+ } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc > 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( argc == 1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
+ fname, lineno, 0 );
+ *flagsp |= LDAP_BACK_F_SAVECRED;
+
+ } else {
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_SAVECRED;
+ break;
+
+ case 1:
+ *flagsp |= LDAP_BACK_F_SAVECRED;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 1:
+ *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
+ break;
+
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"tls <what>\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* start */
+ if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_USE_TLS;
+
+ /* propagate start tls */
+ } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
+ break;
+
+ case 1:
+ *flagsp |= LDAP_BACK_F_T_F;
+ break;
+
+ default:
+ if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
+ *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ break;
+ }
+
+ /* onerr? */
+ } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
+ mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
+
+ } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
+ mi->mi_flags |= META_BACK_F_ONERR_STOP;
+
+ } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
+ mi->mi_flags |= META_BACK_F_ONERR_REPORT;
+
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* bind-defer? */
+ } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
+ || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
+ {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
+ break;
+
+ case 1:
+ mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* single-conn? */
+ } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* use-temporaries? */
+ } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* privileged connections pool max size ? */
+ } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
+ fname, lineno, 0 );