Kurt Zeilenga [Tue, 25 Jan 2000 21:13:31 +0000 (21:13 +0000)]
Second round of schema changes
Revert normalization to matching rule per discussions with Julio.
May need separate normalization routines for stored value and asserted
value. Currently rely on passed in syntax/mr to allow "special" behavior.
Reworked filters to pass struct berval * instead of char *. (needs work)
Validation, normalization and matching needed.
Kurt Zeilenga [Mon, 24 Jan 2000 23:31:26 +0000 (23:31 +0000)]
Modify slapd syntax struct to have both a validation and normalization
routine. Could be combined into one routine.
Modify slapd matching rule struct to only have match function.
Modify old attribute such that 'bin' implies octetString, not 'binary'.
Add compatibility for IA5 strings. Only directoryStrings were handled
before.
Treat attribute types without syntax as incomplete, not default.
Add OctetStringValidate (always returns okay).
Add {UTF8,IA5}StringValidate/Normalize (IA5 based loosely on
case_exact_normalize). Need case{Exact,Ignore}UTFMatch, using IA5 versions
for now.
Removed default of syntax/mr handlders, should just skip
registration of syntax/mr's without handlers.
Added comments to slap.h about types versus descriptions.
Kurt Zeilenga [Thu, 20 Jan 2000 05:48:18 +0000 (05:48 +0000)]
Remove SASL/TLS integration projects from TODO as basic
code has been committed.
Add item to implement SASL/TLS to clients.
(This is not to imply that the code is complete)
Howard Chu [Sat, 15 Jan 2000 19:03:16 +0000 (19:03 +0000)]
In ldap_pvt_tls_init() treat subsequent invocations as no-ops, not error.
In tls_verify_cb() use CRYPTO_free instead of free (necessary on NT due to
use of different heaps).
Changed update_flags to use SSL_get_error() to check success/status. This
fixes the problem of sb->sb_trans_needs_read getting set on dead sockets.
Kurt Zeilenga [Sat, 8 Jan 2000 19:23:26 +0000 (19:23 +0000)]
--disable-kbind --disable-kpasswd should imply --without-kerberos
under "auto" selection. If not auto, just warn.
Rebuild configure using appropriate tools.
Kurt Zeilenga [Sat, 8 Jan 2000 18:42:11 +0000 (18:42 +0000)]
Initial implementation of Kerberos password verification for
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
Luke Howard [Mon, 3 Jan 2000 02:33:22 +0000 (02:33 +0000)]
Added support for connecting to LDAP servers located using DNS
SRV records. Added lock around resolver library which is shared
by the DNS SRV code and the getdxbyname() code.
Luke Howard [Sun, 2 Jan 2000 01:21:25 +0000 (01:21 +0000)]
Merged in preliminary support for Cyrus SASL library;
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
Kurt Zeilenga [Wed, 15 Dec 1999 23:22:47 +0000 (23:22 +0000)]
Updated sasl response to support returning of referrals.
Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed. Needs replog support.
The group list was being managed as an array of Group. This was
extremely broken and I can only wonder how I got some much mileage out
of it. The problem is that we deal with pointers to the groups
themselves, either in current_group or current_to and current_nto.
These pointers would break on reallocs. So now the the basic togroups
is an array to pointers to Group. Since the array can be resized at
any time, what we actually pass around is pointer to an array of
pointers to Group or Group ***.