Kurt Zeilenga [Sat, 31 Jul 1999 03:23:26 +0000 (03:23 +0000)]
Add support for "foo:< http://localhost/path.
Requires FreeBSD's -lfetch...
Implementations to other URL APIs encouraged.
Probably should be moved to -llutil.
Kurt Zeilenga [Fri, 30 Jul 1999 23:00:02 +0000 (23:00 +0000)]
Enhance LDIF handling
ldapsearch:
use draft guidelines for determining when to use
-t only writes binary attributes to files
-tt writes all attributes to files
output now lists URL instead of path to such files
-T dir can be used to specify directory to create temp files in
-V urlprefix can be used to change the URL prefix
LDIF is now commented (can be disabled using -LL)
LDIF now contains version attribute (can be disabled with -LLL)
LDIF:
put interface changed to allow caller to specify how to encode
put interface uses draft guidelines for determine when to base64 encode
wrapping kludged to match old off by one bug
Tests:
removed trailing space from some attributes (to avoid base64 encoding)
enabled -LLL in defines.sh (should sed output to remove
wrapping/comments/redundant separators)
Misc:
updated codes outputting LDIF to use new put interface
TODO:
handling of version attribute on input
handling of URLs on input (ie: fetch URL)
When recreating a database from an ldif file created by ldbmcat,
NEXTID would not be set to one higher than the highest number
used, but to one higher than the last entry in the ldif file.
Kurt Zeilenga [Tue, 27 Jul 1999 20:00:31 +0000 (20:00 +0000)]
Return LDAP_CONSTRAINT_VIOLATION if user attempts to modify
a non-user-mod attribute (such as timeStamps).
Move generation of add_modify_attrs to frontend.
update of add_modify_attrs on modrdn needs work (currently
not updated to maintain consistency with replicas).
Randy Kunkee [Tue, 27 Jul 1999 07:29:27 +0000 (07:29 +0000)]
Tcl package version 1.0 -> 1.1:
Add timeout to control array.
Add -lldap -llber when building shared library.
Clean up pkgIndex.tcl creation and installation (should now support
"package require" out of the box).
Kurt Zeilenga [Sat, 24 Jul 1999 03:39:23 +0000 (03:39 +0000)]
Add support for LDAP_ALL_OPERATIONAL_ATTRIBUTES ("+") (based on
LDAPext discussions).
Add attrs and attrsonly support to monitor/config info.
Add rdn attributes to schema/monitor/config.
Add extensibleObject objectclass to schema/monitor/config.
Add top objectclass to rootdse/monitor/config.
Remove opattrs option from send_search_entry().
Kurt Zeilenga [Sat, 24 Jul 1999 00:04:05 +0000 (00:04 +0000)]
Use AC_CACHE_CHECK instead of AC_CACHE_VAR.
Rework sys_errlist detection to set HAVE_SYS_ERRLIST if sys_errlist
exists. If it declaration is needed, DECL_SYS_ERRLIST is also set.
ldap_url_parse was fundamentally broken. It would quit before
time, skipping the filter, for instance. Also, we were parsing
twice the scope and the filter. I think this change is right,
but could use more eyeballs...
Kurt Zeilenga [Wed, 21 Jul 1999 20:54:23 +0000 (20:54 +0000)]
ACL CHANGES:
by <who> <access> changed to by <who>+ <access> (joined with AND)
added peername=<regex> sockname=<regex> url=<regex>
removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower. Use where needed.
Partial support for a new option to help debug TLS connections,
not yet user-settable. Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.
Some content for tls_verify_cb where parts of our policy should
be implemented.
The rest of this change mostly contains random ideas taken from
mod_ssl. The purpose is to get the repository in sync with the
code I am testing. I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates). Trying s_client against both
does not shed any light. If anyone manages to make it work,
please let us know.
Move the input data exhaustion loop to connection.c from daemon.c
Let transport (TLS or somesuch) force reading or writing on
sockets even if the higher layers think otherwise.