1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/socket.h>
24 * defaults for various global variables
26 struct slap_limits_set deflimit = {
27 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
30 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
32 -1 /* no limit on unchecked size */
35 AccessControl *global_acl = NULL;
36 slap_access_t global_default_access = ACL_READ;
37 slap_mask_t global_restrictops = 0;
38 slap_mask_t global_allows = 0;
39 slap_mask_t global_disallows = 0;
40 slap_mask_t global_requires = 0;
41 slap_ssf_set_t global_ssf_set;
43 int global_idletimeout = 0;
44 char *global_host = NULL;
45 char *global_realm = NULL;
46 char *ldap_srvtab = "";
47 char *default_passwd_hash;
48 struct berval default_search_base = { 0, NULL };
49 struct berval default_search_nbase = { 0, NULL };
50 unsigned num_subordinates = 0;
52 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
53 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
55 char *slapd_pid_file = NULL;
56 char *slapd_args_file = NULL;
59 SaslRegexp_t *SaslRegexp = NULL;
60 int sasl_external_x509dn_convert;
62 static char *fp_getline(FILE *fp, int *lineno);
63 static void fp_getline_init(int *lineno);
64 static int fp_parse_line(char *line, int *argcp, char **argv);
66 static char *strtok_quote(char *line, char *sep);
67 static int load_ucdata(char *path);
70 read_config( const char *fname )
73 char *line, *savefname, *saveline;
74 int cargc, savelineno;
75 char *cargv[MAXARGS+1];
78 struct berval vals[2];
80 static int lastmod = ON;
81 static BackendInfo *bi = NULL;
82 static BackendDB *be = NULL;
84 vals[1].bv_val = NULL;
86 if ( (fp = fopen( fname, "r" )) == NULL ) {
89 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
90 "could not open config file \"%s\": %s (%d)\n",
91 fname, strerror(errno), errno ));
93 Debug( LDAP_DEBUG_ANY,
94 "could not open config file \"%s\": %s (%d)\n",
95 fname, strerror(errno), errno );
101 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
102 "read_config: reading config file %s\n", fname ));
104 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
108 fp_getline_init( &lineno );
110 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
111 /* skip comments and blank lines */
112 if ( line[0] == '#' || line[0] == '\0' ) {
117 LDAP_LOG(( "config", LDAP_LEVEL_DETAIL1,
118 "line %d (%s)\n", lineno, line ));
120 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
124 /* fp_parse_line is destructive, we save a copy */
125 saveline = ch_strdup( line );
127 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
133 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
134 "%s: line %d: bad config line (ignored)\n",
137 Debug( LDAP_DEBUG_ANY,
138 "%s: line %d: bad config line (ignored)\n",
145 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
148 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
149 "%s : line %d: missing type in \"backend\" line.\n",
152 Debug( LDAP_DEBUG_ANY,
153 "%s: line %d: missing type in \"backend <type>\" line\n",
162 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
163 "%s: line %d: backend line must appear before any "
164 "database definition.\n", fname, lineno ));
166 Debug( LDAP_DEBUG_ANY,
167 "%s: line %d: backend line must appear before any database definition\n",
174 bi = backend_info( cargv[1] );
178 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
179 "read_config: backend %s initialization failed.\n",
182 Debug( LDAP_DEBUG_ANY,
183 "backend %s initialization failed.\n",
189 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
192 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
193 "%s: line %d: missing type in \"database <type>\" line\n",
196 Debug( LDAP_DEBUG_ANY,
197 "%s: line %d: missing type in \"database <type>\" line\n",
205 be = backend_db_init( cargv[1] );
207 if( lastmod ) be->be_flags |= SLAP_BFLAG_LASTMOD;
211 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
212 "database %s initialization failed.\n",
215 Debug( LDAP_DEBUG_ANY,
216 "database %s initialization failed.\n",
223 /* set thread concurrency */
224 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
228 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
229 "%s: line %d: missing level in \"concurrency <level\" line\n",
232 Debug( LDAP_DEBUG_ANY,
233 "%s: line %d: missing level in \"concurrency <level>\" line\n",
240 c = atoi( cargv[1] );
244 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
245 "%s: line %d: invalid level (%d) in "
246 "\"concurrency <level>\" line.\n",
249 Debug( LDAP_DEBUG_ANY,
250 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
257 ldap_pvt_thread_set_concurrency( c );
259 /* set sockbuf max */
260 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
264 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
265 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
268 Debug( LDAP_DEBUG_ANY,
269 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
276 max = atol( cargv[1] );
280 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
281 "%s: line %d: invalid max value (%ld) in "
282 "\"sockbuf_max_incoming <bytes>\" line.\n",
283 fname, lineno, max ));
285 Debug( LDAP_DEBUG_ANY,
286 "%s: line %d: invalid max value (%ld) in "
287 "\"sockbuf_max_incoming <bytes>\" line.\n",
288 fname, lineno, max );
294 sockbuf_max_incoming = max;
296 /* set sockbuf max authenticated */
297 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
301 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
302 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
305 Debug( LDAP_DEBUG_ANY,
306 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
313 max = atol( cargv[1] );
317 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
318 "%s: line %d: invalid max value (%ld) in "
319 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
320 fname, lineno, max ));
322 Debug( LDAP_DEBUG_ANY,
323 "%s: line %d: invalid max value (%ld) in "
324 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
325 fname, lineno, max );
331 sockbuf_max_incoming_auth = max;
333 /* default search base */
334 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
337 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
338 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
339 "line\n", fname, lineno ));
341 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
342 "missing dn in \"defaultSearchBase <dn>\" line\n",
348 } else if ( cargc > 2 ) {
350 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
351 "%s: line %d: extra cruft after <dn> in "
352 "\"defaultSearchBase %s\" line (ignored)\n",
353 fname, lineno, cargv[1] ));
355 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
356 "extra cruft after <dn> in \"defaultSearchBase %s\", "
358 fname, lineno, cargv[1] );
362 if ( bi != NULL || be != NULL ) {
364 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
365 "%s: line %d: defaultSearchBase line must appear "
366 "prior to any backend or database definitions\n",
369 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
370 "defaultSearchBaase line must appear prior to "
371 "any backend or database definition\n",
378 if ( default_search_nbase.bv_len ) {
380 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
381 "default search base \"%s\" already defined "
382 "(discarding old)\n", fname, lineno,
383 default_search_base->bv_val ));
385 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
386 "default search base \"%s\" already defined "
387 "(discarding old)\n",
388 fname, lineno, default_search_base.bv_val );
391 free( default_search_base.bv_val );
392 free( default_search_nbase.bv_val );
395 if ( load_ucdata( NULL ) < 0 ) return 1;
400 dn.bv_val = cargv[1];
401 dn.bv_len = strlen( dn.bv_val );
403 rc = dnPrettyNormal( NULL, &dn,
404 &default_search_base,
405 &default_search_nbase );
407 if( rc != LDAP_SUCCESS ) {
409 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
410 "%s: line %d: defaultSearchBase DN is invalid.\n",
413 Debug( LDAP_DEBUG_ANY,
414 "%s: line %d: defaultSearchBase DN is invalid\n",
421 /* set maximum threads in thread pool */
422 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
426 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
427 "%s: line %d: missing count in \"threads <count>\" line\n",
430 Debug( LDAP_DEBUG_ANY,
431 "%s: line %d: missing count in \"threads <count>\" line\n",
438 c = atoi( cargv[1] );
442 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
443 "%s: line %d: invalid level (%d) in \"threads <count>\""
444 "line\n",fname, lineno, c ));
446 Debug( LDAP_DEBUG_ANY,
447 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
454 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
456 /* save for later use */
457 connection_pool_max = c;
459 /* get pid file name */
460 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
463 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
464 "%s: line %d missing file name in \"pidfile <file>\" line.\n",
467 Debug( LDAP_DEBUG_ANY,
468 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
475 slapd_pid_file = ch_strdup( cargv[1] );
477 /* get args file name */
478 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
481 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
482 "%s: %d: missing file name in "
483 "\"argsfile <file>\" line.\n",
486 Debug( LDAP_DEBUG_ANY,
487 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
494 slapd_args_file = ch_strdup( cargv[1] );
496 /* default password hash */
497 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
500 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
501 "%s: line %d: missing hash in "
502 "\"password-hash <hash>\" line.\n",
505 Debug( LDAP_DEBUG_ANY,
506 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
512 if ( default_passwd_hash != NULL ) {
514 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
515 "%s: line %d: already set default password_hash!\n",
518 Debug( LDAP_DEBUG_ANY,
519 "%s: line %d: already set default password_hash!\n",
526 default_passwd_hash = ch_strdup( cargv[1] );
529 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
533 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
534 "%s: line %d: missing format in "
535 "\"password-crypt-salt-format <format>\" line\n",
538 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
539 "\"password-crypt-salt-format <format>\" line\n",
546 lutil_salt_format( cargv[1] );
549 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
552 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
553 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
556 Debug( LDAP_DEBUG_ANY,
557 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
564 if ( global_host != NULL ) {
566 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
567 "%s: line %d: already set sasl-host!\n",
570 Debug( LDAP_DEBUG_ANY,
571 "%s: line %d: already set sasl-host!\n",
578 global_host = ch_strdup( cargv[1] );
582 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
585 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
586 "%s: line %d: missing realm in \"sasl-realm <realm>\" line.\n",
589 Debug( LDAP_DEBUG_ANY,
590 "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
597 if ( global_realm != NULL ) {
599 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
600 "%s: line %d: already set sasl-realm!\n",
603 Debug( LDAP_DEBUG_ANY,
604 "%s: line %d: already set sasl-realm!\n",
611 global_realm = ch_strdup( cargv[1] );
614 } else if ( !strcasecmp( cargv[0], "sasl-regexp" )
615 || !strcasecmp( cargv[0], "saslregexp" ) )
620 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
621 "%s: line %d: need 2 args in "
622 "\"saslregexp <match> <replace>\"\n",
625 Debug( LDAP_DEBUG_ANY,
626 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
632 rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
637 /* SASL security properties */
638 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
643 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
644 "%s: line %d: missing flags in "
645 "\"sasl-secprops <properties>\" line\n",
648 Debug( LDAP_DEBUG_ANY,
649 "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
656 txt = slap_sasl_secprops( cargv[1] );
659 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
660 "%s: line %d sas-secprops: %s\n",
661 fname, lineno, txt ));
663 Debug( LDAP_DEBUG_ANY,
664 "%s: line %d: sasl-secprops: %s\n",
665 fname, lineno, txt );
671 } else if ( strcasecmp( cargv[0], "sasl-external-x509dn-convert" ) == 0 ) {
672 sasl_external_x509dn_convert++;
674 /* set UCDATA path */
675 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
679 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
680 "%s: line %d: missing path in "
681 "\"ucdata-path <path>\" line.\n",
684 Debug( LDAP_DEBUG_ANY,
685 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
692 err = load_ucdata( cargv[1] );
696 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
697 "%s: line %d: ucdata already loaded, ucdata-path "
698 "must be set earlier in the file and/or be "
699 "specified only once!\n",
702 Debug( LDAP_DEBUG_ANY,
703 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
712 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
714 struct slap_limits_set *lim;
718 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
719 "%s: line %d: missing limit in \"sizelimit <limit>\" line.\n",
722 Debug( LDAP_DEBUG_ANY,
723 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
733 lim = &be->be_def_limit;
736 for ( i = 1; i < cargc; i++ ) {
737 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
738 rc = parse_limit( cargv[i], lim );
740 lim->lms_s_soft = atoi( cargv[i] );
746 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
747 "%s: line %d: unable "
748 "to parse value \"%s\" "
751 fname, lineno, cargv[i] ));
753 Debug( LDAP_DEBUG_ANY,
754 "%s: line %d: unable "
755 "to parse value \"%s\" "
758 fname, lineno, cargv[i] );
764 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
766 struct slap_limits_set *lim;
770 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
771 "%s: line %d missing limit in \"timelimit <limit>\" line.\n",
774 Debug( LDAP_DEBUG_ANY,
775 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
785 lim = &be->be_def_limit;
788 for ( i = 1; i < cargc; i++ ) {
789 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
790 rc = parse_limit( cargv[i], lim );
792 lim->lms_t_soft = atoi( cargv[i] );
798 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
799 "%s: line %d: unable "
800 "to parse value \"%s\" "
803 fname, lineno, cargv[i] ));
805 Debug( LDAP_DEBUG_ANY,
806 "%s: line %d: unable "
807 "to parse value \"%s\" "
810 fname, lineno, cargv[i] );
815 /* set regex-based limits */
816 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
819 LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
820 "%s: line %d \"limits\" allowed only in database environment.\n",
823 Debug( LDAP_DEBUG_ANY,
824 "%s: line %d \"limits\" allowed only in database environment.\n%s",
830 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
834 /* mark this as a subordinate database */
835 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
838 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
839 "subordinate keyword must appear inside a database "
840 "definition (ignored).\n", fname, lineno ));
842 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
843 "must appear inside a database definition (ignored)\n",
847 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
851 /* set database suffix */
852 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
855 struct berval *pdn = NULL;
856 struct berval *ndn = NULL;
860 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
861 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
864 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
865 "missing dn in \"suffix <dn>\" line\n",
871 } else if ( cargc > 2 ) {
873 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
874 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
875 " line (ignored).\n", fname, lineno, cargv[1] ));
877 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
878 "after <dn> in \"suffix %s\" line (ignored)\n",
879 fname, lineno, cargv[1] );
885 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
886 "%s: line %d: suffix line must appear inside a database "
887 "definition.\n", fname, lineno ));
889 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
890 "must appear inside a database definition\n",
895 #if defined(SLAPD_MONITOR_DN)
896 /* "cn=Monitor" is reserved for monitoring slap */
897 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
899 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \""
900 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
903 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
904 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
908 #endif /* SLAPD_MONITOR_DN */
911 if ( load_ucdata( NULL ) < 0 ) return 1;
913 dn.bv_val = cargv[1];
914 dn.bv_len = strlen( cargv[1] );
915 pdn = ch_malloc( sizeof( struct berval ));
916 ndn = ch_malloc( sizeof( struct berval ));
918 rc = dnPrettyNormal( NULL, &dn, pdn, ndn );
919 if( rc != LDAP_SUCCESS ) {
921 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
922 "%s: line %d: suffix DN is invalid.\n",
925 Debug( LDAP_DEBUG_ANY,
926 "%s: line %d: suffix DN is invalid\n",
932 tmp_be = select_backend( ndn, 0, 0 );
933 if ( tmp_be == be ) {
935 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
936 "%s: line %d: suffix already served by this backend "
937 "(ignored)\n", fname, lineno ));
939 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
940 "already served by this backend (ignored)\n",
946 } else if ( tmp_be != NULL ) {
948 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
949 "%s: line %d: suffix already served by a preceding "
950 "backend \"%s\"\n", fname, lineno,
951 tmp_be->be_suffix[0]->bv_val ));
953 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
954 "already served by a preceeding backend \"%s\"\n",
955 fname, lineno, tmp_be->be_suffix[0]->bv_val );
961 } else if( pdn->bv_len == 0 && default_search_nbase.bv_len ) {
963 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
964 "%s: line %d: suffix DN empty and default search "
965 "base provided \"%s\" (assuming okay).\n",
966 fname, lineno, default_search_base.bv_val ));
968 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
969 "suffix DN empty and default "
970 "search base provided \"%s\" (assuming okay)\n",
971 fname, lineno, default_search_base.bv_val );
975 ber_bvecadd( &be->be_suffix, pdn );
976 ber_bvecadd( &be->be_nsuffix, ndn );
978 /* set database suffixAlias */
979 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
981 struct berval alias, *palias, nalias;
982 struct berval aliased, *paliased, naliased;
986 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
987 "%s: line %d: missing alias and aliased_dn in "
988 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
991 Debug( LDAP_DEBUG_ANY,
992 "%s: line %d: missing alias and aliased_dn in "
993 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
998 } else if ( cargc < 3 ) {
1000 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1001 "%s: line %d: missing aliased_dn in "
1002 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1005 Debug( LDAP_DEBUG_ANY,
1006 "%s: line %d: missing aliased_dn in "
1007 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1012 } else if ( cargc > 3 ) {
1014 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1015 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1018 Debug( LDAP_DEBUG_ANY,
1019 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1027 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1028 "%s: line %d: suffixAlias line must appear inside a "
1029 "database definition (ignored).\n", fname, lineno ));
1031 Debug( LDAP_DEBUG_ANY,
1032 "%s: line %d: suffixAlias line"
1033 " must appear inside a database definition (ignored)\n",
1038 if ( load_ucdata( NULL ) < 0 ) return 1;
1040 alias.bv_val = cargv[1];
1041 alias.bv_len = strlen( cargv[1] );
1042 palias = ch_malloc(sizeof(struct berval));
1044 rc = dnPrettyNormal( NULL, &alias, palias, &nalias );
1045 if( rc != LDAP_SUCCESS ) {
1047 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1048 "%s: line %d: alias DN is invalid.\n",
1051 Debug( LDAP_DEBUG_ANY,
1052 "%s: line %d: alias DN is invalid\n",
1058 tmp_be = select_backend( &nalias, 0, 0 );
1059 free( nalias.bv_val );
1060 if ( tmp_be && tmp_be != be ) {
1062 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1063 "%s: line %d: suffixAlias served by a preceeding "
1065 fname, lineno, tmp_be->be_suffix[0]->bv_val ));
1067 Debug( LDAP_DEBUG_ANY,
1068 "%s: line %d: suffixAlias served by"
1069 " a preceeding backend \"%s\"\n",
1070 fname, lineno, tmp_be->be_suffix[0]->bv_val );
1072 ber_bvfree( palias );
1076 aliased.bv_val = cargv[2];
1077 aliased.bv_len = strlen( cargv[2] );
1078 paliased = ch_malloc(sizeof(struct berval));
1080 rc = dnPrettyNormal( NULL, &aliased, paliased, &naliased );
1081 if( rc != LDAP_SUCCESS ) {
1083 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1084 "%s: line %d: aliased DN is invalid.\n",
1087 Debug( LDAP_DEBUG_ANY,
1088 "%s: line %d: aliased DN is invalid\n",
1091 ber_bvfree( palias );
1095 tmp_be = select_backend( &naliased, 0, 0 );
1096 free( naliased.bv_val );
1097 if ( tmp_be && tmp_be != be ) {
1099 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1100 "%s: line %d: suffixAlias derefs to a different backend "
1101 "a preceeding backend \"%s\"\n",
1102 fname, lineno, tmp_be->be_suffix[0]->bv_val ));
1104 Debug( LDAP_DEBUG_ANY,
1105 "%s: line %d: suffixAlias derefs to differnet backend"
1106 " a preceeding backend \"%s\"\n",
1107 fname, lineno, tmp_be->be_suffix[0]->bv_val );
1109 ber_bvfree( palias );
1110 ber_bvfree( paliased );
1114 ber_bvecadd( &be->be_suffixAlias, palias );
1115 ber_bvecadd( &be->be_suffixAlias, paliased );
1117 /* set max deref depth */
1118 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1122 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1123 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1124 " line\n", fname, lineno ));
1126 Debug( LDAP_DEBUG_ANY,
1127 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1135 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1136 "%s: line %d: depth line must appear inside a database "
1137 "definition (ignored)\n", fname, lineno ));
1139 Debug( LDAP_DEBUG_ANY,
1140 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
1144 } else if ((i = atoi(cargv[1])) < 0) {
1146 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1147 "%s: line %d: depth must be positive (ignored).\n",
1150 Debug( LDAP_DEBUG_ANY,
1151 "%s: line %d: depth must be positive (ignored)\n",
1157 be->be_max_deref_depth = i;
1161 /* set magic "root" dn for this database */
1162 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1165 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1166 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1169 Debug( LDAP_DEBUG_ANY,
1170 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1178 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1179 "%s: line %d: rootdn line must appear inside a database "
1180 "definition (ignored).\n", fname, lineno ));
1182 Debug( LDAP_DEBUG_ANY,
1183 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
1190 if ( load_ucdata( NULL ) < 0 ) return 1;
1192 dn.bv_val = cargv[1];
1193 dn.bv_len = strlen( cargv[1] );
1195 rc = dnPrettyNormal( NULL, &dn,
1199 if( rc != LDAP_SUCCESS ) {
1201 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1202 "%s: line %d: rootdn DN is invalid.\n",
1205 Debug( LDAP_DEBUG_ANY,
1206 "%s: line %d: rootdn DN is invalid\n",
1213 /* set super-secret magic database password */
1214 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1217 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1218 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1219 " line\n", fname, lineno ));
1221 Debug( LDAP_DEBUG_ANY,
1222 "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
1230 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1231 "%s: line %d: rootpw line must appear inside a database "
1232 "definition (ignored)\n", fname, lineno ));
1234 Debug( LDAP_DEBUG_ANY,
1235 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
1240 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1241 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1244 /* make this database read-only */
1245 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1248 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1249 "%s: line %d: missing on|off in \"readonly <on|off>\" line.\n",
1252 Debug( LDAP_DEBUG_ANY,
1253 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1260 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1261 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1263 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1266 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1267 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1269 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1274 /* allow these features */
1275 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1276 strcasecmp( cargv[0], "allow" ) == 0 )
1282 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1283 "%s: line %d: allow line must appear prior to "
1284 "database definitions.\n", fname, lineno ));
1286 Debug( LDAP_DEBUG_ANY,
1287 "%s: line %d: allow line must appear prior to database definitions\n",
1295 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1296 "%s: line %d: missing feature(s) in \"allow <features>\""
1297 " line\n", fname, lineno ));
1299 Debug( LDAP_DEBUG_ANY,
1300 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1309 for( i=1; i < cargc; i++ ) {
1310 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1311 allows |= SLAP_ALLOW_BIND_V2;
1313 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1314 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1316 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1317 allows |= SLAP_ALLOW_BIND_ANON_DN;
1319 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1321 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1322 "%s: line %d: unknown feature %s in "
1323 "\"allow <features>\" line.\n",
1324 fname, lineno, cargv[1] ));
1326 Debug( LDAP_DEBUG_ANY,
1327 "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
1328 fname, lineno, cargv[i] );
1335 global_allows = allows;
1337 /* disallow these features */
1338 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1339 strcasecmp( cargv[0], "disallow" ) == 0 )
1341 slap_mask_t disallows;
1345 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1346 "%s: line %d: disallow line must appear prior to "
1347 "database definitions.\n", fname, lineno ));
1349 Debug( LDAP_DEBUG_ANY,
1350 "%s: line %d: disallow line must appear prior to database definitions\n",
1358 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1359 "%s: line %d: missing feature(s) in \"disallow <features>\""
1360 " line.\n", fname, lineno ));
1362 Debug( LDAP_DEBUG_ANY,
1363 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1372 for( i=1; i < cargc; i++ ) {
1373 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1374 disallows |= SLAP_DISALLOW_BIND_ANON;
1376 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1377 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1379 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1380 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1382 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1383 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1385 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1386 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1388 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1390 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1391 "%s: line %d: unknown feature %s in "
1392 "\"disallow <features>\" line.\n",
1393 fname, lineno, cargv[i] ));
1395 Debug( LDAP_DEBUG_ANY,
1396 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1397 fname, lineno, cargv[i] );
1404 global_disallows = disallows;
1406 /* require these features */
1407 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1408 strcasecmp( cargv[0], "require" ) == 0 )
1410 slap_mask_t requires;
1414 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1415 "%s: line %d: missing feature(s) in "
1416 "\"require <features>\" line.\n", fname, lineno ));
1418 Debug( LDAP_DEBUG_ANY,
1419 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1428 for( i=1; i < cargc; i++ ) {
1429 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1430 requires |= SLAP_REQUIRE_BIND;
1432 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1433 requires |= SLAP_REQUIRE_LDAP_V3;
1435 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1436 requires |= SLAP_REQUIRE_AUTHC;
1438 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1439 requires |= SLAP_REQUIRE_SASL;
1441 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1442 requires |= SLAP_REQUIRE_STRONG;
1444 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1446 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1447 "%s: line %d: unknown feature %s in "
1448 "\"require <features>\" line.\n",
1451 Debug( LDAP_DEBUG_ANY,
1452 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1453 fname, lineno, cargv[i] );
1461 global_requires = requires;
1463 be->be_requires = requires;
1466 /* required security factors */
1467 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1468 slap_ssf_set_t *set;
1472 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1473 "%s: line %d: missing factor(s) in \"security <factors>\""
1474 " line.\n", fname, lineno ));
1476 Debug( LDAP_DEBUG_ANY,
1477 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1485 set = &global_ssf_set;
1487 set = &be->be_ssf_set;
1490 for( i=1; i < cargc; i++ ) {
1491 if( strncasecmp( cargv[i], "ssf=",
1492 sizeof("ssf") ) == 0 )
1495 atoi( &cargv[i][sizeof("ssf")] );
1497 } else if( strncasecmp( cargv[i], "transport=",
1498 sizeof("transport") ) == 0 )
1500 set->sss_transport =
1501 atoi( &cargv[i][sizeof("transport")] );
1503 } else if( strncasecmp( cargv[i], "tls=",
1504 sizeof("tls") ) == 0 )
1507 atoi( &cargv[i][sizeof("tls")] );
1509 } else if( strncasecmp( cargv[i], "sasl=",
1510 sizeof("sasl") ) == 0 )
1513 atoi( &cargv[i][sizeof("sasl")] );
1515 } else if( strncasecmp( cargv[i], "update_ssf=",
1516 sizeof("update_ssf") ) == 0 )
1518 set->sss_update_ssf =
1519 atoi( &cargv[i][sizeof("update_ssf")] );
1521 } else if( strncasecmp( cargv[i], "update_transport=",
1522 sizeof("update_transport") ) == 0 )
1524 set->sss_update_transport =
1525 atoi( &cargv[i][sizeof("update_transport")] );
1527 } else if( strncasecmp( cargv[i], "update_tls=",
1528 sizeof("update_tls") ) == 0 )
1530 set->sss_update_tls =
1531 atoi( &cargv[i][sizeof("update_tls")] );
1533 } else if( strncasecmp( cargv[i], "update_sasl=",
1534 sizeof("update_sasl") ) == 0 )
1536 set->sss_update_sasl =
1537 atoi( &cargv[i][sizeof("update_sasl")] );
1541 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1542 "%s: line %d: unknown factor %S in "
1543 "\"security <factors>\" line.\n",
1544 fname, lineno, cargv[1] ));
1546 Debug( LDAP_DEBUG_ANY,
1547 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1548 fname, lineno, cargv[i] );
1554 /* where to send clients when we don't hold it */
1555 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1558 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1559 "%s: line %d: missing URL in \"referral <URL>\""
1560 " line.\n", fname, lineno ));
1562 Debug( LDAP_DEBUG_ANY,
1563 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1570 if( validate_global_referral( cargv[1] ) ) {
1572 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1573 "invalid URL (%s) in \"referral\" line.\n",
1574 fname, lineno, cargv[1] ));
1576 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1577 "invalid URL (%s) in \"referral\" line.\n",
1578 fname, lineno, cargv[1] );
1583 vals[0].bv_val = cargv[1];
1584 vals[0].bv_len = strlen( vals[0].bv_val );
1585 value_add( &default_referral, vals );
1588 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1592 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1593 "%s: line %d: Error in logfile directive, "
1594 "\"logfile <filename>\"\n", fname, lineno ));
1596 Debug( LDAP_DEBUG_ANY,
1597 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1603 logfile = fopen( cargv[1], "w" );
1604 if ( logfile != NULL ) lutil_debug_file( logfile );
1607 /* start of a new database definition */
1608 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1612 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1613 "%s: line %d: Error in debug directive, "
1614 "\"debug <subsys> <level>\"\n", fname, lineno ));
1616 Debug( LDAP_DEBUG_ANY,
1617 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1623 level = atoi( cargv[2] );
1624 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1625 lutil_set_debug_level( cargv[1], level );
1626 /* specify an Object Identifier macro */
1627 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1628 rc = parse_oidm( fname, lineno, cargc, cargv );
1631 /* specify an objectclass */
1632 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1633 if ( *cargv[1] == '(' ) {
1635 p = strchr(saveline,'(');
1636 rc = parse_oc( fname, lineno, p, cargv );
1641 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1642 "%s: line %d: old objectclass format not supported\n",
1645 Debug( LDAP_DEBUG_ANY,
1646 "%s: line %d: old objectclass format not supported.\n",
1652 /* specify an attribute type */
1653 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1654 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1656 if ( *cargv[1] == '(' ) {
1658 p = strchr(saveline,'(');
1659 rc = parse_at( fname, lineno, p, cargv );
1664 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1665 "%s: line %d: old attribute type format not supported.\n",
1668 Debug( LDAP_DEBUG_ANY,
1669 "%s: line %d: old attribute type format not supported.\n",
1675 /* turn on/off schema checking */
1676 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1679 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1680 "%s: line %d: missing on|off in "
1681 "\"schemacheck <on|off>\" line.\n",
1684 Debug( LDAP_DEBUG_ANY,
1685 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1691 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1693 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1694 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1697 Debug( LDAP_DEBUG_ANY,
1698 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1701 global_schemacheck = 0;
1703 global_schemacheck = 1;
1706 /* specify access control info */
1707 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1708 parse_acl( be, fname, lineno, cargc, cargv );
1710 /* debug level to log things to syslog */
1711 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1714 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1715 "%s: line %d: missing level in \"loglevel <level>\""
1716 " line.\n", fname, lineno ));
1718 Debug( LDAP_DEBUG_ANY,
1719 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1728 for( i=1; i < cargc; i++ ) {
1729 ldap_syslog += atoi( cargv[1] );
1732 /* list of replicas of the data in this backend (master only) */
1733 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1736 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1737 "%s: line %d: missing host in \"replica "
1738 " <host[:port]\" line\n", fname, lineno ));
1740 Debug( LDAP_DEBUG_ANY,
1741 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1749 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1750 "%s: line %d: replica line must appear inside "
1751 "a database definition (ignored).\n", fname, lineno ));
1753 Debug( LDAP_DEBUG_ANY,
1754 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
1761 for ( i = 1; i < cargc; i++ ) {
1762 if ( strncasecmp( cargv[i], "host=", 5 )
1764 nr = add_replica_info( be,
1771 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1772 "%s: line %d: missing host in \"replica\" "
1773 "line (ignored)\n", fname, lineno ));
1775 Debug( LDAP_DEBUG_ANY,
1776 "%s: line %d: missing host in \"replica\" line (ignored)\n",
1780 } else if ( nr == -1 ) {
1782 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1783 "%s: line %d: unable to add"
1789 Debug( LDAP_DEBUG_ANY,
1790 "%s: line %d: unable to add replica \"%s\" (ignored)\n",
1791 fname, lineno, cargv[i] + 5 );
1794 for ( i = 1; i < cargc; i++ ) {
1795 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1797 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1800 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1801 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1802 fname, lineno, cargv[i] + 7 ));
1804 Debug( LDAP_DEBUG_ANY,
1805 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1806 fname, lineno, cargv[i] + 7 );
1812 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1813 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1816 Debug( LDAP_DEBUG_ANY,
1817 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1827 /* dn of master entity allowed to write to replica */
1828 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1831 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1832 "%s: line %d: missing dn in \"updatedn <dn>\""
1833 " line.\n", fname, lineno ));
1835 Debug( LDAP_DEBUG_ANY,
1836 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1844 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1845 "%s: line %d: updatedn line must appear inside "
1846 "a database definition (ignored)\n",
1849 Debug( LDAP_DEBUG_ANY,
1850 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
1857 if ( load_ucdata( NULL ) < 0 ) return 1;
1859 dn.bv_val = cargv[1];
1860 dn.bv_len = strlen( cargv[1] );
1862 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1863 if( rc != LDAP_SUCCESS ) {
1865 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1866 "%s: line %d: updatedn DN is invalid.\n",
1869 Debug( LDAP_DEBUG_ANY,
1870 "%s: line %d: updatedn DN is invalid\n",
1877 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1880 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1881 "missing url in \"updateref <ldapurl>\" line.\n",
1884 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1885 "missing url in \"updateref <ldapurl>\" line\n",
1893 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
1894 " line must appear inside a database definition\n",
1897 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1898 " line must appear inside a database definition\n",
1903 } else if ( !be->be_update_ndn.bv_len ) {
1905 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
1906 "updateref line must come after updatedn.\n",
1909 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1910 "updateref line must after updatedn.\n",
1916 if( validate_global_referral( cargv[1] ) ) {
1918 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1919 "invalid URL (%s) in \"updateref\" line.\n",
1920 fname, lineno, cargv[1] ));
1922 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1923 "invalid URL (%s) in \"updateref\" line.\n",
1924 fname, lineno, cargv[1] );
1929 vals[0].bv_val = cargv[1];
1930 vals[0].bv_len = strlen( vals[0].bv_val );
1931 value_add( &be->be_update_refs, vals );
1933 /* replication log file to which changes are appended */
1934 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1937 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1938 "%s: line %d: missing filename in \"replogfile <filename>\""
1939 " line.\n", fname, lineno ));
1941 Debug( LDAP_DEBUG_ANY,
1942 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1949 be->be_replogfile = ch_strdup( cargv[1] );
1951 replogfile = ch_strdup( cargv[1] );
1954 /* file from which to read additional rootdse attrs */
1955 } else if ( strcasecmp( cargv[0], "rootdse" ) == 0) {
1958 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1959 "missing filename in \"rootDSE <filename>\" line.\n",
1962 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1963 "missing filename in \"rootDSE <filename>\" line.\n",
1969 if( read_root_dse_file( cargv[1] ) ) {
1971 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1972 "could not read \"rootDSE <filename>\" line.\n",
1975 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1976 "could not read \"rootDSE <filename>\" line\n",
1982 /* maintain lastmodified{by,time} attributes */
1983 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
1986 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1987 "%s: line %d: missing on|off in \"lastmod <on|off>\""
1988 " line.\n", fname, lineno ));
1990 Debug( LDAP_DEBUG_ANY,
1991 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
1997 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1999 be->be_flags |= SLAP_BFLAG_LASTMOD;
2004 be->be_flags &= ~SLAP_BFLAG_LASTMOD;
2009 /* set idle timeout value */
2010 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2014 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2015 "%s: line %d: missing timeout value in "
2016 "\"idletimeout <seconds>\" line.\n", fname, lineno ));
2018 Debug( LDAP_DEBUG_ANY,
2019 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2026 i = atoi( cargv[1] );
2030 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2031 "%s: line %d: timeout value (%d) invalid "
2032 "\"idletimeout <seconds>\" line.\n",
2033 fname, lineno, i ));
2035 Debug( LDAP_DEBUG_ANY,
2036 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2043 global_idletimeout = i;
2045 /* include another config file */
2046 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2049 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2050 "%s: line %d: missing filename in \"include "
2051 "<filename>\" line.\n", fname, lineno ));
2053 Debug( LDAP_DEBUG_ANY,
2054 "%s: line %d: missing filename in \"include <filename>\" line\n",
2060 savefname = ch_strdup( cargv[1] );
2061 savelineno = lineno;
2063 if ( read_config( savefname ) != 0 ) {
2068 lineno = savelineno - 1;
2070 /* location of kerberos srvtab file */
2071 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2074 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2075 "%s: line %d: missing filename in \"srvtab "
2076 "<filename>\" line.\n", fname, lineno ));
2078 Debug( LDAP_DEBUG_ANY,
2079 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2085 ldap_srvtab = ch_strdup( cargv[1] );
2087 #ifdef SLAPD_MODULES
2088 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2091 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2092 "%s: line %d: missing filename in \"moduleload "
2093 "<filename>\" line.\n", fname, lineno ));
2095 Debug( LDAP_DEBUG_ANY,
2096 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2100 exit( EXIT_FAILURE );
2102 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2104 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2105 "%s: line %d: failed to load or initialize module %s\n"<
2106 fname, lineno, cargv[1] ));
2108 Debug( LDAP_DEBUG_ANY,
2109 "%s: line %d: failed to load or initialize module %s\n",
2110 fname, lineno, cargv[1]);
2113 exit( EXIT_FAILURE );
2115 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2118 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2119 "%s: line %d: missing path in \"modulepath <path>\""
2120 " line\n", fname, lineno ));
2122 Debug( LDAP_DEBUG_ANY,
2123 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2127 exit( EXIT_FAILURE );
2129 if (module_path( cargv[1] )) {
2131 LDAP_LOG(( "cofig", LDAP_LEVEL_CRIT,
2132 "%s: line %d: failed to set module search path to %s.\n",
2133 fname, lineno, cargv[1] ));
2135 Debug( LDAP_DEBUG_ANY,
2136 "%s: line %d: failed to set module search path to %s\n",
2137 fname, lineno, cargv[1]);
2140 exit( EXIT_FAILURE );
2143 #endif /*SLAPD_MODULES*/
2146 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2147 rc = ldap_pvt_tls_set_option( NULL,
2148 LDAP_OPT_X_TLS_RANDOM_FILE,
2153 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2154 rc = ldap_pvt_tls_set_option( NULL,
2155 LDAP_OPT_X_TLS_CIPHER_SUITE,
2160 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2161 rc = ldap_pvt_tls_set_option( NULL,
2162 LDAP_OPT_X_TLS_CERTFILE,
2167 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2168 rc = ldap_pvt_tls_set_option( NULL,
2169 LDAP_OPT_X_TLS_KEYFILE,
2174 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2175 rc = ldap_pvt_tls_set_option( NULL,
2176 LDAP_OPT_X_TLS_CACERTDIR,
2181 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2182 rc = ldap_pvt_tls_set_option( NULL,
2183 LDAP_OPT_X_TLS_CACERTFILE,
2187 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2189 rc = ldap_pvt_tls_set_option( NULL,
2190 LDAP_OPT_X_TLS_REQUIRE_CERT,
2197 /* pass anything else to the current backend info/db config routine */
2200 if ( bi->bi_config == 0 ) {
2202 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2203 "%s: line %d: unknown directive \"%s\" inside "
2204 "backend info definition (ignored).\n",
2205 fname, lineno, cargv[0] ));
2207 Debug( LDAP_DEBUG_ANY,
2208 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2209 fname, lineno, cargv[0] );
2213 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2219 } else if ( be != NULL ) {
2220 if ( be->be_config == 0 ) {
2222 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2223 "%s: line %d: uknown directive \"%s\" inside "
2224 "backend database definition (ignored).\n",
2225 fname, lineno, cargv[0] ));
2227 Debug( LDAP_DEBUG_ANY,
2228 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2229 fname, lineno, cargv[0] );
2233 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2241 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2242 "%s: line %d: unknown directive \"%s\" outside backend "
2243 "info and database definitions (ignored).\n",
2244 fname, lineno, cargv[0] ));
2246 Debug( LDAP_DEBUG_ANY,
2247 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2248 fname, lineno, cargv[0] );
2257 if ( load_ucdata( NULL ) < 0 ) return 1;
2271 for ( token = strtok_quote( line, " \t" ); token != NULL;
2272 token = strtok_quote( NULL, " \t" ) ) {
2273 if ( *argcp == MAXARGS ) {
2275 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2276 "fp_parse_line: too many tokens (%d max).\n",
2279 Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
2285 argv[(*argcp)++] = token;
2287 argv[*argcp] = NULL;
2292 strtok_quote( char *line, char *sep )
2298 if ( line != NULL ) {
2301 while ( *next && strchr( sep, *next ) ) {
2305 if ( *next == '\0' ) {
2311 for ( inquote = 0; *next; ) {
2319 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2325 next + 1, strlen( next + 1 ) + 1 );
2326 next++; /* dont parse the escaped character */
2331 if ( strchr( sep, *next ) != NULL ) {
2344 static char buf[BUFSIZ];
2346 static int lmax, lcur;
2348 #define CATLINE( buf ) { \
2350 len = strlen( buf ); \
2351 while ( lcur + len + 1 > lmax ) { \
2353 line = (char *) ch_realloc( line, lmax ); \
2355 strcpy( line + lcur, buf ); \
2360 fp_getline( FILE *fp, int *lineno )
2368 /* hack attack - keeps us from having to keep a stack of bufs... */
2369 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2374 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2375 /* trim off \r\n or \n */
2376 if ( (p = strchr( buf, '\n' )) != NULL ) {
2377 if( p > buf && p[-1] == '\r' ) --p;
2380 if ( ! isspace( (unsigned char) buf[0] ) ) {
2384 /* change leading whitespace to a space */
2392 return( line[0] ? line : NULL );
2396 fp_getline_init( int *lineno )
2402 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2404 load_ucdata( char *path )
2406 static int loaded = 0;
2412 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2415 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2416 "load_ucdata: Error %d loading ucdata.\n", err ));
2418 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2431 ucdata_unload( UCDATA_ALL );
2433 if ( slapd_args_file )
2434 free ( slapd_args_file );
2435 if ( slapd_pid_file )
2436 free ( slapd_pid_file );
2437 acl_destroy( global_acl, NULL );
projects / openldap / blob