From 3e7fd464dc6770ba9cce1f8cdc5b6add584c8bd4 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sat, 19 Nov 2005 17:48:33 +0000 Subject: [PATCH] streamline back-ldap/slapo-chain configuration; add the possibility to cache non-configured, anonymous referral URIs --- doc/man/man5/slapo-chain.5 | 38 +++++--- servers/slapd/back-ldap/back-ldap.h | 12 ++- servers/slapd/back-ldap/chain.c | 137 ++++++++++++++++++++-------- servers/slapd/back-ldap/config.c | 124 +++++-------------------- servers/slapd/config.c | 8 +- 5 files changed, 162 insertions(+), 157 deletions(-) diff --git a/doc/man/man5/slapo-chain.5 b/doc/man/man5/slapo-chain.5 index 3fc2b5b06d..cba284dfda 100644 --- a/doc/man/man5/slapo-chain.5 +++ b/doc/man/man5/slapo-chain.5 @@ -32,10 +32,10 @@ to avoid potential conflicts with directives specific to the underlying database or to other stacked overlays. .LP -There are no chain overlay specific directives; however, directives -related to the \fIslapd-ldap\fP database that is implicitly instantiated -by the overlay may assume a special meaning when used in conjunction -with this overlay. They are described in +There are very few chain overlay specific directives; however, directives +related to the instances of the \fIldap\fP backend that may be implicitly +instantiated by the overlay may assume a special meaning when used +in conjunction with this overlay. They are described in .BR slapd-ldap (5). .TP .B overlay chain @@ -45,14 +45,30 @@ intended for use with local storage backends that may return referrals. It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP backends because they already exploit the libldap specific referral chase feature. -[Note: this may change in the future, as \fBslapd-ldap\fP(5) and -\fBslapd-meta\fP(5) might no longer chase referrals on their own.] +[Note: this may change in the future, as the \fBldap\fP(5) and +\fBmeta\fP(5) backends might no longer chase referrals on their own.] +.\".TP +.\".B chain-chaining [resolve=] [continuation=] [critical] +.\"This directive enables the \fIchaining\fP control +.\"(see \fIdraft-sermersheim-ldap-chaining\fP for details) +.\"with the desired resolve and continuation behaviors and criticality. +.\"The values \fBr\fP and \fBc\fP can be any of +.\".BR chainingPreferred , +.\".BR chainingRequired , +.\".BR referralsPreferred , +.\".BR referralsRequired . +.\"[This control is experimental and its support may change in the future.] +.TP +.B chain-cache-uris {FALSE|true} +This directive instructs the \fIchain\fP overlay to cache +connections to URIs parsed out of referrals that are not predefined, +to be reused for later chaining. .TP .B chain-uri -This directive instructs the underlying ldap database about which -URI to contact to chase referrals. -If not present, the referral itself is parsed, and the protocol/host/port -portions are used to establish a connection. +This directive instantiates a new underlying \fIldap\fP database +and instructs it about which URI to contact to chase referrals. +As opposed to what stated in \fBslapd-ldap\fP(5), only one URI +can appear after this directive. .LP Directives for configuring the underlying ldap database may also @@ -86,4 +102,4 @@ default slapd configuration file .BR slapd\-ldap (5), .BR slapd (8). .SH AUTHOR -Originally implemented by Howard Chu. +Originally implemented by Howard Chu; extended by Pierangelo Masarati. diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 5eaddcc398..8ec1a372bc 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -171,11 +171,13 @@ typedef struct ldapinfo_t { #define LDAP_BACK_F_SUPPORT_T_F_DISCOVER 0x40U #define LDAP_BACK_F_SUPPORT_T_F_MASK (LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER) -#define LDAP_BACK_SAVECRED(li) ( (li)->li_flags & LDAP_BACK_F_SAVECRED ) -#define LDAP_BACK_USE_TLS(li) ( (li)->li_flags & LDAP_BACK_F_USE_TLS ) -#define LDAP_BACK_PROPAGATE_TLS(li) ( (li)->li_flags & LDAP_BACK_F_PROPAGATE_TLS ) -#define LDAP_BACK_TLS_CRITICAL(li) ( (li)->li_flags & LDAP_BACK_F_TLS_CRITICAL ) -#define LDAP_BACK_CHASE_REFERRALS(li) ( (li)->li_flags & LDAP_BACK_F_CHASE_REFERRALS ) +#define LDAP_BACK_ISSET(li,f) ( ( (li)->li_flags & (f) ) == (f) ) +#define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) +#define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) +#define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) +#define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) +#define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) +#define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) int li_version; diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c index b0d8801859..8207eca717 100644 --- a/servers/slapd/back-ldap/chain.c +++ b/servers/slapd/back-ldap/chain.c @@ -66,10 +66,10 @@ static BackendInfo *lback; typedef struct ldap_chain_t { /* - * TODO: create a template ldapinfo_t that gets all common - * configuration items; then for each configured URI create - * an entry in this tree; all the specific configuration - * items get in the current URI structure. + * A "template" ldapinfo_t gets all common configuration items; + * then, for each configured URI, an entry is created in the tree; + * all the specific configuration items get in the current URI + * structure. * * Then, for each referral, extract the URI and lookup the * related structure. If configured to do so, allow URIs @@ -77,19 +77,23 @@ typedef struct ldap_chain_t { * that chains anonymously; maybe it can also be added to * the tree? Should be all configurable. */ - /* tree of configured[/generated] "uri" info */ - int lc_lai_count; - ldap_avl_info_t lc_lai; - /* current configuration info */ - ldapinfo_t *lc_cfg_li; /* "common" configuration info (all occurring before an "uri") */ ldapinfo_t *lc_common_li; + /* current configuration info */ + ldapinfo_t *lc_cfg_li; + + /* tree of configured[/generated?] "uri" info */ + ldap_avl_info_t lc_lai; + unsigned lc_flags; #define LDAP_CHAIN_F_NONE (0x00U) #define LDAP_CHAIN_F_CHAINING (0x01U) -#define LDAP_CHAIN_F_CACHE_INFO (0x10U) +#define LDAP_CHAIN_F_CACHE_URI (0x10U) + +#define LDAP_CHAIN_CHAINING( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CHAINING ) == LDAP_CHAIN_F_CHAINING ) +#define LDAP_CHAIN_CACHE_URI( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CACHE_URI ) == LDAP_CHAIN_F_CACHE_URI ) #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR LDAPControl lc_chaining_ctrl; @@ -98,6 +102,9 @@ typedef struct ldap_chain_t { } ldap_chain_t; static int ldap_chain_db_init_one( BackendDB *be ); +#define ldap_chain_db_open_one(be) (lback)->bi_db_open( (be) ) +#define ldap_chain_db_close_one(be) (0) +#define ldap_chain_db_destroy_one(be) (lback)->bi_db_destroy( (be) ) #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR static int @@ -112,7 +119,7 @@ chaining_control_add( *oldctrlsp = op->o_ctrls; /* default chaining control not defined */ - if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) { + if ( !LDAP_CHAIN_CHAINING( lc ) ) { return 0; } @@ -430,12 +437,27 @@ Document: draft-ietf-ldapbis-protocol-27.txt lip = (ldapinfo_t *)op->o_bd->be_private; lip->li_uri = li.li_uri; lip->li_bvuri = bvuri; - rc = lback->bi_db_open( op->o_bd ); + rc = ldap_chain_db_open_one( op->o_bd ); if ( rc != 0 ) { - (void)lback->bi_db_destroy( op->o_bd ); + (void)ldap_chain_db_destroy_one( op->o_bd ); goto cleanup; } - temporary = 1; + + if ( LDAP_CHAIN_CACHE_URI( lc ) ) { + ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex ); + if ( avl_insert( &lc->lc_lai.lai_tree, + (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) ) + { + /* someone just inserted another; + * don't bother, use this and then + * just free it */ + temporary = 1; + } + ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex ); + + } else { + temporary = 1; + } } rc = ( *op_f )( op, rs ); @@ -447,10 +469,8 @@ cleanup:; if ( temporary ) { lip->li_uri = NULL; lip->li_bvuri = NULL; -#if 0 /* does not exist yet */ - (void)lback->bi_db_close( op->o_bd ); -#endif - (void)lback->bi_db_destroy( op->o_bd ); + (void)ldap_chain_db_close_one( op->o_bd ); + (void)ldap_chain_db_destroy_one( op->o_bd ); } if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) { @@ -662,12 +682,27 @@ ldap_chain_response( Operation *op, SlapReply *rs ) lip = (ldapinfo_t *)op->o_bd->be_private; lip->li_uri = li.li_uri; lip->li_bvuri = bvuri; - rc = lback->bi_db_open( op->o_bd ); + rc = ldap_chain_db_open_one( op->o_bd ); if ( rc != 0 ) { - (void)lback->bi_db_destroy( op->o_bd ); + (void)ldap_chain_db_destroy_one( op->o_bd ); goto cleanup; } - temporary = 1; + + if ( LDAP_CHAIN_CACHE_URI( lc ) ) { + ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex ); + if ( avl_insert( &lc->lc_lai.lai_tree, + (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) ) + { + /* someone just inserted another; + * don't bother, use this and then + * just free it */ + temporary = 1; + } + ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex ); + + } else { + temporary = 1; + } } /* FIXME: should we also copy filter and scope? @@ -686,10 +721,8 @@ cleanup:; if ( temporary ) { lip->li_uri = NULL; lip->li_bvuri = NULL; -#if 0 /* does not exist yet */ - (void)lback->bi_db_close( op->o_bd ); -#endif - (void)lback->bi_db_destroy( op->o_bd ); + (void)ldap_chain_db_close_one( op->o_bd ); + (void)ldap_chain_db_destroy_one( op->o_bd ); } if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) { @@ -825,7 +858,10 @@ str2chain( const char *s ) */ enum { - PC_CHAINING = 1 + PC_CHAINING = 1, + PC_CACHE_URI = 2, + + PC_LAST }; #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR @@ -842,6 +878,11 @@ static ConfigTable chaincfg[] = { "DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + { "chain-cache-uris", "TRUE/FALSE", + 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|PC_CACHE_URI, chain_cf_gen, + "( OLcfgOvAt:3.2 NAME 'olcCacheURIs' " + "DESC 'Enables caching of URIs not present in configuration' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, { NULL, NULL, 0, 0, 0, ARG_IGNORED } }; @@ -851,12 +892,16 @@ static ConfigOCs chainocs[] = { "NAME 'olcChainConfig' " "DESC 'Chain configuration' " "SUP olcOverlayConfig " - "MAY olcChainingBehavior )", Cft_Overlay, chaincfg, NULL, chain_cfadd }, + "MAY ( olcChainingBehavior " + "$ olcCacheURIs " + ") )", + Cft_Overlay, chaincfg, NULL, chain_cfadd }, #endif { "( OLcfgOvOc:3.2 " "NAME 'olcChainDatabase' " "DESC 'Chain remote server configuration' " - "AUXILIARY )", Cft_Misc, chaincfg, chain_ldadd }, + "AUXILIARY )", + Cft_Misc, chaincfg, chain_ldadd }, { NULL, 0, NULL } }; @@ -958,7 +1003,7 @@ chain_cf_gen( ConfigArgs *c ) struct berval resolve = BER_BVNULL, continuation = BER_BVNULL; - if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) { + if ( !LDAP_CHAIN_CHAINING( lc ) ) { return 1; } @@ -985,6 +1030,10 @@ chain_cf_gen( ConfigArgs *c ) } #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + case PC_CACHE_URI: + c->value_int = LDAP_CHAIN_CACHE_URI( lc ); + break; + default: assert( 0 ); rc = 1; @@ -992,14 +1041,18 @@ chain_cf_gen( ConfigArgs *c ) return rc; } else if ( c->op == LDAP_MOD_DELETE ) { - return 1; /* FIXME */ -#if 0 switch( c->type ) { - case PC_ATTR: - case PC_TEMP: + case PC_CHAINING: + return 1; + + case PC_CACHE_URI: + lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI; + break; + + default: + return 1; } return rc; -#endif } switch( c->type ) { @@ -1119,6 +1172,14 @@ chain_cf_gen( ConfigArgs *c ) } #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ + case PC_CACHE_URI: + if ( c->value_int ) { + lc->lc_flags |= LDAP_CHAIN_F_CACHE_URI; + } else { + lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI; + } + break; + default: assert( 0 ); return 1; @@ -1211,7 +1272,7 @@ private_destroy:; db.bd_info = lback; db.be_private = (void *)lc->lc_cfg_li; - lback->bi_db_destroy( &db ); + ldap_chain_db_destroy_one( &db ); lc->lc_cfg_li = NULL; } else { @@ -1560,12 +1621,16 @@ chain_init( void ) { int rc; + assert( PC_LAST <= ARGS_USERLAND ); + #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR, /* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL, ldap_chain_parse_ctrl, &sc_chainingBehavior ); if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "Failed to register chaining behavior control: %d\n", rc ); + Debug( LDAP_DEBUG_ANY, "slapd-chain: " + "unable to register chaining behavior control: %d\n", + rc, 0, 0 ); return rc; } #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index 2cc55fec88..eb1c157851 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -173,19 +173,19 @@ static ConfigTable ldapcfg[] = { "X-ORDERED 'VALUES' )", NULL, NULL }, { "rebind-as-user", "NO|yes", 1, 2, 0, - ARG_MAGIC|LDAP_BACK_CFG_REBIND, + ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_REBIND, ldap_back_cf_gen, "( OLcfgDbAt:3.10 " "NAME 'olcDbRebindAsUser' " "DESC 'Rebind as user' " - "SYNTAX OMsDirectoryString " + "SYNTAX OMsBoolean " "SINGLE-VALUE )", NULL, NULL }, { "chase-referrals", "YES|no", 2, 2, 0, - ARG_MAGIC|LDAP_BACK_CFG_CHASE, + ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_CHASE, ldap_back_cf_gen, "( OLcfgDbAt:3.11 " "NAME 'olcDbChaseReferrals' " "DESC 'Chase referrals' " - "SYNTAX OMsDirectoryString " + "SYNTAX OMsBoolean " "SINGLE-VALUE )", NULL, NULL }, { "t-f-support", "NO|yes|discover", 2, 2, 0, @@ -197,11 +197,11 @@ static ConfigTable ldapcfg[] = { "SINGLE-VALUE )", NULL, NULL }, { "proxy-whoami", "NO|yes", 1, 2, 0, - ARG_MAGIC|LDAP_BACK_CFG_WHOAMI, + ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_WHOAMI, ldap_back_cf_gen, "( OLcfgDbAt:3.13 " "NAME 'olcDbProxyWhoAmI' " "DESC 'Proxy whoAmI exop' " - "SYNTAX OMsDirectoryString " + "SYNTAX OMsBoolean " "SINGLE-VALUE )", NULL, NULL }, { "timeout", "timeout", 0, 2, 0, @@ -250,14 +250,6 @@ static ConfigOCs ldapocs[] = { { NULL, 0, NULL } }; -#define LDAP_BACK_C_NO (0x0U) -#define LDAP_BACK_C_YES (0x1U) -static slap_verbmasks yn_mode[] = { - { BER_BVC( "yes" ), LDAP_BACK_C_YES}, - { BER_BVC( "no" ), LDAP_BACK_C_NO }, - { BER_BVNULL, 0 } -}; - static slap_verbmasks idassert_mode[] = { { BER_BVC("self"), LDAP_BACK_IDASSERT_SELF }, { BER_BVC("anonymous"), LDAP_BACK_IDASSERT_ANONYMOUS }, @@ -271,14 +263,14 @@ static slap_verbmasks tls_mode[] = { { BER_BVC( "try-propagate" ), LDAP_BACK_F_PROPAGATE_TLS }, { BER_BVC( "start" ), LDAP_BACK_F_TLS_USE_MASK }, { BER_BVC( "try-start" ), LDAP_BACK_F_USE_TLS }, - { BER_BVC( "none" ), LDAP_BACK_C_NO }, + { BER_BVC( "none" ), LDAP_BACK_F_NONE }, { BER_BVNULL, 0 } }; static slap_verbmasks t_f_mode[] = { { BER_BVC( "yes" ), LDAP_BACK_F_SUPPORT_T_F }, { BER_BVC( "discover" ), LDAP_BACK_F_SUPPORT_T_F_DISCOVER }, - { BER_BVC( "no" ), LDAP_BACK_C_NO }, + { BER_BVC( "no" ), LDAP_BACK_F_NONE }, { BER_BVNULL, 0 } }; @@ -483,31 +475,15 @@ ldap_back_cf_gen( ConfigArgs *c ) } case LDAP_BACK_CFG_REBIND: - enum_to_verb( yn_mode, ( ( li->li_flags & LDAP_BACK_F_SAVECRED ) == LDAP_BACK_F_SAVECRED ), &bv ); - if ( BER_BVISNULL( &bv ) ) { - /* there's something wrong... */ - assert( 0 ); - rc = 1; - - } else { - value_add_one( &c->rvalue_vals, &bv ); - } + c->value_int = LDAP_BACK_SAVECRED( li ); break; case LDAP_BACK_CFG_CHASE: - enum_to_verb( yn_mode, ( ( li->li_flags & LDAP_BACK_F_CHASE_REFERRALS ) == LDAP_BACK_F_CHASE_REFERRALS ), &bv ); - if ( BER_BVISNULL( &bv ) ) { - /* there's something wrong... */ - assert( 0 ); - rc = 1; - - } else { - value_add_one( &c->rvalue_vals, &bv ); - } + c->value_int = LDAP_BACK_CHASE_REFERRALS( li ); break; case LDAP_BACK_CFG_T_F: - enum_to_verb( t_f_mode, ( ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F_MASK ) == LDAP_BACK_F_SUPPORT_T_F_MASK ), &bv ); + enum_to_verb( t_f_mode, (li->li_flags & LDAP_BACK_F_SUPPORT_T_F_MASK), &bv ); if ( BER_BVISNULL( &bv ) ) { /* there's something wrong... */ assert( 0 ); @@ -519,15 +495,7 @@ ldap_back_cf_gen( ConfigArgs *c ) break; case LDAP_BACK_CFG_WHOAMI: - enum_to_verb( yn_mode, ( ( li->li_flags & LDAP_BACK_F_PROXY_WHOAMI ) == LDAP_BACK_F_PROXY_WHOAMI ), &bv ); - if ( BER_BVISNULL( &bv ) ) { - /* there's something wrong... */ - assert( 0 ); - rc = 1; - - } else { - value_add_one( &c->rvalue_vals, &bv ); - } + c->value_int = LDAP_BACK_PROXY_WHOAMI( li ); break; case LDAP_BACK_CFG_TIMEOUT: @@ -738,7 +706,6 @@ ldap_back_cf_gen( ConfigArgs *c ) i++, tmpludp = tmpludp->lud_next ) { LDAPURLDesc tmplud; - ber_len_t oldlen = 0, len; tmplud = *tmpludp; tmplud.lud_dn = ""; @@ -1073,55 +1040,23 @@ done_url:; } break; - case LDAP_BACK_CFG_REBIND: { - int dorebind = 0; - - if ( c->argc == 1 ) { - /* legacy */ - dorebind = 1; - - } else { - i = verb_to_mask( c->argv[1], yn_mode ); - if ( BER_BVISNULL( &yn_mode[i].word ) ) { - return 1; - } - if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { - dorebind = 1; - } - } - - if ( dorebind ) { + case LDAP_BACK_CFG_REBIND: + if ( c->argc == 1 || c->value_int ) { li->li_flags |= LDAP_BACK_F_SAVECRED; } else { li->li_flags &= ~LDAP_BACK_F_SAVECRED; } - } break; - - case LDAP_BACK_CFG_CHASE: { - int dochase = 0; - - if ( c->argc == 1 ) { - /* legacy */ - dochase = 1; - - } else { - i = verb_to_mask( c->argv[1], yn_mode ); - if ( BER_BVISNULL( &yn_mode[i].word ) ) { - return 1; - } - if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { - dochase = 1; - } - } + break; - if ( dochase ) { + case LDAP_BACK_CFG_CHASE: + if ( c->argc == 1 || c->value_int ) { li->li_flags |= LDAP_BACK_F_CHASE_REFERRALS; } else { li->li_flags &= ~LDAP_BACK_F_CHASE_REFERRALS; } - } break; + break; case LDAP_BACK_CFG_T_F: i = verb_to_mask( c->argv[1], t_f_mode ); @@ -1132,33 +1067,16 @@ done_url:; li->li_flags |= t_f_mode[i].mask; break; - case LDAP_BACK_CFG_WHOAMI: { - int dowhoami = 0; - - if ( c->argc == 1 ) { - /* legacy */ - dowhoami = 1; - - } else { - i = verb_to_mask( c->argv[1], yn_mode ); - if ( BER_BVISNULL( &yn_mode[i].word ) ) { - return 1; - } - if ( yn_mode[i].mask & LDAP_BACK_C_YES ) { - dowhoami = 1; - } - } - - if ( dowhoami ) { + case LDAP_BACK_CFG_WHOAMI: + if ( c->argc == 1 || c->value_int ) { li->li_flags |= LDAP_BACK_F_PROXY_WHOAMI; - load_extop( (struct berval *)&slap_EXOP_WHOAMI, 0, ldap_back_exop_whoami ); } else { li->li_flags &= ~LDAP_BACK_F_PROXY_WHOAMI; } - } break; + break; case LDAP_BACK_CFG_TIMEOUT: if ( c->argc < 2 ) { diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 7738724f32..0c9fc58798 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -198,10 +198,14 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { if(c->argc == 1) { iarg = 1; } else if(!strcasecmp(c->argv[1], "on") || - !strcasecmp(c->argv[1], "true")) { + !strcasecmp(c->argv[1], "true") || + !strcasecmp(c->argv[1], "yes")) + { iarg = 1; } else if(!strcasecmp(c->argv[1], "off") || - !strcasecmp(c->argv[1], "false")) { + !strcasecmp(c->argv[1], "false") || + !strcasecmp(c->argv[1], "no")) + { iarg = 0; } else { snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored", -- 2.39.5