Luke Howard [Mon, 3 Jan 2000 02:33:22 +0000 (02:33 +0000)]
Added support for connecting to LDAP servers located using DNS
SRV records. Added lock around resolver library which is shared
by the DNS SRV code and the getdxbyname() code.
Luke Howard [Sun, 2 Jan 2000 01:21:25 +0000 (01:21 +0000)]
Merged in preliminary support for Cyrus SASL library;
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
Kurt Zeilenga [Wed, 15 Dec 1999 23:22:47 +0000 (23:22 +0000)]
Updated sasl response to support returning of referrals.
Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed. Needs replog support.
The group list was being managed as an array of Group. This was
extremely broken and I can only wonder how I got some much mileage out
of it. The problem is that we deal with pointers to the groups
themselves, either in current_group or current_to and current_nto.
These pointers would break on reallocs. So now the the basic togroups
is an array to pointers to Group. Since the array can be resized at
any time, what we actually pass around is pointer to an array of
pointers to Group or Group ***.
Kurt Zeilenga [Fri, 10 Dec 1999 04:52:32 +0000 (04:52 +0000)]
Fix slapd SASL/ExternalOps encoding
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
Mark Valence [Thu, 9 Dec 1999 22:05:00 +0000 (22:05 +0000)]
On Windows, WSAENOTSOCK is treated the same as EBADF. This is needed because of a race condition (sock is selected just after another thread closes it), which needs a proper fix.
Kurt Zeilenga [Thu, 9 Dec 1999 21:30:32 +0000 (21:30 +0000)]
Modify password code such that backend end routine calls into
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
Howard Chu [Wed, 8 Dec 1999 23:31:11 +0000 (23:31 +0000)]
Fix the 1.71 fix - only offset the length if the last character of the
referral URL is not a '/'. Also in send_search_reference, corrected the
comparison for the pre-V3 case. Previously, referrals were being dropped
completely for V2 subtree searches. More work is still needed, V2 onelevel
referral handling is wrong.
Kurt Zeilenga [Wed, 8 Dec 1999 04:37:59 +0000 (04:37 +0000)]
Reengineered ldappasswd(1). Uses extended operation to set
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
Mark Valence [Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)]
Changed ldap_pvt_tls_init_def_ctx() to not fail if there is no cacertfile/dir specified. This lets LDAP_OPT_X_TLS_REQUIRE_CERT=0 work. If LDAP_OPT_X_TLS_REQUIRE_CERT=1, connection will fail as appropriate since there is no CA list.
Gary Williams [Fri, 3 Dec 1999 18:29:03 +0000 (18:29 +0000)]
No one complained, so here's the change to ldapdelete to add a -r switch to allow a branch of a directory tree to be removed. The DN provided is searched recursively until the leaf nodes are hit, then everything is deleted.