1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
28 * defaults for various global variables
30 struct slap_limits_set deflimit = {
31 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
34 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
36 -1, /* no limit on unchecked size */
38 0 /* hide number of entries left */
41 AccessControl *global_acl = NULL;
42 slap_access_t global_default_access = ACL_READ;
43 slap_mask_t global_restrictops = 0;
44 slap_mask_t global_allows = 0;
45 slap_mask_t global_disallows = 0;
46 slap_mask_t global_requires = 0;
47 slap_ssf_set_t global_ssf_set;
49 int global_gentlehup = 0;
50 int global_idletimeout = 0;
51 char *global_host = NULL;
52 char *global_realm = NULL;
53 char *ldap_srvtab = "";
54 char *default_passwd_hash = NULL;
55 int cargc = 0, cargv_size = 0;
57 struct berval default_search_base = { 0, NULL };
58 struct berval default_search_nbase = { 0, NULL };
59 unsigned num_subordinates = 0;
60 struct berval global_schemadn = { 0, NULL };
61 struct berval global_schemandn = { 0, NULL };
63 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
64 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
66 int slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
67 int slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
69 char *slapd_pid_file = NULL;
70 char *slapd_args_file = NULL;
72 char *strtok_quote_ptr;
74 int use_reverse_lookup = 0;
76 static char *fp_getline(FILE *fp, int *lineno);
77 static void fp_getline_init(int *lineno);
78 static int fp_parse_line(int lineno, char *line);
80 static char *strtok_quote(char *line, char *sep);
81 static int load_ucdata(char *path);
84 read_config( const char *fname, int depth )
87 char *line, *savefname, *saveline;
91 struct berval vals[2];
93 static int lastmod = 1;
94 static BackendInfo *bi = NULL;
95 static BackendDB *be = NULL;
97 vals[1].bv_val = NULL;
100 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
101 cargv_size = ARGS_STEP + 1;
104 if ( (fp = fopen( fname, "r" )) == NULL ) {
107 LDAP_LOG( CONFIG, ENTRY,
108 "read_config: " "could not open config file \"%s\": %s (%d)\n",
109 fname, strerror(errno), errno );
111 Debug( LDAP_DEBUG_ANY,
112 "could not open config file \"%s\": %s (%d)\n",
113 fname, strerror(errno), errno );
119 LDAP_LOG( CONFIG, ENTRY,
120 "read_config: reading config file %s\n", fname, 0, 0 );
122 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
126 fp_getline_init( &lineno );
128 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
129 /* skip comments and blank lines */
130 if ( line[0] == '#' || line[0] == '\0' ) {
134 /* fp_parse_line is destructive, we save a copy */
135 saveline = ch_strdup( line );
137 if ( fp_parse_line( lineno, line ) != 0 ) {
143 LDAP_LOG( CONFIG, INFO,
144 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
146 Debug( LDAP_DEBUG_ANY,
147 "%s: line %d: bad config line (ignored)\n",
154 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
157 LDAP_LOG( CONFIG, CRIT,
158 "%s : line %d: missing type in \"backend\" line.\n",
161 Debug( LDAP_DEBUG_ANY,
162 "%s: line %d: missing type in \"backend <type>\" line\n",
171 LDAP_LOG( CONFIG, CRIT,
172 "%s: line %d: backend line must appear before any "
173 "database definition.\n", fname, lineno , 0 );
175 Debug( LDAP_DEBUG_ANY,
176 "%s: line %d: backend line must appear before any database definition\n",
183 bi = backend_info( cargv[1] );
187 LDAP_LOG( CONFIG, CRIT,
188 "read_config: backend %s initialization failed.\n",
191 Debug( LDAP_DEBUG_ANY,
192 "backend %s initialization failed.\n",
198 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
201 LDAP_LOG( CONFIG, CRIT,
202 "%s: line %d: missing type in \"database <type>\" line\n",
205 Debug( LDAP_DEBUG_ANY,
206 "%s: line %d: missing type in \"database <type>\" line\n",
214 be = backend_db_init( cargv[1] );
218 LDAP_LOG( CONFIG, CRIT,
219 "database %s initialization failed.\n", cargv[1], 0, 0 );
221 Debug( LDAP_DEBUG_ANY,
222 "database %s initialization failed.\n",
229 /* set thread concurrency */
230 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
234 LDAP_LOG( CONFIG, CRIT,
235 "%s: line %d: missing level in \"concurrency <level\" "
236 " line\n", fname, lineno, 0 );
238 Debug( LDAP_DEBUG_ANY,
239 "%s: line %d: missing level in \"concurrency <level>\" line\n",
246 c = atoi( cargv[1] );
250 LDAP_LOG( CONFIG, CRIT,
251 "%s: line %d: invalid level (%d) in "
252 "\"concurrency <level>\" line.\n", fname, lineno, c );
254 Debug( LDAP_DEBUG_ANY,
255 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
262 ldap_pvt_thread_set_concurrency( c );
264 /* set sockbuf max */
265 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
269 LDAP_LOG( CONFIG, CRIT,
270 "%s: line %d: missing max in \"sockbuf_max_incoming "
271 "<bytes>\" line\n", fname, lineno, 0 );
273 Debug( LDAP_DEBUG_ANY,
274 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
281 max = atol( cargv[1] );
285 LDAP_LOG( CONFIG, CRIT,
286 "%s: line %d: invalid max value (%ld) in "
287 "\"sockbuf_max_incoming <bytes>\" line.\n",
288 fname, lineno, max );
290 Debug( LDAP_DEBUG_ANY,
291 "%s: line %d: invalid max value (%ld) in "
292 "\"sockbuf_max_incoming <bytes>\" line.\n",
293 fname, lineno, max );
299 sockbuf_max_incoming = max;
301 /* set sockbuf max authenticated */
302 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
306 LDAP_LOG( CONFIG, CRIT,
307 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
308 "<bytes>\" line\n", fname, lineno, 0 );
310 Debug( LDAP_DEBUG_ANY,
311 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
318 max = atol( cargv[1] );
322 LDAP_LOG( CONFIG, CRIT,
323 "%s: line %d: invalid max value (%ld) in "
324 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
325 fname, lineno, max );
327 Debug( LDAP_DEBUG_ANY,
328 "%s: line %d: invalid max value (%ld) in "
329 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
330 fname, lineno, max );
336 sockbuf_max_incoming_auth = max;
338 /* set conn pending max */
339 } else if ( strcasecmp( cargv[0], "conn_pending_max" ) == 0 ) {
343 LDAP_LOG( CONFIG, CRIT,
344 "%s: line %d: missing max in \"conn_pending_max "
345 "<requests>\" line\n", fname, lineno, 0 );
347 Debug( LDAP_DEBUG_ANY,
348 "%s: line %d: missing max in \"conn_pending_max <requests>\" line\n",
355 max = atol( cargv[1] );
359 LDAP_LOG( CONFIG, CRIT,
360 "%s: line %d: invalid max value (%ld) in "
361 "\"conn_pending_max <requests>\" line.\n",
362 fname, lineno, max );
364 Debug( LDAP_DEBUG_ANY,
365 "%s: line %d: invalid max value (%ld) in "
366 "\"conn_pending_max <requests>\" line.\n",
367 fname, lineno, max );
373 slap_conn_max_pending = max;
375 /* set conn pending max authenticated */
376 } else if ( strcasecmp( cargv[0], "conn_pending_max_auth" ) == 0 ) {
380 LDAP_LOG( CONFIG, CRIT,
381 "%s: line %d: missing max in \"conn_pending_max_auth "
382 "<requests>\" line\n", fname, lineno, 0 );
384 Debug( LDAP_DEBUG_ANY,
385 "%s: line %d: missing max in \"conn_pending_max_auth <requests>\" line\n",
392 max = atol( cargv[1] );
396 LDAP_LOG( CONFIG, CRIT,
397 "%s: line %d: invalid max value (%ld) in "
398 "\"conn_pending_max_auth <requests>\" line.\n",
399 fname, lineno, max );
401 Debug( LDAP_DEBUG_ANY,
402 "%s: line %d: invalid max value (%ld) in "
403 "\"conn_pending_max_auth <requests>\" line.\n",
404 fname, lineno, max );
410 slap_conn_max_pending_auth = max;
412 /* default search base */
413 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
416 LDAP_LOG( CONFIG, CRIT,
417 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
418 "line\n", fname, lineno, 0 );
420 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
421 "missing dn in \"defaultSearchBase <dn>\" line\n",
427 } else if ( cargc > 2 ) {
429 LDAP_LOG( CONFIG, INFO,
430 "%s: line %d: extra cruft after <dn> in "
431 "\"defaultSearchBase %s\" line (ignored)\n",
432 fname, lineno, cargv[1] );
434 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
435 "extra cruft after <dn> in \"defaultSearchBase %s\", "
437 fname, lineno, cargv[1] );
441 if ( bi != NULL || be != NULL ) {
443 LDAP_LOG( CONFIG, CRIT,
444 "%s: line %d: defaultSearchBase line must appear "
445 "prior to any backend or database definitions\n",
448 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
449 "defaultSearchBaase line must appear prior to "
450 "any backend or database definition\n",
457 if ( default_search_nbase.bv_len ) {
459 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
460 "default search base \"%s\" already defined "
461 "(discarding old)\n", fname, lineno,
462 default_search_base.bv_val );
464 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
465 "default search base \"%s\" already defined "
466 "(discarding old)\n",
467 fname, lineno, default_search_base.bv_val );
470 free( default_search_base.bv_val );
471 free( default_search_nbase.bv_val );
474 if ( load_ucdata( NULL ) < 0 ) return 1;
479 dn.bv_val = cargv[1];
480 dn.bv_len = strlen( dn.bv_val );
482 rc = dnPrettyNormal( NULL, &dn,
483 &default_search_base,
484 &default_search_nbase );
486 if( rc != LDAP_SUCCESS ) {
488 LDAP_LOG( CONFIG, CRIT,
489 "%s: line %d: defaultSearchBase DN is invalid.\n",
492 Debug( LDAP_DEBUG_ANY,
493 "%s: line %d: defaultSearchBase DN is invalid\n",
500 /* set maximum threads in thread pool */
501 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
505 LDAP_LOG( CONFIG, CRIT,
506 "%s: line %d: missing count in \"threads <count>\" line\n",
509 Debug( LDAP_DEBUG_ANY,
510 "%s: line %d: missing count in \"threads <count>\" line\n",
517 c = atoi( cargv[1] );
521 LDAP_LOG( CONFIG, CRIT,
522 "%s: line %d: invalid level (%d) in \"threads <count>\""
523 "line\n", fname, lineno, c );
525 Debug( LDAP_DEBUG_ANY,
526 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
533 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
535 /* save for later use */
536 connection_pool_max = c;
538 /* get pid file name */
539 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
542 LDAP_LOG( CONFIG, CRIT,
543 "%s: line %d missing file name in \"pidfile <file>\" "
544 "line.\n", fname, lineno, 0 );
546 Debug( LDAP_DEBUG_ANY,
547 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
554 slapd_pid_file = ch_strdup( cargv[1] );
556 /* get args file name */
557 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
560 LDAP_LOG( CONFIG, CRIT,
561 "%s: %d: missing file name in "
562 "\"argsfile <file>\" line.\n",
565 Debug( LDAP_DEBUG_ANY,
566 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
573 slapd_args_file = ch_strdup( cargv[1] );
575 /* default password hash */
576 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
579 LDAP_LOG( CONFIG, CRIT,
580 "%s: line %d: missing hash in "
581 "\"password-hash <hash>\" line.\n",
584 Debug( LDAP_DEBUG_ANY,
585 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
591 if ( default_passwd_hash != NULL ) {
593 LDAP_LOG( CONFIG, CRIT,
594 "%s: line %d: already set default password_hash!\n",
597 Debug( LDAP_DEBUG_ANY,
598 "%s: line %d: already set default password_hash!\n",
606 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
608 LDAP_LOG( CONFIG, CRIT,
609 "%s: line %d: password scheme \"%s\" not available\n",
610 fname, lineno, cargv[1] );
612 Debug( LDAP_DEBUG_ANY,
613 "%s: line %d: password scheme \"%s\" not available\n",
614 fname, lineno, cargv[1] );
619 default_passwd_hash = ch_strdup( cargv[1] );
621 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
625 LDAP_LOG( CONFIG, CRIT,
626 "%s: line %d: missing format in "
627 "\"password-crypt-salt-format <format>\" line\n",
630 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
631 "\"password-crypt-salt-format <format>\" line\n",
638 lutil_salt_format( cargv[1] );
640 /* SASL config options */
641 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
642 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
645 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
649 LDAP_LOG( CONFIG, CRIT,
650 "%s: line %d: missing dn in "
651 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
653 Debug( LDAP_DEBUG_ANY,
654 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
659 ber_str2bv( cargv[1], 0, 0, &dn );
661 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
664 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
667 if ( rc != LDAP_SUCCESS ) {
669 LDAP_LOG( CONFIG, CRIT,
670 "%s: line %d: schemadn DN is invalid.\n",
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: schemadn DN is invalid\n",
680 /* set UCDATA path */
681 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
685 LDAP_LOG( CONFIG, CRIT,
686 "%s: line %d: missing path in "
687 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
689 Debug( LDAP_DEBUG_ANY,
690 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
697 err = load_ucdata( cargv[1] );
701 LDAP_LOG( CONFIG, CRIT,
702 "%s: line %d: ucdata already loaded, ucdata-path "
703 "must be set earlier in the file and/or be "
704 "specified only once!\n", fname, lineno, 0 );
706 Debug( LDAP_DEBUG_ANY,
707 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
716 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
718 struct slap_limits_set *lim;
722 LDAP_LOG( CONFIG, CRIT,
723 "%s: line %d: missing limit in \"sizelimit <limit>\" "
724 "line.\n", fname, lineno, 0 );
726 Debug( LDAP_DEBUG_ANY,
727 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
737 lim = &be->be_def_limit;
740 for ( i = 1; i < cargc; i++ ) {
741 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
742 rc = parse_limit( cargv[i], lim );
745 LDAP_LOG( CONFIG, CRIT,
746 "%s: line %d: unable "
747 "to parse value \"%s\" in \"sizelimit "
748 "<limit>\" line.\n", fname, lineno, cargv[i] );
750 Debug( LDAP_DEBUG_ANY,
751 "%s: line %d: unable "
752 "to parse value \"%s\" "
755 fname, lineno, cargv[i] );
761 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
762 lim->lms_s_soft = -1;
766 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
767 if ( next == cargv[i] ) {
769 LDAP_LOG( CONFIG, CRIT,
770 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
771 "line.\n", fname, lineno, cargv[i] );
773 Debug( LDAP_DEBUG_ANY,
774 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
775 fname, lineno, cargv[i] );
779 } else if ( next[0] != '\0' ) {
781 LDAP_LOG( CONFIG, CRIT,
782 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
783 "line ignored.\n", fname, lineno, next );
785 Debug( LDAP_DEBUG_ANY,
786 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
787 fname, lineno, next );
796 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
798 struct slap_limits_set *lim;
802 LDAP_LOG( CONFIG, CRIT,
803 "%s: line %d missing limit in \"timelimit <limit>\" "
804 "line.\n", fname, lineno, 0 );
806 Debug( LDAP_DEBUG_ANY,
807 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
817 lim = &be->be_def_limit;
820 for ( i = 1; i < cargc; i++ ) {
821 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
822 rc = parse_limit( cargv[i], lim );
825 LDAP_LOG( CONFIG, CRIT,
826 "%s: line %d: unable to parse value \"%s\" "
827 "in \"timelimit <limit>\" line.\n",
828 fname, lineno, cargv[i] );
830 Debug( LDAP_DEBUG_ANY,
831 "%s: line %d: unable "
832 "to parse value \"%s\" "
835 fname, lineno, cargv[i] );
841 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
842 lim->lms_t_soft = -1;
846 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
847 if ( next == cargv[i] ) {
849 LDAP_LOG( CONFIG, CRIT,
850 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
851 "line.\n", fname, lineno, cargv[i] );
853 Debug( LDAP_DEBUG_ANY,
854 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
855 fname, lineno, cargv[i] );
859 } else if ( next[0] != '\0' ) {
861 LDAP_LOG( CONFIG, CRIT,
862 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
863 "line ignored.\n", fname, lineno, next );
865 Debug( LDAP_DEBUG_ANY,
866 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
867 fname, lineno, next );
875 /* set regex-based limits */
876 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
879 LDAP_LOG( CONFIG, WARNING,
880 "%s: line %d \"limits\" allowed only in database "
881 "environment.\n", fname, lineno, 0 );
883 Debug( LDAP_DEBUG_ANY,
884 "%s: line %d \"limits\" allowed only in database environment.\n%s",
890 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
894 /* mark this as a subordinate database */
895 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
898 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
899 "subordinate keyword must appear inside a database "
900 "definition.\n", fname, lineno, 0 );
902 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
903 "must appear inside a database definition.\n",
909 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
913 /* set database suffix */
914 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
916 struct berval dn, pdn, ndn;
920 LDAP_LOG( CONFIG, CRIT,
921 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
924 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
925 "missing dn in \"suffix <dn>\" line\n",
931 } else if ( cargc > 2 ) {
933 LDAP_LOG( CONFIG, INFO,
934 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
935 " line (ignored).\n", fname, lineno, cargv[1] );
937 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
938 "after <dn> in \"suffix %s\" line (ignored)\n",
939 fname, lineno, cargv[1] );
945 LDAP_LOG( CONFIG, INFO,
946 "%s: line %d: suffix line must appear inside a database "
947 "definition.\n", fname, lineno, 0 );
949 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
950 "must appear inside a database definition\n",
955 #if defined(SLAPD_MONITOR_DN)
956 /* "cn=Monitor" is reserved for monitoring slap */
957 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
959 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
960 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
963 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
964 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
968 #endif /* SLAPD_MONITOR_DN */
971 if ( load_ucdata( NULL ) < 0 ) return 1;
973 dn.bv_val = cargv[1];
974 dn.bv_len = strlen( cargv[1] );
976 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
977 if( rc != LDAP_SUCCESS ) {
979 LDAP_LOG( CONFIG, CRIT,
980 "%s: line %d: suffix DN is invalid.\n",
983 Debug( LDAP_DEBUG_ANY,
984 "%s: line %d: suffix DN is invalid\n",
990 tmp_be = select_backend( &ndn, 0, 0 );
991 if ( tmp_be == be ) {
993 LDAP_LOG( CONFIG, INFO,
994 "%s: line %d: suffix already served by this backend "
995 "(ignored)\n", fname, lineno, 0 );
997 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
998 "already served by this backend (ignored)\n",
1004 } else if ( tmp_be != NULL ) {
1006 LDAP_LOG( CONFIG, INFO,
1007 "%s: line %d: suffix already served by a preceding "
1008 "backend \"%s\"\n", fname, lineno,
1009 tmp_be->be_suffix[0].bv_val );
1011 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
1012 "already served by a preceeding backend \"%s\"\n",
1013 fname, lineno, tmp_be->be_suffix[0].bv_val );
1019 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
1021 LDAP_LOG( CONFIG, INFO,
1022 "%s: line %d: suffix DN empty and default search "
1023 "base provided \"%s\" (assuming okay).\n",
1024 fname, lineno, default_search_base.bv_val );
1026 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1027 "suffix DN empty and default "
1028 "search base provided \"%s\" (assuming okay)\n",
1029 fname, lineno, default_search_base.bv_val );
1033 ber_bvarray_add( &be->be_suffix, &pdn );
1034 ber_bvarray_add( &be->be_nsuffix, &ndn );
1037 /* set max deref depth */
1038 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1042 LDAP_LOG( CONFIG, CRIT,
1043 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1044 " line\n", fname, lineno, 0 );
1046 Debug( LDAP_DEBUG_ANY,
1047 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1055 LDAP_LOG( CONFIG, INFO,
1056 "%s: line %d: depth line must appear inside a database "
1057 "definition.\n", fname, lineno ,0 );
1059 Debug( LDAP_DEBUG_ANY,
1060 "%s: line %d: depth line must appear inside a database definition.\n",
1065 } else if ((i = atoi(cargv[1])) < 0) {
1067 LDAP_LOG( CONFIG, INFO,
1068 "%s: line %d: depth must be positive.\n",
1071 Debug( LDAP_DEBUG_ANY,
1072 "%s: line %d: depth must be positive.\n",
1079 be->be_max_deref_depth = i;
1083 /* set magic "root" dn for this database */
1084 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1087 LDAP_LOG( CONFIG, INFO,
1088 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1091 Debug( LDAP_DEBUG_ANY,
1092 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1101 LDAP_LOG( CONFIG, INFO,
1102 "%s: line %d: rootdn line must appear inside a database "
1103 "definition.\n", fname, lineno ,0 );
1105 Debug( LDAP_DEBUG_ANY,
1106 "%s: line %d: rootdn line must appear inside a database definition.\n",
1114 if ( load_ucdata( NULL ) < 0 ) return 1;
1116 dn.bv_val = cargv[1];
1117 dn.bv_len = strlen( cargv[1] );
1119 rc = dnPrettyNormal( NULL, &dn,
1123 if( rc != LDAP_SUCCESS ) {
1125 LDAP_LOG( CONFIG, CRIT,
1126 "%s: line %d: rootdn DN is invalid.\n",
1129 Debug( LDAP_DEBUG_ANY,
1130 "%s: line %d: rootdn DN is invalid\n",
1137 /* set super-secret magic database password */
1138 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1141 LDAP_LOG( CONFIG, CRIT,
1142 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1143 " line\n", fname, lineno ,0 );
1145 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1146 "missing passwd in \"rootpw <passwd>\" line\n",
1155 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1156 "rootpw line must appear inside a database "
1157 "definition.\n", fname, lineno ,0 );
1159 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1160 "rootpw line must appear inside a database "
1167 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1169 if( tmp_be != be ) {
1171 LDAP_LOG( CONFIG, INFO,
1173 "rootpw can only be set when rootdn is under suffix\n",
1174 fname, lineno, "" );
1176 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1177 "rootpw can only be set when rootdn is under suffix\n",
1183 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1184 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1187 /* make this database read-only */
1188 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1191 LDAP_LOG( CONFIG, CRIT,
1192 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1193 "line.\n", fname, lineno ,0 );
1195 Debug( LDAP_DEBUG_ANY,
1196 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1203 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1204 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1206 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1209 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1210 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1212 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1217 /* allow these features */
1218 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1219 strcasecmp( cargv[0], "allow" ) == 0 )
1225 LDAP_LOG( CONFIG, INFO,
1226 "%s: line %d: allow line must appear prior to "
1227 "database definitions.\n", fname, lineno ,0 );
1229 Debug( LDAP_DEBUG_ANY,
1230 "%s: line %d: allow line must appear prior to database definitions\n",
1238 LDAP_LOG( CONFIG, CRIT,
1239 "%s: line %d: missing feature(s) in \"allow <features>\""
1240 " line\n", fname, lineno ,0 );
1242 Debug( LDAP_DEBUG_ANY,
1243 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1252 for( i=1; i < cargc; i++ ) {
1253 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1254 allows |= SLAP_ALLOW_BIND_V2;
1256 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1257 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1259 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1260 allows |= SLAP_ALLOW_BIND_ANON_DN;
1262 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1263 allows |= SLAP_ALLOW_UPDATE_ANON;
1265 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1267 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1268 "unknown feature %s in \"allow <features>\" line.\n",
1269 fname, lineno, cargv[1] );
1271 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1272 "unknown feature %s in \"allow <features>\" line\n",
1273 fname, lineno, cargv[i] );
1280 global_allows = allows;
1282 /* disallow these features */
1283 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1284 strcasecmp( cargv[0], "disallow" ) == 0 )
1286 slap_mask_t disallows;
1290 LDAP_LOG( CONFIG, INFO,
1291 "%s: line %d: disallow line must appear prior to "
1292 "database definitions.\n", fname, lineno ,0 );
1294 Debug( LDAP_DEBUG_ANY,
1295 "%s: line %d: disallow line must appear prior to database definitions\n",
1303 LDAP_LOG( CONFIG, CRIT,
1304 "%s: line %d: missing feature(s) in \"disallow <features>\""
1305 " line.\n", fname, lineno ,0 );
1307 Debug( LDAP_DEBUG_ANY,
1308 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1317 for( i=1; i < cargc; i++ ) {
1318 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1319 disallows |= SLAP_DISALLOW_BIND_ANON;
1321 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1322 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1324 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1325 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1327 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1328 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1330 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1331 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1333 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1335 LDAP_LOG( CONFIG, CRIT,
1336 "%s: line %d: unknown feature %s in "
1337 "\"disallow <features>\" line.\n",
1338 fname, lineno, cargv[i] );
1340 Debug( LDAP_DEBUG_ANY,
1341 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1342 fname, lineno, cargv[i] );
1349 global_disallows = disallows;
1351 /* require these features */
1352 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1353 strcasecmp( cargv[0], "require" ) == 0 )
1355 slap_mask_t requires;
1359 LDAP_LOG( CONFIG, CRIT,
1360 "%s: line %d: missing feature(s) in "
1361 "\"require <features>\" line.\n", fname, lineno ,0 );
1363 Debug( LDAP_DEBUG_ANY,
1364 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1373 for( i=1; i < cargc; i++ ) {
1374 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1375 requires |= SLAP_REQUIRE_BIND;
1377 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1378 requires |= SLAP_REQUIRE_LDAP_V3;
1380 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1381 requires |= SLAP_REQUIRE_AUTHC;
1383 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1384 requires |= SLAP_REQUIRE_SASL;
1386 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1387 requires |= SLAP_REQUIRE_STRONG;
1389 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1391 LDAP_LOG( CONFIG, CRIT,
1392 "%s: line %d: unknown feature %s in "
1393 "\"require <features>\" line.\n",
1394 fname, lineno , cargv[i] );
1396 Debug( LDAP_DEBUG_ANY,
1397 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1398 fname, lineno, cargv[i] );
1406 global_requires = requires;
1408 be->be_requires = requires;
1411 /* required security factors */
1412 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1413 slap_ssf_set_t *set;
1417 LDAP_LOG( CONFIG, CRIT,
1418 "%s: line %d: missing factor(s) in \"security <factors>\""
1419 " line.\n", fname, lineno ,0 );
1421 Debug( LDAP_DEBUG_ANY,
1422 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1430 set = &global_ssf_set;
1432 set = &be->be_ssf_set;
1435 for( i=1; i < cargc; i++ ) {
1436 if( strncasecmp( cargv[i], "ssf=",
1437 sizeof("ssf") ) == 0 )
1440 atoi( &cargv[i][sizeof("ssf")] );
1442 } else if( strncasecmp( cargv[i], "transport=",
1443 sizeof("transport") ) == 0 )
1445 set->sss_transport =
1446 atoi( &cargv[i][sizeof("transport")] );
1448 } else if( strncasecmp( cargv[i], "tls=",
1449 sizeof("tls") ) == 0 )
1452 atoi( &cargv[i][sizeof("tls")] );
1454 } else if( strncasecmp( cargv[i], "sasl=",
1455 sizeof("sasl") ) == 0 )
1458 atoi( &cargv[i][sizeof("sasl")] );
1460 } else if( strncasecmp( cargv[i], "update_ssf=",
1461 sizeof("update_ssf") ) == 0 )
1463 set->sss_update_ssf =
1464 atoi( &cargv[i][sizeof("update_ssf")] );
1466 } else if( strncasecmp( cargv[i], "update_transport=",
1467 sizeof("update_transport") ) == 0 )
1469 set->sss_update_transport =
1470 atoi( &cargv[i][sizeof("update_transport")] );
1472 } else if( strncasecmp( cargv[i], "update_tls=",
1473 sizeof("update_tls") ) == 0 )
1475 set->sss_update_tls =
1476 atoi( &cargv[i][sizeof("update_tls")] );
1478 } else if( strncasecmp( cargv[i], "update_sasl=",
1479 sizeof("update_sasl") ) == 0 )
1481 set->sss_update_sasl =
1482 atoi( &cargv[i][sizeof("update_sasl")] );
1484 } else if( strncasecmp( cargv[i], "simple_bind=",
1485 sizeof("simple_bind") ) == 0 )
1487 set->sss_simple_bind =
1488 atoi( &cargv[i][sizeof("simple_bind")] );
1492 LDAP_LOG( CONFIG, CRIT,
1493 "%s: line %d: unknown factor %S in "
1494 "\"security <factors>\" line.\n",
1495 fname, lineno, cargv[1] );
1497 Debug( LDAP_DEBUG_ANY,
1498 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1499 fname, lineno, cargv[i] );
1505 /* where to send clients when we don't hold it */
1506 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1509 LDAP_LOG( CONFIG, CRIT,
1510 "%s: line %d: missing URL in \"referral <URL>\""
1511 " line.\n", fname, lineno , 0 );
1513 Debug( LDAP_DEBUG_ANY,
1514 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1521 if( validate_global_referral( cargv[1] ) ) {
1523 LDAP_LOG( CONFIG, CRIT,
1524 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1525 fname, lineno, cargv[1] );
1527 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1528 "invalid URL (%s) in \"referral\" line.\n",
1529 fname, lineno, cargv[1] );
1534 vals[0].bv_val = cargv[1];
1535 vals[0].bv_len = strlen( vals[0].bv_val );
1536 if( value_add( &default_referral, vals ) )
1540 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1544 LDAP_LOG( CONFIG, CRIT,
1545 "%s: line %d: Error in logfile directive, "
1546 "\"logfile <filename>\"\n", fname, lineno , 0 );
1548 Debug( LDAP_DEBUG_ANY,
1549 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1555 logfile = fopen( cargv[1], "w" );
1556 if ( logfile != NULL ) lutil_debug_file( logfile );
1559 /* start of a new database definition */
1560 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1564 LDAP_LOG( CONFIG, CRIT,
1565 "%s: line %d: Error in debug directive, "
1566 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1568 Debug( LDAP_DEBUG_ANY,
1569 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1575 level = atoi( cargv[2] );
1576 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1577 lutil_set_debug_level( cargv[1], level );
1578 /* specify an Object Identifier macro */
1579 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1580 rc = parse_oidm( fname, lineno, cargc, cargv );
1583 /* specify an objectclass */
1584 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1587 LDAP_LOG( CONFIG, INFO,
1588 "%s: line %d: illegal objectclass format.\n",
1589 fname, lineno , 0 );
1591 Debug( LDAP_DEBUG_ANY,
1592 "%s: line %d: illegal objectclass format.\n",
1597 } else if ( *cargv[1] == '(' /*')'*/) {
1599 p = strchr(saveline,'(' /*')'*/);
1600 rc = parse_oc( fname, lineno, p, cargv );
1605 LDAP_LOG( CONFIG, INFO,
1606 "%s: line %d: old objectclass format not supported\n",
1607 fname, lineno , 0 );
1609 Debug( LDAP_DEBUG_ANY,
1610 "%s: line %d: old objectclass format not supported.\n",
1615 #ifdef SLAP_EXTENDED_SCHEMA
1616 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1618 p = strchr(saveline,'(' /*')'*/);
1619 rc = parse_cr( fname, lineno, p, cargv );
1623 /* specify an attribute type */
1624 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1625 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1629 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1630 "illegal attribute type format.\n",
1631 fname, lineno , 0 );
1633 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1634 "illegal attribute type format.\n",
1639 } else if ( *cargv[1] == '(' /*')'*/) {
1641 p = strchr(saveline,'(' /*')'*/);
1642 rc = parse_at( fname, lineno, p, cargv );
1647 LDAP_LOG( CONFIG, INFO,
1648 "%s: line %d: old attribute type format not supported.\n",
1649 fname, lineno , 0 );
1651 Debug( LDAP_DEBUG_ANY,
1652 "%s: line %d: old attribute type format not supported.\n",
1658 /* define attribute option(s) */
1659 } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
1660 ad_define_option( NULL, NULL, 0 );
1661 for ( i = 1; i < cargc; i++ )
1662 if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
1665 /* turn on/off schema checking */
1666 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1669 LDAP_LOG( CONFIG, CRIT,
1670 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1671 " line.\n", fname, lineno , 0 );
1673 Debug( LDAP_DEBUG_ANY,
1674 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1680 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1682 LDAP_LOG( CONFIG, CRIT,
1683 "%s: line %d: schema checking disabled! your mileage may "
1684 "vary!\n", fname, lineno , 0 );
1686 Debug( LDAP_DEBUG_ANY,
1687 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1690 global_schemacheck = 0;
1692 global_schemacheck = 1;
1695 /* specify access control info */
1696 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1697 parse_acl( be, fname, lineno, cargc, cargv );
1699 /* debug level to log things to syslog */
1700 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1703 LDAP_LOG( CONFIG, CRIT,
1704 "%s: line %d: missing level in \"loglevel <level>\""
1705 " line.\n", fname, lineno , 0 );
1707 Debug( LDAP_DEBUG_ANY,
1708 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1717 for( i=1; i < cargc; i++ ) {
1718 ldap_syslog += atoi( cargv[1] );
1721 /* list of replicas of the data in this backend (master only) */
1722 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1725 LDAP_LOG( CONFIG, CRIT,
1726 "%s: line %d: missing host in \"replica "
1727 " <host[:port]\" line\n", fname, lineno , 0 );
1729 Debug( LDAP_DEBUG_ANY,
1730 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1738 LDAP_LOG( CONFIG, INFO,
1739 "%s: line %d: replica line must appear inside "
1740 "a database definition.\n", fname, lineno, 0);
1742 Debug( LDAP_DEBUG_ANY,
1743 "%s: line %d: replica line must appear inside a database definition\n",
1751 for ( i = 1; i < cargc; i++ ) {
1752 if ( strncasecmp( cargv[i], "host=", 5 )
1754 nr = add_replica_info( be,
1761 LDAP_LOG( CONFIG, INFO,
1762 "%s: line %d: missing host in \"replica\" line\n",
1763 fname, lineno , 0 );
1765 Debug( LDAP_DEBUG_ANY,
1766 "%s: line %d: missing host in \"replica\" line\n",
1771 } else if ( nr == -1 ) {
1773 LDAP_LOG( CONFIG, INFO,
1774 "%s: line %d: unable to add"
1775 " replica \"%s\"\n",
1779 Debug( LDAP_DEBUG_ANY,
1780 "%s: line %d: unable to add replica \"%s\"\n",
1781 fname, lineno, cargv[i] + 5 );
1785 for ( i = 1; i < cargc; i++ ) {
1786 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1788 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1791 LDAP_LOG( CONFIG, INFO,
1792 "%s: line %d: suffix \"%s\" in \"replica\""
1793 " line is not valid for backend(ignored)\n",
1794 fname, lineno, cargv[i] + 7 );
1796 Debug( LDAP_DEBUG_ANY,
1797 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1798 fname, lineno, cargv[i] + 7 );
1804 LDAP_LOG( CONFIG, INFO,
1805 "%s: line %d: unable to normalize suffix"
1806 " in \"replica\" line (ignored)\n",
1807 fname, lineno , 0 );
1809 Debug( LDAP_DEBUG_ANY,
1810 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1816 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1818 char *arg = cargv[i] + 4;
1820 if ( arg[0] == '!' ) {
1825 if ( arg[0] != '=' ) {
1829 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1831 LDAP_LOG( CONFIG, INFO,
1832 "%s: line %d: attribute \"%s\" in "
1833 "\"replica\" line is unknown\n",
1834 fname, lineno, arg + 1 );
1836 Debug( LDAP_DEBUG_ANY,
1837 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1838 fname, lineno, arg + 1 );
1847 /* dn of master entity allowed to write to replica */
1848 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1851 LDAP_LOG( CONFIG, CRIT,
1852 "%s: line %d: missing dn in \"updatedn <dn>\""
1853 " line.\n", fname, lineno , 0 );
1855 Debug( LDAP_DEBUG_ANY,
1856 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1864 LDAP_LOG( CONFIG, INFO,
1865 "%s: line %d: updatedn line must appear inside "
1866 "a database definition\n",
1867 fname, lineno , 0 );
1869 Debug( LDAP_DEBUG_ANY,
1870 "%s: line %d: updatedn line must appear inside a database definition\n",
1878 if ( load_ucdata( NULL ) < 0 ) return 1;
1880 dn.bv_val = cargv[1];
1881 dn.bv_len = strlen( cargv[1] );
1883 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1884 if( rc != LDAP_SUCCESS ) {
1886 LDAP_LOG( CONFIG, CRIT,
1887 "%s: line %d: updatedn DN is invalid.\n",
1888 fname, lineno , 0 );
1890 Debug( LDAP_DEBUG_ANY,
1891 "%s: line %d: updatedn DN is invalid\n",
1898 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1901 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1902 "missing url in \"updateref <ldapurl>\" line.\n",
1903 fname, lineno , 0 );
1905 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1906 "missing url in \"updateref <ldapurl>\" line\n",
1914 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1915 " line must appear inside a database definition\n",
1916 fname, lineno , 0 );
1918 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1919 " line must appear inside a database definition\n",
1924 } else if ( !be->be_update_ndn.bv_len ) {
1926 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1927 "updateref line must come after updatedn.\n",
1928 fname, lineno , 0 );
1930 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1931 "updateref line must after updatedn.\n",
1937 if( validate_global_referral( cargv[1] ) ) {
1939 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1940 "invalid URL (%s) in \"updateref\" line.\n",
1941 fname, lineno, cargv[1] );
1943 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1944 "invalid URL (%s) in \"updateref\" line.\n",
1945 fname, lineno, cargv[1] );
1950 vals[0].bv_val = cargv[1];
1951 vals[0].bv_len = strlen( vals[0].bv_val );
1952 if( value_add( &be->be_update_refs, vals ) )
1955 /* replication log file to which changes are appended */
1956 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1959 LDAP_LOG( CONFIG, CRIT,
1960 "%s: line %d: missing filename in \"replogfile <filename>\""
1961 " line.\n", fname, lineno , 0 );
1963 Debug( LDAP_DEBUG_ANY,
1964 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1971 be->be_replogfile = ch_strdup( cargv[1] );
1973 replogfile = ch_strdup( cargv[1] );
1976 /* file from which to read additional rootdse attrs */
1977 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1980 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1981 "missing filename in \"rootDSE <filename>\" line.\n",
1982 fname, lineno , 0 );
1984 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1985 "missing filename in \"rootDSE <filename>\" line.\n",
1991 if( read_root_dse_file( cargv[1] ) ) {
1993 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1994 "could not read \"rootDSE <filename>\" line.\n",
1995 fname, lineno , 0 );
1997 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1998 "could not read \"rootDSE <filename>\" line\n",
2004 /* maintain lastmodified{by,time} attributes */
2005 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2008 LDAP_LOG( CONFIG, CRIT,
2009 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2010 " line.\n", fname, lineno , 0 );
2012 Debug( LDAP_DEBUG_ANY,
2013 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2019 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2021 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2027 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2034 /* turn on/off gentle SIGHUP handling */
2035 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
2037 Debug( LDAP_DEBUG_ANY,
2038 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
2042 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
2043 global_gentlehup = 0;
2045 global_gentlehup = 1;
2049 /* set idle timeout value */
2050 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2054 LDAP_LOG( CONFIG, CRIT,
2055 "%s: line %d: missing timeout value in "
2056 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
2058 Debug( LDAP_DEBUG_ANY,
2059 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2066 i = atoi( cargv[1] );
2070 LDAP_LOG( CONFIG, CRIT,
2071 "%s: line %d: timeout value (%d) invalid "
2072 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
2074 Debug( LDAP_DEBUG_ANY,
2075 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2082 global_idletimeout = i;
2084 /* include another config file */
2085 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2088 LDAP_LOG( CONFIG, CRIT,
2089 "%s: line %d: missing filename in \"include "
2090 "<filename>\" line.\n", fname, lineno , 0 );
2092 Debug( LDAP_DEBUG_ANY,
2093 "%s: line %d: missing filename in \"include <filename>\" line\n",
2099 savefname = ch_strdup( cargv[1] );
2100 savelineno = lineno;
2102 if ( read_config( savefname, depth+1 ) != 0 ) {
2107 lineno = savelineno - 1;
2109 /* location of kerberos srvtab file */
2110 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2113 LDAP_LOG( CONFIG, CRIT,
2114 "%s: line %d: missing filename in \"srvtab "
2115 "<filename>\" line.\n", fname, lineno , 0 );
2117 Debug( LDAP_DEBUG_ANY,
2118 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2124 ldap_srvtab = ch_strdup( cargv[1] );
2126 #ifdef SLAPD_MODULES
2127 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2130 LDAP_LOG( CONFIG, INFO,
2131 "%s: line %d: missing filename in \"moduleload "
2132 "<filename>\" line.\n", fname, lineno , 0 );
2134 Debug( LDAP_DEBUG_ANY,
2135 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2139 exit( EXIT_FAILURE );
2141 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2143 LDAP_LOG( CONFIG, CRIT,
2144 "%s: line %d: failed to load or initialize module %s\n",
2145 fname, lineno, cargv[1] );
2147 Debug( LDAP_DEBUG_ANY,
2148 "%s: line %d: failed to load or initialize module %s\n",
2149 fname, lineno, cargv[1]);
2152 exit( EXIT_FAILURE );
2154 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2157 LDAP_LOG( CONFIG, INFO,
2158 "%s: line %d: missing path in \"modulepath <path>\""
2159 " line\n", fname, lineno , 0 );
2161 Debug( LDAP_DEBUG_ANY,
2162 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2166 exit( EXIT_FAILURE );
2168 if (module_path( cargv[1] )) {
2170 LDAP_LOG( CONFIG, CRIT,
2171 "%s: line %d: failed to set module search path to %s.\n",
2172 fname, lineno, cargv[1] );
2174 Debug( LDAP_DEBUG_ANY,
2175 "%s: line %d: failed to set module search path to %s\n",
2176 fname, lineno, cargv[1]);
2179 exit( EXIT_FAILURE );
2182 #endif /*SLAPD_MODULES*/
2185 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2186 rc = ldap_pvt_tls_set_option( NULL,
2187 LDAP_OPT_X_TLS_RANDOM_FILE,
2192 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2193 rc = ldap_pvt_tls_set_option( NULL,
2194 LDAP_OPT_X_TLS_CIPHER_SUITE,
2199 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2200 rc = ldap_pvt_tls_set_option( NULL,
2201 LDAP_OPT_X_TLS_CERTFILE,
2206 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2207 rc = ldap_pvt_tls_set_option( NULL,
2208 LDAP_OPT_X_TLS_KEYFILE,
2213 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2214 rc = ldap_pvt_tls_set_option( NULL,
2215 LDAP_OPT_X_TLS_CACERTDIR,
2220 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2221 rc = ldap_pvt_tls_set_option( NULL,
2222 LDAP_OPT_X_TLS_CACERTFILE,
2226 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2227 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2229 rc = ldap_pvt_tls_set_option( NULL,
2230 LDAP_OPT_X_TLS_REQUIRE_CERT,
2233 rc = ldap_int_tls_config( NULL,
2234 LDAP_OPT_X_TLS_REQUIRE_CERT,
2243 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2244 #ifdef SLAPD_RLOOKUPS
2247 LDAP_LOG( CONFIG, INFO,
2248 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2249 fname, lineno , 0 );
2251 Debug( LDAP_DEBUG_ANY,
2252 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2258 if ( !strcasecmp( cargv[1], "on" ) ) {
2259 use_reverse_lookup = 1;
2260 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2261 use_reverse_lookup = 0;
2264 LDAP_LOG( CONFIG, INFO,
2265 "%s: line %d: reverse-lookup: "
2266 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2268 Debug( LDAP_DEBUG_ANY,
2269 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2275 #else /* !SLAPD_RLOOKUPS */
2277 LDAP_LOG( CONFIG, INFO,
2278 "%s: line %d: reverse lookups "
2279 "are not configured (ignored).\n", fname, lineno , 0 );
2281 Debug( LDAP_DEBUG_ANY,
2282 "%s: line %d: reverse lookups are not configured (ignored).\n",
2285 #endif /* !SLAPD_RLOOKUPS */
2287 /* Netscape plugins */
2288 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2289 #if defined( LDAP_SLAPI )
2291 #ifdef notdef /* allow global plugins, too */
2293 * a "plugin" line must be inside a database
2294 * definition, since we implement pre-,post-
2295 * and extended operation plugins
2299 LDAP_LOG( CONFIG, INFO,
2300 "%s: line %d: plugin line must appear "
2301 "inside a database definition.\n",
2304 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2305 "line must appear inside a database "
2306 "definition\n", fname, lineno, 0 );
2312 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2317 #else /* !defined( LDAP_SLAPI ) */
2319 LDAP_LOG( CONFIG, INFO,
2320 "%s: line %d: SLAPI not supported.\n",
2323 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2324 "not supported.\n", fname, lineno, 0 );
2328 #endif /* !defined( LDAP_SLAPI ) */
2330 /* Netscape plugins */
2331 } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
2332 #if defined( LDAP_SLAPI )
2335 LDAP_LOG( CONFIG, INFO,
2336 "%s: line %d: missing file name "
2337 "in pluginlog <filename> line.\n",
2340 Debug( LDAP_DEBUG_ANY,
2341 "%s: line %d: missing file name "
2342 "in pluginlog <filename> line.\n",
2348 if ( slapi_log_file != NULL ) {
2349 ch_free( slapi_log_file );
2352 slapi_log_file = ch_strdup( cargv[1] );
2353 #endif /* !defined( LDAP_SLAPI ) */
2355 /* pass anything else to the current backend info/db config routine */
2358 if ( bi->bi_config == 0 ) {
2360 LDAP_LOG( CONFIG, INFO,
2361 "%s: line %d: unknown directive \"%s\" inside "
2362 "backend info definition (ignored).\n",
2363 fname, lineno, cargv[0] );
2365 Debug( LDAP_DEBUG_ANY,
2366 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2367 fname, lineno, cargv[0] );
2371 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2377 } else if ( be != NULL ) {
2378 if ( be->be_config == 0 ) {
2380 LDAP_LOG( CONFIG, INFO,
2381 "%s: line %d: uknown directive \"%s\" inside "
2382 "backend database definition (ignored).\n",
2383 fname, lineno, cargv[0] );
2385 Debug( LDAP_DEBUG_ANY,
2386 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2387 fname, lineno, cargv[0] );
2391 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2399 LDAP_LOG( CONFIG, INFO,
2400 "%s: line %d: unknown directive \"%s\" outside backend "
2401 "info and database definitions (ignored).\n",
2402 fname, lineno, cargv[0] );
2404 Debug( LDAP_DEBUG_ANY,
2405 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2406 fname, lineno, cargv[0] );
2415 if ( depth == 0 ) ch_free( cargv );
2417 if ( !global_schemadn.bv_val ) {
2418 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2420 dnNormalize2( NULL, &global_schemadn, &global_schemandn );
2423 if ( load_ucdata( NULL ) < 0 ) return 1;
2435 char logbuf[sizeof("pseudorootpw ***")];
2438 token = strtok_quote( line, " \t" );
2442 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2443 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2444 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2445 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2446 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2448 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2451 if ( strtok_quote_ptr ) {
2452 *strtok_quote_ptr = ' ';
2456 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2458 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2461 if ( strtok_quote_ptr ) {
2462 *strtok_quote_ptr = '\0';
2465 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2466 if ( cargc == cargv_size - 1 ) {
2468 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2470 if ( tmp == NULL ) {
2472 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2474 Debug( LDAP_DEBUG_ANY,
2475 "line %d: out of memory\n",
2481 cargv_size += ARGS_STEP;
2483 cargv[cargc++] = token;
2485 cargv[cargc] = NULL;
2490 strtok_quote( char *line, char *sep )
2496 strtok_quote_ptr = NULL;
2497 if ( line != NULL ) {
2500 while ( *next && strchr( sep, *next ) ) {
2504 if ( *next == '\0' ) {
2510 for ( inquote = 0; *next; ) {
2518 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2524 next + 1, strlen( next + 1 ) + 1 );
2525 next++; /* dont parse the escaped character */
2530 if ( strchr( sep, *next ) != NULL ) {
2531 strtok_quote_ptr = next;
2544 static char buf[BUFSIZ];
2546 static size_t lmax, lcur;
2548 #define CATLINE( buf ) \
2550 size_t len = strlen( buf ); \
2551 while ( lcur + len + 1 > lmax ) { \
2553 line = (char *) ch_realloc( line, lmax ); \
2555 strcpy( line + lcur, buf ); \
2560 fp_getline( FILE *fp, int *lineno )
2568 /* hack attack - keeps us from having to keep a stack of bufs... */
2569 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2574 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2575 /* trim off \r\n or \n */
2576 if ( (p = strchr( buf, '\n' )) != NULL ) {
2577 if( p > buf && p[-1] == '\r' ) --p;
2581 /* trim off trailing \ and append the next line */
2582 if ( line[ 0 ] != '\0'
2583 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2584 && p[ -1 ] != '\\' ) {
2589 if ( ! isspace( (unsigned char) buf[0] ) ) {
2593 /* change leading whitespace to a space */
2602 return( line[0] ? line : NULL );
2606 fp_getline_init( int *lineno )
2612 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2614 load_ucdata( char *path )
2616 static int loaded = 0;
2622 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2625 LDAP_LOG( CONFIG, CRIT,
2626 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2628 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2641 ucdata_unload( UCDATA_ALL );
2642 free( global_schemandn.bv_val );
2643 free( global_schemadn.bv_val );
2645 if ( slapd_args_file )
2646 free ( slapd_args_file );
2647 if ( slapd_pid_file )
2648 free ( slapd_pid_file );
2649 if ( default_passwd_hash )
2650 free( default_passwd_hash );
2651 acl_destroy( global_acl, NULL );