/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
return NULL;
}
- lt->rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
- if ( lt->rwmap.rwm_rw == NULL ) {
+ lt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+ if ( lt->mt_rwmap.rwm_rw == NULL ) {
free( lt );
return NULL;
}
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchFilter";
rargv[ 2 ] = NULL;
- rewrite_parse( lt->rwmap.rwm_rw, "<suffix massage>",
+ rewrite_parse( lt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "default";
rargv[ 2 ] = NULL;
- rewrite_parse( lt->rwmap.rwm_rw, "<suffix massage>",
+ rewrite_parse( lt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
}
- ldap_back_map_init( <->rwmap.rwm_at, &mapping );
+ ldap_back_map_init( <->mt_rwmap.rwm_at, &mapping );
return lt;
}
dn.bv_val = ludp->lud_dn;
dn.bv_len = strlen( ludp->lud_dn );
- rc = dnPrettyNormal( NULL, &dn, &li->targets[ i ]->psuffix,
- &li->targets[ i ]->suffix, NULL );
+ rc = dnPrettyNormal( NULL, &dn, &li->targets[ i ]->mt_psuffix,
+ &li->targets[ i ]->mt_nsuffix, NULL );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"target '%s' DN is invalid\n",
ludp->lud_dn[ 0 ] = '\0';
- for ( tmpludp = ludp->lud_next; tmpludp; tmpludp = tmpludp->lud_next ) {
+ /* check all, to apply the scope check on the first one */
+ for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
fprintf( stderr, "%s: line %d: "
"multiple URIs must have "
return( 1 );
}
+
+ if ( tmpludp->lud_scope == LDAP_SCOPE_BASE ) {
+ tmpludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
}
- li->targets[ i ]->uri = ldap_url_list2urls( ludp );
+ li->targets[ i ]->mt_uri = ldap_url_list2urls( ludp );
ldap_free_urllist( ludp );
- if ( li->targets[ i ]->uri == NULL) {
+ if ( li->targets[ i ]->mt_uri == NULL) {
fprintf( stderr, "%s: line %d: no memory?\n",
fname, lineno );
return( 1 );
/*
* uri MUST be a branch of a suffix!
*/
- if ( select_backend( &li->targets[ i ]->suffix, 0, 0 ) == NULL ) {
+ if ( select_backend( &li->targets[ i ]->mt_nsuffix, 0, 0 ) == NULL ) {
fprintf( stderr,
"%s: line %d: <naming context> of URI does not resolve to a backend"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
li->network_timeout = atol(argv[ 1 ]);
/* name to use for meta_back_group */
- } else if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
+ } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
+ || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
+ {
int i = li->ntargets-1;
struct berval dn;
return 1;
}
+ if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
+ fprintf( stderr, "%s: line %d: "
+ "\"binddn\" statement is deprecated; "
+ "use \"acl-authcDN\" instead\n",
+ fname, lineno );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
- if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->binddn,
+ if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->mt_binddn,
NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
}
/* password to use for meta_back_group */
- } else if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
+ } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
+ || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
+ {
int i = li->ntargets-1;
if ( i < 0 ) {
fname, lineno );
return 1;
}
- ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->bindpw );
+
+ if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
+ fprintf( stderr, "%s: line %d: "
+ "\"bindpw\" statement is deprecated; "
+ "use \"acl-passwd\" instead\n",
+ fname, lineno );
+ /* FIXME: some day we'll need to throw an error */
+ }
+
+ ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->mt_bindpw );
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
fname, lineno );
return( 1 );
}
- li->savecred = 1;
+
+ li->flags |= LDAP_BACK_F_SAVECRED;
+
+ } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: \"chase-referrals\" takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else if ( strncasecmp( argv[0], "tls-", STRLENOF( "tls-" ) ) == 0 ) {
+
+ /* start tls */
+ if ( strcasecmp( argv[0], "tls-start" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: tls-start takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[0], "tls-try-start" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: tls-try-start takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
+ li->flags |= LDAP_BACK_F_USE_TLS;
+
+ /* propagate start tls */
+ } else if ( strcasecmp( argv[0], "tls-propagate" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: tls-propagate takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[0], "tls-try-propagate" ) == 0 ) {
+ if ( argc != 1 ) {
+ fprintf( stderr,
+ "%s: line %d: tls-try-propagate takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
+ li->flags |= LDAP_BACK_F_PROPAGATE_TLS;
+ }
/* name to use as pseudo-root dn */
} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
if ( dnNormalize( 0, NULL, NULL, &dn,
- &li->targets[ i ]->pseudorootdn, NULL ) != LDAP_SUCCESS )
+ &li->targets[ i ]->mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
"pseudoroot DN '%s' is invalid\n",
fname, lineno );
return 1;
}
- ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->pseudorootpw );
+ ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->mt_pseudorootpw );
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
* FIXME: no extra rewrite capabilities should be added
* to the database
*/
- return suffix_massage_config( li->targets[ i ]->rwmap.rwm_rw,
+ return suffix_massage_config( li->targets[ i ]->mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
/* rewrite stuff ... */
if ( strcasecmp( argv[0], "rewriteEngine" ) == 0 ) {
li->rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
}
- return rewrite_parse(li->rwinfo, fname, lineno,
- argc, argv);
+ return rewrite_parse( li->rwinfo, fname, lineno,
+ argc, argv );
}
- return rewrite_parse( li->targets[ i ]->rwmap.rwm_rw, fname, lineno,
- argc, argv );
+ return rewrite_parse( li->targets[ i ]->mt_rwmap.rwm_rw,
+ fname, lineno, argc, argv );
/* objectclass/attribute mapping */
} else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
return 1;
}
- return ldap_back_map_config( &li->targets[ i ]->rwmap.rwm_oc,
- &li->targets[ i ]->rwmap.rwm_at,
+ return ldap_back_map_config( &li->targets[ i ]->mt_rwmap.rwm_oc,
+ &li->targets[ i ]->mt_rwmap.rwm_at,
fname, lineno, argc, argv );
/* anything else */
} else {
ch_free( rargv[ 2 ] );
rargv[ 0 ] = "rewriteContext";
- rargv[ 1 ] = "searchResult";
+ rargv[ 1 ] = "searchEntryDN";
rargv[ 2 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
-
+
rargv[ 0 ] = "rewriteRule";
rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val );
ch_free( rargv[ 1 ] );
ch_free( rargv[ 2 ] );
+ /* backward compatibility */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchResult";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchEntryDN";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "matchedDN";
rargv[ 2 ] = "alias";
- rargv[ 3 ] = "searchResult";
+ rargv[ 3 ] = "searchEntryDN";
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchAttrDN";
rargv[ 2 ] = "alias";
- rargv[ 3 ] = "searchResult";
+ rargv[ 3 ] = "searchEntryDN";
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+ /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
+ * see servers/slapd/overlays/rwm.h for details */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralAttrDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
return 0;
}
#endif /* ENABLE_REWRITE */
projects / openldap / blobdiff