]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/config.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added overlay objects
[openldap] / servers / slapd / config.c
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 8acb226066fedcf0b139d1681f1b95d012d62cc1..2f44de7ca0ebb0849d865fd0114585e3ba8972ff 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -39,6 +39,12 @@
 #include "slapi/slapi.h"
 #endif
 #include "lutil.h"
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif /* HAVE_LIMITS_H */
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif /* ! PATH_MAX */
 #include "config.h"
 
 #define ARGS_STEP      512
@@ -56,7 +62,6 @@ char          *ldap_srvtab = "";
 char           **default_passwd_hash = NULL;
 struct berval default_search_base = BER_BVNULL;
 struct berval default_search_nbase = BER_BVNULL;
-unsigned               num_subordinates = 0;
 
 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
@@ -84,50 +89,57 @@ static char *strtok_quote(char *line, char *sep);
 static int load_ucdata(char *path);
 #endif
 
+
+int read_config_file(const char *fname, int depth, ConfigArgs *cf);
+
 static int add_syncrepl LDAP_P(( Backend *, char **, int ));
 static int parse_syncrepl_line LDAP_P(( char **, int, syncinfo_t *));
 
-int config_generic(ConfigArgs *c);
-int config_search_base(ConfigArgs *c);
-int config_passwd_hash(ConfigArgs *c);
-int config_schema_dn(ConfigArgs *c);
-int config_sizelimit(ConfigArgs *c);
-int config_timelimit(ConfigArgs *c);
-int config_limits(ConfigArgs *c); 
-int config_overlay(ConfigArgs *c);
-int config_suffix(ConfigArgs *c); 
-int config_deref_depth(ConfigArgs *c);
-int config_rootdn(ConfigArgs *c);
-int config_rootpw(ConfigArgs *c);
-int config_restrict(ConfigArgs *c);
-int config_allows(ConfigArgs *c);
-int config_disallows(ConfigArgs *c);
-int config_requires(ConfigArgs *c);
-int config_security(ConfigArgs *c);
-int config_referral(ConfigArgs *c);
-int config_loglevel(ConfigArgs *c);
-int config_syncrepl(ConfigArgs *c);
-int config_replica(ConfigArgs *c);
-int config_updatedn(ConfigArgs *c);
-int config_updateref(ConfigArgs *c);
-int config_include(ConfigArgs *c);
+/* All of these table entries and handlers really belong
+ * in back-config, only the parser/table engine belongs here.
+ */
+/* state info for back-config */
+static ConfigFile cf_prv, *cfn = &cf_prv;
+
+static int config_fname(ConfigArgs *c);
+static int config_generic(ConfigArgs *c);
+static int config_search_base(ConfigArgs *c);
+static int config_passwd_hash(ConfigArgs *c);
+static int config_schema_dn(ConfigArgs *c);
+static int config_sizelimit(ConfigArgs *c);
+static int config_timelimit(ConfigArgs *c);
+static int config_limits(ConfigArgs *c); 
+static int config_overlay(ConfigArgs *c);
+static int config_suffix(ConfigArgs *c); 
+static int config_deref_depth(ConfigArgs *c);
+static int config_rootdn(ConfigArgs *c);
+static int config_rootpw(ConfigArgs *c);
+static int config_restrict(ConfigArgs *c);
+static int config_allows(ConfigArgs *c);
+static int config_disallows(ConfigArgs *c);
+static int config_requires(ConfigArgs *c);
+static int config_security(ConfigArgs *c);
+static int config_referral(ConfigArgs *c);
+static int config_loglevel(ConfigArgs *c);
+static int config_syncrepl(ConfigArgs *c);
+static int config_replica(ConfigArgs *c);
+static int config_updatedn(ConfigArgs *c);
+static int config_updateref(ConfigArgs *c);
+static int config_include(ConfigArgs *c);
 #ifdef HAVE_TLS
-int config_tls_option(ConfigArgs *c);
-int config_tls_verify(ConfigArgs *c);
-#endif
-#ifdef LDAP_SLAPI
-int config_plugin(ConfigArgs *c);
+static int config_tls_option(ConfigArgs *c);
+static int config_tls_verify(ConfigArgs *c);
 #endif
-int config_pluginlog(ConfigArgs *c);
 
 enum {
-       CFG_DATABASE = 1,
+       CFG_ACL = 1,
        CFG_BACKEND,
+       CFG_DATABASE,
        CFG_TLS_RAND,
        CFG_TLS_CIPHER,
        CFG_TLS_CERT_FILE,
        CFG_TLS_CERT_KEY,
-       CFG_TLS_CERT_PATH,
+       CFG_TLS_CA_PATH,
        CFG_TLS_CA_FILE,
        CFG_TLS_VERIFY,
        CFG_TLS_CRLCHECK,
@@ -138,8 +150,6 @@ enum {
        CFG_SALT,
        CFG_LIMITS,
        CFG_RO,
-       CFG_SUB,
-       CFG_SASLOPT,
        CFG_REWRITE,
        CFG_DEPTH,
        CFG_OID,
@@ -148,7 +158,6 @@ enum {
        CFG_ATTR,
        CFG_ATOPT,
        CFG_CHECK,
-       CFG_ACL,
        CFG_AUDITLOG,
        CFG_REPLOG,
        CFG_ROOTDSE,
@@ -156,124 +165,403 @@ enum {
        CFG_PLUGIN,
        CFG_MODLOAD,
        CFG_MODPATH,
-       CFG_LASTMOD
+       CFG_LASTMOD,
+       CFG_AZPOLICY,
+       CFG_AZREGEXP,
+       CFG_SASLSECP,
+       CFG_SSTR_IF_MAX,
+       CFG_SSTR_IF_MIN,
 };
 
-/* original config.c ordering */
-
-ConfigTable SystemConfiguration[] = {
-  { "backend",                 2,  2,  0,  "type",     ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND, &config_generic,      NULL, NULL, NULL },
-  { "database",                        2,  2,  0,  "type",     ARG_MAGIC|CFG_DATABASE, &config_generic,                NULL, NULL, NULL },
-  { "localSSF",                        2,  2,  0,  "ssf",      ARG_LONG,               &local_ssf,                     NULL, NULL, NULL },
-  { "concurrency",             2,  2,  0,  "level",    ARG_LONG|ARG_NONZERO|ARG_MAGIC|CFG_CONCUR, &config_generic, NULL, NULL, NULL },
-  { "index_substr_if_minlen",  2,  2,  0,  "min",      ARG_INT|ARG_NONZERO,    &index_substr_if_minlen,        NULL, NULL, NULL },
-  { "index_substr_if_maxlen",  2,  2,  0,  "max",      ARG_INT|ARG_NONZERO|ARG_SPECIAL, &index_substr_if_maxlen, NULL, NULL, NULL },
-  { "index_substr_any_len",    2,  2,  0,  "len",      ARG_INT|ARG_NONZERO,    &index_substr_any_len,          NULL, NULL, NULL },
-  { "index_substr_step",       2,  2,  0,  "step",     ARG_INT|ARG_NONZERO,    &index_substr_any_step,         NULL, NULL, NULL },
-  { "sockbuf_max_incoming",    2,  2,  0,  "max",      ARG_LONG,               &sockbuf_max_incoming,          NULL, NULL, NULL },
-  { "sockbuf_max_incoming_auth",2,  2,  0,  "max",     ARG_LONG,               &sockbuf_max_incoming_auth,     NULL, NULL, NULL },
-  { "conn_max_pending",                2,  2,  0,  "max",      ARG_LONG,               &slap_conn_max_pending,         NULL, NULL, NULL },
-  { "conn_max_pending_auth",   2,  2,  0,  "max",      ARG_LONG,               &slap_conn_max_pending_auth,    NULL, NULL, NULL },
-  { "defaultSearchBase",       2,  2,  0,  "dn",       ARG_MAGIC,              &config_search_base,            NULL, NULL, NULL },
-  { "threads",                 2,  2,  0,  "count",    ARG_INT|ARG_MAGIC|CFG_THREADS, &config_generic,         NULL, NULL, NULL },
-  { "pidfile",                 2,  2,  0,  "file",     ARG_STRING,             &slapd_pid_file,                NULL, NULL, NULL },
-  { "argsfile",                        2,  2,  0,  "file",     ARG_STRING,             &slapd_args_file,               NULL, NULL, NULL },
-  { "password-hash",           2,  2,  0,  "hash",     ARG_MAGIC,              &config_passwd_hash,            NULL, NULL, NULL },
-  { "password-crypt-salt-format",2, 2,  0,  "salt",    ARG_MAGIC|CFG_SALT,     &config_generic,                NULL, NULL, NULL },
+typedef struct {
+       char *name, *oid;
+} OidRec;
+
+static OidRec OidMacros[] = {
+       { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
+       { "OLcfgAt", "OLcfg:3" },
+       { "OLcfgOc", "OLcfg:4" },
+       { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
+       { "OMsInteger", "OMsyn:2" },
+       { "OMsBoolean", "OMsyn:7" },
+       { "OMsDN", "OMsyn:12" },
+       { "OMsDirectoryString", "OMsyn:15" },
+       { "OMsOctetString", "OMsyn:40" },
+       { NULL, NULL }
+};
+
+/* alphabetical ordering */
+
+static ConfigTable SystemConfiguration[] = {
+       /* This attr is read-only */
+       { "", "", 0, 0, 0, ARG_MAGIC|ARG_STRING,
+               &config_fname, "( OLcfgAt:78 NAME 'olcConfigFile' "
+                       "DESC 'File for slapd configuration directives' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
+               &config_generic, "( OLcfgAt:1 NAME 'olcAccess' "
+                       "DESC 'Access Control List' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+       { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
+               &config_allows, "( OLcfgAt:2 NAME 'olcAllows' "
+                       "DESC 'Allowed set of deprecated features' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "argsfile", "file", 2, 2, 0, ARG_STRING,
+               &slapd_args_file, "( OLcfgAt:3 NAME 'olcArgsFile' "
+                       "DESC 'File for slapd command line options' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       /* Use standard 'attributeTypes' attr */
+       { "attribute",  "attribute", 2, 0, 9, ARG_PAREN|ARG_MAGIC|CFG_ATTR,
+               &config_generic, NULL, NULL, NULL },
+       { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
+               &config_generic, "( OLcfgAt:5 NAME 'olcAttributeOptions' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "auth-rewrite", NULL, 2, 2, 14,
 #ifdef SLAP_AUTH_REWRITE
-  { "auth-rewrite",            2,  2, 14,  NULL,       ARG_MAGIC|CFG_REWRITE,  &config_generic,                NULL, NULL, NULL },
+               ARG_MAGIC|CFG_REWRITE, &config_generic,
+#else
+               ARG_IGNORED, NULL,
 #endif
-  { "sasl",                    2,  2,  4,  NULL,       ARG_MAGIC|CFG_SASLOPT,  &config_generic,                NULL, NULL, NULL },     /* XXX */
-  { "auth",                    2,  2,  4,  NULL,       ARG_MAGIC|CFG_SASLOPT,  &config_generic,                NULL, NULL, NULL },
-  { "schemadn",                        2,  2,  0,  "dn",       ARG_MAGIC,              &config_schema_dn,              NULL, NULL, NULL },
-  { "ucdata-path",             2,  2,  0,  "path",     ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
-  { "sizelimit",               2,  2,  0,  "limit",    ARG_MAGIC|CFG_SIZE,     &config_sizelimit,              NULL, NULL, NULL },
-  { "timelimit",               2,  2,  0,  "limit",    ARG_MAGIC|CFG_TIME,     &config_timelimit,              NULL, NULL, NULL },
-  { "limits",                  2,  2,  0,  "limits",   ARG_DB|ARG_MAGIC|CFG_LIMITS, &config_generic,           NULL, NULL, NULL },
-  { "subordinate",             1,  1,  0,  "sub",      ARG_DB|ARG_MAGIC|CFG_SUB, &config_generic,              NULL, NULL, NULL },
-  { "overlay",                 2,  2,  0,  "overlay",  ARG_DB|ARG_MAGIC,       &config_overlay,                NULL, NULL, NULL },
-  { "suffix",                  2,  2,  0,  "suffix",   ARG_DB|ARG_MAGIC,       &config_suffix,                 NULL, NULL, NULL },
-  { "maxDerefDepth",           2,  2,  0,  "depth",    ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH, &config_generic,    NULL, NULL, NULL },
-  { "rootdn",                  2,  2,  0,  "dn",       ARG_DB|ARG_MAGIC,       &config_rootdn,                 NULL, NULL, NULL },
-  { "rootpw",                  2,  2,  0,  "password", ARG_DB|ARG_MAGIC,       &config_rootpw,                 NULL, NULL, NULL },
-  { "readonly",                        2,  2,  0,  "on|off",   ARG_ON_OFF|ARG_MAGIC|CFG_RO, &config_generic,           NULL, NULL, NULL },
-  { "restrict",                        2,  0,  0,  "op_list",  ARG_MAGIC,              &config_restrict,               NULL, NULL, NULL },
-  { "allows",                  2,  0,  5,  "features", ARG_PRE_DB|ARG_MAGIC,   &config_allows,                 NULL, NULL, NULL },
-  { "disallows",               2,  0,  8,  "features", ARG_PRE_DB|ARG_MAGIC,   &config_disallows,              NULL, NULL, NULL },
-  { "require",                 2,  0,  7,  "features", ARG_MAGIC,              &config_requires,               NULL, NULL, NULL },
-  { "security",                        2,  0,  0,  "factors",  ARG_MAGIC,              &config_security,               NULL, NULL, NULL },
-  { "referral",                        2,  2,  0,  "url",      ARG_MAGIC,              &config_referral,               NULL, NULL, NULL },
-  { "logfile",                 2,  2,  0,  "file",     ARG_MAGIC|CFG_LOGFILE,  &config_generic,                NULL, NULL, NULL },
-  { "objectidentifier",                0,  0,  0,  NULL,       ARG_MAGIC|CFG_OID,      &config_generic,                NULL, NULL, NULL },
-  { "objectclass",             2,  0,  0,  "objectclass", ARG_PAREN|ARG_MAGIC|CFG_OC, &config_generic,         NULL, NULL, NULL },
-  { "ditcontentrule",          0,  0,  0,  NULL,       ARG_MAGIC|CFG_DIT,      &config_generic,                NULL, NULL, NULL },
-  { "attribute",               2,  0,  9,  "attribute", ARG_PAREN|ARG_MAGIC|CFG_ATTR, &config_generic,         NULL, NULL, NULL },
-  { "attributeoptions",                0,  0,  0,  NULL,       ARG_MAGIC|CFG_ATOPT,    &config_generic,                NULL, NULL, NULL },
-  { "schemacheck",             2,  2,  0,  "on|off",   ARG_ON_OFF|ARG_MAGIC|CFG_CHECK, &config_generic,        NULL, NULL, NULL },
-  { "access",                  0,  0,  0,  NULL,       ARG_MAGIC|CFG_ACL,      &config_generic,                NULL, NULL, NULL },
-  { "loglevel",                        2,  0,  0,  "level",    ARG_MAGIC,              &config_loglevel,               NULL, NULL, NULL },
-  { "syncrepl",                        0,  0,  0,  NULL,       ARG_DB|ARG_MAGIC,       &config_syncrepl,               NULL, NULL, NULL },
-  { "replica",                 2,  0,  0,  "host or uri", ARG_DB|ARG_MAGIC,    &config_replica,                NULL, NULL, NULL },
-  { "replicationInterval",     0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
-  { "updatedn",                        2,  2,  0,  "dn",       ARG_DB|ARG_MAGIC,       &config_updatedn,               NULL, NULL, NULL },
-  { "updateref",               2,  2,  0,  "url",      ARG_DB|ARG_MAGIC,       &config_updateref,              NULL, NULL, NULL },
-  { "replogfile",              2,  2,  0,  "filename", ARG_MAGIC|ARG_STRING|CFG_REPLOG,        &config_generic,                NULL, NULL, NULL },
-  { "rootDSE",                 2,  2,  0,  "filename", ARG_MAGIC|CFG_ROOTDSE,  &config_generic,                NULL, NULL, NULL },
-  { "lastmod",                 2,  2,  0,  "on|off",   ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD, &config_generic, NULL, NULL, NULL },
+                "( OLcfgAt:6 NAME 'olcAuthRewrite' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "authz-policy", "policy", 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
+               &config_generic, "( OLcfgAt:7 NAME 'olcAuthzPolicy' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
+               &config_generic, "( OLcfgAt:8 NAME 'olcAuthzRegexp' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+       { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
+               &config_generic, "( OLcfgAt:9 NAME 'olcBackend' "
+                       "DESC 'A type of backend' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_CONCUR,
+               &config_generic, "( OLcfgAt:10 NAME 'olcConcurrency' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "conn_max_pending", "max", 2, 2, 0, ARG_LONG,
+               &slap_conn_max_pending, "( OLcfgAt:11 NAME 'olcConnMaxPending' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "conn_max_pending_auth", "max", 2, 2, 0, ARG_LONG,
+               &slap_conn_max_pending_auth, "( OLcfgAt:12 NAME 'olcConnMaxPendingAuth' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
+               &config_generic, "( OLcfgAt:13 NAME 'olcDatabase' "
+                       "DESC 'The backend type for a database instance' "
+                       "SUP olcBackend )", NULL, NULL },
+       { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_MAGIC,
+               &config_search_base, "( OLcfgAt:14 NAME 'olcDefaultSearchBase' "
+                       "SYNTAX OMsDN )", NULL, NULL },
+       { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
+               &config_disallows, "( OLcfgAt:15 NAME 'olcDisallows' "
+                       "EQUALITY caseIgnoreMatch "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       /* use standard schema */
+       { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT,
+               &config_generic, NULL, NULL, NULL },
+       { "gentlehup", "on|off", 2, 2, 0,
 #ifdef SIGHUP
-  { "gentlehup",               2,  2,  0,  "on|off",   ARG_ON_OFF,             &global_gentlehup,              NULL, NULL, NULL },
+               ARG_ON_OFF, &global_gentlehup,
 #else
-  { "gentlehup",               2,  2,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
+               ARG_IGNORED, NULL,
 #endif
-  { "idletimeout",             2,  2,  0,  "timeout",  ARG_INT,                &global_idletimeout,            NULL, NULL, NULL },
+               "( OLcfgAt:17 NAME 'olcGentleHUP' "
+                       "SYNTAX OMsBoolean )", NULL, NULL },
+       { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
+               &global_idletimeout, "( OLcfgAt:18 NAME 'olcIdleTimeout' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
 /* XXX -- special case? */
-  { "include",                 2,  2,  0,  "filename", ARG_MAGIC,              &config_include,                NULL, NULL, NULL },
-  { "srvtab",                  2,  2,  0,  "filename", ARG_STRING,             &ldap_srvtab,                   NULL, NULL, NULL },
+       { "include", "file", 2, 2, 0, ARG_MAGIC,
+               &config_include, "( OLcfgAt:19 NAME 'olcInclude' "
+                       "SUP labeledURI )", NULL, NULL },
+       { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
+               &config_generic, "( OLcfgAt:20 NAME 'olcIndexSubstrIfMinLen' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
+               &config_generic, "( OLcfgAt:21 NAME 'olcIndexSubstrIfMaxLen' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
+               &index_substr_any_len, "( OLcfgAt:22 NAME 'olcIndexSubstrAnyLen' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "index_substr_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
+               &index_substr_any_step, "( OLcfgAt:23 NAME 'olcIndexSubstrAnyStep' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
+               &config_generic, "( OLcfgAt:24 NAME 'olcLastMod' "
+                       "SYNTAX OMsBoolean )", NULL, NULL },
+       { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
+               &config_generic, "( OLcfgAt:25 NAME 'olcLimits' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "localSSF", "ssf", 2, 2, 0, ARG_LONG,
+               &local_ssf, "( OLcfgAt:26 NAME 'olcLocalSSF' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "logfile", "file", 2, 2, 0, ARG_MAGIC|CFG_LOGFILE,
+               &config_generic, "( OLcfgAt:27 NAME 'olcLogFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
+               &config_loglevel, "( OLcfgAt:28 NAME 'olcLogLevel' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
+               &config_generic, "( OLcfgAt:29 NAME 'olcMaxDerefDepth' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "moduleload", "file", 2, 0, 0,
 #ifdef SLAPD_MODULES
-  { "moduleload",              2,  2,  0,  "filename", ARG_MAGIC|CFG_MODLOAD,  &config_generic,                NULL, NULL, NULL },
-  { "modulepath",              2,  2,  0,  "path",     ARG_MAGIC|CFG_MODPATH,  &config_generic,                NULL, NULL, NULL },
+               ARG_MAGIC|CFG_MODLOAD, &config_generic,
+#else
+               ARG_IGNORED, NULL,
 #endif
-#ifdef HAVE_TLS
-  { "TLSRandFile",             0,  0,  0,  NULL,       CFG_TLS_RAND|ARG_MAGIC,         &config_tls_option,     NULL, NULL, NULL },
-  { "TLSCipherSuite",          0,  0,  0,  NULL,       CFG_TLS_CIPHER|ARG_MAGIC,       &config_tls_option,     NULL, NULL, NULL },
-  { "TLSCertificateFile",      0,  0,  0,  NULL,       CFG_TLS_CERT_FILE|ARG_MAGIC,    &config_tls_option,     NULL, NULL, NULL },
-  { "TLSCertificateKeyFile",   0,  0,  0,  NULL,       CFG_TLS_CERT_KEY|ARG_MAGIC,     &config_tls_option,     NULL, NULL, NULL },
-  { "TLSCertificatePath",      0,  0,  0,  NULL,       CFG_TLS_CERT_PATH|ARG_MAGIC,    &config_tls_option,     NULL, NULL, NULL },
-  { "TLSCACertificateFile",    0,  0,  0,  NULL,       CFG_TLS_CA_FILE|ARG_MAGIC,      &config_tls_option,     NULL, NULL, NULL },
-#ifdef HAVE_OPENSSL_CRL
-  { "TLSCRLCheck",             0,  0,  0,  NULL,       CFG_TLS_CRLCHECK|ARG_MAGIC,     &config_tls_option,     NULL, NULL, NULL },
+               "( OLcfgAt:30 NAME 'olcModuleLoad' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "modulepath", "path", 2, 2, 0,
+#ifdef SLAPD_MODULES
+               ARG_MAGIC|CFG_MODPATH, &config_generic,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:31 NAME 'olcModulePath' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       /* use standard schema */
+       { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC,
+               &config_generic, NULL, NULL, NULL },
+       { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
+               &config_generic, "( OLcfgAt:33 NAME 'olcObjectIdentifier' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
+               &config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' "
+                       "SUP olcDatabase )", NULL, NULL },
+       { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_MAGIC|CFG_SALT,
+               &config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
+               &config_passwd_hash, "( OLcfgAt:36 NAME 'olcPasswordHash' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "pidfile", "file", 2, 2, 0, ARG_STRING,
+               &slapd_pid_file, "( OLcfgAt:37 NAME 'olcPidFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "plugin", NULL, 0, 0, 0,
+#ifdef LDAP_SLAPI
+               ARG_MAGIC|CFG_PLUGIN, &config_generic,
 #else
-  { "TLSCRLCheck",             0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
+               ARG_IGNORED, NULL,
 #endif
-  { "TLSVerifyClient",         0,  0,  0,  NULL,       CFG_TLS_VERIFY|ARG_MAGIC,       &config_tls_verify,     NULL, NULL, NULL },
+               "( OLcfgAt:38 NAME 'olcPlugin' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "pluginlog", "filename", 2, 2, 0,
+#ifdef LDAP_SLAPI
+               ARG_STRING, &slapi_log_file,
+#else
+               ARG_IGNORED, NULL,
 #endif
+               "( OLcfgAt:39 NAME 'olcPluginLogFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
+               &config_generic, "( OLcfgAt:40 NAME 'olcReadOnly' "
+                       "SYNTAX OMsBoolean )", NULL, NULL },
+       { "referral", "url", 2, 2, 0, ARG_MAGIC,
+               &config_referral, "( OLcfgAt:41 NAME 'olcReferral' "
+                       "SUP labeledURI )", NULL, NULL },
+       { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
+               &config_replica, "( OLcfgAt:42 NAME 'olcReplica' "
+                       "SUP labeledURI )", NULL, NULL },
+       { "replica-pidfile", NULL, 0, 0, 0, ARG_IGNORED,
+               NULL, "( OLcfgAt:43 NAME 'olcReplicaPidFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "replica-argsfile", NULL, 0, 0, 0, ARG_IGNORED,
+               NULL, "( OLcfgAt:44 NAME 'olcReplicaArgsFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "replicationInterval", NULL, 0, 0, 0, ARG_IGNORED,
+               NULL, "( OLcfgAt:45 NAME 'olcReplicationInterval' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
+               &config_generic, "( OLcfgAt:46 NAME 'olcReplogFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
+               &config_requires, "( OLcfgAt:47 NAME 'olcRequires' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_restrict, "( OLcfgAt:48 NAME 'olcRestrict' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "reverse-lookup", "on|off", 2, 2, 0,
 #ifdef SLAPD_RLOOKUPS
-  { "reverse-lookup",          2,  2,  0,  "on|off",   ARG_ON_OFF,             &use_reverse_lookup,            NULL, NULL, NULL },
+               ARG_ON_OFF, &use_reverse_lookup,
 #else
-  { "reverse-lookup",          2,  2,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
+               ARG_IGNORED, NULL,
 #endif
-#ifdef LDAP_SLAPI
-  { "plugin",                  0,  0,  0,  NULL,       ARG_MAGIC|CFG_PLUGIN,   &config_generic,                NULL, NULL, NULL },
-  { "pluginlog",               2,  2,  0,  "filename", ARG_STRING,             &slapi_log_file,                NULL, NULL, NULL },
+               "( OLcfgAt:49 NAME 'olcReverseLookup' "
+                       "SYNTAX OMsBoolean )", NULL, NULL },
+       { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
+               &config_rootdn, "( OLcfgAt:50 NAME 'olcRootDN' "
+                       "SYNTAX OMsDN )", NULL, NULL },
+       { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
+               &config_generic, "( OLcfgAt:51 NAME 'olcRootDSE' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "rootpw", "password", 2, 2, 0, ARG_STRING|ARG_DB|ARG_MAGIC,
+               &config_rootpw, "( OLcfgAt:52 NAME 'olcRootPW' "
+                       "SYNTAX OMsOctetString )", NULL, NULL },
+       { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
+               &config_generic, NULL, NULL, NULL },
+       { "sasl-host", "host", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+               ARG_STRING|ARG_UNIQUE, &global_host,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:53 NAME 'olcSaslHost' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "sasl-realm", "realm", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+               ARG_STRING|ARG_UNIQUE, &global_realm,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:54 NAME 'olcSaslRealm' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "sasl-regexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
+               &config_generic, NULL, NULL, NULL },
+       { "sasl-secprops", "properties", 2, 2, 0,
+#ifdef HAVE_CYRUS_SASL
+               ARG_MAGIC|CFG_SASLSECP, &config_generic,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:56 NAME 'olcSaslSecProps' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "saslRegexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
+               &config_generic, NULL, NULL, NULL },
+       { "schemacheck", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_CHECK,
+               &config_generic, "( OLcfgAt:57 NAME 'olcSchemaCheck' "
+                       "SYNTAX OMsBoolean )", NULL, NULL },
+       { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_MAGIC,
+               &config_schema_dn, "( OLcfgAt:58 NAME 'olcSchemaDN' "
+                       "SYNTAX OMsDN )", NULL, NULL },
+       { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
+               &config_security, "( OLcfgAt:59 NAME 'olcSecurity' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "sizelimit", "limit", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|CFG_SIZE,
+               &config_sizelimit, "( OLcfgAt:60 NAME 'olcSizeLimit' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_LONG,
+               &sockbuf_max_incoming, "( OLcfgAt:61 NAME 'olcSockbufMaxIncoming' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_LONG,
+               &sockbuf_max_incoming_auth, "( OLcfgAt:62 NAME 'olcSockbufMaxIncomingAuth' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "srvtab", "file", 2, 2, 0,
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+               ARG_STRING, &ldap_srvtab,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:63 NAME 'olcSrvtab' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
+               &config_suffix, "( OLcfgAt:64 NAME 'olcSuffix' "
+                       "SYNTAX OMsDN )", NULL, NULL },
+       { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
+               &config_syncrepl, "( OLcfgAt:65 NAME 'olcSyncrepl' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
+               &config_generic, "( OLcfgAt:66 NAME 'olcThreads' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "timelimit", "limit", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|CFG_TIME,
+               &config_timelimit, "( OLcfgAt:67 NAME 'olcTimeLimit' "
+                       "SYNTAX OMsInteger )", NULL, NULL },
+       { "TLSCACertificateFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CA_FILE|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:68 NAME 'olcTLSCACertificateFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSCACertificatePath", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CA_PATH|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:69 NAME 'olcTLSCACertificatePath' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSCertificateFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CERT_FILE|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:70 NAME 'olcTLSCertificateFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSCertificateKeyFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CERT_KEY|ARG_MAGIC, &config_tls_option,
 #else
-  { "plugin",                  0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
-  { "pluginlog",               0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
+               ARG_IGNORED, NULL,
 #endif
-  { "replica-pidfile",         0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
-  { "replica-argsfile",                0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL },
-  { NULL,                      0,  0,  0,  NULL,       ARG_IGNORED,            NULL,                           NULL, NULL, NULL }
+               "( OLcfgAt:71 NAME 'olcTLSCertificateKeyFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSCipherSuite",     NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CIPHER|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:72 NAME 'olcTLSCipherSuite' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSCRLCheck", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_CRLCHECK|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:73 NAME 'olcTLSCRLCheck' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSRandFile", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_RAND|ARG_MAGIC, &config_tls_option,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:74 NAME 'olcTLSRandFile' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "TLSVerifyClient", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+               CFG_TLS_VERIFY|ARG_MAGIC, &config_tls_verify,
+#else
+               ARG_IGNORED, NULL,
+#endif
+               "( OLcfgAt:75 NAME 'olcTLSVerifyClient' "
+                       "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
+               NULL, NULL, NULL, NULL },
+       { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_MAGIC,
+               &config_updatedn, "( OLcfgAt:76 NAME 'olcUpdateDN' "
+                       "SYNTAX OMsDN )", NULL, NULL },
+       { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
+               &config_updateref, "( OLcfgAt:77 NAME 'olcUpdateRef' "
+                       "SUP labeledURI )", NULL, NULL },
+       { NULL, NULL, 0, 0, 0, ARG_IGNORED,
+               NULL, NULL, NULL, NULL }
 };
 
 
 ConfigArgs *
-new_config_args(BackendDB *be, const char *fname, int lineno, int argc, char **argv) {
+new_config_args( BackendDB *be, const char *fname, int lineno, int argc, char **argv )
+{
        ConfigArgs *c;
-       if(!(c = ch_calloc(1, sizeof(ConfigArgs)))) return(NULL);
+       c = ch_calloc( 1, sizeof( ConfigArgs ) );
+       if ( c == NULL ) return(NULL);
        c->be     = be; 
        c->fname  = fname;
        c->argc   = argc;
        c->argv   = argv; 
        c->lineno = lineno;
+       snprintf( c->log, sizeof( c->log ), "%s: line %lu", fname, lineno );
        return(c);
 }
 
@@ -287,79 +575,102 @@ int parse_config_table(ConfigTable *Conf, ConfigArgs *c) {
        if(!Conf[i].name) return(ARG_UNKNOWN);
        arg_type = Conf[i].arg_type;
        if(arg_type == ARG_IGNORED) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: keyword <%s> ignored\n",
-                       c->fname, c->lineno, Conf[i].name);
+               Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
+                       c->log, Conf[i].name, 0);
                return(0);
        }
        if(Conf[i].min_args && (c->argc < Conf[i].min_args)) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: ", c->fname, c->lineno, 0);
-               Debug(LDAP_DEBUG_CONFIG, "keyword <%s> missing <%s> argument\n", Conf[i].name, Conf[i].what, 0);
+               Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> missing <%s> argument\n",
+                       c->log, Conf[i].name, Conf[i].what);
                return(ARG_BAD_CONF);
        }
        if(Conf[i].max_args && (c->argc > Conf[i].max_args)) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: ", c->fname, c->lineno, 0);
-               Debug(LDAP_DEBUG_CONFIG, "extra cruft after <%s> in <%s> line (ignored)\n", Conf[i].what, Conf[i].name, 0);
+               Debug(LDAP_DEBUG_CONFIG, "%s: extra cruft after <%s> in <%s> line (ignored)\n",
+                       c->log, Conf[i].what, Conf[i].name);
        }
        if((arg_type & ARG_DB) && !c->be) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: keyword <%s> allowed only within database declaration\n",
-                       c->fname, c->lineno, Conf[i].name);
+               Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> allowed only within database declaration\n",
+                       c->log, Conf[i].name, 0);
+               return(ARG_BAD_CONF);
+       }
+       if((arg_type & ARG_PRE_BI) && c->bi) {
+               Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> must appear before any backend %sdeclaration\n",
+                       c->log, Conf[i].name, ((arg_type & ARG_PRE_DB)
+                       ? "or database " : "") );
                return(ARG_BAD_CONF);
        }
-       if((arg_type & ARG_PRE_DB) && c->be) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: keyword <%s> must appear before any database declaration\n",
-                       c->fname, c->lineno, Conf[i].name);
+       if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) {
+               Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> must appear before any database declaration\n",
+                       c->log, Conf[i].name, 0);
                return(ARG_BAD_CONF);
        }
        if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: old <%s> format not supported\n", c->fname, c->lineno, Conf[i].name);
+               Debug(LDAP_DEBUG_CONFIG, "%s: old <%s> format not supported\n",
+                       c->log, Conf[i].name, 0);
                return(ARG_BAD_CONF);
        }
        if((arg_type & ARGS_POINTER) && !Conf[i].arg_item) {
-               Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: null arg_item for <%s>\n", c->fname, c->lineno, Conf[i].name);
+               Debug(LDAP_DEBUG_CONFIG, "%s: null arg_item for <%s>\n",
+                       c->log, Conf[i].name, 0);
                return(ARG_BAD_CONF);
        }
        c->type = arg_user = (arg_type & ARGS_USERLAND);
-       c->value_int = c->value_long = c->value_ber_t = 0;
-       c->value_string = NULL;
+       memset(&c->values, 0, sizeof(c->values));
        if(arg_type & ARGS_NUMERIC) {
+               int j;
                iarg = 0; larg = 0; barg = 0;
                switch(arg_type & ARGS_NUMERIC) {
                        case ARG_INT:           iarg = atoi(c->argv[1]);                break;
                        case ARG_LONG:          larg = atol(c->argv[1]);                break;
                        case ARG_BER_LEN_T:     barg = (ber_len_t)atol(c->argv[1]);     break;
                        case ARG_ON_OFF:
-                               if(!strcasecmp(c->argv[1], "on")) {
+                               if(!strcasecmp(c->argv[1], "on") ||
+                                       !strcasecmp(c->argv[1], "true")) {
                                        iarg = 1;
-                               } else if(!strcasecmp(c->argv[1], "off")) {
+                               } else if(!strcasecmp(c->argv[1], "off") ||
+                                       !strcasecmp(c->argv[1], "false")) {
                                        iarg = 0;
                                } else {
-                                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: ignoring ", c->fname, c->lineno, 0);
+                                       Debug(LDAP_DEBUG_CONFIG, "%s: ignoring ", c->log, 0, 0);
                                        Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%s) in <%s> line\n",
                                                Conf[i].what, c->argv[1], Conf[i].name);
                                        return(0);
                                }
                                break;
                }
-               i = (arg_type & ARG_NONZERO) ? 1 : 0;
-               rc = (Conf == SystemConfiguration) ? ((arg_type & ARG_SPECIAL) && (larg < index_substr_if_maxlen)) : 0;
-               if(iarg < i || larg < i || barg < i || rc) {
+               j = (arg_type & ARG_NONZERO) ? 1 : 0;
+               if(iarg < j || larg < j || barg < j ) {
                        larg = larg ? larg : (barg ? barg : iarg);
-                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: " , c->fname, c->lineno, 0);
+                       Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
                        Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%ld) in <%s> line\n", Conf[i].what, larg, Conf[i].name);
                        return(ARG_BAD_CONF);
                }
-               c->value_int = iarg;
-               c->value_long = larg;
-               c->value_ber_t = barg;
+               switch(arg_type & ARGS_NUMERIC) {
+                       case ARG_ON_OFF:
+                       case ARG_INT:           c->value_int = iarg;            break;
+                       case ARG_LONG:          c->value_long = larg;           break;
+                       case ARG_BER_LEN_T:     c->value_ber_t = barg;          break;
+               }
+       } else if(arg_type & ARG_STRING) {
+                c->value_string = ch_strdup(c->argv[1]);
+       } else if(arg_type & ARG_DN) {
+               struct berval bv;
+               ber_str2bv( c->argv[1], 0, 0, &bv );
+               rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
+               if ( rc != LDAP_SUCCESS ) {
+                       Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
+                       Debug(LDAP_DEBUG_CONFIG, "%s DN is invalid %d (%s)\n",
+                               Conf[i].name, rc, ldap_err2string( rc ));
+                       return(ARG_BAD_CONF);
+               }
        }
-       if(arg_type & ARG_STRING) c->value_string = ch_strdup(c->argv[1]);
        if(arg_type & ARG_MAGIC) {
                if(!c->be) c->be = frontendDB;
                rc = (*((ConfigDriver*)Conf[i].arg_item))(c);
                if(c->be == frontendDB) c->be = NULL;
                if(rc) {
-                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: ", c->fname, c->lineno, 0);
-                       Debug(LDAP_DEBUG_CONFIG, "handler for <%s> exited with %d!", Conf[i].name, rc, 0);
+                       Debug(LDAP_DEBUG_CONFIG, "%s: handler for <%s> exited with %d!",
+                               c->log, Conf[i].name, rc);
                        return(ARG_BAD_CONF);
                }
                return(0);
@@ -371,32 +682,132 @@ int parse_config_table(ConfigTable *Conf, ConfigArgs *c) {
                        case ARG_BER_LEN_T:     *((ber_len_t*)Conf[i].arg_item)         = barg;                 break;
                        case ARG_STRING: {
                                char *cc = *((char**)Conf[i].arg_item);
-                               if(cc) ch_free(cc);     /* potential memory leak */
-                               cc = c->value_string;
-                               /* memcpy(Conf[i].arg_item, &c->value_string, sizeof(void *)); */
+                               if(cc) {
+                                       if (arg_type & ARG_UNIQUE) {
+                                               Debug(LDAP_DEBUG_CONFIG, "%s: already set %s!\n",
+                                                       c->log, Conf[i].name, 0 );
+                                               return(ARG_BAD_CONF);
+                                       }
+                                       ch_free(cc);    /* potential memory leak */
+                               }
+                               *(char **)Conf[i].arg_item = c->value_string;
                                break;
                                }
        }
        return(arg_user);
 }
 
+int
+config_get_vals(ConfigTable *cf, ConfigArgs *c)
+{
+       int rc = 0;
+       struct berval bv;
+
+       if ( cf->arg_type & ARG_IGNORED ) {
+               return 1;
+       }
+
+       memset(&c->values, 0, sizeof(c->values));
+       c->rvalue_vals = NULL;
+       c->rvalue_nvals = NULL;
+       c->emit = 1;
+       c->type = cf->arg_type & ARGS_USERLAND;
+
+       if ( cf->arg_type & ARG_MAGIC ) {
+               rc = (*((ConfigDriver*)cf->arg_item))(c);
+               if ( rc ) return rc;
+       } else {
+               switch(cf->arg_type & ARGS_POINTER) {
+               case ARG_ON_OFF:
+               case ARG_INT:   c->value_int = *(int *)cf->arg_item; break;
+               case ARG_LONG:  c->value_long = *(long *)cf->arg_item; break;
+               case ARG_BER_LEN_T:     c->value_ber_t = *(ber_len_t *)cf->arg_item; break;
+               case ARG_STRING:        c->value_string = *(char **)cf->arg_item; break;
+               }
+       }
+       if ( cf->arg_type & ARGS_POINTER) {
+               bv.bv_val = c->log;
+               switch(cf->arg_type & ARGS_POINTER) {
+               case ARG_INT: bv.bv_len = sprintf(bv.bv_val, "%d", c->value_int); break;
+               case ARG_LONG: bv.bv_len = sprintf(bv.bv_val, "%l", c->value_long); break;
+               case ARG_BER_LEN_T: bv.bv_len =sprintf(bv.bv_val, "%l",c->value_ber_t); break;
+               case ARG_ON_OFF: bv.bv_len = sprintf(bv.bv_val, "%s",
+                       c->value_int ? "TRUE" : "FALSE"); break;
+               case ARG_STRING:
+                       if ( c->value_string && c->value_string[0]) {
+                               ber_str2bv( c->value_string, 0, 0, &bv);
+                       } else {
+                               rc = 1;
+                       }
+                       break;
+               }
+               ber_bvarray_add(&c->rvalue_vals, &bv);
+       }
+       return rc;
+}
+
+int
+init_config_attrs(ConfigTable *ct) {
+       LDAPAttributeType *at;
+       int i, code;
+       const char *err;
+
+       for (i=0; ct[i].name; i++ ) {
+               if ( !ct[i].attribute ) continue;
+               at = ldap_str2attributetype( ct[i].attribute,
+                       &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+               if ( !at ) {
+                       fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
+                               ct[i].attribute, ldap_scherr2str(code), err );
+                       return code;
+               }
+               code = at_add( at, &err );
+               if ( code ) {
+                       fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
+                               ct[i].attribute, scherr2str(code), err );
+                       return code;
+               }
+               code = slap_str2ad( at->at_names[0], &ct[i].ad, &err );
+               if ( code ) {
+                       fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s\n",
+                               ct[i].attribute, err );
+                       return code;
+               }
+               ldap_memfree( at );
+       }
+}
+
 int
 read_config(const char *fname, int depth) {
-       return(read_config_file(fname, depth, NULL));
+       int i;
+       char *argv[3];
+
+       /* Schema initialization should normally be part of bi_open */
+       for (i=0; OidMacros[i].name; i++ ) {
+               argv[1] = OidMacros[i].name;
+               argv[2] = OidMacros[i].oid;
+               parse_oidm( "slapd", i, 3, argv );
+       }
+       i = init_config_attrs(SystemConfiguration);
+       if ( i ) return i;
+       config_back_init( &cf_prv, SystemConfiguration );
+       return read_config_file(fname, depth, NULL);
 }
 
 int
-read_config_file(char *fname, int depth, ConfigArgs *cf)
+read_config_file(const char *fname, int depth, ConfigArgs *cf)
 {
        FILE *fp;
-       char *line, *savefname;
        ConfigArgs *c;
-       int rc, i;
+       int rc;
 
-       c = ch_calloc(1, sizeof(ConfigArgs));
+       c = ch_calloc( 1, sizeof( ConfigArgs ) );
+       if ( c == NULL ) {
+               return 1;
+       }
 
-       if(depth) {
-               memcpy(c, cf, sizeof(ConfigArgs));
+       if ( depth ) {
+               memcpy( c, cf, sizeof( ConfigArgs ) );
        } else {
                c->depth = depth; /* XXX */
                c->bi = NULL;
@@ -404,73 +815,106 @@ read_config_file(char *fname, int depth, ConfigArgs *cf)
        }
 
        c->fname = fname;
-       c->argv = ch_calloc(ARGS_STEP + 1, sizeof(*c->argv));
+       c->argv = ch_calloc( ARGS_STEP + 1, sizeof( *c->argv ) );
        c->argv_size = ARGS_STEP + 1;
 
-       if((fp = fopen(fname, "r")) == NULL) {
+       fp = fopen( fname, "r" );
+       if ( fp == NULL ) {
                ldap_syslog = 1;
                Debug(LDAP_DEBUG_ANY,
                    "could not open config file \"%s\": %s (%d)\n",
                    fname, strerror(errno), errno);
                return(1);
        }
+#ifdef SLAPD_MODULES
+       cfn->c_modlast = &cfn->c_modpaths;
+#endif
+       ber_str2bv( fname, 0, 1, &cfn->c_file );
+       fname = cfn->c_file.bv_val;
 
        Debug(LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0);
 
        fp_getline_init(c);
 
-       while(fp_getline(fp, c)) {
+       while ( fp_getline( fp, c ) ) {
                /* skip comments and blank lines */
-               if(c->line[0] == '#' || c->line[0] == '\0') continue;
-               if(fp_parse_line(c)) goto badline;
+               if ( c->line[0] == '#' || c->line[0] == '\0' ) {
+                       continue;
+               }
+
+               snprintf( c->log, sizeof( c->log ), "%s: line %lu",
+                               c->fname, c->lineno );
+
+               if ( fp_parse_line( c ) ) {
+                       goto badline;
+               }
 
-               if(c->argc < 1) {
-                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: bad config line (ignored)\n", fname, c->lineno, 0);
+               if ( c->argc < 1 ) {
+                       Debug(LDAP_DEBUG_CONFIG, "%s: bad config line (ignored)\n", c->log, 0, 0);
                        continue;
                }
 
-               rc = parse_config_table(SystemConfiguration, c);
-               if(!rc) continue;
-               if(rc & ARGS_USERLAND) switch(rc) {     /* XXX a usertype would be opaque here */
-                       default:        Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: unknown user type <%d>\n",
-                                               c->fname, c->lineno, *c->argv);
-                                       goto badline;
-               } else if(rc == ARG_BAD_CONF || rc != ARG_UNKNOWN) {
+               rc = parse_config_table( SystemConfiguration, c );
+               if ( !rc ) {
+                       continue;
+               }
+               if ( rc & ARGS_USERLAND ) {
+                       switch(rc) {    /* XXX a usertype would be opaque here */
+                       default:
+                               Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%d>\n",
+                                       c->log, *c->argv, 0);
+                               goto badline;
+                       }
+
+               } else if ( rc == ARG_BAD_CONF || rc != ARG_UNKNOWN ) {
                        goto badline;
-               } else if(c->bi && c->bi->bi_config) {          /* XXX to check: could both be/bi_config? oops */
-                       if(rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno, c->argc, c->argv)) switch(rc) {
+                       
+               } else if ( c->bi && c->bi->bi_config ) {               /* XXX to check: could both be/bi_config? oops */
+                       rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno, c->argc, c->argv);
+                       if ( rc ) {
+                               switch(rc) {
                                case SLAP_CONF_UNKNOWN:
-                                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_CONFIG, "%s: "
                                                "unknown directive <%s> inside backend info definition (ignored)\n",
-                                               c->fname, c->lineno, *c->argv);
+                                               c->log, *c->argv, 0);
                                        continue;
                                default:
                                        goto badline;
+                               }
                        }
-               } else if(c->be && c->be->be_config) {
-                       if(rc = (*c->be->be_config)(c->be, c->fname, c->lineno, c->argc, c->argv)) switch(rc) {
+                       
+               } else if ( c->be && c->be->be_config ) {
+                       rc = (*c->be->be_config)(c->be, c->fname, c->lineno, c->argc, c->argv);
+                       if ( rc ) {
+                               switch(rc) {
                                case SLAP_CONF_UNKNOWN:
-                                       Debug( LDAP_DEBUG_CONFIG, "%s: line %lu: "
+                                       Debug( LDAP_DEBUG_CONFIG, "%s: "
                                                "unknown directive <%s> inside backend database definition (ignored)\n",
-                                               c->fname, c->lineno, *c->argv);
+                                               c->log, *c->argv, 0);
                                        continue;
                                default:
                                        goto badline;
+                               }
                        }
-               } else if(frontendDB->be_config) {
-                       if(rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv)) switch(rc) {
+
+               } else if ( frontendDB->be_config ) {
+                       rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv);
+                       if ( rc ) {
+                               switch(rc) {
                                case SLAP_CONF_UNKNOWN:
-                                       Debug( LDAP_DEBUG_CONFIG, "%s: line %lu: "
-                                               "%s: line %lu: unknown directive <%s> inside global database definition (ignored)\n",
-                                               c->fname, c->lineno, *c->argv);
+                                       Debug( LDAP_DEBUG_CONFIG, "%s: "
+                                               "unknown directive <%s> inside global database definition (ignored)\n",
+                                               c->log, *c->argv, 0);
                                        continue;
                                default:
                                        goto badline;
+                               }
                        }
+                       
                } else {
-                       Debug(LDAP_DEBUG_CONFIG, "%s: line %lu: "
+                       Debug(LDAP_DEBUG_CONFIG, "%s: "
                                "unknown directive <%s> outside backend info and database definitions (ignored)\n",
-                               c->fname, c->lineno, *c->argv);
+                               c->log, *c->argv, 0);
                        continue;
 
                }
@@ -479,9 +923,16 @@ read_config_file(char *fname, int depth, ConfigArgs *cf)
        fclose(fp);
 
        if ( BER_BVISNULL( &frontendDB->be_schemadn ) ) {
-               ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
+               ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
                        &frontendDB->be_schemadn );
-               dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
+               rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
+               if ( rc != LDAP_SUCCESS ) {
+                       Debug(LDAP_DEBUG_ANY, "%s: "
+                               "unable to normalize default schema DN \"%s\"\n",
+                               c->log, frontendDB->be_schemadn.bv_val, 0 );
+                       /* must not happen */
+                       assert( 0 );
+               }
        }
 
        ch_free(c->argv);
@@ -495,31 +946,82 @@ badline:
        return(1);
 }
 
-int
+static int
 config_generic(ConfigArgs *c) {
-       char *p = strchr(c->line,'(' /*')'*/);
+       char *p;
        int i;
 
+       if ( c->emit ) {
+               int rc = 0;
+               switch(c->type) {
+               case CFG_CONCUR:
+                       c->value_int = ldap_pvt_thread_get_concurrency();
+                       break;
+               case CFG_THREADS:
+                       c->value_int = connection_pool_max; break;
+                       break;
+               case CFG_RO:
+                       c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) != 0;
+                       break;
+               case CFG_DEPTH:
+                       c->value_int = c->be->be_max_deref_depth;
+                       break;
+               case CFG_CHECK:
+                       c->value_int = global_schemacheck;
+                       break;
+               case CFG_REPLOG:
+                       c->value_string = c->be->be_replogfile;
+                       break;
+               case CFG_ROOTDSE: {
+                       ConfigFile *cf = (ConfigFile *)c->line;
+                       if ( cf->c_dseFiles ) {
+                               c->rvalue_vals = cf->c_dseFiles;
+                       } else {
+                               rc = 1;
+                       }
+                       }
+                       break;
+               case CFG_LASTMOD:
+                       c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
+                       break;
+               case CFG_SSTR_IF_MAX:
+                       c->value_int = index_substr_if_maxlen;
+                       break;
+               case CFG_SSTR_IF_MIN:
+                       c->value_int = index_substr_if_minlen;
+                       break;
+               default:
+                       rc = 1;
+               }
+               return rc;
+       }
+
+       p = strchr(c->line,'(' /*')'*/);
        switch(c->type) {
                case CFG_BACKEND:
                        if(!(c->bi = backend_info(c->argv[1]))) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                                       "backend %s failed init!\n", c->fname, c->lineno, c->argv[1]);
+                               Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "backend %s failed init!\n", c->log, c->argv[1], 0);
                                return(1);
                        }
                        break;
 
                case CFG_DATABASE:
                        c->bi = NULL;
-                       if(!(c->be = backend_db_init(c->argv[1]))) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                                       "database %s failed init!\n", c->fname, c->lineno, c->argv[1]);
+                       /* FIXME - config should probably be the
+                        * last backend, not the first.
+                        */
+                       if ( !strcasecmp( c->argv[1], "config" )) {
+                               c->be = backendDB;
+                       } else if(!(c->be = backend_db_init(c->argv[1]))) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "database %s failed init!\n", c->log, c->argv[1], 0);
                                return(1);
                        }
                        break;
 
                case CFG_CONCUR:
-                       ldap_pvt_thread_set_concurrency(c->value_long);
+                       ldap_pvt_thread_set_concurrency(c->value_int);
                        break;
 
                case CFG_THREADS:
@@ -543,16 +1045,32 @@ config_generic(ConfigArgs *c) {
                                c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
                        break;
 
-               case CFG_SUB:
-                       SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
-                       num_subordinates++;
+               case CFG_AZPOLICY:
+                       if (slap_sasl_setpolicy( c->argv[1] )) {
+                               Debug(LDAP_DEBUG_ANY, "%s: unable to parse value \"%s\" in"
+                                       " \"authz-policy <policy>\"\n",
+                                       c->log, c->argv[1], 0 );
+                               return(1);
+                       }
                        break;
-
-               case CFG_SASLOPT:
-                       /* XXX slap_sasl_config doesn't actually use the line argument */
-                       if(slap_sasl_config(c->argc, c->argv, c->line, c->fname, c->lineno))
+               
+               case CFG_AZREGEXP:
+                       if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
                                return(1);
                        break;
+                               
+#ifdef HAVE_CYRUS_SASL
+               case CFG_SASLSECP:
+                       {
+                       char *txt = slap_sasl_secprops( c->argv[1] );
+                       if ( txt ) {
+                               Debug(LDAP_DEBUG_ANY, "%s: sasl-secprops: %s\n",
+                                       c->log, txt, 0 );
+                               return(1);
+                       }
+                       break;
+                       }
+#endif
 
                case CFG_DEPTH:
                        c->be->be_max_deref_depth = c->value_int;
@@ -583,27 +1101,21 @@ config_generic(ConfigArgs *c) {
 
                case CFG_CHECK:
                        global_schemacheck = c->value_int;
-                       if(!global_schemacheck) Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       if(!global_schemacheck) Debug(LDAP_DEBUG_ANY, "%s: "
                                "schema checking disabled! your mileage may vary!\n",
-                               c->fname, c->lineno, 0);
+                               c->log, 0, 0);
                        break;
 
                case CFG_ACL:
                        parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv);
                        break;
 
-#if 0
-               case CFG_AUDITLOG:
-                       c->be->be_auditlogfile = c->value_string;
-                       break;
-#endif
-
                case CFG_REPLOG:
                        if(SLAP_MONITOR(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "\"replogfile\" should not be used "
                                        "inside monitor database\n",
-                                       c->fname, c->lineno, 0);
+                                       c->log, 0, 0);
                                return(0);      /* FIXME: should this be an error? */
                        }
 
@@ -612,11 +1124,16 @@ config_generic(ConfigArgs *c) {
 
                case CFG_ROOTDSE:
                        if(read_root_dse_file(c->argv[1])) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "could not read \"rootDSE <filename>\" line\n",
-                                       c->fname, c->lineno, 0);
+                                       c->log, 0, 0);
                                return(1);
                        }
+                       {
+                               struct berval bv;
+                               ber_str2bv( c->argv[1], 0, 1, &bv );
+                               ber_bvarray_add( &cfn->c_dseFiles, &bv );
+                       }
                        break;
 
                case CFG_LOGFILE: {
@@ -627,9 +1144,9 @@ config_generic(ConfigArgs *c) {
 
                case CFG_LASTMOD:
                        if(SLAP_NOLASTMODCMD(c->be)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "lastmod not available for %s databases\n",
-                                       c->fname, c->lineno, c->be->bd_info->bi_type);
+                                       c->log, c->be->bd_info->bi_type, 0);
                                return(1);
                        }
                        if(c->value_int)
@@ -638,14 +1155,55 @@ config_generic(ConfigArgs *c) {
                                SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
                        break;
 
+               case CFG_SSTR_IF_MAX:
+                       if (c->value_int < index_substr_if_minlen) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "invalid max value (%d)\n",
+                                       c->log, c->value_int, 0 );
+                               return(1);
+                       }
+                       index_substr_if_maxlen = c->value_int;
+                       break;
+
+               case CFG_SSTR_IF_MIN:
+                       if (c->value_int > index_substr_if_maxlen) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "invalid min value (%d)\n",
+                                       c->log, c->value_int, 0 );
+                               return(1);
+                       }
+                       index_substr_if_minlen = c->value_int;
+                       break;
+
 #ifdef SLAPD_MODULES
                case CFG_MODLOAD:
                        if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
                                return(1);
+                       /* Record this load on the current path */
+                       {
+                               struct berval bv;
+                               ber_str2bv(c->line, 0, 1, &bv);
+                               ber_bvarray_add( &cfn->c_modlast->mp_loads, &bv );
+                       }
                        break;
 
                case CFG_MODPATH:
                        if(module_path(c->argv[1])) return(1);
+                       /* Record which path was used with each module */
+                       {
+                               ModPaths *mp;
+
+                               if (!cfn->c_modpaths.mp_loads)
+                                       mp = &cfn->c_modpaths;
+                               else
+                                       mp = ch_malloc( sizeof( ModPaths ));
+                               ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
+                               mp->mp_next = NULL;
+                               mp->mp_loads = NULL;
+                               cfn->c_modlast->mp_next = mp;
+                               cfn->c_modlast = mp;
+                       }
+                       
                        break;
 #endif
 
@@ -666,97 +1224,122 @@ config_generic(ConfigArgs *c) {
 
 
                default:
-                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: unknown CFG_TYPE %d"
-                               "(ignored)\n", c->fname, c->lineno, c->type);
+                       Debug(LDAP_DEBUG_ANY, "%s: unknown CFG_TYPE %d"
+                               "(ignored)\n", c->log, c->type, 0);
 
        }
        return(0);
 }
 
 
-int
+static int
+config_fname(ConfigArgs *c) {
+       if(c->emit && c->line) {
+               ConfigFile *cf = (ConfigFile *)c->line;
+               c->value_string = cf->c_file.bv_val;
+               return 0;
+       }
+       return(1);
+}
+
+static int
 config_search_base(ConfigArgs *c) {
        struct berval dn;
-       int rc;
-       if(c->bi || c->be) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: defaultSearchBase line must appear "
+
+       if(c->emit) {
+               int rc = 1;
+               if (!BER_BVISEMPTY(&default_search_base)) {
+                       ber_bvarray_add(&c->rvalue_vals, &default_search_base);
+                       ber_bvarray_add(&c->rvalue_nvals, &default_search_nbase);
+                       rc = 0;
+               }
+               return rc;
+       }
+
+       if(c->bi || c->be != frontendDB) {
+               Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
                        "prior to any backend or database definition\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        }
 
        if(default_search_nbase.bv_len) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "default search base \"%s\" already defined "
                        "(discarding old)\n",
-                       c->fname, c->lineno, default_search_base.bv_val);
+                       c->log, default_search_base.bv_val, 0);
                free(default_search_base.bv_val);
                free(default_search_nbase.bv_val);
        }
 
-       ber_str2bv(c->argv[1], 0, 1, &dn);
-       rc = dnPrettyNormal(NULL, &dn, &default_search_base, &default_search_nbase, NULL);
-
-       if(rc != LDAP_SUCCESS) {
-               Debug(LDAP_DEBUG_ANY,
-                       "%s: line %lu: defaultSearchBase DN is invalid\n",
-                       c->fname, c->lineno, 0 );
-               return(1);
-       }
+       default_search_base = c->value_dn;
+       default_search_nbase = c->value_ndn;
        return(0);
 }
 
-int
+static int
 config_passwd_hash(ConfigArgs *c) {
        int i;
+       if (c->emit) {
+               struct berval bv;
+               for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
+                       ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
+                       ber_bvarray_add(&c->rvalue_vals, &bv);
+               }
+               return i ? 0 : 1;
+       }
        if(default_passwd_hash) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "already set default password_hash\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        }
        for(i = 1; i < c->argc; i++) {
                if(!lutil_passwd_scheme(c->argv[i])) {
-                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       Debug(LDAP_DEBUG_ANY, "%s: "
                                "password scheme \"%s\" not available\n",
-                               c->fname, c->lineno, c->argv[i] );
+                               c->log, c->argv[i], 0);
                } else {
                        ldap_charray_add(&default_passwd_hash, c->argv[i]);
                }
                if(!default_passwd_hash) {
-                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: no valid hashes found\n",
-                               c->fname, c->lineno, 0 );
+                       Debug(LDAP_DEBUG_ANY, "%s: no valid hashes found\n",
+                               c->log, 0, 0 );
                        return(1);
                }
        }
        return(0);
 }
 
-int
+static int
 config_schema_dn(ConfigArgs *c) {
        struct berval dn;
        int rc;
-       ber_str2bv(c->argv[1], 0, 1, &dn);
-       rc = dnPrettyNormal(NULL, &dn, &c->be->be_schemadn, &c->be->be_schemandn, NULL);
-       if(rc != LDAP_SUCCESS) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                       "schema DN is invalid\n", c->fname, c->lineno, 0);
-               return(1);
+       if ( c->emit ) {
+               ber_bvarray_add(&c->rvalue_vals, &c->be->be_schemadn);
+               ber_bvarray_add(&c->rvalue_nvals, &c->be->be_schemandn);
+               return 0;
        }
+       c->be->be_schemadn = c->value_dn;
+       c->be->be_schemandn = c->value_ndn;
        return(0);
 }
 
-int
+static int
 config_sizelimit(ConfigArgs *c) {
        int i, rc = 0;
        char *next;
        struct slap_limits_set *lim = &c->be->be_def_limit;
+       if (c->emit) {
+               return 1;
+       }
        for(i = 1; i < c->argc; i++) {
                if(!strncasecmp(c->argv[i], "size", 4)) {
-                       if(rc = limits_parse_one(c->argv[i], lim)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       rc = limits_parse_one(c->argv[i], lim);
+                       if ( rc ) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "unable to parse value \"%s\" in \"sizelimit <limit>\" line\n",
-                                       c->fname, c->lineno, c->argv[i]);
+                                       c->log, c->argv[i], 0);
                                return(1);
                        }
                } else {
@@ -765,14 +1348,14 @@ config_sizelimit(ConfigArgs *c) {
                        } else {
                                lim->lms_s_soft = strtol(c->argv[i], &next, 0);
                                if(next == c->argv[i]) {
-                                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_ANY, "%s: "
                                                "unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
-                                               c->fname, c->lineno, c->argv[i]);
+                                               c->log, c->argv[i], 0);
                                        return(1);
                                } else if(next[0] != '\0') {
-                                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_ANY, "%s: "
                                                "trailing chars \"%s\" in \"sizelimit <limit>\" line (ignored)\n",
-                                               c->fname, c->lineno, next);
+                                               c->log, next, 0);
                                }
                        }
                        lim->lms_s_hard = 0;
@@ -781,17 +1364,21 @@ config_sizelimit(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_timelimit(ConfigArgs *c) {
        int i, rc = 0;
        char *next;
        struct slap_limits_set *lim = &c->be->be_def_limit;
+       if (c->emit) {
+               return 1;
+       }
        for(i = 1; i < c->argc; i++) {
                if(!strncasecmp(c->argv[i], "time", 4)) {
-                       if(rc = limits_parse_one(c->argv[i], lim)) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       rc = limits_parse_one(c->argv[i], lim);
+                       if ( rc ) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "unable to parse value \"%s\" in \"timelimit <limit>\" line\n",
-                                       c->fname, c->lineno, c->argv[i]);
+                                       c->log, c->argv[i], 0);
                                return(1);
                        }
                } else {
@@ -800,14 +1387,14 @@ config_timelimit(ConfigArgs *c) {
                        } else {
                                lim->lms_t_soft = strtol(c->argv[i], &next, 0);
                                if(next == c->argv[i]) {
-                                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_ANY, "%s: "
                                                "unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
-                                               c->fname, c->lineno, c->argv[i]);
+                                               c->log, c->argv[i], 0);
                                        return(1);
                                } else if(next[0] != '\0') {
-                                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_ANY, "%s: "
                                                "trailing chars \"%s\" in \"timelimit <limit>\" line (ignored)\n",
-                                               c->fname, c->lineno, next);
+                                               c->log, next, 0);
                                }
                        }
                        lim->lms_t_hard = 0;
@@ -816,90 +1403,98 @@ config_timelimit(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_overlay(ConfigArgs *c) {
+       if (c->emit) {
+               return 1;
+       }
        if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
                /* log error */
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: (optional) %s",
-                       c->fname, c->lineno, c->be == frontendDB ? "global " : "");
-               Debug(LDAP_DEBUG_ANY, "overlay \"%s\" configuration "
-                       "failed (ignored)\n", c->argv[1][1], 0, 0);
+               Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed (ignored)\n",
+                       c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
        } else if(overlay_config(c->be, c->argv[1])) {
                return(1);
        }
        return(0);
 }
 
-int
+static int
 config_suffix(ConfigArgs *c) {
        Backend *tbe;
-       struct berval dn, pdn, ndn;
+       struct berval pdn, ndn;
        int rc;
+       if (c->emit) {
+               int i;
+               for (i=0; !BER_BVISNULL(&c->be->be_suffix[i]); i++) {
+                       ber_bvarray_add(&c->rvalue_vals, &c->be->be_suffix[i]);
+                       ber_bvarray_add(&c->rvalue_nvals, &c->be->be_nsuffix[i]);
+               }
+               return i ? 0 : 1;
+       }
 #ifdef SLAPD_MONITOR_DN
        if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                       "%s\" is reserved for monitoring slapd\n",
-                       c->fname, c->lineno, SLAPD_MONITOR_DN);
+               Debug(LDAP_DEBUG_ANY, "%s: "
+                       "\"%s\" is reserved for monitoring slapd\n",
+                       c->log, SLAPD_MONITOR_DN, 0);
                return(1);
        }
 #endif
-       ber_str2bv(c->argv[1], 0, 1, &dn);
 
-       rc = dnPrettyNormal(NULL, &dn, &pdn, &ndn, NULL);
-       if(rc != LDAP_SUCCESS) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: suffix DN is invalid\n",
-                       c->fname, c->lineno, 0);
-               return(1);
-       }
+       pdn = c->value_dn;
+       ndn = c->value_ndn;
        tbe = select_backend(&ndn, 0, 0);
        if(tbe == c->be) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: suffix already served by this backend! (ignored)\n",
-                       c->fname, c->lineno, 0);
+               Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend! (ignored)\n",
+                       c->log, 0, 0);
                free(pdn.bv_val);
                free(ndn.bv_val);
        } else if(tbe) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: suffix already served by a preceding backend \"%s\"\n",
-                       c->fname, c->lineno, tbe->be_suffix[0].bv_val);
+               Debug(LDAP_DEBUG_ANY, "%s: suffix already served by a preceding backend \"%s\"\n",
+                       c->log, tbe->be_suffix[0].bv_val, 0);
                free(pdn.bv_val);
                free(ndn.bv_val);
                return(1);
        } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: suffix DN empty and default search "
+               Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
                        "base provided \"%s\" (assuming okay)\n",
-                       c->fname, c->lineno, default_search_base.bv_val);
+                       c->log, default_search_base.bv_val, 0);
        }
        ber_bvarray_add(&c->be->be_suffix, &pdn);
        ber_bvarray_add(&c->be->be_nsuffix, &ndn);
        return(0);
 }
 
-int
+static int
 config_rootdn(ConfigArgs *c) {
-       struct berval dn;
-       int rc;
-
-       ber_str2bv(c->argv[1], 0, 1, &dn);
-
-       rc = dnPrettyNormal(NULL, &dn, &c->be->be_rootdn, &c->be->be_rootndn, NULL);
-
-       if(rc != LDAP_SUCCESS) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                       "rootdn DN is invalid\n", c->fname, c->lineno, 0);
-               return(1);
+       if (c->emit) {
+               ber_bvarray_add(&c->rvalue_vals, &c->be->be_rootdn);
+               ber_bvarray_add(&c->rvalue_nvals, &c->be->be_rootndn);
+               return 0;
        }
+       c->be->be_rootdn = c->value_dn;
+       c->be->be_rootndn = c->value_ndn;
        return(0);
 }
 
-int
+static int
 config_rootpw(ConfigArgs *c) {
-       Backend *tbe = select_backend(&c->be->be_rootndn, 0, 0);
+       Backend *tbe;
+       if (c->emit) {
+               if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
+                       c->value_string="*";
+                       return 0;
+               }
+               return 1;
+       }
+
+       tbe = select_backend(&c->be->be_rootndn, 0, 0);
        if(tbe != c->be) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "rootpw can only be set when rootdn is under suffix\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        }
-       ber_str2bv(c->argv[1], 0, 1, &c->be->be_rootpw);
+       ber_str2bv(c->value_string, 0, 0, &c->be->be_rootpw);
        return(0);
 }
 
@@ -927,7 +1522,7 @@ verbs_to_mask(ConfigArgs *c, struct verb_mask_list *v, slap_mask_t *m) {
        return(0);
 }
 
-int
+static int
 config_restrict(ConfigArgs *c) {
        slap_mask_t restrictops = 0;
        int i, j;
@@ -952,6 +1547,9 @@ config_restrict(ConfigArgs *c) {
                { NULL, 0 }
        };
 
+       if (c->emit) {
+               return 1;
+       }
        for(i = 1; i < c->argc; i++) {
                j = verb_to_mask(c, restrictable_ops, i);
                if(restrictable_ops[j].word) {
@@ -975,13 +1573,13 @@ config_restrict(ConfigArgs *c) {
                c->be->be_restrictops |= restrictops;
                return(0);
        }
-       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+       Debug(LDAP_DEBUG_ANY, "%s: "
                "unknown operation %s in \"restrict <features>\" line\n",
-               c->fname, c->lineno, c->argv[i]);
+               c->log, c->argv[i], 0);
        return(1);
 }
 
-int
+static int
 config_allows(ConfigArgs *c) {
        slap_mask_t allows = 0;
        int i;
@@ -992,17 +1590,21 @@ config_allows(ConfigArgs *c) {
                { "update_anon",        SLAP_ALLOW_UPDATE_ANON },
                { NULL, 0 }
        };
-       if(i = verbs_to_mask(c, allowable_ops, &allows)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+       if (c->emit) {
+               return 1;
+       }
+       i = verbs_to_mask(c, allowable_ops, &allows);
+       if ( i ) {
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "unknown feature %s in \"allow <features>\" line\n",
-                       c->fname, c->lineno, c->argv[i]);
+                       c->log, c->argv[i], 0);
                return(1);
        }
        global_allows |= allows;
        return(0);
 }
 
-int
+static int
 config_disallows(ConfigArgs *c) {
        slap_mask_t disallows = 0;
        int i;
@@ -1014,17 +1616,21 @@ config_disallows(ConfigArgs *c) {
                { "tls_authc",          SLAP_DISALLOW_TLS_AUTHC },
                { NULL, 0 }
        };
-       if(i = verbs_to_mask(c, disallowable_ops, &disallows)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+       if (c->emit) {
+               return 1;
+       }
+       i = verbs_to_mask(c, disallowable_ops, &disallows);
+       if ( i ) {
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "unknown feature %s in \"disallow <features>\" line\n",
-                       c->fname, c->lineno, c->argv[i]);
+                       c->log, c->argv[i], 0);
                return(1);
        }
        global_disallows |= disallows;
        return(0);
 }
 
-int
+static int
 config_requires(ConfigArgs *c) {
        slap_mask_t requires = 0;
        int i;
@@ -1036,17 +1642,21 @@ config_requires(ConfigArgs *c) {
                { "strong",             SLAP_REQUIRE_STRONG },
                { NULL, 0 }
        };
-       if(i = verbs_to_mask(c, requires_ops, &requires)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+       if (c->emit) {
+               return 1;
+       }
+       i = verbs_to_mask(c, requires_ops, &requires);
+       if ( i ) {
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "unknown feature %s in \"require <features>\" line\n",
-                       c->fname, c->lineno, c->argv[i]);
+                       c->log, c->argv[i], 0);
                return(1);
        }
        c->be->be_requires = requires;
        return(0);
 }
 
-int
+static int
 config_loglevel(ConfigArgs *c) {
        int i;
        char *next;
@@ -1070,6 +1680,10 @@ config_loglevel(ConfigArgs *c) {
        };
        ldap_syslog = 0;
 
+       if (c->emit) {
+               return 1;
+       }
+
        for( i=1; i < c->argc; i++ ) {
                int     level;
 
@@ -1077,18 +1691,18 @@ config_loglevel(ConfigArgs *c) {
                        level = strtol( c->argv[i], &next, 10 );
                        if ( next == NULL || next[0] != '\0' ) {
                                Debug( LDAP_DEBUG_ANY,
-                                       "%s: line %lu: unable to parse level \"%s\" "
+                                       "%s: unable to parse level \"%s\" "
                                        "in \"loglevel <level> [...]\" line.\n",
-                                       c->fname, c->lineno , c->argv[i] );
+                                       c->log, c->argv[i], 0);
                                return( 1 );
                        }
                } else {
                        int j = verb_to_mask(c, loglevel_ops, c->argv[i][0]);
                        if(!loglevel_ops[j].word) {
                                Debug( LDAP_DEBUG_ANY,
-                                       "%s: line %lu: unknown level \"%s\" "
+                                       "%s: unknown level \"%s\" "
                                        "in \"loglevel <level> [...]\" line.\n",
-                                       c->fname, c->lineno , c->argv[i] );
+                                       c->log, c->argv[i], 0);
                                return( 1 );
                        }
                        level = loglevel_ops[j].mask;
@@ -1098,12 +1712,15 @@ config_loglevel(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_syncrepl(ConfigArgs *c) {
+       if (c->emit) {
+               return 1;
+       }
        if(SLAP_SHADOW(c->be)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "syncrepl: database already shadowed.\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        } else if(add_syncrepl(c->be, c->argv, c->argc)) {
                return(1);
@@ -1112,13 +1729,16 @@ config_syncrepl(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_referral(ConfigArgs *c) {
        struct berval vals[2];
+       if (c->emit) {
+               return 1;
+       }
        if(validate_global_referral(c->argv[1])) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "invalid URL (%s) in \"referral\" line.\n",
-                       c->fname, c->lineno, c->argv[1] );
+                       c->log, c->argv[1], 0);
                return(1);
        }
 
@@ -1128,11 +1748,14 @@ config_referral(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_security(ConfigArgs *c) {
        slap_ssf_set_t *set = &c->be->be_ssf_set;
        char *next;
        int i;
+       if (c->emit) {
+               return 1;
+       }
        for(i = 1; i < c->argc; i++) {
                slap_ssf_t *tgt;
                char *src;
@@ -1164,51 +1787,56 @@ config_security(ConfigArgs *c) {
                        tgt = &set->sss_simple_bind;
                        src = &c->argv[i][12];
                } else {
-                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       Debug(LDAP_DEBUG_ANY, "%s: "
                                "unknown factor %s in \"security <factors>\" line\n",
-                               c->fname, c->lineno, c->argv[i]);
+                               c->log, c->argv[i], 0);
                        return(1);
                }
 
                *tgt = strtol(src, &next, 10);
                if(next == NULL || next[0] != '\0' ) {
-                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                       Debug(LDAP_DEBUG_ANY, "%s: "
                                "unable to parse factor \"%s\" in \"security <factors>\" line\n",
-                               c->fname, c->lineno, c->argv[i]);
+                               c->log, c->argv[i], 0);
                        return(1);
                }
        }
        return(0);
 }
 
-int
+static int
 config_replica(ConfigArgs *c) {
        int i, nr = -1;
-       char *replicahost;
+       char *replicahost, *replicalog = NULL;
        LDAPURLDesc *ludp;
 
+       if (c->emit) {
+               return 1;
+       }
        if(SLAP_MONITOR(c->be)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "\"replica\" should not be used inside monitor database\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(0);      /* FIXME: should this be an error? */
        }
 
        for(i = 1; i < c->argc; i++) {
-               if(!strncasecmp(c->argv[i], "host=", 5)) {
-                       nr = add_replica_info(c->be, c->argv[i] + 5);
+               if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
+                       replicalog = c->argv[i] + STRLENOF("host=");
+                       nr = add_replica_info(c->be, c->argv[i] + STRLENOF("host="));
                        break;
-               } else if(!strncasecmp(c->argv[i], "uri=", 4)) {
-                       if(ldap_url_parse(c->argv[i] + 4, &ludp) != LDAP_SUCCESS) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
+                       if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "replica line contains invalid "
-                                       "uri definition.\n", c->fname, c->lineno, 0);
+                                       "uri definition.\n", c->log, 0, 0);
                                return(1);
                        }
                        if(!ludp->lud_host) {
-                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                               Debug(LDAP_DEBUG_ANY, "%s: "
                                        "replica line contains invalid "
-                                       "uri definition - missing hostname.\n", c->fname, c->lineno, 0);
+                                       "uri definition - missing hostname.\n",
+                                       c->log, 0, 0);
                                return(1);
                        }
                        replicahost = ch_malloc(strlen(c->argv[i]));
@@ -1219,6 +1847,7 @@ config_replica(ConfigArgs *c) {
                                exit(EXIT_FAILURE);
                        }
                        sprintf(replicahost, "%s:%d", ludp->lud_host, ludp->lud_port);
+                       replicalog = c->argv[i] + STRLENOF("uri=");
                        nr = add_replica_info(c->be, replicahost);
                        ldap_free_urldesc(ludp);
                        ch_free(replicahost);
@@ -1226,34 +1855,34 @@ config_replica(ConfigArgs *c) {
                }
        }
        if(i == c->argc) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "missing host or uri in \"replica\" line\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        } else if(nr == -1) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "unable to add replica \"%s\"\n",
-                       c->fname, c->lineno, c->argv[i] + 5);
+                       c->log, replicalog, 0);
                return(1);
        } else {
                for(i = 1; i < c->argc; i++) {
-                       if(!strncasecmp(c->argv[i], "suffix=", 7)) {
-                               switch(add_replica_suffix(c->be, nr, c->argv[i] + 7)) {
+                       if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
+                               switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
                                        case 1:
-                                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                               Debug(LDAP_DEBUG_ANY, "%s: "
                                                "suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
-                                               c->fname, c->lineno, c->argv[i] + 7);
+                                               c->log, c->argv[i] + STRLENOF("suffix="), 0);
                                                break;
                                        case 2:
-                                               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                               Debug(LDAP_DEBUG_ANY, "%s: "
                                                "unable to normalize suffix in \"replica\" line (ignored)\n",
-                                               c->fname, c->lineno, 0);
+                                               c->log, 0, 0);
                                                break;
                                }
 
-                       } else if(!strncasecmp(c->argv[i], "attr", 4)) {
+                       } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
                                int exclude = 0;
-                               char *arg = c->argv[i] + 4;
+                               char *arg = c->argv[i] + STRLENOF("attr");
                                if(arg[0] == '!') {
                                        arg++;
                                        exclude = 1;
@@ -1262,9 +1891,9 @@ config_replica(ConfigArgs *c) {
                                        continue;
                                }
                                if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
-                                       Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+                                       Debug(LDAP_DEBUG_ANY, "%s: "
                                                "attribute \"%s\" in \"replica\" line is unknown\n",
-                                               c->fname, c->lineno, arg + 1);
+                                               c->log, arg + 1, 0);
                                        return(1);
                                }
                        }
@@ -1273,14 +1902,22 @@ config_replica(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_updatedn(ConfigArgs *c) {
        struct berval dn;
        int rc;
+       if (c->emit) {
+               if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
+                       ber_bvarray_add(&c->rvalue_vals, &c->be->be_update_ndn);
+                       ber_bvarray_add(&c->rvalue_nvals, &c->be->be_update_ndn);
+                       return 0;
+               }
+               return 1;
+       }
        if(SLAP_SHADOW(c->be)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "updatedn: database already shadowed.\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        }
 
@@ -1289,8 +1926,9 @@ config_updatedn(ConfigArgs *c) {
        rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
 
        if(rc != LDAP_SUCCESS) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
-                       "updatedn DN is invalid\n", c->fname, c->lineno, 0);
+               Debug(LDAP_DEBUG_ANY, "%s: "
+                       "updatedn DN is invalid: %d (%s)\n",
+                       c->log, rc, ldap_err2string( rc ));
                return(1);
        }
 
@@ -1298,20 +1936,23 @@ config_updatedn(ConfigArgs *c) {
        return(0);
 }
 
-int
+static int
 config_updateref(ConfigArgs *c) {
        struct berval vals[2];
+       if (c->emit) {
+               return 1;
+       }
        if(!SLAP_SHADOW(c->be)) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "updateref line must after syncrepl or updatedn.\n",
-                       c->fname, c->lineno, 0);
+                       c->log, 0, 0);
                return(1);
        }
 
        if(validate_global_referral(c->argv[1])) {
-               Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               Debug(LDAP_DEBUG_ANY, "%s: "
                        "invalid URL (%s) in \"updateref\" line.\n",
-                       c->fname, c->lineno, c->argv[1]);
+                       c->log, c->argv[1], 0);
                return(1);
        }
        ber_str2bv(c->argv[1], 0, 0, &vals[0]);
@@ -1322,41 +1963,64 @@ config_updateref(ConfigArgs *c) {
 
 /* XXX meaningless in ldif */
 
-int
+static int
 config_include(ConfigArgs *c) {
-       char *savefname = ch_strdup(c->argv[1]);
        unsigned long savelineno = c->lineno;
        int rc;
-       rc = read_config_file(savefname, c->depth + 1, c);
-       free(savefname);
+       ConfigFile *cf = ch_calloc( 1, sizeof(ConfigFile));
+       ConfigFile *cfsave = cfn;
+       ConfigFile *cf2 = NULL;
+       if (c->emit) {
+               return 1;
+       }
+       if ( cfn->c_kids ) {
+               for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
+               cf2->c_sibs = cf;
+       } else {
+               cfn->c_kids = cf;
+       }
+       cfn = cf;
+       rc = read_config_file(c->argv[1], c->depth + 1, c);
        c->lineno = savelineno - 1;
+       cfn = cfsave;
+       if ( rc ) {
+               if ( cf2 ) cf2->c_sibs = NULL;
+               else cfn->c_kids = NULL;
+               ch_free( cf );
+       }
        return(rc);
 }
 
 #ifdef HAVE_TLS
-int
+static int
 config_tls_option(ConfigArgs *c) {
        int flag;
+       if (c->emit) {
+               return 1;
+       }
        switch(c->type) {
-               CFG_TLS_RAND:           flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
-               CFG_TLS_CIPHER:         flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
-               CFG_TLS_CERT_FILE:      flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
-               CFG_TLS_CERT_KEY:       flag = LDAP_OPT_X_TLS_KEYFILE;          break;
-               CFG_TLS_CERT_PATH:      flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
-               CFG_TLS_CA_FILE:        flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
+       case CFG_TLS_RAND:              flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
+       case CFG_TLS_CIPHER:            flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
+       case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
+       case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
+       case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
+       case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
 #ifdef HAVE_OPENSSL_CRL
-               CFG_TLS_CRLCHECK:       flag = LDAP_OPT_X_TLS_CRLCHECK;         break;
+       case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         break;
 #endif
-               default:                Debug(LDAP_DEBUG_ANY, "%s: line %lu: "
+               default:                Debug(LDAP_DEBUG_ANY, "%s: "
                                                "unknown tls_option <%x>\n",
-                                               c->fname, c->lineno, c->type);
+                                               c->log, c->type, 0);
        }
        return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
 }
 
-int
+static int
 config_tls_verify(ConfigArgs *c) {
        int i;
+       if (c->emit) {
+               return 1;
+       }
        if(isdigit((unsigned char)c->argv[1][0])) {
                i = atoi(c->argv[1]);
                return(ldap_pvt_tls_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i));
@@ -1446,7 +2110,7 @@ fp_getline_init(ConfigArgs *c) {
 }
 
 static int
-fp_getline(FILE *fp, ConfigArgs *c)
+fp_getline( FILE *fp, ConfigArgs *c )
 {
        char    *p;
 
@@ -1455,24 +2119,33 @@ fp_getline(FILE *fp, ConfigArgs *c)
        c->lineno++;
 
        /* avoid stack of bufs */
-       if(strncasecmp(line, "include", 7) == 0) {
+       if ( strncasecmp( line, "include", STRLENOF( "include" ) ) == 0 ) {
                buf[0] = '\0';
                c->line = line;
                return(1);
        }
 
-       while(fgets(buf, sizeof(buf), fp)) {
-               if(p = strchr(buf, '\n')) {
-                       if(p > buf && p[-1] == '\r') --p;
+       while ( fgets( buf, sizeof( buf ), fp ) ) {
+               p = strchr( buf, '\n' );
+               if ( p ) {
+                       if ( p > buf && p[-1] == '\r' ) {
+                               --p;
+                       }
                        *p = '\0';
                }
                /* XXX ugly */
                c->line = line;
-               if(line[0] && (p = line + strlen(line) - 1)[0] == '\\' && p[-1] != '\\' ) {
+               if ( line[0]
+                               && ( p = line + strlen( line ) - 1 )[0] == '\\'
+                               && p[-1] != '\\' )
+               {
                        p[0] = '\0';
                        lcur--;
+                       
                } else {
-                       if(!isspace((unsigned char)buf[0])) return(1);
+                       if ( !isspace( (unsigned char)buf[0] ) ) {
+                               return(1);
+                       }
                        buf[0] = ' ';
                }
                CATLINE(buf);
@@ -1489,7 +2162,6 @@ fp_parse_line(ConfigArgs *c)
 {
        char *token;
        char *tline = ch_strdup(c->line);
-       char logbuf[STRLENOF("pseudorootpw ***")]; /* longest secret */
        char *hide[] = { "rootpw", "replica", "bindpw", "pseudorootpw", "dbpasswd", '\0' };
        int i;
 
@@ -1577,9 +2249,7 @@ add_syncrepl(
 )
 {
        syncinfo_t *si;
-       syncinfo_t *si_entry;
        int     rc = 0;
-       int duplicated_replica_id = 0;
 
        si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
 
@@ -1589,9 +2259,6 @@ add_syncrepl(
        }
 
        si->si_tls = SYNCINFO_TLS_OFF;
-       if ( be->be_rootndn.bv_val ) {
-               ber_dupbv( &si->si_updatedn, &be->be_rootndn );
-       }
        si->si_bindmethod = LDAP_AUTH_SIMPLE;
        si->si_schemachecking = 0;
        ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
@@ -1610,40 +2277,30 @@ add_syncrepl(
        si->si_retryinterval = NULL;
        si->si_retrynum_init = NULL;
        si->si_retrynum = NULL;
-       si->si_syncCookie.ctxcsn = NULL;
-       si->si_syncCookie.octet_str = NULL;
-       si->si_syncCookie.sid = -1;
        si->si_manageDSAit = 0;
        si->si_tlimit = 0;
        si->si_slimit = 0;
 
        si->si_presentlist = NULL;
        LDAP_LIST_INIT( &si->si_nonpresentlist );
+       ldap_pvt_thread_mutex_init( &si->si_mutex );
 
        rc = parse_syncrepl_line( cargv, cargc, si );
 
-       LDAP_STAILQ_FOREACH( si_entry, &be->be_syncinfo, si_next ) {
-               if ( si->si_rid == si_entry->si_rid ) {
-                       Debug( LDAP_DEBUG_ANY,
-                               "add_syncrepl: duplicated replica id\n",0, 0, 0 );
-                       duplicated_replica_id = 1;
-                       break;
-               }
-       }
-
-       if ( rc < 0 || duplicated_replica_id ) {
+       if ( rc < 0 ) {
                Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
                syncinfo_free( si );    
                return 1;
        } else {
                Debug( LDAP_DEBUG_CONFIG,
                        "Config: ** successfully added syncrepl \"%s\"\n",
-                       si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 );
+                       BER_BVISNULL( &si->si_provideruri ) ?
+                       "(null)" : si->si_provideruri.bv_val, 0, 0 );
                if ( !si->si_schemachecking ) {
                        SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
                }
                si->si_be = be;
-               LDAP_STAILQ_INSERT_TAIL( &be->be_syncinfo, si, si_next );
+               be->be_syncinfo = si;
                return 0;
        }
 }
@@ -1661,7 +2318,6 @@ add_syncrepl(
 #define SLIMITSTR              "sizelimit"
 #define TLIMITSTR              "timelimit"
 #define SCHEMASTR              "schemachecking"
-#define UPDATEDNSTR            "updatedn"
 #define BINDMETHSTR            "bindmethod"
 #define SIMPLESTR                      "simple"
 #define SASLSTR                                "sasl"
@@ -1688,6 +2344,7 @@ add_syncrepl(
 #define LMREQSTR               "req"
 #define SRVTABSTR              "srvtab"
 #define SUFFIXSTR              "suffix"
+#define UPDATEDNSTR            "updatedn"
 
 /* mandatory */
 #define GOT_ID                 0x0001
@@ -1705,9 +2362,8 @@ parse_syncrepl_line(
 )
 {
        int     gots = 0;
-       int     i, j;
-       char    *hp, *val;
-       int     nr_attr = 0;
+       int     i;
+       char    *val;
 
        for ( i = 1; i < cargc; i++ ) {
                if ( !strncasecmp( cargv[ i ], IDSTR "=",
@@ -1728,13 +2384,7 @@ parse_syncrepl_line(
                                        STRLENOF( PROVIDERSTR "=" ) ) )
                {
                        val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" );
-                       si->si_provideruri = ch_strdup( val );
-                       si->si_provideruri_bv = (BerVarray)
-                               ch_calloc( 2, sizeof( struct berval ));
-                       ber_str2bv( si->si_provideruri, strlen( si->si_provideruri ),
-                               1, &si->si_provideruri_bv[0] );
-                       si->si_provideruri_bv[1].bv_len = 0;
-                       si->si_provideruri_bv[1].bv_val = NULL;
+                       ber_str2bv( val, 0, 1, &si->si_provideruri );
                        gots |= GOT_PROVIDER;
                } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=",
                                        STRLENOF(STARTTLSSTR "=") ) )
@@ -1745,15 +2395,6 @@ parse_syncrepl_line(
                        } else {
                                si->si_tls = SYNCINFO_TLS_ON;
                        }
-               } else if ( !strncasecmp( cargv[ i ], UPDATEDNSTR "=",
-                                       STRLENOF( UPDATEDNSTR "=" ) ) )
-               {
-                       struct berval updatedn = BER_BVNULL;
-
-                       val = cargv[ i ] + STRLENOF( UPDATEDNSTR "=" );
-                       ber_str2bv( val, 0, 0, &updatedn );
-                       ch_free( si->si_updatedn.bv_val );
-                       dnNormalize( 0, NULL, NULL, &updatedn, &si->si_updatedn, NULL );
                } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=",
                                STRLENOF( BINDMETHSTR "=" ) ) )
                {
@@ -1837,14 +2478,18 @@ parse_syncrepl_line(
                } else if ( !strncasecmp( cargv[ i ], SEARCHBASESTR "=",
                                        STRLENOF( SEARCHBASESTR "=" ) ) )
                {
-                       struct berval bv;
+                       struct berval   bv;
+                       int             rc;
+
                        val = cargv[ i ] + STRLENOF( SEARCHBASESTR "=" );
                        if ( si->si_base.bv_val ) {
                                ch_free( si->si_base.bv_val );
                        }
                        ber_str2bv( val, 0, 0, &bv );
-                       if ( dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL )) {
-                               fprintf( stderr, "Invalid base DN \"%s\"\n", val );
+                       rc = dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL );
+                       if ( rc != LDAP_SUCCESS ) {
+                               fprintf( stderr, "Invalid base DN \"%s\": %d (%s)\n",
+                                       val, rc, ldap_err2string( rc ) );
                                return -1;
                        }
                } else if ( !strncasecmp( cargv[ i ], SCOPESTR "=",
@@ -1923,7 +2568,6 @@ parse_syncrepl_line(
                                }
                                ch_free( attr_fname );
                        } else {
-                               int j;
                                si->si_exanlist = str2anlist( si->si_exanlist, val, " ,\t" );
                                if ( si->si_exanlist == NULL ) {
                                        return -1;
@@ -2004,7 +2648,6 @@ parse_syncrepl_line(
                } else if ( !strncasecmp( cargv[ i ], RETRYSTR "=",
                                        STRLENOF( RETRYSTR "=" ) ) )
                {
-                       char *str;
                        char **retry_list;
                        int j, k, n;
 
@@ -2086,7 +2729,6 @@ slap_str2clist( char ***out, char *in, const char *brkstr )
        char    *s;
        char    *lasts;
        int     i, j;
-       const char *text;
        char    **new;
 
        /* find last element in list */
Cloned from git://git.openldap.org/openldap.git