X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapi%2Fslapi_utils.c;h=f1e2b4e73a6dc506c671ef35c326e5f18850d6c2;hb=2f5e17d056f5c8d0722419841eedc67c05993595;hp=2f49c05555653e1f950bac8d618939c21d3304a3;hpb=9184d038ead9aeabff5b7c0bb2ed0d1e6bc95c8c;p=openldap
diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c
index 2f49c05555..f1e2b4e73a 100644
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@@ -1,20 +1,23 @@
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/*
- * (C) Copyright IBM Corp. 1997,2002
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and that due credit is
- * given to IBM Corporation. This software is provided ``as is''
- * without express or implied warranty.
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
*/
-/*
- * Portions (C) Copyright PADL Software Pty Ltd. 2003
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and that due credit is
- * given to PADL Software Pty Ltd. This software is provided ``as is''
- * without express or implied warranty.
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by IBM Corporation for use in
+ * IBM products and subsequently ported to OpenLDAP Software by
+ * Steve Omrani. Additional significant contributors include:
+ * Luke Howard
*/
#include "portable.h"
@@ -23,15 +26,10 @@
#include
#include
#include
-#include
#include
#include
-#ifdef _SPARC
-#include
-#endif
-
#include
/*
@@ -50,6 +48,22 @@ struct slapi_condvar {
ldap_pvt_thread_mutex_t mutex;
};
+#ifdef LDAP_SLAPI
+static int checkBVString(const struct berval *bv)
+{
+ int i;
+
+ for ( i = 0; i < bv->bv_len; i++ ) {
+ if ( bv->bv_val[i] == '\0' )
+ return 0;
+ }
+ if ( bv->bv_val[i] != '\0' )
+ return 0;
+
+ return 1;
+}
+#endif /* LDAP_SLAPI */
+
/*
* This function converts an array of pointers to berval objects to
* an array of berval objects.
@@ -94,7 +108,7 @@ bvptr2obj(
Slapi_Entry *
slapi_str2entry(
char *s,
- int check_dup )
+ int flags )
{
#ifdef LDAP_SLAPI
Slapi_Entry *e = NULL;
@@ -156,7 +170,7 @@ slapi_entry_set_dn(
char *ldn )
{
#ifdef LDAP_SLAPI
- struct berval dn = { 0, NULL };
+ struct berval dn = BER_BVNULL;
dn.bv_val = ldn;
dn.bv_len = strlen( ldn );
@@ -169,26 +183,7 @@ Slapi_Entry *
slapi_entry_dup( Slapi_Entry *e )
{
#ifdef LDAP_SLAPI
- char *tmp = NULL;
- Slapi_Entry *tmpEnt;
- int len = 0;
-
- tmp = slapi_entry2str( e, &len );
- if ( tmp == NULL ) {
- return (Slapi_Entry *)NULL;
- }
-
- tmpEnt = (Slapi_Entry *)str2entry( tmp );
- if ( tmpEnt == NULL ) {
- slapi_ch_free( (void **)&tmp );
- return (Slapi_Entry *)NULL;
- }
-
- if (tmp != NULL) {
- slapi_ch_free( (void **)&tmp );
- }
-
- return tmpEnt;
+ return entry_dup( e );
#else /* LDAP_SLAPI */
return NULL;
#endif /* LDAP_SLAPI */
@@ -313,7 +308,12 @@ slapi_entry_attr_get_charptr( const Slapi_Entry *e, const char *type )
}
if ( attr->a_vals != NULL && attr->a_vals[0].bv_len != 0 ) {
- return slapi_ch_strdup( attr->a_vals[0].bv_val );
+ const char *p;
+
+ p = slapi_value_get_string( &attr->a_vals[0] );
+ if ( p != NULL ) {
+ return slapi_ch_strdup( (char *)p );
+ }
}
return NULL;
@@ -347,7 +347,7 @@ slapi_entry_attr_get_int( const Slapi_Entry *e, const char *type )
#endif
}
-int
+long
slapi_entry_attr_get_long( const Slapi_Entry *e, const char *type )
{
#ifdef LDAP_SLAPI
@@ -372,7 +372,7 @@ slapi_entry_attr_get_long( const Slapi_Entry *e, const char *type )
#endif
}
-int
+unsigned int
slapi_entry_attr_get_uint( const Slapi_Entry *e, const char *type )
{
#ifdef LDAP_SLAPI
@@ -397,7 +397,7 @@ slapi_entry_attr_get_uint( const Slapi_Entry *e, const char *type )
#endif
}
-int
+unsigned long
slapi_entry_attr_get_ulong( const Slapi_Entry *e, const char *type )
{
#ifdef LDAP_SLAPI
@@ -528,6 +528,64 @@ slapi_is_rootdse( const char *dn )
#endif
}
+int
+slapi_entry_has_children(const Slapi_Entry *e)
+{
+#ifdef LDAP_SLAPI
+ Connection *pConn;
+ Operation *op;
+ int hasSubordinates = 0;
+
+ pConn = slapi_int_init_connection( NULL, LDAP_REQ_SEARCH );
+ if ( pConn == NULL ) {
+ return 0;
+ }
+
+ op = (Operation *)pConn->c_pending_ops.stqh_first;
+ op->o_bd = select_backend( (struct berval *)&e->e_nname, 0, 0 );
+ if ( op->o_bd == NULL ) {
+ return 0;
+ }
+
+ op->o_bd->be_has_subordinates( op, (Entry *)e, &hasSubordinates );
+
+ slapi_int_connection_destroy( &pConn );
+
+ return ( hasSubordinates == LDAP_COMPARE_TRUE );
+#else
+ return 0;
+#endif
+}
+
+/*
+ * Return approximate size of the entry rounded to the nearest
+ * 1K. Only the size of the attribute values are counted in the
+ * Sun implementation.
+ *
+ * http://docs.sun.com/source/816-6701-10/funcref.html#1017388
+ */
+size_t slapi_entry_size(Slapi_Entry *e)
+{
+#ifdef LDAP_SLAPI
+ size_t size;
+ Attribute *a;
+ int i;
+
+ for ( size = 0, a = e->e_attrs; a != NULL; a = a->a_next ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ size += a->a_vals[i].bv_len + 1;
+ }
+ }
+
+ size += 1023;
+ size -= (size % 1024);
+
+ return size;
+#else
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
/*
* Add values to entry.
*
@@ -557,12 +615,12 @@ slapi_entry_add_values( Slapi_Entry *e, const char *type, struct berval **vals )
if ( vals == NULL ) {
/* Apparently vals can be NULL
- * FIXME: sm_bvalues = NULL ? */
- mod.sm_bvalues = (BerVarray)ch_malloc( sizeof(struct berval) );
- mod.sm_bvalues->bv_val = NULL;
+ * FIXME: sm_values = NULL ? */
+ mod.sm_values = (BerVarray)ch_malloc( sizeof(struct berval) );
+ mod.sm_values->bv_val = NULL;
} else {
- rc = bvptr2obj( vals, &mod.sm_bvalues );
+ rc = bvptr2obj( vals, &mod.sm_values );
if ( rc != LDAP_SUCCESS ) {
return LDAP_CONSTRAINT_VIOLATION;
}
@@ -571,7 +629,7 @@ slapi_entry_add_values( Slapi_Entry *e, const char *type, struct berval **vals )
rc = modify_add_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
- ch_free( mod.sm_bvalues );
+ ch_free( mod.sm_values );
return (rc == LDAP_SUCCESS) ? LDAP_SUCCESS : LDAP_CONSTRAINT_VIOLATION;
#else
@@ -637,7 +695,7 @@ slapi_entry_delete_values( Slapi_Entry *e, const char *type, struct berval **val
return attr_delete( &e->e_attrs, mod.sm_desc ) ? LDAP_OTHER : LDAP_SUCCESS;
}
- rc = bvptr2obj( vals, &mod.sm_bvalues );
+ rc = bvptr2obj( vals, &mod.sm_values );
if ( rc != LDAP_SUCCESS ) {
return LDAP_CONSTRAINT_VIOLATION;
}
@@ -645,7 +703,7 @@ slapi_entry_delete_values( Slapi_Entry *e, const char *type, struct berval **val
rc = modify_delete_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
- ch_free( mod.sm_bvalues );
+ ch_free( mod.sm_values );
return rc;
#else
@@ -930,6 +988,139 @@ slapi_dn_issuffix(
#endif /* LDAP_SLAPI */
}
+int
+slapi_dn_isparent(
+ const char *parentdn,
+ const char *childdn )
+{
+#ifdef LDAP_SLAPI
+ struct berval assertedParentDN, normalizedAssertedParentDN;
+ struct berval childDN, normalizedChildDN;
+ struct berval normalizedParentDN;
+ int match;
+
+ assert( parentdn != NULL );
+ assert( childdn != NULL );
+
+ assertedParentDN.bv_val = (char *)parentdn;
+ assertedParentDN.bv_len = strlen( parentdn );
+
+ if ( dnNormalize( 0, NULL, NULL, &assertedParentDN,
+ &normalizedAssertedParentDN, NULL ) != LDAP_SUCCESS )
+ {
+ return 0;
+ }
+
+ childDN.bv_val = (char *)childdn;
+ childDN.bv_len = strlen( childdn );
+
+ if ( dnNormalize( 0, NULL, NULL, &childDN,
+ &normalizedChildDN, NULL ) != LDAP_SUCCESS )
+ {
+ slapi_ch_free( (void **)&normalizedAssertedParentDN.bv_val );
+ return 0;
+ }
+
+ dnParent( &normalizedChildDN, &normalizedParentDN );
+
+ if ( dnMatch( &match, 0, slap_schema.si_syn_distinguishedName, NULL,
+ &normalizedParentDN, (void *)&normalizedAssertedParentDN ) != LDAP_SUCCESS )
+ {
+ match = -1;
+ }
+
+ slapi_ch_free( (void **)&normalizedAssertedParentDN.bv_val );
+ slapi_ch_free( (void **)&normalizedChildDN.bv_val );
+
+ return ( match == 0 );
+#else
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * Returns DN of the parent entry, or NULL if the DN is
+ * an empty string or NULL, or has no parent.
+ */
+char *
+slapi_dn_parent( const char *_dn )
+{
+#ifdef LDAP_SLAPI
+ struct berval dn, prettyDN;
+ struct berval parentDN;
+
+ if ( _dn == NULL ) {
+ return NULL;
+ }
+
+ dn.bv_val = (char *)_dn;
+ dn.bv_len = strlen( _dn );
+
+ if ( dn.bv_len == 0 ) {
+ return NULL;
+ }
+
+ if ( dnPretty( NULL, &dn, &prettyDN, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ dnParent( &prettyDN, &parentDN ); /* in-place */
+
+ slapi_ch_free( (void **)&prettyDN.bv_val );
+
+ if ( parentDN.bv_len == 0 ) {
+ return NULL;
+ }
+
+ return slapi_ch_strdup( parentDN.bv_val );
+#else
+ return NULL;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * Returns DN of the parent entry; or NULL if the DN is
+ * an empty string, if the DN has no parent, or if the
+ * DN is the suffix of the backend database
+ */
+char *slapi_dn_beparent( Slapi_PBlock *pb, const char *_dn )
+{
+#ifdef LDAP_SLAPI
+ Backend *be;
+ struct berval dn, prettyDN;
+ struct berval normalizedDN, parentDN;
+
+ if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void **)&be ) != 0 )
+ be = NULL;
+
+ dn.bv_val = (char *)_dn;
+ dn.bv_len = strlen( _dn );
+
+ if ( dnPrettyNormal( NULL, &dn, &prettyDN, &normalizedDN, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ if ( be != NULL && be_issuffix( be, &normalizedDN ) ) {
+ slapi_ch_free( (void **)&prettyDN.bv_val );
+ slapi_ch_free( (void **)&normalizedDN.bv_val );
+ return NULL;
+ }
+
+ dnParent( &prettyDN, &parentDN );
+
+ slapi_ch_free( (void **)&prettyDN.bv_val );
+ slapi_ch_free( (void **)&normalizedDN.bv_val );
+
+ if ( parentDN.bv_len == 0 ) {
+ return NULL;
+ }
+
+ return slapi_ch_strdup( parentDN.bv_val );
+#else
+ return NULL;
+#endif /* LDAP_SLAPI */
+}
+
char *
slapi_dn_ignore_case( char *dn )
{
@@ -1210,7 +1401,7 @@ slapiControlOp2SlapControlMask(unsigned long slapi_mask,
}
static int
-parseSlapiControl(
+slapi_int_parse_control(
Operation *op,
SlapReply *rs,
LDAPControl *ctrl )
@@ -1231,7 +1422,7 @@ slapi_register_supported_control(
slapiControlOp2SlapControlMask( controlops, &controlmask );
- register_supported_control( controloid, controlmask, NULL, parseSlapiControl );
+ register_supported_control( controloid, controlmask, NULL, slapi_int_parse_control, NULL );
#endif /* LDAP_SLAPI */
}
@@ -1281,7 +1472,7 @@ slapi_register_supported_saslmechanism( char *mechanism )
{
#ifdef LDAP_SLAPI
/* FIXME -- can not add saslmechanism to OpenLDAP dynamically */
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SASL",
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_register_supported_saslmechanism",
"OpenLDAP does not support dynamic registration of SASL mechanisms\n" );
#endif /* LDAP_SLAPI */
}
@@ -1291,7 +1482,7 @@ slapi_get_supported_saslmechanisms( void )
{
#ifdef LDAP_SLAPI
/* FIXME -- can not get the saslmechanism without a connection. */
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SASL",
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_get_supported_saslmechanisms",
"can not get the SASL mechanism list "
"without a connection\n" );
return NULL;
@@ -1312,7 +1503,7 @@ slapi_get_supported_extended_ops( void )
;
}
- for ( j = 0; ns_get_supported_extop( j ) != NULL; j++ ) {
+ for ( j = 0; slapi_int_get_supported_extop( j ) != NULL; j++ ) {
;
}
@@ -1334,7 +1525,7 @@ slapi_get_supported_extended_ops( void )
for ( ; k < j; k++ ) {
struct berval *bv;
- bv = ns_get_supported_extop( k );
+ bv = slapi_int_get_supported_extop( k );
assert( bv != NULL );
ppExtOpOID[ i + k ] = bv->bv_val;
@@ -1437,8 +1628,10 @@ slapi_send_ldap_search_entry(
rs.sr_ref = NULL;
rs.sr_ctrls = ectrls;
rs.sr_attrs = an;
+ rs.sr_operational_attrs = NULL;
rs.sr_entry = e;
rs.sr_v2ref = NULL;
+ rs.sr_flags = 0;
if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp ) != 0 ) {
return LDAP_OTHER;
@@ -1450,6 +1643,61 @@ slapi_send_ldap_search_entry(
#endif /* LDAP_SLAPI */
}
+int
+slapi_send_ldap_search_reference(
+ Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ struct berval **references,
+ LDAPControl **ectrls,
+ struct berval **v2refs
+ )
+{
+#ifdef LDAP_SLAPI
+ Operation *pOp;
+ SlapReply rs = { REP_SEARCHREF };
+ int rc;
+
+ rs.sr_err = LDAP_SUCCESS;
+ rs.sr_matched = NULL;
+ rs.sr_text = NULL;
+
+ rc = bvptr2obj( references, &rs.sr_ref );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ rs.sr_ctrls = ectrls;
+ rs.sr_attrs = NULL;
+ rs.sr_operational_attrs = NULL;
+ rs.sr_entry = e;
+
+ if ( v2refs != NULL ) {
+ rc = bvptr2obj( v2refs, &rs.sr_v2ref );
+ if ( rc != LDAP_SUCCESS ) {
+ slapi_ch_free( (void **)&rs.sr_ref );
+ return rc;
+ }
+ } else {
+ rs.sr_v2ref = NULL;
+ }
+
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp ) != 0 ) {
+ return LDAP_OTHER;
+ }
+
+ rc = send_search_reference( pOp, &rs );
+
+ if ( rs.sr_ref != NULL )
+ slapi_ch_free( (void **)&rs.sr_ref );
+
+ if ( rs.sr_v2ref != NULL )
+ slapi_ch_free( (void **)&rs.sr_v2ref );
+
+ return rc;
+#else
+ return -1;
+#endif /* LDAP_SLAPI */
+}
Slapi_Filter *
slapi_str2filter( char *str )
@@ -1938,24 +2186,6 @@ slapi_get_hostname( void )
{
#ifdef LDAP_SLAPI
char *hn = NULL;
-
- /*
- * FIXME: I'd prefer a different check ...
- */
-#if defined _SPARC
- hn = (char *)slapi_ch_malloc( MAX_HOSTNAME );
- if ( hn == NULL) {
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SYSINFO",
- "can't malloc memory for hostname\n" );
- hn = NULL;
-
- } else if ( sysinfo( SI_HOSTNAME, hn, MAX_HOSTNAME ) < 0 ) {
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SYSINFO",
- "can't get hostname\n" );
- slapi_ch_free( (void **)&hn );
- hn = NULL;
- }
-#else /* !_SPARC */
static int been_here = 0;
static char *static_hn = NULL;
@@ -1963,8 +2193,8 @@ slapi_get_hostname( void )
if ( !been_here ) {
static_hn = (char *)slapi_ch_malloc( MAX_HOSTNAME );
if ( static_hn == NULL) {
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SYSINFO",
- "can't malloc memory for hostname\n" );
+ slapi_log_error( SLAPI_LOG_FATAL, "slapi_get_hostname",
+ "Cannot allocate memory for hostname\n" );
static_hn = NULL;
ldap_pvt_thread_mutex_unlock( &slapi_hn_mutex );
@@ -1973,7 +2203,7 @@ slapi_get_hostname( void )
} else {
if ( gethostname( static_hn, MAX_HOSTNAME ) != 0 ) {
slapi_log_error( SLAPI_LOG_FATAL,
- "SLAPI_SYSINFO",
+ "SLAPI",
"can't get hostname\n" );
slapi_ch_free( (void **)&static_hn );
static_hn = NULL;
@@ -1989,7 +2219,6 @@ slapi_get_hostname( void )
ldap_pvt_thread_mutex_unlock( &slapi_hn_mutex );
hn = ch_strdup( static_hn );
-#endif /* !_SPARC */
return hn;
#else /* LDAP_SLAPI */
@@ -2000,7 +2229,7 @@ slapi_get_hostname( void )
/*
* FIXME: this should go in an appropriate header ...
*/
-extern int vLogError( int level, char *subsystem, char *fmt, va_list arglist );
+extern int slapi_int_log_error( int level, char *subsystem, char *fmt, va_list arglist );
int
slapi_log_error(
@@ -2014,7 +2243,7 @@ slapi_log_error(
va_list arglist;
va_start( arglist, fmt );
- rc = vLogError( severity, subsystem, fmt, arglist );
+ rc = slapi_int_log_error( severity, subsystem, fmt, arglist );
va_end( arglist );
return rc;
@@ -2127,7 +2356,7 @@ slapi_free_search_results_internal( Slapi_PBlock *pb )
/*
* Internal API to prime a Slapi_PBlock with a Backend.
*/
-static int initBackendPB( Slapi_PBlock *pb, Backend *be )
+static int slapi_int_pblock_set_backend( Slapi_PBlock *pb, Backend *be )
{
int rc;
@@ -2189,7 +2418,7 @@ static char *Authorization2AuthType( AuthorizationInformation *authz, int is_tls
/*
* Internal API to prime a Slapi_PBlock with a Connection.
*/
-static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
+static int slapi_int_pblock_set_connection( Slapi_PBlock *pb, Connection *conn )
{
char *connAuthType;
int rc;
@@ -2252,17 +2481,29 @@ static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
0 );
if ( connAuthType != NULL ) {
rc = slapi_pblock_set(pb, SLAPI_CONN_AUTHMETHOD, (void *)connAuthType);
+ /* slapi_pblock_set dups this itself */
+ slapi_ch_free( (void **)&connAuthType );
if ( rc != LDAP_SUCCESS )
return rc;
}
if ( conn->c_authz.sai_dn.bv_val != NULL ) {
- char *connDn = slapi_ch_strdup(conn->c_authz.sai_dn.bv_val);
- rc = slapi_pblock_set(pb, SLAPI_CONN_DN, (void *)connDn);
+ /* slapi_pblock_set dups this itself */
+ rc = slapi_pblock_set(pb, SLAPI_CONN_DN, (void *)conn->c_authz.sai_dn.bv_val);
if ( rc != LDAP_SUCCESS )
return rc;
}
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SSF, (void *)conn->c_ssf);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SASL_CONTEXT,
+ ( conn->c_sasl_authctx != NULL ? conn->c_sasl_authctx :
+ conn->c_sasl_sockctx ) );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
return rc;
}
#endif /* LDAP_SLAPI */
@@ -2270,7 +2511,7 @@ static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
/*
* Internal API to prime a Slapi_PBlock with an Operation.
*/
-int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
+int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
{
#ifdef LDAP_SLAPI
int isRoot = 0;
@@ -2279,15 +2520,15 @@ int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
char *opAuthType;
if ( op->o_bd != NULL ) {
- isRoot = be_isroot( op->o_bd, &op->o_ndn );
- isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn );
+ isRoot = be_isroot( op );
+ isUpdateDn = be_isupdate( op );
}
- rc = initBackendPB( pb, op->o_bd );
+ rc = slapi_int_pblock_set_backend( pb, op->o_bd );
if ( rc != LDAP_SUCCESS )
return rc;
- rc = initConnectionPB( pb, op->o_conn );
+ rc = slapi_int_pblock_set_connection( pb, op->o_conn );
if ( rc != LDAP_SUCCESS )
return rc;
@@ -2456,10 +2697,38 @@ Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr )
int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
{
#ifdef LDAP_SLAPI
- /*
- * FIXME: here we may lose alignment between a_vals/a_nvals
- */
- return value_add_one( &a->a_vals, (Slapi_Value *)v );
+ struct berval nval;
+ struct berval *nvalp;
+ int rc;
+ AttributeDescription *desc = a->a_desc;
+
+ if ( desc->ad_type->sat_equality &&
+ desc->ad_type->sat_equality->smr_normalize ) {
+ rc = (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ desc->ad_type->sat_syntax,
+ desc->ad_type->sat_equality,
+ (Slapi_Value *)v, &nval, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ nvalp = &nval;
+ } else {
+ nvalp = NULL;
+ }
+
+ rc = value_add_one( &a->a_vals, (Slapi_Value *)v );
+ if ( rc == 0 && nvalp != NULL ) {
+ rc = value_add_one( &a->a_nvals, nvalp );
+ } else {
+ a->a_nvals = a->a_vals;
+ }
+
+ if ( nvalp != NULL ) {
+ slapi_ch_free_string( &nval.bv_val );
+ }
+
+ return rc;
#else
return -1;
#endif
@@ -2852,31 +3121,16 @@ int slapi_value_set_int(Slapi_Value *value, int intVal)
const char *slapi_value_get_string(const Slapi_Value *value)
{
#ifdef LDAP_SLAPI
- if ( value == NULL ) {
- return NULL;
- }
+ if ( value == NULL ) return NULL;
+ if ( value->bv_val == NULL ) return NULL;
+ if ( !checkBVString( value ) ) return NULL;
+
return value->bv_val;
#else
return NULL;
#endif
}
-#ifdef LDAP_SLAPI
-static int checkBVString(const struct berval *bv)
-{
- int i;
-
- for ( i = 0; i < bv->bv_len; i++ ) {
- if ( bv->bv_val[i] == '\0' )
- return 0;
- }
- if ( bv->bv_val[i] != '\0' )
- return 0;
-
- return 1;
-}
-#endif
-
int slapi_value_get_int(const Slapi_Value *value)
{
#ifdef LDAP_SLAPI
@@ -3082,14 +3336,14 @@ void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2)
int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr,
struct berval *val, int access )
{
-#ifdef LDAPI_SLAPI
+#ifdef LDAP_SLAPI
Backend *be;
Connection *conn;
Operation *op;
int ret;
slap_access_t slap_access;
AttributeDescription *ad = NULL;
- char *text;
+ const char *text;
ret = slap_str2ad( attr, &ad, &text );
if ( ret != LDAP_SUCCESS ) {
@@ -3129,7 +3383,7 @@ int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr,
return LDAP_PARAM_ERROR;
}
- ret = access_allowed( be, conn, op, e, desc, val, slap_access, NULL );
+ ret = access_allowed( op, e, ad, val, slap_access, NULL );
return ret ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
#else
@@ -3141,31 +3395,39 @@ int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char
{
#ifdef LDAP_SLAPI
Operation *op;
- int ret;
- Modifications *ml;
- Modifications *next;
+ int rc = LDAP_SUCCESS;
+ Modifications *ml, *mp;
if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
return LDAP_PARAM_ERROR;
}
- ml = slapi_x_ldapmods2modifications( mods );
+ ml = slapi_int_ldapmods2modifications( mods );
if ( ml == NULL ) {
return LDAP_OTHER;
}
- ret = acl_check_modlist( op, e, ml );
+ for ( mp = ml; mp != NULL; mp = mp->sml_next ) {
+ rc = slap_bv2ad( &mp->sml_type, &mp->sml_desc, (const char **)errbuf );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = acl_check_modlist( op, e, ml ) ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ }
/* Careful when freeing the modlist because it has pointers into the mods array. */
- for ( ; ml != NULL; ml = next ) {
- next = ml->sml_next;
+ for ( ; ml != NULL; ml = mp ) {
+ mp = ml->sml_next;
/* just free the containing array */
- slapi_ch_free( (void **)&ml->sml_bvalues );
+ slapi_ch_free( (void **)&ml->sml_values );
slapi_ch_free( (void **)&ml );
}
- return ret ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ return rc;
#else
return LDAP_UNWILLING_TO_PERFORM;
#endif
@@ -3179,7 +3441,7 @@ int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char
*
* This function must also be called before slap_mods_check().
*/
-LDAPMod **slapi_x_modifications2ldapmods(Modifications **pmodlist)
+LDAPMod **slapi_int_modifications2ldapmods(Modifications **pmodlist)
{
#ifdef LDAP_SLAPI
Modifications *ml, *modlist;
@@ -3202,18 +3464,18 @@ LDAPMod **slapi_x_modifications2ldapmods(Modifications **pmodlist)
modp->mod_type = ml->sml_type.bv_val;
ml->sml_type.bv_val = NULL;
- if ( ml->sml_bvalues != NULL ) {
- for( j = 0; ml->sml_bvalues[j].bv_val != NULL; j++ )
+ if ( ml->sml_values != NULL ) {
+ for( j = 0; ml->sml_values[j].bv_val != NULL; j++ )
;
modp->mod_bvalues = (struct berval **)ch_malloc( (j + 1) *
sizeof(struct berval *) );
- for( j = 0; ml->sml_bvalues[j].bv_val != NULL; j++ ) {
+ for( j = 0; ml->sml_values[j].bv_val != NULL; j++ ) {
/* Take ownership of original values. */
modp->mod_bvalues[j] = (struct berval *)ch_malloc( sizeof(struct berval) );
- modp->mod_bvalues[j]->bv_len = ml->sml_bvalues[j].bv_len;
- modp->mod_bvalues[j]->bv_val = ml->sml_bvalues[j].bv_val;
- ml->sml_bvalues[j].bv_len = 0;
- ml->sml_bvalues[j].bv_val = NULL;
+ modp->mod_bvalues[j]->bv_len = ml->sml_values[j].bv_len;
+ modp->mod_bvalues[j]->bv_val = ml->sml_values[j].bv_val;
+ ml->sml_values[j].bv_len = 0;
+ ml->sml_values[j].bv_val = NULL;
}
modp->mod_bvalues[j] = NULL;
} else {
@@ -3239,14 +3501,18 @@ LDAPMod **slapi_x_modifications2ldapmods(Modifications **pmodlist)
*
* The returned Modification list contains pointers into the
* LDAPMods array; the latter MUST be freed with
- * slapi_x_free_ldapmods() (see below).
+ * slapi_int_free_ldapmods() (see below).
*/
-Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
+Modifications *slapi_int_ldapmods2modifications (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
Modifications *modlist = NULL, **modtail;
LDAPMod **modp;
+ if ( mods == NULL ) {
+ return NULL;
+ }
+
modtail = &modlist;
for( modp = mods; *modp != NULL; modp++ ) {
@@ -3271,23 +3537,24 @@ Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
}
if ( i == 0 ) {
- mod->sml_bvalues = NULL;
+ mod->sml_values = NULL;
} else {
- mod->sml_bvalues = (BerVarray) ch_malloc( (i + 1) * sizeof(struct berval) );
+ mod->sml_values = (BerVarray) ch_malloc( (i + 1) * sizeof(struct berval) );
/* NB: This implicitly trusts a plugin to return valid modifications. */
if ( (*modp)->mod_op & LDAP_MOD_BVALUES ) {
for( i = 0, bvp = (*modp)->mod_bvalues; bvp != NULL && *bvp != NULL; bvp++, i++ ) {
- mod->sml_bvalues[i].bv_val = (*bvp)->bv_val;
- mod->sml_bvalues[i].bv_len = (*bvp)->bv_len;
+ mod->sml_values[i].bv_val = (*bvp)->bv_val;
+ mod->sml_values[i].bv_len = (*bvp)->bv_len;
}
} else {
for( i = 0, p = (*modp)->mod_values; p != NULL && *p != NULL; p++, i++ ) {
- mod->sml_bvalues[i].bv_val = *p;
- mod->sml_bvalues[i].bv_len = strlen( *p );
+ mod->sml_values[i].bv_val = *p;
+ mod->sml_values[i].bv_len = strlen( *p );
}
}
- mod->sml_bvalues[i].bv_val = NULL;
+ mod->sml_values[i].bv_val = NULL;
+ mod->sml_values[i].bv_len = 0;
}
mod->sml_nvalues = NULL;
@@ -3304,10 +3571,10 @@ Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
/*
* This function only frees the parts of the mods array that
* are not shared with the Modification list that was created
- * by slapi_x_ldapmods2modifications().
+ * by slapi_int_ldapmods2modifications().
*
*/
-void slapi_x_free_ldapmods (LDAPMod **mods)
+void slapi_int_free_ldapmods (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
int i, j;
@@ -3321,10 +3588,10 @@ void slapi_x_free_ldapmods (LDAPMod **mods)
* Modification list. Do free the containing array.
*/
if ( mods[i]->mod_op & LDAP_MOD_BVALUES ) {
- for ( j = 0; mods[i]->mod_bvalues != NULL && mods[i]->mod_bvalues[j] != NULL; j++ ) {
- ch_free( mods[i]->mod_bvalues[j] );
+ for ( j = 0; mods[i]->mod_values != NULL && mods[i]->mod_values[j] != NULL; j++ ) {
+ ch_free( mods[i]->mod_values[j] );
}
- ch_free( mods[i]->mod_bvalues );
+ ch_free( mods[i]->mod_values );
} else {
ch_free( mods[i]->mod_values );
}
@@ -3347,7 +3614,7 @@ void slapi_x_free_ldapmods (LDAPMod **mods)
* op->o_callback->sc_sendentry, if you wish to make computed
* attributes available to it.
*/
-int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
#ifdef LDAP_SLAPI
Operation *op = NULL;
@@ -3395,7 +3662,7 @@ int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_En
}
if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
- slapi_log_error( SLAPI_LOG_ACL, "SLAPI_COMPUTE",
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
"acl: access to attribute %s not allowed\n",
desc->ad_cname.bv_val );
return 0;
@@ -3403,24 +3670,24 @@ int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_En
rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
if (rc == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "SLAPI_COMPUTE",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
- if ( !c->cac_attrsonly ) {
+ if ( !c->cac_attrsonly && a->a_vals != NULL ) {
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
if ( !access_allowed( op, e,
desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
- slapi_log_error( SLAPI_LOG_ACL, "SLAPI_COMPUTE",
- "slapi_x_compute_output_ber: conn %lu "
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
+ "conn %lu "
"acl: access to %s, value %d not allowed\n",
op->o_connid, desc->ad_cname.bv_val, i );
continue;
}
if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "SLAPI_COMPUTE",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
@@ -3428,7 +3695,7 @@ int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_En
}
if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "SLAPI_COMPUTE",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n" );
return 1;
}
@@ -3470,7 +3737,7 @@ int slapi_compute_add_evaluator(slapi_compute_callback_t function)
goto done;
}
- rc = insertPlugin( NULL, pPlugin );
+ rc = slapi_int_register_plugin( NULL, pPlugin );
if ( rc != 0 ) {
rc = LDAP_OTHER;
goto done;
@@ -3515,7 +3782,7 @@ int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function)
goto done;
}
- rc = insertPlugin( NULL, pPlugin );
+ rc = slapi_int_register_plugin( NULL, pPlugin );
if ( rc != 0 ) {
rc = LDAP_OTHER;
goto done;
@@ -3544,7 +3811,7 @@ int compute_evaluator(computed_attr_context *c, char *type, Slapi_Entry *e, slap
int rc = 0;
slapi_compute_callback_t *pGetPlugin, *tmpPlugin;
- rc = getAllPluginFuncs( NULL, SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN, (SLAPI_FUNC **)&tmpPlugin );
+ rc = slapi_int_get_plugins( NULL, SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN, (SLAPI_FUNC **)&tmpPlugin );
if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
/* Nothing to do; front-end should ignore. */
return 0;
@@ -3581,7 +3848,7 @@ int compute_rewrite_search_filter(Slapi_PBlock *pb)
return rc;
}
- return doPluginFNs( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb );
+ return slapi_int_call_plugins( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb );
#else
return -1;
#endif /* LDAP_SLAPI */
@@ -3715,3 +3982,288 @@ int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all )
#endif
}
+int slapi_int_access_allowed( Operation *op,
+ Entry *entry,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state )
+{
+#ifdef LDAP_SLAPI
+ int rc, slap_access = 0;
+ slapi_acl_callback_t *pGetPlugin, *tmpPlugin;
+
+ if ( op->o_pb == NULL ) {
+ /* internal operation */
+ return 1;
+ }
+
+ switch ( access ) {
+ case ACL_WRITE:
+ slap_access |= SLAPI_ACL_ADD | SLAPI_ACL_DELETE | SLAPI_ACL_WRITE;
+ break;
+ case ACL_READ:
+ slap_access |= SLAPI_ACL_READ;
+ break;
+ case ACL_SEARCH:
+ slap_access |= SLAPI_ACL_SEARCH;
+ break;
+ case ACL_COMPARE:
+ slap_access = ACL_COMPARE;
+ break;
+ default:
+ break;
+ }
+
+ rc = slapi_int_get_plugins( op->o_bd, SLAPI_PLUGIN_ACL_ALLOW_ACCESS, (SLAPI_FUNC **)&tmpPlugin );
+ if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
+ /* nothing to do; allowed access */
+ return 1;
+ }
+
+ slapi_int_pblock_set_operation( op->o_pb, op );
+
+ rc = 1; /* default allow policy */
+
+ for ( pGetPlugin = tmpPlugin; *pGetPlugin != NULL; pGetPlugin++ ) {
+ /*
+ * 0 access denied
+ * 1 access granted
+ */
+ rc = (*pGetPlugin)( op->o_pb, entry, desc->ad_cname.bv_val,
+ val, slap_access, (void *)state );
+ if ( rc == 0 ) {
+ break;
+ }
+ }
+
+ slapi_ch_free( (void **)&tmpPlugin );
+
+ return rc;
+#else
+ return 1;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * There is no documentation for this.
+ */
+int slapi_rdn2typeval( char *rdn, char **type, struct berval *bv )
+{
+#ifdef LDAP_SLAPI
+ LDAPRDN lrdn;
+ LDAPAVA *ava;
+ int rc;
+ char *p;
+
+ *type = NULL;
+
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ rc = ldap_str2rdn( rdn, &lrdn, &p, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ if ( lrdn[1] != NULL ) {
+ return -1; /* not single valued */
+ }
+
+ ava = lrdn[0];
+
+ *type = slapi_ch_strdup( ava->la_attr.bv_val );
+ ber_dupbv( bv, &ava->la_value );
+
+ ldap_rdnfree(lrdn);
+
+ return 0;
+#else
+ return -1;
+#endif /* LDAP_SLAPI */
+}
+
+char *slapi_dn_plus_rdn( const char *dn, const char *rdn )
+{
+#ifdef LDAP_SLAPI
+ struct berval new_dn, parent_dn, newrdn;
+
+ new_dn.bv_val = NULL;
+
+ parent_dn.bv_val = (char *)dn;
+ parent_dn.bv_len = strlen( dn );
+
+ newrdn.bv_val = (char *)rdn;
+ newrdn.bv_len = strlen( rdn );
+
+ build_new_dn( &new_dn, &parent_dn, &newrdn, NULL );
+
+ return new_dn.bv_val;
+#else
+ return NULL;
+#endif /* LDAP_SLAPI */
+}
+
+int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e )
+{
+#ifdef LDAP_SLAPI
+ Backend *be;
+ const char *text;
+ char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
+ size_t textlen = sizeof textbuf;
+ int rc;
+
+ if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void **)&be ) != 0 )
+ return -1;
+
+ rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
+
+ return ( rc == LDAP_SUCCESS ) ? 0 : 1;
+#else
+ return -1;
+#endif /* LDAP_SLAPI */
+}
+
+int slapi_entry_rdn_values_present( const Slapi_Entry *e )
+{
+#ifdef LDAP_SLAPI
+ LDAPDN dn;
+ int rc;
+ int i = 0, match = 0;
+
+ rc = ldap_bv2dn( &((Entry *)e)->e_name, &dn, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if ( dn[0] != NULL ) {
+ LDAPRDN rdn = dn[0];
+
+ for ( i = 0; rdn[i] != NULL; i++ ) {
+ LDAPAVA *ava = &rdn[0][i];
+ Slapi_Attr *a = NULL;
+
+ if ( slapi_entry_attr_find( (Slapi_Entry *)e, ava->la_attr.bv_val, &a ) == 0 &&
+ slapi_attr_value_find( a, &ava->la_value ) == 0 )
+ match++;
+ }
+ }
+
+ ldap_dnfree( dn );
+
+ return ( i == match );
+#else
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
+int slapi_entry_add_rdn_values( Slapi_Entry *e )
+{
+#ifdef LDAP_SLAPI
+ LDAPDN dn;
+ int i, rc;
+
+ rc = ldap_bv2dn( &e->e_name, &dn, LDAP_DN_FORMAT_LDAPV3 );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( dn[0] != NULL ) {
+ LDAPRDN rdn = dn[0];
+ struct berval *vals[2];
+
+ for ( i = 0; rdn[i] != NULL; i++ ) {
+ LDAPAVA *ava = &rdn[0][i];
+ Slapi_Attr *a = NULL;
+
+ if ( slapi_entry_attr_find( e, ava->la_attr.bv_val, &a ) == 0 &&
+ slapi_attr_value_find( a, &ava->la_value ) == 0 )
+ continue;
+
+ vals[0] = &ava->la_value;
+ vals[1] = NULL;
+
+ slapi_entry_attr_merge( e, ava->la_attr.bv_val, vals );
+ }
+ }
+
+ ldap_dnfree( dn );
+
+ return LDAP_SUCCESS;
+#else
+ return LDAP_OTHER;
+#endif /* LDAP_SLAPI */
+}
+
+const char *slapi_entry_get_uniqueid( const Slapi_Entry *e )
+{
+#ifdef LDAP_SLAPI
+ Attribute *attr;
+ const char *uniqueid;
+
+ attr = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( attr == NULL ) {
+ return NULL;
+ }
+
+ if ( attr->a_vals != NULL && attr->a_vals[0].bv_len != 0 ) {
+ return slapi_value_get_string( &attr->a_vals[0] );
+ }
+#endif /* LDAP_SLAPI */
+
+ return NULL;
+}
+
+void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid )
+{
+#ifdef LDAP_SLAPI
+ struct berval bv;
+
+ attr_delete ( &e->e_attrs, slap_schema.si_ad_entryUUID );
+
+ bv.bv_val = uniqueid;
+ bv.bv_len = strlen( uniqueid );
+ attr_merge_normalize_one( e, slap_schema.si_ad_entryUUID, &bv, NULL );
+#endif /* LDAP_SLAPI */
+}
+
+LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared )
+{
+#ifdef LDAP_SLAPI
+ LDAP *ld;
+ char *url;
+ size_t size;
+ int rc;
+
+ size = sizeof("ldap:///");
+ if ( secure )
+ size++;
+ size += strlen( ldaphost );
+ if ( ldapport != 0 )
+ size += 32;
+
+ url = slapi_ch_malloc( size );
+
+ if ( ldapport != 0 ) {
+ sprintf( url, "ldap%s://%s:%d/", ( secure ? "s" : "" ), ldaphost, ldapport );
+ } else {
+ sprintf( url, "ldap%s://%s/", ( secure ? "s" : "" ), ldaphost );
+ }
+
+ rc = ldap_initialize( &ld, url );
+
+ slapi_ch_free_string( &url );
+
+ return ( rc == LDAP_SUCCESS ) ? ld : NULL;
+#else
+ return NULL;
+#endif /* LDAP_SLAPI */
+}
+
+void slapi_ldap_unbind( LDAP *ld )
+{
+#ifdef LDAP_SLAPI
+ ldap_unbind( ld );
+#endif /* LDAP_SLAPI */
+}
+