/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2012 The OpenLDAP Foundation.
+ * Copyright 2005-2013 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
CFG_ACL_ADD,
CFG_SYNC_SUBENTRY,
CFG_LTHREADS,
+ CFG_IX_HASH64,
+ CFG_DISABLED,
+ CFG_THREADQS,
+ CFG_TLS_ECNAME,
CFG_LAST
};
* OLcfg{Bk|Db}{Oc|At}:0 -> common
* OLcfg{Bk|Db}{Oc|At}:1 -> back-bdb(/back-hdb)
* OLcfg{Bk|Db}{Oc|At}:2 -> back-ldif
- * OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap
+ * OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap/meta
* OLcfg{Bk|Db}{Oc|At}:4 -> back-monitor
* OLcfg{Bk|Db}{Oc|At}:5 -> back-relay
* OLcfg{Bk|Db}{Oc|At}:6 -> back-sql(/back-ndb)
{ "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
&config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "disabled", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_DISABLED,
+ &config_generic, "( OLcfgDbAt:0.21 NAME 'olcDisabled' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
&config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
"EQUALITY caseIgnoreMatch "
{ "include", "file", 2, 2, 0, ARG_MAGIC,
&config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
"SUP labeledURI )", NULL, NULL },
+ { "index_hash64", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_IX_HASH64,
+ &config_generic, "( OLcfgGlAt:94 NAME 'olcIndexHash64' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "index_substr_if_minlen", "min", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
&config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "index_substr_if_maxlen", "max", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
&config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ { "index_substr_any_len", "len", 2, 2, 0, ARG_UINT|ARG_NONZERO,
&index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ { "index_substr_any_step", "step", 2, 2, 0, ARG_UINT|ARG_NONZERO,
&index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_intlen", "len", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_IX_INTLEN,
+ { "index_intlen", "len", 2, 2, 0, ARG_UINT|ARG_MAGIC|CFG_IX_INTLEN,
&config_generic, "( OLcfgGlAt:84 NAME 'olcIndexIntLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
#endif
"( OLcfgGlAt:66 NAME 'olcThreads' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "threadqueues", "count", 2, 2, 0,
+#ifdef NO_THREADS
+ ARG_IGNORED, NULL,
+#else
+ ARG_INT|ARG_MAGIC|CFG_THREADQS, &config_generic,
+#endif
+ "( OLcfgGlAt:95 NAME 'olcThreadQueues' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
#endif
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSECName", NULL, 2, 2, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_ECNAME|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:96 NAME 'olcTLSECName' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "TLSProtocolMin", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
"olcConnMaxPending $ olcConnMaxPendingAuth $ "
"olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
"olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
- "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ "
- "olcLocalSSF $ olcLogFile $ olcLogLevel $ "
+ "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexHash64 $ "
+ "olcIndexIntLen $ "
+ "olcListenerThreads $ olcLocalSSF $ olcLogFile $ olcLogLevel $ "
"olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
"olcPluginLogFile $ olcReadOnly $ olcReferral $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
"olcSecurity $ olcServerID $ olcSizeLimit $ "
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcTCPBuffer $ "
- "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
+ "olcThreads $ olcThreadQueues $ "
+ "olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
- "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
- "olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ "
+ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ "
+ "olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
{ "( OLcfgGlOc:2 "
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
"MUST olcDatabase "
- "MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
+ "MAY ( olcDisabled $ olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
"olcAddContentAcl $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
"NAME 'olcOverlayConfig' "
"DESC 'OpenLDAP Overlay-specific options' "
"SUP olcConfig STRUCTURAL "
- "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
+ "MUST olcOverlay "
+ "MAY olcDisabled )", Cft_Overlay, NULL, cfAddOverlay },
{ "( OLcfgGlOc:6 "
"NAME 'olcIncludeFile' "
"DESC 'OpenLDAP configuration include file' "
case CFG_THREADS:
c->value_int = connection_pool_max;
break;
+ case CFG_THREADQS:
+ c->value_int = connection_pool_queues;
+ break;
case CFG_TTHREADS:
c->value_int = slap_tool_thread_max;
break;
case CFG_DEPTH:
c->value_int = c->be->be_max_deref_depth;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ /* overlay */
+ if ( c->bi->bi_flags & SLAPO_BFLAG_DISABLED ) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ } else {
+ /* database */
+ if ( SLAP_DBDISABLED( c->be )) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ }
+ break;
case CFG_HIDDEN:
if ( SLAP_DBHIDDEN( c->be )) {
c->value_int = 1;
case CFG_SSTR_IF_MIN:
c->value_uint = index_substr_if_minlen;
break;
+ case CFG_IX_HASH64:
+ c->value_int = slap_hash64( -1 );
+ break;
case CFG_IX_INTLEN:
c->value_int = index_intlen;
break;
/* single-valued attrs, no-ops */
case CFG_CONCUR:
case CFG_THREADS:
+ case CFG_THREADQS:
case CFG_TTHREADS:
case CFG_LTHREADS:
case CFG_RO:
c->be->be_flags &= ~SLAP_DBFLAG_HIDDEN;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ c->bi->bi_flags &= ~SLAP_DBFLAG_DISABLED;
+ if ( c->bi->bi_db_open ) {
+ BackendInfo *bi_orig = c->be->bd_info;
+ c->be->bd_info = c->bi;
+ rc = c->bi->bi_db_open( c->be, &c->reply );
+ c->be->bd_info = bi_orig;
+ }
+ } else {
+ c->be->be_flags &= ~SLAP_DBFLAG_DISABLED;
+ rc = backend_startup_one( c->be, &c->reply );
+ }
+ break;
+
+ case CFG_IX_HASH64:
+ slap_hash64( 0 );
+ break;
+
case CFG_IX_INTLEN:
index_intlen = SLAP_INDEX_INTLEN_DEFAULT;
index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
connection_pool_max = c->value_int; /* save for reference */
break;
+ case CFG_THREADQS:
+ if ( c->value_int < 1 ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "threadqueuess=%d smaller than minimum value 1",
+ c->value_int );
+ Debug(LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->cr_msg, 0 );
+ return 1;
+ }
+ if ( slapMode & SLAP_SERVER_MODE )
+ ldap_pvt_thread_pool_queues(&connection_pool, c->value_int);
+ connection_pool_queues = c->value_int; /* save for reference */
+ break;
+
case CFG_TTHREADS:
if ( slapMode & SLAP_TOOL_MODE )
ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
return(1);
break;
+ case CFG_IX_HASH64:
+ if ( slap_hash64( c->value_int != 0 ))
+ return 1;
+ break;
+
case CFG_IX_INTLEN:
if ( c->value_int < SLAP_INDEX_INTLEN_DEFAULT )
c->value_int = SLAP_INDEX_INTLEN_DEFAULT;
index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
index_intlen );
break;
-
+
case CFG_SORTVALS: {
ADlist *svnew = NULL, *svtail, *sv;
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_MONITORING;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ if (c->value_int) {
+ if ( c->bi->bi_db_close ) {
+ BackendInfo *bi_orig = c->be->bd_info;
+ c->be->bd_info = c->bi;
+ c->bi->bi_db_close( c->be, &c->reply );
+ c->be->bd_info = bi_orig;
+ }
+ c->bi->bi_flags |= SLAPO_BFLAG_DISABLED;
+ } else {
+ c->bi->bi_flags &= ~SLAPO_BFLAG_DISABLED;
+ }
+ } else {
+ if (c->value_int) {
+ backend_shutdown( c->be );
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_DISABLED;
+ } else {
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_DISABLED;
+ }
+ }
+ break;
+
case CFG_HIDDEN:
if (c->value_int)
SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_HIDDEN;
loglevel_init();
}
+ if ( l == 0 ) {
+ return value_add_one( bva, ber_bvstr( "0" ) );
+ }
+
return mask_to_verbs( loglevel_ops, l, bva );
}
int opt = 1;
ldap_pvt_tls_ctx_free( slap_tls_ctx );
+ slap_tls_ctx = NULL;
/* Force new ctx to be created */
rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
/* This is a no-op if it's already loaded */
load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
+ } else {
+ if ( rc == LDAP_NOT_SUPPORTED )
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ else
+ rc = LDAP_OTHER;
}
}
return rc;
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
+ case CFG_TLS_ECNAME: flag = LDAP_OPT_X_TLS_ECNAME; break;
#ifdef HAVE_GNUTLS
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
#endif
}
ch_free( c->value_string );
c->cleanup = config_tls_cleanup;
- if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
+ if ( isdigit( (unsigned char)c->argv[1][0] ) && c->type != CFG_TLS_PROTOCOL_MIN ) {
if ( lutil_atoi( &i, c->argv[1] ) != 0 ) {
Debug(LDAP_DEBUG_ANY, "%s: "
"unable to parse %s \"%s\"\n",
ca->reply = msg;
}
- if ( ca->cleanup )
- ca->cleanup( ca );
+ if ( ca->cleanup ) {
+ i = ca->cleanup( ca );
+ if (rc == LDAP_SUCCESS)
+ rc = i;
+ }
out_noop:
if ( rc == LDAP_SUCCESS ) {
attrs_free( save_attrs );