debug( LDAP_DEBUG_ANY,
225 "%s: line %d: missing <naming context> "
226 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
228 ldap_free_urllist( ludp );
229 ldap_charray_free( uris );
234 * copies and stores uri and suffix
236 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
237 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
238 &mt->mt_nsuffix, NULL );
239 if ( rc != LDAP_SUCCESS ) {
240 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
241 "target \"%s\" DN is invalid\n",
242 fname, lineno, argv[ 1 ] );
243 ldap_free_urllist( ludp );
244 ldap_charray_free( uris );
248 ludp->lud_dn[ 0 ] = '\0';
250 switch ( ludp->lud_scope ) {
251 case LDAP_SCOPE_DEFAULT:
252 mt->mt_scope = LDAP_SCOPE_SUBTREE;
255 case LDAP_SCOPE_SUBTREE:
256 case LDAP_SCOPE_SUBORDINATE:
257 mt->mt_scope = ludp->lud_scope;
261 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
262 "invalid scope for target \"%s\"\n",
263 fname, lineno, argv[ 1 ] );
264 ldap_free_urllist( ludp );
265 ldap_charray_free( uris );
270 /* check all, to apply the scope check on the first one */
271 if ( ludp->lud_dn != NULL && ludp->lud_dn[ 0 ] != '\0' ) {
272 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
273 "multiple URIs must have "
276 ldap_free_urllist( ludp );
277 ldap_charray_free( uris );
283 tmpuri = ldap_url_list2urls( ludp );
284 ldap_free_urllist( ludp );
285 if ( tmpuri == NULL ) {
286 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
288 ldap_charray_free( uris );
291 ldap_memfree( uris[ c ] );
295 mt->mt_uri = ldap_charray2str( uris, " " );
296 ldap_charray_free( uris );
297 if ( mt->mt_uri == NULL) {
298 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
304 * uri MUST be a branch of suffix!
306 for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
307 if ( dnIsSuffix( &mt->mt_nsuffix, &be->be_nsuffix[ c ] ) ) {
312 if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
313 Debug( LDAP_DEBUG_ANY,
314 "%s: line %d: <naming context> of URI must be within the naming context of this database.\n",
319 /* subtree-exclude */
320 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
321 int i = mi->mi_ntargets - 1;
322 struct berval dn, ndn;
325 Debug( LDAP_DEBUG_ANY,
326 "%s: line %d: need \"uri\" directive first\n",
333 Debug( LDAP_DEBUG_ANY,
334 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
342 Debug( LDAP_DEBUG_ANY,
343 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
348 ber_str2bv( argv[ 1 ], 0, 0, &dn );
349 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
352 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
353 "subtree-exclude DN=\"%s\" is invalid\n",
354 fname, lineno, argv[ 1 ] );
358 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
359 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
360 "subtree-exclude DN=\"%s\" "
361 "must be subtree of target\n",
362 fname, lineno, argv[ 1 ] );
363 ber_memfree( ndn.bv_val );
367 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
370 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
372 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
373 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
374 "subtree-exclude DN=\"%s\" "
375 "is suffix of another subtree-exclude\n",
376 fname, lineno, argv[ 1 ] );
377 /* reject, because it might be superior
378 * to more than one subtree-exclude */
379 ber_memfree( ndn.bv_val );
382 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
383 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
384 "another subtree-exclude is suffix of "
385 "subtree-exclude DN=\"%s\"\n",
386 fname, lineno, argv[ 1 ] );
387 ber_memfree( ndn.bv_val );
393 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
395 /* default target directive */
396 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
397 int i = mi->mi_ntargets - 1;
401 Debug( LDAP_DEBUG_ANY,
402 "%s: line %d: \"default-target\" alone need be"
403 " inside a \"uri\" directive\n",
407 mi->mi_defaulttarget = i;
410 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
412 Debug( LDAP_DEBUG_ANY,
413 "%s: line %d: \"default-target none\""
414 " should go before uri definitions\n",
417 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
421 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
422 || mi->mi_defaulttarget < 0
423 || mi->mi_defaulttarget >= i - 1 )
425 Debug( LDAP_DEBUG_ANY,
426 "%s: line %d: illegal target number %d\n",
427 fname, lineno, mi->mi_defaulttarget );
433 /* ttl of dn cache */
434 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
436 Debug( LDAP_DEBUG_ANY,
437 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
442 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
443 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
445 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
446 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
451 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
452 Debug( LDAP_DEBUG_ANY,
453 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
454 fname, lineno, argv[ 1 ] );
457 mi->mi_cache.ttl = (time_t)t;
460 /* network timeout when connecting to ldap servers */
461 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
463 time_t *tp = mi->mi_ntargets ?
464 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
465 : &mi->mi_network_timeout;
468 Debug( LDAP_DEBUG_ANY,
469 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
474 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
475 Debug( LDAP_DEBUG_ANY,
476 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
477 fname, lineno, argv[ 1 ] );
484 /* idle timeout when connecting to ldap servers */
485 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
490 Debug( LDAP_DEBUG_ANY,
491 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
497 Debug( LDAP_DEBUG_ANY,
498 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
503 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
504 Debug( LDAP_DEBUG_ANY,
505 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
506 fname, lineno, argv[ 1 ] );
511 mi->mi_idle_timeout = (time_t)t;
514 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
519 Debug( LDAP_DEBUG_ANY,
520 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
526 Debug( LDAP_DEBUG_ANY,
527 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
532 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
533 Debug( LDAP_DEBUG_ANY,
534 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
535 fname, lineno, argv[ 1 ] );
540 mi->mi_conn_ttl = (time_t)t;
542 /* bind timeout when connecting to ldap servers */
543 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
545 struct timeval *tp = mi->mi_ntargets ?
546 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
547 : &mi->mi_bind_timeout;
551 Debug( LDAP_DEBUG_ANY,
552 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
558 Debug( LDAP_DEBUG_ANY,
559 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
564 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
565 Debug( LDAP_DEBUG_ANY,
566 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
567 fname, lineno, argv[ 1 ] );
572 tp->tv_sec = t/1000000;
573 tp->tv_usec = t%1000000;
575 /* name to use for meta_back_group */
576 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
577 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
579 int i = mi->mi_ntargets - 1;
583 Debug( LDAP_DEBUG_ANY,
584 "%s: line %d: need \"uri\" directive first\n",
590 Debug( LDAP_DEBUG_ANY,
591 "%s: line %d: missing name in \"binddn <name>\" line\n",
596 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
597 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
598 "\"binddn\" statement is deprecated; "
599 "use \"acl-authcDN\" instead\n",
601 /* FIXME: some day we'll need to throw an error */
604 ber_str2bv( argv[ 1 ], 0, 0, &dn );
605 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
606 NULL ) != LDAP_SUCCESS )
608 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
609 "bind DN '%s' is invalid\n",
610 fname, lineno, argv[ 1 ] );
614 /* password to use for meta_back_group */
615 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
616 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
618 int i = mi->mi_ntargets - 1;
621 Debug( LDAP_DEBUG_ANY,
622 "%s: line %d: need \"uri\" directive first\n",
628 Debug( LDAP_DEBUG_ANY,
629 "%s: line %d: missing password in \"bindpw <password>\" line\n",
634 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
635 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
636 "\"bindpw\" statement is deprecated; "
637 "use \"acl-passwd\" instead\n",
639 /* FIXME: some day we'll need to throw an error */
642 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
644 /* save bind creds for referral rebinds? */
645 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
646 unsigned *flagsp = mi->mi_ntargets ?
647 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
651 Debug( LDAP_DEBUG_ANY,
652 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
658 Debug( LDAP_DEBUG_ANY,
659 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
661 *flagsp |= LDAP_BACK_F_SAVECRED;
664 switch ( check_true_false( argv[ 1 ] ) ) {
666 *flagsp &= ~LDAP_BACK_F_SAVECRED;
670 *flagsp |= LDAP_BACK_F_SAVECRED;
674 Debug( LDAP_DEBUG_ANY,
675 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
676 fname, lineno, argv[ 1 ] );
681 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
682 unsigned *flagsp = mi->mi_ntargets ?
683 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
687 Debug( LDAP_DEBUG_ANY,
688 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
693 /* this is the default; we add it because the default might change... */
694 switch ( check_true_false( argv[ 1 ] ) ) {
696 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
700 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
704 Debug( LDAP_DEBUG_ANY,
705 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
706 fname, lineno, argv[ 1 ] );
710 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
711 unsigned *flagsp = mi->mi_ntargets ?
712 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
716 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
717 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
720 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
721 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
722 *flagsp |= LDAP_BACK_F_USE_TLS;
724 /* propagate start tls */
725 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
726 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
729 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
730 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
731 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
734 Debug( LDAP_DEBUG_ANY,
735 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
736 fname, lineno, argv[ 1 ] );
741 metatarget_t *mt = NULL;
744 if ( mi->mi_ntargets - 1 < 0 ) {
745 Debug( LDAP_DEBUG_ANY,
746 "%s: line %d: need \"uri\" directive first\n",
751 mt = mi->mi_targets[ mi->mi_ntargets - 1 ];
753 for ( i = 2; i < argc; i++ ) {
754 if ( bindconf_tls_parse( argv[i], &mt->mt_tls ))
757 bindconf_tls_defaults( &mt->mt_tls );
760 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
761 unsigned *flagsp = mi->mi_ntargets ?
762 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
766 Debug( LDAP_DEBUG_ANY,
767 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
772 switch ( check_true_false( argv[ 1 ] ) ) {
774 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
778 *flagsp |= LDAP_BACK_F_T_F;
782 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
783 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
786 Debug( LDAP_DEBUG_ANY,
787 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
788 fname, lineno, argv[ 1 ] );
795 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
797 Debug( LDAP_DEBUG_ANY,
798 "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
803 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
804 mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
806 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
807 mi->mi_flags |= META_BACK_F_ONERR_STOP;
809 } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
810 mi->mi_flags |= META_BACK_F_ONERR_REPORT;
813 Debug( LDAP_DEBUG_ANY,
814 "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
815 fname, lineno, argv[ 1 ] );
820 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
821 || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
824 Debug( LDAP_DEBUG_ANY,
825 "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\" takes 1 argument\n",
830 switch ( check_true_false( argv[ 1 ] ) ) {
832 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
836 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
840 Debug( LDAP_DEBUG_ANY,
841 "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\": invalid arg \"%s\".\n",
842 fname, lineno, argv[ 1 ] );
847 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
849 Debug( LDAP_DEBUG_ANY,
850 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
855 if ( mi->mi_ntargets > 0 ) {
856 Debug( LDAP_DEBUG_ANY,
857 "%s: line %d: \"single-conn\" must appear before target definitions\n",
862 switch ( check_true_false( argv[ 1 ] ) ) {
864 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
868 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
872 Debug( LDAP_DEBUG_ANY,
873 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
874 fname, lineno, argv[ 1 ] );
878 /* use-temporaries? */
879 } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
881 Debug( LDAP_DEBUG_ANY,
882 "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
887 if ( mi->mi_ntargets > 0 ) {
888 Debug( LDAP_DEBUG_ANY,
889 "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
894 switch ( check_true_false( argv[ 1 ] ) ) {
896 mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
900 mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
904 Debug( LDAP_DEBUG_ANY,
905 "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
906 fname, lineno, argv[ 1 ] );
910 /* privileged connections pool max size ? */
911 } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
913 Debug( LDAP_DEBUG_ANY,
914 "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
919 if ( mi->mi_ntargets > 0 ) {
920 Debug( LDAP_DEBUG_ANY,
921 "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
926 if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
927 || mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
928 || mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
930 Debug( LDAP_DEBUG_ANY,
931 "%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
932 fname, lineno, argv[ 1 ] );
936 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
938 unsigned *flagsp = mi->mi_ntargets ?
939 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
943 Debug( LDAP_DEBUG_ANY,
944 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
949 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
950 flag = LDAP_BACK_F_CANCEL_ABANDON;
952 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
953 flag = LDAP_BACK_F_CANCEL_IGNORE;
955 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
956 flag = LDAP_BACK_F_CANCEL_EXOP;
958 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
959 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
962 Debug( LDAP_DEBUG_ANY,
963 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
964 fname, lineno, argv[ 1 ] );
968 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
971 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
973 time_t *tv = mi->mi_ntargets ?
974 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
979 Debug( LDAP_DEBUG_ANY,
980 "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
985 for ( c = 1; c < argc; c++ ) {
989 sep = strchr( argv[ c ], '=' );
991 size_t len = sep - argv[ c ];
993 if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
994 t = &tv[ SLAP_OP_BIND ];
995 /* unbind makes little sense */
996 } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
997 t = &tv[ SLAP_OP_ADD ];
998 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
999 t = &tv[ SLAP_OP_DELETE ];
1000 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
1001 t = &tv[ SLAP_OP_MODRDN ];
1002 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
1003 t = &tv[ SLAP_OP_MODIFY ];
1004 } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
1005 t = &tv[ SLAP_OP_COMPARE ];
1006 } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
1007 t = &tv[ SLAP_OP_SEARCH ];
1008 /* abandon makes little sense */
1009 #if 0 /* not implemented yet */
1010 } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
1011 t = &tv[ SLAP_OP_EXTENDED ];
1014 char buf[ SLAP_TEXT_BUFLEN ];
1015 snprintf( buf, sizeof( buf ),
1016 "unknown/unhandled operation \"%s\" for timeout #%d",
1018 Debug( LDAP_DEBUG_ANY,
1019 "%s: line %d: %s.\n",
1020 fname, lineno, buf );
1029 if ( lutil_parse_time( sep, &val ) != 0 ) {
1030 Debug( LDAP_DEBUG_ANY,
1031 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
1032 fname, lineno, sep );
1042 for ( i = 0; i < SLAP_OP_LAST; i++ ) {
1043 tv[ i ] = (time_t)val;
1048 /* name to use as pseudo-root dn */
1049 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
1050 int i = mi->mi_ntargets - 1;
1053 Debug( LDAP_DEBUG_ANY,
1054 "%s: line %d: need \"uri\" directive first\n",
1060 Debug( LDAP_DEBUG_ANY,
1061 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
1067 * exact replacement:
1070 idassert-bind bindmethod=simple
1071 binddn=<pseudorootdn>
1072 credentials=<pseudorootpw>
1074 flags=non-prescriptive
1075 idassert-authzFrom "dn:<rootdn>"
1077 * so that only when authc'd as <rootdn> the proxying occurs
1078 * rebinding as the <pseudorootdn> without proxyAuthz.
1081 Debug( LDAP_DEBUG_ANY,
1082 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1083 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1087 char binddn[ SLAP_TEXT_BUFLEN ];
1090 "bindmethod=simple",
1093 "flags=non-prescriptive",
1099 if ( BER_BVISNULL( &be->be_rootndn ) ) {
1100 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
1105 if ( sizeof( binddn ) <= (unsigned) snprintf( binddn,
1106 sizeof( binddn ), "binddn=%s", argv[ 1 ] ))
1108 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
1112 cargv[ 2 ] = binddn;
1114 rc = mi->mi_ldap_extra->idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1118 if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
1119 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
1121 ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
1122 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
1125 assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
1127 bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
1128 bv.bv_val = ber_memalloc( bv.bv_len + 1 );
1129 AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
1130 AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
1132 ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
1138 /* password to use as pseudo-root */
1139 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
1140 int i = mi->mi_ntargets - 1;
1143 Debug( LDAP_DEBUG_ANY,
1144 "%s: line %d: need \"uri\" directive first\n",
1150 Debug( LDAP_DEBUG_ANY,
1151 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
1156 Debug( LDAP_DEBUG_ANY,
1157 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1158 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1161 if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
1162 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
1167 if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
1168 memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
1169 mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
1170 ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
1172 ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
1175 } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
1176 if ( mi->mi_ntargets == 0 ) {
1177 Debug( LDAP_DEBUG_ANY,
1178 "%s: line %d: \"idassert-bind\" "
1179 "must appear inside a target specification.\n",
1184 return mi->mi_ldap_extra->idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1186 /* idassert-authzFrom */
1187 } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
1188 if ( mi->mi_ntargets == 0 ) {
1189 Debug( LDAP_DEBUG_ANY,
1190 "%s: line %d: \"idassert-bind\" "
1191 "must appear inside a target specification.\n",
1201 Debug( LDAP_DEBUG_ANY,
1202 "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
1207 Debug( LDAP_DEBUG_ANY,
1208 "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
1213 return mi->mi_ldap_extra->idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1216 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
1217 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1218 slap_retry_info_t *ri = mi->mi_ntargets ?
1219 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
1220 : &mi->mi_quarantine;
1222 if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
1223 || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
1225 Debug( LDAP_DEBUG_ANY,
1226 "%s: line %d: quarantine already defined.\n",
1236 Debug( LDAP_DEBUG_ANY,
1237 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1242 Debug( LDAP_DEBUG_ANY,
1243 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1248 if ( ri != &mi->mi_quarantine ) {
1249 ri->ri_interval = NULL;
1253 if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
1254 ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
1257 if ( mi->mi_ldap_extra->retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1258 Debug( LDAP_DEBUG_ANY,
1259 "%s line %d: %s.\n",
1260 fname, lineno, buf );
1264 if ( mi->mi_ntargets == 0 ) {
1265 mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
1268 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
1271 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
1272 /* session tracking request */
1273 } else if ( strcasecmp( argv[ 0 ], "session-tracking-request" ) == 0 ) {
1274 unsigned *flagsp = mi->mi_ntargets ?
1275 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
1279 Debug( LDAP_DEBUG_ANY,
1280 "%s: line %d: \"session-tracking-request {TRUE|false}\" needs 1 argument.\n",
1285 /* this is the default; we add it because the default might change... */
1286 switch ( check_true_false( argv[ 1 ] ) ) {
1288 *flagsp |= LDAP_BACK_F_ST_REQUEST;
1292 *flagsp &= ~LDAP_BACK_F_ST_REQUEST;
1296 Debug( LDAP_DEBUG_ANY,
1297 "%s: line %d: \"session-tracking-request {TRUE|false}\": unknown argument \"%s\".\n",
1298 fname, lineno, argv[ 1 ] );
1301 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
1304 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1306 int i = mi->mi_ntargets - 1, c, rc;
1307 struct berval dn, nvnc, pvnc, nrnc, prnc;
1310 Debug( LDAP_DEBUG_ANY,
1311 "%s: line %d: need \"uri\" directive first\n",
1319 * suffixmassage <suffix> <massaged suffix>
1321 * the <suffix> field must be defined as a valid suffix
1322 * (or suffixAlias?) for the current database;
1323 * the <massaged suffix> shouldn't have already been
1324 * defined as a valid suffix or suffixAlias for the
1328 Debug( LDAP_DEBUG_ANY,
1329 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1334 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1335 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1336 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1337 "suffix \"%s\" is invalid\n",
1338 fname, lineno, argv[ 1 ] );
1342 for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
1343 if ( dnIsSuffix( &nvnc, &be->be_nsuffix[ 0 ] ) ) {
1348 if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
1349 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1350 "<suffix> \"%s\" must be within the database naming context, in "
1351 "\"suffixMassage <suffix> <massaged suffix>\"\n",
1352 fname, lineno, pvnc.bv_val );
1353 free( pvnc.bv_val );
1354 free( nvnc.bv_val );
1358 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1359 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1360 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1361 "massaged suffix \"%s\" is invalid\n",
1362 fname, lineno, argv[ 2 ] );
1363 free( pvnc.bv_val );
1364 free( nvnc.bv_val );
1368 tmp_bd = select_backend( &nrnc, 0 );
1369 if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) {
1370 Debug( LDAP_DEBUG_ANY,
1371 "%s: line %d: warning: <massaged suffix> \"%s\" resolves to this database, in "
1372 "\"suffixMassage <suffix> <massaged suffix>\"\n",
1373 fname, lineno, prnc.bv_val );
1377 * The suffix massaging is emulated by means of the
1378 * rewrite capabilities
1380 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1381 &pvnc, &nvnc, &prnc, &nrnc );
1383 free( pvnc.bv_val );
1384 free( nvnc.bv_val );
1385 free( prnc.bv_val );
1386 free( nrnc.bv_val );
1390 /* rewrite stuff ... */
1391 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1392 int i = mi->mi_ntargets - 1;
1395 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1396 "statement outside target definition.\n",
1401 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1402 fname, lineno, argc, argv );
1404 /* objectclass/attribute mapping */
1405 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1406 int i = mi->mi_ntargets - 1;
1409 Debug( LDAP_DEBUG_ANY,
1410 "%s: line %d: need \"uri\" directive first\n",
1415 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1416 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1417 fname, lineno, argc, argv );
1419 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1420 int i = mi->mi_ntargets - 1;
1421 int nretries = META_RETRY_UNDEFINED;
1424 Debug( LDAP_DEBUG_ANY,
1425 "%s: line %d: need value in \"nretries <value>\"\n",
1430 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1431 nretries = META_RETRY_FOREVER;
1433 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1434 nretries = META_RETRY_NEVER;
1437 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1438 Debug( LDAP_DEBUG_ANY,
1439 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1440 fname, lineno, argv[ 1 ] );
1446 mi->mi_nretries = nretries;
1449 mi->mi_targets[ i ]->mt_nretries = nretries;
1452 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1453 int *version = mi->mi_ntargets ?
1454 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1458 Debug( LDAP_DEBUG_ANY,
1459 "%s: line %d: need value in \"protocol-version <version>\"\n",
1464 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1465 Debug( LDAP_DEBUG_ANY,
1466 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1467 fname, lineno, argv[ 1 ] );
1471 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1472 Debug( LDAP_DEBUG_ANY,
1473 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1474 fname, lineno, argv[ 1 ] );
1478 /* do not return search references */
1479 } else if ( strcasecmp( argv[ 0 ], "norefs" ) == 0 ) {
1480 unsigned *flagsp = mi->mi_ntargets ?
1481 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
1485 Debug( LDAP_DEBUG_ANY,
1486 "%s: line %d: \"norefs {TRUE|false}\" needs 1 argument.\n",
1491 /* this is the default; we add it because the default might change... */
1492 switch ( check_true_false( argv[ 1 ] ) ) {
1494 *flagsp |= LDAP_BACK_F_NOREFS;
1498 *flagsp &= ~LDAP_BACK_F_NOREFS;
1502 Debug( LDAP_DEBUG_ANY,
1503 "%s: line %d: \"norefs {TRUE|false}\": unknown argument \"%s\".\n",
1504 fname, lineno, argv[ 1 ] );
1508 /* do not propagate undefined search filters */
1509 } else if ( strcasecmp( argv[ 0 ], "noundeffilter" ) == 0 ) {
1510 unsigned *flagsp = mi->mi_ntargets ?
1511 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
1515 Debug( LDAP_DEBUG_ANY,
1516 "%s: line %d: \"noundeffilter {TRUE|false}\" needs 1 argument.\n",
1521 /* this is the default; we add it because the default might change... */
1522 switch ( check_true_false( argv[ 1 ] ) ) {
1524 *flagsp |= LDAP_BACK_F_NOUNDEFFILTER;
1528 *flagsp &= ~LDAP_BACK_F_NOUNDEFFILTER;
1532 Debug( LDAP_DEBUG_ANY,
1533 "%s: line %d: \"noundeffilter {TRUE|false}\": unknown argument \"%s\".\n",
1534 fname, lineno, argv[ 1 ] );
1538 #ifdef SLAPD_META_CLIENT_PR
1539 } else if ( strcasecmp( argv[ 0 ], "client-pr" ) == 0 ) {
1540 int *ps = mi->mi_ntargets ?
1541 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_ps
1545 Debug( LDAP_DEBUG_ANY,
1546 "%s: line %d: \"client-pr {accept-unsolicited|disable|<size>}\" needs 1 argument.\n",
1551 if ( strcasecmp( argv[ 1 ], "accept-unsolicited" ) == 0 ) {
1552 *ps = META_CLIENT_PR_ACCEPT_UNSOLICITED;
1554 } else if ( strcasecmp( argv[ 1 ], "disable" ) == 0 ) {
1555 *ps = META_CLIENT_PR_DISABLE;
1557 } else if ( lutil_atoi( ps, argv[ 1 ] ) || *ps < -1 ) {
1558 Debug( LDAP_DEBUG_ANY,
1559 "%s: line %d: \"client-pr {accept-unsolicited|disable|<size>}\" invalid arg \"%s\".\n",
1560 fname, lineno, argv[ 1 ] );
1563 #endif /* SLAPD_META_CLIENT_PR */
1567 return SLAP_CONF_UNKNOWN;
1573 ldap_back_map_config(
1574 struct ldapmap *oc_map,
1575 struct ldapmap *at_map,
1581 struct ldapmap *map;
1582 struct ldapmapping *mapping;
1586 if ( argc < 3 || argc > 4 ) {
1587 Debug( LDAP_DEBUG_ANY,
1588 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1593 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1597 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1601 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1602 "\"map {objectclass | attribute} [<local> | *] "
1603 "{<foreign> | *}\"\n",
1608 if ( !is_oc && map->map == NULL ) {
1609 /* only init if required */
1610 ldap_back_map_init( map, &mapping );
1613 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1614 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1615 map->drop_missing = ( argc < 4 );
1616 goto success_return;
1618 src = dst = argv[ 3 ];
1620 } else if ( argc < 4 ) {
1626 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1629 if ( ( map == at_map )
1630 && ( strcasecmp( src, "objectclass" ) == 0
1631 || strcasecmp( dst, "objectclass" ) == 0 ) )
1633 Debug( LDAP_DEBUG_ANY,
1634 "%s: line %d: objectclass attribute cannot be mapped\n",
1638 mapping = (struct ldapmapping *)ch_calloc( 2,
1639 sizeof(struct ldapmapping) );
1640 if ( mapping == NULL ) {
1641 Debug( LDAP_DEBUG_ANY,
1642 "%s: line %d: out of memory\n",
1646 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1647 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1648 mapping[ 1 ].src = mapping[ 0 ].dst;
1649 mapping[ 1 ].dst = mapping[ 0 ].src;
1655 if ( src[ 0 ] != '\0' ) {
1656 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1657 Debug( LDAP_DEBUG_ANY,
1658 "%s: line %d: warning, source objectClass '%s' "
1659 "should be defined in schema\n",
1660 fname, lineno, src );
1663 * FIXME: this should become an err
1669 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1670 Debug( LDAP_DEBUG_ANY,
1671 "%s: line %d: warning, destination objectClass '%s' "
1672 "is not defined in schema\n",
1673 fname, lineno, dst );
1677 const char *text = NULL;
1678 AttributeDescription *ad = NULL;
1680 if ( src[ 0 ] != '\0' ) {
1681 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1682 if ( rc != LDAP_SUCCESS ) {
1683 Debug( LDAP_DEBUG_ANY,
1684 "%s: line %d: warning, source attributeType '%s' "
1685 "should be defined in schema\n",
1686 fname, lineno, src );
1689 * FIXME: this should become an err
1692 * we create a fake "proxied" ad
1696 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1697 &ad, &text, SLAP_AD_PROXIED );
1698 if ( rc != LDAP_SUCCESS ) {
1699 char buf[ SLAP_TEXT_BUFLEN ];
1701 snprintf( buf, sizeof( buf ),
1702 "source attributeType \"%s\": %d (%s)",
1703 src, rc, text ? text : "" );
1704 Debug( LDAP_DEBUG_ANY,
1705 "%s: line %d: %s\n",
1706 fname, lineno, buf );
1714 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1715 if ( rc != LDAP_SUCCESS ) {
1716 Debug( LDAP_DEBUG_ANY,
1717 "%s: line %d: warning, destination attributeType '%s' "
1718 "is not defined in schema\n",
1719 fname, lineno, dst );
1722 * we create a fake "proxied" ad
1726 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1727 &ad, &text, SLAP_AD_PROXIED );
1728 if ( rc != LDAP_SUCCESS ) {
1729 char buf[ SLAP_TEXT_BUFLEN ];
1731 snprintf( buf, sizeof( buf ),
1732 "source attributeType \"%s\": %d (%s)\n",
1733 dst, rc, text ? text : "" );
1734 Debug( LDAP_DEBUG_ANY,
1735 "%s: line %d: %s\n",
1736 fname, lineno, buf );
1742 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1743 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1745 Debug( LDAP_DEBUG_ANY,
1746 "%s: line %d: duplicate mapping found.\n",
1751 if ( src[ 0 ] != '\0' ) {
1752 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1753 mapping_cmp, mapping_dup );
1755 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1756 mapping_cmp, mapping_dup );
1763 ch_free( mapping[ 0 ].src.bv_val );
1764 ch_free( mapping[ 0 ].dst.bv_val );
1772 #ifdef ENABLE_REWRITE
1774 suffix_massage_regexize( const char *s )
1780 if ( s[ 0 ] == '\0' ) {
1781 return ch_strdup( "^(.+)$" );
1785 ( r = strchr( p, ',' ) ) != NULL;
1789 res = ch_calloc( sizeof( char ),
1791 + STRLENOF( "((.+),)?" )
1792 + STRLENOF( "[ ]?" ) * i
1793 + STRLENOF( "$" ) + 1 );
1795 ptr = lutil_strcopy( res, "((.+),)?" );
1797 ( r = strchr( p, ',' ) ) != NULL;
1799 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1800 ptr = lutil_strcopy( ptr, "[ ]?" );
1802 if ( r[ 1 ] == ' ' ) {
1806 ptr = lutil_strcopy( ptr, p );
1815 suffix_massage_patternize( const char *s, const char *p )
1822 if ( s[ 0 ] == '\0' ) {
1826 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1827 if ( res == NULL ) {
1831 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1832 if ( s[ 0 ] == '\0' ) {
1836 lutil_strcopy( ptr, p );
1842 suffix_massage_config(
1843 struct rewrite_info *info,
1844 struct berval *pvnc,
1845 struct berval *nvnc,
1846 struct berval *prnc,
1853 rargv[ 0 ] = "rewriteEngine";
1856 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1858 rargv[ 0 ] = "rewriteContext";
1859 rargv[ 1 ] = "default";
1861 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1863 rargv[ 0 ] = "rewriteRule";
1864 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1865 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1868 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1869 ch_free( rargv[ 1 ] );
1870 ch_free( rargv[ 2 ] );
1872 if ( BER_BVISEMPTY( pvnc ) ) {
1873 rargv[ 0 ] = "rewriteRule";
1875 rargv[ 2 ] = prnc->bv_val;
1878 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1881 rargv[ 0 ] = "rewriteContext";
1882 rargv[ 1 ] = "searchEntryDN";
1884 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1886 rargv[ 0 ] = "rewriteRule";
1887 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1888 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1891 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1892 ch_free( rargv[ 1 ] );
1893 ch_free( rargv[ 2 ] );
1895 if ( BER_BVISEMPTY( prnc ) ) {
1896 rargv[ 0 ] = "rewriteRule";
1898 rargv[ 2 ] = pvnc->bv_val;
1901 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1904 /* backward compatibility */
1905 rargv[ 0 ] = "rewriteContext";
1906 rargv[ 1 ] = "searchResult";
1907 rargv[ 2 ] = "alias";
1908 rargv[ 3 ] = "searchEntryDN";
1910 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1912 rargv[ 0 ] = "rewriteContext";
1913 rargv[ 1 ] = "matchedDN";
1914 rargv[ 2 ] = "alias";
1915 rargv[ 3 ] = "searchEntryDN";
1917 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1919 rargv[ 0 ] = "rewriteContext";
1920 rargv[ 1 ] = "searchAttrDN";
1921 rargv[ 2 ] = "alias";
1922 rargv[ 3 ] = "searchEntryDN";
1924 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1926 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1927 * see servers/slapd/overlays/rwm.h for details */
1928 rargv[ 0 ] = "rewriteContext";
1929 rargv[ 1 ] = "referralAttrDN";
1931 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1933 rargv[ 0 ] = "rewriteContext";
1934 rargv[ 1 ] = "referralDN";
1936 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1940 #endif /* ENABLE_REWRITE */