Howard Chu [Fri, 14 Jun 2002 08:10:14 +0000 (08:10 +0000)]
Added saslAuthzTo and saslAuthzFrom to system schema.
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
Kurt Zeilenga [Wed, 12 Jun 2002 16:39:05 +0000 (16:39 +0000)]
Date: Thu, 2 May 2002 08:54:59 GMT
From: h.b.furuseth@usit.uio.no
To: openldap-its@OpenLDAP.org
Subject: Patch: Bugs with back-ldap/meta mappings
Full_Name: Hallvard B. Furuseth
Version: HEAD
OS: Linux
URL: http://folk.uio.no/hbf/OpenLDAP/back-ldap.txt
Submission from: (NULL) (158.36.148.34)
The source claims the 'map' attribute has syntax
map {objectclass | attribute} {<source> | *} [<dest> | *]
while it actually has syntax
map {objectclass | attribute} [<local name> | *] {<foreign name> |
*}
except that the code is confused about it. Removed attributes are
put in both the maps for local and foreign names:
# Remove description and present title as description instead
map attribute description
map attribute description title
-->
slapd.conf: line 10: duplicate mapping found (ignored)
Also, map.c:ldap_back_map_attrs() loops forever on removed attributes
(ie. if one asks ldapsearch for an attribute which has been removed).
Kurt Zeilenga [Wed, 12 Jun 2002 15:43:19 +0000 (15:43 +0000)]
Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
sig_atomic_t can be unsigned (ITS#1736). The 'gentle SIGHUP' patch
is older than ITS#1736 but was applied later, so it reintroduced
the problem.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
Kurt Zeilenga [Thu, 6 Jun 2002 00:31:09 +0000 (00:31 +0000)]
Full_Name: Norbert Klasen
Version: head
OS: SuSE Linux 7.3
URL: ftp://ftp.openldap.org/incoming/norbert.klasen.rejects.20020605.patch
Submission from: (NULL) (62.104.216.66)
This patch adds an '-S' option to ldapmodify. If a filename is specified with
this option, records which could not successfully be added/modified/deleted from
the LDAP server will be written to the specified file. Most useful in
conjunction with '-c' option.
Kurt Zeilenga [Wed, 5 Jun 2002 16:40:16 +0000 (16:40 +0000)]
Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
It has just occurred to me - duh - that the process ID of a back-shell
command is a perfectly good unique ID for it, and more useful than
any connection id/message id thingy. Doesn't need extra arguments
to the shell commands either, except a pid: line to abandon.
And msgid: can still be removed in a future version.
Here is a patch.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
Kurt Zeilenga [Sun, 2 Jun 2002 04:15:38 +0000 (04:15 +0000)]
Add matched values command line support (ITS#1811).
Adapted .Sahalayev@pgr.salford.ac.uk's submission.
Needs to be extended to support comma separated list of options
for other controls and such.
---
Copyright 2002, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.
Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
Howard Chu [Fri, 17 May 2002 01:36:35 +0000 (01:36 +0000)]
Fixes for MingW: (test008 now succeeds)
need liblutil for lutil_getopt
must quote args with embedded whitespace
must track child processes in order to wait()
Howard Chu [Thu, 16 May 2002 10:51:45 +0000 (10:51 +0000)]
Fixes for MingW: (passes test007, with LDAP_DIRSEP tweaks in slapd.conf)
must include <ac/stdlib.h> to get MAX_PATH defined.
use LDAP_DIRSEP instead of '/' in paths
define truncate/ftruncate macros, etc.
Kurt Zeilenga [Wed, 15 May 2002 06:18:14 +0000 (06:18 +0000)]
Patch: Implement surrogate parent for back-shell (ITS#1815)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
A surrogate parent is supposed to keep back-shell children from
deadlocking due to resources locked by a threading parent.
Implementation note: The surrogate parent closes all unused file
descriptors, so it logs errors to stderr instead of via Debug() and
uses relloc() instead of ch_realloc().
Also close a file descriptor leak if fork() fails in fork.c.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
searchexample.conf needs core.schema, otherwise it fails on the suffix
DN. searchexample.sh has a spurious 'sleep', probably from testing.
Also, I suggest 'chmod +x searchexample.sh'.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
Howard Chu [Sun, 12 May 2002 18:40:37 +0000 (18:40 +0000)]
Skip processing if canonicalization is invoked redundantly (SASL PLAIN).
Truncate large username instead of failing with SASL_BUFOVER; we only care
about the DN anyway. (SASL 2 only)