Use struct berval DNs for root DN and update DN

diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index 3127b8664b4ddf97e7bdf7dfa552abde552cfbac..21fde149b8ae738d40f148c77b2d2a137927b088 100644 (file)
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -268,12 +268,12 @@ do_add( Connection *conn, Operation *op )
         */
        if ( be->be_add ) {
                /* do the update here */
-               int repl_user = be_isupdate(be, op->o_ndn.bv_val );
+               int repl_user = be_isupdate(be, &op->o_ndn );
 #ifndef SLAPD_MULTIMASTER
-               if ( be->be_update_ndn == NULL || repl_user )
+               if ( !be->be_update_ndn.bv_len || repl_user )
 #endif
                {
-                       int update = be->be_update_ndn != NULL;
+                       int update = be->be_update_ndn.bv_len;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;
 

diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c
index 69de6cd8378fe045cf4a21cd5b6b7b3893088d0f..1812992318b5b82df1d9786442a820c1326edb85 100644 (file)
--- a/servers/slapd/back-bdb/add.c
+++ b/servers/slapd/back-bdb/add.c
@@ -193,8 +193,7 @@ retry:      rc = txn_abort( ltid );
                 *  or with parent ""
                 */
                if ( !be_isroot( be, op->o_ndn.bv_val )) {
-                       if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
-
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                p = (Entry *)&slap_entry_root;
 
                                /* check parent for "children" acl */

diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c
index 19f28779ee40765376fd9484d2915f80f03592ff..45e5cb5540619075a8e156eb0e70f7259fb5062c 100644 (file)
--- a/servers/slapd/back-bdb/delete.c
+++ b/servers/slapd/back-bdb/delete.c
@@ -162,7 +162,7 @@ retry:      /* transaction retry */
        } else {
                /* no parent, must be root to delete */
                if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
-                       if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                p = (Entry *)&slap_entry_root;
 
                                /* check parent for "children" acl */

diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c
index 6c2cf93f016f3a043ec051d4438dbde03922b8d2..0420f844943a2b1c01fd4d49996d0ec5a3ec40fa 100644 (file)
--- a/servers/slapd/back-bdb/modrdn.c
+++ b/servers/slapd/back-bdb/modrdn.c
@@ -214,7 +214,7 @@ retry:      /* transaction retry */
                /* no parent, modrdn entry directly under root */
                isroot = be_isroot( be, op->o_ndn.bv_val );
                if ( ! isroot ) {
-                       if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
 
                                p = (Entry *)&slap_entry_root;
 
@@ -335,8 +335,7 @@ retry:      /* transaction retry */
 
                        /* no parent, modrdn entry directly under root */
                        if ( ! isroot ) {
-                               if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
-
+                               if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                        np = (Entry *)&slap_entry_root;
 
                                        /* check parent for "children" acl */

diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c
index 65b08452bd08144b5ffc7096876991b9af21617d..797896ff2afbd2d2a9f3fa07fdb6e5fef74ef8d2 100644 (file)
--- a/servers/slapd/back-ldbm/add.c
+++ b/servers/slapd/back-ldbm/add.c
@@ -206,8 +206,7 @@ ldbm_back_add(
 
                /* no parent, must be adding entry to root */
                if ( !be_isroot( be, op->o_ndn.bv_val ) ) {
-                       if ( be_issuffix( be, "" ) 
-                                       || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                p = (Entry *)&slap_entry_root;
                                
                                rc = access_allowed( be, conn, op, p,

diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c
index 3e34c6dfeb8be27e7a8e27bb8d04ab655233d7e6..318fd673e891914818a80d3beaf3007b329fc228 100644 (file)
--- a/servers/slapd/back-ldbm/delete.c
+++ b/servers/slapd/back-ldbm/delete.c
@@ -154,8 +154,7 @@ ldbm_back_delete(
        } else {
                /* no parent, must be root to delete */
                if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
-                       if ( be_issuffix( be, "" ) 
-                                       || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                p = (Entry *)&slap_entry_root;
                                
                                rc = access_allowed( be, conn, op, p,

diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index 314c0cd7fea3b3cbf0e0afb20f56f4d0e6412b34..15aa68f64b1ea8af810ec95ae1a02ef9b9739522 100644 (file)
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -208,8 +208,7 @@ ldbm_back_modrdn(
                /* no parent, must be root to modify rdn */
                isroot = be_isroot( be, op->o_ndn.bv_val );
                if ( ! be_isroot ) {
-                       if ( be_issuffix( be, "" )
-                                       || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                       if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                p = (Entry *)&slap_entry_root;
                                
                                rc = access_allowed( be, conn, op, p,
@@ -387,8 +386,7 @@ ldbm_back_modrdn(
                        }
 
                        if ( ! be_isroot ) {
-                               if ( be_issuffix( be, "" )
-                                               || be_isupdate( be, op->o_ndn.bv_val ) ) {
+                               if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
                                        np = (Entry *)&slap_entry_root;
                                
                                        rc = access_allowed( be, conn, op, np,

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index c44efa33b4607c50cf89d4484c2db91d9cf33b99..7eec0d624f0cfa7839586710053d6494dbd7fecc 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -419,9 +419,9 @@ int backend_destroy(void)
                }
                charray_free( backendDB[i].be_suffix );
                ber_bvecfree( backendDB[i].be_nsuffix );
-               free( backendDB[i].be_root_dn );
-               free( backendDB[i].be_root_ndn );
-               free( backendDB[i].be_root_pw.bv_val );
+               free( backendDB[i].be_rootdn.bv_val );
+               free( backendDB[i].be_rootndn.bv_val );
+               free( backendDB[i].be_rootpw.bv_val );
                acl_destroy( backendDB[i].be_acl, global_acl );
        }
        free( backendDB );
@@ -599,41 +599,37 @@ be_isroot( Backend *be, const char *ndn )
                return( 0 );
        }
 
-       if ( be->be_root_ndn == NULL || *be->be_root_ndn == '\0' ) {
+       if ( !be->be_rootndn.bv_len ) {
                return( 0 );
        }
 
-       rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1;
+       rc = strcmp( be->be_rootndn.bv_val, ndn ) ? 0 : 1;
 
        return(rc);
 }
 
 int
-be_isupdate( Backend *be, const char *ndn )
+be_isupdate( Backend *be, struct berval *ndn )
 {
-       int rc;
-
-       if ( ndn == NULL || *ndn == '\0' ) {
+       if ( !ndn->bv_len ) {
                return( 0 );
        }
 
-       if ( be->be_update_ndn == NULL || *be->be_update_ndn == '\0' ) {
+       if ( !be->be_update_ndn.bv_len ) {
                return( 0 );
        }
 
-       rc = strcmp( be->be_update_ndn, ndn ) ? 0 : 1;
-
-       return(rc);
+       return strcmp( be->be_update_ndn.bv_val, ndn->bv_val ) ? 0 : 1;
 }
 
 char *
 be_root_dn( Backend *be )
 {
-       if ( be->be_root_dn == NULL ) {
+       if ( !be->be_rootdn.bv_len ) {
                return( "" );
        }
 
-       return be->be_root_dn;
+       return be->be_rootdn.bv_val;
 }
 
 int
@@ -648,7 +644,7 @@ be_isroot_pw( Backend *be,
                return 0;
        }
 
-       if( be->be_root_pw.bv_len == 0 ) {
+       if( be->be_rootpw.bv_len == 0 ) {
                return 0;
        }
 
@@ -659,7 +655,7 @@ be_isroot_pw( Backend *be,
 #endif
 #endif
 
-       result = lutil_passwd( &be->be_root_pw, cred, NULL );
+       result = lutil_passwd( &be->be_rootpw, cred, NULL );
 
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
 #ifdef SLAPD_SPASSWD

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 47da9ad9650dd699c929e4b744b59638dd6ebfbb..b7b16f13a1829186a38bd9826f902b06338101a6 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1142,27 +1142,49 @@ read_config( const char *fname )
 #endif
 
                        } else {
-                               be->be_root_dn = ch_strdup( cargv[1] );
-                               be->be_root_ndn = ch_strdup( cargv[1] );
-
+                               struct berval dn, *pdn = NULL, *ndn = NULL;
+                               
                                if ( load_ucdata( NULL ) < 0 ) {
                                        return( 1 );
                                }
-                               if( dn_normalize( be->be_root_ndn ) == NULL ) {
-                                       free( be->be_root_dn );
-                                       free( be->be_root_ndn );
+
+                               dn.bv_val = cargv[1];
+                               dn.bv_len = strlen( cargv[1] );
+
+                               rc = dnPretty( NULL, &dn, &pdn );
+                               if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
                                        LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
-                                                  "%s: line %d: rootdn DN is invalid.\n",
-                                                  fname, lineno ));
+                                               "%s: line %d: rootdn DN is invalid.\n",
+                                               fname, lineno ));
 #else
                                        Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn DN is invalid\n",
+                                               "%s: line %d: rootdn DN is invalid\n",
                                           fname, lineno, 0 );
 #endif
+                                       return( 1 );
+                               }
 
+                               rc = dnNormalize( NULL, &dn, &ndn );
+                               if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+                                       LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                               "%s: line %d: rootdn DN is invalid.\n",
+                                               fname, lineno ));
+#else
+                                       Debug( LDAP_DEBUG_ANY,
+                                               "%s: line %d: rootdn DN is invalid\n",
+                                          fname, lineno, 0 );
+#endif
+                                       ber_bvfree( ndn );
                                        return( 1 );
                                }
+
+                               be->be_rootdn = *pdn;
+                               be->be_rootndn = *ndn;
+
+                               free( pdn );
+                               free( ndn );
                        }
 
                /* set super-secret magic database password */
@@ -1192,8 +1214,8 @@ read_config( const char *fname )
 #endif
 
                        } else {
-                               be->be_root_pw.bv_val = ch_strdup( cargv[1] );
-                               be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
+                               be->be_rootpw.bv_val = ch_strdup( cargv[1] );
+                               be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
                        }
 
                /* make this database read-only */
@@ -1798,23 +1820,31 @@ read_config( const char *fname )
 #endif
 
                        } else {
-                               be->be_update_ndn = ch_strdup( cargv[1] );
+                               struct berval dn, *ndn = NULL;
+
                                if ( load_ucdata( NULL ) < 0 ) {
                                        return( 1 );
                                }
-                               if( dn_normalize( be->be_update_ndn ) == NULL ) {
+
+                               dn.bv_val = cargv[1];
+                               dn.bv_len = strlen( cargv[1] );
+
+                               rc = dnNormalize( NULL, &dn, &ndn );
+                               if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
                                        LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
-                                                  "%s: line %d: updatedn DN is invalid.\n",
-                                                  fname, lineno ));
+                                               "%s: line %d: updatedn DN is invalid.\n",
+                                               fname, lineno ));
 #else
                                        Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updatedn DN is invalid\n",
+                                               "%s: line %d: updatedn DN is invalid\n",
                                            fname, lineno, 0 );
 #endif
-
                                        return 1;
                                }
+
+                               be->be_update_ndn = *ndn;
+                               free( ndn );
                        }
 
                } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
@@ -1833,24 +1863,24 @@ read_config( const char *fname )
                        }
                        if ( be == NULL ) {
 #ifdef NEW_LOGGING
-                               LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
-                                       "updateref line must appear inside a database definition "
-                                       "(ignored)\n", fname, lineno ));
+                               LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
+                                       " line must appear inside a database definition\n",
+                                       fname, lineno ));
 #else
-                               Debug( LDAP_DEBUG_ANY, "%s: line %d: "
-                                       "updateref line must appear inside a database definition "
-                                       "(ignored)\n", fname, lineno, 0 );
+                               Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
+                                       " line must appear inside a database definition\n",
+                                       fname, lineno, 0 );
 #endif
                                return 1;
 
-                       } else if ( be->be_update_ndn == NULL ) {
+                       } else if ( !be->be_update_ndn.bv_len ) {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
-                                       "updateref line must come after updatedn (ignored).\n",
+                                       "updateref line must come after updatedn.\n",
                                        fname, lineno ));
 #else
                                Debug( LDAP_DEBUG_ANY, "%s: line %d: "
-                                       "updateref line must after updatedn (ignored)\n",
+                                       "updateref line must after updatedn.\n",
                                    fname, lineno, 0 );
 #endif
                                return 1;

diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c
index 3acbd05c488f89cd3eb631edbd29f7ea9d09e3b0..cf6c4e00fa3eb6d9d507795e183600bebb5d2c24 100644 (file)
--- a/servers/slapd/delete.c
+++ b/servers/slapd/delete.c
@@ -179,14 +179,14 @@ do_delete(
         */
        if ( be->be_delete ) {
                /* do the update here */
-               int repl_user = be_isupdate( be, op->o_ndn.bv_val );
+               int repl_user = be_isupdate( be, &op->o_ndn );
 #ifndef SLAPD_MULTIMASTER
-               if ( be->be_update_ndn == NULL || repl_user )
+               if ( !be->be_update_ndn.bv_len || repl_user )
 #endif
                {
                        if ( (*be->be_delete)( be, conn, op, pdn->bv_val, ndn->bv_val ) == 0 ) {
 #ifdef SLAPD_MULTIMASTER
-                               if (be->be_update_ndn == NULL || !repl_user )
+                               if ( !be->be_update_ndn.bv_len || !repl_user )
 #endif
                                {
                                        replog( be, op, pdn->bv_val, ndn->bv_val, NULL );

diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index 1bcf5b5c7c5d1d1820d1d2d410f7326813bf0ec4..4832d8dc8d18b382100f814e8fd1ccfcb21f1b5c 100644 (file)
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -333,15 +333,15 @@ do_modify(
         */
        if ( be->be_modify ) {
                /* do the update here */
-               int repl_user = be_isupdate( be, op->o_ndn.bv_val );
+               int repl_user = be_isupdate( be, &op->o_ndn );
 #ifndef SLAPD_MULTIMASTER
                /* Multimaster slapd does not have to check for replicator dn
                 * because it accepts each modify request
                 */
-               if ( be->be_update_ndn == NULL || repl_user )
+               if ( !be->be_update_ndn.bv_len || repl_user )
 #endif
                {
-                       int update = be->be_update_ndn != NULL;
+                       int update = be->be_update_ndn.bv_len;
                        const char *text;
                        char textbuf[SLAP_TEXT_BUFLEN];
                        size_t textlen = sizeof textbuf;

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index 4bd0c6d170156a6d02f4a23421d060ef1b4ecfd0..b4b8e04c205f1076d2d7f80b8291a1e1fe757952 100644 (file)
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -376,21 +376,21 @@ do_modrdn(
         */
        if ( be->be_modrdn ) {
                /* do the update here */
-               int repl_user = be_isupdate( be, op->o_ndn.bv_val );
+               int repl_user = be_isupdate( be, &op->o_ndn );
 #ifndef SLAPD_MULTIMASTER
-               if ( be->be_update_ndn == NULL || repl_user )
+               if ( !be->be_update_ndn.bv_len || repl_user )
 #endif
                {
                        if ( (*be->be_modrdn)( be, conn, op, pdn->bv_val, ndn->bv_val,
                                pnewrdn->bv_val, deloldrdn, pnewSuperior ? pnewSuperior->bv_val : NULL ) == 0
 #ifdef SLAPD_MULTIMASTER
-                               && ( be->be_update_ndn == NULL || !repl_user )
+                               && ( !be->be_update_ndn.bv_len || !repl_user )
 #endif
                        ) {
-                               struct replog_moddn moddn;
-                               moddn.newrdn = pnewrdn->bv_val;
+                               struct slap_replog_moddn moddn;
+                               moddn.newrdn = pnewrdn;
                                moddn.deloldrdn = deloldrdn;
-                               moddn.newsup = pnewSuperior ? pnewSuperior->bv_val : NULL;
+                               moddn.newsup = pnewSuperior;
 
                                replog( be, op, pdn->bv_val, ndn->bv_val, &moddn );
                        }

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 195183dfff341bdec062df740aad62e233aa6406..143cd2f31e194d30fe8eff645a356d97fcde1e26 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -43,7 +43,7 @@ int passwd_extop(
                        *text = "authorization database is read only";
                        rc = LDAP_UNWILLING_TO_PERFORM;
 
-               } else if( conn->c_authz_backend->be_update_ndn != NULL ) {
+               } else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
                        /* we SHOULD return a referral in this case */
                        *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
                                NULL, NULL, LDAP_SCOPE_DEFAULT );

diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index f6f019ffef8e40f38662bf5994da6ec2dcb1394d..fb0bd6896c7d7e6cdca3abebbcad2d2e28929163 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -161,7 +161,7 @@ LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be, const char *suffix ));
 LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be, const char *ndn ));
 LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be,
        Connection *conn, const char *ndn, struct berval *cred ));
-LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, const char *ndn ));
+LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn ));
 LDAP_SLAPD_F (char *) be_root_dn LDAP_P(( Backend *be ));
 LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P((
        BackendDB *be, Connection *c, Operation *o, Entry *e, int rw ));

diff --git a/servers/slapd/repl.c b/servers/slapd/repl.c
index b6e35f1b8429ca8e1bbe97dc51006c8192ec591a..055972730f156ba0e6b7e79d881e51c54c5ff696 100644 (file)
--- a/servers/slapd/repl.c
+++ b/servers/slapd/repl.c
@@ -81,7 +81,7 @@ replog(
 {
        Modifications   *ml;
        Entry   *e;
-       struct replog_moddn *moddn;
+       struct slap_replog_moddn *moddn;
        char *tmp;
        FILE    *fp, *lfp;
        int     len, i;
@@ -213,7 +213,7 @@ replog(
                fprintf( fp, "newrdn: %s\n", moddn->newrdn );
                fprintf( fp, "deleteoldrdn: %d\n", moddn->deloldrdn ? 1 : 0 );
                if( moddn->newsup != NULL ) {
-                       fprintf( fp, "newsuperior: %s\n", moddn->newsup );
+                       fprintf( fp, "newsuperior: %s\n", moddn->newsup->bv_val );
                }
        }
        fprintf( fp, "\n" );

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index aad4c61918ec46391662612163955be681bce9c6..2c61ffa273059040a5397259133a8629ed59e7db 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -834,10 +834,10 @@ typedef struct slap_acl {
 /*
  * replog moddn param structure
  */
-struct replog_moddn {
-       char *newrdn;
+struct slap_replog_moddn {
+       struct berval *newrdn;
        int     deloldrdn;
-       char *newsup;
+       struct berval *newsup;
 };
 
 /*
@@ -982,11 +982,11 @@ struct slap_backend_db {
 
        /* these should be renamed from be_ to bd_ */
        char    **be_suffix;    /* the DN suffixes of data in this backend */
-       struct berval   **be_nsuffix;   /* the normalized DN suffixes in this backend */
-       struct berval   **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
-       char    *be_root_dn;    /* the magic "root" dn for this db      */
-       char    *be_root_ndn;   /* the magic "root" normalized dn for this db   */
-       struct berval be_root_pw;       /* the magic "root" password for this db        */
+       struct berval **be_nsuffix;     /* the normalized DN suffixes in this backend */
+       struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+       struct berval be_rootdn;        /* the magic "root" name (DN) for this db */
+       struct berval be_rootndn;       /* the magic "root" normalized name (DN) for this db */
+       struct berval be_rootpw;        /* the magic "root" password for this db        */
        unsigned int be_max_deref_depth;       /* limit for depth of an alias deref  */
 #define be_sizelimit   be_def_limit.lms_s_soft
 #define be_timelimit   be_def_limit.lms_t_soft
@@ -996,7 +996,7 @@ struct slap_backend_db {
        slap_access_t   be_dfltaccess;  /* access given if no acl matches          */
        struct slap_replica_info **be_replica;  /* replicas of this backend (in master) */
        char    *be_replogfile; /* replication log file (in master)        */
-       char    *be_update_ndn; /* allowed to make changes (in replicas) */
+       struct berval be_update_ndn;    /* allowed to make changes (in replicas) */
        struct berval **be_update_refs; /* where to refer modifying clients to */
        int     be_lastmod;     /* keep track of lastmodified{by,time}     */