may be used to require no conditions (useful for clearly globally
set conditions within a particular database).
.TP
+.B rootDSEfile <file>
+Specify the name of an LDIF(5) file containing user defined attributes
+for the root DSE. These attributes are returned in addition to the
+attributes normally produced by slapd.
+.TP
.B sasl-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
replogfile = ch_strdup( cargv[1] );
}
+ /* file from which to read additional rootdse attrs */
+ } else if ( strcasecmp( cargv[0], "rootdse" ) == 0) {
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "missing filename in \"rootDSEfile <filename>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing filename in \"rootDSEfile <filename>\" line.\n",
+ fname, lineno, 0 );
+#endif
+ return 1;
+ }
+
+ if( read_root_dse_file( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "could not read \"rootDSEfile <filename>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "could not read \"rootDSEfile <filename>\" line\n",
+ fname, lineno, 0 );
+#endif
+ return 1;
+ }
+
/* maintain lastmodified{by,time} attributes */
} else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
if ( cargc < 2 ) {
Entry **e,
const char **text ));
+LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
+ const char *file));
+
LDAP_SLAPD_F (int) do_abandon LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_add LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_bind LDAP_P((Connection *conn, Operation *op));
NULL
};
+static Entry *usr_attr = NULL;
int
root_dse_info(
AttributeDescription *ad_supportedFeatures = slap_schema.si_ad_supportedFeatures;
AttributeDescription *ad_ref = slap_schema.si_ad_ref;
+ Attribute *a;
+
vals[0] = &val;
vals[1] = NULL;
attr_merge( e, ad_ref, default_referral );
}
+ if( usr_attr != NULL) {
+ for(a = usr_attr->e_attrs; a != NULL; a = a->a_next) {
+ attr_merge( e, a->a_desc, a->a_vals );
+ }
+ }
+
*entry = e;
return LDAP_SUCCESS;
}
+/*
+ * Read the entries specified in fname and merge the attributes
+ * to the user defined rootDSE. Note thaat if we find any errors
+ * what so ever, we will discard the entire entries, print an
+ * error message and return.
+ */
+int read_root_dse_file( const char *fname )
+{
+ FILE *fp;
+ char *line, *savefname, *saveline;
+ int rc = 0, lineno = 0, lmax = 0;
+ char *buf = NULL;
+
+ Attribute *a;
+
+ if ( (fp = fopen( fname, "r" )) == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "could not open rootdse attr file \"%s\" - absolute path?\n",
+ fname, 0, 0 );
+ perror( fname );
+ return EXIT_FAILURE;
+ }
+
+ usr_attr = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ usr_attr->e_attrs = NULL;
+
+ while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ ID id;
+ Entry *e = str2entry( buf );
+
+ if( e == NULL ) {
+ fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
+ lineno );
+ entry_free( e );
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ return EXIT_FAILURE;
+ }
+
+ if( dn_normalize( e->e_ndn ) == NULL ) {
+ fprintf( stderr, "root_dse: invalid dn=\"%s\" (line=%d)\n",
+ e->e_dn, lineno );
+ entry_free( e );
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ return EXIT_FAILURE;
+ }
+
+ /* make sure the DN is a valid rootdse(rootdse is a null string) */
+ if( strcmp(e->e_ndn, "") != 0 ) {
+ fprintf( stderr,
+ "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
+ e->e_dn, lineno );
+ entry_free( e );
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ return EXIT_FAILURE;
+ }
+
+ /*
+ * we found a valid entry, so walk thru all the attributes in the
+ * entry, and add each attribute type and description to the
+ * usr_attr entry
+ */
+
+ for(a = e->e_attrs; a != NULL; a = a->a_next) {
+ attr_merge( usr_attr, a->a_desc, a->a_vals );
+ }
+
+ entry_free( e );
+ }
+
+ ch_free( buf );
+
+ Debug(LDAP_DEBUG_CONFIG,"rootDSE file %s read.\n", fname, 0, 0);
+ return rc;
+}
File Description
---- -----------
-corba.schema Corba Object (RFC 2714) schema
+corba.schema Corba Object (RFC 2714)
core.schema OpenLDAP "core"
-cosine.schema COSINE Pilot schema
-inetorgperson.schema InetOrgPerson schema
-java.schema Java Object (RFC 2713) schema
-krb5-kdc.schema Kerberos V KDC schema
-microsoft.ext.schema Microsoft schema
-microsoft.schema Microsoft schema
-microsoft.std.schema Microsoft schema
-misc.schema misc. experimental schema
-nadf.schema North America Directory Forum schema
-nis.schema Network Information Service schema
-openldap.schema OpenLDAP Project schema
+cosine.schema COSINE Pilot
+inetorgperson.schema InetOrgPerson
+java.schema Java Object (RFC 2713)
+krb5-kdc.schema Kerberos V KDC
+microsoft.ext.schema Microsoft
+microsoft.schema Microsoft
+microsoft.std.schema Microsoft
+misc.schema misc/experimental
+nadf.schema North America Directory Forum
+nis.schema Network Information Service
+openldap.schema OpenLDAP Project
+vendor.schema Vendor Information (RFC 3045) schema
Additional schema definitions can be submitted using the OpenLDAP
Issue Tracking System <http://www.openldap.org/its/>. Such
--- /dev/null
+#
+# RFC 3045: Storing Vendor Information in the LDAP root DSE
+#
+
+# 2.1 vendorName
+#
+# This attribute contains a single string, which represents the name of
+# the LDAP server implementer.
+#
+# All LDAP server implementations SHOULD maintain a vendorName, which
+# is generally the name of the company that wrote the LDAP Server code
+# like "Novell, Inc."
+
+attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
+ EQUALITY 1.3.6.1.4.1.1466.109.114.1
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
+
+# 2.2 vendorVersion
+#
+# This attribute contains a string which represents the version of the
+# LDAP server implementation.
+#
+# All LDAP server implementations SHOULD maintain a vendorVersion.
+# Note that this value is typically a release value--comprised of a
+# string and/or a string of numbers--used by the developer of the LDAP
+# server product (as opposed to the supportedLDAPVersion, which
+# specifies the version of the LDAP protocol supported by this server).
+# This is single-valued so that it will only have one version value.
+# This string MUST be unique between two versions, but there are no
+# other syntactic restrictions on the value or the way it is formatted.
+
+attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
+ EQUALITY 1.3.6.1.4.1.1466.109.114.1
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE NO-USER-MODIFICATION
+ USAGE dSAOperation )
+
+# The intent behind the equality match on vendorVersion is to not allow
+# a less than or greater than type of query. Say release "LDAPv3 8.0"
+# has a problem that is fixed in the next release "LDAPv3 8.5", but in
+# the mean time there is also an update release say version "LDAPv3
+# 8.01" that fixes the problem. This will hopefully stop the client
+# from saying it will not work with a version less than "LDAPv3 8.5"
+# when it would also work with "LDAPv3 8.01". With the equality match
+# the client would have to exactly match what it is looking for.
return LDAP_SUCCESS;
}
-
/*
* All operational attributions are allowed by schema rules.
*/
return 0;
}
+int read_root_dse_file ( const char *file )
+{
+ return 0;
+}
include ./schema/nadf.schema
include ./schema/nis.schema
include ./schema/openldap.schema
+include ./schema/vendor.schema
#
schemacheck on
pidfile ./test-db/slapd.pid
projects / openldap / commitdiff