]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-meta/config.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Read config tree from back-ldif
[openldap] / servers / slapd / back-meta / config.c
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 1459cef1a6c4eb8cdf21302cb9e85131eb273fed..a7a6fa1805f6049f67ba74f6a9519c65bffd0d15 100644 (file)
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -172,7 +172,8 @@ meta_back_db_config(
 
                ludp->lud_dn[ 0 ] = '\0';
 
-               for ( tmpludp = ludp->lud_next; tmpludp; tmpludp = tmpludp->lud_next ) {
+               /* check all, to apply the scope check on the first one */
+               for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
                        if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
                                fprintf( stderr, "%s: line %d: "
                                                "multiple URIs must have "
@@ -181,6 +182,10 @@ meta_back_db_config(
                                return( 1 );
 
                        }
+
+                       if ( tmpludp->lud_scope == LDAP_SCOPE_BASE ) {
+                               tmpludp->lud_scope = LDAP_SCOPE_DEFAULT;
+                       }
                }
 
                li->targets[ i ]->mt_uri = ldap_url_list2urls( ludp );
@@ -302,7 +307,9 @@ meta_back_db_config(
                li->network_timeout = atol(argv[ 1 ]);
 
        /* name to use for meta_back_group */
-       } else if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
+       } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
+                       || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
+       {
                int             i = li->ntargets-1;
                struct berval   dn;
 
@@ -320,6 +327,14 @@ meta_back_db_config(
                        return 1;
                }
 
+               if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
+                       fprintf( stderr, "%s: line %d: "
+                               "\"binddn\" statement is deprecated; "
+                               "use \"acl-authcDN\" instead\n",
+                               fname, lineno );
+                       /* FIXME: some day we'll need to throw an error */
+               }
+
                dn.bv_val = argv[ 1 ];
                dn.bv_len = strlen( argv[ 1 ] );
                if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->mt_binddn,
@@ -332,7 +347,9 @@ meta_back_db_config(
                }
 
        /* password to use for meta_back_group */
-       } else if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
+       } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
+                       || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
+       {
                int             i = li->ntargets-1;
 
                if ( i < 0 ) {
@@ -348,6 +365,15 @@ meta_back_db_config(
                            fname, lineno );
                        return 1;
                }
+
+               if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
+                       fprintf( stderr, "%s: line %d: "
+                               "\"bindpw\" statement is deprecated; "
+                               "use \"acl-passwd\" instead\n",
+                               fname, lineno );
+                       /* FIXME: some day we'll need to throw an error */
+               }
+
                ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->mt_bindpw );
                
        /* save bind creds for referral rebinds? */
@@ -358,7 +384,73 @@ meta_back_db_config(
                            fname, lineno );
                        return( 1 );
                }
-               li->savecred = 1;
+
+               li->flags |= LDAP_BACK_F_SAVECRED;
+
+       } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+               if ( argc != 1 ) {
+                       fprintf( stderr,
+       "%s: line %d: \"chase-referrals\" takes no arguments\n",
+                                       fname, lineno );
+                       return( 1 );
+               }
+
+               li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+       } else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+               if ( argc != 1 ) {
+                       fprintf( stderr,
+       "%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+                                       fname, lineno );
+                       return( 1 );
+               }
+
+               li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
+       } else if ( strncasecmp( argv[0], "tls-", STRLENOF( "tls-" ) ) == 0 ) {
+
+               /* start tls */
+               if ( strcasecmp( argv[0], "tls-start" ) == 0 ) {
+                       if ( argc != 1 ) {
+                               fprintf( stderr,
+               "%s: line %d: tls-start takes no arguments\n",
+                                               fname, lineno );
+                               return( 1 );
+                       }
+                       li->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+       
+               /* try start tls */
+               } else if ( strcasecmp( argv[0], "tls-try-start" ) == 0 ) {
+                       if ( argc != 1 ) {
+                               fprintf( stderr,
+               "%s: line %d: tls-try-start takes no arguments\n",
+                                               fname, lineno );
+                               return( 1 );
+                       }
+                       li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
+                       li->flags |= LDAP_BACK_F_USE_TLS;
+       
+               /* propagate start tls */
+               } else if ( strcasecmp( argv[0], "tls-propagate" ) == 0 ) {
+                       if ( argc != 1 ) {
+                               fprintf( stderr,
+               "%s: line %d: tls-propagate takes no arguments\n",
+                                               fname, lineno );
+                               return( 1 );
+                       }
+                       li->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+               
+               /* try start tls */
+               } else if ( strcasecmp( argv[0], "tls-try-propagate" ) == 0 ) {
+                       if ( argc != 1 ) {
+                               fprintf( stderr,
+               "%s: line %d: tls-try-propagate takes no arguments\n",
+                                               fname, lineno );
+                               return( 1 );
+                       }
+                       li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
+                       li->flags |= LDAP_BACK_F_PROPAGATE_TLS;
+               }
        
        /* name to use as pseudo-root dn */
        } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
Cloned from git://git.openldap.org/openldap.git