+ case 'D': /* bind DN */
+ if( binddn != NULL ) {
+ fprintf( stderr, "%s: -D previously specified\n", prog );
+ return EXIT_FAILURE;
+ }
+ binddn = strdup( optarg );
+ break;
+ case 'e': /* general controls */
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -e incompatible with LDAPv%d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+
+ /* should be extended to support comma separated list of
+ * [!]key[=value] parameters, e.g. -e !foo,bar=567
+ */
+
+ crit = 0;
+ cvalue = NULL;
+ if( optarg[0] == '!' ) {
+ crit = 1;
+ optarg++;
+ }
+
+ control = strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+ if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
+ if( manageDSAit ) {
+ fprintf( stderr, "manageDSAit control previously specified");
+ return EXIT_FAILURE;
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr, "manageDSAit: no control value expected" );
+ usage(prog);
+ return EXIT_FAILURE;
+ }
+
+ manageDSAit = 1 + crit;
+ free( control );
+ break;
+
+ } else if ( strcasecmp( control, "noop" ) == 0 ) {
+ if( noop ) {
+ fprintf( stderr, "noop control previously specified");
+ return EXIT_FAILURE;
+ }
+ if( cvalue != NULL ) {
+ fprintf( stderr, "noop: no control value expected" );
+ usage(prog);
+ return EXIT_FAILURE;
+ }
+
+ noop = 1 + crit;
+ free( control );
+ break;
+
+ } else {
+ fprintf( stderr, "Invalid general control name: %s\n", control );
+ usage(prog);
+ return EXIT_FAILURE;
+ }
+ case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n", prog );
+ return EXIT_FAILURE;
+ }
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -h previously specified\n", prog );
+ return EXIT_FAILURE;
+ }
+ ldaphost = strdup( optarg );
+ break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n", prog );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n", prog );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n", prog );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
+ case 'k': /* kerberos bind */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if( version > LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+
+ if( authmethod != -1 ) {
+ fprintf( stderr, "%s: -k incompatible with previous "
+ "authentication choice\n", prog );
+ return EXIT_FAILURE;
+ }
+
+ authmethod = LDAP_AUTH_KRBV4;
+#else
+ fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
+ return EXIT_FAILURE;
+#endif
+ break;
+ case 'K': /* kerberos bind, part one only */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if( version > LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 ) {
+ fprintf( stderr, "%s: incompatible with previous "
+ "authentication choice\n", prog );
+ return EXIT_FAILURE;
+ }
+
+ authmethod = LDAP_AUTH_KRBV41;
+#else
+ fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
+ return( EXIT_FAILURE );
+#endif