]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/bconfig.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fallout from ITS#4986 - remove unused param of select_backend()
[openldap] / servers / slapd / bconfig.c
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 7844eccbb65ccc5e3d8c30f541ea8d48b8c502d5..94bb341727ccc48c93fee9d93dba779625c2c763 100644 (file)
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -125,10 +125,10 @@ static ConfigDriver config_requires;
 static ConfigDriver config_security;
 static ConfigDriver config_referral;
 static ConfigDriver config_loglevel;
-static ConfigDriver config_replica;
 static ConfigDriver config_updatedn;
 static ConfigDriver config_updateref;
 static ConfigDriver config_include;
+static ConfigDriver config_obsolete;
 #ifdef HAVE_TLS
 static ConfigDriver config_tls_option;
 static ConfigDriver config_tls_config;
@@ -148,6 +148,7 @@ enum {
        CFG_TLS_DH_FILE,
        CFG_TLS_VERIFY,
        CFG_TLS_CRLCHECK,
+       CFG_TLS_CRL_FILE,
        CFG_CONCUR,
        CFG_THREADS,
        CFG_SALT,
@@ -160,10 +161,6 @@ enum {
        CFG_DIT,
        CFG_ATTR,
        CFG_ATOPT,
-       CFG_REPLICA_ARGSFILE,
-       CFG_REPLICA_PIDFILE,
-       CFG_REPLICATIONINTERVAL,
-       CFG_REPLOG,
        CFG_ROOTDSE,
        CFG_LOGFILE,
        CFG_PLUGIN,
@@ -224,6 +221,7 @@ static OidRec OidMacros[] = {
  * OLcfg{Bk|Db}{Oc|At}:1               -> back-bdb(/back-hdb)
  * OLcfg{Bk|Db}{Oc|At}:2               -> back-ldif
  * OLcfg{Bk|Db}{Oc|At}:3               -> back-ldap
+ * OLcfg{Bk|Db}{Oc|At}:4               -> back-monitor
  */
 
 /*
@@ -389,7 +387,7 @@ static ConfigTable config_back_cf_table[] = {
                        "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
        { "moduleload", "file", 2, 0, 0,
 #ifdef SLAPD_MODULES
-               ARG_MAGIC|CFG_MODLOAD, &config_generic,
+               ARG_MAGIC|CFG_MODLOAD|ARG_NO_DELETE, &config_generic,
 #else
                ARG_IGNORED, NULL,
 #endif
@@ -455,20 +453,20 @@ static ConfigTable config_back_cf_table[] = {
                &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
                        "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
        { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
-               &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
+               &config_obsolete, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
                        "EQUALITY caseIgnoreMatch "
                        "SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
-       { "replica-argsfile", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLICA_ARGSFILE,
-               &config_generic, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
+       { "replica-argsfile", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_obsolete, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
-       { "replica-pidfile", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLICA_PIDFILE,
-               &config_generic, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
+       { "replica-pidfile", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_obsolete, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
-       { "replicationInterval", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|ARG_INT|CFG_REPLICATIONINTERVAL,
-               &config_generic, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
+       { "replicationInterval", NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_obsolete, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
                        "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
-       { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
-               &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
+       { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_obsolete, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
        { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
                &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
@@ -616,6 +614,14 @@ static ConfigTable config_back_cf_table[] = {
 #endif
                "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+       { "TLSCRLFile", NULL, 0, 0, 0,
+#if defined(HAVE_GNUTLS)
+               CFG_TLS_CRL_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgGlAt:82 NAME 'olcTLSCRLFile' "
+                       "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
        { "TLSRandFile", NULL, 0, 0, 0,
 #ifdef HAVE_TLS
                CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
@@ -700,7 +706,7 @@ static ConfigOCs cf_ocs[] = {
                 "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
                 "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
                 "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
-                "olcToolThreads $ "
+                "olcTLSCRLFile $ olcToolThreads $ "
                 "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
                 "olcDitContentRules ) )", Cft_Global },
        { "( OLcfgGlOc:2 "
@@ -789,7 +795,6 @@ config_generic(ConfigArgs *c) {
                        if ( c->be->be_limits ) {
                                char buf[4096*3];
                                struct berval bv;
-                               int i;
 
                                for ( i=0; c->be->be_limits[i]; i++ ) {
                                        bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
@@ -921,25 +926,6 @@ config_generic(ConfigArgs *c) {
                        rc = (!i);
                        break;
                }
-               case CFG_REPLICA_ARGSFILE:
-                       if ( c->be->be_replica_argsfile )
-                               c->value_string = ch_strdup( c->be->be_replica_argsfile );
-                       break;
-               case CFG_REPLICA_PIDFILE:
-                       if ( c->be->be_replica_pidfile )
-                               c->value_string = ch_strdup( c->be->be_replica_pidfile );
-                       break;
-               case CFG_REPLICATIONINTERVAL:
-                       if ( c->be->be_replicationinterval > 0 ) {
-                               c->value_int = c->be->be_replicationinterval;
-                       } else {
-                               rc = 1;
-                       }
-                       break;
-               case CFG_REPLOG:
-                       if ( c->be->be_replogfile )
-                               c->value_string = ch_strdup( c->be->be_replogfile );
-                       break;
                case CFG_ROOTDSE: {
                        ConfigFile *cf = c->private;
                        if ( cf->c_dseFiles ) {
@@ -953,7 +939,6 @@ config_generic(ConfigArgs *c) {
                        if ( sid_list ) {
                                ServerID *si;
                                struct berval bv;
-                               char *ptr;
 
                                for ( si = sid_list; si; si=si->si_next ) {
                                        if ( !BER_BVISEMPTY( &si->si_url )) {
@@ -1097,32 +1082,12 @@ config_generic(ConfigArgs *c) {
                        passwd_salt = NULL;
                        break;
 
-               case CFG_REPLICA_ARGSFILE:
-                       ch_free( c->be->be_replica_argsfile );
-                       c->be->be_replica_argsfile = NULL;
-                       break;
-
-               case CFG_REPLICA_PIDFILE:
-                       ch_free( c->be->be_replica_pidfile );
-                       c->be->be_replica_pidfile = NULL;
-                       break;
-
-               case CFG_REPLICATIONINTERVAL:
-                       c->be->be_replicationinterval = 0;
-                       break;
-
-               case CFG_REPLOG:
-                       ch_free( c->be->be_replogfile );
-                       c->be->be_replogfile = NULL;
-                       break;
-
                case CFG_LOGFILE:
                        ch_free( logfileName );
                        logfileName = NULL;
                        break;
 
                case CFG_SERVERID: {
-                       int i;
                        ServerID *si, **sip;
 
                        for ( i=0, si = sid_list, sip = &sid_list;
@@ -1184,7 +1149,6 @@ config_generic(ConfigArgs *c) {
                                cfn->c_oc_head = cfn->c_oc_tail = NULL;
                        } else {
                                ObjectClass *oc, *prev = NULL;
-                               int i;
 
                                for ( i=0, oc=cfn->c_oc_head; i<c->valx; i++) {
                                        prev = oc;
@@ -1219,7 +1183,6 @@ config_generic(ConfigArgs *c) {
                                cfn->c_at_head = cfn->c_at_tail = NULL;
                        } else {
                                AttributeType *at, *prev = NULL;
-                               int i;
 
                                for ( i=0, at=cfn->c_at_head; i<c->valx; i++) {
                                        prev = at;
@@ -1473,85 +1436,6 @@ config_generic(ConfigArgs *c) {
                        }
                        break;
 
-               case CFG_REPLICA_ARGSFILE:
-                       if(SLAP_MONITOR(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replica-argsfile\" should not be used "
-                                       "inside monitor database\n",
-                                       c->log, 0, 0);
-                               /* FIXME: should this be an error? */
-                               return(0);
-                       }
-
-                       if ( c->be->be_replica_argsfile != NULL ) {
-                               /* FIXME: error? */
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replica-argsfile\" already provided; "
-                                       "replacing \"%s\" with \"%s\".\n",
-                                       c->log, c->be->be_replica_argsfile, c->value_string );
-                               ch_free( c->be->be_replica_argsfile );
-                       }
-
-                       c->be->be_replica_argsfile = c->value_string;
-                       break;
-
-               case CFG_REPLICA_PIDFILE:
-                       if(SLAP_MONITOR(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replica-pidfile\" should not be used "
-                                       "inside monitor database\n",
-                                       c->log, 0, 0);
-                               /* FIXME: should this be an error? */
-                               return(0);
-                       }
-
-                       if ( c->be->be_replica_pidfile != NULL ) {
-                               /* FIXME: error? */
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replica-pidfile\" already provided; "
-                                       "replacing \"%s\" with \"%s\".\n",
-                                       c->log, c->be->be_replica_pidfile, c->value_string );
-                               ch_free( c->be->be_replica_pidfile );
-                       }
-
-                       c->be->be_replica_pidfile = c->value_string;
-                       break;
-
-               case CFG_REPLICATIONINTERVAL:
-                       if(SLAP_MONITOR(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replicationinterval\" should not be used "
-                                       "inside monitor database\n",
-                                       c->log, 0, 0);
-                               /* FIXME: should this be an error? */
-                               return(0);
-                       }
-
-                       c->be->be_replicationinterval = c->value_int;
-                       break;
-
-               case CFG_REPLOG:
-                       if(SLAP_MONITOR(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replogfile\" should not be used "
-                                       "inside monitor database\n",
-                                       c->log, 0, 0);
-                               /* FIXME: should this be an error? */
-                               return(0);
-                       }
-
-                       if ( c->be->be_replogfile != NULL ) {
-                               /* FIXME: error? */
-                               Debug(LDAP_DEBUG_ANY, "%s: "
-                                       "\"replogfile\" already provided; "
-                                       "replacing \"%s\" with \"%s\".\n",
-                                       c->log, c->be->be_replogfile, c->value_string );
-                               ch_free( c->be->be_replogfile );
-                       }
-
-                       c->be->be_replogfile = c->value_string;
-                       break;
-
                case CFG_ROOTDSE:
                        if(root_dse_read_file(c->argv[1])) {
                                snprintf( c->msg, sizeof( c->msg ), "<%s> could not read file", c->argv[0] );
@@ -1613,6 +1497,7 @@ config_generic(ConfigArgs *c) {
                                                return 1;
                                        }
                                        si = ch_malloc( sizeof(ServerID) );
+                                       BER_BVZERO( &si->si_url );
                                        slap_serverID = num;
                                }
                                si->si_next = NULL;
@@ -2232,7 +2117,7 @@ config_suffix(ConfigArgs *c)
        if (SLAP_DBHIDDEN( c->be ))
                tbe = NULL;
        else
-               tbe = select_backend(&ndn, 0, 0);
+               tbe = select_backend(&ndn, 0);
        if(tbe == c->be) {
                Debug( LDAP_DEBUG_ANY, "%s: suffix already served by this backend!.\n",
                        c->log, 0, 0);
@@ -2317,7 +2202,7 @@ config_rootpw(ConfigArgs *c) {
                return 0;
        }
 
-       tbe = select_backend(&c->be->be_rootndn, 0, 0);
+       tbe = select_backend(&c->be->be_rootndn, 0);
        if(tbe != c->be) {
                snprintf( c->msg, sizeof( c->msg ), "<%s> can only be set when rootdn is under suffix",
                        c->argv[0] );
@@ -2560,7 +2445,7 @@ int
 slap_loglevel_get( struct berval *s, int *l )
 {
        int             rc;
-       unsigned long   i;
+       unsigned        i;
        slap_mask_t     m;
 
        if ( loglevel_ops == NULL ) {
@@ -2571,19 +2456,17 @@ slap_loglevel_get( struct berval *s, int *l )
                m |= loglevel_ops[ i ].mask;
        }
 
-       m = ~m;
-
-       for ( i = 1; i <= ( 1 << ( sizeof( int ) * 8 - 1 ) ) && !( m & i ); i <<= 1 )
+       for ( i = 1; m & i; i <<= 1 )
                ;
 
-       if ( !( m & i ) ) {
+       if ( i == 0 ) {
                return -1;
        }
 
        rc = slap_verbmasks_append( &loglevel_ops, i, s, loglevel_ignore );
 
        if ( rc != 0 ) {
-               Debug( LDAP_DEBUG_ANY, "slap_loglevel_get(%lu, \"%s\") failed\n",
+               Debug( LDAP_DEBUG_ANY, "slap_loglevel_get(%u, \"%s\") failed\n",
                        i, s->bv_val, 0 );
 
        } else {
@@ -2696,8 +2579,6 @@ config_loglevel(ConfigArgs *c) {
                return 0;
        }
 
-       config_syslog = 0;
-
        for( i=1; i < c->argc; i++ ) {
                int     level;
 
@@ -2716,7 +2597,11 @@ config_loglevel(ConfigArgs *c) {
                                return( 1 );
                        }
                }
-               config_syslog |= level;
+               /* Explicitly setting a zero clears all the levels */
+               if ( level )
+                       config_syslog |= level;
+               else
+                       config_syslog = 0;
        }
        if ( slapMode & SLAP_SERVER_MODE ) {
                ldap_syslog = config_syslog;
@@ -2849,230 +2734,6 @@ anlist_unparse( AttributeName *an, char *ptr, ber_len_t buflen ) {
        return ptr;
 }
 
-static void
-replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
-{
-       int len;
-       char *ptr;
-       struct berval bc = BER_BVNULL;
-       char numbuf[32];
-
-       assert( !BER_BVISNULL( &ri->ri_bindconf.sb_uri ) );
-       
-       BER_BVZERO( bv );
-
-       len = snprintf(numbuf, sizeof( numbuf ), SLAP_X_ORDERED_FMT, i );
-       if ( len >= sizeof( numbuf ) ) {
-               /* FIXME: how can indicate error? */
-               return;
-       }
-
-       if ( ri->ri_nsuffix ) {
-               for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
-                       len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
-               }
-       }
-       if ( ri->ri_attrs ) {
-               len += STRLENOF(" attrs");
-               if ( ri->ri_exclude ) len++;
-               for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
-                       len += 1 + ri->ri_attrs[i].an_name.bv_len;
-               }
-       }
-       bindconf_unparse( &ri->ri_bindconf, &bc );
-       len += bc.bv_len;
-
-       bv->bv_val = ch_malloc(len + 1);
-       bv->bv_len = len;
-
-       ptr = lutil_strcopy( bv->bv_val, numbuf );
-
-       /* start with URI from bindconf */
-       assert( !BER_BVISNULL( &bc ) );
-       if ( bc.bv_val ) {
-               strcpy( ptr, bc.bv_val );
-               ch_free( bc.bv_val );
-       }
-
-       if ( ri->ri_nsuffix ) {
-               for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
-                       ptr = lutil_strcopy( ptr, " suffix=\"" );
-                       ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
-                       *ptr++ = '"';
-               }
-       }
-       if ( ri->ri_attrs ) {
-               ptr = lutil_strcopy( ptr, " attrs" );
-               if ( ri->ri_exclude ) *ptr++ = '!';
-               *ptr++ = '=';
-               ptr = anlist_unparse( ri->ri_attrs, ptr, 0 );
-       }
-}
-
-static int
-config_replica(ConfigArgs *c) {
-       int i, nr = -1;
-       char *replicahost = NULL, *replicauri = NULL;
-       LDAPURLDesc *ludp;
-
-       if (c->op == SLAP_CONFIG_EMIT) {
-               if (c->be->be_replica) {
-                       struct berval bv;
-                       for (i=0;c->be->be_replica[i]; i++) {
-                               replica_unparse( c->be->be_replica[i], i, &bv );
-                               ber_bvarray_add( &c->rvalue_vals, &bv );
-                       }
-                       return 0;
-               }
-               return 1;
-       } else if ( c->op == LDAP_MOD_DELETE ) {
-               /* FIXME: there is no replica_free function */
-               if ( c->valx < 0 ) {
-               } else {
-               }
-       }
-       if(SLAP_MONITOR(c->be)) {
-               Debug(LDAP_DEBUG_ANY, "%s: "
-                       "\"replica\" should not be used inside monitor database\n",
-                       c->log, 0, 0);
-               return(0);      /* FIXME: should this be an error? */
-       }
-
-       for(i = 1; i < c->argc; i++) {
-               if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
-                       ber_len_t       len;
-
-                       if ( replicauri ) {
-                               snprintf( c->msg, sizeof( c->msg ), "<%s> replica host/URI already specified", c->argv[0] );
-                               Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
-                               return(1);
-                       }
-
-                       replicahost = c->argv[i] + STRLENOF("host=");
-                       len = strlen( replicahost ) + STRLENOF("ldap://");
-                       replicauri = ch_malloc( len + 1 );
-                       snprintf( replicauri, len + 1, "ldap://%s", replicahost );
-                       replicahost = replicauri + STRLENOF( "ldap://");
-                       nr = add_replica_info(c->be, replicauri, replicahost);
-                       break;
-               } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
-                       ber_len_t       len;
-
-                       if ( replicauri ) {
-                               snprintf( c->msg, sizeof( c->msg ), "<%s> replica host/URI already specified", c->argv[0] );
-                               Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
-                               return(1);
-                       }
-
-                       if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
-                               snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri", c->argv[0] );
-                               Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
-                               return(1);
-                       }
-                       if(!ludp->lud_host) {
-                               ldap_free_urldesc(ludp);
-                               snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri - missing hostname",
-                                       c->argv[0] );
-                               Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
-                               return(1);
-                       }
-
-                       len = strlen(ludp->lud_scheme) + strlen(ludp->lud_host) +
-                               STRLENOF("://") + 1;
-                       if (ludp->lud_port != LDAP_PORT) {
-                               if (ludp->lud_port < 1 || ludp->lud_port > 65535) {
-                                       ldap_free_urldesc(ludp);
-                                       snprintf( c->msg, sizeof( c->msg ), "<%s> invalid port",
-                                               c->argv[0] );
-                                       Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
-                                       return(1);
-                               }
-                               len += STRLENOF(":65535");
-                       }
-                       replicauri = ch_malloc( len );
-                       replicahost = lutil_strcopy( replicauri, ludp->lud_scheme );
-                       replicahost = lutil_strcopy( replicahost, "://" );
-                       if (ludp->lud_port == LDAP_PORT) {
-                               strcpy( replicahost, ludp->lud_host );
-                       } else {
-                               sprintf( replicahost, "%s:%d",ludp->lud_host,ludp->lud_port );
-                       }
-                       ldap_free_urldesc(ludp);
-                       nr = add_replica_info(c->be, replicauri, replicahost);
-                       break;
-               }
-       }
-       if(i == c->argc) {
-               snprintf( c->msg, sizeof( c->msg ), "<%s> missing host or uri", c->argv[0] );
-               Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
-               return(1);
-       } else if(nr == -1) {
-               snprintf( c->msg, sizeof( c->msg ), "<%s> unable to add replica", c->argv[0] );
-               Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg,
-                       replicauri ? replicauri : "" );
-               return(1);
-       } else {
-               for(i = 1; i < c->argc; i++) {
-                       if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
-                               /* dealt with separately; don't let it get to bindconf */
-                               ;
-
-                       } else if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
-                               /* dealt with separately; don't let it get to bindconf */
-                               ;
-
-                       } else if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
-                               switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
-                                       case 1:
-                                               Debug( LDAP_DEBUG_ANY, "%s: "
-                                                       "suffix \"%s\" in \"replica\" line is not valid for backend.\n",
-                                                       c->log, c->argv[i] + STRLENOF("suffix="), 0);
-                                               return 1;
-                                               break;
-                                       case 2:
-                                               Debug( LDAP_DEBUG_ANY, "%s: "
-                                                       "unable to normalize suffix in \"replica\" line.\n",
-                                                       c->log, 0, 0);
-                                               return 1;
-                                               break;
-                               }
-
-                       } else if (!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))
-                               || !strncasecmp(c->argv[i], "attrs", STRLENOF("attrs")))
-                       {
-                               int exclude = 0;
-                               char *arg = c->argv[i] + STRLENOF("attr");
-                               if (arg[0] == 's') {
-                                       arg++;
-                               } else {
-                                       Debug( LDAP_DEBUG_ANY,
-                                               "%s: \"attr\" "
-                                               "is deprecated (and undocumented); "
-                                               "use \"attrs\" instead.\n",
-                                               c->log, 0, 0 );
-                               }
-                               if(arg[0] == '!') {
-                                       arg++;
-                                       exclude = 1;
-                               }
-                               if(arg[0] != '=') {
-                                       continue;
-                               }
-                               if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
-                                       snprintf( c->msg, sizeof( c->msg ), "<%s> unknown attribute", c->argv[0] );
-                                       Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
-                                               c->log, c->msg, arg + 1);
-                                       return(1);
-                               }
-                       } else if ( bindconf_parse( c->argv[i],
-                                       &c->be->be_replica[nr]->ri_bindconf ) ) {
-                               return(1);
-                       }
-               }
-       }
-       return(0);
-}
-
 static int
 config_updatedn(ConfigArgs *c) {
        if (c->op == SLAP_CONFIG_EMIT) {
@@ -3169,6 +2830,17 @@ config_updateref(ConfigArgs *c) {
        return(0);
 }
 
+static int
+config_obsolete(ConfigArgs *c) {
+       if (c->op == SLAP_CONFIG_EMIT)
+               return 1;
+
+       snprintf( c->msg, sizeof( c->msg ), "<%s> keyword is obsolete (ignored)",
+               c->argv[0] );
+       Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0);
+       return(0);
+}
+
 static int
 config_include(ConfigArgs *c) {
        int savelineno = c->lineno;
@@ -3214,6 +2886,9 @@ config_tls_option(ConfigArgs *c) {
        case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
        case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
        case CFG_TLS_DH_FILE:   flag = LDAP_OPT_X_TLS_DHFILE;   break;
+#ifdef HAVE_GNUTLS
+       case CFG_TLS_CRL_FILE:  flag = LDAP_OPT_X_TLS_CRLFILE;  break;
+#endif
        default:                Debug(LDAP_DEBUG_ANY, "%s: "
                                        "unknown tls_option <0x%x>\n",
                                        c->log, c->type, 0);
@@ -3447,8 +3122,8 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
                void *thrctx = ldap_pvt_thread_pool_context();
                int prev_DN_strict;
 
-               op = (Operation *) &opbuf;
-               connection_fake_init( &conn, op, thrctx );
+               connection_fake_init( &conn, &opbuf, thrctx );
+               op = &opbuf.ob_op;
 
                filter.f_desc = slap_schema.si_ad_objectClass;
 
@@ -3957,7 +3632,7 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
 {
        CfEntryInfo *ce;
        int index = -1, gotindex = 0, nsibs, rc = 0;
-       int renumber = 0, tailindex = 0, isfrontend = 0;
+       int renumber = 0, tailindex = 0, isfrontend = 0, isconfig = 0;
        char *ptr1, *ptr2 = NULL;
        struct berval rdn;
 
@@ -3972,9 +3647,14 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
 
        /* See if the rdn has an index already */
        dnRdn( &e->e_name, &rdn );
-       if ( ce_type == Cft_Database && !strncmp( rdn.bv_val + rdn.bv_len -
-               STRLENOF("frontend"), "frontend", STRLENOF("frontend") ))
-               isfrontend = 1;
+       if ( ce_type == Cft_Database ) {
+               if ( !strncmp( rdn.bv_val + rdn.bv_len - STRLENOF("frontend"),
+                               "frontend", STRLENOF("frontend") )) 
+                       isfrontend = 1;
+               else if ( !strncmp( rdn.bv_val + rdn.bv_len - STRLENOF("config"),
+                               "config", STRLENOF("config") )) 
+                       isconfig = 1;
+       }
        ptr1 = ber_bvchr( &e->e_name, '{' );
        if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
                char    *next;
@@ -3993,6 +3673,9 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
                        if ( index != -1 || !isfrontend )
                                return LDAP_NAMING_VIOLATION;
                }
+               if ( isconfig && index != 0 ){
+                       return LDAP_NAMING_VIOLATION;
+               }
        }
 
        /* count related kids */
@@ -4013,6 +3696,10 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
                                        renumber = 1;
                        }
                }
+               /* config DB is always "0" */
+               if ( isconfig && index == -1 ) {
+                       index = 0;
+               }
                if ( !isfrontend && index == -1 ) {
                        index = nsibs;
                }
@@ -5727,8 +5414,8 @@ config_back_db_open( BackendDB *be )
        }
 
        thrctx = ldap_pvt_thread_pool_context();
-       op = (Operation *) &opbuf;
-       connection_fake_init( &conn, op, thrctx );
+       connection_fake_init( &conn, &opbuf, thrctx );
+       op = &opbuf.ob_op;
 
        op->o_tag = LDAP_REQ_ADD;
        op->o_callback = &cb;
@@ -6077,7 +5764,15 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
 {
        CfBackInfo *cfb = be->be_private;
        BackendInfo *bi = cfb->cb_db.bd_info;
+       int rc;
+       struct berval rdn, vals[ 2 ];
        ConfigArgs ca;
+       OperationBuffer opbuf;
+       Entry *ce;
+       Connection conn = {0};
+       Operation *op = NULL;
+       void *thrctx;
+
        /* Create entry for frontend database if it does not exist already */
        if ( !entry_put_got_frontend ) {
                if ( !strncmp( e->e_nname.bv_val, "olcDatabase", 
@@ -6088,9 +5783,6 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
                                        strncmp( e->e_nname.bv_val + 
                                        STRLENOF( "olcDatabase" ), "=frontend",
                                        STRLENOF( "=frontend" ))) {
-                               Entry *fe;
-                               struct berval rdn, vals[ 2 ];
-                               Attribute *attr;
                                vals[1].bv_len = 0;
                                vals[1].bv_val = NULL;
                                memset( &ca, 0, sizeof(ConfigArgs));
@@ -6102,56 +5794,29 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
                                        "%s=" SLAP_X_ORDERED_FMT "%s",
                                        cfAd_database->ad_cname.bv_val, -1,
                                        ca.bi->bi_type);
-                               fe = config_build_entry( NULL, NULL, cfb->cb_root, &ca, &rdn,
+                               ce = config_build_entry( NULL, NULL, cfb->cb_root, &ca, &rdn,
                                                &CFOC_DATABASE, ca.be->be_cf_ocs );
-                               if( attr_find( fe->e_attrs, slap_schema.si_ad_entryUUID ) 
-                                       == NULL )
-                               {
-                                       char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
-                                       vals[0].bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
-                                       vals[0].bv_val = uuidbuf;
-                                       attr_merge_normalize_one( fe, slap_schema.si_ad_entryUUID,
-                                               vals, NULL );
-                               }
-                               if ( attr_find( fe->e_attrs, slap_schema.si_ad_entryCSN)
-                                       == NULL )
-                               {
-                                       char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
-                                       vals[0].bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ),
-                                                       0, 0 );
-                                       vals[0].bv_val = csnbuf;
-                                       attr_merge( fe, slap_schema.si_ad_entryCSN, vals, NULL );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_creatorsName );
-                               if ( attr )
-                               {
-                                       attr_merge( fe, slap_schema.si_ad_creatorsName, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
-                               if ( attr ) 
-                               {
-                                       attr_merge( fe, slap_schema.si_ad_modifiersName, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_createTimestamp );
-                               if (attr)
-                               {
-                                       attr_merge( fe, slap_schema.si_ad_createTimestamp, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
-                               if (attr)
-                               {
-                                       attr_merge( fe, slap_schema.si_ad_modifyTimestamp, 
-                                                       attr->a_vals, attr->a_nvals );
+                               thrctx = ldap_pvt_thread_pool_context();
+                               connection_fake_init2( &conn, &opbuf, thrctx,0 );
+                               op = &opbuf.ob_op;
+                               op->o_bd = &cfb->cb_db;
+                               op->o_tag = LDAP_REQ_ADD;
+                               op->ora_e = ce;
+                               op->o_dn = be->be_rootdn;
+                               op->o_ndn = be->be_rootndn;
+                               rc = slap_add_opattrs(op, NULL, NULL, 0, 0);
+                               if ( rc != LDAP_SUCCESS ) {
+                                       text->bv_val = "autocreation of \"olcDatabase={-1}frontend\" failed";
+                                       text->bv_len = STRLENOF("autocreation of \"olcDatabase={-1}frontend\" failed");
+                                       return NOID;
                                }
-                               if ( fe && bi && bi->bi_tool_entry_put && 
-                                               bi->bi_tool_entry_put( &cfb->cb_db, fe, text ) != NOID ) {
+
+                               if ( ce && bi && bi->bi_tool_entry_put && 
+                                               bi->bi_tool_entry_put( &cfb->cb_db, ce, text ) != NOID ) {
                                        entry_put_got_frontend++;
                                } else {
-                                       text->bv_val = "autocreation of \"cn={-1}frontend\" failed";
-                                       text->bv_len = STRLENOF("autocreation of \"cn={-1}frontend\" failed");
+                                       text->bv_val = "autocreation of \"olcDatabase={-1}frontend\" failed";
+                                       text->bv_len = STRLENOF("autocreation of \"olcDatabase={-1}frontend\" failed");
                                        return NOID;
                                }
                        } else {
@@ -6169,9 +5834,6 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
                                        strncmp( e->e_nname.bv_val +
                                        STRLENOF( "olcDatabase" ), "=config",
                                        STRLENOF( "=config" )) ) {
-                               Entry *cfe;
-                               struct berval rdn, vals[ 2 ];
-                               Attribute *attr;
                                vals[1].bv_len = 0;
                                vals[1].bv_val = NULL;
                                memset( &ca, 0, sizeof(ConfigArgs));
@@ -6182,56 +5844,30 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
                                        "%s=" SLAP_X_ORDERED_FMT "%s",
                                        cfAd_database->ad_cname.bv_val, 0,
                                        ca.bi->bi_type);
-                               cfe = config_build_entry( NULL, NULL, cfb->cb_root, &ca, &rdn, &CFOC_DATABASE,
+                               ce = config_build_entry( NULL, NULL, cfb->cb_root, &ca, &rdn, &CFOC_DATABASE,
                                                ca.be->be_cf_ocs );
-                               if( attr_find( cfe->e_attrs, slap_schema.si_ad_entryUUID ) 
-                                       == NULL )
-                               {
-                                       char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
-                                       vals[0].bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
-                                       vals[0].bv_val = uuidbuf;
-                                       attr_merge_normalize_one( cfe, slap_schema.si_ad_entryUUID,
-                                               vals, NULL );
-                               }
-                               if ( attr_find( cfe->e_attrs, slap_schema.si_ad_entryCSN)
-                                       == NULL )
-                               {
-                                       char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
-                                       vals[0].bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ),
-                                                       0, 0 );
-                                       vals[0].bv_val = csnbuf;
-                                       attr_merge( cfe, slap_schema.si_ad_entryCSN, vals, NULL );
+                               if ( ! op ) {
+                                       thrctx = ldap_pvt_thread_pool_context();
+                                       connection_fake_init2( &conn, &opbuf, thrctx,0 );
+                                       op = &opbuf.ob_op;
+                                       op->o_bd = &cfb->cb_db;
+                                       op->o_tag = LDAP_REQ_ADD;
+                                       op->o_dn = be->be_rootdn;
+                                       op->o_ndn = be->be_rootndn;
                                }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_creatorsName );
-                               if ( attr )
-                               {
-                                       attr_merge( cfe, slap_schema.si_ad_creatorsName, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
-                               if ( attr ) 
-                               {
-                                       attr_merge( cfe, slap_schema.si_ad_modifiersName, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_createTimestamp );
-                               if (attr)
-                               {
-                                       attr_merge( cfe, slap_schema.si_ad_createTimestamp, 
-                                                       attr->a_vals, attr->a_nvals );
-                               }
-                               attr = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
-                               if (attr)
-                               {
-                                       attr_merge( cfe, slap_schema.si_ad_modifyTimestamp, 
-                                                       attr->a_vals, attr->a_nvals );
+                               op->ora_e = ce;
+                               rc = slap_add_opattrs(op, NULL, NULL, 0, 0);
+                               if ( rc != LDAP_SUCCESS ) {
+                                       text->bv_val = "autocreation of \"olcDatabase={0}config\" failed";
+                                       text->bv_len = STRLENOF("autocreation of \"olcDatabase={0}config\" failed");
+                                       return NOID;
                                }
-                               if (cfe && bi && bi->bi_tool_entry_put &&
-                                               bi->bi_tool_entry_put( &cfb->cb_db, cfe, text ) != NOID ) {
-                                       entry_put_got_frontend++;
+                               if (ce && bi && bi->bi_tool_entry_put &&
+                                               bi->bi_tool_entry_put( &cfb->cb_db, ce, text ) != NOID ) {
+                                       entry_put_got_config++;
                                } else {
-                                       text->bv_val = "autocreation of \"cn={0}config\" failed";
-                                       text->bv_len = STRLENOF("autocreation of \"cn={0}config\" failed");
+                                       text->bv_val = "autocreation of \"olcDatabase={0}config\" failed";
+                                       text->bv_len = STRLENOF("autocreation of \"olcDatabase={0}config\" failed");
                                        return NOID;
                                }
                        } else {
Cloned from git://git.openldap.org/openldap.git