X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmain.c;h=fa008ee2cff64d22bd77aa1d9b08ab38746e3e14;hb=7fe91339dfd08d6c4168c8493f5c1f0faca6ba54;hp=86b61dd0e254df0555173c3e5f3174fc77ba3e16;hpb=d92e8ad1f75162cb8895af511c237bf5edcf0ea1;p=openldap diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 86b61dd0e2..fa008ee2cf 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -736,6 +736,13 @@ unhandled_option:; SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); goto destroy; } + /* Library defaults to full certificate checking. This is correct when + * a client is verifying a server because all servers should have a + * valid cert. But few clients have valid certs, so we want our default + * to be no checking. The config file can override this as usual. + */ + rc = LDAP_OPT_X_TLS_NEVER; + (void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); #endif rc = slap_init( serverMode, serverName ); @@ -785,7 +792,7 @@ unhandled_option:; } } - if ( glue_sub_attach( ) != 0 ) { + if ( glue_sub_attach( 0 ) != 0 ) { Debug( LDAP_DEBUG_ANY, "subordinate config error\n", 0, 0, 0 ); @@ -832,6 +839,12 @@ unhandled_option:; } #endif +#ifdef HAVE_CYRUS_SASL + if( sasl_host == NULL ) { + sasl_host = ch_strdup( global_host ); + } +#endif + (void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake ); (void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown ); @@ -916,6 +929,8 @@ unhandled_option:; */ time( &starttime ); + connections_init(); + if ( slap_startup( NULL ) != 0 ) { rc = 1; SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 ); @@ -1015,6 +1030,8 @@ stop: ch_free( configdir ); if ( urls ) ch_free( urls ); + if ( global_host ) + ch_free( global_host ); /* kludge, get symbols referenced */ tavl_free( NULL, NULL );