1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/socket.h>
24 * defaults for various global variables
26 struct slap_limits_set deflimit = {
27 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
30 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
32 -1 /* no limit on unchecked size */
35 AccessControl *global_acl = NULL;
36 slap_access_t global_default_access = ACL_READ;
37 slap_mask_t global_restrictops = 0;
38 slap_mask_t global_allows = 0;
39 slap_mask_t global_disallows = 0;
40 slap_mask_t global_requires = 0;
41 slap_ssf_set_t global_ssf_set;
43 int global_idletimeout = 0;
44 char *global_host = NULL;
45 char *global_realm = NULL;
46 char *ldap_srvtab = "";
47 char *default_passwd_hash = NULL;
48 struct berval default_search_base = { 0, NULL };
49 struct berval default_search_nbase = { 0, NULL };
50 unsigned num_subordinates = 0;
52 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
53 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
55 char *slapd_pid_file = NULL;
56 char *slapd_args_file = NULL;
59 SaslRegexp_t *SaslRegexp = NULL;
60 int sasl_external_x509dn_convert;
63 int use_reverse_lookup = 1;
64 #else /* !SLAPD_RLOOKUPS */
65 int use_reverse_lookup = 0;
66 #endif /* !SLAPD_RLOOKUPS */
68 static char *fp_getline(FILE *fp, int *lineno);
69 static void fp_getline_init(int *lineno);
70 static int fp_parse_line(char *line, int *argcp, char **argv);
72 static char *strtok_quote(char *line, char *sep);
73 static int load_ucdata(char *path);
76 read_config( const char *fname )
79 char *line, *savefname, *saveline;
80 int cargc, savelineno;
81 char *cargv[MAXARGS+1];
84 struct berval vals[2];
86 static int lastmod = 1;
87 static BackendInfo *bi = NULL;
88 static BackendDB *be = NULL;
90 vals[1].bv_val = NULL;
92 if ( (fp = fopen( fname, "r" )) == NULL ) {
95 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
96 "could not open config file \"%s\": %s (%d)\n",
97 fname, strerror(errno), errno ));
99 Debug( LDAP_DEBUG_ANY,
100 "could not open config file \"%s\": %s (%d)\n",
101 fname, strerror(errno), errno );
107 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
108 "read_config: reading config file %s\n", fname ));
110 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
114 fp_getline_init( &lineno );
116 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
117 /* skip comments and blank lines */
118 if ( line[0] == '#' || line[0] == '\0' ) {
123 LDAP_LOG(( "config", LDAP_LEVEL_DETAIL1,
124 "line %d (%s)\n", lineno, line ));
126 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
130 /* fp_parse_line is destructive, we save a copy */
131 saveline = ch_strdup( line );
133 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
139 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
140 "%s: line %d: bad config line (ignored)\n",
143 Debug( LDAP_DEBUG_ANY,
144 "%s: line %d: bad config line (ignored)\n",
151 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
154 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
155 "%s : line %d: missing type in \"backend\" line.\n",
158 Debug( LDAP_DEBUG_ANY,
159 "%s: line %d: missing type in \"backend <type>\" line\n",
168 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
169 "%s: line %d: backend line must appear before any "
170 "database definition.\n", fname, lineno ));
172 Debug( LDAP_DEBUG_ANY,
173 "%s: line %d: backend line must appear before any database definition\n",
180 bi = backend_info( cargv[1] );
184 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
185 "read_config: backend %s initialization failed.\n",
188 Debug( LDAP_DEBUG_ANY,
189 "backend %s initialization failed.\n",
195 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
198 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
199 "%s: line %d: missing type in \"database <type>\" line\n",
202 Debug( LDAP_DEBUG_ANY,
203 "%s: line %d: missing type in \"database <type>\" line\n",
211 be = backend_db_init( cargv[1] );
215 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
216 "database %s initialization failed.\n",
219 Debug( LDAP_DEBUG_ANY,
220 "database %s initialization failed.\n",
227 /* set thread concurrency */
228 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
232 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
233 "%s: line %d: missing level in \"concurrency <level\" line\n",
236 Debug( LDAP_DEBUG_ANY,
237 "%s: line %d: missing level in \"concurrency <level>\" line\n",
244 c = atoi( cargv[1] );
248 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
249 "%s: line %d: invalid level (%d) in "
250 "\"concurrency <level>\" line.\n",
253 Debug( LDAP_DEBUG_ANY,
254 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
261 ldap_pvt_thread_set_concurrency( c );
263 /* set sockbuf max */
264 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
268 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
269 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
272 Debug( LDAP_DEBUG_ANY,
273 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
280 max = atol( cargv[1] );
284 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
285 "%s: line %d: invalid max value (%ld) in "
286 "\"sockbuf_max_incoming <bytes>\" line.\n",
287 fname, lineno, max ));
289 Debug( LDAP_DEBUG_ANY,
290 "%s: line %d: invalid max value (%ld) in "
291 "\"sockbuf_max_incoming <bytes>\" line.\n",
292 fname, lineno, max );
298 sockbuf_max_incoming = max;
300 /* set sockbuf max authenticated */
301 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
305 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
306 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
309 Debug( LDAP_DEBUG_ANY,
310 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
317 max = atol( cargv[1] );
321 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
322 "%s: line %d: invalid max value (%ld) in "
323 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
324 fname, lineno, max ));
326 Debug( LDAP_DEBUG_ANY,
327 "%s: line %d: invalid max value (%ld) in "
328 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
329 fname, lineno, max );
335 sockbuf_max_incoming_auth = max;
337 /* default search base */
338 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
341 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
342 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
343 "line\n", fname, lineno ));
345 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
346 "missing dn in \"defaultSearchBase <dn>\" line\n",
352 } else if ( cargc > 2 ) {
354 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
355 "%s: line %d: extra cruft after <dn> in "
356 "\"defaultSearchBase %s\" line (ignored)\n",
357 fname, lineno, cargv[1] ));
359 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
360 "extra cruft after <dn> in \"defaultSearchBase %s\", "
362 fname, lineno, cargv[1] );
366 if ( bi != NULL || be != NULL ) {
368 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
369 "%s: line %d: defaultSearchBase line must appear "
370 "prior to any backend or database definitions\n",
373 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
374 "defaultSearchBaase line must appear prior to "
375 "any backend or database definition\n",
382 if ( default_search_nbase.bv_len ) {
384 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
385 "default search base \"%s\" already defined "
386 "(discarding old)\n", fname, lineno,
387 default_search_base.bv_val ));
389 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
390 "default search base \"%s\" already defined "
391 "(discarding old)\n",
392 fname, lineno, default_search_base.bv_val );
395 free( default_search_base.bv_val );
396 free( default_search_nbase.bv_val );
399 if ( load_ucdata( NULL ) < 0 ) return 1;
404 dn.bv_val = cargv[1];
405 dn.bv_len = strlen( dn.bv_val );
407 rc = dnPrettyNormal( NULL, &dn,
408 &default_search_base,
409 &default_search_nbase );
411 if( rc != LDAP_SUCCESS ) {
413 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
414 "%s: line %d: defaultSearchBase DN is invalid.\n",
417 Debug( LDAP_DEBUG_ANY,
418 "%s: line %d: defaultSearchBase DN is invalid\n",
425 /* set maximum threads in thread pool */
426 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
430 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
431 "%s: line %d: missing count in \"threads <count>\" line\n",
434 Debug( LDAP_DEBUG_ANY,
435 "%s: line %d: missing count in \"threads <count>\" line\n",
442 c = atoi( cargv[1] );
446 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
447 "%s: line %d: invalid level (%d) in \"threads <count>\""
448 "line\n",fname, lineno, c ));
450 Debug( LDAP_DEBUG_ANY,
451 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
458 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
460 /* save for later use */
461 connection_pool_max = c;
463 /* get pid file name */
464 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
467 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
468 "%s: line %d missing file name in \"pidfile <file>\" line.\n",
471 Debug( LDAP_DEBUG_ANY,
472 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
479 slapd_pid_file = ch_strdup( cargv[1] );
481 /* get args file name */
482 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
485 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
486 "%s: %d: missing file name in "
487 "\"argsfile <file>\" line.\n",
490 Debug( LDAP_DEBUG_ANY,
491 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
498 slapd_args_file = ch_strdup( cargv[1] );
500 /* default password hash */
501 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
504 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
505 "%s: line %d: missing hash in "
506 "\"password-hash <hash>\" line.\n",
509 Debug( LDAP_DEBUG_ANY,
510 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
516 if ( default_passwd_hash != NULL ) {
518 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
519 "%s: line %d: already set default password_hash!\n",
522 Debug( LDAP_DEBUG_ANY,
523 "%s: line %d: already set default password_hash!\n",
531 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
533 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
534 "%s: line %d: password scheme \"%s\" not available\n",
535 fname, lineno, cargv[1] ));
537 Debug( LDAP_DEBUG_ANY,
538 "%s: line %d: password scheme \"%s\" not available\n",
539 fname, lineno, cargv[1] );
544 default_passwd_hash = ch_strdup( cargv[1] );
546 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
550 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
551 "%s: line %d: missing format in "
552 "\"password-crypt-salt-format <format>\" line\n",
555 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
556 "\"password-crypt-salt-format <format>\" line\n",
563 lutil_salt_format( cargv[1] );
566 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
569 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
570 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
573 Debug( LDAP_DEBUG_ANY,
574 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
581 if ( global_host != NULL ) {
583 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
584 "%s: line %d: already set sasl-host!\n",
587 Debug( LDAP_DEBUG_ANY,
588 "%s: line %d: already set sasl-host!\n",
595 global_host = ch_strdup( cargv[1] );
599 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
602 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
603 "%s: line %d: missing realm in \"sasl-realm <realm>\" line.\n",
606 Debug( LDAP_DEBUG_ANY,
607 "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
614 if ( global_realm != NULL ) {
616 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
617 "%s: line %d: already set sasl-realm!\n",
620 Debug( LDAP_DEBUG_ANY,
621 "%s: line %d: already set sasl-realm!\n",
628 global_realm = ch_strdup( cargv[1] );
631 } else if ( !strcasecmp( cargv[0], "sasl-regexp" )
632 || !strcasecmp( cargv[0], "saslregexp" ) )
637 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
638 "%s: line %d: need 2 args in "
639 "\"saslregexp <match> <replace>\"\n",
642 Debug( LDAP_DEBUG_ANY,
643 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
649 rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
654 /* SASL security properties */
655 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
660 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
661 "%s: line %d: missing flags in "
662 "\"sasl-secprops <properties>\" line\n",
665 Debug( LDAP_DEBUG_ANY,
666 "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
673 txt = slap_sasl_secprops( cargv[1] );
676 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
677 "%s: line %d sas-secprops: %s\n",
678 fname, lineno, txt ));
680 Debug( LDAP_DEBUG_ANY,
681 "%s: line %d: sasl-secprops: %s\n",
682 fname, lineno, txt );
688 } else if ( strcasecmp( cargv[0], "sasl-external-x509dn-convert" ) == 0 ) {
689 sasl_external_x509dn_convert++;
691 /* set UCDATA path */
692 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
696 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
697 "%s: line %d: missing path in "
698 "\"ucdata-path <path>\" line.\n",
701 Debug( LDAP_DEBUG_ANY,
702 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
709 err = load_ucdata( cargv[1] );
713 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
714 "%s: line %d: ucdata already loaded, ucdata-path "
715 "must be set earlier in the file and/or be "
716 "specified only once!\n",
719 Debug( LDAP_DEBUG_ANY,
720 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
729 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
731 struct slap_limits_set *lim;
735 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
736 "%s: line %d: missing limit in \"sizelimit <limit>\" line.\n",
739 Debug( LDAP_DEBUG_ANY,
740 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
750 lim = &be->be_def_limit;
753 for ( i = 1; i < cargc; i++ ) {
754 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
755 rc = parse_limit( cargv[i], lim );
757 lim->lms_s_soft = atoi( cargv[i] );
763 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
764 "%s: line %d: unable "
765 "to parse value \"%s\" "
768 fname, lineno, cargv[i] ));
770 Debug( LDAP_DEBUG_ANY,
771 "%s: line %d: unable "
772 "to parse value \"%s\" "
775 fname, lineno, cargv[i] );
781 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
783 struct slap_limits_set *lim;
787 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
788 "%s: line %d missing limit in \"timelimit <limit>\" line.\n",
791 Debug( LDAP_DEBUG_ANY,
792 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
802 lim = &be->be_def_limit;
805 for ( i = 1; i < cargc; i++ ) {
806 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
807 rc = parse_limit( cargv[i], lim );
809 lim->lms_t_soft = atoi( cargv[i] );
815 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
816 "%s: line %d: unable "
817 "to parse value \"%s\" "
820 fname, lineno, cargv[i] ));
822 Debug( LDAP_DEBUG_ANY,
823 "%s: line %d: unable "
824 "to parse value \"%s\" "
827 fname, lineno, cargv[i] );
832 /* set regex-based limits */
833 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
836 LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
837 "%s: line %d \"limits\" allowed only in database environment.\n",
840 Debug( LDAP_DEBUG_ANY,
841 "%s: line %d \"limits\" allowed only in database environment.\n%s",
847 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
851 /* mark this as a subordinate database */
852 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
855 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
856 "subordinate keyword must appear inside a database "
857 "definition (ignored).\n", fname, lineno ));
859 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
860 "must appear inside a database definition (ignored)\n",
864 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
868 /* set database suffix */
869 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
872 struct berval *pdn = NULL;
873 struct berval *ndn = NULL;
877 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
878 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
881 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
882 "missing dn in \"suffix <dn>\" line\n",
888 } else if ( cargc > 2 ) {
890 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
891 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
892 " line (ignored).\n", fname, lineno, cargv[1] ));
894 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
895 "after <dn> in \"suffix %s\" line (ignored)\n",
896 fname, lineno, cargv[1] );
902 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
903 "%s: line %d: suffix line must appear inside a database "
904 "definition.\n", fname, lineno ));
906 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
907 "must appear inside a database definition\n",
912 #if defined(SLAPD_MONITOR_DN)
913 /* "cn=Monitor" is reserved for monitoring slap */
914 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
916 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \""
917 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
920 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
921 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
925 #endif /* SLAPD_MONITOR_DN */
928 if ( load_ucdata( NULL ) < 0 ) return 1;
930 dn.bv_val = cargv[1];
931 dn.bv_len = strlen( cargv[1] );
932 pdn = ch_malloc( sizeof( struct berval ));
933 ndn = ch_malloc( sizeof( struct berval ));
935 rc = dnPrettyNormal( NULL, &dn, pdn, ndn );
936 if( rc != LDAP_SUCCESS ) {
938 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
939 "%s: line %d: suffix DN is invalid.\n",
942 Debug( LDAP_DEBUG_ANY,
943 "%s: line %d: suffix DN is invalid\n",
949 tmp_be = select_backend( ndn, 0, 0 );
950 if ( tmp_be == be ) {
952 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
953 "%s: line %d: suffix already served by this backend "
954 "(ignored)\n", fname, lineno ));
956 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
957 "already served by this backend (ignored)\n",
963 } else if ( tmp_be != NULL ) {
965 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
966 "%s: line %d: suffix already served by a preceding "
967 "backend \"%s\"\n", fname, lineno,
968 tmp_be->be_suffix[0]->bv_val ));
970 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
971 "already served by a preceeding backend \"%s\"\n",
972 fname, lineno, tmp_be->be_suffix[0]->bv_val );
978 } else if( pdn->bv_len == 0 && default_search_nbase.bv_len ) {
980 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
981 "%s: line %d: suffix DN empty and default search "
982 "base provided \"%s\" (assuming okay).\n",
983 fname, lineno, default_search_base.bv_val ));
985 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
986 "suffix DN empty and default "
987 "search base provided \"%s\" (assuming okay)\n",
988 fname, lineno, default_search_base.bv_val );
992 ber_bvecadd( &be->be_suffix, pdn );
993 ber_bvecadd( &be->be_nsuffix, ndn );
995 /* set database suffixAlias */
996 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
998 struct berval alias, *palias, nalias;
999 struct berval aliased, *paliased, naliased;
1003 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1004 "%s: line %d: missing alias and aliased_dn in "
1005 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
1008 Debug( LDAP_DEBUG_ANY,
1009 "%s: line %d: missing alias and aliased_dn in "
1010 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
1015 } else if ( cargc < 3 ) {
1017 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1018 "%s: line %d: missing aliased_dn in "
1019 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1022 Debug( LDAP_DEBUG_ANY,
1023 "%s: line %d: missing aliased_dn in "
1024 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1029 } else if ( cargc > 3 ) {
1031 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1032 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1035 Debug( LDAP_DEBUG_ANY,
1036 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1044 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1045 "%s: line %d: suffixAlias line must appear inside a "
1046 "database definition (ignored).\n", fname, lineno ));
1048 Debug( LDAP_DEBUG_ANY,
1049 "%s: line %d: suffixAlias line"
1050 " must appear inside a database definition (ignored)\n",
1055 if ( load_ucdata( NULL ) < 0 ) return 1;
1057 alias.bv_val = cargv[1];
1058 alias.bv_len = strlen( cargv[1] );
1059 palias = ch_malloc(sizeof(struct berval));
1061 rc = dnPrettyNormal( NULL, &alias, palias, &nalias );
1062 if( rc != LDAP_SUCCESS ) {
1064 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1065 "%s: line %d: alias DN is invalid.\n",
1068 Debug( LDAP_DEBUG_ANY,
1069 "%s: line %d: alias DN is invalid\n",
1075 tmp_be = select_backend( &nalias, 0, 0 );
1076 free( nalias.bv_val );
1077 if ( tmp_be && tmp_be != be ) {
1079 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1080 "%s: line %d: suffixAlias served by a preceeding "
1082 fname, lineno, tmp_be->be_suffix[0]->bv_val ));
1084 Debug( LDAP_DEBUG_ANY,
1085 "%s: line %d: suffixAlias served by"
1086 " a preceeding backend \"%s\"\n",
1087 fname, lineno, tmp_be->be_suffix[0]->bv_val );
1089 ber_bvfree( palias );
1093 aliased.bv_val = cargv[2];
1094 aliased.bv_len = strlen( cargv[2] );
1095 paliased = ch_malloc(sizeof(struct berval));
1097 rc = dnPrettyNormal( NULL, &aliased, paliased, &naliased );
1098 if( rc != LDAP_SUCCESS ) {
1100 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1101 "%s: line %d: aliased DN is invalid.\n",
1104 Debug( LDAP_DEBUG_ANY,
1105 "%s: line %d: aliased DN is invalid\n",
1108 ber_bvfree( palias );
1112 tmp_be = select_backend( &naliased, 0, 0 );
1113 free( naliased.bv_val );
1114 if ( tmp_be && tmp_be != be ) {
1116 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1117 "%s: line %d: suffixAlias derefs to a different backend "
1118 "a preceeding backend \"%s\"\n",
1119 fname, lineno, tmp_be->be_suffix[0]->bv_val ));
1121 Debug( LDAP_DEBUG_ANY,
1122 "%s: line %d: suffixAlias derefs to differnet backend"
1123 " a preceeding backend \"%s\"\n",
1124 fname, lineno, tmp_be->be_suffix[0]->bv_val );
1126 ber_bvfree( palias );
1127 ber_bvfree( paliased );
1131 ber_bvecadd( &be->be_suffixAlias, palias );
1132 ber_bvecadd( &be->be_suffixAlias, paliased );
1134 /* set max deref depth */
1135 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1139 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1140 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1141 " line\n", fname, lineno ));
1143 Debug( LDAP_DEBUG_ANY,
1144 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1152 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1153 "%s: line %d: depth line must appear inside a database "
1154 "definition (ignored)\n", fname, lineno ));
1156 Debug( LDAP_DEBUG_ANY,
1157 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
1161 } else if ((i = atoi(cargv[1])) < 0) {
1163 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1164 "%s: line %d: depth must be positive (ignored).\n",
1167 Debug( LDAP_DEBUG_ANY,
1168 "%s: line %d: depth must be positive (ignored)\n",
1174 be->be_max_deref_depth = i;
1178 /* set magic "root" dn for this database */
1179 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1182 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1183 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1186 Debug( LDAP_DEBUG_ANY,
1187 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1195 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1196 "%s: line %d: rootdn line must appear inside a database "
1197 "definition (ignored).\n", fname, lineno ));
1199 Debug( LDAP_DEBUG_ANY,
1200 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
1207 if ( load_ucdata( NULL ) < 0 ) return 1;
1209 dn.bv_val = cargv[1];
1210 dn.bv_len = strlen( cargv[1] );
1212 rc = dnPrettyNormal( NULL, &dn,
1216 if( rc != LDAP_SUCCESS ) {
1218 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1219 "%s: line %d: rootdn DN is invalid.\n",
1222 Debug( LDAP_DEBUG_ANY,
1223 "%s: line %d: rootdn DN is invalid\n",
1230 /* set super-secret magic database password */
1231 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1234 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1235 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1236 " line\n", fname, lineno ));
1238 Debug( LDAP_DEBUG_ANY,
1239 "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
1247 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1248 "%s: line %d: rootpw line must appear inside a database "
1249 "definition (ignored)\n", fname, lineno ));
1251 Debug( LDAP_DEBUG_ANY,
1252 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
1257 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1258 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1261 /* make this database read-only */
1262 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1265 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1266 "%s: line %d: missing on|off in \"readonly <on|off>\" line.\n",
1269 Debug( LDAP_DEBUG_ANY,
1270 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1277 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1278 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1280 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1283 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1284 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1286 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1291 /* allow these features */
1292 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1293 strcasecmp( cargv[0], "allow" ) == 0 )
1299 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1300 "%s: line %d: allow line must appear prior to "
1301 "database definitions.\n", fname, lineno ));
1303 Debug( LDAP_DEBUG_ANY,
1304 "%s: line %d: allow line must appear prior to database definitions\n",
1312 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1313 "%s: line %d: missing feature(s) in \"allow <features>\""
1314 " line\n", fname, lineno ));
1316 Debug( LDAP_DEBUG_ANY,
1317 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1326 for( i=1; i < cargc; i++ ) {
1327 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1328 allows |= SLAP_ALLOW_BIND_V2;
1330 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1331 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1333 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1334 allows |= SLAP_ALLOW_BIND_ANON_DN;
1336 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1338 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1339 "%s: line %d: unknown feature %s in "
1340 "\"allow <features>\" line.\n",
1341 fname, lineno, cargv[1] ));
1343 Debug( LDAP_DEBUG_ANY,
1344 "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
1345 fname, lineno, cargv[i] );
1352 global_allows = allows;
1354 /* disallow these features */
1355 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1356 strcasecmp( cargv[0], "disallow" ) == 0 )
1358 slap_mask_t disallows;
1362 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1363 "%s: line %d: disallow line must appear prior to "
1364 "database definitions.\n", fname, lineno ));
1366 Debug( LDAP_DEBUG_ANY,
1367 "%s: line %d: disallow line must appear prior to database definitions\n",
1375 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1376 "%s: line %d: missing feature(s) in \"disallow <features>\""
1377 " line.\n", fname, lineno ));
1379 Debug( LDAP_DEBUG_ANY,
1380 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1389 for( i=1; i < cargc; i++ ) {
1390 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1391 disallows |= SLAP_DISALLOW_BIND_ANON;
1393 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1394 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1396 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1397 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1399 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1400 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1402 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1403 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1405 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1407 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1408 "%s: line %d: unknown feature %s in "
1409 "\"disallow <features>\" line.\n",
1410 fname, lineno, cargv[i] ));
1412 Debug( LDAP_DEBUG_ANY,
1413 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1414 fname, lineno, cargv[i] );
1421 global_disallows = disallows;
1423 /* require these features */
1424 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1425 strcasecmp( cargv[0], "require" ) == 0 )
1427 slap_mask_t requires;
1431 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1432 "%s: line %d: missing feature(s) in "
1433 "\"require <features>\" line.\n", fname, lineno ));
1435 Debug( LDAP_DEBUG_ANY,
1436 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1445 for( i=1; i < cargc; i++ ) {
1446 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1447 requires |= SLAP_REQUIRE_BIND;
1449 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1450 requires |= SLAP_REQUIRE_LDAP_V3;
1452 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1453 requires |= SLAP_REQUIRE_AUTHC;
1455 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1456 requires |= SLAP_REQUIRE_SASL;
1458 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1459 requires |= SLAP_REQUIRE_STRONG;
1461 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1463 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1464 "%s: line %d: unknown feature %s in "
1465 "\"require <features>\" line.\n",
1468 Debug( LDAP_DEBUG_ANY,
1469 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1470 fname, lineno, cargv[i] );
1478 global_requires = requires;
1480 be->be_requires = requires;
1483 /* required security factors */
1484 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1485 slap_ssf_set_t *set;
1489 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1490 "%s: line %d: missing factor(s) in \"security <factors>\""
1491 " line.\n", fname, lineno ));
1493 Debug( LDAP_DEBUG_ANY,
1494 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1502 set = &global_ssf_set;
1504 set = &be->be_ssf_set;
1507 for( i=1; i < cargc; i++ ) {
1508 if( strncasecmp( cargv[i], "ssf=",
1509 sizeof("ssf") ) == 0 )
1512 atoi( &cargv[i][sizeof("ssf")] );
1514 } else if( strncasecmp( cargv[i], "transport=",
1515 sizeof("transport") ) == 0 )
1517 set->sss_transport =
1518 atoi( &cargv[i][sizeof("transport")] );
1520 } else if( strncasecmp( cargv[i], "tls=",
1521 sizeof("tls") ) == 0 )
1524 atoi( &cargv[i][sizeof("tls")] );
1526 } else if( strncasecmp( cargv[i], "sasl=",
1527 sizeof("sasl") ) == 0 )
1530 atoi( &cargv[i][sizeof("sasl")] );
1532 } else if( strncasecmp( cargv[i], "update_ssf=",
1533 sizeof("update_ssf") ) == 0 )
1535 set->sss_update_ssf =
1536 atoi( &cargv[i][sizeof("update_ssf")] );
1538 } else if( strncasecmp( cargv[i], "update_transport=",
1539 sizeof("update_transport") ) == 0 )
1541 set->sss_update_transport =
1542 atoi( &cargv[i][sizeof("update_transport")] );
1544 } else if( strncasecmp( cargv[i], "update_tls=",
1545 sizeof("update_tls") ) == 0 )
1547 set->sss_update_tls =
1548 atoi( &cargv[i][sizeof("update_tls")] );
1550 } else if( strncasecmp( cargv[i], "update_sasl=",
1551 sizeof("update_sasl") ) == 0 )
1553 set->sss_update_sasl =
1554 atoi( &cargv[i][sizeof("update_sasl")] );
1558 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1559 "%s: line %d: unknown factor %S in "
1560 "\"security <factors>\" line.\n",
1561 fname, lineno, cargv[1] ));
1563 Debug( LDAP_DEBUG_ANY,
1564 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1565 fname, lineno, cargv[i] );
1571 /* where to send clients when we don't hold it */
1572 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1575 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1576 "%s: line %d: missing URL in \"referral <URL>\""
1577 " line.\n", fname, lineno ));
1579 Debug( LDAP_DEBUG_ANY,
1580 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1587 if( validate_global_referral( cargv[1] ) ) {
1589 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1590 "invalid URL (%s) in \"referral\" line.\n",
1591 fname, lineno, cargv[1] ));
1593 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1594 "invalid URL (%s) in \"referral\" line.\n",
1595 fname, lineno, cargv[1] );
1600 vals[0].bv_val = cargv[1];
1601 vals[0].bv_len = strlen( vals[0].bv_val );
1602 value_add( &default_referral, vals );
1605 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1609 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1610 "%s: line %d: Error in logfile directive, "
1611 "\"logfile <filename>\"\n", fname, lineno ));
1613 Debug( LDAP_DEBUG_ANY,
1614 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1620 logfile = fopen( cargv[1], "w" );
1621 if ( logfile != NULL ) lutil_debug_file( logfile );
1624 /* start of a new database definition */
1625 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1629 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1630 "%s: line %d: Error in debug directive, "
1631 "\"debug <subsys> <level>\"\n", fname, lineno ));
1633 Debug( LDAP_DEBUG_ANY,
1634 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1640 level = atoi( cargv[2] );
1641 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1642 lutil_set_debug_level( cargv[1], level );
1643 /* specify an Object Identifier macro */
1644 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1645 rc = parse_oidm( fname, lineno, cargc, cargv );
1648 /* specify an objectclass */
1649 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1650 if ( *cargv[1] == '(' ) {
1652 p = strchr(saveline,'(');
1653 rc = parse_oc( fname, lineno, p, cargv );
1658 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1659 "%s: line %d: old objectclass format not supported\n",
1662 Debug( LDAP_DEBUG_ANY,
1663 "%s: line %d: old objectclass format not supported.\n",
1669 /* specify an attribute type */
1670 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1671 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1673 if ( *cargv[1] == '(' ) {
1675 p = strchr(saveline,'(');
1676 rc = parse_at( fname, lineno, p, cargv );
1681 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1682 "%s: line %d: old attribute type format not supported.\n",
1685 Debug( LDAP_DEBUG_ANY,
1686 "%s: line %d: old attribute type format not supported.\n",
1692 /* turn on/off schema checking */
1693 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1696 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1697 "%s: line %d: missing on|off in "
1698 "\"schemacheck <on|off>\" line.\n",
1701 Debug( LDAP_DEBUG_ANY,
1702 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1708 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1710 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1711 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1714 Debug( LDAP_DEBUG_ANY,
1715 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1718 global_schemacheck = 0;
1720 global_schemacheck = 1;
1723 /* specify access control info */
1724 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1725 parse_acl( be, fname, lineno, cargc, cargv );
1727 /* debug level to log things to syslog */
1728 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1731 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1732 "%s: line %d: missing level in \"loglevel <level>\""
1733 " line.\n", fname, lineno ));
1735 Debug( LDAP_DEBUG_ANY,
1736 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1745 for( i=1; i < cargc; i++ ) {
1746 ldap_syslog += atoi( cargv[1] );
1749 /* list of replicas of the data in this backend (master only) */
1750 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1753 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1754 "%s: line %d: missing host in \"replica "
1755 " <host[:port]\" line\n", fname, lineno ));
1757 Debug( LDAP_DEBUG_ANY,
1758 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1766 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1767 "%s: line %d: replica line must appear inside "
1768 "a database definition (ignored).\n", fname, lineno ));
1770 Debug( LDAP_DEBUG_ANY,
1771 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
1778 for ( i = 1; i < cargc; i++ ) {
1779 if ( strncasecmp( cargv[i], "host=", 5 )
1781 nr = add_replica_info( be,
1788 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1789 "%s: line %d: missing host in \"replica\" "
1790 "line (ignored)\n", fname, lineno ));
1792 Debug( LDAP_DEBUG_ANY,
1793 "%s: line %d: missing host in \"replica\" line (ignored)\n",
1797 } else if ( nr == -1 ) {
1799 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1800 "%s: line %d: unable to add"
1806 Debug( LDAP_DEBUG_ANY,
1807 "%s: line %d: unable to add replica \"%s\" (ignored)\n",
1808 fname, lineno, cargv[i] + 5 );
1811 for ( i = 1; i < cargc; i++ ) {
1812 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1814 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1817 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1818 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1819 fname, lineno, cargv[i] + 7 ));
1821 Debug( LDAP_DEBUG_ANY,
1822 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1823 fname, lineno, cargv[i] + 7 );
1829 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1830 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1833 Debug( LDAP_DEBUG_ANY,
1834 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1840 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1842 char *arg = cargv[i] + 4;
1844 if ( arg[0] == '!' ) {
1849 if ( arg[0] != '=' ) {
1853 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1855 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1856 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1857 fname, lineno, arg + 1 ));
1859 Debug( LDAP_DEBUG_ANY,
1860 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1861 fname, lineno, arg + 1 );
1870 /* dn of master entity allowed to write to replica */
1871 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1874 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1875 "%s: line %d: missing dn in \"updatedn <dn>\""
1876 " line.\n", fname, lineno ));
1878 Debug( LDAP_DEBUG_ANY,
1879 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1887 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1888 "%s: line %d: updatedn line must appear inside "
1889 "a database definition (ignored)\n",
1892 Debug( LDAP_DEBUG_ANY,
1893 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
1900 if ( load_ucdata( NULL ) < 0 ) return 1;
1902 dn.bv_val = cargv[1];
1903 dn.bv_len = strlen( cargv[1] );
1905 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1906 if( rc != LDAP_SUCCESS ) {
1908 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1909 "%s: line %d: updatedn DN is invalid.\n",
1912 Debug( LDAP_DEBUG_ANY,
1913 "%s: line %d: updatedn DN is invalid\n",
1920 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1923 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1924 "missing url in \"updateref <ldapurl>\" line.\n",
1927 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1928 "missing url in \"updateref <ldapurl>\" line\n",
1936 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
1937 " line must appear inside a database definition\n",
1940 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1941 " line must appear inside a database definition\n",
1946 } else if ( !be->be_update_ndn.bv_len ) {
1948 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
1949 "updateref line must come after updatedn.\n",
1952 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1953 "updateref line must after updatedn.\n",
1959 if( validate_global_referral( cargv[1] ) ) {
1961 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1962 "invalid URL (%s) in \"updateref\" line.\n",
1963 fname, lineno, cargv[1] ));
1965 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1966 "invalid URL (%s) in \"updateref\" line.\n",
1967 fname, lineno, cargv[1] );
1972 vals[0].bv_val = cargv[1];
1973 vals[0].bv_len = strlen( vals[0].bv_val );
1974 value_add( &be->be_update_refs, vals );
1976 /* replication log file to which changes are appended */
1977 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1980 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1981 "%s: line %d: missing filename in \"replogfile <filename>\""
1982 " line.\n", fname, lineno ));
1984 Debug( LDAP_DEBUG_ANY,
1985 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1992 be->be_replogfile = ch_strdup( cargv[1] );
1994 replogfile = ch_strdup( cargv[1] );
1997 /* file from which to read additional rootdse attrs */
1998 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
2001 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
2002 "missing filename in \"rootDSE <filename>\" line.\n",
2005 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2006 "missing filename in \"rootDSE <filename>\" line.\n",
2012 if( read_root_dse_file( cargv[1] ) ) {
2014 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
2015 "could not read \"rootDSE <filename>\" line.\n",
2018 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2019 "could not read \"rootDSE <filename>\" line\n",
2025 /* maintain lastmodified{by,time} attributes */
2026 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2029 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2030 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2031 " line.\n", fname, lineno ));
2033 Debug( LDAP_DEBUG_ANY,
2034 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2040 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2042 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2048 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2054 /* set idle timeout value */
2055 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2059 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2060 "%s: line %d: missing timeout value in "
2061 "\"idletimeout <seconds>\" line.\n", fname, lineno ));
2063 Debug( LDAP_DEBUG_ANY,
2064 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2071 i = atoi( cargv[1] );
2075 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2076 "%s: line %d: timeout value (%d) invalid "
2077 "\"idletimeout <seconds>\" line.\n",
2078 fname, lineno, i ));
2080 Debug( LDAP_DEBUG_ANY,
2081 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2088 global_idletimeout = i;
2090 /* include another config file */
2091 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2094 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2095 "%s: line %d: missing filename in \"include "
2096 "<filename>\" line.\n", fname, lineno ));
2098 Debug( LDAP_DEBUG_ANY,
2099 "%s: line %d: missing filename in \"include <filename>\" line\n",
2105 savefname = ch_strdup( cargv[1] );
2106 savelineno = lineno;
2108 if ( read_config( savefname ) != 0 ) {
2113 lineno = savelineno - 1;
2115 /* location of kerberos srvtab file */
2116 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2119 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2120 "%s: line %d: missing filename in \"srvtab "
2121 "<filename>\" line.\n", fname, lineno ));
2123 Debug( LDAP_DEBUG_ANY,
2124 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2130 ldap_srvtab = ch_strdup( cargv[1] );
2132 #ifdef SLAPD_MODULES
2133 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2136 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2137 "%s: line %d: missing filename in \"moduleload "
2138 "<filename>\" line.\n", fname, lineno ));
2140 Debug( LDAP_DEBUG_ANY,
2141 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2145 exit( EXIT_FAILURE );
2147 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2149 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2150 "%s: line %d: failed to load or initialize module %s\n",
2151 fname, lineno, cargv[1] ));
2153 Debug( LDAP_DEBUG_ANY,
2154 "%s: line %d: failed to load or initialize module %s\n",
2155 fname, lineno, cargv[1]);
2158 exit( EXIT_FAILURE );
2160 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2163 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2164 "%s: line %d: missing path in \"modulepath <path>\""
2165 " line\n", fname, lineno ));
2167 Debug( LDAP_DEBUG_ANY,
2168 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2172 exit( EXIT_FAILURE );
2174 if (module_path( cargv[1] )) {
2176 LDAP_LOG(( "cofig", LDAP_LEVEL_CRIT,
2177 "%s: line %d: failed to set module search path to %s.\n",
2178 fname, lineno, cargv[1] ));
2180 Debug( LDAP_DEBUG_ANY,
2181 "%s: line %d: failed to set module search path to %s\n",
2182 fname, lineno, cargv[1]);
2185 exit( EXIT_FAILURE );
2188 #endif /*SLAPD_MODULES*/
2191 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2192 rc = ldap_pvt_tls_set_option( NULL,
2193 LDAP_OPT_X_TLS_RANDOM_FILE,
2198 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2199 rc = ldap_pvt_tls_set_option( NULL,
2200 LDAP_OPT_X_TLS_CIPHER_SUITE,
2205 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2206 rc = ldap_pvt_tls_set_option( NULL,
2207 LDAP_OPT_X_TLS_CERTFILE,
2212 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2213 rc = ldap_pvt_tls_set_option( NULL,
2214 LDAP_OPT_X_TLS_KEYFILE,
2219 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2220 rc = ldap_pvt_tls_set_option( NULL,
2221 LDAP_OPT_X_TLS_CACERTDIR,
2226 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2227 rc = ldap_pvt_tls_set_option( NULL,
2228 LDAP_OPT_X_TLS_CACERTFILE,
2232 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2233 if ( isdigit( cargv[1][0] ) ) {
2235 rc = ldap_pvt_tls_set_option( NULL,
2236 LDAP_OPT_X_TLS_REQUIRE_CERT,
2239 rc = ldap_int_tls_config( NULL,
2240 LDAP_OPT_X_TLS_REQUIRE_CERT,
2249 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2250 #ifdef SLAPD_RLOOKUPS
2253 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2254 "%s: line %d: reverse-lookup: "
2255 "missing \"on\" or \"off\"\n",
2258 Debug( LDAP_DEBUG_ANY,
2259 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2265 if ( !strcasecmp( cargv[1], "on" ) ) {
2266 use_reverse_lookup = 1;
2267 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2268 use_reverse_lookup = 0;
2271 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2272 "%s: line %d: reverse-lookup: "
2273 "must be \"on\" (default) "
2277 Debug( LDAP_DEBUG_ANY,
2278 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2284 #else /* !SLAPD_RLOOKUPS */
2286 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2287 "%s: line %d: reverse lookups "
2288 "are not configured (ignored).\n",
2291 Debug( LDAP_DEBUG_ANY,
2292 "%s: line %d: reverse lookups are not configured (ignored).\n",
2295 #endif /* !SLAPD_RLOOKUPS */
2297 /* pass anything else to the current backend info/db config routine */
2300 if ( bi->bi_config == 0 ) {
2302 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2303 "%s: line %d: unknown directive \"%s\" inside "
2304 "backend info definition (ignored).\n",
2305 fname, lineno, cargv[0] ));
2307 Debug( LDAP_DEBUG_ANY,
2308 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2309 fname, lineno, cargv[0] );
2313 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2319 } else if ( be != NULL ) {
2320 if ( be->be_config == 0 ) {
2322 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2323 "%s: line %d: uknown directive \"%s\" inside "
2324 "backend database definition (ignored).\n",
2325 fname, lineno, cargv[0] ));
2327 Debug( LDAP_DEBUG_ANY,
2328 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2329 fname, lineno, cargv[0] );
2333 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2341 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2342 "%s: line %d: unknown directive \"%s\" outside backend "
2343 "info and database definitions (ignored).\n",
2344 fname, lineno, cargv[0] ));
2346 Debug( LDAP_DEBUG_ANY,
2347 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2348 fname, lineno, cargv[0] );
2357 if ( load_ucdata( NULL ) < 0 ) return 1;
2371 for ( token = strtok_quote( line, " \t" ); token != NULL;
2372 token = strtok_quote( NULL, " \t" ) ) {
2373 if ( *argcp == MAXARGS ) {
2375 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2376 "fp_parse_line: too many tokens (%d max).\n",
2379 Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
2385 argv[(*argcp)++] = token;
2387 argv[*argcp] = NULL;
2392 strtok_quote( char *line, char *sep )
2398 if ( line != NULL ) {
2401 while ( *next && strchr( sep, *next ) ) {
2405 if ( *next == '\0' ) {
2411 for ( inquote = 0; *next; ) {
2419 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2425 next + 1, strlen( next + 1 ) + 1 );
2426 next++; /* dont parse the escaped character */
2431 if ( strchr( sep, *next ) != NULL ) {
2444 static char buf[BUFSIZ];
2446 static int lmax, lcur;
2448 #define CATLINE( buf ) { \
2450 len = strlen( buf ); \
2451 while ( lcur + len + 1 > lmax ) { \
2453 line = (char *) ch_realloc( line, lmax ); \
2455 strcpy( line + lcur, buf ); \
2460 fp_getline( FILE *fp, int *lineno )
2468 /* hack attack - keeps us from having to keep a stack of bufs... */
2469 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2474 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2475 /* trim off \r\n or \n */
2476 if ( (p = strchr( buf, '\n' )) != NULL ) {
2477 if( p > buf && p[-1] == '\r' ) --p;
2481 /* trim off trailing \ and append the next line */
2482 if ( line[ 0 ] != '\0'
2483 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2484 && p[ -1 ] != '\\' ) {
2489 if ( ! isspace( (unsigned char) buf[0] ) ) {
2493 /* change leading whitespace to a space */
2502 return( line[0] ? line : NULL );
2506 fp_getline_init( int *lineno )
2512 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2514 load_ucdata( char *path )
2516 static int loaded = 0;
2522 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2525 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2526 "load_ucdata: Error %d loading ucdata.\n", err ));
2528 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2541 ucdata_unload( UCDATA_ALL );
2543 if ( slapd_args_file )
2544 free ( slapd_args_file );
2545 if ( slapd_pid_file )
2546 free ( slapd_pid_file );
2547 acl_destroy( global_acl, NULL );