+ txt = slap_sasl_secprops( cargv[1] );
+ if ( txt != NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d sas-secprops: %s\n",
+ fname, lineno, txt ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: sasl-secprops: %s\n",
+ fname, lineno, txt );
+#endif
+
+ return 1;
+ }
+
+ } else if ( strcasecmp( cargv[0], "sasl-external-x509dn-convert" ) == 0 ) {
+ sasl_external_x509dn_convert++;
+
+ /* set UCDATA path */
+ } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
+ int err;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing path in "
+ "\"ucdata-path <path>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ err = load_ucdata( cargv[1] );
+ if ( err <= 0 ) {
+ if ( err == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: ucdata already loaded, ucdata-path "
+ "must be set earlier in the file and/or be "
+ "specified only once!\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
+ fname, lineno, 0 );
+#endif
+
+ }
+ return( 1 );
+ }
+
+ /* set size limit */
+ } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing limit in \"sizelimit <limit>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ if ( be == NULL ) {
+ lim = &deflimit;
+ } else {
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_s_soft = atoi( cargv[i] );
+ lim->lms_s_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
+ }
+
+ /* set time limit */
+ } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d missing limit in \"timelimit <limit>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ if ( be == NULL ) {
+ lim = &deflimit;
+ } else {
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_t_soft = atoi( cargv[i] );
+ lim->lms_t_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
+ }
+
+ /* set regex-based limits */
+ } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
+ "%s: line %d \"limits\" allowed only in database environment.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d \"limits\" allowed only in database environment.\n%s",
+ fname, lineno, "" );
+#endif
+ return( 1 );
+ }
+
+ if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
+ return( 1 );
+ }
+
+ /* mark this as a subordinate database */
+ } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "subordinate keyword must appear inside a database "
+ "definition (ignored).\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
+ "must appear inside a database definition (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ } else {
+ be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
+ num_subordinates++;
+ }
+
+ /* set database suffix */
+ } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
+ Backend *tmp_be;
+ struct berval dn;
+ struct berval *pdn = NULL;
+ struct berval *ndn = NULL;
+
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing dn in \"suffix <dn>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+
+ } else if ( cargc > 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: extra cruft after <dn> in \"suffix %s\""
+ " line (ignored).\n", fname, lineno, cargv[1] ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
+ "after <dn> in \"suffix %s\" line (ignored)\n",
+ fname, lineno, cargv[1] );
+#endif
+ }
+
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix line must appear inside a database "
+ "definition.\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
+ "must appear inside a database definition\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+
+#if defined(SLAPD_MONITOR_DN)
+ /* "cn=Monitor" is reserved for monitoring slap */
+ } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \""
+ SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
+ SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+#endif /* SLAPD_MONITOR_DN */
+ }
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
+
+ dn.bv_val = cargv[1];
+ dn.bv_len = strlen( cargv[1] );
+ pdn = ch_malloc( sizeof( struct berval ));
+ ndn = ch_malloc( sizeof( struct berval ));
+
+ rc = dnPrettyNormal( NULL, &dn, pdn, ndn );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: suffix DN is invalid.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffix DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+ }
+
+ tmp_be = select_backend( ndn, 0, 0 );
+ if ( tmp_be == be ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix already served by this backend "
+ "(ignored)\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
+ "already served by this backend (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ ber_bvfree( pdn );
+ ber_bvfree( ndn );
+
+ } else if ( tmp_be != NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix already served by a preceding "
+ "backend \"%s\"\n", fname, lineno,
+ tmp_be->be_suffix[0]->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
+ "already served by a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
+#endif
+ ber_bvfree( pdn );
+ ber_bvfree( ndn );
+ return( 1 );
+
+ } else if( pdn->bv_len == 0 && default_search_nbase.bv_len ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix DN empty and default search "
+ "base provided \"%s\" (assuming okay).\n",
+ fname, lineno, default_search_base.bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "suffix DN empty and default "
+ "search base provided \"%s\" (assuming okay)\n",
+ fname, lineno, default_search_base.bv_val );
+#endif
+ }
+
+ ber_bvecadd( &be->be_suffix, pdn );
+ ber_bvecadd( &be->be_nsuffix, ndn );
+
+ /* set database suffixAlias */
+ } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
+ Backend *tmp_be;
+ struct berval alias, *palias, nalias;
+ struct berval aliased, *paliased, naliased;
+
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing alias and aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing alias and aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line.\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ } else if ( cargc < 3 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ } else if ( cargc > 3 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
+ fname, lineno, 0 );
+#endif
+
+ }
+
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffixAlias line must appear inside a "
+ "database definition (ignored).\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffixAlias line"
+ " must appear inside a database definition (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ }
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
+
+ alias.bv_val = cargv[1];
+ alias.bv_len = strlen( cargv[1] );
+ palias = ch_malloc(sizeof(struct berval));
+
+ rc = dnPrettyNormal( NULL, &alias, palias, &nalias );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: alias DN is invalid.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: alias DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+ }
+
+ tmp_be = select_backend( &nalias, 0, 0 );
+ free( nalias.bv_val );
+ if ( tmp_be && tmp_be != be ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffixAlias served by a preceeding "
+ "backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffixAlias served by"
+ " a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
+#endif
+ ber_bvfree( palias );
+ return -1;
+ }
+
+ aliased.bv_val = cargv[2];
+ aliased.bv_len = strlen( cargv[2] );
+ paliased = ch_malloc(sizeof(struct berval));
+
+ rc = dnPrettyNormal( NULL, &aliased, paliased, &naliased );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: aliased DN is invalid.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: aliased DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ ber_bvfree( palias );
+ return( 1 );
+ }
+
+ tmp_be = select_backend( &naliased, 0, 0 );
+ free( naliased.bv_val );
+ if ( tmp_be && tmp_be != be ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffixAlias derefs to a different backend "
+ "a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffixAlias derefs to differnet backend"
+ " a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
+#endif
+ ber_bvfree( palias );
+ ber_bvfree( paliased );
+ return -1;
+ }
+
+ ber_bvecadd( &be->be_suffixAlias, palias );
+ ber_bvecadd( &be->be_suffixAlias, paliased );
+
+ /* set max deref depth */
+ } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
+ int i;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
+ " line\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: depth line must appear inside a database "
+ "definition (ignored)\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: depth line must appear inside a database definition (ignored)\n",
+ fname, lineno, 0 );
+#endif
+
+ } else if ((i = atoi(cargv[1])) < 0) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: depth must be positive (ignored).\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: depth must be positive (ignored)\n",
+ fname, lineno, 0 );
+#endif
+
+
+ } else {