RFC 4511 calls for unavailableCriticalExtension to returned when

[openldap] / servers / slapd / back-ldap / config.c

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index cd93d834c5eb0b1eef43597d0153fe4bab0d5f72..d43ef4d8d53196cbe8493c5404e23cb2ddf35d20 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -295,8 +295,8 @@ static ConfigOCs ldapocs[] = {
                "NAME 'olcLDAPConfig' "
                "DESC 'LDAP backend configuration' "
                "SUP olcDatabaseConfig "
-               "MUST olcDbURI "
-               "MAY ( olcDbStartTLS "
+               "MAY ( olcDbURI "
+                       "$ olcDbStartTLS "
                        "$ olcDbACLAuthcDn "
                        "$ olcDbACLPasswd "
                        "$ olcDbACLBind "
@@ -715,10 +715,14 @@ ldap_back_cf_gen( ConfigArgs *c )
                switch( c->type ) {
                case LDAP_BACK_CFG_URI:
                        if ( li->li_uri != NULL ) {
-                               struct berval   bv;
+                               struct berval   bv, bv2;
 
                                ber_str2bv( li->li_uri, 0, 0, &bv );
-                               value_add_one( &c->rvalue_vals, &bv );
+                               bv2.bv_len = bv.bv_len + STRLENOF( "\"\"" );
+                               bv2.bv_val = ch_malloc( bv2.bv_len + 1 );
+                               snprintf( bv2.bv_val, bv2.bv_len + 1,
+                                       "\"%s\"", bv.bv_val );
+                               ber_bvarray_add( &c->rvalue_vals, &bv2 );
 
                        } else {
                                rc = 1;
@@ -1549,6 +1553,7 @@ done_url:;
                        && mask == LDAP_BACK_F_T_F_DISCOVER
                        && !LDAP_BACK_T_F( li ) )
                {
+                       slap_bindconf   sb = { 0 };
                        int             rc;
 
                        if ( li->li_uri == NULL ) {
@@ -1559,7 +1564,12 @@ done_url:;
                                return 1;
                        }
 
-                       rc = slap_discover_feature( li->li_uri, li->li_version,
+                       ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+                       sb.sb_version = li->li_version;
+                       sb.sb_method = LDAP_AUTH_SIMPLE;
+                       BER_BVSTR( &sb.sb_binddn, "" );
+
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
                                        LDAP_FEATURE_ABSOLUTE_FILTERS );
                        if ( rc == LDAP_COMPARE_TRUE ) {
@@ -1688,6 +1698,7 @@ done_url:;
                        && mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
                        && !LDAP_BACK_CANCEL( li ) )
                {
+                       slap_bindconf   sb = { 0 };
                        int             rc;
 
                        if ( li->li_uri == NULL ) {
@@ -1698,7 +1709,12 @@ done_url:;
                                return 1;
                        }
 
-                       rc = slap_discover_feature( li->li_uri, li->li_version,
+                       ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+                       sb.sb_version = li->li_version;
+                       sb.sb_method = LDAP_AUTH_SIMPLE;
+                       BER_BVSTR( &sb.sb_binddn, "" );
+
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
                                        LDAP_EXOP_CANCEL );
                        if ( rc == LDAP_COMPARE_TRUE ) {
@@ -1820,7 +1836,7 @@ ldap_back_exop_whoami(
                && !strcmp( op->o_conn->c_authz_backend->be_type, "ldap" )
                && !dn_match( &op->o_ndn, &op->o_conn->c_ndn ) )
        {
-               ldapconn_t      *lc;
+               ldapconn_t      *lc = NULL;
                LDAPControl c, *ctrls[2] = {NULL, NULL};
                LDAPMessage *res;
                Operation op2 = *op;
@@ -1830,8 +1846,7 @@ ldap_back_exop_whoami(
 
                ctrls[0] = &c;
                op2.o_ndn = op->o_conn->c_ndn;
-               lc = ldap_back_getconn(&op2, rs, LDAP_BACK_SENDERR);
-               if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+               if ( !ldap_back_dobind( &lc, &op2, rs, LDAP_BACK_SENDERR ) ) {
                        return -1;
                }
                c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;