]>
git.sur5r.net Git - openldap/log
Howard Chu [Wed, 24 Dec 2003 10:39:14 +0000 (10:39 +0000)]
Fix reject error logging
Howard Chu [Tue, 23 Dec 2003 18:51:52 +0000 (18:51 +0000)]
Don't assume the replog is sorted, sort the queue before processing.
Howard Chu [Tue, 23 Dec 2003 18:48:36 +0000 (18:48 +0000)]
Fix replog sequencing - assign sequence numbers at beginning of operation,
instead of getting a timestamp at the end. This makes it possible for
slurpd to sort the log later.
Howard Chu [Tue, 23 Dec 2003 18:40:56 +0000 (18:40 +0000)]
ITS#2887 fix slapi crash
Howard Chu [Tue, 23 Dec 2003 14:27:54 +0000 (14:27 +0000)]
Revert to simple authzID behavior
Howard Chu [Tue, 23 Dec 2003 14:18:47 +0000 (14:18 +0000)]
Execute overlays in reverse of config order.
Howard Chu [Tue, 23 Dec 2003 14:12:54 +0000 (14:12 +0000)]
Avoid runtime copying of BackendDB
Jong Hyuk Choi [Sun, 21 Dec 2003 20:00:14 +0000 (20:00 +0000)]
misc updates
Jong Hyuk Choi [Sun, 21 Dec 2003 19:54:29 +0000 (19:54 +0000)]
rewrite of the syncrepl section
Jong Hyuk Choi [Sun, 21 Dec 2003 16:32:00 +0000 (16:32 +0000)]
update syncrepl and session log info
Kurt Zeilenga [Sun, 21 Dec 2003 08:25:55 +0000 (08:25 +0000)]
Revert #if 0
Pierangelo Masarati [Sat, 20 Dec 2003 17:41:08 +0000 (17:41 +0000)]
fix previous commit
Pierangelo Masarati [Sat, 20 Dec 2003 15:31:54 +0000 (15:31 +0000)]
in the <what> clause of ACLs, only 'attr=' or 'attrs=' are allowed; the former for backwards compatibility, while slapd.access(5) correctly uses only the latter form
Pierangelo Masarati [Sat, 20 Dec 2003 15:29:05 +0000 (15:29 +0000)]
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
Pierangelo Masarati [Sat, 20 Dec 2003 15:18:21 +0000 (15:18 +0000)]
for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle
Howard Chu [Sat, 20 Dec 2003 14:35:13 +0000 (14:35 +0000)]
Fix handling of an_oc_exclude
Howard Chu [Sat, 20 Dec 2003 10:10:59 +0000 (10:10 +0000)]
ITS#2888 don't return LDAP_SIZELIMIT_EXCEEDED prematurely
Howard Chu [Sat, 20 Dec 2003 09:55:17 +0000 (09:55 +0000)]
More cleanup
Howard Chu [Sat, 20 Dec 2003 09:19:19 +0000 (09:19 +0000)]
Clean up prev commit
Howard Chu [Sat, 20 Dec 2003 06:28:05 +0000 (06:28 +0000)]
ITS#2889 - fix explicit objectClass inclusion/exclusion
Jong Hyuk Choi [Fri, 19 Dec 2003 23:12:44 +0000 (23:12 +0000)]
replica promotion / demotion
Luke Howard [Fri, 19 Dec 2003 10:10:59 +0000 (10:10 +0000)]
Fix slapi_modify_internal() to deal with just the modification type of
a mod operation
Kurt Zeilenga [Fri, 19 Dec 2003 05:08:41 +0000 (05:08 +0000)]
document +0
Kurt Zeilenga [Fri, 19 Dec 2003 05:06:51 +0000 (05:06 +0000)]
Document +0
Kurt Zeilenga [Fri, 19 Dec 2003 02:36:54 +0000 (02:36 +0000)]
Domain Administrative Data in LDAP
Kurt Zeilenga [Fri, 19 Dec 2003 02:28:06 +0000 (02:28 +0000)]
Move ldapi to /var/run
Kurt Zeilenga [Fri, 19 Dec 2003 02:18:29 +0000 (02:18 +0000)]
Move pid/args files into $(RUNDIR)/run
Move ldapi into $(RUNDIR)/run/openldap
Kurt Zeilenga [Fri, 19 Dec 2003 02:00:10 +0000 (02:00 +0000)]
Add comment
Kurt Zeilenga [Fri, 19 Dec 2003 01:51:02 +0000 (01:51 +0000)]
supportedFeatures and "+" are now RFCs
Kurt Zeilenga [Fri, 19 Dec 2003 01:40:06 +0000 (01:40 +0000)]
Remove cruft
Kurt Zeilenga [Thu, 18 Dec 2003 23:24:49 +0000 (23:24 +0000)]
Print UNDEFINED on compare error
Howard Chu [Thu, 18 Dec 2003 20:26:05 +0000 (20:26 +0000)]
Fix install rule
Kurt Zeilenga [Thu, 18 Dec 2003 20:01:47 +0000 (20:01 +0000)]
Move experimental built-in SASL behind SLAP_BUILTIN_SASL macro
Kurt Zeilenga [Thu, 18 Dec 2003 19:48:40 +0000 (19:48 +0000)]
Cleanup
Kurt Zeilenga [Thu, 18 Dec 2003 19:45:47 +0000 (19:45 +0000)]
Bump the required Cyrus SASL version to 2.1.15+
Kurt Zeilenga [Thu, 18 Dec 2003 19:30:37 +0000 (19:30 +0000)]
Clean error handling
Kurt Zeilenga [Thu, 18 Dec 2003 19:15:57 +0000 (19:15 +0000)]
Use ldap_unbind_ext(3)
Pierangelo Masarati [Thu, 18 Dec 2003 18:32:45 +0000 (18:32 +0000)]
propagate flags to sasl-regexp functions (will need it later)
Pierangelo Masarati [Thu, 18 Dec 2003 18:28:43 +0000 (18:28 +0000)]
allow 'all' vs. 'any' sasl-authz-policy
Kurt Zeilenga [Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)]
clarify default access control policy
Kurt Zeilenga [Thu, 18 Dec 2003 06:52:39 +0000 (06:52 +0000)]
Completely untested built-in EXTERNAL implementation
Needs identity mapping and proxy authorization support
Howard Chu [Thu, 18 Dec 2003 03:54:48 +0000 (03:54 +0000)]
ITS#2884 silence warning. We don't dereference this pointer, we just use
it's value as a unique key.
Howard Chu [Thu, 18 Dec 2003 03:50:09 +0000 (03:50 +0000)]
ITS#2883 initialize rc before running callbacks
Kurt Zeilenga [Thu, 18 Dec 2003 02:12:44 +0000 (02:12 +0000)]
Update index to encourage "proper" use
Kurt Zeilenga [Thu, 18 Dec 2003 01:07:09 +0000 (01:07 +0000)]
Fix tests
Kurt Zeilenga [Thu, 18 Dec 2003 00:44:51 +0000 (00:44 +0000)]
Switch to #if instead of #ifdef LDAP_DEPRECATED
Kurt Zeilenga [Thu, 18 Dec 2003 00:36:45 +0000 (00:36 +0000)]
Latest
Pierangelo Masarati [Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)]
some notes on access required by proxyAuthz control;
note that other controls may need different access
privileges via, e.g., backend_attribute() (syncrepl?)
Kurt Zeilenga [Thu, 18 Dec 2003 00:06:55 +0000 (00:06 +0000)]
More updatedn != rootdn recommendations
Kurt Zeilenga [Wed, 17 Dec 2003 21:42:48 +0000 (21:42 +0000)]
Make modify/increment conditional
Kurt Zeilenga [Wed, 17 Dec 2003 21:29:19 +0000 (21:29 +0000)]
Minor adjust
Kurt Zeilenga [Wed, 17 Dec 2003 21:09:28 +0000 (21:09 +0000)]
Clean up LDAP Sync result codes
Pierangelo Masarati [Wed, 17 Dec 2003 20:55:46 +0000 (20:55 +0000)]
cleanup most of the -pedantic warnings (ITS#2884) and other small fixes
Kurt Zeilenga [Wed, 17 Dec 2003 17:55:27 +0000 (17:55 +0000)]
Sync with HEAD
Kurt Zeilenga [Wed, 17 Dec 2003 17:48:56 +0000 (17:48 +0000)]
Dont mention bare oc in list.
Kurt Zeilenga [Wed, 17 Dec 2003 17:36:41 +0000 (17:36 +0000)]
s/+/@/ in OC attr lists
Howard Chu [Wed, 17 Dec 2003 04:22:40 +0000 (04:22 +0000)]
Some text tweaks
Kurt Zeilenga [Wed, 17 Dec 2003 00:34:37 +0000 (00:34 +0000)]
Remove -C(hasing) option. Doesn't make sense for update operations
(at least not with a secure authentication framework).
Luke Howard [Tue, 16 Dec 2003 15:49:31 +0000 (15:49 +0000)]
First round of SLAPI cleanups - use slapi_int_XXX for internal functions
(slapi_x_XXX is still reserved for exported functions that are not part
of the SLAPI specification)
Pierangelo Masarati [Tue, 16 Dec 2003 14:25:36 +0000 (14:25 +0000)]
fix a couple of (too optimistic) comments...
Pierangelo Masarati [Tue, 16 Dec 2003 11:20:59 +0000 (11:20 +0000)]
more clarifications on dnstyle usage
Luke Howard [Tue, 16 Dec 2003 11:17:54 +0000 (11:17 +0000)]
Honour any controls that are sent by a SLAPI plugin
Pierangelo Masarati [Tue, 16 Dec 2003 11:05:52 +0000 (11:05 +0000)]
line up comments and code
Pierangelo Masarati [Tue, 16 Dec 2003 10:56:21 +0000 (10:56 +0000)]
improve error handling for attr val ACL syntax
Kurt Zeilenga [Tue, 16 Dec 2003 06:52:52 +0000 (06:52 +0000)]
Formating
Luke Howard [Tue, 16 Dec 2003 05:59:50 +0000 (05:59 +0000)]
Don't leak SLAPI_RESCONTROLS when free'ing parameter block - these
are allocated by the plugin
Kurt Zeilenga [Tue, 16 Dec 2003 05:55:52 +0000 (05:55 +0000)]
Deprecate +objectClass in favor of @objectClass per IETF discussions
Kurt Zeilenga [Tue, 16 Dec 2003 03:59:24 +0000 (03:59 +0000)]
Rework for overlay (should be checked by someone who knows this
stuff).
Kurt Zeilenga [Tue, 16 Dec 2003 03:25:32 +0000 (03:25 +0000)]
Requires --with-tls
Kurt Zeilenga [Tue, 16 Dec 2003 01:58:15 +0000 (01:58 +0000)]
minor tweak and rebuild
Kurt Zeilenga [Tue, 16 Dec 2003 01:55:56 +0000 (01:55 +0000)]
Revert last commit
Pierangelo Masarati [Tue, 16 Dec 2003 01:10:33 +0000 (01:10 +0000)]
honor '!' (objectClass negation) when checking attribute presence in list
Pierangelo Masarati [Tue, 16 Dec 2003 00:49:10 +0000 (00:49 +0000)]
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
Howard Chu [Tue, 16 Dec 2003 00:39:29 +0000 (00:39 +0000)]
Fix - need to initialize lutil_passwd.
Kurt Zeilenga [Mon, 15 Dec 2003 23:32:52 +0000 (23:32 +0000)]
Rework last commit
Kurt Zeilenga [Mon, 15 Dec 2003 23:27:28 +0000 (23:27 +0000)]
Rev the API version number
Kurt Zeilenga [Mon, 15 Dec 2003 18:41:23 +0000 (18:41 +0000)]
Make a few OPERATIONAL REQUIREMENT clarifications
Clean up formating
Pierangelo Masarati [Mon, 15 Dec 2003 18:19:14 +0000 (18:19 +0000)]
allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user
Pierangelo Masarati [Mon, 15 Dec 2003 17:55:55 +0000 (17:55 +0000)]
describe detailed access levels required for each operation
Kurt Zeilenga [Sun, 14 Dec 2003 21:00:52 +0000 (21:00 +0000)]
Fix typos
Pierangelo Masarati [Sun, 14 Dec 2003 15:36:46 +0000 (15:36 +0000)]
typo
Pierangelo Masarati [Sun, 14 Dec 2003 14:08:15 +0000 (14:08 +0000)]
fix previous commits
Pierangelo Masarati [Sun, 14 Dec 2003 11:13:25 +0000 (11:13 +0000)]
resolve naming conflicts when compiling rwm overlay as static (will disappear as soon as rwm stuff is removed from back-ldap/back-meta)
Kurt Zeilenga [Sun, 14 Dec 2003 06:46:30 +0000 (06:46 +0000)]
Add support for -DOPENLDAP_FD_SETSIZE=N for use on Linux.
Works on BSD as well (equiv. to -DFD_SETSIZE=N).
Kurt Zeilenga [Sun, 14 Dec 2003 03:15:28 +0000 (03:15 +0000)]
Remove LDAP_DEPRECATED dependency
Kurt Zeilenga [Sun, 14 Dec 2003 02:47:42 +0000 (02:47 +0000)]
Add LDAP_DEPRECATED macro
Need to remove use of deprecated functions.
Kurt Zeilenga [Sat, 13 Dec 2003 23:41:44 +0000 (23:41 +0000)]
Add u: comment
Kurt Zeilenga [Sat, 13 Dec 2003 23:38:05 +0000 (23:38 +0000)]
Forward parse the uauthzid. A realm cannot be specified unless
a mechanism is specified. (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
Pierangelo Masarati [Sat, 13 Dec 2003 23:02:59 +0000 (23:02 +0000)]
saslAuthzTo/From stuff
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
Howard Chu [Sat, 13 Dec 2003 22:43:01 +0000 (22:43 +0000)]
Use c_authmech when c_sasl_bind_mech is empty
Howard Chu [Sat, 13 Dec 2003 22:16:03 +0000 (22:16 +0000)]
Fix prev commit, use c_authtype
Howard Chu [Sat, 13 Dec 2003 21:39:51 +0000 (21:39 +0000)]
Always set c_authmech
Kurt Zeilenga [Sat, 13 Dec 2003 18:57:00 +0000 (18:57 +0000)]
cleanup
Kurt Zeilenga [Sat, 13 Dec 2003 17:25:59 +0000 (17:25 +0000)]
Look for the '@' in userid@realm in reverse so that a@b@c results
in userid of a@b and realm of c.
Pierangelo Masarati [Sat, 13 Dec 2003 17:21:17 +0000 (17:21 +0000)]
note a potential problem
Pierangelo Masarati [Sat, 13 Dec 2003 15:29:49 +0000 (15:29 +0000)]
conn must be non-null
Pierangelo Masarati [Sat, 13 Dec 2003 12:23:56 +0000 (12:23 +0000)]
add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact
Pierangelo Masarati [Sat, 13 Dec 2003 10:58:31 +0000 (10:58 +0000)]
cleanup saslauthz code
Pierangelo Masarati [Sat, 13 Dec 2003 10:57:42 +0000 (10:57 +0000)]
use dedicated admin identity to proxyAuthz
Pierangelo Masarati [Sat, 13 Dec 2003 10:57:13 +0000 (10:57 +0000)]
declare overlays_init()