/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
if ( li->url != NULL ) {
ch_free( li->url );
}
+
l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1;
li->url = ch_calloc( l, sizeof( char ) );
if ( li->url == NULL ) {
/* URI of server to query (preferred over "server" directive) */
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
LDAPURLDesc *tmpludp;
- int urlrc;
+ int urlrc, i;
if ( argc != 2 ) {
fprintf( stderr, "%s: line %d: "
return 1;
}
- for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
+ for ( i = 0, tmpludp = li->lud;
+ tmpludp;
+ i++, tmpludp = tmpludp->lud_next )
+ {
if ( ( tmpludp->lud_dn != NULL
&& tmpludp->lud_dn[0] != '\0' )
|| tmpludp->lud_attrs != NULL
"warning, only protocol, "
"host and port allowed "
"in \"uri <uri>\" statement "
- "for \"%s\"\n",
- fname, lineno, argv[1] );
+ "for uri #%d of \"%s\"\n",
+ fname, lineno, i, argv[1] );
}
}
li->url = ch_strdup( argv[ 1 ] );
#endif
+ /* start tls */
+ } else if ( strcasecmp( argv[0], "start-tls" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: start-tls takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags |= LDAP_BACK_F_TLS_CRITICAL;
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[0], "try-start-tls" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: try-start-tls takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
+ li->flags |= LDAP_BACK_F_USE_TLS;
+
/* name to use for ldap_back_group */
} else if ( strcasecmp( argv[0], "acl-authcdn" ) == 0
- || strcasecmp( argv[0], "binddn" ) == 0 ) {
+ || strcasecmp( argv[0], "binddn" ) == 0 )
+ {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: missing name in \"%s <name>\" line\n",
fname, lineno, argv[0] );
return( 1 );
}
+
+ if ( strcasecmp( argv[0], "binddn" ) == 0 ) {
+ fprintf( stderr, "%s: line %d: "
+ "\"binddn\" statement is deprecated; "
+ "use \"acl-authcDN\" instead\n",
+ fname, lineno );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
ber_str2bv( argv[1], 0, 1, &li->acl_authcDN );
/* password to use for ldap_back_group */
} else if ( strcasecmp( argv[0], "acl-passwd" ) == 0
- || strcasecmp( argv[0], "bindpw" ) == 0 ) {
+ || strcasecmp( argv[0], "bindpw" ) == 0 )
+ {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: missing password in \"%s <password>\" line\n",
fname, lineno, argv[0] );
return( 1 );
}
+
+ if ( strcasecmp( argv[0], "bindpw" ) == 0 ) {
+ fprintf( stderr, "%s: line %d: "
+ "\"bindpw\" statement is deprecated; "
+ "use \"acl-passwd\" instead\n",
+ fname, lineno );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
ber_str2bv( argv[1], 0, 1, &li->acl_passwd );
-#ifdef LDAP_BACK_PROXY_AUTHZ
/* identity assertion stuff... */
} else if ( strncasecmp( argv[0], "idassert-", STRLENOF( "idassert-" ) ) == 0
- || strncasecmp( argv[0], "proxyauthz", STRLENOF( "proxyauthz" ) ) == 0 ) {
+ || strncasecmp( argv[0], "proxyauthz", STRLENOF( "proxyauthz" ) ) == 0 )
+ {
+ /* NOTE: "proxyauthz{DN,pw}" was initially used; it's now
+ * deprected and undocumented, it can be dropped at some
+ * point, since nobody should be really using it */
return parse_idassert( be, fname, lineno, argc, argv );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
- "%s: line %d: rebind-as-user takes no arguments\n",
+ "%s: line %d: \"rebind-as-user\" takes no arguments\n",
fname, lineno );
return( 1 );
}
- li->savecred = 1;
-
+ li->flags |= LDAP_BACK_F_SAVECRED;
+
+ } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: \"chase-referrals\" takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
/* intercept exop_who_am_i? */
} else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) {
if ( argc != 1 ) {
}
load_extop( (struct berval *)&slap_EXOP_WHOAMI,
0, ldap_back_exop_whoami );
+
+ /* FIXME: legacy: intercept old rewrite/remap directives
+ * and try to start the rwm overlay */
+ } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0
+ || strcasecmp( argv[0], "map" ) == 0
+ || strncasecmp( argv[0], "rewrite", STRLENOF( "rewrite" ) ) == 0 )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "rewrite/remap capabilities have been moved "
+ "to the \"rwm\" overlay; see slapo-rwm(5) "
+ "for details. I'm trying to do my best "
+ "to preserve backwards compatibility...\n",
+ fname, lineno );
+
+ if ( li->rwm_started == 0 ) {
+ if ( overlay_config( be, "rwm" ) ) {
+ fprintf( stderr, "%s: line %d: "
+ "unable to configure the \"rwm\" "
+ "overlay, required by directive "
+ "\"%s\".\n",
+ fname, lineno, argv[0] );
+#if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
+ fprintf( stderr, "\thint: try loading the \"rwm.la\" dynamic module.\n" );
+#endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
+ return( 1 );
+ }
+
+ fprintf( stderr, "%s: line %d: back-ldap: "
+ "automatically starting \"rwm\" overlay, "
+ "triggered by \"%s\" directive.\n",
+ fname, lineno, argv[ 0 ] );
+
+ li->rwm_started = 1;
+
+ return ( *be->bd_info->bi_db_config )( be, fname, lineno, argc, argv );
+ }
+
+ return SLAP_CONF_UNKNOWN;
/* anything else */
} else {
ctrls[0] = &c;
op2.o_ndn = op->o_conn->c_ndn;
- lc = ldap_back_getconn(&op2, rs);
- if (!lc || !ldap_back_dobind( lc, op, rs )) {
+ lc = ldap_back_getconn(&op2, rs, LDAP_BACK_SENDERR);
+ if (!lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR )) {
return -1;
}
c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
&rs->sr_err);
if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
- if ( ldap_back_retry( lc, op, rs ) )
+ if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) )
goto retry;
}
ldap_back_freeconn( op, lc );
}
-#ifdef LDAP_BACK_PROXY_AUTHZ
static int
parse_idassert(
BackendDB *be,
}
if ( strcasecmp( argv[1], "none" ) == 0 ) {
- /* FIXME: is this useful? */
+ /* FIXME: is this at all useful? */
li->idassert_authmethod = LDAP_AUTH_NONE;
if ( argc != 2 ) {
return 0;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */