- if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing type in \"backend <type>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if( be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: backend line must appear before any database definition\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- bi = backend_info( cargv[1] );
-
- if( bi == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "backend %s initialization failed.\n",
- cargv[1], 0, 0 );
-
- return( 1 );
- }
- } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing type in \"database <type>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- bi = NULL;
- be = backend_db_init( cargv[1] );
-
- if( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "database %s initialization failed.\n",
- cargv[1], 0, 0 );
-
- return( 1 );
- }
-
- /* set local security factor */
- } else if ( strcasecmp( cargv[0], "localSSF" ) == 0 ) {
- long ssf;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing ssf in \"localSSF <ssf>\" line\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- ssf = atol( cargv[1] );
-
- if( ssf < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid ssf value (%ld) in "
- "\"localSSF <ssf>\" line.\n",
- fname, lineno, ssf );
- return( 1 );
- }
-
- local_ssf = ssf;
-
- /* set thread concurrency */
- } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
- int c;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing level in \"concurrency <level>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- c = strtol( cargv[1], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse level \"%s\" in \"concurrency <level>\" line\n",
- fname, lineno, cargv[1] );
- return( 1 );
- }
-
- if( c < 1 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
- fname, lineno, c );
-
- return( 1 );
- }
-
- ldap_pvt_thread_set_concurrency( c );
-
- /* set sockbuf max */
- } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
- long max;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- max = atol( cargv[1] );
-
- if( max < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid max value (%ld) in "
- "\"sockbuf_max_incoming <bytes>\" line.\n",
- fname, lineno, max );
-
- return( 1 );
- }
-
- sockbuf_max_incoming = max;
-
- /* set sockbuf max authenticated */
- } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
- long max;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- max = atol( cargv[1] );
-
- if( max < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid max value (%ld) in "
- "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
- fname, lineno, max );
-
- return( 1 );
- }
-
- sockbuf_max_incoming_auth = max;
-
- /* set conn pending max */
- } else if ( strcasecmp( cargv[0], "conn_max_pending" ) == 0 ) {
- long max;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing max in \"conn_max_pending <requests>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- max = atol( cargv[1] );
-
- if( max < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid max value (%ld) in "
- "\"conn_max_pending <requests>\" line.\n",
- fname, lineno, max );
-
- return( 1 );
- }
-
- slap_conn_max_pending = max;
-
- /* set conn pending max authenticated */
- } else if ( strcasecmp( cargv[0], "conn_max_pending_auth" ) == 0 ) {
- long max;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing max in \"conn_max_pending_auth <requests>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- max = atol( cargv[1] );
-
- if( max < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid max value (%ld) in "
- "\"conn_max_pending_auth <requests>\" line.\n",
- fname, lineno, max );
-
- return( 1 );
- }
-
- slap_conn_max_pending_auth = max;
-
- /* default search base */
- } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing dn in \"defaultSearchBase <dn>\" line\n",
- fname, lineno, 0 );
-
- return 1;
-
- } else if ( cargc > 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "extra cruft after <dn> in \"defaultSearchBase %s\", "
- "line (ignored)\n",
- fname, lineno, cargv[1] );
- }
-
- if ( bi != NULL || be != NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "defaultSearchBaase line must appear prior to "
- "any backend or database definition\n",
- fname, lineno, 0 );
-
- return 1;
- }
-
- if ( default_search_nbase.bv_len ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "default search base \"%s\" already defined "
- "(discarding old)\n",
- fname, lineno, default_search_base.bv_val );
-
- free( default_search_base.bv_val );
- free( default_search_nbase.bv_val );
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- {
- struct berval dn;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( dn.bv_val );
-
- rc = dnPrettyNormal( NULL, &dn,
- &default_search_base,
- &default_search_nbase, NULL );
-
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: defaultSearchBase DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
- }
-
- /* set maximum threads in thread pool */
- } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
- int c;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing count in \"threads <count>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- c = strtol( cargv[1], &next, 10 );
- if (next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse count \"%s\" in \"threads <count>\" line\n",
- fname, lineno, cargv[1] );
- return( 1 );
- }
-
- if( c < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
- fname, lineno, c );
-
- return( 1 );
- }
-
- ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
-
- /* save for later use */
- connection_pool_max = c;
-
- /* get pid file name */
- } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing file name in \"pidfile <file>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- slapd_pid_file = ch_strdup( cargv[1] );
-
- /* get args file name */
- } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing file name in \"argsfile <file>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- slapd_args_file = ch_strdup( cargv[1] );
-
- } else if ( strcasecmp( cargv[0], "replica-pidfile" ) == 0 ) {
- /* ignore */ ;
-
- } else if ( strcasecmp( cargv[0], "replica-argsfile" ) == 0 ) {
- /* ignore */ ;
-
- /* default password hash */
- } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( default_passwd_hash != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: already set default password_hash!\n",
- fname, lineno, 0 );
-
- return 1;
-
- }
- for(i = 1; i < cargc; i++) {
- if ( lutil_passwd_scheme( cargv[i] ) == 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: password scheme \"%s\" not available\n",
- fname, lineno, cargv[i] );
- } else {
- ldap_charray_add( &default_passwd_hash, cargv[i] );
- }
- }
- if( !default_passwd_hash ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: no valid hashes found\n",
- fname, lineno, 0 );
- return 1;
- }
-
- } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
- {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
- "\"password-crypt-salt-format <format>\" line\n",
- fname, lineno, 0 );
-
- return 1;
- }
-
- lutil_salt_format( cargv[1] );
-
-#ifdef SLAP_AUTH_REWRITE
- /* use authid rewrite instead of sasl regexp */
- } else if ( strncasecmp( cargv[0], "auth-rewrite",
- STRLENOF("auth-rewrite") ) == 0 )
- {
- int rc = slap_sasl_rewrite_config( fname, lineno,
- cargc, cargv );
- if ( rc ) {
- return rc;
- }
-#endif /* SLAP_AUTH_REWRITE */
-
- /* Auth + SASL config options */
- } else if ( !strncasecmp( cargv[0], "auth", STRLENOF("auth") ) ||
- !strncasecmp( cargv[0], "sasl", STRLENOF("sasl") ))
- {
- if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
- return 1;
-
-
- } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
- struct berval dn;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
- fname, lineno, 0 );
- return 1 ;
- }
- ber_str2bv( cargv[1], 0, 0, &dn );
- if ( be ) {
- rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
- &be->be_schemandn, NULL );
- } else {
- rc = dnPrettyNormal( NULL, &dn, &frontendDB->be_schemadn,
- &frontendDB->be_schemandn, NULL );
- }
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: schemadn DN is invalid\n",
- fname, lineno, 0 );
- return 1;
- }
-
- /* set UCDATA path */
- } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
- int err;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- err = load_ucdata( cargv[1] );
- if ( err <= 0 ) {
- if ( err == 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
- fname, lineno, 0 );
-
- }
- return( 1 );
- }
-
- /* set size limit */
- } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
- int rc = 0, i;
- struct slap_limits_set *lim;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- lim = &frontendDB->be_def_limit;
- } else {
- lim = &be->be_def_limit;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
- rc = limits_parse_one( cargv[i], lim );
- if ( rc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"sizelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
- }
-
- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_s_soft = -1;
- } else {
- lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
- fname, lineno, next );
- }
- }
- lim->lms_s_hard = 0;
- }
- }
-
- /* set time limit */
- } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
- int rc = 0, i;
- struct slap_limits_set *lim;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- lim = &frontendDB->be_def_limit;
- } else {
- lim = &be->be_def_limit;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
- rc = limits_parse_one( cargv[i], lim );
- if ( rc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"timelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
- }
-
- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_t_soft = -1;
- } else {
- lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
- fname, lineno, next );
- }
- }
- lim->lms_t_hard = 0;
- }
- }
-
- /* set regex-based limits */
- } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d \"limits\" allowed only in database environment.\n%s",
- fname, lineno, "" );
- return( 1 );
- }
-
- if ( limits_parse( be, fname, lineno, cargc, cargv ) ) {
- return( 1 );
- }
-
- /* mark this as a subordinate database */
- } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: subordinate keyword "
- "must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
- num_subordinates++;
- }
-
- /* add an overlay to this backend */
- } else if ( strcasecmp( cargv[0], "overlay" ) == 0 ) {
- if ( be == NULL ) {
- if ( cargv[1][0] == '-' && overlay_config( frontendDB, &cargv[1][1] ) ) {
- /* log error */
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "(optional) global overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
- } else if ( overlay_config( frontendDB, cargv[1] ) ) {
- return 1;
- }
-
- } else {
- if ( cargv[1][0] == '-' && overlay_config( be, &cargv[1][1] ) ) {
- /* log error */
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "(optional) overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
- } else if ( overlay_config( be, cargv[1] ) ) {
- return 1;
- }
- }
-
- /* set database suffix */
- } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
- Backend *tmp_be;
- struct berval dn, pdn, ndn;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing dn in \"suffix <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
-
- } else if ( cargc > 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
- "after <dn> in \"suffix %s\" line (ignored)\n",
- fname, lineno, cargv[1] );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
- "must appear inside a database definition\n",
- fname, lineno, 0 );
- return( 1 );
-
-#if defined(SLAPD_MONITOR_DN)
- /* "cn=Monitor" is reserved for monitoring slap */
- } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
- "%s\" is reserved for monitoring slapd\n",
- fname, lineno, SLAPD_MONITOR_DN );
- return( 1 );
-#endif /* SLAPD_MONITOR_DN */
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- tmp_be = select_backend( &ndn, 0, 0 );
- if ( tmp_be == be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by this backend (ignored)\n",
- fname, lineno, 0 );
- free( pdn.bv_val );
- free( ndn.bv_val );
-
- } else if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
- free( pdn.bv_val );
- free( ndn.bv_val );
- return( 1 );
-
- } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix DN empty and default "
- "search base provided \"%s\" (assuming okay)\n",
- fname, lineno, default_search_base.bv_val );
- }
-
- ber_bvarray_add( &be->be_suffix, &pdn );
- ber_bvarray_add( &be->be_nsuffix, &ndn );
-
- /* set max deref depth */
- } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
- int i;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- i = strtol( cargv[1], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse depth \"%s\" in \"maxDerefDepth <depth>\" "
- "line.\n", fname, lineno, cargv[1] );
- return 1;
- }
-
- if (i < 0) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth must be positive.\n",
- fname, lineno, 0 );
- return 1;
-
-
- }
- be->be_max_deref_depth = i;
-
- /* set magic "root" dn for this database */
- } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn,
- &be->be_rootdn,
- &be->be_rootndn, NULL );
-
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: rootdn DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
- }
-
- /* set super-secret magic database password */
- } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing passwd in \"rootpw <passwd>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw line must appear inside a database "
- "definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
-
- if( tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw can only be set when rootdn is under suffix\n",
- fname, lineno, 0 );
- return 1;
- }
-
- be->be_rootpw.bv_val = ch_strdup( cargv[1] );
- be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
- }
-
- /* make this database read-only */
- } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- frontendDB->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
-
- } else {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
- }
-
- /* restricts specific operations */
- } else if ( strcasecmp( cargv[0], "restrict" ) == 0 ) {
- slap_mask_t restrictops = 0;
- struct restrictable_exops_t {
- char *name;
- int flag;
- } restrictable_exops[] = {
- { LDAP_EXOP_START_TLS, SLAP_RESTRICT_EXOP_START_TLS },
- { LDAP_EXOP_MODIFY_PASSWD, SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
- { LDAP_EXOP_X_WHO_AM_I, SLAP_RESTRICT_EXOP_WHOAMI },
- { LDAP_EXOP_X_CANCEL, SLAP_RESTRICT_EXOP_CANCEL },
- { NULL, 0 }
- };
- int i;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <op_list> in \"restrict <op_list>\" "
- "line.\n", fname, lineno, 0 );
- return 1;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strcasecmp( cargv[ i ], "read" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_READS;
-
- } else if ( strcasecmp( cargv[ i ], "write" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_WRITES;
-
- } else if ( strcasecmp( cargv[ i ], "add" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_ADD;
-
- } else if ( strcasecmp( cargv[ i ], "bind" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_BIND;
-
- } else if ( strcasecmp( cargv[ i ], "compare" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_COMPARE;
-
- } else if ( strcasecmp( cargv[ i ], "delete" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_DELETE;
-
- } else if ( strncasecmp( cargv[ i ], "extended",
- STRLENOF( "extended" ) ) == 0 )
- {
- char *e = cargv[ i ] + STRLENOF( "extended" );
-
- if ( e[0] == '=' ) {
- int j;
-
- e++;
- for ( j = 0; restrictable_exops[ j ].name; j++ ) {
- if ( strcmp( e, restrictable_exops[j].name ) == 0 )
- {
- restrictops |= restrictable_exops[ j ].flag;
- break;
- }
- }
-
- if ( restrictable_exops[ j ].name == NULL ) {
- goto restrict_unknown;
- }
-
- restrictops &= ~SLAP_RESTRICT_OP_EXTENDED;