From fcdcc290d72e31500481c7184aa09b92fd0755d9 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Tue, 12 Feb 2008 00:52:49 +0000 Subject: [PATCH] ITS#5328 ITS#4937 --- CHANGES | 1 + servers/slapd/back-relay/op.c | 493 +++++++++++----------------------- tests/scripts/relay | 24 +- 3 files changed, 175 insertions(+), 343 deletions(-) diff --git a/CHANGES b/CHANGES index 6c4a589571..b2bf1f9217 100644 --- a/CHANGES +++ b/CHANGES @@ -26,6 +26,7 @@ OpenLDAP 2.4.8 Engineering Added slapd-bdb/slapd-hdb DB encryption (ITS#5359) Fixed slapd-ldif delete (ITS#5265) Fixed slapd-monitor crash (ITS#5311) + Fixed slapd-relay compare (ITS#4937) Added slapd-sock (ITS#4094) Added slapo-autogroup contrib module (ITS#5145) Added slapo-constraint cross-attribute constraints (ITS#4987) diff --git a/servers/slapd/back-relay/op.c b/servers/slapd/back-relay/op.c index 7194adb5c1..7c453af925 100644 --- a/servers/slapd/back-relay/op.c +++ b/servers/slapd/back-relay/op.c @@ -25,6 +25,17 @@ #include "slap.h" #include "back-relay.h" +#define RB_ERR_MASK (0x0000FFFFU) +#define RB_ERR (0x10000000U) +#define RB_UNSUPPORTED_FLAG (0x20000000U) +#define RB_REFERRAL (0x40000000U) +#define RB_SEND (0x80000000U) +#define RB_UNSUPPORTED (LDAP_UNWILLING_TO_PERFORM|RB_ERR|RB_UNSUPPORTED_FLAG) +#define RB_UNSUPPORTED_SEND (RB_UNSUPPORTED|RB_SEND) +#define RB_REFERRAL_SEND (RB_REFERRAL|RB_SEND) +#define RB_ERR_SEND (RB_ERR|RB_SEND) +#define RB_ERR_REFERRAL_SEND (RB_ERR|RB_REFERRAL|RB_SEND) + static int relay_back_swap_bd( Operation *op, SlapReply *rs ) { @@ -37,451 +48,302 @@ relay_back_swap_bd( Operation *op, SlapReply *rs ) return SLAP_CB_CONTINUE; } -static void -relay_back_add_cb( slap_callback *cb, Operation *op ) -{ - cb->sc_next = op->o_callback; - cb->sc_response = relay_back_swap_bd; - cb->sc_cleanup = relay_back_swap_bd; - cb->sc_private = op->o_bd; - op->o_callback = cb; -} +#define relay_back_add_cb( cb, op ) \ + { \ + (cb)->sc_next = (op)->o_callback; \ + (cb)->sc_response = relay_back_swap_bd; \ + (cb)->sc_cleanup = relay_back_swap_bd; \ + (cb)->sc_private = (op)->o_bd; \ + (op)->o_callback = (cb); \ + } /* * selects the backend if not enforced at config; * in case of failure, behaves based on err: * -1 don't send result - * LDAP_SUCCESS don't send result; may send referral - * any valid error send as error result + * LDAP_SUCCESS don't send result; may send referral if dosend + * any valid error send as error result if dosend */ static BackendDB * -relay_back_select_backend( Operation *op, SlapReply *rs, int err, int dosend ) +relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode ) { relay_back_info *ri = (relay_back_info *)op->o_bd->be_private; BackendDB *bd = ri->ri_bd; + int rc = ( fail_mode & RB_ERR_MASK ); if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) { bd = select_backend( &op->o_req_ndn, 1 ); if ( bd == op->o_bd ) { - if ( err > LDAP_SUCCESS && dosend ) { - send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "back-relay would call self" ); + Debug( LDAP_DEBUG_ANY, + "%s: back-relay for DN=\"%s\" would call self.\n", + op->o_log_prefix, op->o_req_dn.bv_val, 0 ); + if ( fail_mode & RB_ERR ) { + rs->sr_err = rc; + if ( fail_mode & RB_SEND ) { + send_ldap_result( op, rs ); + } } + return NULL; } } - if ( bd == NULL && err > -1 ) { - if ( default_referral ) { + if ( bd == NULL ) { + if ( ( fail_mode & RB_REFERRAL ) + && ( fail_mode & RB_SEND ) + && !BER_BVISNULL( &op->o_req_ndn ) + && default_referral ) + { rs->sr_err = LDAP_REFERRAL; - if ( dosend ) { - rs->sr_ref = referral_rewrite( - default_referral, - NULL, &op->o_req_dn, - LDAP_SCOPE_DEFAULT ); - if ( !rs->sr_ref ) { - rs->sr_ref = default_referral; - } - send_ldap_result( op, rs ); - - if ( rs->sr_ref != default_referral ) { - ber_bvarray_free( rs->sr_ref ); - } + /* if we set sr_err to LDAP_REFERRAL, + * we must provide one */ + rs->sr_ref = referral_rewrite( + default_referral, + NULL, &op->o_req_dn, + LDAP_SCOPE_DEFAULT ); + if ( !rs->sr_ref ) { + rs->sr_ref = default_referral; } - } else { - /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind, - * LDAP_NO_SUCH_OBJECT for other operations. - * noSuchObject cannot be returned by bind */ - rs->sr_err = err; - if ( dosend ) { - send_ldap_result( op, rs ); + send_ldap_result( op, rs ); + + if ( rs->sr_ref != default_referral ) { + ber_bvarray_free( rs->sr_ref ); } + + return NULL; + } + + /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind, + * LDAP_NO_SUCH_OBJECT for other operations. + * noSuchObject cannot be returned by bind */ + rs->sr_err = rc; + if ( fail_mode & RB_SEND ) { + send_ldap_result( op, rs ); } } return bd; } -int -relay_back_op_bind( Operation *op, SlapReply *rs ) +static int +relay_back_op( + Operation *op, + SlapReply *rs, + BackendDB *bd, + BI_op_func *func, + slap_mask_t fail_mode ) { - BackendDB *bd; - int rc = 1; - - /* allow rootdn as a means to auth without the need to actually - * contact the proxied DSA */ - switch ( be_rootdn_bind( op, rs ) ) { - case SLAP_CB_CONTINUE: - break; - - default: - return rs->sr_err; - } - - bd = relay_back_select_backend( op, rs, LDAP_INVALID_CREDENTIALS, 1 ); - if ( bd == NULL ) { - return rc; - } + int rc = ( fail_mode & RB_ERR_MASK ); - if ( bd->be_bind ) { + if ( func ) { BackendDB *be = op->o_bd; slap_callback cb; relay_back_add_cb( &cb, op ); op->o_bd = bd; - rc = bd->be_bind( op, rs ); + rc = func( op, rs ); op->o_bd = be; if ( op->o_callback == &cb ) { op->o_callback = op->o_callback->sc_next; } - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + } else if ( fail_mode & RB_ERR ) { + rs->sr_err = rc; + if ( fail_mode & RB_UNSUPPORTED_FLAG ) { + rs->sr_text = "operation not supported within naming context"; + } + + if ( fail_mode & RB_SEND ) { + send_ldap_result( op, rs ); + } } return rc; } int -relay_back_op_unbind( Operation *op, SlapReply *rs ) +relay_back_op_bind( Operation *op, SlapReply *rs ) { - BackendDB *bd; - int rc = 1; + BackendDB *bd; - bd = relay_back_select_backend( op, rs, LDAP_SUCCESS, 0 ); - if ( bd == NULL ) { - return 1; + /* allow rootdn as a means to auth without the need to actually + * contact the proxied DSA */ + switch ( be_rootdn_bind( op, rs ) ) { + case SLAP_CB_CONTINUE: + break; + + default: + return rs->sr_err; } - if ( bd && bd->be_unbind ) { - BackendDB *be = op->o_bd; - slap_callback cb; + bd = relay_back_select_backend( op, rs, + ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) ); + if ( bd == NULL ) { + return rs->sr_err; + } - relay_back_add_cb( &cb, op ); + return relay_back_op( op, rs, bd, bd->be_bind, + ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) ); +} - op->o_bd = bd; - rc = bd->be_unbind( op, rs ); - op->o_bd = be; +int +relay_back_op_unbind( Operation *op, SlapReply *rs ) +{ + BackendDB *bd; - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } + bd = relay_back_select_backend( op, rs, 0 ); + if ( bd != NULL ) { + (void)relay_back_op( op, rs, bd, bd->be_unbind, 0 ); } return 0; - } int relay_back_op_search( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_search ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_search( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_search, + RB_UNSUPPORTED_SEND ); } int relay_back_op_compare( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_compare ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_compare( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_compare, + ( SLAP_CB_CONTINUE | RB_ERR ) ); } int relay_back_op_modify( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_modify ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_modify( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_modify, + RB_UNSUPPORTED_SEND ); } int relay_back_op_modrdn( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_modrdn ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_modrdn( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_modrdn, + RB_UNSUPPORTED_SEND ); } int relay_back_op_add( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_add ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_add( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_add, + RB_UNSUPPORTED_SEND ); } int relay_back_op_delete( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_delete ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_delete( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_delete, + RB_UNSUPPORTED_SEND ); } int relay_back_op_abandon( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_SUCCESS, 0 ); + bd = relay_back_select_backend( op, rs, 0 ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_abandon ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_abandon( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_abandon, 0 ); } int relay_back_op_cancel( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; + int rc; - bd = relay_back_select_backend( op, rs, LDAP_CANNOT_CANCEL, 0 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_CANNOT_CANCEL | RB_ERR ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_cancel ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_cancel( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; + if ( op->o_cancel == SLAP_CANCEL_REQ ) { + op->o_cancel = LDAP_CANNOT_CANCEL; } + return rs->sr_err; + } - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + rc = relay_back_op( op, rs, bd, bd->be_cancel, + ( LDAP_CANNOT_CANCEL | RB_ERR ) ); + if ( rc == LDAP_CANNOT_CANCEL && op->o_cancel == SLAP_CANCEL_REQ ) + { + op->o_cancel = LDAP_CANNOT_CANCEL; } return rc; - } int relay_back_op_extended( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_NO_SUCH_OBJECT, 0 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_REFERRAL ) ); if ( bd == NULL ) { - return 1; - } - - if ( bd->be_extended ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_extended( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - - } else { - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "operation not supported " - "within naming context" ); + return rs->sr_err; } - return rc; - + return relay_back_op( op, rs, bd, bd->be_extended, + RB_UNSUPPORTED ); } int @@ -550,9 +412,9 @@ int relay_back_chk_referrals( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 0; - bd = relay_back_select_backend( op, rs, LDAP_SUCCESS, 1 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_SUCCESS | RB_ERR_REFERRAL_SEND ) ); /* FIXME: this test only works if there are no overlays, so * it is nearly useless; if made stricter, no nested back-relays * can be instantiated... too bad. */ @@ -569,32 +431,16 @@ relay_back_chk_referrals( Operation *op, SlapReply *rs ) } } - if ( bd->be_chk_referrals ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_chk_referrals( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - } - - return rc; - + return relay_back_op( op, rs, bd, bd->be_chk_referrals, 0 ); } int relay_back_operational( Operation *op, SlapReply *rs ) { BackendDB *bd; - int rc = 1; - bd = relay_back_select_backend( op, rs, LDAP_SUCCESS, 0 ); + bd = relay_back_select_backend( op, rs, + ( LDAP_SUCCESS | RB_ERR ) ); /* FIXME: this test only works if there are no overlays, so * it is nearly useless; if made stricter, no nested back-relays * can be instantiated... too bad. */ @@ -602,23 +448,7 @@ relay_back_operational( Operation *op, SlapReply *rs ) return 0; } - if ( bd->be_operational ) { - BackendDB *be = op->o_bd; - slap_callback cb; - - relay_back_add_cb( &cb, op ); - - op->o_bd = bd; - rc = bd->be_operational( op, rs ); - op->o_bd = be; - - if ( op->o_callback == &cb ) { - op->o_callback = op->o_callback->sc_next; - } - } - - return rc; - + return relay_back_op( op, rs, bd, bd->be_operational, 0 ); } int @@ -628,7 +458,8 @@ relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs ) BackendDB *bd; int rc = 1; - bd = relay_back_select_backend( op, &rs, LDAP_SUCCESS, 0 ); + bd = relay_back_select_backend( op, &rs, + ( LDAP_SUCCESS | RB_ERR ) ); /* FIXME: this test only works if there are no overlays, so * it is nearly useless; if made stricter, no nested back-relays * can be instantiated... too bad. */ diff --git a/tests/scripts/relay b/tests/scripts/relay index 234c300ddf..8290a2428c 100755 --- a/tests/scripts/relay +++ b/tests/scripts/relay @@ -61,7 +61,7 @@ cat /dev/null > $SEARCHOUT BASEDN="dc=example,dc=com" echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -72,7 +72,7 @@ fi BASEDN="o=Example,c=US" echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -83,7 +83,7 @@ fi BASEDN="o=Esempio,c=IT" echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -94,7 +94,7 @@ fi BASEDN="o=Beispiel,c=DE" echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -233,7 +233,7 @@ fi echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -244,7 +244,7 @@ fi BASEDN="o=Esempio,c=IT" echo "Searching base=\"$BASEDN\"..." echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Search failed ($RC)!" @@ -261,7 +261,7 @@ echo "# attrs=\"'*' ref\"" >> $SEARCHOUT BASEDN="dc=example,dc=com" echo " base=\"$BASEDN\"..." echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -273,7 +273,7 @@ fi BASEDN="o=Example,c=US" echo " base=\"$BASEDN\"..." echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -285,7 +285,7 @@ fi BASEDN="o=Esempio,c=IT" echo " base=\"$BASEDN\"..." echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -302,7 +302,7 @@ echo " base=\"$BASEDN\"..." echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT echo "# attrs=\"seeAlso\"" >> $SEARCHOUT echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" seeAlso \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" seeAlso \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -318,7 +318,7 @@ echo " base=\"$BASEDN\"..." echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT echo "# attrs=\"uid\"" >> $SEARCHOUT echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" uid \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" uid \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -334,7 +334,7 @@ echo " base=\"$BASEDN\"..." echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT echo "# attrs=\"member\"" >> $SEARCHOUT echo "# base=\"$BASEDN\"..." >> $SEARCHOUT -$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" member \ +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" member \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then -- 2.39.5