INSTALL_DATA = $(INSTALL) -m 644
INSTALL_SCRIPT = $(INSTALL)
+STRIP = -s
+
LINT = lint
5LINT = 5lint
-$(MKDIR) $(DESTDIR)$(bindir)
@( \
for prg in $(PROGRAMS); do \
- $(LTINSTALL) $(INSTALLFLAGS) -s -m 755 $$prg$(EXEEXT) \
+ $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 $$prg$(EXEEXT) \
$(DESTDIR)$(bindir); \
done \
)
#endif
N_(" [!]postread[=<attrs>] (a comma-separated attribute list)\n")
N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n"),
-N_(" abandon, cancel (SIGINT sends abandon/cancel (not really controls)\n")
+N_(" abandon, cancel (SIGINT sends abandon/cancel; not really controls)\n")
N_(" -f file read operations from `file'\n"),
N_(" -h host LDAP server\n"),
N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
#include <ac/string.h>
#include <ac/unistd.h>
#include <ac/errno.h>
+#include <ac/time.h>
#include <sys/stat.h>
#ifdef HAVE_FCNTL_H
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/unistd.h>
+#include <ac/time.h>
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
BUILD_TRANSLUCENT=no
BUILD_UNIQUE=no
+SLAPD_STATIC_OVERLAYS=
SLAPD_DYNAMIC_OVERLAYS=
SLAPD_MODULES_LDFLAGS=
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_DENYOP,$MFLAG,[define for Dynamic Group overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dyngroup.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dyngroup.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNGROUP,$MFLAG,[define for Dynamic Group overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dynlist.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dynlist.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS glue.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS glue.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_GLUE,$MFLAG,[define for Backend Glue overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_LASTMOD,$MFLAG,[define for Last Modification overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS ppolicy.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS ppolicy.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_PPOLICY,$MFLAG,[define for Password Policy overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS pcache.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS pcache.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_PROXYCACHE,$MFLAG,[define for Proxy Cache overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS refint.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS refint.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_REFINT,$MFLAG,[define for Referential Integrity overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS rwm.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS rwm_x.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_RWM,$MFLAG,[define for Rewrite/Remap overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS syncprov.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS syncprov.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_SYNCPROV,$MFLAG,[define for Syncrepl Provider overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS translucent.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS translucent.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_TRANSLUCENT,$MFLAG,[define for Translucent Proxy overlay])
fi
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS unique.la"
else
MFLAG=SLAPD_MOD_STATIC
+ SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS unique.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_UNIQUE,$MFLAG,[define for Attribute Uniqueness overlay])
fi
AC_SUBST(SLAPD_NO_STATIC)
AC_SUBST(SLAPD_STATIC_BACKENDS)
AC_SUBST(SLAPD_DYNAMIC_BACKENDS)
+AC_SUBST(SLAPD_STATIC_OVERLAYS)
AC_SUBST(SLAPD_DYNAMIC_OVERLAYS)
AC_SUBST(PERL_CPPFLAGS)
[\c
.BR \-z ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
Run in quiet mode, no output is written. You must check the return
status. Useful in shell scripts.
.TP
-.B \-k
-Use Kerberos IV authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket.
-.B ldapcompare
-must be compiled with Kerberos support for this option to have any effect.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos Domain Controller(s).
-.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-c ]
[\c
.BR \-M[M] ]
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-k
-Use Kerberos IV authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket. This option
-only has effect if
-.B ldapdelete
-is compiled with Kerberos support.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos Domain Controller(s).
-.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapdelete
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-k
-Use Kerberos IV authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket. You must
-compile with Kerberos support for this option to have any effect.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos Domain Controller(s).
-.TP
.B \-F
Force application of all changes regardless of the contents of input
lines that begin with
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-c ]
[\c
.BR \-M[M] ]
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-k
-Use Kerberos IV authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket.
-.B ldapmodrdn
-must be compiled with Kerberos support for this option to have effect.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos Domain Controller(s).
-.TP
.B \-c
Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-t ]
[\c
.BR \-A ]
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
-.B \-k
-Use Kerberos IV authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket.
-.B ldapsearch
-must be compiled with Kerberos support for this option to have any effect.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos Domain Controller(s).
-.TP
.B \-t
Write retrieved non-printable values to a set of temporary files. This
is useful for dealing with values containing non-character data such as
.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_kerberos_bind_s, ldap_kerberos_bind1, ldap_kerberos_bind1_s, ldap_kerberos_bind2, ldap_kerberos_bind2_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
+ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
-.BI "int ldap_kerberos_bind_s(LDAP *" ld ", const char *" who ");"
-.LP
-.BI "int ldap_kerberos_bind1(LDAP *" ld ", const char *" who ");"
-.LP
-.BI "int ldap_kerberos_bind1_s(LDAP *" ld ", const char *" who ");"
-.LP
-.BI "int ldap_kerberos_bind2(LDAP *" ld ", const char *" who ");"
-.LP
-.BI "int ldap_kerberos_bind2_s(LDAP *" ld ", const char *" who ");"
-.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
-There are many types of bind calls, providing simple authentication, Kerberos
-version 4 authentication, and general routines to do either one, as
-well as calls using
+There are three types of bind calls, ones providing simple authentication,
+ones providing SASL authentication, and general routines capable of doing
+either simple or SASL authentication.
+.LP
.B SASL
(Simple Authentication and Security Layer)
that can negotiate one of many different kinds of authentication.
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.LP
-Kerberos version 4 has been superseded by Kerberos version 5, and the
-Kerberos version 4 support is only provided for backward compatibility. The
-SASL interfaces should be used for new applications. SASL provides
-a general interface for using Kerberos versions 4 and 5 and many other
-security systems.
-.LP
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
returning the message id of the request it sent. The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
-.SH KERBEROS AUTHENTICATION
-If the LDAP library and LDAP server being contacted have been
-compiled with the KERBEROS option defined,
-Kerberos version 4 authentication can be performed. As mentioned above,
-these Kerberos routines are provided only for backward compatibility.
-.LP
-These routines assume the user already
-has obtained a ticket granting ticket. The routines take \fIwho\fP, the DN
-of the entry to bind as. The
-.B ldap_kerberos_bind_s()
-routine does both steps of the Kerberos binding process synchronously. The
-.B ldap_kerberos_bind1_s()
-and
-.B ldap_kerberos_bind2_s()
-routines allow synchronous access to the
-individual steps, authenticating to the LDAP server and X.500 DSA, respectively.
-The
-.B ldap_kerberos_bind1()
-and
-.B ldap_kerberos_bind2()
-routines provide equivalent asynchronous access.
-.LP
-The
-.B ldap_kerberos_bind_s()
-routine is used to perform both authentication steps when contacting
-an LDAP server that is a gateway to an X.500 DSA. This kind of server
-configuration is only supported in the (very old) University of Michigan LDAP
-release. The OpenLDAP package no longer provides this gateway server.
-The standalone LDAP server provided in OpenLDAP may still be configured
-with Kerberos version 4 support, but it only requires one authentication
-step, and will return an error if the second step is attempted. Therefore,
-only the
-.B ldap_kerberos_bind1()
-routine or its synchronous equivalent may be used when contacting an
-OpenLDAP server.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
routines can be used when the
authentication method to use needs to be selected at runtime. They
both take an extra \fImethod\fP parameter selecting the authentication
-method to use. It should be set to one of LDAP_AUTH_SIMPLE,
-LDAP_AUTH_KRBV41, or LDAP_AUTH_KRBV42, to select simple authentication,
-Kerberos authentication to the LDAP server, or Kerberos authentication
-to the X.500 DSA, respectively.
+method to use. It should be set to LDAP_AUTH_SIMPLE
+to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
ldap_simple_bind_s.3
ldap_sasl_bind.3
ldap_sasl_bind_s.3
-ldap_kerberos_bind_s.3
-ldap_kerberos_bind1.3
-ldap_kerberos_bind1_s.3
-ldap_kerberos_bind2.3
-ldap_kerberos_bind2_s.3
ldap_unbind.3
ldap_unbind_ext.3
ldap_unbind_s.3
disables acceptance of anonymous bind requests.
.B bind_simple
disables simple (bind) authentication.
-.B bind_krbv4
-disables Kerberos V4 (bind) authentication.
.B tls_2_anon
disables Start TLS from forcing session to anonymous status (see also
.BR tls_authc ).
Specify the maximum incoming LDAP PDU size for authenticated sessions.
The default is 4194303.
.TP
-.B srvtab <filename>
-Specify the srvtab file in which the kerberos keys necessary for
-authenticating clients using kerberos can be found. This option is only
-meaningful if you are using Kerberos authentication.
-.TP
.B threads <integer>
Specify the maximum size of the primary thread pool.
The default is 16.
.SH SYNOPSIS
.B LIBEXECDIR/slurpd [\-d debug\-level]
.B [\-f slapd\-config\-file] [\-r slapd\-replog\-file]
-.B [\-t temp\-dir] [\-o] [\-k srvtab\-file]
+.B [\-t temp\-dir] [\-o]
.B
.SH DESCRIPTION
.LP
This option allows you to specify the location of these temporary files.
The default is
.BR LOCALSTATEDIR/openldap-slurp .
-.TP
-.BI \-k " srvtab\-file"
-Specify the location of the kerberos srvtab file which contains keys
-for the replica
-.I slapd
-instances. Overrides the srvtab argument to the
-replica directive in the
-.I slapd
-configuration file.
.SH EXAMPLES
To start
.I slurpd
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U)
-#define LDAP_EXOP_X_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
-#define LDAP_EXOP_X_CANCEL "1.3.6.1.1.8"
+#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
+#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
+
+#define LDAP_EXOP_CANCEL "1.3.6.1.1.8"
+#define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL
+
+#define LDAP_EXOP_X_TURN "1.3.6.1.4.1.4203.666.6.4"
/* LDAP Grouping of Related Operations *//* a work in progress */
#ifdef LDAP_DEVEL
int *msgidp ));
LDAP_F( int )
-ldap_cancel_s LDAP_P((
- LDAP *ld,
+ldap_cancel_s LDAP_P(( LDAP *ld,
int cancelid,
LDAPControl **sctrl,
LDAPControl **cctrl ));
+/*
+ * LDAP Turn Extended Operation <draft-zeilenga-ldap-turn-xx.txt>
+ * in turn.c
+ */
+#define LDAP_API_FEATURE_TURN 1000
+
+LDAP_F( int )
+ldap_turn LDAP_P(( LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_turn_s LDAP_P(( LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrl,
+ LDAPControl **cctrl ));
+
/*
* LDAP Server Side Sort
* in sortctrl.c
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- groupings.c txn.c ppolicy.c
+ turn.c groupings.c txn.c ppolicy.c
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- groupings.lo txn.lo ppolicy.lo
+ turn.lo groupings.lo txn.lo ppolicy.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
}
if ( lm->lm_chain == NULL ) {
+ assert(lm->lm_chain_tail == lm);
if ((lm->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
(lm->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) ||
(lm->lm_msgtype == LDAP_RES_INTERMEDIATE)) {
tmp = lm;
}
} else {
+ assert(lm->lm_chain_tail);
+ assert(lm->lm_chain_tail->lm_chain);
if ((lm->lm_chain_tail->lm_chain->lm_msgtype
== LDAP_RES_SEARCH_ENTRY) ||
(lm->lm_chain_tail->lm_chain->lm_msgtype
? lm->lm_chain : lm->lm_next);
}
if ( all == LDAP_MSG_ONE && lm->lm_chain != NULL ) {
- lm->lm_chain->lm_next = lm->lm_next;
- lm->lm_chain = NULL;
+ lm->lm_chain->lm_next = lm->lm_next;
+ lm->lm_chain->lm_chain_tail = ( lm->lm_chain_tail != lm ) ? lm->lm_chain_tail : lm->lm_chain;
+ assert(lm->lm_chain->lm_chain_tail);
+ lm->lm_chain = NULL;
+ lm->lm_chain_tail = NULL;
}
lm->lm_next = NULL;
}
/* part of a search response - add to end of list of entries */
if (l->lm_chain == NULL) {
- if ((l->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
- (l->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) ||
- (l->lm_msgtype == LDAP_RES_INTERMEDIATE)) {
- /* do not advance lm_chain_tail in this case */
- l->lm_chain = new;
- } else {
- /*FIXME: ldap_msgfree( l );*/
- l = new;
- l->lm_chain_tail = new;
- }
+ assert(l->lm_chain_tail == l);
+ l->lm_chain = new;
} else {
+ assert(l->lm_chain_tail);
+ assert(l->lm_chain_tail->lm_chain);
if ((l->lm_chain_tail->lm_chain->lm_msgtype
== LDAP_RES_SEARCH_ENTRY) ||
(l->lm_chain_tail->lm_chain->lm_msgtype
--- /dev/null
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * LDAPv3 Turn Operation Request
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
+
+int
+ldap_turn(
+ LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *turnvalber = NULL;
+ struct berval *turnvalp = NULL;
+ int rc;
+
+ turnvalber = ber_alloc_t( LBER_USE_DER );
+ if( mutual ) {
+ ber_printf( turnvalber, "{bs}", mutual, identifier );
+ } else {
+ ber_printf( turnvalber, "{s}", identifier );
+ }
+ ber_flatten( turnvalber, &turnvalp );
+
+ rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN,
+ turnvalp, sctrls, cctrls, msgidp );
+ ber_free( turnvalber, 1 );
+ return rc;
+}
+
+int
+ldap_turn_s(
+ LDAP *ld,
+ int mutual,
+ LDAP_CONST char* identifier,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls )
+{
+ BerElement *turnvalber = NULL;
+ struct berval *turnvalp = NULL;
+ int rc;
+
+ turnvalber = ber_alloc_t( LBER_USE_DER );
+ if( mutual ) {
+ ber_printf( turnvalber, "{bs}", 0xFF, identifier );
+ } else {
+ ber_printf( turnvalber, "{s}", identifier );
+ }
+ ber_flatten( turnvalber, &turnvalp );
+
+ rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TURN,
+ turnvalp, sctrls, cctrls, NULL, NULL );
+ ber_free( turnvalber, 1 );
+ return rc;
+}
+
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- groupings.c txn.c ppolicy.c
+ turn.c groupings.c txn.c ppolicy.c
SRCS = threads.c rdwr.c tpool.c rq.c \
thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
thr_pth.c thr_stub.c
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- groupings.lo txn.lo ppolicy.lo
+ turn.lo groupings.lo txn.lo ppolicy.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries