Kurt Zeilenga [Tue, 26 Oct 1999 22:57:39 +0000 (22:57 +0000)]
Add lutil_entropy(). Currently only supports /dev/urandom or
Linux equivs. Should be extended to support other quality
sources of entropy. Should be extended to support a reasonable fallback.
Kurt Zeilenga [Thu, 21 Oct 1999 17:53:56 +0000 (17:53 +0000)]
Initial commit of new ACL engine. Engine supports descrete access
privs, additive/substractive rules, and rule continuation. Existing
rules that use 'defaultaccess none' should be 100% compatible. Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
Kurt Zeilenga [Fri, 15 Oct 1999 20:34:42 +0000 (20:34 +0000)]
Change the defaultaccess to 'auth'
Set defaultaccess to 'read' in distribution slapd.conf and add warnings
Set schemacheck to 'on' in distribution slapd.conf and add warnings
Kurt Zeilenga [Wed, 13 Oct 1999 20:28:00 +0000 (20:28 +0000)]
Change 'attribute' directive to 'attributetype'
(and allowing 'attribute' for backwards compatibility).
manuals and *.schema to be updated as time permits.
Kurt Zeilenga [Wed, 6 Oct 1999 00:04:04 +0000 (00:04 +0000)]
Add other schema references (nameref, alias, subentry) to core.schema.
Add openldap.schema (currently empty except for a few comments) to
hold OpenLDAP specific schema items (such as for cn=monitor).
Ben Collins [Wed, 29 Sep 1999 00:56:43 +0000 (00:56 +0000)]
* configure.in: add --enable-dynamic option for linking our local binaries
with the shared libraries instead of static, defaults to no
* build/lib-shared.mk: if LINK_BINS_DYNAMIC is set we create a symlink to
the .so and .so.# file along with the .a and .la files
* build/lib.mk: make sure the above links get removed on clean target
* build/top.mk: add define for LINK_BINS_DYNAMIC
* tests/scripts/defines.sh: add export for LD_LIBRARY_PATH so that tests will
run without requiring installation of libraries when we use --enable-dynamic
(LD_LIBRARY_PATH is always set, since it can't really hurt).
Kurt Zeilenga [Sat, 25 Sep 1999 22:13:25 +0000 (22:13 +0000)]
Rework passwd routines to allow callers to determine which
schemes are supported. This should facilate server rootDSE
advertisement of supported schemes, etc..
Randy Kunkee [Fri, 24 Sep 1999 18:16:41 +0000 (18:16 +0000)]
Back out my change to ldap_sort_strcasecmp. My mistake from not reading
manpage carefully. One should pass strcasecmp to ldap_sort_entries, not
ldap_sort_strcasecmp. Ldap_sort_strcasecmp is for ldap_sort_values, NOT
ldap_sort_entries.
Randy Kunkee [Fri, 24 Sep 1999 08:02:54 +0000 (08:02 +0000)]
Change call to strcasecmp in ldap_sort_strcasecmp, which makes
ldap_sort_entries work with ldap_sort_strcasecmp as the comparison
function. Pointers were being dereferenced, and should only have been
casted.
Kurt Zeilenga [Fri, 24 Sep 1999 04:19:37 +0000 (04:19 +0000)]
ITS#303: value_add_fast() empty value bug. Ignore empty value.
This is technical incorrect, but we don't have the codes in place
to correctly handle empty values yet.
Kurt Zeilenga [Thu, 23 Sep 1999 19:49:20 +0000 (19:49 +0000)]
Reimplement LDBM_SYNC/LDBM_NOSYNC code (dbnosync).
Old code applied sync flags to store(), however supported DBMs
require such flags to be specified during open(). The new
code now applies flags in ldbm_cache_open (which calls ldbm_open).
ldbm_cache_close() now calls ldbm_sync(). This will force
a updating of on-disk contents after each LDAP operation.
The old code either failed to sync the on-disk contents until
close or synced on every store. Per LDBM operation syncing
*should* be safe enough... real data safety requires transactions.
Removed nosync option from BDB2 as it is not compatible with
txn support.
Also added code to disable DBM level locking as slapd is only
process acessing the databases (dbnolocking).
The loading step in slapd build was failing because of a weird
@SLAPD tag. Removing it fixes the problem for me, but this should
be reviewed by someone who knows which @SLAPD_...@ tag was meant to
be there, if any.
Ben Collins [Thu, 23 Sep 1999 05:32:10 +0000 (05:32 +0000)]
* configure.in: add tcl8.2 to list of tcl libs to search for, also added new MOD_TCL_LIB
and related AC_SUBST() so that when back-tcl is compiled as a dynamic module we link
-ltcl to the module and not slapd (this is the correct way to do this since the .la file
handles giving the correct libs when we pass the module to it in the linker line with
-dlopen). Also modified the perl backend in a similar way except that the PERL_CPPFLAGS
always go to the module and never to slapd (slapd doesn't need them).
* build/mod.mk: added $(MODLIBS) to the dynamic module link line to accomodate module
specific libraries. These should be defined in the back-*/Makefile.in file for each
module (so far only back-tcl and back-perl need it).
* build/top.mk: modified the perl ldflags and cppflags slightly
* servers/slapd/Makefile.in: same here
* servers/slapd/back-perl/Makefile.in: added MODLIBS=$(MOD_PERL_LDFLAGS) for when we are
using a dynamic module (problem, libtool wont allow linking static libs into a libtool
lib, so unless perl's libs are compiled dynamic, then back-perl can't be a dynamic
module. We need a test for this on perl and tcl).
* servers/slapd/back-tcl/Makefile.in: added MODLIBS=$(MOD_TCL_LIB)
* back-perl and back-tcl now compile
Kurt Zeilenga [Thu, 23 Sep 1999 04:08:33 +0000 (04:08 +0000)]
experimental ITS#109 fix: make kbind open default connection if necessary.
implemented ldap_open_defconn() to centralize default connection
opening in open.c. Used by ldap_open, kbind, and send_initial_request().
Much as we would like to, we have to live for the time being with
broken objectclass and attributetype definitions where the OID is
missing. The implementation of OIDmacros was making this impossible.
This change tries to restore the old behaviour, while preserving the
new feature. Note that part of the restored behaviour lets OIDs that
are not in the numericoid format get through. We may lose this, but
then we need to fix some of the sample provided schemas, notably
pilot.schema.