From: Kurt Zeilenga Date: Fri, 3 Jun 2005 21:54:13 +0000 (+0000) Subject: Merge in recent changes to HEAD X-Git-Tag: OPENLDAP_REL_ENG_2_3_4~17 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=2e53c5ab6b8e090ce32c22daef970b0d3b66d9d7;p=openldap Merge in recent changes to HEAD --- diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 62f7dad9fb..01688dcb8d 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -539,6 +539,7 @@ parse_acl( { free( a->acl_dn_pat.bv_val ); BER_BVZERO( &a->acl_dn_pat ); + a->acl_dn_style = ACL_STYLE_REGEX; } if ( !BER_BVISEMPTY( &a->acl_dn_pat ) || diff --git a/servers/slapd/add.c b/servers/slapd/add.c index ada140c384..39480b5c93 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -214,6 +214,8 @@ fe_op_add( Operation *op, SlapReply *rs ) Modifications **modtail = &modlist; int rc = 0; BackendDB *op_be; + char textbuf[ SLAP_TEXT_BUFLEN ]; + size_t textlen = sizeof( textbuf ); manageDSAit = get_manageDSAit( op ); @@ -262,6 +264,14 @@ fe_op_add( Operation *op, SlapReply *rs ) goto done; } + rs->sr_err = slap_mods_obsolete_check( op, modlist, + &rs->sr_text, textbuf, textlen ); + + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + goto done; + } + #ifdef LDAP_SLAPI if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit ); #endif /* LDAP_SLAPI */ @@ -280,16 +290,13 @@ fe_op_add( Operation *op, SlapReply *rs ) #endif { int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn ); - char textbuf[ SLAP_TEXT_BUFLEN ]; - size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; op->o_bd = op_be; if ( !update ) { - rs->sr_err = slap_mods_no_update_check( modlist, - &rs->sr_text, - textbuf, textlen ); + rs->sr_err = slap_mods_no_user_mod_check( op, modlist, + &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c index cdfb3a2fe5..63973e03cf 100644 --- a/servers/slapd/attr.c +++ b/servers/slapd/attr.c @@ -46,6 +46,10 @@ attr_free( Attribute *a ) if ( a->a_nvals && a->a_nvals != a->a_vals ) { ber_bvarray_free( a->a_nvals ); } + /* a_vals may be equal to slap_dummy_bv, a static empty berval; + * this is used as a placeholder for attributes that do not carry + * values, e.g. when proxying search entries with the "attrsonly" + * bit set. */ if ( a->a_vals != &slap_dummy_bv ) { ber_bvarray_free( a->a_vals ); } diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 7db122d5bf..4ef340e92b 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -52,8 +52,8 @@ bdb_add(Operation *op, SlapReply *rs ) ctrls[num_ctrls] = 0; /* check entry's schema */ - rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, - NULL, &rs->sr_text, textbuf, textlen ); + rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, + get_manageDIT(op), &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": entry failed schema check: " @@ -191,8 +191,8 @@ retry: /* transaction retry */ } Debug( LDAP_DEBUG_TRACE, - LDAP_XSTRING(bdb_add) ": no write access " - "to parent\n", 0, 0, 0 ); + LDAP_XSTRING(bdb_add) ": no write access to parent\n", + 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results;; diff --git a/servers/slapd/back-bdb/modify.c b/servers/slapd/back-bdb/modify.c index 1f8af04ce4..7e85e8b322 100644 --- a/servers/slapd/back-bdb/modify.c +++ b/servers/slapd/back-bdb/modify.c @@ -196,7 +196,8 @@ int bdb_modify_internal( } /* check that the entry still obeys the schema */ - rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen ); + rc = entry_schema_check( op->o_bd, e, save_attrs, get_manageDIT(op), + text, textbuf, textlen ); if ( rc != LDAP_SUCCESS || op->o_noop ) { attrs_free( e->e_attrs ); /* clear the indexing flags */ diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index beb560c3e6..79b5d8e8e5 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -45,7 +45,7 @@ struct ldapconn { * identity assertion modes */ enum { - LDAP_BACK_IDASSERT_LEGACY, + LDAP_BACK_IDASSERT_LEGACY = 1, LDAP_BACK_IDASSERT_NOASSERT, LDAP_BACK_IDASSERT_ANONYMOUS, LDAP_BACK_IDASSERT_SELF, @@ -57,26 +57,28 @@ struct ldapinfo { char *url; LDAPURLDesc *lud; - slap_bindconf acl_la; -#define acl_authcID acl_la.sb_authcId -#define acl_authcDN acl_la.sb_binddn -#define acl_passwd acl_la.sb_cred -#define acl_authzID acl_la.sb_authzId -#define acl_authmethod acl_la.sb_method -#define acl_sasl_mech acl_la.sb_saslmech -#define acl_sasl_realm acl_la.sb_realm + slap_bindconf acl_sb; +#define acl_authcID acl_sb.sb_authcId +#define acl_authcDN acl_sb.sb_binddn +#define acl_passwd acl_sb.sb_cred +#define acl_authzID acl_sb.sb_authzId +#define acl_authmethod acl_sb.sb_method +#define acl_sasl_mech acl_sb.sb_saslmech +#define acl_sasl_realm acl_sb.sb_realm +#define acl_secprops acl_sb.sb_secprops /* ID assert stuff */ int idassert_mode; - slap_bindconf idassert_la; -#define idassert_authcID idassert_la.sb_authcId -#define idassert_authcDN idassert_la.sb_binddn -#define idassert_passwd idassert_la.sb_cred -#define idassert_authzID idassert_la.sb_authzId -#define idassert_authmethod idassert_la.sb_method -#define idassert_sasl_mech idassert_la.sb_saslmech -#define idassert_sasl_realm idassert_la.sb_realm + slap_bindconf idassert_sb; +#define idassert_authcID idassert_sb.sb_authcId +#define idassert_authcDN idassert_sb.sb_binddn +#define idassert_passwd idassert_sb.sb_cred +#define idassert_authzID idassert_sb.sb_authzId +#define idassert_authmethod idassert_sb.sb_method +#define idassert_sasl_mech idassert_sb.sb_saslmech +#define idassert_sasl_realm idassert_sb.sb_realm +#define idassert_secprops idassert_sb.sb_secprops unsigned idassert_flags; #define LDAP_BACK_AUTH_NONE 0x00U @@ -93,11 +95,15 @@ struct ldapinfo { #define LDAP_BACK_F_USE_TLS 0x02U #define LDAP_BACK_F_PROPAGATE_TLS 0x04U #define LDAP_BACK_F_TLS_CRITICAL 0x08U -#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) +#define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) +#define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) +#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK) #define LDAP_BACK_F_CHASE_REFERRALS 0x10U +#define LDAP_BACK_F_PROXY_WHOAMI 0x20U #define LDAP_BACK_F_SUPPORT_T_F 0x80U #define LDAP_BACK_F_SUPPORT_T_F_DISCOVER 0x40U +#define LDAP_BACK_F_SUPPORT_T_F_MASK (LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER) #define LDAP_BACK_SAVECRED(li) ( (li)->flags & LDAP_BACK_F_SAVECRED ) #define LDAP_BACK_USE_TLS(li) ( (li)->flags & LDAP_BACK_F_USE_TLS ) diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index e53e7b5b3f..ce991e476c 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -510,14 +510,15 @@ ldap_back_dobind_int( if ( lc->lc_ispriv && li->acl_authmethod == LDAP_AUTH_SASL ) { void *defaults = NULL; -#if 0 /* will deal with this later... */ - if ( sasl_secprops != NULL ) { - rs->sr_err = ldap_set_option( lc->lc_ld, LDAP_OPT_X_SASL_SECPROPS, - (void *) sasl_secprops ); - - if ( rs->sr_err != LDAP_OPT_SUCCESS ) { - send_ldap_result( op, rs ); - lc->lc_bound = 0; +#if 1 /* will deal with this later... */ + if ( li->acl_secprops != NULL ) { + rc = ldap_set_option( lc->lc_ld, + LDAP_OPT_X_SASL_SECPROPS, li->acl_secprops); + + if( rc != LDAP_OPT_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option " + "(%s,SECPROPS,\"%s\") failed!\n", + li->url, li->acl_secprops, 0 ); goto done; } } diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c index 573ab84ebe..05593fa5cb 100644 --- a/servers/slapd/back-ldap/chain.c +++ b/servers/slapd/back-ldap/chain.c @@ -29,6 +29,8 @@ #include "slap.h" #include "back-ldap.h" +#include "config.h" + #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR #define SLAP_CHAINING_DEFAULT LDAP_CHAINING_PREFERRED #define SLAP_CH_RESOLVE_SHIFT SLAP_CONTROL_SHIFT @@ -673,20 +675,277 @@ str2chain( const char *s ) } #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ +enum { + PC_CHAINING = 1 +}; + +static ConfigDriver chain_cf_gen; +static ConfigLDAPadd chain_ldadd; +static ConfigCfAdd chain_cfadd; + +static ConfigTable chaincfg[] = { +#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + { "chain-chaining", "args", + 2, 4, 0, ARG_MAGIC|ARG_BERVAL|PC_CHAINING, chain_cf_gen, + "( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' " + "DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, +#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + { NULL, NULL, 0, 0, 0, ARG_IGNORED } +}; + +static ConfigOCs chainocs[] = { + { "( OLcfgOvOc:3.1 " + "NAME 'olcChainConfig' " + "DESC 'Chain configuration' " + "SUP olcOverlayConfig " + "MAY olcChainingBehavior )", Cft_Overlay, chaincfg, NULL, chain_cfadd }, + { "( OLcfgOvOc:3.2 " + "NAME 'olcChainDatabase' " + "DESC 'Chain remote server configuration' " + "AUXILIARY )", Cft_Misc, chaincfg, chain_ldadd }, + { NULL, 0, NULL } +}; + +static int +chain_ldadd( CfEntryInfo *p, Entry *e, ConfigArgs *ca ) +{ + if ( p->ce_type != Cft_Overlay || !p->ce_bi || + p->ce_bi->bi_cf_ocs != chainocs ) + return LDAP_CONSTRAINT_VIOLATION; + + return LDAP_SUCCESS; +} + +static int +chain_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca ) +{ + CfEntryInfo *pe = p->e_private; + slap_overinst *on = (slap_overinst *)pe->ce_bi; + ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private; + void *priv = (void *)ca->be->be_private; + struct berval bv; + + /* FIXME: should not hardcode "olcDatabase" here */ + bv.bv_len = sprintf( ca->msg, "olcDatabase=%s", lback->bi_type ); + bv.bv_val = ca->msg; + + /* We can only create this entry if the database is table-driven */ + if ( lback->bi_cf_ocs ) { + ca->be->be_private = (void *)lc->lc_li; + config_build_entry( op, rs, pe, ca, &bv, lback->bi_cf_ocs, &chainocs[1] ); + ca->be->be_private = priv; + } + + return 0; +} + +#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR +static slap_verbmasks chaining_mode[] = { + { BER_BVC("referralsRequired"), LDAP_REFERRALS_REQUIRED }, + { BER_BVC("referralsPreferred"), LDAP_REFERRALS_PREFERRED }, + { BER_BVC("chainingRequired"), LDAP_CHAINING_REQUIRED }, + { BER_BVC("chainingPreferred"), LDAP_CHAINING_PREFERRED }, + { BER_BVNULL, 0 } +}; +#endif + +static int +chain_cf_gen( ConfigArgs *c ) +{ + slap_overinst *on = (slap_overinst *)c->bi; + ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private; + + int rc = 0; + + if ( c->op == SLAP_CONFIG_EMIT ) { + switch( c->type ) { +#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + case PC_CHAINING: { + struct berval resolve = BER_BVNULL, + continuation = BER_BVNULL; + + if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) { + return 1; + } + + enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_RESOLVE_MASK ) >> SLAP_CH_RESOLVE_SHIFT ), &resolve ); + enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_CONTINUATION_MASK ) >> SLAP_CH_CONTINUATION_SHIFT ), &continuation ); + + c->value_bv.bv_len = STRLENOF( "resolve=" ) + resolve.bv_len + + STRLENOF( " " ) + + STRLENOF( "continuation=" ) + continuation.bv_len; + c->value_bv.bv_val = ch_malloc( c->value_bv.bv_len + 1 ); + snprintf( c->value_bv.bv_val, c->value_bv.bv_len + 1, + "resolve=%s continuation=%s", + resolve.bv_val, continuation.bv_val ); + + if ( lc->lc_chaining_ctrl.ldctl_iscritical ) { + c->value_bv.bv_val = ch_realloc( c->value_bv.bv_val, + c->value_bv.bv_len + STRLENOF( " critical" ) + 1 ); + AC_MEMCPY( &c->value_bv.bv_val[ c->value_bv.bv_len ], + " critical", STRLENOF( " critical" ) + 1 ); + c->value_bv.bv_len += STRLENOF( " critical" ); + } + + break; + } +#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + + default: + assert( 0 ); + rc = 1; + } + return rc; + + } else if ( c->op == LDAP_MOD_DELETE ) { + return 1; /* FIXME */ +#if 0 + switch( c->type ) { + case PC_ATTR: + case PC_TEMP: + } + return rc; +#endif + } + + switch( c->type ) { +#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR + case PC_CHAINING: { + char **argv = c->argv; + int argc = c->argc; + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + int resolve = -1, + continuation = -1, + iscritical = 0; + Operation op = { 0 }; + SlapReply rs = { 0 }; + + lc->lc_chaining_ctrlflag = 0; + + for ( argc--, argv++; argc > 0; argc--, argv++ ) { + if ( strncasecmp( argv[ 0 ], "resolve=", STRLENOF( "resolve=" ) ) == 0 ) { + resolve = str2chain( argv[ 0 ] + STRLENOF( "resolve=" ) ); + if ( resolve == -1 ) { + fprintf( stderr, "%s line %d: " + "illegal value %s " + "in \"chain-chaining>\"\n", + c->fname, c->lineno, argv[ 0 ] ); + return 1; + } + + } else if ( strncasecmp( argv[ 0 ], "continuation=", STRLENOF( "continuation=" ) ) == 0 ) { + continuation = str2chain( argv[ 0 ] + STRLENOF( "continuation=" ) ); + if ( continuation == -1 ) { + fprintf( stderr, "%s line %d: " + "illegal value %s " + "in \"chain-chaining\"\n", + c->fname, c->lineno, argv[ 0 ] ); + return 1; + } + + } else if ( strcasecmp( argv[ 0 ], "critical" ) == 0 ) { + iscritical = 1; + + } else { + fprintf( stderr, "%s line %d: " + "unknown option in \"chain-chaining\"\n", + c->fname, c->lineno ); + return 1; + } + } + + if ( resolve != -1 || continuation != -1 ) { + int err; + + if ( resolve == -1 ) { + /* default */ + resolve = SLAP_CHAINING_DEFAULT; + } + + ber_init2( ber, NULL, LBER_USE_DER ); + + err = ber_printf( ber, "{e" /* } */, resolve ); + if ( err == -1 ) { + ber_free( ber, 1 ); + fprintf( stderr, "%s line %d: " + "chaining behavior control encoding error!\n", + c->fname, c->lineno ); + return 1; + } + + if ( continuation > -1 ) { + err = ber_printf( ber, "e", continuation ); + if ( err == -1 ) { + ber_free( ber, 1 ); + fprintf( stderr, "%s line %d: " + "chaining behavior control encoding error!\n", + c->fname, c->lineno ); + return 1; + } + } + + err = ber_printf( ber, /* { */ "N}" ); + if ( err == -1 ) { + ber_free( ber, 1 ); + fprintf( stderr, "%s line %d: " + "chaining behavior control encoding error!\n", + c->fname, c->lineno ); + return 1; + } + + if ( ber_flatten2( ber, &lc->lc_chaining_ctrl.ldctl_value, 0 ) == -1 ) { + exit( EXIT_FAILURE ); + } + + } else { + BER_BVZERO( &lc->lc_chaining_ctrl.ldctl_value ); + } + + lc->lc_chaining_ctrl.ldctl_oid = LDAP_CONTROL_X_CHAINING_BEHAVIOR; + lc->lc_chaining_ctrl.ldctl_iscritical = iscritical; + + if ( ldap_chain_parse_ctrl( &op, &rs, &lc->lc_chaining_ctrl ) != LDAP_SUCCESS ) + { + fprintf( stderr, "%s line %d: " + "unable to parse chaining control%s%s\n", + c->fname, c->lineno, + rs.sr_text ? ": " : "", + rs.sr_text ? rs.sr_text : "" ); + return 1; + } + + lc->lc_chaining_ctrlflag = op.o_chaining; + + lc->lc_flags |= LDAP_CHAIN_F_CHAINING; + + rc = 0; + + break; + } +#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + + default: + assert( 0 ); + return 1; + } + return rc; +} + static int ldap_chain_db_config( BackendDB *be, const char *fname, int lineno, int argc, - char **argv -) + char **argv ) { slap_overinst *on = (slap_overinst *) be->bd_info; ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private; - void *private = be->be_private; char *argv0 = NULL; int rc; + BackendDB db = *be; if ( strncasecmp( argv[ 0 ], "chain-", STRLENOF( "chain-" ) ) == 0 ) { argv0 = argv[ 0 ]; @@ -807,10 +1066,9 @@ ldap_chain_db_config( #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ } - - be->be_private = lc->lc_li; - rc = lback->bi_db_config( be, fname, lineno, argc, argv ); - be->be_private = private; + db.be_cf_ocs = lback->bi_cf_ocs; + db.be_private = lc->lc_li; + rc = lback->bi_db_config( &db, fname, lineno, argc, argv ); done:; if ( argv0 ) { @@ -822,8 +1080,7 @@ done:; static int ldap_chain_db_init( - BackendDB *be -) + BackendDB *be ) { slap_overinst *on = (slap_overinst *)be->bd_info; ldap_chain_t *lc = NULL; @@ -1033,9 +1290,9 @@ static slap_overinst ldapchain; int chain_init( void ) { -#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR int rc; +#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR, /* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL, ldap_chain_parse_ctrl, &sc_chainingBehavior ); @@ -1066,6 +1323,13 @@ chain_init( void ) ldapchain.on_response = ldap_chain_response; + ldapchain.on_bi.bi_cf_ocs = chainocs; + + rc = config_register_schema( chaincfg, chainocs ); + if ( rc ) { + return rc; + } + return overlay_register( &ldapchain ); } diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index e570e3b0e4..d01b8a825e 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -26,17 +26,1098 @@ #include #include +#include #include #include "slap.h" +#include "config.h" #include "back-ldap.h" #include "lutil.h" +#include "ldif.h" #undef ldap_debug /* for advanced URL parsing */ #include "../../../libraries/libldap/ldap-int.h" static SLAP_EXTOP_MAIN_FN ldap_back_exop_whoami; +static ConfigDriver ldap_back_cf_gen; + +enum { + LDAP_BACK_CFG_URI = 1, + LDAP_BACK_CFG_TLS, + LDAP_BACK_CFG_ACL_AUTHCDN, + LDAP_BACK_CFG_ACL_PASSWD, + LDAP_BACK_CFG_ACL_METHOD, + LDAP_BACK_CFG_ACL_BIND, + LDAP_BACK_CFG_IDASSERT_MODE, + LDAP_BACK_CFG_IDASSERT_AUTHCDN, + LDAP_BACK_CFG_IDASSERT_PASSWD, + LDAP_BACK_CFG_IDASSERT_AUTHZFROM, + LDAP_BACK_CFG_IDASSERT_METHOD, + LDAP_BACK_CFG_IDASSERT_BIND, + LDAP_BACK_CFG_REBIND, + LDAP_BACK_CFG_CHASE, + LDAP_BACK_CFG_T_F, + LDAP_BACK_CFG_WHOAMI, + LDAP_BACK_CFG_REWRITE +}; + +static ConfigTable ldapcfg[] = { + { "uri", "uri", 2, 2, 0, + ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_URI, + ldap_back_cf_gen, "( OLcfgDbAt:0.14 " + "NAME 'olcDbURI' " + "DESC 'URI (list) for remote DSA' " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + { "tls", "what", 2, 2, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_TLS, + ldap_back_cf_gen, "( OLcfgDbAt:3.1 " + "NAME 'olcDbStartTLS' " + "DESC 'StartTLS' " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + { "acl-authcDN", "DN", 2, 2, 0, + ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN, + ldap_back_cf_gen, "( OLcfgDbAt:3.2 " + "NAME 'olcDbACLAuthcDn' " + "DESC 'Remote ACL administrative identity' " + "OBSOLETE " + "SYNTAX OMsDN " + "SINGLE-VALUE )", + NULL, NULL }, + /* deprecated; aliases "acl-authcDN" */ + { "binddn", "DN", 2, 2, 0, + ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "acl-passwd", "cred", 2, 2, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD, + ldap_back_cf_gen, "( OLcfgDbAt:3.3 " + "NAME 'olcDbACLPasswd' " + "DESC 'Remote ACL administrative identity credentials' " + "OBSOLETE " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + /* deprecated; aliases "acl-passwd" */ + { "bindpw", "cred", 2, 2, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "acl-bind", "args", 2, 0, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_ACL_BIND, + ldap_back_cf_gen, "( OLcfgDbAt:3.4 " + "NAME 'olcDbACLBind' " + "DESC 'Remote ACL administrative identity auth bind configuration' " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + /* deprecated; aliases "acl-bind" */ + { "acl-method", "args", 2, 0, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_ACL_BIND, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "idassert-authcDN", "DN", 2, 2, 0, + ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN, + ldap_back_cf_gen, "( OLcfgDbAt:3.5 " + "NAME 'olcDbIDAssertAuthcDn' " + "DESC 'Remote Identity Assertion administrative identity' " + "OBSOLETE " + "SYNTAX OMsDN " + "SINGLE-VALUE )", + NULL, NULL }, + /* deprecated; partially aliases "idassert-authcDN" */ + { "proxyauthzdn", "DN", 2, 2, 0, + ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "idassert-passwd", "cred", 2, 2, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD, + ldap_back_cf_gen, "( OLcfgDbAt:3.6 " + "NAME 'olcDbIDAssertPasswd' " + "DESC 'Remote Identity Assertion administrative identity credentials' " + "OBSOLETE " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + /* deprecated; partially aliases "idassert-passwd" */ + { "proxyauthzpw", "cred", 2, 2, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "idassert-bind", "args", 2, 0, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_BIND, + ldap_back_cf_gen, "( OLcfgDbAt:3.7 " + "NAME 'olcDbIDAssertBind' " + "DESC 'Remote Identity Assertion administrative identity auth bind configuration' " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, + { "idassert-method", "args", 2, 0, 0, + ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_BIND, + ldap_back_cf_gen, NULL, NULL, NULL }, + { "idassert-mode", "mode>|u:|[dn:] [*|] *|", 2, 4, STRLENOF( "rewrite" ), + ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE, + ldap_back_cf_gen, NULL, NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED, + NULL, NULL, NULL, NULL } +}; + +static ConfigOCs ldapocs[] = { + { "( OLcfgDbOc:3.1 " + "NAME 'olcLDAPConfig' " + "DESC 'LDAP backend configuration' " + "SUP olcDatabaseConfig " + "MUST olcDbURI " + "MAY ( olcDbStartTLS " + "$ olcDbACLAuthcDn " + "$ olcDbACLPasswd " + "$ olcDbACLBind " + "$ olcDbIDAssertAuthcDn " + "$ olcDbIDAssertPasswd " + "$ olcDbIDAssertBind " + "$ olcDbIDAssertMode " + "$ olcDbIDAssertAuthzFrom " + "$ olcDbRebindAsUser " + "$ olcDbChaseReferrals " + "$ olcDbTFSupport " + "$ olcDbProxyWhoAmI " + ") )", + Cft_Database, ldapcfg}, + { NULL, 0, NULL } +}; + +#define LDAP_BACK_C_NO (0x0U) +#define LDAP_BACK_C_YES (0x1U) +static slap_verbmasks yn_mode[] = { + { BER_BVC( "yes" ), LDAP_BACK_C_YES}, + { BER_BVC( "no" ), LDAP_BACK_C_NO }, + { BER_BVNULL, 0 } +}; + +static slap_verbmasks idassert_mode[] = { + { BER_BVC("self"), LDAP_BACK_IDASSERT_SELF }, + { BER_BVC("anonymous"), LDAP_BACK_IDASSERT_ANONYMOUS }, + { BER_BVC("none"), LDAP_BACK_IDASSERT_NOASSERT }, + { BER_BVC("legacy"), LDAP_BACK_IDASSERT_LEGACY }, + { BER_BVNULL, 0 } +}; + +static slap_verbmasks tls_mode[] = { + { BER_BVC( "propagate" ), LDAP_BACK_F_TLS_PROPAGATE_MASK }, + { BER_BVC( "try-propagate" ), LDAP_BACK_F_PROPAGATE_TLS }, + { BER_BVC( "start" ), LDAP_BACK_F_TLS_USE_MASK }, + { BER_BVC( "try-start" ), LDAP_BACK_F_USE_TLS }, + { BER_BVC( "none" ), LDAP_BACK_C_NO }, + { BER_BVNULL, 0 } +}; + +static slap_verbmasks t_f_mode[] = { + { BER_BVC( "yes" ), LDAP_BACK_F_SUPPORT_T_F }, + { BER_BVC( "discover" ), LDAP_BACK_F_SUPPORT_T_F_DISCOVER }, + { BER_BVC( "no" ), LDAP_BACK_C_NO }, + { BER_BVNULL, 0 } +}; + +static int +ldap_back_cf_gen( ConfigArgs *c ) +{ + struct ldapinfo *li = ( struct ldapinfo * )c->be->be_private; + int rc; + int i; + + if ( c->op == SLAP_CONFIG_EMIT ) { + struct berval bv = BER_BVNULL; + rc = 0; + + switch( c->type ) { + case LDAP_BACK_CFG_URI: + if ( li->url != NULL ) { + c->value_string = ch_strdup( li->url ); + + } else { + rc = 1; + } + break; + + case LDAP_BACK_CFG_TLS: + enum_to_verb( tls_mode, ( li->flags & LDAP_BACK_F_TLS_MASK ), &bv ); + if ( BER_BVISNULL( &bv ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + ber_dupbv( &c->value_bv, &bv ); + } + break; + + case LDAP_BACK_CFG_ACL_AUTHCDN: + case LDAP_BACK_CFG_ACL_PASSWD: + case LDAP_BACK_CFG_ACL_METHOD: + /* handled by LDAP_BACK_CFG_ACL_BIND */ + rc = 1; + break; + + case LDAP_BACK_CFG_ACL_BIND: { + int i; + + bindconf_unparse( &li->acl_sb, &c->value_bv ); + + for ( i = 0; isspace( c->value_bv.bv_val[ i ] ); i++ ) + /* count spaces */ ; + + if ( i ) { + c->value_bv.bv_len -= i; + AC_MEMCPY( c->value_bv.bv_val, &c->value_bv.bv_val[ i ], + c->value_bv.bv_len + 1 ); + } + + break; + } + + case LDAP_BACK_CFG_IDASSERT_MODE: + case LDAP_BACK_CFG_IDASSERT_AUTHCDN: + case LDAP_BACK_CFG_IDASSERT_PASSWD: + case LDAP_BACK_CFG_IDASSERT_METHOD: + /* handled by LDAP_BACK_CFG_IDASSERT_BIND */ + rc = 1; + break; + + case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: { + int i; + + if ( li->idassert_authz == NULL ) { + rc = 1; + break; + } + + for ( i = 0; !BER_BVISNULL( &li->idassert_authz[ i ] ); i++ ) + { + struct berval bv; + + ber_dupbv( &bv, &li->idassert_authz[ i ] ); + ber_bvarray_add( &c->rvalue_vals, &bv ); + } + break; + } + + case LDAP_BACK_CFG_IDASSERT_BIND: { + int i; + struct berval bv = BER_BVNULL, + bc = BER_BVNULL; + char *ptr; + + if ( li->idassert_authmethod != LDAP_AUTH_NONE ) { + switch ( li->idassert_mode ) { + case LDAP_BACK_IDASSERT_OTHERID: + case LDAP_BACK_IDASSERT_OTHERDN: + break; + + default: { + struct berval mode = BER_BVNULL; + + enum_to_verb( idassert_mode, li->idassert_mode, &mode ); + if ( BER_BVISNULL( &mode ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + bv.bv_len = STRLENOF( "mode=" ) + mode.bv_len; + bv.bv_val = ch_malloc( bv.bv_len + 1 ); + + ptr = lutil_strcopy( bv.bv_val, "mode=" ); + ptr = lutil_strcopy( ptr, mode.bv_val ); + } + break; + } + } + + if ( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) { + ber_len_t len = bv.bv_len + STRLENOF( "authz=native" ); + + if ( !BER_BVISEMPTY( &bv ) ) { + len += STRLENOF( " " ); + } + + bv.bv_val = ch_realloc( bv.bv_val, len + 1 ); + + ptr = bv.bv_val + bv.bv_len; + + if ( !BER_BVISEMPTY( &bv ) ) { + ptr = lutil_strcopy( ptr, " " ); + } + + (void)lutil_strcopy( ptr, "authz=native" ); + } + + if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) { + ber_len_t len = bv.bv_len + STRLENOF( "flags=override" ); + + if ( !BER_BVISEMPTY( &bv ) ) { + len += STRLENOF( " " ); + } + + bv.bv_val = ch_realloc( bv.bv_val, len + 1 ); + + ptr = bv.bv_val + bv.bv_len; + + if ( !BER_BVISEMPTY( &bv ) ) { + ptr = lutil_strcopy( ptr, " " ); + } + + (void)lutil_strcopy( ptr, "flags=override" ); + } + } + + + + bindconf_unparse( &li->idassert_sb, &bc ); + + if ( !BER_BVISNULL( &bv ) ) { + char *ptr; + + c->value_bv.bv_len = bv.bv_len + bc.bv_len; + c->value_bv.bv_val = ch_realloc( bv.bv_val, c->value_bv.bv_len + 1 ); + + assert( bc.bv_val[ 0 ] == ' ' ); + + ptr = lutil_strcopy( c->value_bv.bv_val, bv.bv_val ); + (void)lutil_strcopy( ptr, bc.bv_val ); + + free( bc.bv_val ); + + } else { + for ( i = 0; isspace( bc.bv_val[ i ] ); i++ ) + /* count spaces */ ; + + if ( i ) { + bc.bv_len -= i; + AC_MEMCPY( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 ); + } + + c->value_bv = bv; + } + + break; + } + + case LDAP_BACK_CFG_REBIND: + enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_SAVECRED ) == LDAP_BACK_F_SAVECRED ), &bv ); + if ( BER_BVISNULL( &bv ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + ber_dupbv( &c->value_bv, &bv ); + } + break; + + case LDAP_BACK_CFG_CHASE: + enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) == LDAP_BACK_F_CHASE_REFERRALS ), &bv ); + if ( BER_BVISNULL( &bv ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + ber_dupbv( &c->value_bv, &bv ); + } + break; + + case LDAP_BACK_CFG_T_F: + enum_to_verb( t_f_mode, ( ( li->flags & LDAP_BACK_F_SUPPORT_T_F_MASK ) == LDAP_BACK_F_SUPPORT_T_F_MASK ), &bv ); + if ( BER_BVISNULL( &bv ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + ber_dupbv( &c->value_bv, &bv ); + } + break; + + case LDAP_BACK_CFG_WHOAMI: + enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_PROXY_WHOAMI ) == LDAP_BACK_F_PROXY_WHOAMI ), &bv ); + if ( BER_BVISNULL( &bv ) ) { + /* there's something wrong... */ + assert( 0 ); + rc = 1; + + } else { + ber_dupbv( &c->value_bv, &bv ); + } + break; + + default: + /* we need to handle all... */ + assert( 0 ); + break; + } + return rc; + + } else if ( c->op == LDAP_MOD_DELETE ) { + rc = 0; + switch( c->type ) { + case LDAP_BACK_CFG_URI: + if ( li->url != NULL ) { + ch_free( li->url ); + li->url = NULL; + } + + if ( li->lud != NULL ) { + ldap_free_urllist( li->lud ); + li->lud = NULL; + } + + /* better cleanup the cached connections... */ + /* NOTE: don't worry about locking: if we got here, + * other threads are suspended. */ + avl_free( li->conntree, ldap_back_conn_free ); + li->conntree = NULL; + + break; + + case LDAP_BACK_CFG_TLS: + case LDAP_BACK_CFG_ACL_AUTHCDN: + case LDAP_BACK_CFG_ACL_PASSWD: + case LDAP_BACK_CFG_ACL_METHOD: + /* handled by LDAP_BACK_CFG_ACL_BIND */ + rc = 1; + break; + + case LDAP_BACK_CFG_ACL_BIND: + bindconf_free( &li->acl_sb ); + break; + + case LDAP_BACK_CFG_IDASSERT_MODE: + case LDAP_BACK_CFG_IDASSERT_AUTHCDN: + case LDAP_BACK_CFG_IDASSERT_PASSWD: + case LDAP_BACK_CFG_IDASSERT_METHOD: + /* handled by LDAP_BACK_CFG_IDASSERT_BIND */ + rc = 1; + break; + + case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: + if ( li->idassert_authz != NULL ) { + ber_bvarray_free( li->idassert_authz ); + li->idassert_authz = NULL; + } + break; + + case LDAP_BACK_CFG_IDASSERT_BIND: + bindconf_free( &li->idassert_sb ); + break; + + case LDAP_BACK_CFG_REBIND: + case LDAP_BACK_CFG_CHASE: + case LDAP_BACK_CFG_T_F: + case LDAP_BACK_CFG_WHOAMI: + rc = 1; + break; + + default: + /* we need to handle all... */ + assert( 0 ); + break; + } + return rc; + + } + + switch( c->type ) { + case LDAP_BACK_CFG_URI: { + LDAPURLDesc *tmpludp; + char **urllist; + int urlrc, i; + + if ( c->argc != 2 ) { + fprintf( stderr, "%s: line %d: " + "missing uri " + "in \"uri \" line\n", + c->fname, c->lineno ); + return 1; + } + + if ( li->url != NULL ) { + ch_free( li->url ); + } + + if ( li->lud != NULL ) { + ldap_free_urllist( li->lud ); + } + +#if 0 + /* PARANOID: DN and more are not required nor allowed */ + urlrc = ldap_url_parselist_ext( &li->lud, c->value_string, "\t" ); +#else + urlrc = ldap_url_parselist( &li->lud, c->value_string ); +#endif + if ( urlrc != LDAP_URL_SUCCESS ) { + char *why; + + switch ( urlrc ) { + case LDAP_URL_ERR_MEM: + why = "no memory"; + break; + case LDAP_URL_ERR_PARAM: + why = "parameter is bad"; + break; + case LDAP_URL_ERR_BADSCHEME: + why = "URL doesn't begin with \"[c]ldap[si]://\""; + break; + case LDAP_URL_ERR_BADENCLOSURE: + why = "URL is missing trailing \">\""; + break; + case LDAP_URL_ERR_BADURL: + why = "URL is bad"; + case LDAP_URL_ERR_BADHOST: + why = "host/port is bad"; + break; + case LDAP_URL_ERR_BADATTRS: + why = "bad (or missing) attributes"; + break; + case LDAP_URL_ERR_BADSCOPE: + why = "scope string is invalid (or missing)"; + break; + case LDAP_URL_ERR_BADFILTER: + why = "bad or missing filter"; + break; + case LDAP_URL_ERR_BADEXTS: + why = "bad or missing extensions"; + break; + default: + why = "unknown reason"; + break; + } + fprintf( stderr, "%s: line %d: " + "unable to parse uri \"%s\" " + "in \"uri \" line: %s\n", + c->fname, c->lineno, c->value_string, why ); + return 1; + } + + for ( i = 0, tmpludp = li->lud; + tmpludp; + i++, tmpludp = tmpludp->lud_next ) + { + if ( ( tmpludp->lud_dn != NULL + && tmpludp->lud_dn[0] != '\0' ) + || tmpludp->lud_attrs != NULL + /* || tmpludp->lud_scope != LDAP_SCOPE_DEFAULT */ + || tmpludp->lud_filter != NULL + || tmpludp->lud_exts != NULL ) + { + fprintf( stderr, "%s: line %d: " + "warning, only protocol, " + "host and port allowed " + "in \"uri \" statement " + "for uri #%d of \"%s\"\n", + c->fname, c->lineno, i, c->value_string ); + } + } + +#if 0 + for ( i = 0, tmpludp = li->lud; + tmpludp; + i++, tmpludp = tmpludp->lud_next ) + /* just count */ + + urllist = ch_calloc( sizeof( char * ), i + 1 ); + + for ( i = 0, tmpludp = li->lud; + tmpludp; + i++, tmpludp = tmpludp->lud_next ) + { + LDAPURLDesc tmplud; + ber_len_t oldlen = 0, len; + + tmplud = *tmpludp; + tmplud.lud_dn = ""; + tmplud.lud_attrs = NULL; + tmplud.lud_filter = NULL; + if ( !ldap_is_ldapi_url( tmplud.lud_scheme ) ) { + tmplud.lud_exts = NULL; + tmplud.lud_crit_exts = 0; + } + + urllist[ i ] = ldap_url_desc2str( &tmplud ); + + if ( urllist[ i ] == NULL ) { + fprintf( stderr, "%s: line %d: " + "unable to rebuild uri " + "in \"uri \" statement " + "for \"%s\"\n", + c->fname, c->lineno, argv[ 1 ] ); + return 1; + } + } + + li->url = ldap_charray2str( urllist, " " ); + ldap_charray_free( urllist ); +#else + li->url = ch_strdup( c->value_string ); +#endif + break; + } + + case LDAP_BACK_CFG_TLS: + i = verb_to_mask( c->argv[1], tls_mode ); + if ( BER_BVISNULL( &tls_mode[i].word ) ) { + return 1; + } + li->flags &= ~LDAP_BACK_F_TLS_MASK; + li->flags |= tls_mode[i].mask; + break; + + case LDAP_BACK_CFG_ACL_AUTHCDN: + switch ( li->acl_authmethod ) { + case LDAP_AUTH_NONE: + li->acl_authmethod = LDAP_AUTH_SIMPLE; + break; + + case LDAP_AUTH_SIMPLE: + break; + + default: + fprintf( stderr, "%s: line %d: " + "\"acl-authcDN \" incompatible " + "with auth method %d.", + c->fname, c->lineno, li->acl_authmethod ); + return 1; + } + if ( !BER_BVISNULL( &li->acl_authcDN ) ) { + free( li->acl_authcDN.bv_val ); + } + li->acl_authcDN = c->value_ndn; + break; + + case LDAP_BACK_CFG_ACL_PASSWD: + switch ( li->acl_authmethod ) { + case LDAP_AUTH_NONE: + li->acl_authmethod = LDAP_AUTH_SIMPLE; + break; + + case LDAP_AUTH_SIMPLE: + break; + + default: + fprintf( stderr, "%s: line %d: " + "\"acl-passwd \" incompatible " + "with auth method %d.", + c->fname, c->lineno, li->acl_authmethod ); + return 1; + } + if ( !BER_BVISNULL( &li->acl_passwd ) ) { + free( li->acl_passwd.bv_val ); + } + li->acl_passwd = c->value_bv; + break; + + case LDAP_BACK_CFG_ACL_METHOD: + case LDAP_BACK_CFG_ACL_BIND: + for ( i = 1; i < c->argc; i++ ) { + if ( bindconf_parse( c->argv[ i ], &li->acl_sb ) ) { + return 1; + } + } + break; + + case LDAP_BACK_CFG_IDASSERT_MODE: + i = verb_to_mask( c->argv[1], idassert_mode ); + if ( BER_BVISNULL( &idassert_mode[i].word ) ) { + if ( strncasecmp( c->argv[1], "u:", STRLENOF( "u:" ) ) == 0 ) { + li->idassert_mode = LDAP_BACK_IDASSERT_OTHERID; + ber_str2bv( c->argv[1], 0, 1, &li->idassert_authzID ); + li->idassert_authzID.bv_val[ 0 ] = 'u'; + + } else { + struct berval id, ndn; + + ber_str2bv( c->argv[1], 0, 0, &id ); + + if ( strncasecmp( c->argv[1], "dn:", STRLENOF( "dn:" ) ) == 0 ) { + id.bv_val += STRLENOF( "dn:" ); + id.bv_len -= STRLENOF( "dn:" ); + } + + rc = dnNormalize( 0, NULL, NULL, &id, &ndn, NULL ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: idassert ID \"%s\" is not a valid DN\n", + c->fname, c->lineno, c->argv[1] ); + return 1; + } + + li->idassert_authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len; + li->idassert_authzID.bv_val = ch_malloc( li->idassert_authzID.bv_len + 1 ); + AC_MEMCPY( li->idassert_authzID.bv_val, "dn:", STRLENOF( "dn:" ) ); + AC_MEMCPY( &li->idassert_authzID.bv_val[ STRLENOF( "dn:" ) ], ndn.bv_val, ndn.bv_len + 1 ); + ch_free( ndn.bv_val ); + + li->idassert_mode = LDAP_BACK_IDASSERT_OTHERDN; + } + + } else { + li->idassert_mode = idassert_mode[i].mask; + } + + if ( c->argc > 2 ) { + int i; + + for ( i = 2; i < c->argc; i++ ) { + if ( strcasecmp( c->argv[ i ], "override" ) == 0 ) { + li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE; + + } else { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unknown flag #%d " + "in \"idassert-mode " + "[]\" line.\n", + c->fname, c->lineno, i - 2 ); + return 1; + } + } + } + break; + + case LDAP_BACK_CFG_IDASSERT_AUTHCDN: + switch ( li->idassert_authmethod ) { + case LDAP_AUTH_NONE: + li->idassert_authmethod = LDAP_AUTH_SIMPLE; + break; + + case LDAP_AUTH_SIMPLE: + break; + + default: + fprintf( stderr, "%s: line %d: " + "\"idassert-authcDN \" incompatible " + "with auth method %d.", + c->fname, c->lineno, li->idassert_authmethod ); + return 1; + } + if ( !BER_BVISNULL( &li->idassert_authcDN ) ) { + free( li->idassert_authcDN.bv_val ); + } + li->idassert_authcDN = c->value_ndn; + break; + + case LDAP_BACK_CFG_IDASSERT_PASSWD: + switch ( li->idassert_authmethod ) { + case LDAP_AUTH_NONE: + li->idassert_authmethod = LDAP_AUTH_SIMPLE; + break; + + case LDAP_AUTH_SIMPLE: + break; + + default: + fprintf( stderr, "%s: line %d: " + "\"idassert-passwd \" incompatible " + "with auth method %d.", + c->fname, c->lineno, li->idassert_authmethod ); + return 1; + } + if ( !BER_BVISNULL( &li->idassert_passwd ) ) { + free( li->idassert_passwd.bv_val ); + } + li->idassert_passwd = c->value_bv; + break; + + case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: + ber_bvarray_add( &li->idassert_authz, &c->value_bv ); + break; + + case LDAP_BACK_CFG_IDASSERT_METHOD: + /* no longer supported */ + fprintf( stderr, "%s: %d: " + "\"idassert-method \": " + "no longer supported; use \"idassert-bind\".\n", + c->fname, c->lineno ); + return 1; + + case LDAP_BACK_CFG_IDASSERT_BIND: + for ( i = 1; i < c->argc; i++ ) { + if ( strncasecmp( c->argv[ i ], "mode=", STRLENOF( "mode=" ) ) == 0 ) { + char *argvi = c->argv[ i ] + STRLENOF( "mode=" ); + int j; + + j = verb_to_mask( argvi, idassert_mode ); + if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) { + fprintf( stderr, "%s: %d: " + "\"idassert-bind \": " + "unknown mode \"%s\".\n", + c->fname, c->lineno, argvi ); + return 1; + } + + li->idassert_mode = idassert_mode[ j ].mask; + + } else if ( strncasecmp( c->argv[ i ], "authz=", STRLENOF( "authz=" ) ) == 0 ) { + char *argvi = c->argv[ i ] + STRLENOF( "authz=" ); + + if ( strcasecmp( argvi, "native" ) == 0 ) { + if ( li->idassert_authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: %d: " + "\"idassert-bind \": " + "authz=\"native\" incompatible " + "with auth method.\n", + c->fname, c->lineno ); + return 1; + } + li->idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ; + + } else if ( strcasecmp( argvi, "proxyAuthz" ) == 0 ) { + li->idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ; + + } else { + fprintf( stderr, "%s: %d: " + "\"idassert-bind \": " + "unknown authz \"%s\".\n", + c->fname, c->lineno, argvi ); + return 1; + } + + } else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 ) { + char *argvi = c->argv[ i ] + STRLENOF( "flags=" ); + char **flags = ldap_str2charray( argvi, "," ); + int j; + + if ( flags == NULL ) { + fprintf( stderr, "%s: %d: " + "\"idassert-bind \": " + "unable to parse flags \"%s\".\n", + c->fname, c->lineno, argvi ); + return 1; + } + + for ( j = 0; flags[ j ] != NULL; j++ ) { + if ( strcasecmp( flags[ j ], "override" ) == 0 ) { + li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE; + + } else { + fprintf( stderr, "%s: %d: " + "\"idassert-bind \": " + "unknown flag \"%s\".\n", + c->fname, c->lineno, flags[ j ] ); + return 1; + } + } + + ldap_charray_free( flags ); + + } else if ( bindconf_parse( c->argv[ i ], &li->idassert_sb ) ) { + return 1; + } + } + break; + + case LDAP_BACK_CFG_REBIND: { + int dorebind = 0; + + if ( c->argc == 1 ) { + /* legacy */ + dorebind = 1; + + } else { + i = verb_to_mask( c->argv[1], yn_mode ); + if ( BER_BVISNULL( &yn_mode[i].word ) ) { + return 1; + } + if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { + dorebind = 1; + } + } + + if ( dorebind ) { + li->flags |= LDAP_BACK_F_SAVECRED; + + } else { + li->flags &= ~LDAP_BACK_F_SAVECRED; + } + break; + } + + case LDAP_BACK_CFG_CHASE: { + int dochase = 0; + + if ( c->argc == 1 ) { + /* legacy */ + dochase = 1; + + } else { + i = verb_to_mask( c->argv[1], yn_mode ); + if ( BER_BVISNULL( &yn_mode[i].word ) ) { + return 1; + } + if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { + dochase = 1; + } + } + + if ( dochase ) { + li->flags |= LDAP_BACK_F_CHASE_REFERRALS; + + } else { + li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS; + } + break; + } + + case LDAP_BACK_CFG_T_F: + i = verb_to_mask( c->argv[1], t_f_mode ); + if ( BER_BVISNULL( &t_f_mode[i].word ) ) { + return 1; + } + li->flags &= ~LDAP_BACK_F_SUPPORT_T_F_MASK; + li->flags |= t_f_mode[i].mask; + break; + + case LDAP_BACK_CFG_WHOAMI: { + int dowhoami = 0; + + if ( c->argc == 1 ) { + /* legacy */ + dowhoami = 1; + + } else { + i = verb_to_mask( c->argv[1], yn_mode ); + if ( BER_BVISNULL( &yn_mode[i].word ) ) { + return 1; + } + if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { + dowhoami = 1; + } + } + + if ( dowhoami ) { + li->flags |= LDAP_BACK_F_PROXY_WHOAMI; + + load_extop( (struct berval *)&slap_EXOP_WHOAMI, + 0, ldap_back_exop_whoami ); + + } else { + li->flags &= ~LDAP_BACK_F_PROXY_WHOAMI; + } + break; + } + + case LDAP_BACK_CFG_REWRITE: + fprintf( stderr, "%s: line %d: " + "rewrite/remap capabilities have been moved " + "to the \"rwm\" overlay; see slapo-rwm(5) " + "for details (hint: add \"overlay rwm\" " + "and prefix all directives with \"rwm-\").\n", + c->fname, c->lineno ); + return 1; + + default: + assert( 0 ); + } + + return 0; +} + +int +ldap_back_init_cf( BackendInfo *bi ) +{ + int rc; + AttributeDescription *ad = NULL; + const char *text; + + bi->bi_cf_ocs = ldapocs; + + rc = config_register_schema( ldapcfg, ldapocs ); + if ( rc ) { + return rc; + } + + /* setup olcDbAclPasswd and olcDbIDAssertPasswd + * to be base64-encoded when written in LDIF form; + * basically, we don't care if it fails */ + rc = slap_str2ad( "olcDbACLPasswd", &ad, &text ); + if ( rc ) { + Debug( LDAP_DEBUG_ANY, "config_back_initialize: " + "warning, unable to get \"olcDbACLPasswd\" " + "attribute description: %d: %s\n", + rc, text, 0 ); + } else { + (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val, + ad->ad_type->sat_oid ); + } + + ad = NULL; + rc = slap_str2ad( "olcDbIDAssertPasswd", &ad, &text ); + if ( rc ) { + Debug( LDAP_DEBUG_ANY, "config_back_initialize: " + "warning, unable to get \"olcDbIDAssertPasswd\" " + "attribute description: %d: %s\n", + rc, text, 0 ); + } else { + (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val, + ad->ad_type->sat_oid ); + } + + return 0; +} + + static int parse_idassert( BackendDB *be, const char *fname, int lineno, int argc, char **argv ); @@ -61,36 +1142,17 @@ ldap_back_db_config( return 1; } - /* server address to query (depricated, use "uri" directive) */ + /* server address to query (no longer supported, use "uri" directive) */ if ( strcasecmp( argv[0], "server" ) == 0 ) { - ber_len_t l; - fprintf( stderr, - "%s: line %d: \"server
\" directive is deprecated\n", - fname, lineno ); - - if ( argc != 2 ) { - fprintf( stderr, - "%s: line %d: missing address in \"server
\" line\n", + "%s: line %d: \"server
\" directive is no longer supported.\n", fname, lineno ); - return 1; - } - if ( li->url != NULL ) { - ch_free( li->url ); - } - - l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1; - li->url = ch_calloc( l, sizeof( char ) ); - if ( li->url == NULL ) { - fprintf( stderr, "%s: line %d: malloc failed\n" ); - return 1; - } - - snprintf( li->url, l, "ldap://%s/", argv[1] ); + return 1; - /* URI of server to query (preferred over "server" directive) */ + /* URI of server to query (obsoletes "server" directive) */ } else if ( strcasecmp( argv[0], "uri" ) == 0 ) { LDAPURLDesc *tmpludp; + char **urllist; int urlrc, i; if ( argc != 2 ) { @@ -111,7 +1173,7 @@ ldap_back_db_config( /* PARANOID: DN and more are not required nor allowed */ urlrc = ldap_url_parselist_ext( &li->lud, argv[ 1 ], "\t" ); #else - urlrc = ldap_url_parselist( &li->lud, argv[ 1 ] ); + urlrc = ldap_url_parselist( &li->lud, argv[ 1 ] ); #endif if ( urlrc != LDAP_URL_SUCCESS ) { char *why; @@ -164,6 +1226,7 @@ ldap_back_db_config( if ( ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[0] != '\0' ) || tmpludp->lud_attrs != NULL + /* || tmpludp->lud_scope != LDAP_SCOPE_DEFAULT */ || tmpludp->lud_filter != NULL || tmpludp->lud_exts != NULL ) { @@ -177,23 +1240,32 @@ ldap_back_db_config( } #if 0 - for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) { + for ( i = 0, tmpludp = li->lud; + tmpludp; + i++, tmpludp = tmpludp->lud_next ) + /* just count */ + + urllist = ch_calloc( sizeof( char * ), i + 1 ); + + for ( i = 0, tmpludp = li->lud; + tmpludp; + i++, tmpludp = tmpludp->lud_next ) + { LDAPURLDesc tmplud; - char *tmpurl; ber_len_t oldlen = 0, len; tmplud = *tmpludp; tmplud.lud_dn = ""; tmplud.lud_attrs = NULL; tmplud.lud_filter = NULL; - if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) { + if ( !ldap_is_ldapi_url( tmplud.lud_scheme ) ) { tmplud.lud_exts = NULL; tmplud.lud_crit_exts = 0; } - tmpurl = ldap_url_desc2str( &tmplud ); + urllist[ i ] = ldap_url_desc2str( &tmplud ); - if ( tmpurl == NULL ) { + if ( urllist[ i ] == NULL ) { fprintf( stderr, "%s: line %d: " "unable to rebuild uri " "in \"uri \" statement " @@ -201,18 +1273,10 @@ ldap_back_db_config( fname, lineno, argv[ 1 ] ); return 1; } - - len = strlen( tmpurl ); - if ( li->url ) { - oldlen = strlen( li->url ) + STRLENOF( " " ); - } - li->url = ch_realloc( li->url, oldlen + len + 1); - if ( oldlen ) { - li->url[oldlen - 1] = " "; - } - AC_MEMCPY( &li->url[oldlen], tmpurl, len + 1 ); - ch_free( tmpurl ); } + + li->url = ldap_charray2str( urllist, " " ); + ldap_charray_free( urllist ); #else li->url = ch_strdup( argv[ 1 ] ); #endif @@ -225,9 +1289,13 @@ ldap_back_db_config( return( 1 ); } - /* start */ - if ( strcasecmp( argv[1], "start" ) == 0 ) { - li->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL ); + /* none */ + if ( strcasecmp( argv[1], "none" ) == 0 ) { + li->flags &= ~LDAP_BACK_F_TLS_MASK; + + /* try start tls */ + } else if ( strcasecmp( argv[1], "start" ) == 0 ) { + li->flags |= LDAP_BACK_F_TLS_USE_MASK; /* try start tls */ } else if ( strcasecmp( argv[1], "try-start" ) == 0 ) { @@ -236,7 +1304,7 @@ ldap_back_db_config( /* propagate start tls */ } else if ( strcasecmp( argv[1], "propagate" ) == 0 ) { - li->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL ); + li->flags |= LDAP_BACK_F_TLS_PROPAGATE_MASK; /* try start tls */ } else if ( strcasecmp( argv[1], "try-propagate" ) == 0 ) { @@ -270,18 +1338,41 @@ ldap_back_db_config( /* save bind creds for referral rebinds? */ } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) { - if ( argc != 1 ) { + switch ( argc ) { + case 1: + fprintf( stderr, + "%s: line %d: \"rebind-as-user {NO|yes}\": use without args is deprecated.\n", + fname, lineno ); + + li->flags |= LDAP_BACK_F_SAVECRED; + break; + + case 2: + if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) { + li->flags |= LDAP_BACK_F_SAVECRED; + + } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) { + li->flags &= ~LDAP_BACK_F_SAVECRED; + + } else { + fprintf( stderr, + "%s: line %d: \"rebind-as-user {NO|yes}\": unknown argument \"%s\".\n", + fname, lineno, argv[ 1 ] ); + return( 1 ); + } + break; + + default: fprintf( stderr, - "%s: line %d: \"rebind-as-user\" takes no arguments\n", + "%s: line %d: \"rebind-as-user {NO|yes}\" needs 1 argument.\n", fname, lineno ); return( 1 ); } - li->flags |= LDAP_BACK_F_SAVECRED; } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) { if ( argc != 2 ) { fprintf( stderr, - "%s: line %d: \"chase-referrals\" needs 1 argument.\n", + "%s: line %d: \"chase-referrals {YES|no}\" needs 1 argument.\n", fname, lineno ); return( 1 ); } @@ -295,7 +1386,7 @@ ldap_back_db_config( } else { fprintf( stderr, - "%s: line %d: \"chase-referrals {yes|no}\": unknown argument \"%s\".\n", + "%s: line %d: \"chase-referrals {YES|no}\": unknown argument \"%s\".\n", fname, lineno, argv[1] ); return( 1 ); } @@ -303,7 +1394,7 @@ ldap_back_db_config( } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) { if ( argc != 2 ) { fprintf( stderr, - "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n", + "%s: line %d: \"t-f-support {NO|yes|discover}\" needs 1 argument.\n", fname, lineno ); return( 1 ); } @@ -319,21 +1410,49 @@ ldap_back_db_config( } else { fprintf( stderr, - "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n", + "%s: line %d: \"t-f-support {NO|yes|discover}\": unknown argument \"%s\".\n", fname, lineno, argv[ 1 ] ); return 1; } /* intercept exop_who_am_i? */ } else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) { - if ( argc != 1 ) { + int doload_extop = 0; + + switch ( argc ) { + case 1: + fprintf( stderr, + "%s: line %d: \"proxy-whoami {NO|yes}\": use without args is deprecated.\n", + fname, lineno ); + + doload_extop = 1; + break; + + case 2: + if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) { + doload_extop = 1; + + } else if ( strcasecmp( argv[ 1 ], "no" ) != 0 ) { + fprintf( stderr, + "%s: line %d: \"proxy-whoami {NO|yes}\": unknown argument \"%s\".\n", + fname, lineno, argv[ 1 ] ); + return( 1 ); + } + break; + + default: fprintf( stderr, - "%s: line %d: proxy-whoami takes no arguments\n", + "%s: line %d: \"proxy-whoami {NO|yes}\" needs 1 argument.\n", fname, lineno ); return( 1 ); } - load_extop( (struct berval *)&slap_EXOP_WHOAMI, - 0, ldap_back_exop_whoami ); + + if ( doload_extop ) { + li->flags |= LDAP_BACK_F_PROXY_WHOAMI; + + load_extop( (struct berval *)&slap_EXOP_WHOAMI, + 0, ldap_back_exop_whoami ); + } /* FIXME: legacy: intercept old rewrite/remap directives * and try to start the rwm overlay */ @@ -341,6 +1460,7 @@ ldap_back_db_config( || strcasecmp( argv[0], "map" ) == 0 || strncasecmp( argv[0], "rewrite", STRLENOF( "rewrite" ) ) == 0 ) { +#if 0 fprintf( stderr, "%s: line %d: " "rewrite/remap capabilities have been moved " "to the \"rwm\" overlay; see slapo-rwm(5) " @@ -371,8 +1491,16 @@ ldap_back_db_config( return ( *be->bd_info->bi_db_config )( be, fname, lineno, argc, argv ); } +#else + fprintf( stderr, "%s: line %d: " + "rewrite/remap capabilities have been moved " + "to the \"rwm\" overlay; see slapo-rwm(5) " + "for details (hint: add \"overlay rwm\" " + "and prefix all directives with \"rwm-\").\n", + fname, lineno ); +#endif - return SLAP_CONF_UNKNOWN; + return 1; /* anything else */ } else { @@ -407,7 +1535,7 @@ ldap_back_exop_whoami( LDAPMessage *res; Operation op2 = *op; ber_int_t msgid; - int do_retry = 1; + int doretry = 1; ctrls[0] = &c; op2.o_ndn = op->o_conn->c_ndn; @@ -428,8 +1556,8 @@ retry: if (ldap_result(lc->lc_ld, msgid, 1, NULL, &res) == -1) { ldap_get_option(lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err); - if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) { - do_retry = 0; + if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) { + doretry = 0; if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) goto retry; } @@ -646,14 +1774,54 @@ parse_idassert( } } else if ( strcasecmp( argv1, "simple" ) == 0 ) { - li->idassert_authmethod = LDAP_AUTH_SIMPLE; + int arg; - if ( argc != 2 ) { - fprintf( stderr, - "%s: line %d: trailing args in \"%s %s ...\" line ignored\"\n", - fname, lineno, argv[0], argv[1] ); + for ( arg = 2; arg < argc; arg++ ) { + if ( strncasecmp( argv[arg], "authcdn=", STRLENOF( "authcdn=" ) ) == 0 ) { + char *val = argv[arg] + STRLENOF( "authcdn=" ); + struct berval dn; + int rc; + + if ( !BER_BVISNULL( &li->idassert_authcDN ) ) { + fprintf( stderr, "%s: line %d: " + "SASL authcDN already defined; replacing...\n", + fname, lineno ); + ch_free( li->idassert_authcDN.bv_val ); + } + if ( strncasecmp( argv[arg], "dn:", STRLENOF( "dn:" ) ) == 0 ) { + val += STRLENOF( "dn:" ); + } + + ber_str2bv( val, 0, 0, &dn ); + rc = dnNormalize( 0, NULL, NULL, &dn, &li->idassert_authcDN, NULL ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: SASL authcdn \"%s\" is not a valid DN\n", + fname, lineno, val ); + return 1; + } + + } else if ( strncasecmp( argv[arg], "cred=", STRLENOF( "cred=" ) ) == 0 ) { + char *val = argv[arg] + STRLENOF( "cred=" ); + + if ( !BER_BVISNULL( &li->idassert_passwd ) ) { + fprintf( stderr, "%s: line %d: " + "SASL cred already defined; replacing...\n", + fname, lineno ); + ch_free( li->idassert_passwd.bv_val ); + } + ber_str2bv( val, 0, 1, &li->idassert_passwd ); + + } else { + fprintf( stderr, "%s: line %d: " + "unknown parameter %s\n", + fname, lineno, argv[arg] ); + return 1; + } } + li->idassert_authmethod = LDAP_AUTH_SIMPLE; + } else if ( strcasecmp( argv1, "sasl" ) == 0 ) { #ifdef HAVE_CYRUS_SASL int arg; diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 2c6d296f5c..3a16c4d818 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -275,8 +275,8 @@ fail:; rs->sr_operational_attrs = NULL; rs->sr_flags = 0; abort = send_search_entry( op, rs ); - if ( !BER_BVISNULL( &ent.e_name ) && ( ent.e_name.bv_val != bdn.bv_val ) ) - { + if ( !BER_BVISNULL( &ent.e_name ) ) { + assert( ent.e_name.bv_val != bdn.bv_val ); free( ent.e_name.bv_val ); BER_BVZERO( &ent.e_name ); } diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 25cb07cc0b..39b03af185 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -46,7 +46,7 @@ ldbm_back_add( op->o_req_dn.bv_val, 0, 0); rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, - &rs->sr_text, textbuf, textlen ); + get_manageDIT(op), &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "entry failed schema check: %s\n", diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index 3e34178d20..51d10c2691 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -164,8 +164,8 @@ int ldbm_modify_internal( } /* check that the entry still obeys the schema */ - rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen ); - + rc = entry_schema_check( op->o_bd, e, save_attrs, get_manageDIT(op), + text, textbuf, textlen ); if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "entry failed schema check: %s\n", *text, 0, 0 ); diff --git a/servers/slapd/back-ldif/ldif.c b/servers/slapd/back-ldif/ldif.c index 10f7a523d1..a59fe576eb 100644 --- a/servers/slapd/back-ldif/ldif.c +++ b/servers/slapd/back-ldif/ldif.c @@ -332,11 +332,12 @@ static int r_enum_tree(enumCookie *ck, struct berval *path, ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE ); + ck->rs->sr_entry = e; rc = send_search_reference( ck->op, ck->rs ); - ber_bvarray_free( ck->rs->sr_ref ); ber_bvarray_free( erefs ); ck->rs->sr_ref = NULL; + ck->rs->sr_entry = NULL; } else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE ) { @@ -344,6 +345,7 @@ static int r_enum_tree(enumCookie *ck, struct berval *path, ck->rs->sr_attrs = ck->op->ors_attrs; ck->rs->sr_flags = REP_ENTRY_MODIFIABLE; rc = send_search_entry(ck->op, ck->rs); + ck->rs->sr_entry = NULL; } fd = 1; if ( rc ) @@ -553,8 +555,8 @@ static int apply_modify_to_entry(Entry * entry, entry->e_ocflags = 0; } /* check that the entry still obeys the schema */ - rc = entry_schema_check(op->o_bd, entry, NULL, - &rs->sr_text, textbuf, sizeof( textbuf ) ); + rc = entry_schema_check(op->o_bd, entry, NULL, 0, + &rs->sr_text, textbuf, sizeof( textbuf ) ); } return rc; } @@ -760,8 +762,8 @@ static int ldif_back_add(Operation *op, SlapReply *rs) { int statres; char textbuf[SLAP_TEXT_BUFLEN]; - rs->sr_err = entry_schema_check(op->o_bd, e, - NULL, &rs->sr_text, textbuf, sizeof( textbuf ) ); + rs->sr_err = entry_schema_check(op->o_bd, e, NULL, 0, + &rs->sr_text, textbuf, sizeof( textbuf ) ); if ( rs->sr_err != LDAP_SUCCESS ) goto send_res; ldap_pvt_thread_mutex_lock(&ni->li_mutex); diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 34c23de511..fff12ab215 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -942,8 +942,10 @@ meta_send_entry( rs->sr_entry = NULL; rs->sr_attrs = NULL; - if ( !BER_BVISNULL( &ent.e_name ) && ent.e_name.bv_val != bdn.bv_val ) { - free( ent.e_name.bv_val ); + if ( !BER_BVISNULL( &ent.e_name ) ) { + if ( ent.e_name.bv_val != bdn.bv_val ) { + free( ent.e_name.bv_val ); + } BER_BVZERO( &ent.e_name ); } if ( !BER_BVISNULL( &ent.e_nname ) ) { diff --git a/servers/slapd/back-monitor/back-monitor.h b/servers/slapd/back-monitor/back-monitor.h index 511c4c48ab..8cd40f186b 100644 --- a/servers/slapd/back-monitor/back-monitor.h +++ b/servers/slapd/back-monitor/back-monitor.h @@ -121,6 +121,7 @@ typedef struct monitor_info_t { AttributeDescription *mi_ad_monitorConnectionStartTime; AttributeDescription *mi_ad_monitorConnectionActivityTime; AttributeDescription *mi_ad_monitorIsShadow; + AttributeDescription *mi_ad_monitorUpdateRef; /* * Generic description attribute diff --git a/servers/slapd/back-monitor/database.c b/servers/slapd/back-monitor/database.c index 267042d8ee..f6d5d94a80 100644 --- a/servers/slapd/back-monitor/database.c +++ b/servers/slapd/back-monitor/database.c @@ -247,6 +247,11 @@ monitor_subsys_database_init( (void)init_readOnly( mi, e, be->be_restrictops ); (void)init_restrictedOperation( mi, e, be->be_restrictops ); + if ( SLAP_SHADOW( be ) && be->be_update_refs ) { + attr_merge_normalize( e, mi->mi_ad_monitorUpdateRef, + be->be_update_refs, NULL ); + } + if ( oi != NULL ) { slap_overinst *on = oi->oi_list, *on1 = on; diff --git a/servers/slapd/back-monitor/init.c b/servers/slapd/back-monitor/init.c index 08ce16f5fd..df6a08a990 100644 --- a/servers/slapd/back-monitor/init.c +++ b/servers/slapd/back-monitor/init.c @@ -1166,6 +1166,13 @@ monitor_back_initialize( "SINGLE-VALUE " "USAGE directoryOperation )", SLAP_AT_HIDE, offsetof(monitor_info_t, mi_ad_monitorIsShadow) }, + { "monitorUpdateRef", "( 1.3.6.1.4.1.4203.666.1.53 " + "NAME 'monitorUpdateRef' " + "DESC 'update referral for shadow databases' " + "SUP monitoredInfo " + "SINGLE-VALUE " + "USAGE directoryOperation )", SLAP_AT_HIDE, + offsetof(monitor_info_t, mi_ad_monitorUpdateRef) }, { NULL, NULL, 0, -1 } }; diff --git a/servers/slapd/back-monitor/log.c b/servers/slapd/back-monitor/log.c index 607b6354a4..d54b572ee7 100644 --- a/servers/slapd/back-monitor/log.c +++ b/servers/slapd/back-monitor/log.c @@ -197,8 +197,8 @@ monitor_subsys_log_modify( } /* check that the entry still obeys the schema */ - rc = entry_schema_check( be_monitor, e, save_attrs, - &text, textbuf, sizeof( textbuf ) ); + rc = entry_schema_check( be_monitor, e, save_attrs, 0, + &text, textbuf, sizeof( textbuf ) ); if ( rc != LDAP_SUCCESS ) { rs->sr_err = rc; goto cleanup; diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c index 03accfc5ea..cd2b5a6131 100644 --- a/servers/slapd/back-sql/add.c +++ b/servers/slapd/back-sql/add.c @@ -91,11 +91,8 @@ backsql_modify_delete_all_values( backsql_PrintErrors( bi->sql_db_env, dbh, asth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } rc = backsql_BindParamID( asth, 1, SQL_PARAM_INPUT, &e_id->eid_keyval ); @@ -109,12 +106,8 @@ backsql_modify_delete_all_values( asth, rc ); SQLFreeStmt( asth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } rc = SQLExecute( asth ); @@ -127,12 +120,8 @@ backsql_modify_delete_all_values( asth, rc ); SQLFreeStmt( asth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } backsql_BindRowAsStrings( asth, &row ); @@ -161,12 +150,8 @@ backsql_modify_delete_all_values( backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - continue; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } if ( BACKSQL_IS_DEL( at->bam_expect_return ) ) { @@ -182,12 +167,8 @@ backsql_modify_delete_all_values( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - continue; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } } else { @@ -205,12 +186,8 @@ backsql_modify_delete_all_values( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - continue; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } #ifdef BACKSQL_ARBITRARY_KEY Debug( LDAP_DEBUG_TRACE, @@ -240,12 +217,8 @@ backsql_modify_delete_all_values( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - continue; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } Debug( LDAP_DEBUG_TRACE, @@ -267,21 +240,15 @@ backsql_modify_delete_all_values( /* SQL procedure executed fine * but returned an error */ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc ); - rs->sr_text = op->ora_e->e_name.bv_val; - SQLFreeStmt( sth, SQL_DROP ); - return rs->sr_err; } else { backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) - { - rs->sr_err = LDAP_OTHER; - rs->sr_text = op->ora_e->e_name.bv_val; - SQLFreeStmt( sth, SQL_DROP ); - return rs->sr_err; - } + rs->sr_err = LDAP_OTHER; } + rs->sr_text = op->ora_e->e_name.bv_val; + SQLFreeStmt( sth, SQL_DROP ); + return rs->sr_err; } SQLFreeStmt( sth, SQL_DROP ); } @@ -551,12 +518,10 @@ add_only:; backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - SQLFreeStmt( sth, SQL_DROP ); - rs->sr_err = LDAP_OTHER; - rs->sr_text = "SQL-backend error"; - goto done; - } + SQLFreeStmt( sth, SQL_DROP ); + rs->sr_err = LDAP_OTHER; + rs->sr_text = "SQL-backend error"; + goto done; } SQLFreeStmt( sth, SQL_DROP ); } @@ -676,11 +641,9 @@ add_only:; sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - rs->sr_err = LDAP_OTHER; - goto done; - } + rs->sr_text = "SQL-backend error"; + rs->sr_err = LDAP_OTHER; + goto done; } Debug( LDAP_DEBUG_TRACE, @@ -709,13 +672,10 @@ add_only:; } else { backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) - { - SQLFreeStmt( sth, SQL_DROP ); - rs->sr_err = LDAP_OTHER; - rs->sr_text = at->bam_ad->ad_cname.bv_val; - goto done; - } + SQLFreeStmt( sth, SQL_DROP ); + rs->sr_err = LDAP_OTHER; + rs->sr_text = at->bam_ad->ad_cname.bv_val; + goto done; } } SQLFreeStmt( sth, SQL_DROP ); @@ -823,13 +783,8 @@ backsql_add_attr( rc = backsql_Prepare( dbh, &sth, at_rec->bam_add_proc, 0 ); if ( rc != SQL_SUCCESS ) { - - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } if ( BACKSQL_IS_ADD( at_rec->bam_expect_return ) ) { @@ -844,12 +799,8 @@ backsql_add_attr( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } } else { @@ -869,12 +820,8 @@ backsql_add_attr( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } currpos = pno + 2 - po; @@ -894,12 +841,8 @@ backsql_add_attr( sth, rc ); SQLFreeStmt( sth, SQL_DROP ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_text = "SQL-backend error"; - return rs->sr_err = LDAP_OTHER; - } - - return LDAP_SUCCESS; + rs->sr_text = "SQL-backend error"; + return rs->sr_err = LDAP_OTHER; } #ifdef LDAP_DEBUG @@ -930,12 +873,10 @@ backsql_add_attr( } else { backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); - if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) { - rs->sr_err = LDAP_OTHER; - rs->sr_text = op->ora_e->e_name.bv_val; - SQLFreeStmt( sth, SQL_DROP ); - return rs->sr_err; - } + rs->sr_err = LDAP_OTHER; + rs->sr_text = op->ora_e->e_name.bv_val; + SQLFreeStmt( sth, SQL_DROP ); + return rs->sr_err; } } SQLFreeStmt( sth, SQL_DROP ); @@ -989,9 +930,8 @@ backsql_add( Operation *op, SlapReply *rs ) if ( BACKSQL_CHECK_SCHEMA( bi ) ) { char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; - rs->sr_err = entry_schema_check( op->o_bd, op->ora_e, - NULL, - &rs->sr_text, textbuf, sizeof( textbuf ) ); + rs->sr_err = entry_schema_check( op->o_bd, op->ora_e, NULL, 0, + &rs->sr_text, textbuf, sizeof( textbuf ) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " "entry failed schema check -- aborting\n", @@ -1554,7 +1494,7 @@ done:; } if ( !BER_BVISNULL( &p.e_nname ) ) { - entry_clean( &p ); + backsql_entry_clean( op, &p ); } Debug( LDAP_DEBUG_TRACE, "<==backsql_add(\"%s\"): %d \"%s\"\n", diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index 5817d06af6..0bc12e5a24 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -106,7 +106,7 @@ error_return:; } if ( !BER_BVISNULL( &e.e_nname ) ) { - entry_clean( &e ); + backsql_entry_clean( op, &e ); } if ( bsi.bsi_attrs != NULL ) { diff --git a/servers/slapd/back-sql/compare.c b/servers/slapd/back-sql/compare.c index 4783714f14..9baf9ff35d 100644 --- a/servers/slapd/back-sql/compare.c +++ b/servers/slapd/back-sql/compare.c @@ -181,7 +181,7 @@ return_results:; } if ( !BER_BVISNULL( &e.e_nname ) ) { - entry_clean( &e ); + backsql_entry_clean( op, &e ); } if ( bsi.bsi_attrs != NULL ) { diff --git a/servers/slapd/back-sql/delete.c b/servers/slapd/back-sql/delete.c index 5659541268..e8bf7142c6 100644 --- a/servers/slapd/back-sql/delete.c +++ b/servers/slapd/back-sql/delete.c @@ -474,11 +474,11 @@ done:; } if ( !BER_BVISNULL( &d.e_nname ) ) { - entry_clean( &d ); + backsql_entry_clean( op, &d ); } if ( !BER_BVISNULL( &p.e_nname ) ) { - entry_clean( &p ); + backsql_entry_clean( op, &p ); } return rs->sr_err; diff --git a/servers/slapd/back-sql/entry-id.c b/servers/slapd/back-sql/entry-id.c index 49d3346c7e..87aba87a7d 100644 --- a/servers/slapd/back-sql/entry-id.c +++ b/servers/slapd/back-sql/entry-id.c @@ -862,7 +862,7 @@ backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid ) &bsi->bsi_oc->bom_oc->soc_cname, bsi->bsi_op->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) { - entry_clean( bsi->bsi_e ); + backsql_entry_clean( op, bsi->bsi_e ); return rc; } @@ -966,7 +966,7 @@ next:; "structural_class() failed %d (%s)\n", bsi->bsi_e->e_name.bv_val, rc, text ? text : "" ); - entry_clean( bsi->bsi_e ); + backsql_entry_clean( op, bsi->bsi_e ); return rc; } @@ -977,7 +977,7 @@ next:; "to entry\n", bsi->bsi_e->e_name.bv_val, soc.bv_val, bsi->bsi_oc->bom_oc->soc_cname.bv_val ); - entry_clean( bsi->bsi_e ); + backsql_entry_clean( op, bsi->bsi_e ); return rc; } } @@ -987,7 +987,7 @@ next:; &bsi->bsi_oc->bom_oc->soc_cname, bsi->bsi_op->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) { - entry_clean( bsi->bsi_e ); + backsql_entry_clean( op, bsi->bsi_e ); return rc; } } diff --git a/servers/slapd/back-sql/init.c b/servers/slapd/back-sql/init.c index f3e744fe4b..cf0bebf73b 100644 --- a/servers/slapd/back-sql/init.c +++ b/servers/slapd/back-sql/init.c @@ -74,6 +74,7 @@ sql_back_initialize( bi->bi_chk_referrals = 0; bi->bi_operational = backsql_operational; bi->bi_entry_get_rw = backsql_entry_get; + bi->bi_entry_release_rw = backsql_entry_release; bi->bi_connection_init = 0; bi->bi_connection_destroy = backsql_connection_destroy; diff --git a/servers/slapd/back-sql/modify.c b/servers/slapd/back-sql/modify.c index b75697a2d8..623362a487 100644 --- a/servers/slapd/back-sql/modify.c +++ b/servers/slapd/back-sql/modify.c @@ -158,7 +158,7 @@ backsql_modify( Operation *op, SlapReply *rs ) if ( BACKSQL_CHECK_SCHEMA( bi ) ) { char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; - entry_clean( &m ); + backsql_entry_clean( op, &m ); bsi.bsi_e = &m; rs->sr_err = backsql_id2entry( &bsi, &bsi.bsi_base_id ); @@ -167,9 +167,8 @@ backsql_modify( Operation *op, SlapReply *rs ) goto do_transact; } - rs->sr_err = entry_schema_check( op->o_bd, &m, - NULL, - &rs->sr_text, textbuf, sizeof( textbuf ) ); + rs->sr_err = entry_schema_check( op->o_bd, &m, NULL, 0, + &rs->sr_text, textbuf, sizeof( textbuf ) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " "entry failed schema check -- aborting\n", @@ -213,7 +212,7 @@ done:; } if ( !BER_BVISNULL( &m.e_nname ) ) { - entry_clean( &m ); + backsql_entry_clean( op, &m ); } if ( bsi.bsi_attrs != NULL ) { diff --git a/servers/slapd/back-sql/modrdn.c b/servers/slapd/back-sql/modrdn.c index 7c6c36baea..ce904498e2 100644 --- a/servers/slapd/back-sql/modrdn.c +++ b/servers/slapd/back-sql/modrdn.c @@ -449,7 +449,7 @@ backsql_modrdn( Operation *op, SlapReply *rs ) if ( BACKSQL_CHECK_SCHEMA( bi ) ) { char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; - entry_clean( &r ); + backsql_entry_clean( op, &r ); (void)backsql_free_entryID( op, &e_id, 0 ); bsi.bsi_e = &r; @@ -495,9 +495,8 @@ backsql_modrdn( Operation *op, SlapReply *rs ) e_id = bsi.bsi_base_id; - rs->sr_err = entry_schema_check( op->o_bd, &r, - NULL, - &rs->sr_text, textbuf, sizeof( textbuf ) ); + rs->sr_err = entry_schema_check( op->o_bd, &r, NULL, 0, + &rs->sr_text, textbuf, sizeof( textbuf ) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " "entry failed schema check -- aborting\n", @@ -575,15 +574,15 @@ done:; } if ( !BER_BVISNULL( &r.e_nname ) ) { - entry_clean( &r ); + backsql_entry_clean( op, &r ); } if ( !BER_BVISNULL( &p.e_nname ) ) { - entry_clean( &p ); + backsql_entry_clean( op, &p ); } if ( !BER_BVISNULL( &n.e_nname ) ) { - entry_clean( &n ); + backsql_entry_clean( op, &n ); } Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n", 0, 0, 0 ); diff --git a/servers/slapd/back-sql/proto-sql.h b/servers/slapd/back-sql/proto-sql.h index 8019284223..4cdc28d202 100644 --- a/servers/slapd/back-sql/proto-sql.h +++ b/servers/slapd/back-sql/proto-sql.h @@ -169,6 +169,8 @@ int backsql_init_search( backsql_srch_info *bsi, Operation *op, SlapReply *rs, AttributeName *attrs, unsigned flags ); +void backsql_entry_clean( Operation *op, Entry *e ); + /* * sql-wrap.h */ @@ -283,6 +285,7 @@ extern BI_op_delete backsql_delete; extern BI_operational backsql_operational; extern BI_entry_get_rw backsql_entry_get; +extern BI_entry_release_rw backsql_entry_release; extern BI_connection_destroy backsql_connection_destroy; diff --git a/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql b/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql index 49e7e3acd1..eff0a9ef53 100644 --- a/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql +++ b/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql @@ -1,4 +1,3 @@ -DROP TABLE ldap_referrals; DROP TABLE ldap_entry_objclasses; DROP TABLE ldap_attr_mappings; DROP TABLE ldap_entries; diff --git a/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql b/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql index 17b12afd42..908cd44123 100644 --- a/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql +++ b/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_drop.sql @@ -3,3 +3,4 @@ DROP TABLE institutes; DROP TABLE documents; DROP TABLE authors_docs; DROP TABLE phones; +DROP TABLE referrals; diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c index da3cea0d21..98f0041501 100644 --- a/servers/slapd/back-sql/search.c +++ b/servers/slapd/back-sql/search.c @@ -2096,7 +2096,7 @@ backsql_search( Operation *op, SlapReply *rs ) } else { rs->sr_err = LDAP_OTHER; } - entry_clean( &user_entry2 ); + backsql_entry_clean( op, &user_entry2 ); } if ( bsi2.bsi_attrs != NULL ) { op->o_tmpfree( bsi2.bsi_attrs, @@ -2218,7 +2218,7 @@ backsql_search( Operation *op, SlapReply *rs ) next_entry:; if ( e == &user_entry ) { - entry_clean( &user_entry ); + backsql_entry_clean( op, &user_entry ); } next_entry2:; @@ -2245,10 +2245,10 @@ send_results:; send_ldap_result( op, rs ); } - entry_clean( &base_entry ); + backsql_entry_clean( op, &base_entry ); /* in case we got here accidentally */ - entry_clean( &user_entry ); + backsql_entry_clean( op, &user_entry ); if ( rs->sr_v2ref ) { ber_bvarray_free( rs->sr_v2ref ); @@ -2390,3 +2390,39 @@ return_results:; return rc; } +void +backsql_entry_clean( + Operation *op, + Entry *e ) +{ + void *ctx; + + ctx = ldap_pvt_thread_pool_context(); + + if ( ctx == NULL || ctx != op->o_tmpmemctx ) { + if ( !BER_BVISNULL( &e->e_name ) ) { + op->o_tmpfree( e->e_name.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &e->e_name ); + } + + if ( !BER_BVISNULL( &e->e_nname ) ) { + op->o_tmpfree( e->e_nname.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &e->e_nname ); + } + } + + entry_clean( e ); +} + +int +backsql_entry_release( + Operation *op, + Entry *e, + int rw ) +{ + backsql_entry_clean( op, e ); + + ch_free( e ); + + return 0; +} diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 17a92e79aa..4552a6ac1c 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -98,8 +98,7 @@ int backend_init(void) return -1; } - for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) - { + for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) { assert( bi->bi_init ); rc = bi->bi_init( bi ); @@ -821,18 +820,18 @@ backend_check_controls( break; case LDAP_COMPARE_FALSE: - if ( !op->o_bd->be_ctrls[ cid ] ) - { + if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) { /* Per RFC 2251 (and LDAPBIS discussions), if the control * is recognized and appropriate for the operation (which * we've already verified), then the server should make * use of the control when performing the operation. * * Here we find that operation extended by the control - * is not unavailable in a particular context, hence the - * return of unwillingToPerform. + * is unavailable in a particular context, and the control + * is marked Critical, hence the return of + * unwillingToPerform. */ - rs->sr_text = "control unavailable in context"; + rs->sr_text = "critical control unavailable in context"; rs->sr_err = LDAP_UNWILLING_TO_PERFORM; goto done; } @@ -843,6 +842,11 @@ backend_check_controls( default: /* unreachable */ + Debug( LDAP_DEBUG_ANY, + "backend_check_controls: unable to check control: %s\n", + (*ctrls)->ldctl_oid, 0, 0 ); + assert( 0 ); + rs->sr_text = "unable to check control"; rs->sr_err = LDAP_OTHER; goto done; @@ -850,6 +854,12 @@ backend_check_controls( } } + /* check should be generalized */ + if( get_manageDIT(op) && !be_isroot(op)) { + rs->sr_text = "requires manager authorization"; + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + } + done:; return rs->sr_err; } diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 599899ff85..0e8b0c27ac 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -72,12 +72,14 @@ over_db_config( slap_overinfo *oi = be->bd_info->bi_private; slap_overinst *on = oi->oi_list; BackendInfo *bi_orig = be->bd_info; + struct ConfigOCs *be_cf_ocs = be->be_cf_ocs; ConfigArgs ca = {0}; ConfigTable *ct; int rc = 0; if ( oi->oi_orig->bi_db_config ) { be->bd_info = oi->oi_orig; + be->be_cf_ocs = oi->oi_orig->bi_cf_ocs; rc = oi->oi_orig->bi_db_config( be, fname, lineno, argc, argv ); @@ -149,6 +151,8 @@ over_db_config( } } be->bd_info = bi_orig; + be->be_cf_ocs = be_cf_ocs; + return rc; } diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index 2d41de9bde..fc600772ea 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -90,8 +90,8 @@ static ConfigFile cf_prv, *cfn = &cf_prv; static Avlnode *CfOcTree; -static int config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, - int *renumber ); +static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, + SlapReply *rs, int *renumber ); static ConfigDriver config_fname; static ConfigDriver config_cfdir; @@ -234,7 +234,7 @@ static ConfigTable config_back_cf_table[] = { &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString )", NULL, NULL }, - { "authid-rewrite", NULL, 2, 0, 0, + { "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ), #ifdef SLAP_AUTH_REWRITE ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic, #else @@ -968,11 +968,14 @@ config_generic(ConfigArgs *c) { c->be = LDAP_STAILQ_FIRST(&backendDB); } else if ( !strcasecmp( c->argv[1], "frontend" )) { c->be = frontendDB; - } else if(!(c->be = backend_db_init(c->argv[1]))) { - sprintf( c->msg, "<%s> failed init", c->argv[0] ); - Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n", - c->log, c->msg, c->argv[1] ); - return(1); + } else { + c->be = backend_db_init(c->argv[1]); + if ( !c->be ) { + sprintf( c->msg, "<%s> failed init", c->argv[0] ); + Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n", + c->log, c->msg, c->argv[1] ); + return(1); + } } break; @@ -1207,9 +1210,27 @@ config_generic(ConfigArgs *c) { #ifdef SLAP_AUTH_REWRITE case CFG_REWRITE: { struct berval bv; + char *line; + if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv)) return(1); - ber_str2bv( c->line, 0, 1, &bv ); + + if ( c->argc > 1 ) { + char *s; + + /* quote all args but the first */ + line = ldap_charray2str( c->argv, "\" \"" ); + ber_str2bv( line, 0, 0, &bv ); + s = strchr( bv.bv_val, '"' ); + assert( s != NULL ); + /* move the trailing quote of argv[0] to the end */ + AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) ); + bv.bv_val[ bv.bv_len - 1 ] = '"'; + + } else { + ber_str2bv( c->argv[ 0 ], 0, 1, &bv ); + } + ber_bvarray_add( &authz_rewrites, &bv ); } break; @@ -2374,14 +2395,19 @@ config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last ) return root; } +typedef struct setup_cookie { + CfBackInfo *cfb; + ConfigArgs *ca; +} setup_cookie; + static int config_ldif_resp( Operation *op, SlapReply *rs ) { if ( rs->sr_type == REP_SEARCH ) { - CfBackInfo *cfb = op->o_callback->sc_private; + setup_cookie *sc = op->o_callback->sc_private; - cfb->cb_got_ldif = 1; - rs->sr_err = config_add_internal( cfb, rs->sr_entry, NULL, NULL ); + sc->cfb->cb_got_ldif = 1; + rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL ); } return rs->sr_err; } @@ -2394,6 +2420,7 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) { ConfigTable *ct; char *argv[3]; int rc = 0; + setup_cookie sc; slap_callback cb = { NULL, config_ldif_resp, NULL, NULL }; Connection conn = {0}; char opbuf[OPERATION_BUFFER_SIZE]; @@ -2470,7 +2497,9 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) { op->ors_attrsonly = 0; op->o_callback = &cb; - cb.sc_private = cfb; + sc.cfb = cfb; + sc.ca = &c; + cb.sc_private = ≻ op->o_bd = &cfb->cb_db; rc = op->o_bd->be_search( op, &rs ); @@ -2549,8 +2578,10 @@ read_config(const char *fname, const char *dir) { return 1; /* If we read the config from back-ldif, nothing to do here */ - if ( cfb->cb_got_ldif ) - return 0; + if ( cfb->cb_got_ldif ) { + rc = 0; + goto done; + } } if ( fname ) @@ -2581,6 +2612,20 @@ read_config(const char *fname, const char *dir) { } break; } + +done: + if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) { + ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1, + &frontendDB->be_schemadn ); + rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL ); + if ( rc != LDAP_SUCCESS ) { + Debug(LDAP_DEBUG_ANY, "read_config: " + "unable to normalize default schema DN \"%s\"\n", + frontendDB->be_schemadn.bv_val, 0, 0 ); + /* must not happen */ + assert( 0 ); + } + } return rc; } @@ -2962,13 +3007,12 @@ cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca ) /* Parse an LDAP entry into config directives */ static int -config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) +config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, int *renum ) { CfEntryInfo *ce, *last; ConfigOCs **colst; Attribute *a, *oc_at; int i, j, nocs, rc = 0; - ConfigArgs ca = {0}; struct berval pdn; ConfigTable *ct; char *ptr; @@ -2992,15 +3036,17 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass ); if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION; + memset( ca, 0, sizeof(ConfigArgs)); + /* Fake the coordinates based on whether we're part of an * LDAP Add or if reading the config dir */ if ( rs ) { - ca.fname = "slapd"; - ca.lineno = 0; + ca->fname = "slapd"; + ca->lineno = 0; } else { - ca.fname = cfdir.bv_val; - ca.lineno = 1; + ca->fname = cfdir.bv_val; + ca->lineno = 1; } colst = count_ocs( oc_at, &nocs ); @@ -3011,8 +3057,8 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) rc = LDAP_CONSTRAINT_VIOLATION; if ( colst[0]->co_type == Cft_Global && !last ) { cfn = &cf_prv; - ca.private = cfn; - ca.be = frontendDB; /* just to get past check_vals */ + ca->private = cfn; + ca->be = frontendDB; /* just to get past check_vals */ rc = LDAP_SUCCESS; } @@ -3022,7 +3068,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) if ( last ) { for ( i=0; ico_ldadd && - ( rc = colst[i]->co_ldadd( last, e, &ca )) + ( rc = colst[i]->co_ldadd( last, e, ca )) != LDAP_CONSTRAINT_VIOLATION ) { break; } @@ -3058,7 +3104,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) if ( rc ) goto leave; - init_config_argv( &ca ); + init_config_argv( ca ); /* Make sure we process attrs in the required order */ sort_attrs( e, colst, nocs ); @@ -3067,7 +3113,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) if ( a == oc_at ) continue; ct = config_find_table( colst, nocs, a->a_desc ); if ( !ct ) continue; /* user data? */ - rc = check_vals( ct, &ca, a, 1 ); + rc = check_vals( ct, ca, a, 1 ); if ( rc ) goto leave; } @@ -3077,13 +3123,13 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) ct = config_find_table( colst, nocs, a->a_desc ); if ( !ct ) continue; /* user data? */ for (i=0; a->a_vals[i].bv_val; i++) { - ca.line = a->a_vals[i].bv_val; + ca->line = a->a_vals[i].bv_val; if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) { - ptr = strchr( ca.line, '}' ); - if ( ptr ) ca.line = ptr+1; + ptr = strchr( ca->line, '}' ); + if ( ptr ) ca->line = ptr+1; } - ca.valx = i; - rc = config_parse_add( ct, &ca ); + ca->valx = i; + rc = config_parse_add( ct, ca ); if ( rc ) { rc = LDAP_OTHER; goto leave; @@ -3091,14 +3137,36 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) } } ok: + /* Newly added databases and overlays need to be started up */ + if ( CONFIG_ONLINE_ADD( ca )) { + if ( colst[0]->co_type == Cft_Database ) { + rc = backend_startup_one( ca->be ); + + } else if ( colst[0]->co_type == Cft_Overlay ) { + if ( ca->bi->bi_db_open ) { + BackendInfo *bi_orig = ca->be->bd_info; + ca->be->bd_info = ca->bi; + rc = ca->bi->bi_db_open( ca->be ); + ca->be->bd_info = bi_orig; + } + } + if ( rc ) { + sprintf( ca->msg, "<%s> failed startup", ca->argv[0] ); + Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n", + ca->log, ca->msg, ca->argv[1] ); + rc = LDAP_OTHER; + goto leave; + } + } + ce = ch_calloc( 1, sizeof(CfEntryInfo) ); ce->ce_parent = last; ce->ce_entry = entry_dup( e ); ce->ce_entry->e_private = ce; ce->ce_type = colst[0]->co_type; - ce->ce_be = ca.be; - ce->ce_bi = ca.bi; - ce->ce_private = ca.private; + ce->ce_be = ca->be; + ce->ce_bi = ca->bi; + ce->ce_private = ca->private; if ( !last ) { cfb->cb_root = ce; } else if ( last->ce_kids ) { @@ -3112,7 +3180,7 @@ ok: } leave: - ch_free( ca.argv ); + ch_free( ca->argv ); if ( colst ) ch_free( colst ); return rc; } @@ -3126,6 +3194,7 @@ config_back_add( Operation *op, SlapReply *rs ) CfBackInfo *cfb; CfEntryInfo *ce, *last; int renumber; + ConfigArgs ca; if ( !be_isroot( op ) ) { rs->sr_err = LDAP_INSUFFICIENT_ACCESS; @@ -3143,8 +3212,10 @@ config_back_add( Operation *op, SlapReply *rs ) * 4) store entry in underlying database * 5) perform any necessary renumbering */ - rs->sr_err = config_add_internal( cfb, op->ora_e, rs, &renumber ); - if ( rs->sr_err == LDAP_SUCCESS && cfb->cb_use_ldif ) { + rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber ); + if ( rs->sr_err != LDAP_SUCCESS ) { + rs->sr_text = ca.msg; + } else if ( cfb->cb_use_ldif ) { BackendDB *be = op->o_bd; slap_callback sc = { NULL, slap_null_cb, NULL, NULL }; op->o_bd = &cfb->cb_db; @@ -3167,7 +3238,7 @@ out: typedef struct delrec { struct delrec *next; int nidx; - int idx[0]; + int idx[1]; } delrec; static int @@ -3226,7 +3297,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs, if ( ct && ml->sml_values ) { delrec *d; for (i=0; ml->sml_values[i].bv_val; i++); - d = ch_malloc( sizeof(delrec) + i * sizeof(int)); + d = ch_malloc( sizeof(delrec) + (i - 1)* sizeof(int)); d->nidx = i; d->next = NULL; if ( dels ) { @@ -3305,7 +3376,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs, if(rc == LDAP_SUCCESS) { /* check that the entry still obeys the schema */ - rc = entry_schema_check(op->o_bd, e, NULL, + rc = entry_schema_check(op->o_bd, e, NULL, 0, &rs->sr_text, ca->msg, sizeof(ca->msg) ); } if ( rc == LDAP_SUCCESS ) { @@ -4003,9 +4074,10 @@ config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text ) { CfBackInfo *cfb = be->be_private; BackendInfo *bi = cfb->cb_db.bd_info; + ConfigArgs ca; if ( bi && bi->bi_tool_entry_put && - config_add_internal( cfb, e, NULL, NULL ) == 0 ) + config_add_internal( cfb, e, &ca, NULL, NULL ) == 0 ) return bi->bi_tool_entry_put( &cfb->cb_db, e, text ); else return NOID; diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 851fdae3b9..980e2ab105 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -686,18 +686,6 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) } } - if ( BER_BVISNULL( &frontendDB->be_schemadn ) ) { - ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1, - &frontendDB->be_schemadn ); - rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL ); - if ( rc != LDAP_SUCCESS ) { - Debug(LDAP_DEBUG_ANY, "%s: " - "unable to normalize default schema DN \"%s\"\n", - c->log, frontendDB->be_schemadn.bv_val, 0 ); - /* must not happen */ - assert( 0 ); - } - } rc = 0; leave: @@ -745,6 +733,21 @@ mask_to_verbs(slap_verbmasks *v, slap_mask_t m, BerVarray *bva) { return 0; } +int +enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) { + int i; + + for (i=0; !BER_BVISNULL(&v[i].word); i++) { + if ( m == v[i].mask ) { + if ( bv != NULL ) { + *bv = v[i].word; + } + return i; + } + } + return -1; +} + static slap_verbmasks tlskey[] = { { BER_BVC("no"), SB_TLS_OFF }, { BER_BVC("yes"), SB_TLS_ON }, @@ -753,9 +756,7 @@ static slap_verbmasks tlskey[] = { }; static slap_verbmasks methkey[] = { -#if 0 { BER_BVC("none"), LDAP_AUTH_NONE }, -#endif { BER_BVC("simple"), LDAP_AUTH_SIMPLE }, #ifdef HAVE_CYRUS_SASL { BER_BVC("sasl"), LDAP_AUTH_SASL }, diff --git a/servers/slapd/config.h b/servers/slapd/config.h index 47badfe7a3..bee94817e2 100644 --- a/servers/slapd/config.h +++ b/servers/slapd/config.h @@ -139,6 +139,11 @@ typedef struct config_args_s { ConfigDriver *cleanup; } ConfigArgs; +/* If lineno is zero, we have an actual LDAP Add request from a client. + * Otherwise, we're reading a config file or a config dir. + */ +#define CONFIG_ONLINE_ADD(ca) (!((ca)->lineno)) + #define value_int values.v_int #define value_long values.v_long #define value_ber_t values.v_ber_t diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 252912b22f..5699329c6e 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -28,6 +28,9 @@ static SLAP_CTRL_PARSE_FN parseAssert; static SLAP_CTRL_PARSE_FN parsePreRead; static SLAP_CTRL_PARSE_FN parsePostRead; static SLAP_CTRL_PARSE_FN parseProxyAuthz; +#ifdef LDAP_DEVEL +static SLAP_CTRL_PARSE_FN parseManageDIT; +#endif static SLAP_CTRL_PARSE_FN parseManageDSAit; static SLAP_CTRL_PARSE_FN parseModifyIncrement; static SLAP_CTRL_PARSE_FN parseNoOp; @@ -160,6 +163,12 @@ static struct slap_control control_defs[] = { (int)offsetof(struct slap_control_ids, sc_modifyIncrement), SLAP_CTRL_HIDE|SLAP_CTRL_MODIFY, NULL, parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) }, +#endif +#ifdef LDAP_DEVEL + { LDAP_CONTROL_MANAGEDIT, + (int)offsetof(struct slap_control_ids, sc_manageDIT), + SLAP_CTRL_GLOBAL|SLAP_CTRL_UPDATE, NULL, + parseManageDIT, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif { LDAP_CONTROL_MANAGEDSAIT, (int)offsetof(struct slap_control_ids, sc_manageDSAit), @@ -405,8 +414,8 @@ slap_global_control( Operation *op, const char *oid, int *cid ) if ( cid ) *cid = ctrl->sc_cid; if ( ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) || - ( ( op->o_tag & LDAP_REQ_SEARCH ) && - ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ) ) ) + ( ( op->o_tag & LDAP_REQ_SEARCH ) && + ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ) ) ) { return LDAP_COMPARE_TRUE; } @@ -710,6 +719,30 @@ static int parseModifyIncrement ( return LDAP_SUCCESS; } +#ifdef LDAP_DEVEL +static int parseManageDIT ( + Operation *op, + SlapReply *rs, + LDAPControl *ctrl ) +{ + if ( op->o_managedit != SLAP_CONTROL_NONE ) { + rs->sr_text = "manageDIT control specified multiple times"; + return LDAP_PROTOCOL_ERROR; + } + + if ( ctrl->ldctl_value.bv_len ) { + rs->sr_text = "manageDIT control value not empty"; + return LDAP_PROTOCOL_ERROR; + } + + op->o_managedit = ctrl->ldctl_iscritical + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; + + return LDAP_SUCCESS; +} +#endif + static int parseManageDSAit ( Operation *op, SlapReply *rs, diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index f80cebdf66..77b0d5013a 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -187,7 +187,7 @@ do_modify( } rs->sr_err = slap_mods_check( modlist, &rs->sr_text, - textbuf, textlen, NULL ); + textbuf, textlen, NULL ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -226,6 +226,8 @@ fe_op_modify( Operation *op, SlapReply *rs ) int increment = op->orm_increment; int rc = 0; BackendDB *op_be; + char textbuf[ SLAP_TEXT_BUFLEN ]; + size_t textlen = sizeof( textbuf ); if( op->o_req_ndn.bv_len == 0 ) { Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 ); @@ -348,6 +350,15 @@ fe_op_modify( Operation *op, SlapReply *rs ) goto cleanup; } + { + rs->sr_err = slap_mods_obsolete_check( op, modlist, + &rs->sr_text, textbuf, textlen ); + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + goto cleanup; + } + } + /* check for modify/increment support */ if( increment && !SLAP_INCREMENT( op->o_bd ) ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, @@ -427,23 +438,19 @@ fe_op_modify( Operation *op, SlapReply *rs ) #endif { int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn ); - char textbuf[ SLAP_TEXT_BUFLEN ]; - size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; op->o_bd = op_be; if ( !update ) { - rs->sr_err = slap_mods_no_update_check( modlist, - &rs->sr_text, textbuf, textlen ); + rs->sr_err = slap_mods_no_user_mod_check( op, modlist, + &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto cleanup; } } - - if ( !repl_user ) { for( modtail = &modlist; *modtail != NULL; @@ -521,20 +528,30 @@ cleanup:; } /* - * Do non-update constraint checking. + * Obsolete constraint checking. */ int -slap_mods_no_update_check( +slap_mods_obsolete_check( + Operation *op, Modifications *ml, const char **text, char *textbuf, size_t textlen ) { + if( get_manageDIT( op ) ) return LDAP_SUCCESS; + for ( ; ml != NULL; ml = ml->sml_next ) { - if ( is_at_no_user_mod( ml->sml_desc->ad_type ) ) { - /* user modification disallowed */ + if ( is_at_obsolete( ml->sml_desc->ad_type ) && + (( ml->sml_op != LDAP_MOD_REPLACE && + ml->sml_op != LDAP_MOD_DELETE ) || + ml->sml_values != NULL )) + { + /* + * attribute is obsolete, + * only allow replace/delete with no values + */ snprintf( textbuf, textlen, - "%s: no user modification allowed", + "%s: attribute is obsolete", ml->sml_type.bv_val ); *text = textbuf; return LDAP_CONSTRAINT_VIOLATION; @@ -544,6 +561,44 @@ slap_mods_no_update_check( return LDAP_SUCCESS; } +/* + * No-user-modification constraint checking. + */ +int +slap_mods_no_user_mod_check( + Operation *op, + Modifications *ml, + const char **text, + char *textbuf, + size_t textlen ) +{ + for ( ; ml != NULL; ml = ml->sml_next ) { + if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) continue; + + if( get_manageDIT( op )) { + if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) { + continue; + } + + /* attribute not manageable */ + snprintf( textbuf, textlen, + "%s: no-user-modification attribute not manageable", + ml->sml_type.bv_val ); + + } else { + /* user modification disallowed */ + snprintf( textbuf, textlen, + "%s: no user modification allowed", + ml->sml_type.bv_val ); + } + + *text = textbuf; + return LDAP_CONSTRAINT_VIOLATION; + } + + return LDAP_SUCCESS; +} + /* * Do basic attribute type checking and syntax validation. */ @@ -603,17 +658,6 @@ int slap_mods_check( } #if 0 - /* moved to slap_mods_no_update_check() */ - if (!update && is_at_no_user_mod( ad->ad_type )) { - /* user modification disallowed */ - snprintf( textbuf, textlen, - "%s: no user modification allowed", - ml->sml_type.bv_val ); - *text = textbuf; - return LDAP_CONSTRAINT_VIOLATION; - } -#endif - if ( is_at_obsolete( ad->ad_type ) && (( ml->sml_op != LDAP_MOD_REPLACE && ml->sml_op != LDAP_MOD_DELETE ) || @@ -629,6 +673,7 @@ int slap_mods_check( *text = textbuf; return LDAP_CONSTRAINT_VIOLATION; } +#endif if ( ml->sml_op == LDAP_MOD_INCREMENT && #ifdef SLAPD_REAL_SYNTAX diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c index 4fd1ff04b7..3615ab16df 100644 --- a/servers/slapd/overlays/dynlist.c +++ b/servers/slapd/overlays/dynlist.c @@ -689,18 +689,17 @@ dynlist_db_open( { slap_overinst *on = (slap_overinst *) be->bd_info; dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; - int rc = 0; ber_len_t len; char *ptr; if ( dli->dli_oc == NULL ) { fprintf( stderr, "dynlist_db_open(): missing \"dynlist-oc \"\n" ); - rc = -1; + return -1; } if ( dli->dli_ad == NULL ) { fprintf( stderr, "dynlist_db_open(): missing \"dynlist-ad \"\n" ); - rc = -1; + return -1; } len = STRLENOF( "(!(objectClass=" "))" ) @@ -715,7 +714,7 @@ dynlist_db_open( ptr = lutil_strcopy( ptr, "))" ); dli->dli_default_filter.bv_len = ptr - dli->dli_default_filter.bv_val; - return rc; + return 0; } static int diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 1111e32294..0e1349a181 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -636,10 +636,12 @@ free_query (CachedQuery* qc) free(qc->q_uuid.bv_val); filter_free(q->filter); free (q->base.bv_val); - for (i=0; q->attrs[i].an_name.bv_val; i++) { - free(q->attrs[i].an_name.bv_val); + if ( q->attrs ) { + for (i=0; q->attrs[i].an_name.bv_val; i++) { + free(q->attrs[i].an_name.bv_val); + } + free(q->attrs); } - free(q->attrs); free(qc); } @@ -984,8 +986,9 @@ filter2template( (*filter_attrs)[*filter_cnt].an_desc = ad; (*filter_attrs)[*filter_cnt].an_name = ad->ad_cname; - (*filter_attrs)[*filter_cnt+1].an_name.bv_val = NULL; - (*filter_attrs)[*filter_cnt+1].an_name.bv_len = 0; + (*filter_attrs)[*filter_cnt].an_oc = NULL; + (*filter_attrs)[*filter_cnt].an_oc_exclude = 0; + BER_BVZERO( &(*filter_attrs)[*filter_cnt+1].an_name ); (*filter_cnt)++; return 0; } @@ -1010,7 +1013,6 @@ cache_entries( slap_overinst *on = si->on; cache_manager *cm = on->on_bi.bi_private; query_manager* qm = cm->qm; - int i; int return_val = 0; Entry *e; struct berval crp_uuid; @@ -1166,10 +1168,11 @@ add_filter_attrs( *new_attrs = (AttributeName*)(op->o_tmpalloc((count+1)* sizeof(AttributeName), op->o_tmpmemctx)); if (attrs == NULL) { - (*new_attrs)[0].an_name.bv_val = "*"; - (*new_attrs)[0].an_name.bv_len = 1; - (*new_attrs)[1].an_name.bv_val = NULL; - (*new_attrs)[1].an_name.bv_len = 0; + BER_BVSTR( &(*new_attrs)[0].an_name, "*" ); + (*new_attrs)[0].an_desc = NULL; + (*new_attrs)[0].an_oc = NULL; + (*new_attrs)[0].an_oc_exclude = 0; + BER_BVZERO( &(*new_attrs)[1].an_name ); alluser = 1; allop = 0; } else { @@ -1177,8 +1180,7 @@ add_filter_attrs( (*new_attrs)[i].an_name = attrs[i].an_name; (*new_attrs)[i].an_desc = attrs[i].an_desc; } - (*new_attrs)[count].an_name.bv_val = NULL; - (*new_attrs)[count].an_name.bv_len = 0; + BER_BVZERO( &(*new_attrs)[count].an_name ); alluser = an_find(*new_attrs, &AllUser); allop = an_find(*new_attrs, &AllOper); } @@ -1195,9 +1197,10 @@ add_filter_attrs( (count+2)*sizeof(AttributeName), op->o_tmpmemctx)); (*new_attrs)[count].an_name = filter_attrs[i].an_name; (*new_attrs)[count].an_desc = filter_attrs[i].an_desc; + (*new_attrs)[count].an_oc = NULL; + (*new_attrs)[count].an_oc_exclude = 0; count++; - (*new_attrs)[count].an_name.bv_val = NULL; - (*new_attrs)[count].an_name.bv_len = 0; + BER_BVZERO( &(*new_attrs)[count].an_name ); } } @@ -1215,7 +1218,6 @@ proxy_cache_search( int i = -1; AttributeName *filter_attrs = NULL; - AttributeName *new_attrs = NULL; Query query; @@ -1312,15 +1314,18 @@ proxy_cache_search( for ( count = 0; !BER_BVISNULL( &op->ors_attrs[ count ].an_name ); count++ ) { ber_dupbv( &query.attrs[count].an_name, &op->ors_attrs[count].an_name ); query.attrs[count].an_desc = op->ors_attrs[count].an_desc; + query.attrs[count].an_oc = op->ors_attrs[count].an_oc; + query.attrs[count].an_oc_exclude = op->ors_attrs[count].an_oc_exclude; } if ( oc_attr_absent ) { query.attrs[ count ].an_desc = slap_schema.si_ad_objectClass; ber_dupbv( &query.attrs[count].an_name, &slap_schema.si_ad_objectClass->ad_cname ); + query.attrs[ count ].an_oc = NULL; + query.attrs[ count ].an_oc_exclude = 0; count++; } - query.attrs[ count ].an_name.bv_val = NULL; - query.attrs[ count ].an_name.bv_len = 0; + BER_BVZERO( &query.attrs[ count ].an_name ); } add_filter_attrs(op, &op->ors_attrs, query.attrs, filter_attrs); @@ -1808,9 +1813,10 @@ pc_cf_gen( ConfigArgs *c ) qm->attr_sets[num].count = 0; return 1; } + attr_name->an_oc = NULL; + attr_name->an_oc_exclude = 0; attr_name++; - attr_name->an_name.bv_val = NULL; - attr_name->an_name.bv_len = 0; + BER_BVZERO( &attr_name->an_name ); } } break; @@ -1935,17 +1941,6 @@ proxy_cache_open( slap_overinst *on = (slap_overinst *)be->bd_info; cache_manager *cm = on->on_bi.bi_private; int rc = 0; - int i; - - /* consistency check (add more...) */ - for ( i = 0; i < cm->numattrsets; i++ ) { - if ( cm->qm->attr_sets[i].attrs == NULL ) { - Debug( LDAP_DEBUG_ANY, "proxy_cache_open(): " - "attr set %d (of %d) missing\n", - i, cm->numattrsets, 0 ); - return 1; - } - } /* need to inherit something from the original database... */ cm->db.be_def_limit = be->be_def_limit; @@ -2071,7 +2066,7 @@ int pcache_init() return code; } - proxy_cache.on_bi.bi_type = "proxycache"; + proxy_cache.on_bi.bi_type = "pcache"; proxy_cache.on_bi.bi_db_init = proxy_cache_init; proxy_cache.on_bi.bi_db_config = proxy_cache_config; proxy_cache.on_bi.bi_db_open = proxy_cache_open; diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index effa673641..2937ae3cf9 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -55,7 +55,7 @@ typedef struct pp_info { * used by all instances */ typedef struct pw_conn { - int restrict; /* TRUE if connection is restricted */ + int restricted; /* TRUE if connection is restricted */ } pw_conn; static pw_conn *pwcons; @@ -792,7 +792,7 @@ ppolicy_bind_resp( Operation *op, SlapReply *rs ) * that we are disallowed from doing anything * other than change password. */ - pwcons[op->o_conn->c_conn_idx].restrict = 1; + pwcons[op->o_conn->c_conn_idx].restricted = 1; ppb->pErr = PP_changeAfterReset; @@ -998,11 +998,11 @@ ppolicy_bind( Operation *op, SlapReply *rs ) return SLAP_CB_CONTINUE; } -/* Reset the restrict flag for the next session on this connection */ +/* Reset the restricted flag for the next session on this connection */ static int ppolicy_unbind( Operation *op, SlapReply *rs ) { - pwcons[op->o_conn->c_conn_idx].restrict = 0; + pwcons[op->o_conn->c_conn_idx].restricted = 0; return SLAP_CB_CONTINUE; } @@ -1020,7 +1020,7 @@ ppolicy_restrict( send_ctrl = 1; } - if ( op->o_conn && pwcons[op->o_conn->c_conn_idx].restrict ) { + if ( op->o_conn && pwcons[op->o_conn->c_conn_idx].restricted ) { Debug( LDAP_DEBUG_TRACE, "connection restricted to password changing only\n", 0, 0, 0); if ( send_ctrl ) { @@ -1233,7 +1233,7 @@ ppolicy_modify( Operation *op, SlapReply *rs ) } } - if (pwcons[op->o_conn->c_conn_idx].restrict && !mod_pw_only) { + if (pwcons[op->o_conn->c_conn_idx].restricted && !mod_pw_only) { Debug( LDAP_DEBUG_TRACE, "connection restricted to password changing only\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c index 9a6483229d..ba948e6193 100644 --- a/servers/slapd/overlays/translucent.c +++ b/servers/slapd/overlays/translucent.c @@ -585,6 +585,7 @@ static int translucent_config( slap_overinst *on = (slap_overinst *) be->bd_info; overlay_stack *ov = on->on_bi.bi_private; void *private = be->be_private; + void *be_cf_ocs = be->be_cf_ocs; int rc; /* "this should never happen" */ @@ -594,8 +595,10 @@ static int translucent_config( } be->be_private = ov->private; + be->be_cf_ocs = ov->info->bi_cf_ocs; rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0; be->be_private = private; + be->be_cf_ocs = be_cf_ocs; /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */ if(rc == 0 || rc == 1) return(rc); diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 0480f3216c..270b1148b2 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -78,10 +78,9 @@ int passwd_extop( return rs->sr_err; } - if ( id.bv_len ) { - ber_dupbv_x( &op->o_req_dn, &id, op->o_tmpmemctx ); - /* ndn is in tmpmem, so we don't need to free it */ - rs->sr_err = dnNormalize( 0, NULL, NULL, &id, &op->o_req_ndn, op->o_tmpmemctx ); + if ( !BER_BVISEMPTY( &id ) ) { + rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn, + &op->o_req_ndn, op->o_tmpmemctx ); if ( rs->sr_err != LDAP_SUCCESS ) { rs->sr_text = "Invalid DN"; rc = rs->sr_err; @@ -315,7 +314,7 @@ int slap_passwd_parse( struct berval *reqdata, goto decoding_error; } - tag = ber_peek_tag( ber, &len); + tag = ber_peek_tag( ber, &len ); } if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ) { diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 1250297aa3..f5ed80742f 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -472,6 +472,8 @@ LDAP_SLAPD_F (int) verbs_to_mask LDAP_P(( int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m )); LDAP_SLAPD_F (int) mask_to_verbs LDAP_P(( slap_verbmasks *v, slap_mask_t m, BerVarray *bva )); +LDAP_SLAPD_F (int) enum_to_verb LDAP_P(( + slap_verbmasks *v, slap_mask_t m, struct berval *bv )); LDAP_SLAPD_F (int) bindconf_parse LDAP_P(( const char *word, slap_bindconf *bc )); LDAP_SLAPD_F (int) bindconf_unparse LDAP_P(( @@ -878,7 +880,14 @@ LDAP_SLAPD_F (int) slap_modrdn2mods( /* * modify.c */ -LDAP_SLAPD_F( int ) slap_mods_no_update_check( +LDAP_SLAPD_F( int ) slap_mods_obsolete_check( + Operation *op, + Modifications *ml, + const char **text, + char *textbuf, size_t textlen ); + +LDAP_SLAPD_F( int ) slap_mods_no_user_mod_check( + Operation *op, Modifications *ml, const char **text, char *textbuf, size_t textlen ); @@ -1272,7 +1281,10 @@ LDAP_SLAPD_F( int ) structural_class( char *textbuf, size_t textlen ); LDAP_SLAPD_F( int ) entry_schema_check( - Backend *be, Entry *e, Attribute *attrs, + Backend *be, + Entry *e, + Attribute *attrs, + int manage, const char** text, char *textbuf, size_t textlen ); @@ -1560,6 +1572,60 @@ LDAP_SLAPD_F (int) fe_op_unbind LDAP_P((Operation *op, SlapReply *rs)); #endif LDAP_SLAPD_F (int) fe_extended LDAP_P((Operation *op, SlapReply *rs)); +/* NOTE: this macro assumes that bv has been allocated + * by ber_* malloc functions or is { 0L, NULL } */ +#if defined(HAVE_BIGNUM) +#define UI2BVX(bv,ui,ctx) \ + do { \ + char *val; \ + ber_len_t len; \ + val = BN_bn2dec(ui); \ + if (val) { \ + len = strlen(val); \ + if ( len > (bv)->bv_len ) { \ + (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \ + } \ + AC_MEMCPY((bv)->bv_val, val, len + 1); \ + (bv)->bv_len = len; \ + OPENSSL_free(val); \ + } else { \ + ber_memfree_x( (bv)->bv_val, (ctx) ); \ + BER_BVZERO( (bv) ); \ + } \ + } while ( 0 ) +#elif defined(HAVE_GMP) +/* NOTE: according to the documentation, the result + * of mpz_sizeinbase() can exceed the length of the + * string representation of the number by 1 + */ +#define UI2BVX(bv,ui,ctx) \ + do { \ + ber_len_t len = mpz_sizeinbase( (ui), 10 ); \ + if ( len > (bv)->bv_len ) { \ + (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \ + } \ + (void)mpz_get_str( (bv)->bv_val, 10, (ui) ); \ + if ( (bv)->bv_val[ len - 1 ] == '\0' ) { \ + len--; \ + } \ + (bv)->bv_len = len; \ + } while ( 0 ) +#else /* ! HAVE_BIGNUM && ! HAVE_GMP */ +#define UI2BVX(bv,ui,ctx) \ + do { \ + char buf[] = "+9223372036854775807L"; \ + ber_len_t len; \ + snprintf( buf, sizeof( buf ), "%lu", (ui) ); \ + len = strlen( buf ); \ + if ( len > (bv)->bv_len ) { \ + (bv)->bv_val = ber_memrealloc_x( (bv)->bv_val, len + 1, (ctx) ); \ + } \ + AC_MEMCPY( (bv)->bv_val, buf, len + 1 ); \ + } while ( 0 ) +#endif /* ! HAVE_GMP */ + +#define UI2BV(bv,ui) UI2BVX(bv,ui,NULL) + LDAP_END_DECL #endif /* PROTO_SLAP_H */ diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 964a01c3af..97c5cf3857 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -577,7 +577,7 @@ slap_send_ldap_result( Operation *op, SlapReply *rs ) if ( rs->sr_err == SLAPD_ABANDON ) goto abandon; - assert( !LDAP_API_ERROR( rs->sr_err )); + assert( !LDAP_API_ERROR( rs->sr_err ) ); Debug( LDAP_DEBUG_TRACE, "send_ldap_result: %s p=%d\n", @@ -1401,6 +1401,7 @@ slap_send_search_reference( Operation *op, SlapReply *rs ) goto rel; } + rc = 0; if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) { be_entry_release_rw( op, rs->sr_entry, 0 ); rs->sr_flags ^= REP_ENTRY_MUSTRELEASE; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 091a7d2139..87fce497a5 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -386,8 +386,8 @@ slap_auxprop_store( rc = slap_mods_check( modlist, &text, textbuf, textlen, NULL ); if ( rc == LDAP_SUCCESS ) { - rc = slap_mods_no_update_check( modlist, &text, - textbuf, textlen ); + rc = slap_mods_no_user_mod_check( &op, modlist, + &text, textbuf, textlen ); if ( rc == LDAP_SUCCESS ) { rc = slap_mods_opattrs( &op, modlist, modtail, diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index cdf21460ca..1d47ff4365 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -31,6 +31,7 @@ static char * oc_check_required( static int entry_naming_check( Entry *e, + int manage, const char** text, char *textbuf, size_t textlen ); /* @@ -45,6 +46,7 @@ entry_schema_check( Backend *be, Entry *e, Attribute *oldattrs, + int manage, const char** text, char *textbuf, size_t textlen ) { @@ -151,7 +153,7 @@ entry_schema_check( return LDAP_OTHER; } - if( sc->soc_obsolete ) { + if( !manage && sc->soc_obsolete ) { snprintf( textbuf, textlen, "structuralObjectClass '%s' is OBSOLETE", asc->a_vals[0].bv_val ); @@ -201,7 +203,7 @@ entry_schema_check( /* naming check */ if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) { - rc = entry_naming_check( e, text, textbuf, textlen ); + rc = entry_naming_check( e, manage, text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { return rc; } @@ -217,7 +219,7 @@ entry_schema_check( /* check that the entry has required attrs of the content rule */ if( cr ) { - if( cr->scr_obsolete ) { + if( !manage && cr->scr_obsolete ) { snprintf( textbuf, textlen, "content rule '%s' is obsolete", ldap_contentrule2name( &cr->scr_crule )); @@ -292,7 +294,7 @@ entry_schema_check( return LDAP_OBJECT_CLASS_VIOLATION; } - if ( oc->soc_obsolete ) { + if ( !manage && oc->soc_obsolete ) { /* disallow obsolete classes */ snprintf( textbuf, textlen, "objectClass '%s' is OBSOLETE", @@ -727,6 +729,7 @@ int mods_structural_class( static int entry_naming_check( Entry *e, + int manage, const char** text, char *textbuf, size_t textlen ) { @@ -787,7 +790,7 @@ entry_naming_check( break; } - if( desc->ad_type->sat_obsolete ) { + if( !manage && desc->ad_type->sat_obsolete ) { snprintf( textbuf, textlen, "naming attribute '%s' is obsolete", ava->la_attr.bv_val ); diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index c22c935a98..e6d66910ca 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -449,7 +449,7 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, 0, + NULL, SLAP_AT_MANAGEABLE, oidValidate, objectClassPretty, NULL, NULL, objectSubClassMatch, objectSubClassIndexer, objectSubClassFilter, @@ -460,7 +460,7 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, 0, + NULL, SLAP_AT_MANAGEABLE, NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_createTimestamp) }, @@ -470,7 +470,7 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, 0, + NULL, SLAP_AT_MANAGEABLE, NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, @@ -479,7 +479,7 @@ static struct slap_schema_ad_map { "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, 0, + NULL, SLAP_AT_MANAGEABLE, NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_creatorsName) }, @@ -488,7 +488,7 @@ static struct slap_schema_ad_map { "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, 0, + NULL, SLAP_AT_MANAGEABLE, NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifiersName) }, @@ -845,6 +845,8 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_children) }, + + /* access control externals */ { "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 " "NAME ( 'authzTo' 'saslAuthzTo' ) " "DESC 'proxy authorization targets' " diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index f7fd70d98d..b4e7e187a3 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -110,7 +110,7 @@ LDAP_BEGIN_DECL #endif #define SERVICE_NAME OPENLDAP_PACKAGE "-slapd" -#define SLAPD_ANONYMOUS "cn=anonymous" +#define SLAPD_ANONYMOUS "" /* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h! * This is a value used internally by the backends. It is needed to allow @@ -658,20 +658,23 @@ typedef struct slap_attribute_type { AttributeTypeSchemaCheckFN *sat_check; char *sat_oidmacro; -#define SLAP_AT_NONE 0x0000U -#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ -#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ +#define SLAP_AT_NONE 0x0000U +#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ +#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ #ifdef LDAP_DEVEL -#define SLAP_AT_HIDE 0x0000U /* publish everything */ +#define SLAP_AT_HIDE 0x0000U /* publish everything */ #else -#define SLAP_AT_HIDE 0x8000U /* hide attribute */ +#define SLAP_AT_HIDE 0x8000U /* hide attribute */ #endif -#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */ +#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */ + +#define SLAP_AT_MANAGEABLE 0x0800U /* no-user-mod can be by-passed */ #define SLAP_AT_ORDERED_VAL 0x0001U /* values are ordered */ #define SLAP_AT_ORDERED_SIB 0x0002U /* siblings are ordered */ -#define SLAP_AT_ORDERED 0x0003U /* value has order index */ -#define SLAP_AT_HARDCODE 0x10000U /* This is hardcoded schema */ +#define SLAP_AT_ORDERED 0x0003U /* value has order index */ + +#define SLAP_AT_HARDCODE 0x10000U /* hardcoded schema */ slap_mask_t sat_flags; @@ -1302,7 +1305,7 @@ typedef struct slap_access { #define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE ) /* NOTE: always use the highest level; current: 0x00ffUL */ -#define ACL_PRIV_MASK ((ACL_PRIV_MANAGE - 1) | ACL_QUALIFIER_MASK) +#define ACL_PRIV_MASK ((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK) /* priv flags */ #define ACL_PRIV_LEVEL 0x1000UL @@ -1490,9 +1493,10 @@ LDAP_SLAPD_V (int) slapMode; #define SLAP_TOOL_READONLY 0x0400 #define SLAP_TOOL_QUICK 0x0800 +#define SB_TLS_DEFAULT (-1) #define SB_TLS_OFF 0 #define SB_TLS_ON 1 -#define SB_TLS_CRITICAL 2 +#define SB_TLS_CRITICAL 2 typedef struct slap_bindconf { int sb_tls; @@ -1517,7 +1521,7 @@ struct slap_replica_info { typedef struct slap_verbmasks { struct berval word; - const int mask; + const slap_mask_t mask; } slap_verbmasks; #define SLAP_LIMIT_TIME 1 @@ -2211,6 +2215,7 @@ struct slap_control_ids { int sc_preRead; int sc_postRead; int sc_proxyAuthz; + int sc_manageDIT; int sc_manageDSAit; int sc_modifyIncrement; int sc_noOp; @@ -2375,6 +2380,9 @@ typedef struct slap_op { char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ void **o_controls; /* per-control state */ +#define o_managedit o_ctrlflag[slap_cids.sc_manageDIT] +#define get_manageDIT(op) _SCM((op)->o_managedit) + #define o_managedsait o_ctrlflag[slap_cids.sc_manageDSAit] #define get_manageDSAit(op) _SCM((op)->o_managedsait) @@ -2443,6 +2451,7 @@ typedef struct slap_op { void *o_private; /* anything the backend needs */ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ + } Operation; #define OPERATION_BUFFER_SIZE (sizeof(Operation)+sizeof(Opheader)+SLAP_MAX_CIDS*sizeof(void *)) @@ -2667,6 +2676,8 @@ typedef struct slap_counters_t { #define SLAP_CTRL_HIDE 0x80000000U #endif +#define SLAP_CTRL_REQUIRES_ROOT 0x40000000U /* for ManageDIT */ + #define SLAP_CTRL_GLOBAL 0x00800000U #define SLAP_CTRL_GLOBAL_SEARCH 0x00010000U /* for NOOP */ diff --git a/servers/slapd/slapadd.c b/servers/slapd/slapadd.c index 34ccc3fd8a..ac66a3f008 100644 --- a/servers/slapd/slapadd.c +++ b/servers/slapd/slapadd.c @@ -53,6 +53,7 @@ slapadd( int argc, char **argv ) char textbuf[SLAP_TEXT_BUFLEN] = { '\0' }; size_t textlen = sizeof textbuf; const char *progname = "slapadd"; + int manage = 0; struct berval csn; struct berval maxcsn; @@ -176,11 +177,13 @@ slapadd( int argc, char **argv ) break; } - attr_merge_one( e, slap_schema.si_ad_structuralObjectClass, &val, NULL ); + attr_merge_one( e, slap_schema.si_ad_structuralObjectClass, + &val, NULL ); } /* check schema */ - rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen ); + rc = entry_schema_check( be, e, NULL, manage, + &text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n", diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index 3e32409ecf..5a95c62fc3 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -455,23 +455,22 @@ slapi_int_ldapmod_to_entry( size_t textlen = sizeof( textbuf ); rc = slap_mods_check( modlist, &text, - textbuf, textlen, NULL ); + textbuf, textlen, NULL ); if ( rc != LDAP_SUCCESS) { goto cleanup; } if ( !update ) { - rc = slap_mods_no_update_check( modlist, - &text, textbuf, textlen ); + rc = slap_mods_no_user_mod_check( op, modlist, + &text, textbuf, textlen ); if ( rc != LDAP_SUCCESS) { goto cleanup; } } if ( !repl_user ) { - rc = slap_mods_opattrs( op, - modlist, modtail, &text, - textbuf, textlen, 1 ); + rc = slap_mods_opattrs( op, modlist, modtail, + &text, textbuf, textlen, 1 ); if ( rc != LDAP_SUCCESS) { goto cleanup; } @@ -488,8 +487,7 @@ slapi_int_ldapmod_to_entry( } } -cleanup: - +cleanup:; if ( dn.bv_val ) slapi_ch_free( (void **)&dn.bv_val ); if ( modlist != NULL ) @@ -1030,14 +1028,14 @@ slapi_modify_internal( slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; rs.sr_err = slap_mods_check( modlist, - &text, textbuf, textlen, NULL ); + &text, textbuf, textlen, NULL ); if ( rs.sr_err != LDAP_SUCCESS ) { goto cleanup; } if ( !update ) { - rs.sr_err = slap_mods_no_update_check( modlist, - &text, textbuf, textlen ); + rs.sr_err = slap_mods_no_user_mod_check( op, modlist, + &text, textbuf, textlen ); if ( rs.sr_err != LDAP_SUCCESS ) { goto cleanup; } diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c index 7590a93912..1adeb85086 100644 --- a/servers/slapd/slapi/slapi_utils.c +++ b/servers/slapd/slapi/slapi_utils.c @@ -4118,7 +4118,8 @@ int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e ) if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void **)&be ) != 0 ) return -1; - rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen ); + rc = entry_schema_check( be, e, NULL, 0, + &text, textbuf, textlen ); return ( rc == LDAP_SUCCESS ) ? 0 : 1; #else diff --git a/tests/data/manage.out b/tests/data/manage.out new file mode 100644 index 0000000000..8e12d5063e --- /dev/null +++ b/tests/data/manage.out @@ -0,0 +1,451 @@ +dn: cn=All Staff,ou=Groups,dc=example,dc=com +member: cn=Manager,dc=example,dc=com +member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam + ple,dc=com +member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc + =com +member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa + mple,dc=com +member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl + e,dc=com +owner: cn=Manager,dc=example,dc=com +cn: All Staff +description: Everyone in the sample data +objectClass: groupOfNames +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com +member: cn=Manager,dc=example,dc=com +member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com +owner: cn=Manager,dc=example,dc=com +description: All Alumni Assoc Staff +cn: Alumni Assoc Staff +objectClass: groupOfNames +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: organizationalUnit +ou: Alumni Association +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example, + dc=com +objectClass: OpenLDAPperson +objectClass: obsoletePerson +cn: Barbara Jensen +cn: Babs Jensen +sn:: IEplbnNlbiA= +uid: bjensen +title: Mythical Manager, Research Systems +postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt + own, MI 48103-4943 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +userPassword:: YmplbnNlbg== +mail: bjensen@mailgw.example.com +homePostalAddress: 123 Wesley $ Anytown, MI 48103 +description: Mythical manager of the rsdd unix project +drink: water +homePhone: +1 313 555 2333 +pager: +1 313 555 3233 +facsimileTelephoneNumber: +1 313 555 2274 +telephoneNumber: +1 313 555 9022 +creatorsName: cn=Manager,dc=example,dc=com +testObsolete: TRUE +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc + =com +objectClass: OpenLDAPperson +cn: Bjorn Jensen +cn: Biiff Jensen +sn: Jensen +uid: bjorn +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +userPassword:: Ympvcm4= +homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 +drink: Iced Tea +description: Hiker, biker +title: Director, Embedded Systems +postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103 +mail: bjorn@mailgw.example.com +homePhone: +1 313 555 5444 +pager: +1 313 555 4474 +facsimileTelephoneNumber: +1 313 555 2177 +telephoneNumber: +1 313 555 0355 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: Dorothy Stevens +cn: Dot Stevens +sn: Stevens +uid: dots +title: Secretary, UM Alumni Association +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +drink: Lemonade +homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104 +description: Very tall +facsimileTelephoneNumber: +1 313 555 3223 +telephoneNumber: +1 313 555 3664 +mail: dots@mail.alumni.example.com +homePhone: +1 313 555 0454 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: dc=example,dc=com +objectClass: top +objectClass: organization +objectClass: domainRelatedObject +objectClass: dcObject +dc: example +l: Anytown, Michigan +st: Michigan +o: Example, Inc. +o: EX +o: Ex. +description: The Example, Inc. at Anytown +postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US +telephoneNumber: +1 313 555 1817 +associatedDomain: example.com +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: ou=Groups,dc=example,dc=com +objectClass: organizationalUnit +ou: Groups +creatorsName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc= + example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: ou=Information Technology Division,ou=People,dc=example,dc=com +objectClass: organizationalUnit +ou: Information Technology Division +description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD + woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi + 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4 + LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP + Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC + gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU + MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4 + LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L + Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD + gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw + 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo + PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P + CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD + woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw + oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo + PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O + CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC + wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg + 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4 + PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K + Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD + g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw + oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs + OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P + Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC + gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg + 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo + LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF + Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD + gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw + 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs + KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L + ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC + w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt + sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4 + PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P + Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC + gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN + DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo + PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O + DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD + woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw + 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs + KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj + Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD + woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw + oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4 + PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL + Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf + XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw + oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM + ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO + DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD + woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg + 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0 + 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK + Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD + gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw + oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs + OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L + CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+ + S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw + 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo + vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK + Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC + w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw + oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo + PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK + AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC + g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw + oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM + ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK + Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD + gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg + 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo + LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP + DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC + gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw + 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs + KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL + Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA + w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg + sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo + LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO + CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD + w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw + oLDg8KCw4LCgzBBMUFhMUFrMUE= +description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC + wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg + 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo + zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O + DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD + w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg + 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo + PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O + DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD + gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw + 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo + PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK + BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD + w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw + 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8 + KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL + Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx + w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw + 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo + LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D + Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD + woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg + sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4 + LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK + Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL + RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg + 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8 + OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP + Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD + gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw + oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8 + KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P + Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD + woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw + 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs + KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L + ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC + w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta + MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs + KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L + Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD + gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw + p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4 + LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L + CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD + gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw + 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4 + PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL + Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC + i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg + 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8 + ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw== +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +owner: cn=Manager,dc=example,dc=com +description: All ITD Staff +cn: ITD Staff +objectClass: groupOfUniqueNames +uniqueMember: cn=Manager,dc=example,dc=com +uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc= + example,dc=com +uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People, + dc=example,dc=com +uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam + ple,dc=com +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: James A Jones 1 +cn: James Jones +cn: Jim Jones +sn: Jones +uid: jaj +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +userPassword:: amFq +homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105 +homePhone: +1 313 555 4772 +description: Outstanding +title: Mad Cow Researcher, UM Alumni Association +pager: +1 313 555 3923 +mail: jaj@mail.alumni.example.com +facsimileTelephoneNumber: +1 313 555 4332 +telephoneNumber: +1 313 555 0895 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example + ,dc=com +objectClass: OpenLDAPperson +cn: James A Jones 2 +cn: James Jones +cn: Jim Jones +sn: Doe +uid: jjones +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +homePostalAddress: 933 Brooks $ Anytown, MI 48104 +homePhone: +1 313 555 8838 +title: Senior Manager, Information Technology Division +description: Not around very much +mail: jjones@mailgw.example.com +postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103 +pager: +1 313 555 2833 +facsimileTelephoneNumber: +1 313 555 8688 +telephoneNumber: +1 313 555 7334 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: Jane Doe +cn: Jane Alverson +sn: Doe +uid: jdoe +title: Programmer Analyst, UM Alumni Association +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +homePostalAddress: 123 Anystreet $ Anytown, MI 48104 +drink: diet coke +description: Enthusiastic +mail: jdoe@woof.net +homePhone: +1 313 555 5445 +pager: +1 313 555 1220 +facsimileTelephoneNumber: +1 313 555 2311 +telephoneNumber: +1 313 555 4774 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: Jennifer Smith +cn: Jen Smith +sn: Smith +uid: jen +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +drink: Sam Adams +homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103 +title: Telemarketer, UM Alumni Association +mail: jen@mail.alumni.example.com +homePhone: +1 313 555 2333 +pager: +1 313 555 6442 +facsimileTelephoneNumber: +1 313 555 2756 +telephoneNumber: +1 313 555 8232 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: John Doe +cn: Jonathon Doe +sn: Doe +uid: johnd +postalAddress: ITD $ 535 W. William $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +homePostalAddress: 912 East Bllvd $ Anytown, MI 48104 +title: System Administrator, Information Technology Division +description: overworked! +mail: johnd@mailgw.example.com +homePhone: +1 313 555 3774 +pager: +1 313 555 6573 +facsimileTelephoneNumber: +1 313 555 4544 +telephoneNumber: +1 313 555 9394 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Manager,dc=example,dc=com +objectClass: person +cn: Manager +cn: Directory Manager +cn: Dir Man +sn: Manager +description: Manager of the directory +userPassword:: c2VjcmV0 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: Mark Elliot +cn: Mark A Elliot +sn: Elliot +uid: melliot +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198 +homePhone: +1 313 555 0388 +drink: Gasoline +title: Director, UM Alumni Association +mail: melliot@mail.alumni.example.com +pager: +1 313 555 7671 +facsimileTelephoneNumber: +1 313 555 7762 +telephoneNumber: +1 313 555 4177 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: ou=People,dc=example,dc=com +objectClass: organizationalUnit +objectClass: extensibleObject +ou: People +uidNumber: 0 +gidNumber: 0 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + +dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com +objectClass: OpenLDAPperson +cn: Ursula Hampster +sn: Hampster +uid: uham +title: Secretary, UM Alumni Association +postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 +seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com +homePostalAddress: 123 Anystreet $ Anytown, MI 48104 +mail: uham@mail.alumni.example.com +homePhone: +1 313 555 8421 +pager: +1 313 555 2844 +facsimileTelephoneNumber: +1 313 555 9700 +telephoneNumber: +1 313 555 5331 +creatorsName: cn=Manager,dc=example,dc=com +modifiersName: cn=Manager,dc=example,dc=com + diff --git a/tests/data/slapd-cache-master.conf b/tests/data/slapd-cache-master.conf index f4b8073aaa..87476f20dd 100644 --- a/tests/data/slapd-cache-master.conf +++ b/tests/data/slapd-cache-master.conf @@ -37,7 +37,11 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub #monitor#database monitor diff --git a/tests/data/slapd-dn.conf b/tests/data/slapd-dn.conf index c7e414c089..eb429ae8cb 100644 --- a/tests/data/slapd-dn.conf +++ b/tests/data/slapd-dn.conf @@ -37,7 +37,11 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub #monitor#database monitor diff --git a/tests/data/slapd-emptydn.conf b/tests/data/slapd-emptydn.conf index 55e5fa1708..b98b059ff6 100644 --- a/tests/data/slapd-emptydn.conf +++ b/tests/data/slapd-emptydn.conf @@ -43,8 +43,12 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub access to attrs=userPassword by dn.exact="cn=Manager,c=US" write @@ -64,8 +68,12 @@ suffix "" directory ./testrun/db.2.a rootdn "cn=Manager,c=US" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub access to attrs=userPassword by self =wx diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf index 648ac31320..6ade32efd8 100644 --- a/tests/data/slapd-idassert.conf +++ b/tests/data/slapd-idassert.conf @@ -84,11 +84,8 @@ database ldap suffix "o=Example,c=US" uri "@URI1@" -#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" @SASL_MECH@ -#nosasl#idassert-method "simple" -#nosasl#idassert-authcDN "cn=Proxy US,ou=Admin,dc=example,dc=com" -#nosasl#idassert-passwd proxy -idassert-mode self +#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self +#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self # authorizes database idassert-authzFrom "dn.subtree:dc=example,dc=it" @@ -103,10 +100,7 @@ uri "@URI1@" acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" acl-passwd proxy -idassert-method "simple" -idassert-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" -idassert-passwd proxy -idassert-mode "dn:cn=Sandbox,ou=Admin,dc=example,dc=com" +idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" # authorizes database idassert-authzFrom "dn.subtree:dc=example,dc=com" diff --git a/tests/data/slapd-ldapglue.conf b/tests/data/slapd-ldapglue.conf index 95e9e28604..a07599d676 100644 --- a/tests/data/slapd-ldapglue.conf +++ b/tests/data/slapd-ldapglue.conf @@ -54,22 +54,16 @@ database ldap suffix "ou=People,dc=example,dc=com" uri "@URI2@" # FIXME: doesn't work with authz=native -#sasl#idassert-method sasl authcid=proxy cred=proxy @SASL_MECH@ -#nosasl#idassert-method simple -#nosasl#idassert-authcDN "uid=proxy,ou=People,dc=example,dc=com" -#nosasl#idassert-passwd proxy -idassert-mode self +#sasl#idassert-bind bindmethod=sasl authcid=proxy credentials=proxy @SASL_MECH@ mode=self +#nosasl#idassert-bind bindmethod=simple binddn"uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self # groups branch database ldap suffix "ou=Groups,dc=example,dc=com" uri "@URI3@" # FIXME: doesn't work with authz=native -#sasl#idassert-method sasl authcid=proxy cred=proxy @SASL_MECH@ -#nosasl#idassert-method simple -#nosasl#idassert-authcDN "uid=proxy,ou=Groups,dc=example,dc=com" -#nosasl#idassert-passwd proxy -idassert-mode self +#sasl#idassert-bind bindmethod=sasl authcid=proxy credentials=proxy @SASL_MECH@ mode=self +#nosasl#idassert-bind bindmethod=simple binddn="uid=proxy,ou=Groups,dc=example,dc=com" credentials=proxy mode=self # root database @BACKEND@ diff --git a/tests/data/slapd-meta.conf b/tests/data/slapd-meta.conf index e1014af1c8..1eefd7cbd4 100644 --- a/tests/data/slapd-meta.conf +++ b/tests/data/slapd-meta.conf @@ -45,7 +45,7 @@ rootdn "cn=Manager,o=Example,c=US" rootpw secret chase-referrals no #nretries forever -nretries 1000 +#nretries 1000 # local uri "@URI2@ou=Meta,o=Example,c=US" diff --git a/tests/data/slapd-meta2.conf b/tests/data/slapd-meta2.conf index bebcea2f11..dc65690a0c 100644 --- a/tests/data/slapd-meta2.conf +++ b/tests/data/slapd-meta2.conf @@ -44,6 +44,7 @@ suffix "ou=Meta,dc=example,dc=com" directory ./testrun/db.2.a rootdn "cn=Manager,ou=Meta,dc=example,dc=com" rootpw secret -index objectClass eq +#bdb#index objectClass eq +#ldbm#index objectClass eq #monitor#database monitor diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf index debfa68fa2..f58e536ff5 100644 --- a/tests/data/slapd-ppolicy.conf +++ b/tests/data/slapd-ppolicy.conf @@ -38,7 +38,9 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq +#bdb#index objectClass eq +#hdb#index objectClass eq +#ldbm#index objectClass eq overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,dc=example,dc=com" ppolicy_use_lockout diff --git a/tests/data/slapd-proxycache.conf b/tests/data/slapd-proxycache.conf index bfcb01a756..1fac77c7d1 100644 --- a/tests/data/slapd-proxycache.conf +++ b/tests/data/slapd-proxycache.conf @@ -41,7 +41,7 @@ suffix "dc=example,dc=com" rootdn "dc=example,dc=com" uri "@URI1@" -overlay proxycache +overlay pcache proxycache @BACKEND@ 100 2 @ENTRY_LIMIT@ @CACHETTL@ proxyattrset 0 sn cn title uid proxyattrset 1 mail postaladdress telephonenumber cn uid @@ -50,9 +50,15 @@ proxytemplate (sn=) 0 @CACHETTL@ proxytemplate (uid=) 1 @CACHETTL@ proxytemplate (mail=) 0 @CACHETTL@ -cachesize 20 +#bdb#cachesize 20 +#hdb#cachesize 20 +#ldbm#cachesize 20 directory ./testrun/db.2.a -index objectClass eq -index cn,sn,uid,mail pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid,mail pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid,mail pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid,mail pres,eq,sub #monitor#database monitor diff --git a/tests/data/slapd-pw.conf b/tests/data/slapd-pw.conf index 4d7d3c85d5..e03f205d17 100644 --- a/tests/data/slapd-pw.conf +++ b/tests/data/slapd-pw.conf @@ -37,8 +37,12 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub # # normal installations should protect root dse, diff --git a/tests/data/slapd-ref-slave.conf b/tests/data/slapd-ref-slave.conf index 131d2cadb7..c36847bf48 100644 --- a/tests/data/slapd-ref-slave.conf +++ b/tests/data/slapd-ref-slave.conf @@ -35,7 +35,9 @@ argsfile ./testrun/slapd.2.args referral "@URI1@" database @BACKEND@ -cachesize 0 +#bdb#cachesize 0 +#hdb#cachesize 0 +#ldbm#cachesize 0 suffix "o=University of Mich,c=US" directory ./testrun/db.2.a rootdn "cn=Manager,o=University of Mich,c=US" diff --git a/tests/data/slapd-repl-slave.conf b/tests/data/slapd-repl-slave.conf index a033232867..2de1bf49f2 100644 --- a/tests/data/slapd-repl-slave.conf +++ b/tests/data/slapd-repl-slave.conf @@ -32,16 +32,10 @@ argsfile ./testrun/slapd.2.args #ldapyes#overlay chain #ldapyes#chain-uri @URI1@ -#ldapyes#chain-idassert-method "simple" -#ldapyes#chain-idassert-authcDN "cn=Manager,dc=example,dc=com" -#ldapyes#chain-idassert-passwd secret -#ldapyes#chain-idassert-mode self +#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self #ldapmod#overlay chain #ldapmod#chain-uri @URI1@ -#ldapmod#chain-idassert-method "simple" -#ldapmod#chain-idassert-authcDN "cn=Manager,dc=example,dc=com" -#ldapmod#chain-idassert-passwd secret -#ldapmod#chain-idassert-mode self +#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self ####################################################################### # database definitions diff --git a/tests/data/slapd-schema.conf b/tests/data/slapd-schema.conf index 5368b8da0d..d1f82f6177 100644 --- a/tests/data/slapd-schema.conf +++ b/tests/data/slapd-schema.conf @@ -25,6 +25,7 @@ include ./schema/misc.schema include ./schema/nis.schema include ./schema/openldap.schema # +include ./schema/duaconf.schema include ./schema/dyngroup.schema include ./schema/ppolicy.schema diff --git a/tests/data/slapd-sql-syncrepl-master.conf b/tests/data/slapd-sql-syncrepl-master.conf new file mode 100644 index 0000000000..4c3b65d70c --- /dev/null +++ b/tests/data/slapd-sql-syncrepl-master.conf @@ -0,0 +1,78 @@ +# master slapd config -- for testing +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2005 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +#ucdata-path ./ucdata +include ./schema/core.schema +include ./schema/cosine.schema +include ./schema/inetorgperson.schema +include ./schema/openldap.schema +include ./schema/nis.schema +pidfile ./testrun/slapd.1.pid +argsfile ./testrun/slapd.1.args + +#sqlmod#modulepath ../servers/slapd/back-sql/ +#sqlmod#moduleload back_sql.la +#monitormod#modulepath ../servers/slapd/back-monitor/ +#monitormod#moduleload back_monitor.la + +# +# normal installations should protect root dse, +# cn=monitor, cn=schema, and cn=config +# + +access to attr=userpassword + by self =wx + by anonymous =x + +access to * + by * read + +####################################################################### +# sql database definitions +####################################################################### + +database sql +suffix "dc=example,dc=com" +rootdn "cn=Manager,dc=example,dc=com" +rootpw secret +dbname example +dbuser manager +dbpasswd secret + +# +# rdbms specific directives +# +# IBM db2 +#ibmdb2#upper_func "ucase" +#ibmdb2#upper_needs_cast "yes" +#ibmdb2#concat_pattern "?||?" +#ibmdb2#children_cond "ucase(ldap_entries.dn)=ucase(cast(? as varchar(255)))" +#ibmdb2#create_needs_select "yes" +#ibmdb2#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)" +# +# PostgreSQL +#postgres#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)" +#postgres#upper_func "upper" +#postgres#strcast_func "text" +#postgres#concat_pattern "?||?" +# +# MySQL +#mysql#concat_pattern "concat(?,?)" + +has_ldapinfo_dn_ru no + +overlay syncprov + +#monitor#database monitor diff --git a/tests/data/slapd-syncrepl-slave-persist1.conf b/tests/data/slapd-syncrepl-slave-persist1.conf index 75520f9268..c930f3c1c9 100644 --- a/tests/data/slapd-syncrepl-slave-persist1.conf +++ b/tests/data/slapd-syncrepl-slave-persist1.conf @@ -34,16 +34,10 @@ argsfile ./testrun/slapd.4.args #ldapyes#overlay chain #ldapyes#chain-uri @URI1@ -#ldapyes#chain-idassert-method "simple" -#ldapyes#chain-idassert-authcDN "cn=Manager,dc=example,dc=com" -#ldapyes#chain-idassert-passwd secret -#ldapyes#chain-idassert-mode self +#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self #ldapmod#overlay chain #ldapmod#chain-uri @URI1@ -#ldapmod#chain-idassert-method "simple" -#ldapmod#chain-idassert-authcDN "cn=Manager,dc=example,dc=com" -#ldapmod#chain-idassert-passwd secret -#ldapmod#chain-idassert-mode self +#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self ####################################################################### # consumer database definitions diff --git a/tests/data/slapd-translucent-local.conf b/tests/data/slapd-translucent-local.conf index 3f4ed66066..3ba45516a7 100644 --- a/tests/data/slapd-translucent-local.conf +++ b/tests/data/slapd-translucent-local.conf @@ -51,5 +51,4 @@ translucent_no_glue # XXX this uri really shouldn't be hardcoded uri @URI1@ lastmod off -acl-authcDN uid=binder,o=translucent -acl-passwd bindtest +acl-bind binddn="uid=binder,o=translucent" credentials="bindtest" diff --git a/tests/data/slapd-unique.conf b/tests/data/slapd-unique.conf index 44794dc378..8d16feb035 100644 --- a/tests/data/slapd-unique.conf +++ b/tests/data/slapd-unique.conf @@ -39,8 +39,12 @@ suffix "o=unique" directory ./testrun/db.1.a rootdn "cn=Manager,o=unique" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub overlay unique unique_ignore o cn sn ou objectClass diff --git a/tests/data/slapd-whoami.conf b/tests/data/slapd-whoami.conf index cc82bbcafb..c24b781629 100644 --- a/tests/data/slapd-whoami.conf +++ b/tests/data/slapd-whoami.conf @@ -57,7 +57,11 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#hdb#index objectClass eq +#hdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub #monitor#database monitor diff --git a/tests/data/slapd.conf b/tests/data/slapd.conf index 45283e55e2..2d3be6b33f 100644 --- a/tests/data/slapd.conf +++ b/tests/data/slapd.conf @@ -38,7 +38,9 @@ suffix "dc=example,dc=com" directory ./testrun/db.1.a rootdn "cn=Manager,dc=example,dc=com" rootpw secret -index objectClass eq -index cn,sn,uid pres,eq,sub +#bdb#index objectClass eq +#bdb#index cn,sn,uid pres,eq,sub +#ldbm#index objectClass eq +#ldbm#index cn,sn,uid pres,eq,sub #monitor#database monitor diff --git a/tests/data/test.schema b/tests/data/test.schema index 373d8ca10f..3e37b20613 100644 --- a/tests/data/test.schema +++ b/tests/data/test.schema @@ -44,6 +44,18 @@ attributetype ( 1.3.6.1.4.1.4203.666.1.37 syntax 1.3.6.1.4.1.1466.115.121.1.24 single-value ) -objectClass ( 1.3.6.1.4.1.4203.666.1.38 +attributetype ( 1.3.6.1.4.1.4203.666.1.38 + name 'testObsolete' + obsolete + equality booleanMatch + syntax 1.3.6.1.4.1.1466.115.121.1.7 + single-value ) + +objectClass ( 1.3.6.1.4.1.4203.666.3.15 name 'testPerson' sup OpenLDAPperson may testTime ) + +objectClass ( 1.3.6.1.3.1.4203.666.3.16 + name 'obsoletePerson' + obsolete auxiliary + may ( testObsolete ) ) diff --git a/tests/run.in b/tests/run.in index 0754ba59d7..57adb1c587 100644 --- a/tests/run.in +++ b/tests/run.in @@ -113,6 +113,9 @@ while test $# -gt 0 ; do done BACKENDTYPE=`eval 'echo $AC_'$BACKEND` +if test "x$BACKENDTYPE" = "x" ; then + BACKENDTYPE="unknown" +fi export BACKEND BACKENDTYPE WAIT KILLSERVERS PRESERVE USERDATA if test $# = 0 ; then diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh index 5ba3b9d912..06cbe31205 100755 --- a/tests/scripts/conf.sh +++ b/tests/scripts/conf.sh @@ -27,7 +27,7 @@ if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then if [ x"$USE_SASL" = x"yes" ] ; then USE_SASL=DIGEST-MD5 fi - SASL_MECH="\"mech=$USE_SASL\"" + SASL_MECH="\"saslmech=$USE_SASL\"" else SASL="nosasl" SASL_MECH= diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh index 5e631b8ae4..2596181bbf 100755 --- a/tests/scripts/defines.sh +++ b/tests/scripts/defines.sh @@ -86,6 +86,7 @@ CHAINCONF2=$DATADIR/slapd-chain2.conf GLUESYNCCONF1=$DATADIR/slapd-glue-syncrepl1.conf GLUESYNCCONF2=$DATADIR/slapd-glue-syncrepl2.conf SQLCONF=$DATADIR/slapd-sql.conf +SQLSRMASTERCONF=$DATADIR/slapd-sql-syncrepl-master.conf TRANSLUCENTLOCALCONF=$DATADIR/slapd-translucent-local.conf TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf METACONF=$DATADIR/slapd-meta.conf @@ -209,7 +210,9 @@ SLAPADDLOG1=$TESTDIR/slapadd.1.log SLURPLOG=$TESTDIR/slurp.log SEARCHOUT=$TESTDIR/ldapsearch.out +SEARCHOUT2=$TESTDIR/ldapsearch2.out SEARCHFLT=$TESTDIR/ldapsearch.flt +SEARCHFLT2=$TESTDIR/ldapsearch2.flt LDIFFLT=$TESTDIR/ldif.flt TESTOUT=$TESTDIR/test.out INITOUT=$TESTDIR/init.out @@ -264,6 +267,7 @@ SQLWRITE=$DATADIR/sql-write.out TRANSLUCENTOUT=$DATADIR/translucent.search.out METAOUT=$DATADIR/meta.out METACONCURRENCYOUT=$DATADIR/metaconcurrency.out +MANAGEOUT=$DATADIR/manage.out # Just in case we linked the binaries dynamically LD_LIBRARY_PATH=`pwd`/../libraries:${LD_LIBRARY_PATH} export LD_LIBRARY_PATH diff --git a/tests/scripts/test008-concurrency b/tests/scripts/test008-concurrency index 080c1d5db6..9c5df79515 100755 --- a/tests/scripts/test008-concurrency +++ b/tests/scripts/test008-concurrency @@ -20,7 +20,7 @@ mkdir -p $TESTDIR $DBDIR1 echo "Running slapadd to build slapd database..." . $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 -$SLAPADD -f $CONF1 -l $LDIFORDERED -d -1 2> /tmp/slapadd.log +$SLAPADD -f $CONF1 -l $LDIFORDERED -d -1 2> $SLAPADDLOG1 RC=$? if test $RC != 0 ; then echo "slapadd failed ($RC)!"