"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
&config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "localSSF", "ssf", 2, 2, 0, ARG_INT,
&local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "loglevel", "level", 2, 0, 0, ARG_MAGIC,
&config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
&config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:30 NAME 'olcModuleLoad' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "modulepath", "path", 2, 2, 0,
#ifdef SLAPD_MODULES
NULL, NULL },
{ "objectidentifier", NULL, 0, 0, 0, ARG_MAGIC|CFG_OID,
&config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
&config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
&config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "pidfile", "file", 2, 2, 0, ARG_STRING,
&slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:38 NAME 'olcPlugin' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "pluginlog", "filename", 2, 2, 0,
#ifdef LDAP_SLAPI
"SUP labeledURI SINGLE-VALUE )", NULL, NULL },
{ "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
&config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
+ "EQUALITY caseIgnoreMatch "
"SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
{ "replica-argsfile", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLICA_ARGSFILE,
&config_generic, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
&config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "reverse-lookup", "on|off", 2, 2, 0,
#ifdef SLAPD_RLOOKUPS
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
{ "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
&config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
&config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
{ "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
&config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
- "SYNTAX OMsDirectoryString )", NULL, NULL },
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "suffix", "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
&config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
+ "EQUALITY distinguishedNameMatch "
"SYNTAX OMsDN )", NULL, NULL },
{ "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
&syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
{ "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
&config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
+ "EQUALITY caseIgnoreMatch "
"SUP labeledURI )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL }
/* dealt with separately; don't let it get to bindconf */
;
+ } else if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
+ /* dealt with separately; don't let it get to bindconf */
+ ;
+
} else if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
case 1:
return 1;
cfb = be->be_private;
+ be->be_dfltaccess = ACL_NONE;
/* If no .conf, or a dir was specified, setup the dir */
if ( !fname || dir ) {
/* No parent, must be root. This will never happen... */
if ( !last && !be_isroot( op ) && !be_shadow_update( op ))
return LDAP_NO_SUCH_OBJECT;
- if ( !access_allowed( op, last->ce_entry, slap_schema.si_ad_children,
- NULL, ACL_WADD, NULL ))
+ if ( last && !access_allowed( op, last->ce_entry,
+ slap_schema.si_ad_children, NULL, ACL_WADD, NULL ))
return LDAP_INSUFFICIENT_ACCESS;
}
}
#endif
+static const char *defacl[] = {
+ NULL, "to", "*", "by", "*", "none", NULL
+};
+
static int
config_back_db_open( BackendDB *be )
{
void *thrctx = NULL;
Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
+
+ /* If we have no explicitly configured ACLs, don't just use
+ * the global ACLs. Explicitly deny access to everything.
+ */
+ if ( frontendDB->be_acl && be->be_acl == frontendDB->be_acl ) {
+ parse_acl(be, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ }
+
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;