OpenLDAP 2.3 Change Log
-OpenLDAP 2.3.0alpha Release
- Alpha release
+OpenLDAP 2.3.1alpha Release
+ Changes not tracked
-Copyright 1998-2004 The OpenLDAP Foundation
+Copyright 1998-2005 The OpenLDAP Foundation
All rights reserved.
Redistribution and use in source and binary forms, with or without
This work is part of OpenLDAP Software <http://www.openldap.org/>.
-Copyright 1998-2004 The OpenLDAP Foundation.
+Copyright 1998-2005 The OpenLDAP Foundation.
All rights reserved.
Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
This work is part of OpenLDAP Software <http://www.openldap.org/>.
-Copyright 1998-2004 The OpenLDAP Foundation. All rights reserved.
+Copyright 1998-2005 The OpenLDAP Foundation.
+All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation
+ * Copyright 1998-2005 The OpenLDAP Foundation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
dnl $OpenLDAP$
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
-dnl Copyright 1998-2004 The OpenLDAP Foundation.
+dnl Copyright 1998-2005 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
-dnl Copyright 1998-2004 The OpenLDAP Foundation.
+dnl Copyright 1998-2005 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1998-2004 The OpenLDAP Foundation.
+# Copyright 1998-2005 The OpenLDAP Foundation.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002 Free Software Foundation, Inc.
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP inself.
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1998-2004 The OpenLDAP Foundation.
+# Copyright 1998-2005 The OpenLDAP Foundation.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002 Free Software Foundation, Inc.
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP inself.
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
set -e # exit immediately if any errors occur
-find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2004 The OpenLDAP Foundation/g;' {} \;
+find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2005 The OpenLDAP Foundation/g;' {} \;
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP inself.
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
echo CVS Tag: $CVSTAG
echo Modules: $*
-cvs -q export -r $CVSTAG -d $RELNAME $*
+cvs -q export -kkv -r $CVSTAG -d $RELNAME $*
if test ! -d $RELNAME ; then
echo "error: $RELNAME doesn't exists"
if test ! -e $RELNAME/build/version.sh ; then
echo "No build version"
- exit 1
+ OL_STRING="something"
+else
+ eval `$RELNAME/build/version.sh`
fi
-eval `$RELNAME/build/version.sh`
+echo "Rolling up $OL_STRING ..."
+
tar cf $RELNAME.tar $RELNAME
gzip -9 -c $RELNAME.tar > $RELNAME.tgz
:: $OpenLDAP$
:: This work is part of OpenLDAP Software <http://www.openldap.org/>.
::
-:: Copyright 1998-2004 The OpenLDAP Foundation.
+:: Copyright 1998-2005 The OpenLDAP Foundation.
:: All rights reserved.
::
:: Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
cat << __EOF__
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
static const char copyright[] =
-"Copyright 1998-2004 The OpenLDAP Foundation. All rights reserved.\n"
+"Copyright 1998-2005 The OpenLDAP Foundation. All rights reserved.\n"
"COPYING RESTRICTIONS APPLY\n";
$static $const char $SYMBOL[] =
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
dnl $OpenLDAP$
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
-dnl Copyright 1998-2004 The OpenLDAP Foundation.
+dnl Copyright 1998-2005 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
static const char copyright[] =
-"Copyright 1998-2004 The OpenLDAP Foundation. All rights reserved.\n"
+"Copyright 1998-2005 The OpenLDAP Foundation. All rights reserved.\n"
"COPYING RESTRICTIONS APPLY.\n";
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# Clients Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# Makefile for LDAP tools
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
done \
)
$(RM) $(DESTDIR)$(bindir)/ldapadd$(EXEEXT)
- $(LN) $(DESTDIR)$(bindir)/ldapmodify$(EXEEXT) $(DESTDIR)$(bindir)/ldapadd$(EXEEXT)
+ $(LN_S) $(DESTDIR)$(bindir)/ldapmodify$(EXEEXT) $(DESTDIR)$(bindir)/ldapadd$(EXEEXT)
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
-# Copyright 1998-2004 The OpenLDAP Foundation.
+# Copyright 1998-2005 The OpenLDAP Foundation.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.
-echo "Copyright 1998-2004 The OpenLDAP Foundation. All rights reserved."
+echo "Copyright 1998-2005 The OpenLDAP Foundation. All rights reserved."
echo " Restrictions apply, see COPYRIGHT and LICENSE files."
# Guess values for system-dependent variables and create Makefiles.
PLAT=UNIX
fi
-if test -z "$SLAPD_STATIC_BACKENDS"; then
- SLAPD_NO_STATIC='#'
-else
- SLAPD_NO_STATIC=
-fi
-
-BACKEND_HEADER=servers/slapd/backend.h
-cat > $BACKEND_HEADER << EOF
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2004 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* This file is automatically generated by configure; please do not edit.
- */
-
-EOF
-
-for b in $SLAPD_STATIC_BACKENDS; do
- bb=`echo "$b" | sed -e 's;back-;;'`
-
- cat >> $BACKEND_HEADER << EOF
-extern BI_init ${bb}_back_initialize;
-EOF
-done
-
-cat >> $BACKEND_HEADER << EOF
-
-static BackendInfo binfo[] = {
-EOF
-
-for b in $SLAPD_STATIC_BACKENDS; do
- bb=`echo "$b" | sed -e 's;back-;;'`
-
- cat >> $BACKEND_HEADER << EOF
- { "$bb", ${bb}_back_initialize },
-EOF
-done
-
-cat >> $BACKEND_HEADER << EOF
- { NULL, NULL }
-};
-
-/* end of generated file */
-EOF
-
EOF
cat >> $CONFIG_STATUS <<EOF
-
+STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS"
EOF
cat >> $CONFIG_STATUS <<\EOF
chmod +x tests/run
date > stamp-h
+BACKENDSC="servers/slapd/backends.c"
+echo "Making $BACKENDSC"
+rm -f $BACKENDSC
+cat > $BACKENDSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2005 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_BACKENDS}"; then
+ for b in ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ cat >> $BACKENDSC << ENDX
+extern BI_init ${bb}_back_initialize;
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+
+BackendInfo slap_binfo[] = {
+ENDX
+
+ for b in ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ echo " Add ${bb} ..."
+ cat >> $BACKENDSC << ENDX
+ { "${bb}", ${bb}_back_initialize },
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+fi
+
echo Please run \"make depend\" to build dependencies
exit 0
dnl $OpenLDAP$
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
-dnl Copyright 1998-2004 The OpenLDAP Foundation.
+dnl Copyright 1998-2005 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
-# Copyright 1998-2004 The OpenLDAP Foundation.
+# Copyright 1998-2005 The OpenLDAP Foundation.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.
-echo "Copyright 1998-2004 The OpenLDAP Foundation. All rights reserved."
+echo "Copyright 1998-2005 The OpenLDAP Foundation. All rights reserved."
echo " Restrictions apply, see COPYRIGHT and LICENSE files."
])dnl
dnl ----------------------------------------------------------------
PLAT=UNIX
fi
-if test -z "$SLAPD_STATIC_BACKENDS"; then
- SLAPD_NO_STATIC='#'
-else
- SLAPD_NO_STATIC=
-fi
-
-dnl Generate static backend header file
-BACKEND_HEADER=servers/slapd/backend.h
-cat > $BACKEND_HEADER << EOF
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2004 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* This file is automatically generated by configure; please do not edit.
- */
-
-EOF
-
-for b in $SLAPD_STATIC_BACKENDS; do
- bb=`echo "$b" | sed -e 's;back-;;'`
-
- cat >> $BACKEND_HEADER << EOF
-extern BI_init ${bb}_back_initialize;
-EOF
-done
-
-cat >> $BACKEND_HEADER << EOF
-
-static BackendInfo binfo[[]] = {
-EOF
-
-for b in $SLAPD_STATIC_BACKENDS; do
- bb=`echo "$b" | sed -e 's;back-;;'`
-
- cat >> $BACKEND_HEADER << EOF
- { "$bb", ${bb}_back_initialize },
-EOF
-done
-
-cat >> $BACKEND_HEADER << EOF
- { NULL, NULL }
-};
-
-/* end of generated file */
-EOF
-dnl done generating static backend header file
-
AC_SUBST(LIBSRCS)
AC_SUBST(PLAT)
AC_SUBST(WITH_SASL)
,[
chmod +x tests/run
date > stamp-h
+BACKENDSC="servers/slapd/backends.c"
+echo "Making $BACKENDSC"
+rm -f $BACKENDSC
+cat > $BACKENDSC << ENDX
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2005 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* This file is automatically generated by configure; please do not edit. */
+
+#include "portable.h"
+#include "slap.h"
+
+ENDX
+if test "${STATIC_BACKENDS}"; then
+ for b in ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ cat >> $BACKENDSC << ENDX
+extern BI_init ${bb}_back_initialize;
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+
+BackendInfo slap_binfo[[]] = {
+ENDX
+
+ for b in ${STATIC_BACKENDS}; do
+ bb=`echo "${b}" | sed -e 's/back-//'`
+ echo " Add ${bb} ..."
+ cat >> $BACKENDSC << ENDX
+ { "${bb}", ${bb}_back_initialize },
+ENDX
+ done
+
+ cat >> $BACKENDSC << ENDX
+ { NULL, NULL },
+};
+
+/* end of generated file */
+ENDX
+fi
+
echo Please run \"make depend\" to build dependencies
-])
+],[STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS"])
-Copyright 1998-2004 The OpenLDAP Foundation
+Copyright 1998-2005 The OpenLDAP Foundation
All rights reserved.
Redistribution and use in source and binary forms, with or without
/* Generic time.h */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2004 The OpenLDAP Foundation, Redwood City, California, USA
+ * Copyright 1998-2005 The OpenLDAP Foundation, Redwood City, California, USA
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted only
# $OpenLDAP$
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
-# Copyright 2003-2004 The OpenLDAP Foundation.
+# Copyright 2003-2005 The OpenLDAP Foundation.
# Portions Copyright 2004 by IBM Corporation.
# All rights reserved.
-Copyright 2004 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2005 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
/* $OpenLDAP$ */
/*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-Copyright 2004 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2005 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
/* $OpenLDAP$ */
/*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-Copyright 2004 Howard Chu, Symas Corp. All rights reserved.
+Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
The Kerberos support is written for Heimdal using its hdb-ldap backend.
If a PasswordModify is performed on an entry that has the krb5KDCEntry
objectclass, then the krb5Key and krb5KeyVersionNumber will be updated
-using the new password in the PasswordModify request.
+using the new password in the PasswordModify request. Additionally, a
+new "{K5KEY}" password hash mechanism is provided. krb5KDCEntries that
+have this hash specifier in their userPassword attribute, Simple Binds
+will be checked against the Kerberos keys of the Entry. No data is
+needed after the "{K5KEY}" hash specifier in the userPassword, it is
+looked up from the Entry directly.
The Samba support is written using the Samba 3.0 LDAP schema. If a
PasswordModify is performed on an entry that has the sambaSamAccount
/* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
/* $OpenLDAP$ */
/*
- * Copyright 2004 by Howard Chu, Symas Corp.
+ * Copyright 2004-2005 by Howard Chu, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <ac/errno.h>
#ifdef DO_KRB5
+#include <ac/string.h>
+#include <lber.h>
+#include <lber_pvt.h>
+#include <lutil.h>
+
/* make ASN1_MALLOC_ENCODE use our allocator */
#define malloc ch_malloc
}
#endif /* DO_SAMBA */
-int smbk5pwd_exop_passwd(
+#ifdef DO_KRB5
+
+static int smbk5pwd_op_cleanup(
+ Operation *op,
+ SlapReply *rs )
+{
+ slap_callback *cb;
+
+ /* clear out the current key */
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup,
+ NULL, NULL );
+
+ /* free the callback */
+ cb = op->o_callback;
+ op->o_callback = cb->sc_next;
+ op->o_tmpfree( cb, op->o_tmpmemctx );
+ return 0;
+}
+
+static int smbk5pwd_op_bind(
+ Operation *op,
+ SlapReply *rs )
+{
+ /* If this is a simple Bind, stash the Op pointer so our chk
+ * function can find it. Set a cleanup callback to clear it
+ * out when the Bind completes.
+ */
+ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE ) {
+ slap_callback *cb;
+ ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup, op,
+ NULL );
+ cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+ cb->sc_cleanup = smbk5pwd_op_cleanup;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+ }
+ return SLAP_CB_CONTINUE;
+}
+
+static LUTIL_PASSWD_CHK_FUNC chk_k5key;
+static const struct berval scheme = BER_BVC("{K5KEY}");
+
+/* This password scheme stores no data in the userPassword attribute
+ * other than the scheme name. It assumes the invoking entry is a
+ * krb5KDCentry and compares the passed-in credentials against the
+ * krb5Key attribute. The krb5Key may be multi-valued, but they are
+ * simply multiple keytypes generated from the same input string, so
+ * only the first value needs to be compared here.
+ *
+ * Since the lutil_passwd API doesn't pass the Entry object in, we
+ * have to fetch it ourselves in order to get access to the other
+ * attributes. We accomplish this with the help of the overlay's Bind
+ * function, which stores the current Operation pointer in thread-specific
+ * storage so we can retrieve it here. The Operation provides all
+ * the necessary context for us to get Entry from the database.
+ */
+static int chk_k5key(
+ const struct berval *sc,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text )
+{
+ void *ctx;
+ Operation *op;
+ int rc;
+ Entry *e;
+ Attribute *a;
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_salt salt;
+ hdb_entry ent;
+
+ /* Find our thread context, find our Operation */
+ ctx = ldap_pvt_thread_pool_context();
+
+ if ( ldap_pvt_thread_pool_getkey( ctx, smbk5pwd_op_cleanup, (void **)&op, NULL ) ||
+ !op )
+ return LUTIL_PASSWD_ERR;
+
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ if ( rc != LDAP_SUCCESS ) return LUTIL_PASSWD_ERR;
+
+ rc = LUTIL_PASSWD_ERR;
+ do {
+ size_t l;
+ Key ekey = {0};
+
+ a = attr_find( e->e_attrs, ad_krb5PrincipalName );
+ if (!a ) break;
+
+ memset( &ent, 0, sizeof(ent) );
+ ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
+ if ( ret ) break;
+ krb5_get_pw_salt( context, ent.principal, &salt );
+ krb5_free_principal( context, ent.principal );
+
+ a = attr_find( e->e_attrs, ad_krb5Key );
+ if ( !a ) break;
+
+ ent.keys.len = 1;
+ ent.keys.val = &ekey;
+ decode_Key((unsigned char *) a->a_vals[0].bv_val,
+ (size_t) a->a_vals[0].bv_len, &ent.keys.val[0], &l);
+ if ( db->master_key_set )
+ hdb_unseal_keys( context, db, &ent );
+
+ krb5_string_to_key_salt( context, ekey.key.keytype, cred->bv_val,
+ salt, &key );
+
+ krb5_free_salt( context, salt );
+
+ if ( memcmp( ekey.key.keyvalue.data, key.keyvalue.data,
+ key.keyvalue.length ) == 0 ) rc = LUTIL_PASSWD_OK;
+
+ krb5_free_keyblock_contents( context, &key );
+ krb5_free_keyblock_contents( context, &ekey.key );
+
+ } while(0);
+ be_entry_release_r( op, e );
+ return rc;
+}
+#endif /* DO_KRB5 */
+
+static int smbk5pwd_exop_passwd(
Operation *op,
SlapReply *rs )
{
keys[i].bv_val = NULL;
keys[i].bv_len = 0;
+ _kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
+
if ( i != ent.keys.len ) {
ber_bvarray_free( keys );
break;
smbk5pwd.on_bi.bi_type = "smbk5pwd";
smbk5pwd.on_bi.bi_extended = smbk5pwd_exop_passwd;
+#ifdef DO_KRB5
+ smbk5pwd.on_bi.bi_op_bind = smbk5pwd_op_bind;
+
+ lutil_passwd_add( (struct berval *)&scheme, chk_k5key, NULL );
+#endif
+
return overlay_register( &smbk5pwd );
}
-Copyright 2004 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2005 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
-Copyright 2003-2004 The OpenLDAP Foundation. All rights reserved.
+Copyright 2003-2005 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
## doc Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# man Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# man1 Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
.TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapcompare \- LDAP compare tool
.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapdelete \- LDAP delete entry tool
.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodrdn \- LDAP rename entry tool
.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldappasswd \- change the password of an LDAP entry
.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapsearch \- LDAP search tool
.TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapwhoami \- LDAP who am i? tool
# man3 Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
.TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int,
.TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- LBER simplified Basic Encoding Rules library routines for encoding
.TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- LBER memory allocators
.TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t,
.TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap - OpenLDAP Lightweight Directory Access Protocol API
.TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon, ldap_abandon_ext \- Abandon an LDAP operation in progress
.TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_add, ldap_add_s, ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_kerberos_bind_s, ldap_kerberos_bind1, ldap_kerberos_bind1_s, ldap_kerberos_bind2, ldap_kerberos_bind2_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s \- Perform an LDAP compare operation
.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s \- Perform an LDAP delete operation
.TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping
.TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping
.TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify, ldap_modify_s \- Perform an LDAP modify operation
.TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 2000-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2000-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free,
.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation
.TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines
.TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url,
# man5 Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.UC 6
.SH NAME
.TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldif \- LDAP Data Interchange Format
.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
If only an <attr> is given, the indices specified for \fBdefault\fR
are maintained.
Note that setting a default does not imply that all attributes will be
-indexed.
+indexed. Also, for best performance, an
+.B eq
+index should always be configured for the
+.B objectClass
+attribute.
A number of special index parameters may be specified.
The index type
.TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
If only an <attr> is given, the indices specified for \fBdefault\fR
are maintained.
Note that setting a default does not imply that all attributes will be
-indexed.
+indexed. Also, for best performance, an
+.B eq
+index should always be configured for the
+.B objectClass
+attribute.
A number of special index parameters may be specified.
The index type
.TH SLAPD-META 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
and distribution of data on different RDBMSes, OSes, hosts etc., in
other words, in highly heterogeneous environment.
.LP
-This backend is experimental.
+This backend is \fIexperimental\fP.
.SH CONFIGURATION
These
.B slapd.conf
-options apply to the SQL backend database.
-That is, they must follow a "database sql" line and come before any
+options apply to the SQL backend database, which means that
+they must follow a "database sql" line and come before any
subsequent "backend" or "database" lines.
-Other database options are described in the
+Other database options not specific to this backend are described
+in the
.BR slapd.conf (5)
manual page.
+.SH DATA SOURCE CONFIGURATION
+
.TP
.B dbname <datasource name>
The name of the ODBC datasource to use.
.LP
.B dbhost <hostname>
.br
-.B dbuser <username>
-.br
.B dbpasswd <password>
+.br
+.B dbuser <username>
.RS
-These three options are generally unneeded, because this information is already
-taken from the datasource.
-Use them if you need to override datasource settings.
+The three above options are generally unneeded, because this information
+is taken from the datasource specified by the
+.B dbname
+directive.
+They allow to override datasource settings.
Also, several RDBMS' drivers tend to require explicit passing of user/password,
even if those are given in datasource (Note:
.B dbhost
is currently ignored).
.RE
+.SH SCOPING CONFIGURATION
+These options specify SQL query templates for scoping searches.
+
.TP
.B subtree_cond <SQL expression>
Specifies a where-clause template used to form a subtree search condition
-(dn=".*<dn>").
+(dn="(.+,)?<dn>$").
It may differ from one SQL dialect to another (see samples).
+By default, it is constructed based on the knowledge about
+how to normalize DN values (e.g.
+\fB"<upper_func>(ldap_entries.dn) LIKE CONCAT('%',?)"\fP);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
.TP
.B children_cond <SQL expression>
Specifies a where-clause template used to form a children search condition
-(dn="\.+,<dn>").
+(dn=".+,<dn>$").
It may differ from one SQL dialect to another (see samples).
+By default, it is constructed based on the knowledge about
+how to normalize DN values (e.g.
+\fB"<upper_func>(ldap_entries.dn) LIKE CONCAT('%,',?)"\fP);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
+.TP
+.B use_subtree_shortcut { NO | yes }
+Do not use the subtree condition when the searchBase is the database
+suffix, and the scope is subtree; rather collect all entries.
+
+.RE
+.SH STAMEMENT CONFIGURATION
+These options specify SQL query templates for loading schema mapping
+metainformation, adding and deleting entries to ldap_entries, etc.
+All these and subtree_cond should have the given default values.
+For the current value it is recommended to look at the sources,
+or in the log output when slapd starts with "-d 5" or greater.
+Note that the parameter number and order must not be changed.
+
.TP
.B oc_query <SQL expression>
+The query that is used to collect the objectClass mapping data
+from table \fIldap_oc_mappings\fP; see "METAINFORMATION USED" for details.
The default is
-.B "SELECT id, name, keytbl, keycol, create_proc, delete_proc, expect_return FROM ldap_oc_mappings"
+\fB"SELECT id, name, keytbl, keycol, create_proc, delete_proc, expect_return
+FROM ldap_oc_mappings"\fP.
+
.TP
.B at_query <SQL expression>
+The query that is used to collect the attributeType mapping data
+from table \fIldap_attr_mappings\fP; see "METAINFORMATION USED" for details.
The default is
-.B "SELECT name, sel_expr, from_tbls, join_where, add_proc, delete_proc, param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=?"
+\fB"SELECT name, sel_expr, from_tbls, join_where, add_proc, delete_proc,
+param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=?"\fP.
+
.TP
-.B insentry_query <SQL expression>
+.B id_query <SQL expression>
+The query that is used to map a DN to an entry
+in table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
The default is
-.B "INSERT INTO ldap_entries (dn, oc_map_id, parent, keyval) VALUES (?, ?, ?, ?)"
+\fB"SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE <DN match expr>"\fP,
+where \fB<DN match expr>\fP is constructed based on the knowledge about
+how to normalize DN values (e.g. \fB"dn=?"\fP if no means to uppercase
+strings are available; typically, \fB"<upper_func>(dn)=?"\fP is used);
+see \fBupper_func\fP, \fBupper_needs_cast\fP, \fBconcat_pattern\fP
+and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
+
.TP
-.B delentry_query <SQL expression>
+.B insentry_stmt <SQL expression>
+The statement that is used to insert a new entry
+in table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
The default is
-.B "DELETE FROM ldap_entries WHERE id=?"
+\fB"INSERT INTO ldap_entries (dn, oc_map_id, parent, keyval) VALUES
+(?, ?, ?, ?)"\fP.
+
+.TP
+.B delentry_stmt <SQL expression>
+The statement that is used to delete an existing entry
+from table \fIldap_entries\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB"DELETE FROM ldap_entries WHERE id=?"\fP.
+
+.TP
+.B delobjclasses_stmt <SQL expression>
+The statement that is used to delete an existing entry's ID
+from table \fIldap_objclasses\fP; see "METAINFORMATION USED" for details.
+The default is
+\fB""DELETE FROM ldap_entry_objclasses WHERE entry_id=?"\fP.
+
+.RE
+.SH HELPER CONFIGURATION
+These statements are used to modify the default behavior of the backend
+according to issues of the dialect of the RDBMS.
+The first options essentially refer to string and DN normalization
+when building filters.
+LDAP normalization is more than upper- (or lower-)casing everything;
+however, as a reasonable trade-off, for case-sensitive RDBMSes the backend
+can be instructed to uppercase strings and DNs by providing
+the \fBupper_func\fP directive.
+Some RDBMSes, to use functions on arbitrary data types, e.g. string
+constants, requires a cast, which is triggered
+by the \fBupper_needs_cast\fP directive.
+If required, a string cast function can be provided as well,
+by using the \fBstrcast_func\fP directive.
+Finally, a custom string concatenation pattern may be required;
+it is provided by the \fBconcat_pattern\fP directive.
-These four options specify SQL query templates for loading schema mapping
-metainformation, adding and deleting entries to ldap_entries, etc.
-All these and subtree_cond should have the given default values.
-For the current value it is recommended to look at the sources,
-or in the log output when slapd starts with "-d 5" or greater.
-Note that the parameter number and order must not be changed.
.TP
.B upper_func <SQL function name>
Specifies the name of a function that converts a given value to uppercase.
-This is used for CIS matching when the RDBMS is case sensitive.
+This is used for case insensitive matching when the RDBMS is case sensitive.
+It may differ from one SQL dialect to another (e.g. \fBUCASE\fP, \fBUPPER\fP
+or whatever; see samples). By default, none is used, i.e. strings are not
+uppercased, so matches may be case sensitive.
+
.TP
-.B upper_needs_cast { NO | yes}
+.B upper_needs_cast { NO | yes }
Set this directive to
.B yes
if
.B upper_func
-needs an explicit cast when applied to literal strings. The form
+needs an explicit cast when applied to literal strings.
+A cast in the form
.B CAST (<arg> AS VARCHAR(<max DN length>))
is used, where
.B <max DN length>
-is builtin.
-This is
-.B experimental
-and may change in future releases.
+is builtin in back-sql; see macro
+.B BACKSQL_MAX_DN_LEN
+(currently 255; note that slapd's builtin limit, in macro
+.BR SLAP_LDAPDN_MAXLEN ,
+is set to 8192).
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
.TP
+.B strcast_func <SQL function name>
+Specifies the name of a function that converts a given value to a string
+for appropriate ordering. This is used in "SELECT DISTINCT" statements
+for strongly typed RDBMSes with little implicit casting (like PostgreSQL),
+when a literal string is specified.
+This is \fIexperimental\fP and may change in future releases.
+
.B concat_pattern <pattern>
This statement defines the
.B pattern
-to be used to concatenate strings. The
+that is used to concatenate strings. The
.B pattern
MUST contain two question marks, '?', that will be replaced
by the two strings that must be concatenated. The default value is
.BR "CAST(?||? AS VARCHAR(<length>))".
On some RDBMSes (IBM db2, MSSQL) the form
.B "?+?"
-is known to work.
+is known to work as well.
Carefully check the documentation of your RDBMS or stay with the examples
for supported ones.
-This is
-.B experimental
-and may change in future releases.
-.TP
-.B strcast_func <SQL function name>
-Specifies the name of a function that converts a given value to a string
-for appropriate ordering. This is used in "SELECT DISTINCT" statements
-for strongly typed RDBMSes with little implicit casting (like PostgreSQL),
-when a literal string is specified.
-This is
-.B experimental
-and may change in future releases.
+This is \fIexperimental\fP and may change in future releases.
+
.TP
.B has_ldapinfo_dn_ru { NO | yes }
-Explicitly inform the backend whether the SQL schema has dn_ru column
-(dn in reverse uppercased form) or not.
-Overrides automatic check (required by PostgreSQL/unixODBC).
-This is
-.B experimental
-and may change in future releases.
+Explicitly inform the backend whether the dn_ru column
+(DN in reverse uppercased form) is present in table \fIldap_entries\fP.
+Overrides automatic check (this is required, ofr instance,
+by PostgreSQL/unixODBC).
+This is \fIexperimental\fP and may change in future releases.
.TP
.B fail_if_no_mapping { NO | yes }
When set to
.B yes
-it forces
-.I attribute
-write operations to fail if no appropriate mapping between LDAP attributes
-and SQL data is available.
-The default behavior is to ignore those changes that cannot be mapped
-correctly.
+it forces \fIattribute\fP write operations to fail if no appropriate
+mapping between LDAP attributes and SQL data is available.
+The default behavior is to ignore those changes that cannot be mapped.
It has no impact on objectClass mapping, i.e. if the
.I structuralObjectClass
of an entry cannot be mapped to SQL by looking up its name
operation will fail regardless of the
.B fail_if_no_mapping
switch; see section "METAINFORMATION USED" for details.
-This is
-.B experimental
-and may change in future releases.
+This is \fIexperimental\fP and may change in future releases.
.TP
.B allow_orphans { NO | yes }
dynamically creates the missing parent.
.TP
-.B baseObject [filename]
+.B baseObject [ <filename> ]
Instructs the database to create and manage an in-memory baseObject
entry instead of looking for one in the RDBMS.
If the (optional)
-.B filename
-argument is given, the entry is read from file
-.B filename
-in
+.B <filename>
+argument is given, the entry is read from that file in
.BR LDIF (5)
-form.
-This is particularly useful when
-.B ldap_entries
+format; otherwise, an entry with objectClass \fBextensibleObject\fP
+is created based on the contents of the RDN of the \fIbaseObject\fP.
+This is particularly useful when \fIldap_entries\fP
information is stored in a view rather than in a table, and
.B union
is not supported for views, so that the view can only specify
one rule to compute the entry structure for one objectClass.
This topic is discussed further in section "METAINFORMATION USED".
-This is
-.B experimental
-and may change in future releases.
+This is \fIexperimental\fP and may change in future releases.
+
+.TP
+.B create_needs_select { NO | yes }
+Instructs the database whether or not entry creation
+in table \fIldap_entries\fP needs a subsequent select to collect
+the automatically assigned ID, instead of being returned
+by a stored procedure.
+
+.LP
+.B fetch_attrs <attrlist>
+.br
+.B fetch_all_attrs { NO | yes }
+.RS
+The first statement allows to provide a list of attributes that
+must always be fetched in addition to those requested by any specific
+operation, because they are required for the proper usage of the
+backend. For instance, all attributes used in ACLs should be listed
+here. The second statement is a shortcut to require all attributes
+to be always loaded. Note that the dynamically generated attributes,
+e.g. \fIhasSubordinates\fP, \fIentryDN\fP and other implementation
+dependent attributes are \fBNOT\fP generated at this point, for
+consistency with the rest of slapd. This may change in the future.
+.RE
+
+.TP
+.B sqllayer <name> [...]
+Loads the layer \fB<name>\fP onto a stack of helpers that are used
+to map DNs from LDAP to SQL representation and vice-versa.
+Subsequent args are passed to the layer configuration routine.
+This is \fIhighly experimental\fP and should be used with extreme care.
+The API of the layers is not frozen yet, so it is unpublished.
.SH METAINFORMATION USED
.LP
.LP
.nf
SELECT phones.phone AS telephoneNumber FROM persons,phones
- WHERE persons.id=phones.pers_id AND persons.id=?
+ WHERE persons.id=phones.pers_id AND persons.id=?
.fi
.LP
If we wanted to service LDAP requests with filters like
.LP
.nf
SELECT ... FROM persons,phones
- WHERE persons.id=phones.pers_id
- AND persons.id=?
- AND phones.phone like '123%'
+ WHERE persons.id=phones.pers_id
+ AND persons.id=?
+ AND phones.phone like '%1%2%3%'
.fi
.LP
+(note how the telephoneNumber match is expanded in multiple wildcards
+to account for interspersed ininfluential chars like spaces, dashes
+and so; this occurs by design because telephoneNumber is defined after
+a specially recognized syntax).
So, if we had information about what tables contain values for each
attribute, how to join these tables and arrange these values, we could
try to automatically generate such statements, and translate search
CREATE VIEW ldap_entries (id, dn, oc_map_id, parent, keyval)
AS
SELECT 0, UPPER('o=MyCompany,c=NL'),
- 3, 0, 'baseObject' FROM unixusers WHERE userid='root' UNION
+ 3, 0, 'baseObject' FROM unixusers WHERE userid='root'
+ UNION
SELECT (1000000000+userid),
- UPPER(CONCAT(CONCAT('cn=',gecos),',o=MyCompany,c=NL')),
- 1, 0, userid FROM unixusers UNION
+ UPPER(CONCAT(CONCAT('cn=',gecos),',o=MyCompany,c=NL')),
+ 1, 0, userid FROM unixusers
+ UNION
SELECT (2000000000+groupnummer),
- UPPER(CONCAT(CONCAT('cn=',groupnaam),',o=MyCompany,c=NL')),
- 2, 0, groupnummer FROM groups;
+ UPPER(CONCAT(CONCAT('cn=',groupnaam),',o=MyCompany,c=NL')),
+ 2, 0, groupnummer FROM groups;
.fi
.LP
AND ldap_entries.objclass=?
AND ldap_entries.parent=?
AND phones.pers_id=persons.id
- AND (phones.phone LIKE '123%')
+ AND (phones.phone LIKE '%1%2%3%')
.fi
.LP
(for ONELEVEL search)
metainformation (add_proc etc.).
In those fields one can specify an SQL statement or stored procedure
call which can add, or delete given values of a given attribute, using
-the given entry keyval (see examples -- mostly ORACLE and MSSQL - since
-there're no stored procs in mySQL).
+the given entry keyval (see examples -- mostly PostgreSQL, ORACLE and MSSQL
+- since as of this writing there are no stored procs in MySQL).
.LP
-We just add more columns to oc_mappings and attr_mappings, holding
+We just add more columns to ldap_oc_mappings and ldap_attr_mappings, holding
statements to execute (like create_proc, add_proc, del_proc etc.), and
flags governing the order of parameters passed to those statements.
Please see samples to find out what are the parameters passed, and other
information on this matter - they are self-explanatory for those familiar
-with concept expressed above.
+with the concepts expressed above.
.LP
.SH Common techniques (referrals, multiclassing etc.)
First of all, let's remember that among other major differences to the
complete LDAP data model, the concept above does not directly support
such things as multiple objectclasses per entry, and referrals.
Fortunately, they are easy to adopt in this scheme.
-The SQL backend suggests two more tables being added to the schema -
-ldap_entry_objectclasses(entry_id,oc_name), and
-ldap_referrals(entry_id,url).
+The SQL backend suggests one more table being added to the schema:
+ldap_entry_objectclasses(entry_id,oc_name).
.LP
The first contains any number of objectclass names that corresponding
entries will be found by, in addition to that mentioned in
So, you may, for instance, have a mapping for inetOrgPerson, and use it
for queries for "person" objectclass...
.LP
-The second table contains any number of referrals associated with a given entry.
-The SQL backend automatically adds attribute mapping for "ref" attribute
-to each objectclass mapping that loads values from this table.
-So, if you add objectclass "referral" to this entry, and make one or
-more tuples in ldap_referrals for this entry (they will be seen as
-values of "ref" attribute), you will have slapd return a referral, as
-described in the Administrators Guide.
+Referrals used to be implemented in a loose manner by adding an extra
+table that allowed any entry to host a "ref" attribute, along with
+a "referral" extra objectClass in table ldap_entry_objclasses.
+In the current implementation, referrals are treated like any other
+user-defined schema, since "referral" is a structural objectclass.
+The suggested practice is to define a "referral" entry in ldap_oc_mappings,
+holding a naming attribute, e.g. "ou" or "cn", a "ref" attribute,
+containing the url; in case multiple referrals per entry are needed,
+a separate table for urls can be created, where urls are mapped
+to the respective entries.
+The use of the naming attribute usually requires to add
+an "extensibleObject" value to ldap_entry_objclasses.
+
.LP
.SH Caveats
As previously stated, this backend should not be considered
a replacement of other data storage backends, but rather a gateway
to existing RDBMS storages that need to be published in LDAP form.
.LP
-The hasSubordintes operational attribute is honored by back-sql
+The \fBhasSubordintes\fP operational attribute is honored by back-sql
in search results and in compare operations; it is partially honored
-also in filtering. Owing to design limitations, a (braindead) filter
+also in filtering. Owing to design limitations, a (braindead?) filter
of the form
\fB(!(hasSubordinates=TRUE))\fP
-will give no results instead of returning all the leaf entries.
+will give no results instead of returning all the leaf entries, because
+it actually expands into \fB... AND NOT (1=1)\fP.
If you need to find all the leaf entries, please use
\fB(hasSubordinates=FALSE)\fP
instead.
.LP
+A directoryString value of the form "__First___Last_"
+(where underscores should be replaced by spaces) corresponds
+to its prettified counterpart "First_Last"; this is not currently
+honored by back-sql if non-prettified data is written via RDBMS;
+when non-prettified data is written thru back-sql, the prettified
+values are actually used instead.
+.LP
.SH PROXY CACHE OVERLAY
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
There are example SQL modules in the slapd/back-sql/rdbms_depend/
directory in the OpenLDAP source tree.
.SH FILES
+
.TP
ETCDIR/slapd.conf
default slapd configuration file
.TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
is implied, i.e. all attributes are addressed.
.LP
Using the form
-.B attrs=<attr> val[.<style>]=<attrval>
+.B attrs=<attr> val[.<
attrstyle>]=<attrval>
specifies access to a particular value of a single attribute.
-In this case, only a single attribute type may be given. A value
-.B <style>
-of
+In this case, only a single attribute type may be given. The
+.B <attrstyle>
.B exact
(the default) uses the attribute's equality matching rule to compare the
-value. If the value
-.B <style>
+value. If the
+.B <attrstyle>
is
.BR regex ,
the provided value is used as a POSIX (''extended'') regular
-expression pattern. If the attribute has DN syntax, the value
-.B <style>
+expression pattern. If the attribute has DN syntax, the
+.B <attrstyle>
can be any of
.BR base ,
.BR onelevel ,
.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
a namingContext (suffix) of the database, a simple bind password
may also be provided using the
.B rootpw
-directive.
+directive. Note that the rootdn is always needed when using syncrepl.
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn. The
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [updatedn=<dn>]
+.B [starttls=yes|critical]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
.B [saslmech=<mech>]
.B schemachecking
parameter. The default is off.
The
-.B updatedn
-parameter specifies the DN in the consumer site
-which is allowed to make changes to the replica.
-The DN should have read/write access to the replica database.
-Generally, this DN
-.I should not
-be the same as the
-.B rootdn
-of the master database.
+.B starttls
+parameter specifies use of the StartTLS extended operation
+to establish a TLS session before Binding to the provider. If the
+.B critical
+argument is supplied, the session will be aborted if the StartTLS request
+fails. Otherwise the syncrepl session continues without TLS.
A
.B bindmethod
of
.TH SLAPD.PLUGIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2002-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.plugin \- plugin configuration for slapd, the stand-alone LDAP daemon
.TH SLAPD.REPLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.replog \- slapd replication log format
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
.TH SLAPO-GLUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
.TH SLAPO-PCACHE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.\" $OpenLDAP$
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
.TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPO-RWM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
# man8 Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
.TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapacl \- Check access to a list of attributes.
.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapadd \- Add entries to a SLAPD database
.B [\-v]
.B [\-c]
.B [\-u]
-.B [\-p]
-.B [\-r]
.B [\-w]
.B [\-d level]
.B [\-b suffix]
.B [\-n dbnum]
-.B [\-i rid1,rid2,...]
.B [\-f slapd.conf]
.B [\-l ldif-file]
.SH DESCRIPTION
.B \-u
enable dry-run (don't write to backend) mode.
.TP
-.BI \-p
-If the LDIF input represents a syncrepl consumer replica,
-promote it to the syncrepl provider's content after adding
-the entries.
-.TP
-.BI \-r
-If the LDIF input represents a syncrepl provider, demote
-it to the syncrepl consumer replica after adding the entries.
-.TP
.BI \-w
-When used with either
-.B \-p
-or
-.B \-r,
-rebuild the new syncrepl
-information from the contents of the added entries.
-The syncrepl information contained in the LDIF input
-file is ignored.
+write syncrepl context information.
+After all entries are added, the contextCSN
+will be updated with the greatest CSN in the database.
.TP
.BI \-d " level"
enable debugging messages as defined by the specified
.B \-b
option.
.TP
-.BI \-i " rid1,rid2,..."
-Specify the replication ids for one or more syncrepl consumer
-replicas contained in the LDIF input. If omitted, 0 is used
-as the replication id.
-.TP
.BI \-f " slapd.conf"
specify an alternative
.BR slapd.conf (5)
.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapauth \- Check a list of string-represented IDs for authc/authz.
.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapcat \- SLAPD database to LDIF utility
.B SBINDIR/slapcat
.B [\-v]
.B [\-c]
-.B [\-k]
-.B [\-m]
.B [\-d level]
.B [\-b suffix]
.B [\-n dbnum]
.B \-c
Enable continue (ignore errors) mode.
.TP
-.B \-k
-Include
-.B syncConsumerSubentry
-of the syncrepl consumer in the generated LDIF output.
-.TP
-.B \-m
-Include
-.B syncProviderSubentry
-of the syncrepl provider in the generated LDIF output.
-.TP
.BI \-d " level"
Enable debugging messages as defined by the specified
.IR level .
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
.TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapdn \- Check a list of string-represented DNs based on schema syntax.
.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapindex \- SLAPD index to LDIF utility
.TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slappasswd \- OpenLDAP password utility
.BR sprintf (3)
format and may include one (and only one) %s conversion.
This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./]. For example, "%.2s"
-provides a two character salt and "$1$%.8s" tells some
+characters from [A\-Za\-z0\-9./]. For example, '%.2s'
+provides a two character salt and '$1$%.8s' tells some
versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt. The default is "%s", which
+8 random characters of salt. The default is '%s', which
provides 31 characters of salt.
.SH LIMITATIONS
The practice storing hashed passwords in userPassword violates
.TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slaptest \- Check the suitability of the slapd.conf file.
.TH SLURPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slurpd \- Standalone LDAP Update Replication Daemon
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */
#define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
#define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
-#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.8.2"
#ifdef LDAP_DEVEL
+/* LDAP Experimental (works in progress) Features */
+#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.8.2"
#define LDAP_FEATURE_SUBORDINATE_SCOPE \
"1.3.6.1.4.1.4203.666.8.1" /* "children" */
#define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE
#define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL
#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)
#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE
-#ifdef LDAP_DEVEL
#define LDAP_SCOPE_SUBORDINATE ((ber_int_t) 0x0003) /* OpenLDAP extension */
#define LDAP_SCOPE_CHILDREN LDAP_SCOPE_SUBORDINATE
-#endif
/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
char **value,
ber_len_t *vlen ));
+LDAP_LDIF_F( int )
+ldif_parse_line2 LDAP_P((
+ char *line,
+ struct berval *type,
+ struct berval *value,
+ int *freeval ));
+
LDAP_LDIF_F( int )
ldif_fetch_url LDAP_P((
LDAP_CONST char *line,
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* include/portable.h.in. Generated automatically from configure.in by autoheader. */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation
+ * Copyright 1998-2005 The OpenLDAP Foundation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002,2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* as "\=", but it is treated as a regular char, i.e. it can also
* appear as '='.
*
- * As such, we currently choose to allow reading unescaped '=',
- * but we always produce escaped '\3D'; this may change in the
- * future, if compatibility issues do not arise */
-#ifdef LDAP_DEVEL
+ * As such, in 2.2 we used to allow reading unescaped '=',
+ * but we always produced escaped '\3D'; this changes
+ * since 2.3, if compatibility issues do not arise */
#define LDAP_DN_NE(c) \
( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \
|| LDAP_DN_QUOTES(c) \
|| LDAP_DN_AVA_EQUALS(c) \
|| LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) )
#define LDAP_DN_SHOULDESCAPE(c) ( LDAP_DN_AVA_EQUALS(c) )
-#else /* ! LDAP_DEVEL */
-#define LDAP_DN_NE(c) \
- ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \
- || LDAP_DN_AVA_EQUALS(c) || LDAP_DN_QUOTES(c) \
- || (c) == '<' || (c) == '>' )
-#define LDAP_DN_MAYESCAPE(c) \
- ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \
- || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) )
-#define LDAP_DN_SHOULDESCAPE(c) ( 0 )
-#endif /* ! LDAP_DEVEL */
-
+
#define LDAP_DN_NEEDESCAPE(c) \
( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) )
#define LDAP_DN_NEEDESCAPE_LEAD(c) LDAP_DN_MAYESCAPE(c)
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Lars Uffmann.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Hewlett-Packard Company.
* Portions Copyright 2004 Howard Chu, Symas Corp.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <stdio.h>
#include <ac/stdlib.h>
+#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
return( -1 );
}
-static int hex_escape( char *buf, const char *s, int list )
+static const char hex[] = "0123456789ABCDEF";
+
+#define URLESC_NONE 0x0000U
+#define URLESC_COMMA 0x0001U
+#define URLESC_SLASH 0x0002U
+
+static int
+hex_escape_len( const char *s, unsigned list )
{
- int i;
- int pos;
- static const char hex[] = "0123456789ABCDEF";
+ int len;
- if( s == NULL ) return 0;
+ if ( s == NULL ) {
+ return 0;
+ }
- for( pos=0,i=0; s[i]; i++ ) {
- int escape = 0;
- switch( s[i] ) {
- case ',':
- escape = list;
- break;
- case '%':
- case '?':
- case ' ':
- case '<':
- case '>':
- case '"':
- case '#':
- case '{':
- case '}':
- case '|':
- case '\\':
- case '^':
- case '~':
- case '`':
- case '[':
- case ']':
+ for ( len = 0; s[0]; s++ ) {
+ switch ( s[0] ) {
+ /* RFC 2396: reserved */
+ case '?':
+ len += 3;
+ break;
+
+ case ',':
+ if ( list & URLESC_COMMA ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+
+ case '/':
+ if ( list & URLESC_SLASH ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+
+ case ';':
+ case ':':
+ case '@':
+ case '&':
+ case '=':
+ case '+':
+ case '$':
+
+ /* RFC 2396: unreserved mark */
+ case '-':
+ case '_':
+ case '.':
+ case '!':
+ case '~':
+ case '*':
+ case '\'':
+ case '(':
+ case ')':
+ len++;
+ break;
+
+ /* RFC 2396: unreserved alphanum */
+ default:
+ if ( !isalnum( s[0] ) ) {
+ len += 3;
+ } else {
+ len++;
+ }
+ break;
+ }
+ }
+
+ return len;
+}
+
+static int
+hex_escape( char *buf, int len, const char *s, unsigned list )
+{
+ int i;
+ int pos;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ for ( pos = 0, i = 0; s[i] && pos < len; i++ ) {
+ int escape = 0;
+
+ switch ( s[i] ) {
+ /* RFC 2396: reserved */
+ case '?':
+ escape = 1;
+ break;
+
+ case ',':
+ if ( list & URLESC_COMMA ) {
escape = 1;
- break;
+ }
+ break;
- default:
- escape = s[i] < 0x20 || 0x1f >= s[i];
+ case '/':
+ if ( list & URLESC_SLASH ) {
+ escape = 1;
+ }
+ break;
+
+ case ';':
+ case ':':
+ case '@':
+ case '&':
+ case '=':
+ case '+':
+ case '$':
+
+ /* RFC 2396: unreserved mark */
+ case '-':
+ case '_':
+ case '.':
+ case '!':
+ case '~':
+ case '*':
+ case '\'':
+ case '(':
+ case ')':
+ break;
+
+ /* RFC 2396: unreserved alphanum */
+ default:
+ if ( !isalnum( s[i] ) ) {
+ escape = 1;
+ }
+ break;
}
- if( escape ) {
+ if ( escape ) {
buf[pos++] = '%';
buf[pos++] = hex[ (s[i] >> 4) & 0x0f ];
buf[pos++] = hex[ s[i] & 0x0f ];
+
} else {
buf[pos++] = s[i];
}
}
buf[pos] = '\0';
+
return pos;
}
-static int hex_escape_args( char *buf, char **s )
+static int
+hex_escape_len_list( char **s, unsigned flags )
{
- int pos;
- int i;
+ int len;
+ int i;
+
+ if ( s == NULL ) {
+ return 0;
+ }
+
+ len = 0;
+ for ( i = 0; s[i] != NULL; i++ ) {
+ if ( len ) {
+ len++;
+ }
+ len += hex_escape_len( s[i], flags );
+ }
+
+ return len;
+}
+
+static int
+hex_escape_list( char *buf, int len, char **s, unsigned flags )
+{
+ int pos;
+ int i;
- if( s == NULL ) return 0;
+ if ( s == NULL ) {
+ return 0;
+ }
pos = 0;
- for( i=0; s[i] != NULL; i++ ) {
- if( pos ) {
+ for ( i = 0; s[i] != NULL; i++ ) {
+ int curlen;
+
+ if ( pos ) {
buf[pos++] = ',';
+ len--;
}
- pos += hex_escape( &buf[pos], s[i], 1 );
+ curlen = hex_escape( &buf[pos], len, s[i], flags );
+ len -= curlen;
+ pos += curlen;
}
return pos;
}
-char * ldap_url_desc2str( LDAPURLDesc *u )
+static int
+desc2str_len( LDAPURLDesc *u )
{
- char *s;
- int i;
- int sep = 0;
- int sofar;
- size_t len = 0;
- if( u == NULL ) return NULL;
-
- if( u->lud_exts ) {
- for( i=0; u->lud_exts[i]; i++ ) {
- len += strlen( u->lud_exts[i] ) + 1;
+ int sep = 0;
+ int len = 0;
+
+ if ( u == NULL ) {
+ return -1;
+ }
+
+ if ( u->lud_exts ) {
+ len += hex_escape_len_list( u->lud_exts, URLESC_COMMA );
+ if ( !sep ) {
+ sep = 5;
}
- if( !sep ) sep = 5;
}
- if( u->lud_filter ) {
- len += strlen( u->lud_filter );
- if( !sep ) sep = 4;
+ if ( u->lud_filter ) {
+ len += hex_escape_len( u->lud_filter, URLESC_NONE );
+ if ( !sep ) {
+ sep = 4;
+ }
}
- if ( len ) len++; /* ? */
- switch( u->lud_scope ) {
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ switch ( u->lud_scope ) {
case LDAP_SCOPE_BASE:
+ len += STRLENOF( "base" );
+ break;
+
case LDAP_SCOPE_ONELEVEL:
+ len += STRLENOF( "one" );
+ break;
+
case LDAP_SCOPE_SUBTREE:
+ len += STRLENOF( "sub" );
+ break;
+
#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
case LDAP_SCOPE_SUBORDINATE:
-#endif
- len += sizeof("subordinate");
- if( !sep ) sep = 3;
+ len += STRLENOF( "subordinate" );
break;
- default:
- if ( len ) len++; /* ? */
+#endif
+ }
+
+ if ( !sep ) {
+ sep = 3;
+ }
+ break;
+
+ default:
+ break;
}
- if( u->lud_attrs ) {
- for( i=0; u->lud_attrs[i]; i++ ) {
- len += strlen( u->lud_attrs[i] ) + 1;
+ if ( u->lud_attrs ) {
+ len += hex_escape_len_list( u->lud_attrs, URLESC_NONE );
+ if ( !sep ) {
+ sep = 2;
}
- if( !sep ) sep = 2;
- } else if ( len ) len++; /* ? */
+ }
- if( u->lud_dn ) {
- len += strlen( u->lud_dn ) + 1;
- if( !sep ) sep = 1;
+ if ( u->lud_dn && u->lud_dn[0] ) {
+ len += hex_escape_len( u->lud_dn, URLESC_NONE );
+ if ( !sep ) {
+ sep = 1;
+ }
};
- if( u->lud_port ) {
- len += sizeof(":65535") - 1;
+ len += sep;
+
+ if ( u->lud_port ) {
+ char buf[] = ":65535";
+
+ len += snprintf( buf, sizeof( buf ), ":%d", u->lud_port );
+ if ( u->lud_host && u->lud_host[0] ) {
+ len += strlen( u->lud_host );
+ }
+
+ } else {
+ if ( u->lud_host && u->lud_host[0] ) {
+ len += hex_escape_len( u->lud_host, URLESC_SLASH );
+ }
+ }
+
+ len += strlen( u->lud_scheme ) + STRLENOF( "://" );
+
+ return len;
+}
+
+int
+desc2str( LDAPURLDesc *u, char *s, int len )
+{
+ int i;
+ int sep = 0;
+ int sofar = 0;
+ int gotscope = 0;
+
+ if ( u == NULL ) {
+ return -1;
}
- if( u->lud_host ) {
- len+=strlen( u->lud_host );
+ if ( s == NULL ) {
+ return -1;
}
- len += strlen( u->lud_scheme ) + sizeof("://");
+ switch ( u->lud_scope ) {
+ case LDAP_SCOPE_BASE:
+ case LDAP_SCOPE_ONELEVEL:
+ case LDAP_SCOPE_SUBTREE:
+#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
+ case LDAP_SCOPE_SUBORDINATE:
+#endif
+ gotscope = 1;
+ break;
+ }
- /* allocate enough to hex escape everything -- overkill */
- s = LDAP_MALLOC( 3*len );
+ if ( u->lud_exts ) {
+ sep = 5;
+ } else if ( u->lud_filter ) {
+ sep = 4;
+ } else if ( gotscope ) {
+ sep = 3;
+ } else if ( u->lud_attrs ) {
+ sep = 2;
+ } else if ( u->lud_dn && u->lud_dn[0] ) {
+ sep = 1;
+ }
- if( s == NULL ) return NULL;
+ if ( u->lud_port ) {
+ len -= sprintf( s, "%s://%s:%d%n", u->lud_scheme,
+ u->lud_host ? u->lud_host : "",
+ u->lud_port, &sofar );
- if( u->lud_port ) {
- sprintf( s, "%s://%s:%d%n", u->lud_scheme,
- u->lud_host, u->lud_port, &sofar );
} else {
- sprintf( s, "%s://%s%n", u->lud_scheme,
- u->lud_host, &sofar );
+ len -= sprintf( s, "%s://%n", u->lud_scheme, &sofar );
+ if ( u->lud_host && u->lud_host[0] ) {
+ i = hex_escape( &s[sofar], len, u->lud_host, URLESC_SLASH );
+ sofar += i;
+ len -= i;
+ }
}
-
- if( sep < 1 ) goto done;
+
+ assert( len >= 0 );
+
+ if ( sep < 1 ) {
+ goto done;
+ }
+
s[sofar++] = '/';
+ len--;
+
+ assert( len >= 0 );
- sofar += hex_escape( &s[sofar], u->lud_dn, 0 );
+ if ( u->lud_dn && u->lud_dn[0] ) {
+ i = hex_escape( &s[sofar], len, u->lud_dn, URLESC_NONE );
+ sofar += i;
+ len -= i;
- if( sep < 2 ) goto done;
+ assert( len >= 0 );
+ }
+
+ if ( sep < 2 ) {
+ goto done;
+ }
s[sofar++] = '?';
+ len--;
- sofar += hex_escape_args( &s[sofar], u->lud_attrs );
+ assert( len >= 0 );
- if( sep < 3 ) goto done;
+ i = hex_escape_list( &s[sofar], len, u->lud_attrs, URLESC_NONE );
+ sofar += i;
+ len -= i;
+
+ assert( len >= 0 );
+
+ if ( sep < 3 ) {
+ goto done;
+ }
s[sofar++] = '?';
+ len--;
- switch( u->lud_scope ) {
+ assert( len >= 0 );
+
+ switch ( u->lud_scope ) {
case LDAP_SCOPE_BASE:
strcpy( &s[sofar], "base" );
- sofar += sizeof("base") - 1;
+ sofar += STRLENOF("base");
+ len -= STRLENOF("base");
break;
+
case LDAP_SCOPE_ONELEVEL:
strcpy( &s[sofar], "one" );
- sofar += sizeof("one") - 1;
+ sofar += STRLENOF("one");
+ len -= STRLENOF("one");
break;
+
case LDAP_SCOPE_SUBTREE:
strcpy( &s[sofar], "sub" );
- sofar += sizeof("sub") - 1;
+ sofar += STRLENOF("sub");
+ len -= STRLENOF("sub");
break;
+
#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
case LDAP_SCOPE_SUBORDINATE:
strcpy( &s[sofar], "children" );
- sofar += sizeof("children") - 1;
+ sofar += STRLENOF("children");
+ len -= STRLENOF("children");
break;
#endif
}
- if( sep < 4 ) goto done;
+ assert( len >= 0 );
+
+ if ( sep < 4 ) {
+ goto done;
+ }
s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
- sofar += hex_escape( &s[sofar], u->lud_filter, 0 );
+ i = hex_escape( &s[sofar], len, u->lud_filter, URLESC_NONE );
+ sofar += i;
+ len -= i;
- if( sep < 5 ) goto done;
+ assert( len >= 0 );
+
+ if ( sep < 5 ) {
+ goto done;
+ }
s[sofar++] = '?';
+ len--;
+
+ assert( len >= 0 );
+
+ i = hex_escape_list( &s[sofar], len, u->lud_exts, URLESC_COMMA );
+ sofar += i;
+ len -= i;
- sofar += hex_escape_args( &s[sofar], u->lud_exts );
+ assert( len >= 0 );
done:
- s[sofar] = '\0';
+ if ( len < 0 ) {
+ return -1;
+ }
+
+ return sofar;
+}
+
+char *
+ldap_url_desc2str( LDAPURLDesc *u )
+{
+ int len;
+ char *s;
+
+ if ( u == NULL ) {
+ return NULL;
+ }
+
+ len = desc2str_len( u );
+ if ( len < 0 ) {
+ return NULL;
+ }
+
+ /* allocate enough to hex escape everything -- overkill */
+ s = LDAP_MALLOC( len + 1 );
+
+ if ( s == NULL ) {
+ return NULL;
+ }
+
+ if ( desc2str( u, s, len ) != len ) {
+ LDAP_FREE( s );
+ return NULL;
+ }
+
+ s[len] = '\0';
+
return s;
}
ldap_url_list2urls(
LDAPURLDesc *ludlist )
{
- LDAPURLDesc *ludp;
- int size;
- char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
+ LDAPURLDesc *ludp;
+ int size, sofar;
+ char *s;
- if (ludlist == NULL)
+ if ( ludlist == NULL ) {
return NULL;
+ }
/* figure out how big the string is */
- size = 1; /* nul-term */
- for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
- size += strlen(ludp->lud_scheme);
- if ( ludp->lud_host ) {
- size += strlen(ludp->lud_host);
- /* will add [ ] below */
- if (strchr(ludp->lud_host, ':'))
- size += 2;
- }
- size += sizeof(":/// ");
-
- if (ludp->lud_port != 0) {
- size += sprintf(buf, ":%d", ludp->lud_port);
+ for ( size = 0, ludp = ludlist; ludp != NULL; ludp = ludp->lud_next ) {
+ int len = desc2str_len( ludp );
+ if ( len < 0 ) {
+ return NULL;
}
+ size += len + 1;
}
+
+ s = LDAP_MALLOC( size );
- s = LDAP_MALLOC(size);
- if (s == NULL) {
+ if ( s == NULL ) {
return NULL;
}
- p = s;
- for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
- p += sprintf(p, "%s://", ludp->lud_scheme);
- if ( ludp->lud_host ) {
- p += sprintf(p, strchr(ludp->lud_host, ':')
- ? "[%s]" : "%s", ludp->lud_host);
+ for ( sofar = 0, ludp = ludlist; ludp != NULL; ludp = ludp->lud_next ) {
+ int len;
+
+ len = desc2str( ludp, &s[sofar], size );
+
+ if ( len < 0 ) {
+ LDAP_FREE( s );
+ return NULL;
}
- if (ludp->lud_port != 0)
- p += sprintf(p, ":%d", ludp->lud_port);
- *p++ = '/';
- *p++ = ' ';
+
+ sofar += len;
+ size -= len;
+
+ s[sofar++] = ' ';
+ size--;
+
+ assert( size >= 0 );
}
- if (p != s)
- p--; /* nuke that extra space */
- *p = 0;
+
+ s[sofar - 1] = '\0';
+
return s;
}
LDAP_FREE( ludp );
}
+static int
+ldap_int_is_hexpair( char *s )
+{
+ int i;
+
+ for ( i = 0; i < 2; i++ ) {
+ if ( s[i] >= '0' && s[i] <= '9' ) {
+ continue;
+ }
+
+ if ( s[i] >= 'A' && s[i] <= 'F' ) {
+ continue;
+ }
+
+ if ( s[i] >= 'a' && s[i] <= 'f' ) {
+ continue;
+ }
+
+ return 0;
+ }
+
+ return 1;
+}
+
static int
ldap_int_unhex( int c )
{
* Remove URL hex escapes from s... done in place. The basic concept for
* this routine is borrowed from the WWW library HTUnEscape() routine.
*/
- char *p;
+ char *p,
+ *save_s = s;
for ( p = s; *s != '\0'; ++s ) {
if ( *s == '%' ) {
+ /*
+ * FIXME: what if '%' is followed
+ * by non-hexpair chars?
+ */
+ if ( !ldap_int_is_hexpair( s + 1 ) ) {
+ p = save_s;
+ break;
+ }
+
if ( *++s == '\0' ) {
break;
}
*p = '\0';
}
-
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998 A. Hartgers.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1995 IBM Corporation.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* ldif_parse_line - takes a line of the form "type:[:] value" and splits it
* into components "type" and "value". if a double colon separates type from
* value, then value is encoded in base 64, and parse_line un-decodes it
- * (in place) before returning.
+ * (in place) before returning. The type and value are stored in malloc'd
+ * memory which must be freed by the caller.
+ *
+ * ldif_parse_line2 - operates in-place on input buffer, returning type
+ * in-place. Will return value in-place if possible, (must malloc for
+ * fetched URLs). If freeval is NULL, all return data will be malloc'd
+ * and the input line will be unmodified. Otherwise freeval is set to
+ * True if the value was malloc'd.
*/
int
char **valuep,
ber_len_t *vlenp
)
+{
+ struct berval type, value;
+ int rc = ldif_parse_line2( (char *)line, &type, &value, NULL );
+
+ *typep = type.bv_val;
+ *valuep = value.bv_val;
+ *vlenp = value.bv_len;
+ return rc;
+}
+
+int
+ldif_parse_line2(
+ char *line,
+ struct berval *type,
+ struct berval *value,
+ int *freeval
+)
{
char *s, *p, *d;
char nib;
int b64, url;
- char *freeme, *type, *value;
- ber_len_t vlen;
- *typep = NULL;
- *valuep = NULL;
- *vlenp = 0;
+ BER_BVZERO( type );
+ BER_BVZERO( value );
/* skip any leading space */
while ( isspace( (unsigned char) *line ) ) {
line++;
}
- freeme = ber_strdup( line );
+ if ( freeval ) {
+ *freeval = 0;
+ } else {
+ line = ber_strdup( line );
- if( freeme == NULL ) {
- ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
- _("ldif_parse_line: line malloc failed\n"));
- return( -1 );
+ if( line == NULL ) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: line malloc failed\n"));
+ return( -1 );
+ }
}
- type = freeme;
+ type->bv_val = line;
- s = strchr( type, ':' );
+ s = strchr( type->bv_val, ':' );
if ( s == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: missing ':' after %s\n"),
type );
- ber_memfree( freeme );
+ if ( !freeval ) ber_memfree( line );
return( -1 );
}
/* trim any space between type and : */
- for ( p = &s[-1]; p > type && isspace( * (unsigned char *) p ); p-- ) {
+ for ( p = &s[-1]; p > type->bv_val && isspace( * (unsigned char *) p ); p-- ) {
*p = '\0';
}
*s++ = '\0';
+ type->bv_len = s - type->bv_val - 1;
url = 0;
b64 = 0;
/* no value is present, error out */
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: %s missing base64 value\n"), type );
- ber_memfree( freeme );
+ if ( !freeval ) ber_memfree( line );
return( -1 );
}
- byte = value = s;
+ byte = value->bv_val = s;
- for ( p = s, vlen = 0; p < d; p += 4, vlen += 3 ) {
+ for ( p = s, value->bv_len = 0; p < d; p += 4, value->bv_len += 3 ) {
int i;
for ( i = 0; i < 4; i++ ) {
if ( p[i] != '=' && (p[i] & 0x80 ||
_("ldif_parse_line: %s: invalid base64 encoding"
" char (%c) 0x%x\n"),
type, p[i], p[i] );
- ber_memfree( freeme );
+ if ( !freeval ) ber_memfree( line );
return( -1 );
}
}
byte[1] = (nib & RIGHT4) << 4;
/* third digit */
if ( p[2] == '=' ) {
- vlen += 1;
+ value->bv_len += 1;
break;
}
nib = b642nib[ p[2] & 0x7f ];
byte[2] = (nib & RIGHT2) << 6;
/* fourth digit */
if ( p[3] == '=' ) {
- vlen += 2;
+ value->bv_len += 2;
break;
}
nib = b642nib[ p[3] & 0x7f ];
byte += 3;
}
- s[ vlen ] = '\0';
+ s[ value->bv_len ] = '\0';
} else if ( url ) {
if ( *s == '\0' ) {
/* no value is present, error out */
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: %s missing URL value\n"), type );
- ber_memfree( freeme );
+ if ( !freeval ) ber_memfree( line );
return( -1 );
}
- if( ldif_fetch_url( s, &value, &vlen ) ) {
+ if( ldif_fetch_url( s, &value->bv_val, &value->bv_len ) ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: %s: URL \"%s\" fetch failed\n"),
type, s );
- ber_memfree( freeme );
+ if ( !freeval ) ber_memfree( line );
return( -1 );
}
+ if ( freeval ) *freeval = 1;
} else {
- value = s;
- vlen = (int) (d - s);
+ value->bv_val = s;
+ value->bv_len = (int) (d - s);
}
- type = ber_strdup( type );
+ if ( !freeval ) {
+ struct berval bv = *type;
- if( type == NULL ) {
- ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
- _("ldif_parse_line: type malloc failed\n"));
- if( url ) ber_memfree( value );
- ber_memfree( freeme );
- return( -1 );
- }
+ ber_dupbv( type, &bv );
- if( !url ) {
- p = ber_memalloc( vlen + 1 );
- if( p == NULL ) {
+ if( BER_BVISNULL( type )) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
- _("ldif_parse_line: value malloc failed\n"));
- ber_memfree( type );
- ber_memfree( freeme );
+ _("ldif_parse_line: type malloc failed\n"));
+ if( url ) ber_memfree( value->bv_val );
+ ber_memfree( line );
return( -1 );
}
- AC_MEMCPY( p, value, vlen );
- p[vlen] = '\0';
- value = p;
- }
- ber_memfree( freeme );
+ if( !url ) {
+ bv = *value;
+ ber_dupbv( value, &bv );
+ if( BER_BVISNULL( value )) {
+ ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
+ _("ldif_parse_line: value malloc failed\n"));
+ ber_memfree( type->bv_val );
+ ber_memfree( line );
+ return( -1 );
+ }
+ }
- *typep = type;
- *valuep = value;
- *vlenp = vlen;
+ ber_memfree( line );
+ }
return( 0 );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#endif
static struct pw_slist *pw_schemes;
+static int pw_inited;
static const struct pw_scheme pw_schemes_default[] =
{
{
struct pw_slist *ptr;
+ if (!pw_inited) lutil_passwd_init();
+
ptr = ber_memalloc( sizeof( struct pw_slist ));
if (!ptr) return -1;
ptr->next = pw_schemes;
{
struct pw_scheme *s;
+ pw_inited = 1;
+
for( s=(struct pw_scheme *)pw_schemes_default; s->name.bv_val; s++) {
if ( lutil_passwd_add( &s->name, s->chk_fn, s->hash_fn ) ) break;
}
{
struct pw_slist *pws;
- if (!pw_schemes) lutil_passwd_init();
+ if (!pw_inited) lutil_passwd_init();
for( pws=pw_schemes; pws; pws=pws->next ) {
if( strcasecmp(scheme, pws->s.name.bv_val ) == 0 ) {
return -1;
}
- if (!pw_schemes) lutil_passwd_init();
+ if (!pw_inited) lutil_passwd_init();
for( pws=pw_schemes; pws; pws=pws->next ) {
if( pws->s.chk_fn ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
if ( do_continue ) {
if ( rule->lr_next == NULL ) {
- res = ( s == string ? strdup( s ) : s );
+ res = s;
}
goto rc_continue;
}
if ( res != NULL ) {
struct rewrite_action *action;
- if (s != string ) {
+ if ( s != string && s != res ) {
free( s );
}
s = res;
* result back to the string
*/
} else if ( rule->lr_next == NULL ) {
- res = ( s == string ? strdup( s ) : s );
+ res = s;
}
break;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
if ( *result != NULL ) {
- free( *result );
+ if ( *result != string ) {
+ free( *result );
+ }
*result = NULL;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
int ldap_syslog;
int ldap_syslog_level;
-char *
+static void
apply(
FILE *fin,
const char *rewriteContext,
rewrite_session_init( info, cookie );
- string = strdup( arg );
+ string = (char *)arg;
for ( sep = strchr( rewriteContext, ',' );
rewriteContext != NULL;
rewriteContext = sep,
- sep ? sep = strchr( rewriteContext, ',' ) : NULL ) {
+ sep ? sep = strchr( rewriteContext, ',' ) : NULL )
+ {
char *errmsg = "";
if ( sep != NULL ) {
if ( result == NULL ) {
break;
}
- free( string );
+ if ( string != arg && string != result ) {
+ free( string );
+ }
string = result;
}
- free( string );
+ if ( result && result != arg ) {
+ free( result );
+ }
rewrite_session_delete( info, cookie );
rewrite_info_delete( &info );
-
- return result;
}
int
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
op->lo_num_passes++;
if ( regexec( &rule->lr_regex, string, nmatch, match, 0 ) != 0 ) {
- if ( *result == NULL && strcnt > 0 ) {
+ if ( *result == NULL && string != arg ) {
free( string );
- string = NULL;
}
/*
*result = val.bv_val;
val.bv_val = NULL;
- if ( strcnt > 0 ) {
+ if ( string != arg ) {
free( string );
string = NULL;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# servers Makefile.in for OpenLDAP
# $OpenLDAP$
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
oidm.c starttls.c index.c sets.c referral.c root_dse.c \
sasl.c module.c mra.c mods.c sl_malloc.c zn_malloc.c limits.c \
operational.c matchedValues.c cancel.c syncrepl.c \
- backover.c ctxcsn.c ldapsync.c sessionlog.c frontend.c \
+ backover.c ctxcsn.c ldapsync.c frontend.c \
slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \
slappasswd.c slaptest.c slapauth.c slapacl.c component.c \
$(@PLAT@_SRCS)
oidm.o starttls.o index.o sets.o referral.o root_dse.o \
sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o \
operational.o matchedValues.o cancel.o syncrepl.o \
- backover.o ctxcsn.o ldapsync.o sessionlog.o frontend.o \
+ backover.o ctxcsn.o ldapsync.o frontend.o \
slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \
slappasswd.o slaptest.o slapauth.o slapacl.o component.o \
$(@PLAT@_OBJS)
-LDAP_INCDIR= ../../include -I$(srcdir)/slapi -I.
+LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
LDAP_LIBDIR= ../../libraries
SLAP_DIR=
XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS)
-XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_L) liboverlays.a
+XLIBS = $(SLAPD_STATIC_DEPENDS) liboverlays.a $(SLAPD_L)
XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
XXXLIBS = $(LTHREAD_LIBS) $(SLAPI_LIBS) $(MODULES_LIBS)
all-local-srv: all-cffiles
NT_SLAPD_DEPENDS = slapd.exp
-NT_SLAPD_OBJECTS = slapd.exp symdummy.o $(OBJS) version.o
+NT_SLAPD_OBJECTS = slapd.exp symdummy.o $(OBJS) backends.o version.o
-UNIX_SLAPD_DEPENDS = $(SLAPD_STATIC_DEPENDS) version.o $(SLAPD_L)
-UNIX_SLAPD_OBJECTS = $(OBJS) version.o
+UNIX_SLAPD_DEPENDS = $(SLAPD_STATIC_DEPENDS) backends.o version.o $(SLAPD_L)
+UNIX_SLAPD_OBJECTS = $(OBJS) backends.o version.o
SLAPD_DEPENDS = liboverlays.a $(@PLAT@_SLAPD_DEPENDS)
SLAPD_OBJECTS = $(@PLAT@_SLAPD_OBJECTS)
$(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); done
-sslapd: version.o
- $(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS) $(WRAP_LIBS)
+sslapd: version.o backends.o
+ $(LTLINK) -static -o $@ $(OBJS) version.o backends.o $(LIBS) $(WRAP_LIBS)
dummy $(SLAPD_DYNAMIC_BACKENDS): slapd
cd $@; $(MAKE) $(MFLAGS) all
liboverlays.a: FORCE
@cd overlays; $(MAKE) $(MFLAGS) all
-backend.c: backend.h
-
version.c: Makefile
@-$(RM) $@
$(MKVERSION) -s -n Versionstr slapd > $@
version.o: version.c $(OBJS) $(SLAPD_LIBDEPEND)
+backends.o: backends.c $(srcdir)/slap.h
+
depend-local-srv: FORCE
@for i in $(SUBDIRS); do \
if test -d $$i -a -f $$i/Makefile ; then \
clean-local:
$(RM) *.exp *.def *.base *.a *.objs symdummy.c
+veryclean-local:
+ $(RM) backends.c
+
clean-local-srv: FORCE
@for i in $(SUBDIRS); do \
if test -d $$i -a -f $$i/Makefile ; then \
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
"<= root access granted\n",
0, 0, 0 );
if ( maskp ) {
- mask = ACL_LVL_WRITE;
+ mask = ACL_LVL_MANAGE;
}
goto done;
Debug( LDAP_DEBUG_ACL,
"acl_get: valpat %s\n",
a->acl_attrval.bv_val, 0, 0 );
- if (regexec(&a->acl_attrval_re, val->bv_val, 0, NULL, 0))
+ if ( regexec( &a->acl_attrval_re, val->bv_val, 0, NULL, 0 ) )
+ {
continue;
+ }
+
} else {
int match = 0;
const char *text;
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: backend default %s access %s to \"%s\"\n",
access2str( ACL_WRITE ),
- op->o_bd->be_dfltaccess >= ACL_WRITE ? "granted" : "denied", op->o_dn.bv_val );
+ op->o_bd->be_dfltaccess >= ACL_WRITE
+ ? "granted" : "denied",
+ op->o_dn.bv_val );
ret = (op->o_bd->be_dfltaccess >= ACL_WRITE);
goto done;
}
int rc = 0;
AciSetCookie cookie;
- if (setref == 0) {
+ if ( setref == 0 ) {
ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+
} else {
struct berval subjdn, ndn = BER_BVNULL;
struct berval setat;
/* format of string is "entry/setAttrName" */
if ( aci_get_part( subj, 0, '/', &subjdn ) < 0 ) {
- return(0);
+ return 0;
}
if ( aci_get_part( subj, 1, '/', &setat ) < 0 ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static void print_access(Access *b);
#endif
-#ifdef LDAP_DEVEL
-static int
-check_scope( BackendDB *be, AccessControl *a );
-#endif /* LDAP_DEVEL */
+static int check_scope( BackendDB *be, AccessControl *a );
#ifdef SLAP_DYNACL
static int
regfree(&re);
}
-#ifdef LDAP_DEVEL
/*
* Experimental
*
dn = be->be_nsuffix[0];
+ if ( BER_BVISEMPTY( &dn ) ) {
+ return ACL_SCOPE_OK;
+ }
+
if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
a->acl_dn_style != ACL_STYLE_REGEX )
{
return ACL_SCOPE_UNKNOWN;
}
-#endif /* LDAP_DEVEL */
void
parse_acl(
const char *fname,
int lineno,
int argc,
- char **argv
-)
+ char **argv )
{
int i;
char *left, *right, *style, *next;
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
-
+
} else {
fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" "
}
if ( be != NULL ) {
-#ifdef LDAP_DEVEL
if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
fprintf( stderr, "%s: line %d: warning: "
"scope checking only applies to single-valued "
default:
break;
}
-#endif /* LDAP_DEVEL */
acl_append( &be->be_acl, a );
} else {
if ( ACL_LVL_IS_NONE(mask) ) {
ptr = lutil_strcopy( ptr, "none" );
+ } else if ( ACL_LVL_IS_DISCLOSE(mask) ) {
+ ptr = lutil_strcopy( ptr, "disclose" );
+
} else if ( ACL_LVL_IS_AUTH(mask) ) {
ptr = lutil_strcopy( ptr, "auth" );
} else if ( ACL_LVL_IS_WRITE(mask) ) {
ptr = lutil_strcopy( ptr, "write" );
+
+ } else if ( ACL_LVL_IS_MANAGE(mask) ) {
+ ptr = lutil_strcopy( ptr, "manage" );
+
} else {
ptr = lutil_strcopy( ptr, "unknown" );
}
*ptr++ = '=';
}
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_MANAGE) ) {
+ none = 0;
+ *ptr++ = 'm';
+ }
+
if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WRITE) ) {
none = 0;
*ptr++ = 'w';
*ptr++ = 'x';
}
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_DISCLOSE) ) {
+ none = 0;
+ *ptr++ = 'd';
+ }
+
if ( none && ACL_PRIV_ISSET(mask, ACL_PRIV_NONE) ) {
none = 0;
*ptr++ = 'n';
}
for( i=1; str[i] != '\0'; i++ ) {
- if( TOLOWER((unsigned char) str[i]) == 'w' ) {
+ if( TOLOWER((unsigned char) str[i]) == 'm' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_MANAGE);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'w' ) {
ACL_PRIV_SET(mask, ACL_PRIV_WRITE);
} else if( TOLOWER((unsigned char) str[i]) == 'r' ) {
} else if( TOLOWER((unsigned char) str[i]) == 'x' ) {
ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
+ } else if( TOLOWER((unsigned char) str[i]) == 'd' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE);
+
} else if( str[i] != '0' ) {
ACL_INVALIDATE(mask);
return mask;
if ( strcasecmp( str, "none" ) == 0 ) {
ACL_LVL_ASSIGN_NONE(mask);
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+ ACL_LVL_ASSIGN_DISCLOSE(mask);
+
} else if ( strcasecmp( str, "auth" ) == 0 ) {
ACL_LVL_ASSIGN_AUTH(mask);
} else if ( strcasecmp( str, "write" ) == 0 ) {
ACL_LVL_ASSIGN_WRITE(mask);
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ ACL_LVL_ASSIGN_MANAGE(mask);
+
} else {
ACL_INVALIDATE( mask );
}
"<access clause> ::= access to <what> "
"[ by <who> <access> [ <control> ] ]+ \n"
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]\n"
- "<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>\n"
+ "<attrlist> ::= <attr> [val[.<
attrstyle>]=<value>] | <attr> , <attrlist>\n"
"<attr> ::= <attrname> | entry | children\n",
"<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
"\t[dnattr=<attrname>]\n"
"\t[aci=<attrname>]\n"
#endif
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n",
+ "<style> ::= exact | regex | base(Object)\n"
"<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
"exact | regex\n"
- "<style> ::= exact | regex | base(Object)\n"
+ "<attrstyle> ::= exact | regex | base(Object) | one(level) | "
+ "sub(tree) | children\n"
"<peernamestyle> ::= exact | regex | ip | path\n"
"<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
"<access> ::= [self]{<level>|<priv>}\n"
- "<level> ::= none | auth | compare | search | read | write\n"
- "<priv> ::= {=|+|-}{w|r|s|c|x|0}+\n"
+ "<level> ::= none|disclose|auth|compare|search|read|write|manage\n"
+ "<priv> ::= {=|+|-}{0|d|x|c|s|r|w|m}+\n"
"<control> ::= [ stop | continue | break ]\n"
);
exit( EXIT_FAILURE );
if ( access == ACL_NONE ) {
return "none";
+ } else if ( access == ACL_DISCLOSE ) {
+ return "disclose";
+
} else if ( access == ACL_AUTH ) {
return "auth";
} else if ( access == ACL_WRITE ) {
return "write";
+
+ } else if ( access == ACL_MANAGE ) {
+ return "manage";
+
}
return "unknown";
if ( strcasecmp( str, "none" ) == 0 ) {
return ACL_NONE;
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+ return ACL_DISCLOSE;
+
} else if ( strcasecmp( str, "auth" ) == 0 ) {
return ACL_AUTH;
} else if ( strcasecmp( str, "write" ) == 0 ) {
return ACL_WRITE;
+
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ return ACL_MANAGE;
}
return( ACL_INVALID_ACCESS );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
tail = &attr->a_next;
}
+ *text = NULL;
+
return LDAP_SUCCESS;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
extended.c referral.c operational.c \
attr.c index.c key.c dbcache.c filterindex.c \
dn2entry.c dn2id.c error.c id2entry.c idl.c \
- nextid.c cache.c trans.c ctxcsn.c
+ nextid.c cache.c trans.c
OBJS = init.lo tools.lo config.lo \
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
extended.lo referral.lo operational.lo \
attr.lo index.lo key.lo dbcache.lo filterindex.lo \
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo \
- nextid.lo cache.lo trans.lo ctxcsn.lo
+ nextid.lo cache.lo trans.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
goto return_results;
}
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
- &ctxcsn_e, &ctxcsn_added, locker );
- switch ( rc ) {
- case BDB_CSN_ABORT :
- goto return_results;
- case BDB_CSN_RETRY :
- goto retry;
- }
- }
-#endif
-
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
suffix_ei = BEI(e);
}
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- if ( ctxcsn_added ) {
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
- (struct berval *)&slap_ldapsync_cn_bv, locker );
- }
- }
-
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_no_psearch ) {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- assert( BEI(e) );
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_ADD );
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
LDAP_BEGIN_DECL
-#undef BDB_PSEARCH
-
#define DB_VERSION_FULL ((DB_VERSION_MAJOR << 24) | (DB_VERSION_MINOR << 16) | DB_VERSION_PATCH)
#define BDB_SUBENTRIES 1
ID bi_lastid;
ldap_pvt_thread_mutex_t bi_lastid_mutex;
-#ifdef BDB_PSEARCH
- LDAP_LIST_HEAD(pl, slap_op) bi_psearch_list;
- ldap_pvt_thread_rdwr_t bi_pslist_rwlock;
- LDAP_LIST_HEAD(se, slap_session_entry) bi_session_list;
-#endif
int bi_idl_cache_max_size;
int bi_idl_cache_size;
Avlnode *bi_idl_tree;
/* Copy an ID "src" to pointer "dst" in big-endian byte order */
#define BDB_ID2DISK( src, dst ) \
- do { int i0; ID tmp; char *ptr; \
- tmp = (src); ptr = (char *)(dst); \
+ do { int i0; ID tmp; unsigned char *_p; \
+ tmp = (src); _p = (char *)(dst); \
for ( i0=sizeof(ID)-1; i0>=0; i0-- ) { \
- ptr[i0] = tmp & 0xff; tmp >>= 8; \
+ _p[i0] = tmp & 0xff; tmp >>= 8; \
} \
} while(0);
/* Copy a pointer "src" to a pointer "dst" from big-endian to native order */
#define BDB_DISK2ID( src, dst ) \
- do { int i0; ID tmp = 0; unsigned char *ptr; \
- ptr = (unsigned char *)(src); \
+ do { int i0; ID tmp = 0; unsigned char *_p; \
+ _p = (unsigned char *)(src); \
for ( i0=0; i0<sizeof(ID); i0++ ) { \
- tmp <<= 8; tmp |= *ptr++; \
+ tmp <<= 8; tmp |= *_p++; \
} *(dst) = tmp; \
} while (0);
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
switch ( op->oq_bind.rb_method ) {
case LDAP_AUTH_SIMPLE:
- rs->sr_err = access_allowed( op, e,
- password, NULL, ACL_AUTH, NULL );
- if ( ! rs->sr_err ) {
+ a = attr_find( e->e_attrs, password );
+ if ( a == NULL ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
}
- if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- goto done;
- }
-
- if ( slap_passwd_check( op->o_conn,
- a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+ if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
{
+ /* failure; stop front end from sending result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
}
-
+
rs->sr_err = 0;
break;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
bdb_cache_entryinfo_unlock( eip );
- /* set lru mutex */
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
++bdb->bi_cache.c_cursize;
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ /* set lru mutex */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
+
/* lru_mutex is unlocked for us */
bdb_cache_lru_add( bdb, locker, new );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
e = ei->bei_e;
if ( rs->sr_err == DB_NOTFOUND ) {
if ( e != NULL ) {
- rs->sr_matched = ch_strdup( e->e_dn );
- rs->sr_ref = is_entry_referral( e )
- ? get_entry_referrals( op, e )
- : NULL;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose"
+ * is granted on the object */
+ if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = ch_strdup( e->e_dn );
+ rs->sr_ref = is_entry_referral( e )
+ ? get_entry_referrals( op, e )
+ : NULL;
+ rs->sr_err = LDAP_REFERRAL;
+ }
+
bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+ rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
- rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
}
if (!manageDSAit && is_entry_referral( e ) ) {
- /* entry is a referral, don't allow add */
- rs->sr_ref = get_entry_referrals( op, e );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose"
+ * is granted on the object */
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ /* entry is a referral, don't allow compare */
+ rs->sr_ref = get_entry_referrals( op, e );
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = e->e_name.bv_val;
+ }
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
0, 0 );
- rs->sr_err = LDAP_REFERRAL;
- rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
goto return_results;
}
- rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
- &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
- if ( ! rs->sr_err ) {
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return error only if "disclose"
+ * is granted on the object */
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
- for(a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
- a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
{
rs->sr_err = LDAP_COMPARE_FALSE;
return_results:
send_ldap_result( op, rs );
- if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
rs->sr_err = LDAP_SUCCESS;
+ break;
}
done:
/* free entry */
- if( e != NULL ) {
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ if ( e != NULL ) {
+ bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
+ e, &lock );
}
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
if ( !( slapMode & SLAP_TOOL_MODE ) )
bdb->bi_idl_cache_max_size = atoi( argv[1] );
-#ifdef BDB_PSEARCH
- } else if ( strcasecmp( argv[0], "sessionlog" ) == 0 ) {
- int se_id = 0, se_size = 0;
- struct slap_session_entry *sent;
- if ( argc < 3 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing arguments in \"sessionlog <id> <size>\""
- " line\n", fname, lineno, 0 );
- return( 1 );
- }
- se_id = atoi( argv[1] );
-
- if ( se_id < 0 || se_id > 999 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: session log id %d is out of range [0..999]\n",
- fname, lineno , se_id );
- return( 1 );
- }
-
- se_size = atoi( argv[2] );
- if ( se_size < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: session log size %d is negative\n",
- fname, lineno , se_size );
- return( 1 );
- }
-
- LDAP_LIST_FOREACH( sent, &bdb->bi_session_list, se_link ) {
- if ( sent->se_id == se_id ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: session %d already exists\n",
- fname, lineno , se_id );
- return( 1 );
- }
- }
- sent = (struct slap_session_entry *) ch_calloc( 1,
- sizeof( struct slap_session_entry ));
- sent->se_id = se_id;
- sent->se_size = se_size;
- LDAP_LIST_INSERT_HEAD( &bdb->bi_session_list, sent, se_link );
-#endif /* BDB_PSEARCH */
/* anything else */
} else {
return SLAP_CONF_UNKNOWN;
+++ /dev/null
-/* ctxcsn.c -- back-bdb Context CSN Management Routines */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2003-2004 The OpenLDAP Foundation.
- * Portions Copyright 2003 IBM Corporation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "lutil.h"
-#include "back-bdb.h"
-
-#ifdef BDB_PSEARCH
-int
-bdb_csn_commit(
- Operation *op,
- SlapReply *rs,
- DB_TXN *tid,
- EntryInfo *ei,
- EntryInfo **suffix_ei,
- Entry **ctxcsn_e,
- int *ctxcsn_added,
- u_int32_t locker
-)
-{
- struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
- EntryInfo *ctxcsn_ei = NULL;
- DB_LOCK ctxcsn_lock;
- struct berval max_committed_csn;
- DB_LOCK suffix_lock;
- int rc, ret;
- ID ctxcsn_id;
- Entry *e;
- char textbuf[SLAP_TEXT_BUFLEN];
- size_t textlen = sizeof textbuf;
- EntryInfo *eip = NULL;
-
- assert( !BER_BVISNULL( &op->o_bd->be_context_csn ) );
-
- if ( ei ) {
- e = ei->bei_e;
- }
-
- rc = bdb_dn2entry( op, tid, &op->o_bd->be_context_csn, &ctxcsn_ei,
- 1, locker, &ctxcsn_lock );
- switch( rc ) {
- case 0:
- case DB_NOTFOUND:
- break;
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- return BDB_CSN_RETRY;
- default:
- return BDB_CSN_ABORT;
- }
-
- *ctxcsn_e = ctxcsn_ei->bei_e;
-
- slap_get_commit_csn( op, &max_committed_csn );
-
- if ( max_committed_csn.bv_val == NULL ) {
- return BDB_CSN_COMMIT;
- }
-
- *ctxcsn_added = 0;
-
- switch( rc ) {
- case 0:
- if ( !*ctxcsn_e ) {
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "context csn not present";
- op->o_tmpfree( max_committed_csn.bv_val, op->o_tmpmemctx );
- return BDB_CSN_ABORT;
- } else {
- Modifications mod;
- struct berval modvals[2];
- Entry dummy;
-
- modvals[0] = max_committed_csn;
- modvals[1].bv_val = NULL;
- modvals[1].bv_len = 0;
-
- mod.sml_op = LDAP_MOD_REPLACE;
- mod.sml_values = modvals;
- mod.sml_nvalues = NULL;
- mod.sml_desc = slap_schema.si_ad_contextCSN;
- mod.sml_type = mod.sml_desc->ad_cname;
- mod.sml_next = NULL;
-
- dummy = **ctxcsn_e;
- ret = bdb_modify_internal( op, tid, &mod, &dummy,
- &rs->sr_text, textbuf, textlen );
- op->o_tmpfree( max_committed_csn.bv_val, op->o_tmpmemctx );
- if ( ret != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- "bdb_csn_commit: modify failed (%d)\n", rs->sr_err, 0, 0 );
- if ( dummy.e_attrs != e->e_attrs ) attrs_free( dummy.e_attrs );
- switch( ret ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto rewind;
- default:
- return BDB_CSN_ABORT;
- }
- }
-
- ret = bdb_id2entry_update( op->o_bd, tid, &dummy );
- switch ( ret ) {
- case 0 :
- break;
- case DB_LOCK_DEADLOCK :
- case DB_LOCK_NOTGRANTED :
- if ( dummy.e_attrs != e->e_attrs ) attrs_free( dummy.e_attrs );
- goto rewind;
- default :
- if ( dummy.e_attrs != e->e_attrs ) attrs_free( dummy.e_attrs );
- rs->sr_err = ret;
- rs->sr_text = "context csn update failed";
- return BDB_CSN_ABORT;
- }
- ret = bdb_cache_modify( *ctxcsn_e, dummy.e_attrs, bdb->bi_dbenv, locker, &ctxcsn_lock );
- if ( ret != LDAP_SUCCESS ) {
- if ( dummy.e_attrs != e->e_attrs ) attrs_free( dummy.e_attrs );
- switch( ret ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto rewind;
- }
- }
- }
- break;
- case DB_NOTFOUND:
- if ( op->o_tag == LDAP_REQ_ADD &&
- be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname )) {
- *suffix_ei = NULL;
- eip = (EntryInfo *) ch_calloc( 1, sizeof( EntryInfo ));
- eip->bei_id = op->oq_add.rs_e->e_id;
- } else {
- eip = *suffix_ei = ctxcsn_ei;
- }
-
- /* This serializes add. But this case is very rare : only once. */
- rs->sr_err = bdb_next_id( op->o_bd, tid, &ctxcsn_id );
- if ( rs->sr_err != 0 ) {
- Debug( LDAP_DEBUG_TRACE,
- "bdb_csn_commit: next_id failed (%d)\n",
- rs->sr_err, 0, 0 );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "internal error";
- return BDB_CSN_ABORT;
- }
-
- *ctxcsn_e = slap_create_context_csn_entry( op->o_bd, &max_committed_csn );
- op->o_tmpfree( max_committed_csn.bv_val, op->o_tmpmemctx );
- (*ctxcsn_e)->e_id = ctxcsn_id;
- *ctxcsn_added = 1;
-
- ret = bdb_dn2id_add( op, tid, eip, *ctxcsn_e );
- switch ( ret ) {
- case 0 :
- break;
- case DB_LOCK_DEADLOCK :
- case DB_LOCK_NOTGRANTED :
- goto rewind;
- case DB_KEYEXIST :
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "context csn exists before context prefix does";
- return BDB_CSN_ABORT;
- default :
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "context csn store failed";
- return BDB_CSN_ABORT;
- }
-
- if ( *suffix_ei == NULL ) {
- ch_free( eip );
- }
-
- ret = bdb_id2entry_add( op->o_bd, tid, *ctxcsn_e );
- switch ( ret ) {
- case 0 :
- break;
- case DB_LOCK_DEADLOCK :
- case DB_LOCK_NOTGRANTED :
- goto rewind;
- default :
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "context csn store failed";
- return BDB_CSN_ABORT;
- }
- ret = bdb_index_entry_add( op, tid, *ctxcsn_e );
- switch ( ret ) {
- case 0 :
- break;
- case DB_LOCK_DEADLOCK :
- case DB_LOCK_NOTGRANTED :
- goto rewind;
- default :
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "context csn indexing failed";
- return BDB_CSN_ABORT;
- }
- break;
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- Debug( LDAP_DEBUG_TRACE,
- "bdb_csn_commit : bdb_dn2entry retry\n", 0, 0, 0 );
- goto rewind;
- case LDAP_BUSY:
- rs->sr_err = rc;
- rs->sr_text = "ldap server busy";
- return BDB_CSN_ABORT;
- default:
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "internal error";
- return BDB_CSN_ABORT;
- }
-
- return BDB_CSN_COMMIT;
-
-rewind :
- slap_rewind_commit_csn( op );
- return BDB_CSN_RETRY;
-}
-
-int
-bdb_get_commit_csn(
- Operation *op,
- SlapReply *rs,
- struct berval **search_context_csn,
- u_int32_t locker,
- DB_LOCK *ctxcsn_lock
-)
-{
- struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
- struct berval csn = BER_BVNULL;
- EntryInfo *ctxcsn_ei = NULL;
- EntryInfo *suffix_ei = NULL;
- Entry *ctxcsn_e = NULL;
- DB_TXN *ltid = NULL;
- Attribute *csn_a;
- char gid[DB_XIDDATASIZE];
- char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
- int num_retries = 0;
- int ctxcsn_added = 0;
- int rc;
- struct sync_cookie syncCookie = { NULL, -1, NULL};
- syncinfo_t *si;
- u_int32_t ctxcsn_locker = 0;
-
- if ( (op->o_sync_mode & SLAP_SYNC_REFRESH) &&
- !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- char substr[67];
- struct berval ctxcsn_ndn = BER_BVNULL;
- struct berval bv;
-
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- sprintf( substr, "cn=syncrepl%ld", si->si_rid );
- ber_str2bv( substr, 0, 0, &bv );
- build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &bv, op->o_tmpmemctx );
-
-consumer_ctxcsn_retry :
- rs->sr_err = bdb_dn2entry( op, NULL, &ctxcsn_ndn, &ctxcsn_ei,
- 0, locker, ctxcsn_lock );
- switch(rs->sr_err) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto consumer_ctxcsn_retry;
- case 0:
- op->o_tmpfree( ctxcsn_ndn.bv_val, op->o_tmpmemctx );
- ctxcsn_ndn.bv_val = NULL;
- if ( ctxcsn_ei ) {
- ctxcsn_e = ctxcsn_ei->bei_e;
- }
- break;
- case DB_NOTFOUND:
- default:
- rs->sr_err = LDAP_OTHER;
- case LDAP_BUSY:
- op->o_tmpfree( ctxcsn_ndn.bv_val, op->o_tmpmemctx );
- ctxcsn_ndn.bv_val = NULL;
- goto done;
- }
-
- if ( ctxcsn_e ) {
- csn_a = attr_find( ctxcsn_e->e_attrs,
- slap_schema.si_ad_syncreplCookie );
- if ( csn_a ) {
- struct berval cookie;
- const char *text;
- int match = -1;
- ber_dupbv( &cookie, &csn_a->a_vals[0] );
- ber_bvarray_add( &syncCookie.octet_str, &cookie );
- slap_parse_sync_cookie( &syncCookie );
- if ( *search_context_csn &&
- (*search_context_csn)->bv_val != NULL )
- {
- value_match( &match, slap_schema.si_ad_entryCSN,
- slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- syncCookie.ctxcsn, *search_context_csn, &text );
- }
- if ( match < 0 ) {
- /* set search_context_csn to the
- smallest syncrepl cookie value */
- if ( *search_context_csn ) {
- ch_free( (*search_context_csn)->bv_val );
- ch_free( *search_context_csn );
- }
- *search_context_csn = ber_dupbv( NULL,
- syncCookie.ctxcsn );
- }
- slap_sync_cookie_free( &syncCookie, 0 );
- } else {
- *search_context_csn = NULL;
- }
- } else {
- *search_context_csn = NULL;
- }
- }
- } else if ( (op->o_sync_mode & SLAP_SYNC_REFRESH) &&
- LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
-
-provider_ctxcsn_retry :
- rs->sr_err = bdb_dn2entry( op, NULL, &op->o_bd->be_context_csn, &ctxcsn_ei,
- 0, locker, ctxcsn_lock );
- switch(rs->sr_err) {
- case 0:
- if ( ctxcsn_ei ) {
- ctxcsn_e = ctxcsn_ei->bei_e;
- }
- break;
- case LDAP_BUSY:
- goto done;
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto provider_ctxcsn_retry;
- case DB_NOTFOUND:
- snprintf( gid, sizeof( gid ), "%s-%08lx-%08lx",
- bdb_uuid.bv_val, (long) op->o_connid, (long) op->o_opid );
-
- slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, 1 );
-
- if ( 0 ) {
-txn_retry:
- rs->sr_err = TXN_ABORT( ltid );
- ltid = NULL;
- if ( rs->sr_err != 0 ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
- ldap_pvt_thread_yield();
- bdb_trans_backoff( ++num_retries );
- }
- rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL,
- <id, bdb->bi_db_opflags );
- if ( rs->sr_err != 0 ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- ctxcsn_locker = TXN_ID ( ltid );
-
- rs->sr_err = bdb_csn_commit( op, rs, ltid, NULL,
- &suffix_ei, &ctxcsn_e,
- &ctxcsn_added, ctxcsn_locker );
- switch( rs->sr_err ) {
- case BDB_CSN_ABORT:
- rs->sr_err = LDAP_OTHER;
- goto done;
- case BDB_CSN_RETRY:
- goto txn_retry;
- }
-
- rs->sr_err = TXN_PREPARE( ltid, gid );
- if ( rs->sr_err != 0 ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
- (struct berval *)&slap_ldapsync_cn_bv, ctxcsn_locker );
-
- rs->sr_err = TXN_COMMIT( ltid, 0 );
- if ( rs->sr_err != 0 ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- rs->sr_err = bdb_dn2entry( op, NULL,
- &op->o_bd->be_context_csn,
- &ctxcsn_ei, 0, ctxcsn_locker,
- ctxcsn_lock );
-
- if ( ctxcsn_ei ) {
- ctxcsn_e = ctxcsn_ei->bei_e;
- }
- break;
-
- default:
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- if ( ctxcsn_e ) {
- csn_a = attr_find( ctxcsn_e->e_attrs,
- slap_schema.si_ad_contextCSN );
- if ( csn_a ) {
- *search_context_csn = ber_dupbv( NULL, &csn_a->a_vals[0] );
- } else {
- *search_context_csn = NULL;
- }
- } else {
- *search_context_csn = NULL;
- }
- }
-
- ltid = NULL;
- rs->sr_err = LDAP_SUCCESS;
-
-done:
- if( ltid != NULL ) {
- TXN_ABORT( ltid );
- }
-
- return rs->sr_err;
-}
-#endif
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
rc = db->bdi_db->set_h_hash( db->bdi_db, bdb_db_hash );
#endif
rc = db->bdi_db->set_flags( db->bdi_db, DB_DUP | DB_DUPSORT );
-#if 0
- rc = db->bdi_db->set_dup_compare( db->bdi_db, bdb_bt_compare );
-#endif
file = ch_malloc( strlen( name ) + sizeof(BDB_SUFFIX) );
sprintf( file, "%s" BDB_SUFFIX, name );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* FIXME : dn2entry() should return non-glue entry */
if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
- BerVarray deref = NULL;
-
Debug( LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete) ": no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
matched = NULL;
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto return_results;
}
-#ifdef BDB_PSEARCH
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_PREDELETE );
- if ( rc == LDAP_BUSY && op->o_ps_send_wait ) {
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- goto retry;
- } else if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_delete) ": persistent search "
- "failed (%d,%d)\n", rc, rs->sr_err, 0 );
- }
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
-#endif
-
/* delete from dn2id */
rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
if ( rs->sr_err != 0 ) {
ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
#endif
-#ifdef BDB_PSEARCH
- if ( !dn_match( &ctxcsn_ndn, &op->o_req_ndn ) &&
- !be_issuffix( op->o_bd, &op->o_req_ndn ) &&
- LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
- &ctxcsn_e, &ctxcsn_added, locker );
- switch ( rc ) {
- case BDB_CSN_ABORT :
- goto return_results;
- case BDB_CSN_RETRY :
- goto retry;
- }
- }
-#endif
-
if( op->o_noop ) {
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
goto retry;
}
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- if ( ctxcsn_added ) {
- bdb_cache_add( bdb, suffix_ei,
- ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
- }
- }
-
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_no_psearch ) {
- Attribute *a;
- a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
- if ( a ) {
- if( (void *) e->e_attrs != (void *) (e+1)) {
- attr_delete( &e->e_attrs, slap_schema.si_ad_entryCSN );
- attr_merge_normalize_one( e, slap_schema.si_ad_entryCSN,
- &op->o_sync_csn, NULL );
- } else {
- a->a_vals[0] = op->o_sync_csn;
- }
- } else {
- /* Hm, the entryCSN ought to exist. ??? */
- }
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_DELETE );
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_delete)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* a B-Tree with sorted duplicates to store all the children of a node under
* the same key. Also, the first item under the key contains the entry's own
* rdn and the ID of the node's parent, to allow bottom-up tree traversal as
- * well as top-down. To keep this info first in the list, the nrdnlen is set
- * to the negative of its value.
+ * well as top-down. To keep this info first in the list, the high bit of all
+ * subsequent nrdnlen's is always set. This means we can only accomodate
+ * RDNs up to length 32767, but that's fine since full DNs are already
+ * restricted to 8192.
*
* The diskNode is a variable length structure. This definition is not
* directly usable for in-memory manipulation.
*/
typedef struct diskNode {
- ID entryID;
- short nrdnlen;
- char nrdn[1];
- char rdn[1];
+ unsigned char nrdnlen[2];
+ unsigned char nrdn[1];
+ unsigned char rdn[1];
+ unsigned char entryID[sizeof(ID)];
} diskNode;
-/* Sort function for the sorted duplicate data items of a dn2id key.
- * Sorts based on normalized RDN, in length order.
- */
-int
-hdb_dup_compare(
- DB *db,
- const DBT *usrkey,
- const DBT *curkey )
-{
- signed char *u = (signed char *)&(((diskNode *)(usrkey->data))->nrdnlen);
- signed char *c = (signed char *)&(((diskNode *)(curkey->data))->nrdnlen);
- int rc, i;
-
- /* data is not aligned, cannot compare directly */
-#ifdef WORDS_BIGENDIAN
- for( i = 0; i < (int)sizeof(short); i++)
-#else
- for( i = sizeof(short)-1; i >= 0; i--)
-#endif
- {
- rc = u[i] - c[i];
- if( rc ) return rc;
- }
- return strcmp( u+sizeof(short), c+sizeof(short) );
-}
-
/* This function constructs a full DN for a given entry.
*/
int hdb_fix_dn(
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
DB *db = bdb->bi_dn2id->bdi_db;
DBT key, data;
+ ID nid;
int rc, rlen, nrlen;
diskNode *d;
char *ptr;
}
d = op->o_tmpalloc(sizeof(diskNode) + rlen + nrlen, op->o_tmpmemctx);
- d->entryID = e->e_id;
- d->nrdnlen = nrlen;
+ d->nrdnlen[1] = nrlen & 0xff;
+ d->nrdnlen[0] = (nrlen >> 8) | 0x80;
ptr = lutil_strncopy( d->nrdn, e->e_nname.bv_val, nrlen );
*ptr++ = '\0';
ptr = lutil_strncopy( ptr, e->e_name.bv_val, rlen );
- *ptr = '\0';
+ *ptr++ = '\0';
+ BDB_ID2DISK( e->e_id, ptr );
DBTzero(&key);
DBTzero(&data);
- key.data = &eip->bei_id;
+ key.data = &nid;
key.size = sizeof(ID);
key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( eip->bei_id, &nid );
/* Need to make dummy root node once. Subsequent attempts
* will fail harmlessly.
rc = db->put( db, txn, &key, &data, DB_NODUPDATA );
if (rc == 0) {
- key.data = &e->e_id;
- d->entryID = eip->bei_id;
- d->nrdnlen = 0 - nrlen;
+ BDB_ID2DISK( e->e_id, &nid );
+ BDB_ID2DISK( eip->bei_id, ptr );
+ d->nrdnlen[0] ^= 0x80;
rc = db->put( db, txn, &key, &data, DB_NODUPDATA );
}
DBC *cursor;
diskNode *d;
int rc, nrlen;
+ ID nid;
DBTzero(&key);
key.size = sizeof(ID);
key.ulen = key.size;
- key.data = &eip->bei_id;
+ key.data = &nid;
key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( eip->bei_id, &nid );
DBTzero(&data);
- data.size = sizeof(diskNode) + BEI(e)->bei_nrdn.bv_len;
+ data.size = sizeof(diskNode) + BEI(e)->bei_nrdn.bv_len - sizeof(ID) - 1;
data.ulen = data.size;
data.dlen = data.size;
data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
if ( rc ) return rc;
d = op->o_tmpalloc( data.size, op->o_tmpmemctx );
- d->entryID = e->e_id;
- d->nrdnlen = BEI(e)->bei_nrdn.bv_len;
+ d->nrdnlen[1] = BEI(e)->bei_nrdn.bv_len & 0xff;
+ d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
data.data = d;
/* Delete our ID from the parent's list */
- rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH | DB_RMW );
- if ( rc == 0 )
- rc = cursor->c_del( cursor, 0 );
+ rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH_RANGE | DB_RMW );
+ if ( rc == 0 ) {
+ if ( !strcmp( d->nrdn, BEI(e)->bei_nrdn.bv_val ))
+ rc = cursor->c_del( cursor, 0 );
+ else
+ rc = DB_NOTFOUND;
+ }
/* Delete our ID from the tree. With sorted duplicates, this
* will leave any child nodes still hanging around. This is OK
* for modrdn, which will add our info back in later.
*/
if ( rc == 0 ) {
- key.data = &e->e_id;
+ BDB_ID2DISK( e->e_id, &nid );
rc = cursor->c_get( cursor, &key, &data, DB_SET | DB_RMW );
if ( rc == 0 )
rc = cursor->c_del( cursor, 0 );
int rc = 0, nrlen;
diskNode *d;
char *ptr;
- ID idp = ei->bei_parent->bei_id;
+ ID idp;
nrlen = dn_rdnlen( op->o_bd, in );
if (!nrlen) nrlen = in->bv_len;
key.data = &idp;
key.ulen = sizeof(ID);
key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( ei->bei_parent->bei_id, &idp );
DBTzero(&data);
- data.size = sizeof(diskNode) + nrlen;
+ data.size = sizeof(diskNode) + nrlen - sizeof(ID) - 1;
data.ulen = data.size * 3;
- data.flags = DB_DBT_USERMEM;
+ data.dlen = data.ulen;
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
if ( rc ) return rc;
d = op->o_tmpalloc( data.size * 3, op->o_tmpmemctx );
- d->nrdnlen = nrlen;
+ d->nrdnlen[1] = nrlen & 0xff;
+ d->nrdnlen[0] = (nrlen >> 8) | 0x80;
ptr = lutil_strncopy( d->nrdn, in->bv_val, nrlen );
*ptr = '\0';
data.data = d;
- rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH );
+ rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH_RANGE );
+ if ( rc == 0 && strncmp( d->nrdn, in->bv_val, nrlen )) {
+ rc = DB_NOTFOUND;
+ }
if ( rc == 0 ) {
- ei->bei_id = d->entryID;
+ ptr = data.data + data.size - sizeof(ID);
+ BDB_DISK2ID( ptr, &ei->bei_id );
ei->bei_rdn.bv_len = data.size - sizeof(diskNode) - nrlen;
ptr = d->nrdn + nrlen + 1;
ber_str2bv( ptr, ei->bei_rdn.bv_len, 1, &ei->bei_rdn );
diskNode *d;
char *ptr;
unsigned char *pt2;
+ ID nid;
DBTzero(&key);
key.size = sizeof(ID);
- key.data = &ei->bei_id;
+ key.data = &nid;
key.ulen = sizeof(ID);
key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( ei->bei_id, &nid );
DBTzero(&data);
data.flags = DB_DBT_USERMEM;
rc = cursor->c_get( cursor, &key, &data, DB_SET );
if ( rc == 0 ) {
- if (d->nrdnlen >= 0) {
+ if (d->nrdnlen[0] & 0x80) {
rc = LDAP_OTHER;
} else {
db_recno_t dkids;
- *idp = d->entryID;
- ei->bei_nrdn.bv_len = 0 - d->nrdnlen;
+ ptr = data.data + data.size - sizeof(ID);
+ BDB_DISK2ID( ptr, idp );
+ ei->bei_nrdn.bv_len = (d->nrdnlen[0] << 8) | d->nrdnlen[1];
ber_str2bv( d->nrdn, ei->bei_nrdn.bv_len, 1, &ei->bei_nrdn );
ei->bei_rdn.bv_len = data.size - sizeof(diskNode) -
ei->bei_nrdn.bv_len;
key.size = sizeof(ID);
key.data = &e->e_id;
key.flags = DB_DBT_USERMEM;
+ BDB_ID2DISK( e->e_id, &id );
+ /* IDL cache is in host byte order */
if ( bdb->bi_idl_cache_size ) {
rc = bdb_idl_cache_get( bdb, db, &key, NULL );
if ( rc != LDAP_NO_SUCH_OBJECT ) {
return rc;
}
}
+
+ key.data = &id;
DBTzero(&data);
data.data = &d;
data.ulen = sizeof(d);
int rc;
EntryInfo *ei;
ID id;
+ ID nid;
ID dbuf;
ID *ids;
void *ptr;
)
{
if ( cx->bdb->bi_idl_cache_size ) {
+ cx->key.data = &cx->id;
cx->rc = bdb_idl_cache_get(cx->bdb, cx->db, &cx->key, cx->tmp);
if ( cx->rc == DB_NOTFOUND ) {
return cx->rc;
cx->data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
/* The first item holds the parent ID. Ignore it. */
+ cx->key.data = &cx->nid;
cx->rc = cx->dbc->c_get( cx->dbc, &cx->key, &cx->data, DB_SET );
if ( cx->rc ) {
cx->dbc->c_close( cx->dbc );
diskNode *d = (diskNode *)j;
short nrlen;
- AC_MEMCPY( &ei.bei_id, &d->entryID, sizeof(ID) );
- AC_MEMCPY( &nrlen, &d->nrdnlen, sizeof(d->nrdnlen) );
+ BDB_DISK2ID( j + len - sizeof(ID), &ei.bei_id );
+ nrlen = ((d->nrdnlen[0] ^ 0x80) << 8) | d->nrdnlen[1];
ei.bei_nrdn.bv_len = nrlen;
/* nrdn/rdn are set in-place.
* hdb_cache_load will copy them as needed
saveit:
if ( cx->bdb->bi_idl_cache_max_size ) {
+ cx->key.data = &cx->id;
bdb_idl_cache_put( cx->bdb, cx->db, &cx->key, cx->tmp, cx->rc );
}
;
for ( cx->id = bdb_idl_first( save, &idcurs );
cx->id != NOID;
cx->id = bdb_idl_next( save, &idcurs )) {
+ BDB_ID2DISK( cx->id, &cx->nid );
cx->ei = NULL;
hdb_dn2idl_internal( cx );
if ( !BDB_IDL_IS_ZERO( cx->tmp ))
#endif
cx.id = e->e_id;
+ BDB_ID2DISK( cx.id, &cx.nid );
cx.ei = e->e_id ? BEI(e) : &bdb->bi_cache.c_dntree;
cx.bdb = bdb;
cx.db = cx.bdb->bi_dn2id->bdi_db;
}
DBTzero(&cx.key);
- cx.key.data = &cx.id;
cx.key.ulen = sizeof(ID);
cx.key.size = sizeof(ID);
cx.key.flags = DB_DBT_USERMEM;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#if DB_VERSION_FULL < 0x04010000
# define BDB_ENOUGH 5
#else
+ /* We sometimes test with tiny IDLs, and BDB always wants buffers
+ * that are at least one page in size.
+ */
+# if BDB_IDL_DB_SIZE < 4096
+# define BDB_ENOUGH 2048
+# else
# define BDB_ENOUGH 1
+# endif
#endif
ID buf[BDB_IDL_DB_SIZE*BDB_ENOUGH];
if ( count >= BDB_IDL_DB_MAX ) {
/* No room, convert to a range */
DBT key2 = *key;
+ db_recno_t i;
key2.dlen = key2.ulen;
key2.flags |= DB_DBT_PARTIAL;
}
}
BDB_DISK2ID( &nhi, &hi );
- if ( id < lo ) {
- lo = id;
- nlo = nid;
- } else if ( id > hi ) {
- hi = id;
- nhi = nid;
+ /* Update hi/lo if needed, then delete all the items
+ * between lo and hi
+ */
+ data.data = &nid;
+ if ( id > hi ) {
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del hi";
+ goto fail;
+ }
+ rc = cursor->c_put( cursor, key, &data, DB_KEYLAST );
+ if ( rc != 0 ) {
+ err = "c_put hi";
+ goto fail;
+ }
}
- rc = db->del( db, tid, key, 0 );
+ /* Don't fetch anything, just position cursor */
+ data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
+ data.dlen = data.ulen = 0;
+ rc = cursor->c_get( cursor, key, &data, DB_SET | DB_RMW );
if ( rc != 0 ) {
- err = "del";
+ err = "c_get 2";
goto fail;
}
- data.data = &nid;
- nid = 0;
- rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
- if ( rc != 0 ) {
- err = "c_put 0";
- goto fail;
+ if ( id < lo ) {
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del lo";
+ goto fail;
+ }
+ rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
+ if ( rc != 0 ) {
+ err = "c_put lo";
+ goto fail;
+ }
}
- nid = nlo;
- rc = cursor->c_put( cursor, key, &data, DB_KEYLAST );
- if ( rc != 0 ) {
- err = "c_put lo";
- goto fail;
+ /* Delete all the records between lo and hi */
+ for ( i=2; i<count; i++ ) {
+ rc = cursor->c_get( cursor, &key2, &data, DB_NEXT_DUP | DB_RMW );
+ if ( rc != 0 ) {
+ err = "c_get next_dup";
+ goto fail;
+ }
+ rc = cursor->c_del( cursor, 0 );
+ if ( rc != 0 ) {
+ err = "c_del range";
+ goto fail;
+ }
}
- nid = nhi;
- rc = cursor->c_put( cursor, key, &data, DB_KEYLAST );
+ /* Store the range marker */
+ data.size = data.ulen = sizeof(ID);
+ data.flags = DB_DBT_USERMEM;
+ nid = 0;
+ rc = cursor->c_put( cursor, key, &data, DB_KEYFIRST );
if ( rc != 0 ) {
- err = "c_put hi";
+ err = "c_put range";
goto fail;
}
} else {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
if( rc == LDAP_SUCCESS && keys != NULL ) {
for( i=0; keys[i].bv_val != NULL; i++ ) {
- bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
+ rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
if( rc ) {
ber_bvarray_free_x( keys, op->o_tmpmemctx );
goto done;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
bdb->bi_search_stack_depth = DEFAULT_SEARCH_STACK_DEPTH;
bdb->bi_search_stack = NULL;
-#ifdef BDB_PSEARCH
- LDAP_LIST_INIT (&bdb->bi_psearch_list);
- ldap_pvt_thread_rdwr_init ( &bdb->bi_pslist_rwlock );
-#endif
-
ldap_pvt_thread_mutex_init( &bdb->bi_database_mutex );
ldap_pvt_thread_mutex_init( &bdb->bi_lastid_mutex );
ldap_pvt_thread_mutex_init( &bdb->bi_cache.lru_mutex );
return 0;
}
-int
-bdb_bt_compare(
- DB *db,
- const DBT *usrkey,
- const DBT *curkey )
-{
- unsigned char *u, *c;
- int i, x;
-
- u = usrkey->data;
- c = curkey->data;
-
-#ifdef WORDS_BIGENDIAN
- for( i = 0; i < (int)sizeof(ID); i++)
-#else
- for( i = sizeof(ID)-1; i >= 0; i--)
-#endif
- {
- x = u[i] - c[i];
- if( x ) return x;
- }
-
- return 0;
-}
-
static void *
bdb_checkpoint( void *ctx, void *arg )
{
}
if( i == BDB_ID2ENTRY ) {
-#if 0
- rc = db->bdi_db->set_bt_compare( db->bdi_db,
- bdb_bt_compare );
-#endif
rc = db->bdi_db->set_pagesize( db->bdi_db,
BDB_ID2ENTRY_PAGESIZE );
if ( slapMode & SLAP_TOOL_READMAIN ) {
rc = db->bdi_db->set_flags( db->bdi_db,
DB_DUP | DB_DUPSORT );
#ifndef BDB_HIER
-#if 0
- rc = db->bdi_db->set_dup_compare( db->bdi_db,
- bdb_bt_compare );
-#endif
if ( slapMode & SLAP_TOOL_READONLY ) {
flags |= DB_RDONLY;
} else {
flags |= DB_CREATE;
}
#else
- rc = db->bdi_db->set_dup_compare( db->bdi_db,
- bdb_dup_compare );
- rc = db->bdi_db->set_bt_compare( db->bdi_db,
- bdb_bt_compare );
if ( slapMode & (SLAP_TOOL_READONLY|SLAP_TOOL_READMAIN) ) {
flags |= DB_RDONLY;
} else {
bdb->bi_dbenv_mode );
#endif
- if( rc != 0 ) {
+ if ( rc != 0 ) {
+ char buf[SLAP_TEXT_BUFLEN];
+
+ snprintf( buf, sizeof(buf), "%s/%s",
+ bdb->bi_dbenv_home, bdbi_databases[i].file );
Debug( LDAP_DEBUG_ANY,
"bdb_db_open: db_open(%s) failed: %s (%d)\n",
- bdb->bi_dbenv_home, db_strerror(rc), rc );
+ buf, db_strerror(rc), rc );
return rc;
}
ldap_pvt_thread_mutex_destroy( &bdb->bi_idl_tree_lrulock );
}
-#ifdef BDB_PSEARCH
- ldap_pvt_thread_rdwr_destroy ( &bdb->bi_pslist_rwlock );
- ps = LDAP_LIST_FIRST( &bdb->bi_psearch_list );
-
- if ( ps ) {
- psn = LDAP_LIST_NEXT( ps, o_ps_link );
-
- saved_tmpmemctx = ps->o_tmpmemctx;
-
- if (!BER_BVISNULL(&ps->o_req_dn)) {
- slap_sl_free( ps->o_req_dn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->o_req_ndn)) {
- slap_sl_free( ps->o_req_ndn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->ors_filterstr)) {
- slap_sl_free(ps->ors_filterstr.bv_val, ps->o_tmpmemctx);
- }
- if (ps->ors_filter != NULL) {
- filter_free_x(ps, ps->ors_filter);
- }
- if ( ps->ors_attrs != NULL) {
- ps->o_tmpfree(ps->ors_attrs, ps->o_tmpmemctx);
- }
-
- slap_op_free( ps );
-
- if ( saved_tmpmemctx ) {
- slap_sl_mem_destroy( NULL, saved_tmpmemctx );
- }
- }
-
- while ( psn ) {
- ps = psn;
- psn = LDAP_LIST_NEXT( ps, o_ps_link );
-
- saved_tmpmemctx = ps->o_tmpmemctx;
-
- if (!BER_BVISNULL(&ps->o_req_dn)) {
- slap_sl_free( ps->o_req_dn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->o_req_ndn)) {
- slap_sl_free( ps->o_req_ndn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->ors_filterstr)) {
- slap_sl_free(ps->ors_filterstr.bv_val, ps->o_tmpmemctx);
- }
- if (ps->ors_filter != NULL) {
- filter_free_x(ps, ps->ors_filter);
- }
- if ( ps->ors_attrs != NULL) {
- ps->o_tmpfree(ps->ors_attrs, ps->o_tmpmemctx);
- }
-
- slap_op_free( ps );
-
- if ( saved_tmpmemctx ) {
- slap_sl_mem_destroy( NULL, saved_tmpmemctx );
- }
- }
-#endif
-
ch_free( bdb );
be->be_private = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": retrying...\n", 0, 0, 0);
-#ifdef BDB_PSEARCH
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_prev = pm_list;
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
-#endif
-
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
if (( rs->sr_err == DB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
- BerVarray deref = NULL;
if ( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
e = NULL;
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto return_results;
}
-#ifdef BDB_PSEARCH
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop && !op->o_no_psearch ) {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch(op, rs, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
- if ( rc == LDAP_BUSY && op->o_ps_send_wait ) {
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- goto retry;
- } else if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modify)
- ": persistent search failed (%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
goto return_results;
}
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
- &ctxcsn_e, &ctxcsn_added, locker );
- switch ( rc ) {
- case BDB_CSN_ABORT :
- goto return_results;
- case BDB_CSN_RETRY :
- goto retry;
- }
- }
-#endif
-
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
goto return_results;
}
} else {
+ /* may have changed in bdb_modify_internal() */
+ e->e_ocflags = dummy.e_ocflags;
rc = bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
}
dummy.e_attrs = NULL;
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- if ( ctxcsn_added ) {
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
- (struct berval *)&slap_ldapsync_cn_bv, locker );
- }
- }
-
- if ( rs->sr_err == LDAP_SUCCESS ) {
- /* Loop through in-scope entries for each psearch spec */
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modify)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- rc = bdb_psearch(op, rs, pm_list->ps_op,
- e, LDAP_PSEARCH_BY_SCOPEOUT);
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modify)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_prev = pm_list;
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
done:
if( ltid != NULL ) {
-#ifdef BDB_PSEARCH
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_prev = pm_list;
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
-#endif
TXN_ABORT( ltid );
op->o_private = NULL;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn)
": retrying...\n", 0, 0, 0 );
-#ifdef BDB_PSEARCH
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_prev = pm_list;
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
-#endif
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
if (( rs->sr_err == DB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
- BerVarray deref = NULL;
if( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
e = NULL;
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
dummy.e_attrs = e->e_attrs;
-#ifdef BDB_PSEARCH
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop && !op->o_no_psearch ) {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, &dummy, LDAP_PSEARCH_BY_PREMODIFY );
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": persistent search failed (%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
-
/* modify entry */
rs->sr_err = bdb_modify_internal( op, lt2, &mod[0], &dummy,
&rs->sr_text, textbuf, textlen );
goto return_results;
}
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
- &ctxcsn_e, &ctxcsn_added, locker );
- switch ( rc ) {
- case BDB_CSN_ABORT :
- goto return_results;
- case BDB_CSN_RETRY :
- goto retry;
- }
- }
-#endif
-
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
new_dn.bv_val = NULL;
new_ndn.bv_val = NULL;
-#ifdef BDB_PSEARCH
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- if ( ctxcsn_added ) {
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
- (struct berval *)&slap_ldapsync_cn_bv, locker );
- }
- }
-
- if ( rs->sr_err == LDAP_SUCCESS ) {
- /* Loop through in-scope entries for each psearch spec */
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- rc = bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- }
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- rc = bdb_psearch(op, rs, pm_list->ps_op,
- e, LDAP_PSEARCH_BY_SCOPEOUT);
- if ( rc ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": persistent search failed "
- "(%d,%d)\n",
- rc, rs->sr_err, 0 );
- }
- pm_prev = pm_list;
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-#endif
-
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
}
if( ltid != NULL ) {
-#ifdef BDB_PSEARCH
- pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
- while ( pm_list != NULL ) {
- LDAP_LIST_REMOVE ( pm_list, ps_link );
- pm_prev = pm_list;
- pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
- ch_free( pm_prev );
- }
-#endif
TXN_ABORT( ltid );
op->o_private = NULL;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
{
- int hasSubordinates;
+ int hasSubordinates, rc;
- rs->sr_err = bdb_hasSubordinates( op, rs->sr_entry, &hasSubordinates );
- if ( rs->sr_err == LDAP_SUCCESS ) {
+ rc = bdb_hasSubordinates( op, rs->sr_entry, &hasSubordinates );
+ if ( rc == LDAP_SUCCESS ) {
*ap = slap_operational_hasSubordinate( hasSubordinates == LDAP_COMPARE_TRUE );
assert( *ap );
}
}
- return rs->sr_err;
+ return LDAP_SUCCESS;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
void bdb_attr_index_destroy LDAP_P(( Avlnode *tree ));
-/*
- * ctxcsn.c
- */
-#define bdb_csn_commit BDB_SYMBOL(csn_commit)
-#define bdb_get_commit_csn BDB_SYMBOL(get_commit_csn)
-
-int bdb_csn_commit LDAP_P(( Operation *op, SlapReply *rs, DB_TXN *tid,
- EntryInfo *ei, EntryInfo **suffix_ei, Entry **ctxcsn_e,
- int *ctxcsn_added, u_int32_t locker ));
-
-int bdb_get_commit_csn LDAP_P(( Operation *op, SlapReply *rs,
- struct berval **search_context_csn,
- u_int32_t locker, DB_LOCK *ctxcsn_lock ));
-
/*
* dbcache.c
*/
#ifdef BDB_HIER
#define bdb_dn2id_parent BDB_SYMBOL(dn2id_parent)
-#define bdb_dup_compare BDB_SYMBOL(dup_compare)
#define bdb_fix_dn BDB_SYMBOL(fix_dn)
int bdb_dn2id_parent(
EntryInfo *ei,
ID *idp );
-int bdb_dup_compare(
- DB *db,
- const DBT *usrkey,
- const DBT *curkey );
-
int bdb_fix_dn( Entry *e, int checkit );
#endif
ID bdb_idl_next( ID *ids, ID *cursor );
-#define bdb_bt_compare BDB_SYMBOL(bt_compare)
-
-int bdb_bt_compare(
- DB *db,
- const DBT *a,
- const DBT *b );
-
/*
* index.c
#endif
-/*
- * search.c
- */
-
-#define bdb_abandon BDB_SYMBOL(abandon)
-#define bdb_cancel BDB_SYMBOL(cancel)
-#define bdb_do_search BDB_SYMBOL(do_search)
-#define bdb_psearch BDB_SYMBOL(psearch)
-
-BI_op_abandon bdb_abandon;
-BI_op_cancel bdb_cancel;
-
-int bdb_psearch(
- Operation *op,
- SlapReply *rs,
- Operation *ps_op,
- Entry *entry,
- int psearch_type
-);
-
-int bdb_do_search(
- Operation *op,
- SlapReply *rs,
- Operation *ps_op,
- Entry *entry,
- int psearch_type
-);
-
/*
* trans.c
*/
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
if( rs->sr_ref != NULL ) {
/* send referrals */
- rs->sr_err = LDAP_REFERRAL;
+ rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
ID *ids );
static int search_candidates(
- Operation *stackop, /* op with the current threadctx/slab cache */
- Operation *sop, /* search op */
+ Operation *op,
SlapReply *rs,
Entry *e,
u_int32_t locker,
return rs->sr_err;
}
-#ifdef BDB_PSEARCH
-
-#define is_sync_protocol(op) \
- ((op)->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST)
-
-#define IS_BDB_REPLACE(type) (( type == LDAP_PSEARCH_BY_DELETE ) || \
- ( type == LDAP_PSEARCH_BY_SCOPEOUT ))
-#define IS_PSEARCH (op != sop)
-#define IS_POST_SEARCH ( op->ors_post_search_id != NOID )
-
-static Operation *
-bdb_drop_psearch( Operation *op, ber_int_t msgid )
-{
- Operation *ps_list;
- struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
-
- LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- if ( ps_list->o_connid == op->o_connid ) {
- if ( ps_list->o_msgid == msgid ) {
- ps_list->o_abandon = 1;
- LDAP_LIST_REMOVE( ps_list, o_ps_link );
- ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- LDAP_STAILQ_REMOVE( &op->o_conn->c_ops, ps_list,
- slap_op, o_next );
- LDAP_STAILQ_NEXT( ps_list, o_next ) = NULL;
- op->o_conn->c_n_ops_executing--;
- op->o_conn->c_n_ops_completed++;
- ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- return ps_list;
- }
- }
- }
-
- return NULL;
-}
-
int
-bdb_abandon( Operation *op, SlapReply *rs )
-{
- Operation *ps;
- void *saved_tmpmemctx;
-
- ps = bdb_drop_psearch( op, op->oq_abandon.rs_msgid );
- if ( ps ) {
- saved_tmpmemctx = ps->o_tmpmemctx;
-
- if (!BER_BVISNULL(&ps->o_req_dn)) {
- slap_sl_free(ps->o_req_dn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->o_req_ndn)) {
- slap_sl_free(ps->o_req_ndn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->ors_filterstr)) {
- ps->o_tmpfree(ps->ors_filterstr.bv_val, ps->o_tmpmemctx);
- }
- if (ps->ors_filter != NULL) {
- filter_free_x(ps, ps->ors_filter);
- }
- if (ps->ors_attrs != NULL) {
- ps->o_tmpfree(ps->ors_attrs, ps->o_tmpmemctx);
- }
-
- slap_op_free ( ps );
-
- if ( saved_tmpmemctx ) {
- slap_sl_mem_destroy( NULL, saved_tmpmemctx );
- }
-
- return LDAP_SUCCESS;
- }
- return LDAP_UNAVAILABLE;
-}
-
-int
-bdb_cancel( Operation *op, SlapReply *rs )
-{
- Operation *ps;
- void *saved_tmpmemctx;
-
- ps = bdb_drop_psearch( op, op->oq_cancel.rs_msgid );
- if ( ps ) {
- saved_tmpmemctx = ps->o_tmpmemctx;
-
- rs->sr_err = LDAP_CANCELLED;
- send_ldap_result( ps, rs );
-
- if (!BER_BVISNULL(&ps->o_req_dn)) {
- slap_sl_free(ps->o_req_dn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->o_req_ndn)) {
- slap_sl_free(ps->o_req_ndn.bv_val, ps->o_tmpmemctx );
- }
- if (!BER_BVISNULL(&ps->ors_filterstr)) {
- ps->o_tmpfree(ps->ors_filterstr.bv_val, ps->o_tmpmemctx);
- }
- if (ps->ors_filter != NULL) {
- filter_free_x(ps, ps->ors_filter);
- }
- if (ps->ors_attrs != NULL) {
- ps->o_tmpfree(ps->ors_attrs, ps->o_tmpmemctx);
- }
-
- slap_op_free ( ps );
-
- if ( saved_tmpmemctx ) {
- slap_sl_mem_destroy( NULL, saved_tmpmemctx );
- }
-
- return LDAP_SUCCESS;
- }
- return LDAP_UNAVAILABLE;
-}
-
-int bdb_search( Operation *op, SlapReply *rs )
-{
- int rc;
- struct pc_entry *pce = NULL;
- struct pc_entry *tmp_pce = NULL;
- Entry ps_e = {0};
- Attribute *a;
-
- ps_e.e_private = NULL;
- ldap_pvt_thread_mutex_init( &op->o_pcmutex );
- LDAP_TAILQ_INIT( &op->o_ps_pre_candidates );
- LDAP_TAILQ_INIT( &op->o_ps_post_candidates );
-
- op->ors_post_search_id = NOID;
- rc = bdb_do_search( op, rs, op, NULL, 0 );
-
- ldap_pvt_thread_mutex_lock( &op->o_pcmutex );
- pce = LDAP_TAILQ_FIRST( &op->o_ps_post_candidates );
- ldap_pvt_thread_mutex_unlock( &op->o_pcmutex );
-
- while ( rc == LDAP_SUCCESS && pce &&
- op->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST ) {
-
- ps_e.e_id = op->ors_post_search_id = pce->pc_id;
- if ( op->o_sync_csn.bv_val ) {
- ch_free( op->o_sync_csn.bv_val );
- op->o_sync_csn.bv_val = NULL;
- }
- ber_dupbv( &op->o_sync_csn, &pce->pc_csn );
- ber_dupbv( &ps_e.e_name, &pce->pc_ename );
- ber_dupbv( &ps_e.e_nname, &pce->pc_enname );
- a = ch_calloc( 1, sizeof( Attribute ));
- a->a_desc = slap_schema.si_ad_entryUUID;
- a->a_vals = ch_calloc( 2, sizeof( struct berval ));
- ber_dupbv( &a->a_vals[0], &pce->pc_entryUUID );
- a->a_nvals = a->a_vals;
- a->a_next = NULL;
- ps_e.e_attrs = a;
-
- rc = bdb_do_search( op, rs, op, &ps_e, 0 );
-
- tmp_pce = pce;
- ldap_pvt_thread_mutex_lock( &op->o_pcmutex );
- pce = LDAP_TAILQ_NEXT( pce, pc_link );
- LDAP_TAILQ_REMOVE( &op->o_ps_post_candidates, tmp_pce, pc_link );
- ldap_pvt_thread_mutex_unlock( &op->o_pcmutex );
-
- ch_free( tmp_pce->pc_csn.bv_val );
- ch_free( tmp_pce->pc_entryUUID.bv_val );
- ch_free( tmp_pce->pc_ename.bv_val );
- ch_free( tmp_pce->pc_enname.bv_val );
- ch_free( tmp_pce );
- entry_clean( &ps_e );
- }
- return rc;
-}
-
-#define BDB_PSEARCH_MAX_WAIT 3
-int bdb_psearch( Operation *op, SlapReply *rs, Operation *sop,
- Entry *ps_e, int ps_type )
-{
- int rc;
- struct pc_entry *pce = NULL;
- struct pc_entry *p = NULL;
- int num_retries = 0;
-
- op->ors_post_search_id = NOID;
-
- switch (ps_type) {
- case LDAP_PSEARCH_BY_PREMODIFY:
- case LDAP_PSEARCH_BY_PREDELETE:
-
- if ( !op->o_ps_send_wait ) {
- if ( sop->o_refresh_in_progress ) {
- pce = (struct pc_entry *) ch_calloc(
- 1, sizeof( struct pc_entry ));
- pce->pc_id = ps_e->e_id;
- ldap_pvt_thread_mutex_lock( &sop->o_pcmutex );
- if ( LDAP_TAILQ_EMPTY( &sop->o_ps_pre_candidates )) {
- LDAP_TAILQ_INSERT_HEAD(
- &sop->o_ps_pre_candidates, pce, pc_link );
- } else {
- LDAP_TAILQ_FOREACH( p,
- &sop->o_ps_pre_candidates, pc_link ) {
- if ( p->pc_id > pce->pc_id )
- break;
- }
-
- if ( p ) {
- LDAP_TAILQ_INSERT_BEFORE( p, pce, pc_link );
- } else {
- LDAP_TAILQ_INSERT_TAIL(
- &sop->o_ps_pre_candidates,
- pce, pc_link );
- }
- }
- ldap_pvt_thread_mutex_unlock( &sop->o_pcmutex );
- } else {
- rc = bdb_do_search( op, rs, sop, ps_e, ps_type );
- return rc;
- }
- } else {
- pce = op->o_ps_send_wait;
- }
-
- /* Wait until refresh search send the entry */
- while ( !pce->pc_sent ) {
- if ( sop->o_refresh_in_progress ) {
- if ( num_retries == BDB_PSEARCH_MAX_WAIT ) {
- op->o_ps_send_wait = pce;
- return LDAP_BUSY;
- }
- ldap_pvt_thread_yield();
- bdb_trans_backoff( ++num_retries );
- } else {
- break;
- }
- }
-
- op->o_ps_send_wait = NULL;
-
- if ( !sop->o_refresh_in_progress && !pce->pc_sent ) {
- /* refresh ended without processing pce */
- /* need to perform psearch for ps_e */
- ldap_pvt_thread_mutex_lock( &sop->o_pcmutex );
- LDAP_TAILQ_REMOVE( &sop->o_ps_pre_candidates, pce, pc_link );
- ldap_pvt_thread_mutex_unlock( &sop->o_pcmutex );
- ch_free( pce );
- rc = bdb_do_search( op, rs, sop, ps_e, ps_type );
- return rc;
- } else {
- /* the pce entry was sent in the refresh phase */
- if ( ps_type == LDAP_PSEARCH_BY_PREMODIFY ) {
- struct psid_entry* psid_e;
- psid_e = (struct psid_entry *) ch_calloc(1,
- sizeof(struct psid_entry));
- psid_e->ps_op = sop;
- LDAP_LIST_INSERT_HEAD( &op->o_pm_list, psid_e, ps_link );
- }
-
- ldap_pvt_thread_mutex_lock( &sop->o_pcmutex );
- LDAP_TAILQ_REMOVE( &sop->o_ps_pre_candidates, pce, pc_link );
- ldap_pvt_thread_mutex_unlock( &sop->o_pcmutex );
- ch_free( pce );
- return LDAP_SUCCESS;
- }
- break;
- case LDAP_PSEARCH_BY_DELETE:
- case LDAP_PSEARCH_BY_SCOPEOUT:
- case LDAP_PSEARCH_BY_ADD:
- case LDAP_PSEARCH_BY_MODIFY:
- ldap_pvt_thread_mutex_lock( &op->o_pcmutex );
- if ( sop->o_refresh_in_progress ||
- !LDAP_TAILQ_EMPTY( &sop->o_ps_post_candidates )) {
- pce = (struct pc_entry *) ch_calloc( 1, sizeof( struct pc_entry ));
- pce->pc_id = ps_e->e_id;
- ber_dupbv( &pce->pc_csn, &op->o_sync_csn );
- if ( ps_type == LDAP_PSEARCH_BY_DELETE ) {
- Attribute *a;
- for ( a = ps_e->e_attrs; a != NULL; a = a->a_next ) {
- AttributeDescription *desc = a->a_desc;
- if ( desc == slap_schema.si_ad_entryUUID ) {
- ber_dupbv( &pce->pc_entryUUID, &a->a_nvals[0] );
- }
- }
- }
- ber_dupbv( &pce->pc_ename, &ps_e->e_name );
- ber_dupbv( &pce->pc_enname, &ps_e->e_nname );
- LDAP_TAILQ_INSERT_TAIL( &sop->o_ps_post_candidates, pce, pc_link );
- ldap_pvt_thread_mutex_unlock( &op->o_pcmutex );
- } else {
- ldap_pvt_thread_mutex_unlock( &op->o_pcmutex );
- rc = bdb_do_search( op, rs, sop, ps_e, ps_type );
- return rc;
- }
- break;
- default:
- Debug( LDAP_DEBUG_TRACE, "do_psearch: invalid psearch type\n",
- 0, 0, 0 );
- return LDAP_OTHER;
- }
-}
-#else
-int bdb_search( Operation *op, SlapReply *rs )
-{
- return bdb_do_search( op, rs, op, NULL, 0 );
-}
-#endif
-
-/* For persistent searches, op is the currently executing operation,
- * sop is the persistent search. For regular searches, sop = op.
- */
-int
-bdb_do_search( Operation *op, SlapReply *rs, Operation *sop,
- Entry *ps_e, int ps_type )
+bdb_search( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
time_t stoptime;
Entry *matched = NULL;
EntryInfo *ei, ei_root = {0};
struct berval realbase = BER_BVNULL;
+ slap_mask_t mask;
int manageDSAit;
int tentries = 0;
ID lastid = NOID;
struct bdb_op_info *opinfo = NULL;
DB_TXN *ltid = NULL;
-#ifdef BDB_PSEARCH
- Filter contextcsnand, contextcsnle, cookief, csnfnot,
- csnfeq, csnfand, csnfge;
- AttributeAssertion aa_ge, aa_eq, aa_le;
- struct berval *search_context_csn = NULL;
- DB_LOCK ctxcsn_lock;
- LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
- int num_ctrls = 0;
- AttributeName uuid_attr[2];
- int rc_sync = 0;
- int entry_sync_state = -1;
- AttributeName null_attr;
- int no_sync_state_change = 0;
-
-
- Operation *ps_list;
- int sync_send_present_mode = 1;
- int match;
- MatchingRule *mr;
- const char *text;
- int slog_found = 0;
-
- struct pc_entry *pce = NULL;
- BerVarray syncUUID_set = NULL;
- int syncUUID_set_cnt = 0;
-
-#endif
-
Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(bdb_search) "\n", 0, 0, 0);
- attrs = sop->oq_search.rs_attrs;
+ attrs = op->oq_search.rs_attrs;
opinfo = (struct bdb_op_info *) op->o_private;
-#ifdef BDB_PSEARCH
- if ( !IS_POST_SEARCH && !IS_PSEARCH &&
- sop->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST ) {
- struct slap_session_entry *sent;
- if ( sop->o_sync_state.sid >= 0 ) {
- LDAP_LIST_FOREACH( sent, &bdb->bi_session_list, se_link ) {
- if ( sent->se_id == sop->o_sync_state.sid ) {
- sop->o_sync_slog_size = sent->se_size;
- break;
- }
- }
- }
- }
-
- /* psearch needs to be registered before refresh begins */
- if ( !IS_POST_SEARCH && !IS_PSEARCH &&
- sop->o_sync_mode & SLAP_SYNC_PERSIST ) {
- sop->o_refresh_in_progress = 1;
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_INSERT_HEAD( &bdb->bi_psearch_list, sop, o_ps_link );
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
-
- } else if ( !IS_POST_SEARCH && !IS_PSEARCH &&
- sop->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST
- && sop->o_sync_slog_size >= 0 )
- {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
- if ( ps_list->o_sync_slog_size >= 0 ) {
- if ( ps_list->o_sync_state.sid == sop->o_sync_state.sid ) {
- slog_found = 1;
- break;
- }
- }
- }
-
- if ( slog_found ) {
- if ( ps_list->o_sync_slog_omitcsn.bv_len != 0 ) {
- mr = slap_schema.si_ad_entryCSN->ad_type->sat_ordering;
- if ( sop->o_sync_state.ctxcsn &&
- sop->o_sync_state.ctxcsn->bv_val != NULL )
- {
- value_match( &match, slap_schema.si_ad_entryCSN, mr,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- sop->o_sync_state.ctxcsn,
- &ps_list->o_sync_slog_omitcsn,
- &text );
- } else {
- match = -1;
- }
- if ( match >= 0 ) {
- sync_send_present_mode = 0;
- }
- } else {
- sync_send_present_mode = 0;
- }
- } else if ( sop->o_sync_slog_size >= 0 ) {
- LDAP_LIST_INSERT_HEAD( &bdb->bi_psearch_list, sop, o_ps_link );
- } else {
- sop->o_sync_state.sid = -1;
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_pslist_rwlock );
- }
-
- null_attr.an_desc = NULL;
- null_attr.an_oc = NULL;
- null_attr.an_oc_exclude = 0;
- BER_BVZERO( &null_attr.an_name );
-
- for( num_ctrls = 0; num_ctrls < SLAP_MAX_RESPONSE_CONTROLS; num_ctrls++ ) {
- ctrls[num_ctrls] = NULL;
- }
- num_ctrls = 0;
-
- if ( IS_PSEARCH && IS_BDB_REPLACE(ps_type)) {
- attrs = uuid_attr;
- attrs[0].an_desc = NULL;
- attrs[0].an_oc = NULL;
- attrs[0].an_oc_exclude = 0;
- BER_BVZERO( &attrs[0].an_name );
- }
-#endif
-
- manageDSAit = get_manageDSAit( sop );
-
-#ifdef BDB_PSEARCH
- /* Sync control overrides manageDSAit */
- if ( !IS_PSEARCH && sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
- if ( manageDSAit == SLAP_CONTROL_NONE ) {
- manageDSAit = SLAP_CONTROL_CRITICAL;
- }
- } else if ( IS_PSEARCH ) {
- if ( manageDSAit == SLAP_CONTROL_NONE ) {
- manageDSAit = SLAP_CONTROL_CRITICAL;
- }
- }
-#endif
+ manageDSAit = get_manageDSAit( op );
if ( opinfo && opinfo->boi_txn ) {
ltid = opinfo->boi_txn;
case 0:
break;
default:
- send_ldap_error( sop, rs, LDAP_OTHER, "internal error" );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
}
-#ifdef BDB_PSEARCH
- if ( IS_POST_SEARCH ) {
- cursor = 0;
- candidates[0] = 1;
- candidates[1] = op->ors_post_search_id;
- search_context_csn = ber_dupbv( NULL, &op->o_sync_csn );
- goto loop_start;
- }
-#endif
-
- if ( sop->o_req_ndn.bv_len == 0 ) {
+ if ( op->o_req_ndn.bv_len == 0 ) {
/* DIT root special case */
ei_root.bei_e = &e_root;
ei_root.bei_parent = &ei_root;
} else {
dn2entry_retry:
/* get entry with reader lock */
- rs->sr_err = bdb_dn2entry( op, ltid, &sop->o_req_ndn, &ei,
+ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei,
1, locker, &lock );
}
e = ei->bei_e;
break;
case LDAP_BUSY:
- send_ldap_error( sop, rs, LDAP_BUSY, "ldap server busy" );
+ send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
if ( !opinfo )
LOCK_ID_FREE (bdb->bi_dbenv, locker );
return LDAP_BUSY;
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
- send_ldap_error( sop, rs, LDAP_OTHER, "internal error" );
+ send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
if ( !opinfo )
LOCK_ID_FREE (bdb->bi_dbenv, locker );
return rs->sr_err;
struct berval matched_dn = BER_BVNULL;
if ( matched != NULL ) {
- BerVarray erefs;
- ber_dupbv( &matched_dn, &matched->e_name );
+ BerVarray erefs = NULL;
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose"
+ * is granted on the object */
+ if ( ! access_allowed( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
- erefs = is_entry_referral( matched )
- ? get_entry_referrals( op, matched )
- : NULL;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ ber_dupbv( &matched_dn, &matched->e_name );
+
+ erefs = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = matched_dn.bv_val;
+ }
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, matched);
matched, &lock);
matched = NULL;
- if( erefs ) {
+ if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
- &sop->o_req_dn, sop->oq_search.rs_scope );
+ &op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
slap_zn_runlock(bdb->bi_cache.c_zctx, matched);
#endif
rs->sr_ref = referral_rewrite( default_referral,
- NULL, &sop->o_req_dn, sop->oq_search.rs_scope );
+ NULL, &op->o_req_dn, op->oq_search.rs_scope );
+ rs->sr_err = LDAP_REFERRAL;
}
- rs->sr_err = LDAP_REFERRAL;
- rs->sr_matched = matched_dn.bv_val;
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
if ( !opinfo )
LOCK_ID_FREE (bdb->bi_dbenv, locker );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
- if ( matched_dn.bv_val ) {
+ if ( !BER_BVISNULL( &matched_dn ) ) {
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
}
return rs->sr_err;
}
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+#ifdef SLAP_ZONE_ALLOC
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+ if ( e != &e_root ) {
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ }
+ send_ldap_result( op, rs );
+ return 1;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
if ( !manageDSAit && e != &e_root && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
- struct berval matched_dn;
- BerVarray erefs;
+ struct berval matched_dn = BER_BVNULL;
+ BerVarray erefs = NULL;
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( op, e );
+ rs->sr_err = LDAP_REFERRAL;
+
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
e = NULL;
- if( erefs ) {
+ if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
- &sop->o_req_dn, sop->oq_search.rs_scope );
+ &op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
+
+ if ( !rs->sr_ref ) {
+ rs->sr_text = "bad_referral object";
+ }
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_search) ": entry is referral\n",
0, 0, 0 );
- if (!rs->sr_ref) rs->sr_text = "bad_referral object";
- rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = matched_dn.bv_val;
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
- if ( !opinfo )
+ if ( !opinfo ) {
LOCK_ID_FREE (bdb->bi_dbenv, locker );
+ }
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
ber_memfree( matched_dn.bv_val );
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- send_ldap_result( sop, rs );
+ if ( e != &e_root ) {
+ bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ }
+ send_ldap_result( op, rs );
return 1;
}
/* compute it anyway; root does not use it */
- stoptime = op->o_time + sop->ors_tlimit;
+ stoptime = op->o_time + op->ors_tlimit;
/* need normalized dn below */
ber_dupbv( &realbase, &e->e_nname );
}
e = NULL;
-#ifdef BDB_PSEARCH
- if ( !IS_PSEARCH ) {
- rs->sr_err = bdb_get_commit_csn( sop, rs, &search_context_csn,
- locker, &ctxcsn_lock );
-
- if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_error( sop, rs, rs->sr_err,
- "error in csn management in search" );
- goto done;
- }
-
- if ( sop->o_sync_mode != SLAP_SYNC_NONE &&
- sop->o_sync_state.ctxcsn &&
- sop->o_sync_state.ctxcsn->bv_val &&
- ber_bvcmp( &sop->o_sync_state.ctxcsn[0], search_context_csn ) == 0 )
- {
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, &ctxcsn_lock );
- goto nochange;
- }
- } else {
- search_context_csn = ber_dupbv( NULL, &op->o_sync_csn );
- }
-#endif
-
/* select candidates */
- if ( sop->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
+ if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = base_candidate( op->o_bd, &base, candidates );
} else {
BDB_IDL_ZERO( candidates );
BDB_IDL_ZERO( scopes );
- rs->sr_err = search_candidates( op, sop, rs, &base,
+ rs->sr_err = search_candidates( op, rs, &base,
locker, candidates, scopes );
}
-#ifdef BDB_PSEARCH
- if ( !IS_PSEARCH && sop->o_sync_mode != SLAP_SYNC_NONE ) {
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, &ctxcsn_lock );
- }
-#endif
-
/* start cursor at beginning of candidates.
*/
cursor = 0;
-#ifdef BDB_PSEARCH
- if (IS_PSEARCH) {
- if ( !BDB_IDL_IS_RANGE( candidates ) ) {
- cursor = bdb_idl_search( candidates, ps_e->e_id );
- if ( candidates[cursor] != ps_e->e_id ) {
- rs->sr_err = LDAP_SUCCESS;
- goto done;
- }
- } else if ( ps_e->e_id < BDB_IDL_RANGE_FIRST( candidates ) ||
- ps_e->e_id > BDB_IDL_RANGE_LAST( candidates ))
- {
- rs->sr_err = LDAP_SUCCESS;
- goto done;
- }
- candidates[0] = 1;
- candidates[1] = ps_e->e_id;
- }
-#endif
if ( candidates[0] == 0 ) {
Debug( LDAP_DEBUG_TRACE,
}
/* if not root and candidates exceed to-be-checked entries, abort */
- if ( sop->ors_limit /* isroot == FALSE */ &&
- sop->ors_limit->lms_s_unchecked != -1 &&
- BDB_IDL_N(candidates) > (unsigned) sop->ors_limit->lms_s_unchecked )
+ if ( op->ors_limit /* isroot == FALSE */ &&
+ op->ors_limit->lms_s_unchecked != -1 &&
+ BDB_IDL_N(candidates) > (unsigned) op->ors_limit->lms_s_unchecked )
{
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
- if ( sop->ors_limit == NULL /* isroot == TRUE */ ||
- !sop->ors_limit->lms_s_pr_hide )
+ if ( op->ors_limit == NULL /* isroot == TRUE */ ||
+ !op->ors_limit->lms_s_pr_hide )
{
tentries = BDB_IDL_N(candidates);
}
- if ( get_pagedresults( sop ) > SLAP_CONTROL_IGNORED ) {
- PagedResultsState *ps = sop->o_pagedresults_state;
+ if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
+ PagedResultsState *ps = op->o_pagedresults_state;
/* deferred cookie parsing */
- rs->sr_err = parse_paged_cookie( sop, rs );
+ rs->sr_err = parse_paged_cookie( op, rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
goto done;
}
if ( ps->ps_size == 0 ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = "search abandoned by pagedResult size=0";
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
goto done;
}
for ( id = bdb_idl_first( candidates, &cursor );
LDAP_XSTRING(bdb_search)
": no paged results candidates\n",
0, 0, 0 );
- send_paged_response( sop, rs, &lastid, 0 );
+ send_paged_response( op, rs, &lastid, 0 );
rs->sr_err = LDAP_OTHER;
goto done;
goto loop_begin;
}
-#ifdef BDB_PSEARCH
- if (( sop->o_sync_mode & SLAP_SYNC_REFRESH ) || IS_PSEARCH ) {
- int match;
-
- cookief.f_choice = LDAP_FILTER_AND;
- cookief.f_and = &csnfnot;
- cookief.f_next = NULL;
-
- csnfnot.f_choice = LDAP_FILTER_NOT;
- csnfnot.f_not = &csnfeq;
- csnfnot.f_next = &csnfand;
-
- csnfeq.f_choice = LDAP_FILTER_EQUALITY;
- csnfeq.f_ava = &aa_eq;
- csnfeq.f_av_desc = slap_schema.si_ad_entryCSN;
- if ( sop->o_sync_state.ctxcsn != NULL ) {
- csnfeq.f_av_value = *sop->o_sync_state.ctxcsn;
- } else {
- csnfeq.f_av_value = slap_empty_bv;
- }
-
- csnfand.f_choice = LDAP_FILTER_AND;
- csnfand.f_and = &csnfge;
- csnfand.f_next = NULL;
-
- csnfge.f_choice = LDAP_FILTER_GE;
- csnfge.f_ava = &aa_ge;
- csnfge.f_av_desc = slap_schema.si_ad_entryCSN;
- if ( sop->o_sync_state.ctxcsn != NULL ) {
- csnfge.f_av_value = *sop->o_sync_state.ctxcsn;
- } else {
- csnfge.f_av_value = slap_empty_bv;
- }
-
- if ( search_context_csn && !IS_PSEARCH ) {
- csnfge.f_next = &contextcsnand;
-
- contextcsnand.f_choice = LDAP_FILTER_AND;
- contextcsnand.f_and = &contextcsnle;
- contextcsnand.f_next = NULL;
-
- contextcsnle.f_choice = LDAP_FILTER_LE;
- contextcsnle.f_ava = &aa_le;
- contextcsnle.f_av_desc = slap_schema.si_ad_entryCSN;
- contextcsnle.f_av_value = *search_context_csn;
- contextcsnle.f_next = sop->oq_search.rs_filter;
-
- mr = slap_schema.si_ad_entryCSN->ad_type->sat_ordering;
- if ( sop->o_sync_state.ctxcsn &&
- sop->o_sync_state.ctxcsn->bv_val != NULL )
- {
- value_match( &match, slap_schema.si_ad_entryCSN, mr,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &sop->o_sync_state.ctxcsn[0], search_context_csn,
- &text );
- } else {
- match = -1;
- }
- no_sync_state_change = ( match >= 0 );
- } else {
- csnfge.f_next = sop->oq_search.rs_filter;
- }
- }
-#endif
-
loop_start:
for ( id = bdb_idl_first( candidates, &cursor );
- id != NOID
-#ifdef BDB_PSEARCH
- && !no_sync_state_change
-#endif
- ; id = bdb_idl_next( candidates, &cursor ) )
+ id != NOID ; id = bdb_idl_next( candidates, &cursor ) )
{
int scopeok = 0;
ID* idhole = NULL;
loop_begin:
-#ifdef BDB_PSEARCH
- if ( !IS_POST_SEARCH ) {
- idhole = (ID*) avl_find( sop->o_psearch_finished,
- (caddr_t)&id, bdb_pfid_cmp );
- if ( idhole ) {
- avl_delete( &sop->o_psearch_finished,
- (caddr_t)idhole, bdb_pfid_cmp );
- sop->o_tmpfree( idhole, sop->o_tmpmemctx );
- goto loop_continue;
- }
-
- if ( sop->o_refresh_in_progress ) {
- ldap_pvt_thread_mutex_lock( &sop->o_pcmutex );
- pce = LDAP_TAILQ_FIRST( &sop->o_ps_pre_candidates );
- while ( pce && pce->pc_sent ) {
- pce = LDAP_TAILQ_NEXT( pce, pc_link );
- }
- ldap_pvt_thread_mutex_unlock( &sop->o_pcmutex );
- if ( pce ) {
- ID pos;
- if ( BDB_IDL_IS_RANGE( candidates ) ) {
- if ( pce->pc_id >= candidates[1] &&
- pce->pc_id <= candidates[2] &&
- pce->pc_id > cursor-1 ) {
- id = pce->pc_id;
- cursor--;
- avl_insert( &sop->o_psearch_finished,
- (caddr_t)bdb_id_dup( sop, &pce->pc_id ),
- bdb_pfid_cmp, avl_dup_error );
- } else {
- pce->pc_sent = 1;
- }
- } else {
- pos = bdb_idl_search(candidates, pce->pc_id);
- if ( pos > cursor-1 && pos <= candidates[0] ) {
- id = pce->pc_id;
- cursor--;
- avl_insert( &sop->o_psearch_finished,
- (caddr_t)bdb_id_dup( sop, &pce->pc_id ),
- bdb_pfid_cmp, avl_dup_error );
- } else {
- pce->pc_sent = 1;
- }
- }
- }
- }
- }
-
- /* check for abandon */
- if ( sop->o_abandon ) {
- if ( sop != op ) {
- bdb_drop_psearch( sop, sop->o_msgid );
- }
- rs->sr_err = LDAP_SUCCESS;
- goto done;
- }
-
- if ( sop->o_cancel ) {
- assert( sop->o_cancel == SLAP_CANCEL_REQ );
- rs->sr_err = LDAP_CANCELLED;
- send_ldap_result( sop, rs );
- sop->o_cancel = SLAP_CANCEL_ACK;
- rs->sr_err = LDAP_SUCCESS;
- goto done;
- }
-#else
/* check for abandon */
- if ( sop->o_abandon ) {
+ if ( op->o_abandon ) {
rs->sr_err = LDAP_SUCCESS;
goto done;
}
-#endif
/* check time limit */
- if ( sop->ors_tlimit != SLAP_NO_LIMIT
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
-#ifdef BDB_PSEARCH
- if (!IS_PSEARCH) {
-#endif
fetch_entry_retry:
/* get the entry with reader lock */
ei = NULL;
if (rs->sr_err == LDAP_BUSY) {
rs->sr_text = "ldap server busy";
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
goto done;
} else if ( rs->sr_err == DB_LOCK_DEADLOCK
}
if ( e == NULL ) {
-#ifdef BDB_PSEARCH
- if ( IS_POST_SEARCH ) {
- /* send LDAP_SYNC_DELETE */
- rs->sr_entry = e = ps_e;
- goto post_search_no_entry;
- } else
-#endif
if( !BDB_IDL_IS_RANGE(candidates) ) {
/* only complain for non-range IDLs */
Debug( LDAP_DEBUG_TRACE,
goto loop_continue;
}
-#ifdef BDB_PSEARCH
- } else {
- e = ps_e;
- }
-#endif
rs->sr_entry = e;
#ifdef BDB_SUBENTRIES
- /* FIXME: send all but syncrepl */
-#if 0
- if ( !is_sync_protocol( sop ) )
-#endif
{
if ( is_entry_subentry( e ) ) {
- if( sop->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
- if(!get_subentries_visibility( sop )) {
+ if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
+ if(!get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
- } else if ( get_subentries( sop ) &&
- !get_subentries_visibility( sop ))
+ } else if ( get_subentries( op ) &&
+ !get_subentries_visibility( op ))
{
/* only subentries are visible */
goto loop_continue;
}
- } else if ( get_subentries_visibility( sop )) {
+ } else if ( get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
* scope while we are looking at it, and unless we're using
* BDB_HIER, its parents cannot be moved either.
*/
- switch( sop->ors_scope ) {
+ switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
/* This is always true, yes? */
if ( id == base.e_id ) scopeok = 1;
}
/* aliases were already dereferenced in candidate list */
- if ( sop->ors_deref & LDAP_DEREF_SEARCHING ) {
+ if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
/* but if the search base is an alias, and we didn't
* deref it when finding, return it.
*/
if ( is_entry_alias(e) &&
- ((sop->ors_deref & LDAP_DEREF_FINDING) ||
+ ((op->ors_deref & LDAP_DEREF_FINDING) ||
!bvmatch(&e->e_nname, &op->o_req_ndn)))
{
goto loop_continue;
/* scopes is only non-empty for onelevel or subtree */
if ( !scopeok && BDB_IDL_N(scopes) ) {
unsigned x;
- if ( sop->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
x = bdb_idl_search( scopes, e->e_id );
if ( scopes[x] == e->e_id ) scopeok = 1;
} else {
}
/* Not in scope, ignore it */
-#ifdef BDB_PSEARCH
- if ( !IS_POST_SEARCH && !scopeok )
-#else
if ( !scopeok )
-#endif
{
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_search)
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
- if ( !manageDSAit && sop->oq_search.rs_scope != LDAP_SCOPE_BASE
+ if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
&& is_entry_referral( e ) )
{
- BerVarray erefs = get_entry_referrals( sop, e );
+ BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
- sop->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
+ op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
- send_search_reference( sop, rs );
+ send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
}
/* if it matches the filter and scope, send it */
-#ifndef BDB_PSEARCH
- rs->sr_err = test_filter( sop, rs->sr_entry, sop->oq_search.rs_filter );
-#else
- if (IS_PSEARCH) {
- if (ps_type != LDAP_PSEARCH_BY_SCOPEOUT) {
- rs->sr_err = test_filter( sop, rs->sr_entry, &cookief );
- } else {
- rs->sr_err = LDAP_COMPARE_TRUE;
- }
-
- } else {
- if ( !IS_POST_SEARCH ) {
- if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
- rc_sync = test_filter( sop, rs->sr_entry, &cookief );
- rs->sr_err = test_filter( sop, rs->sr_entry,
- &contextcsnand );
- if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
- if ( rc_sync == LDAP_COMPARE_TRUE ) {
- if ( no_sync_state_change ) {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_search) ": "
- "error in context csn management\n",
- 0, 0, 0 );
- }
- entry_sync_state = LDAP_SYNC_ADD;
-
- } else {
- if ( no_sync_state_change ) {
- goto loop_continue;
- }
- entry_sync_state = LDAP_SYNC_PRESENT;
- }
- }
- } else {
- rs->sr_err = test_filter( sop,
- rs->sr_entry, sop->oq_search.rs_filter );
- }
- } else {
- if ( scopeok ) {
- rs->sr_err = test_filter( sop,
- rs->sr_entry, sop->oq_search.rs_filter );
- } else {
- rs->sr_err = LDAP_COMPARE_TRUE;
- }
- }
- }
-#endif
+ rs->sr_err = test_filter( op, rs->sr_entry, op->oq_search.rs_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* check size limit */
- if ( --sop->ors_slimit == -1
-#ifdef BDB_PSEARCH
- && sop->o_sync_slog_size == -1
-#endif
- ) {
-#ifdef BDB_PSEARCH
- if (!IS_PSEARCH) {
-#endif
+ if ( --op->ors_slimit == -1) {
#ifdef SLAP_ZONE_ALLOC
- slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv,
+ bdb_cache_return_entry_r( bdb->bi_dbenv,
&bdb->bi_cache, e, &lock );
-#ifdef BDB_PSEARCH
- }
-#endif
e = NULL;
rs->sr_entry = NULL;
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
- send_ldap_result( sop, rs );
+ send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
- if ( get_pagedresults(sop) > SLAP_CONTROL_IGNORED ) {
- if ( rs->sr_nentries >= ((PagedResultsState *)sop->o_pagedresults_state)->ps_size ) {
- send_paged_response( sop, rs, &lastid, tentries );
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+ send_paged_response( op, rs, &lastid, tentries );
goto done;
}
lastid = id;
if (e) {
/* safe default */
int result = -1;
-#ifdef BDB_PSEARCH
- if (IS_PSEARCH || IS_POST_SEARCH) {
- int premodify_found = 0;
-
- if ( IS_POST_SEARCH ||
- ps_type == LDAP_PSEARCH_BY_ADD ||
- ps_type == LDAP_PSEARCH_BY_DELETE ||
- ps_type == LDAP_PSEARCH_BY_MODIFY ||
- ps_type == LDAP_PSEARCH_BY_SCOPEOUT )
- {
- if ( !IS_POST_SEARCH &&
- ps_type == LDAP_PSEARCH_BY_MODIFY ) {
- struct psid_entry* psid_e;
- LDAP_LIST_FOREACH( psid_e,
- &op->o_pm_list, ps_link)
- {
- if( psid_e->ps_op == sop ) {
- premodify_found = 1;
- LDAP_LIST_REMOVE(psid_e, ps_link);
- break;
- }
- }
- if (psid_e != NULL) free (psid_e);
- }
-
- if ( IS_POST_SEARCH ) {
- if ( scopeok ) {
- entry_sync_state = LDAP_SYNC_ADD;
- } else {
-post_search_no_entry:
- entry_sync_state = LDAP_SYNC_DELETE;
- }
- } else if ( ps_type == LDAP_PSEARCH_BY_ADD ) {
- entry_sync_state = LDAP_SYNC_ADD;
- } else if ( ps_type == LDAP_PSEARCH_BY_DELETE ) {
- entry_sync_state = LDAP_SYNC_DELETE;
- } else if ( ps_type == LDAP_PSEARCH_BY_MODIFY ) {
- if ( premodify_found ) {
- entry_sync_state = LDAP_SYNC_MODIFY;
- } else {
- entry_sync_state = LDAP_SYNC_ADD;
- }
- } else if ( ps_type == LDAP_PSEARCH_BY_SCOPEOUT ) {
- entry_sync_state = LDAP_SYNC_DELETE;
- } else {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- if ( sop->o_sync_slog_size != -1 ) {
- if ( entry_sync_state == LDAP_SYNC_DELETE ) {
- result = slap_add_session_log( op, sop, e );
- } else {
- result = 1;
- }
- } else {
- struct berval cookie;
- slap_compose_sync_cookie( sop, &cookie,
- search_context_csn,
- sop->o_sync_state.sid,
- sop->o_sync_state.rid );
- rs->sr_err = slap_build_sync_state_ctrl(
- sop, rs, e, entry_sync_state, ctrls,
- num_ctrls++, 1, &cookie );
- if ( rs->sr_err != LDAP_SUCCESS ) goto done;
- if (!(IS_POST_SEARCH &&
- entry_sync_state == LDAP_SYNC_DELETE)) {
- rs->sr_attrs = attrs;
- } else {
- rs->sr_attrs = NULL;
- }
- rs->sr_operational_attrs = NULL;
- rs->sr_ctrls = ctrls;
- rs->sr_flags = 0;
- result = send_search_entry( sop, rs );
- if ( cookie.bv_val ) ch_free( cookie.bv_val );
- slap_sl_free(
- ctrls[num_ctrls-1]->ldctl_value.bv_val,
- sop->o_tmpmemctx );
- slap_sl_free( ctrls[--num_ctrls],
- sop->o_tmpmemctx );
- ctrls[num_ctrls] = NULL;
- rs->sr_ctrls = NULL;
- }
-
- } else if ( ps_type == LDAP_PSEARCH_BY_PREMODIFY ) {
- struct psid_entry* psid_e;
- psid_e = (struct psid_entry *) ch_calloc(1,
- sizeof(struct psid_entry));
- psid_e->ps_op = sop;
- LDAP_LIST_INSERT_HEAD( &op->o_pm_list,
- psid_e, ps_link );
-
- } else {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_search)
- ": invalid ps_type (%d) \n",
- ps_type, 0, 0);
- }
-
- } else {
- if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
- if ( rc_sync == LDAP_COMPARE_TRUE ) { /* ADD */
- rs->sr_err = slap_build_sync_state_ctrl(
- sop, rs, e, entry_sync_state, ctrls,
- num_ctrls++, 0, NULL );
- if ( rs->sr_err != LDAP_SUCCESS ) goto done;
- rs->sr_ctrls = ctrls;
- rs->sr_attrs = sop->oq_search.rs_attrs;
- rs->sr_operational_attrs = NULL;
- rs->sr_flags = 0;
- result = send_search_entry( sop, rs );
- slap_sl_free(
- ctrls[num_ctrls-1]->ldctl_value.bv_val,
- sop->o_tmpmemctx );
- slap_sl_free( ctrls[--num_ctrls],
- sop->o_tmpmemctx );
- ctrls[num_ctrls] = NULL;
- rs->sr_ctrls = NULL;
-
- } else { /* PRESENT */
- if ( sync_send_present_mode ) {
- result = slap_build_syncUUID_set( sop,
- &syncUUID_set, e );
- if ( result <= 0 ) {
- result = -1;
- } else {
- syncUUID_set_cnt++;
- if ( syncUUID_set_cnt ==
- SLAP_SYNCUUID_SET_SIZE )
- {
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_rspoid = LDAP_SYNC_INFO;
- rs->sr_ctrls = NULL;
- result = slap_send_syncinfo( sop, rs,
- LDAP_TAG_SYNC_ID_SET,
- NULL, 0, syncUUID_set, 0 );
- if ( result != LDAP_SUCCESS ) {
- result = -1;
- }
- ber_bvarray_free_x( syncUUID_set,
- sop->o_tmpmemctx );
- syncUUID_set = NULL;
- syncUUID_set_cnt = 0;
- }
- }
-
- } else {
- result = 1;
- }
- }
-
- } else {
-#endif
- rs->sr_attrs = sop->oq_search.rs_attrs;
- rs->sr_operational_attrs = NULL;
- rs->sr_ctrls = NULL;
- rs->sr_flags = 0;
- rs->sr_err = LDAP_SUCCESS;
- result = send_search_entry( sop, rs );
-#ifdef BDB_PSEARCH
- }
- }
-#endif
+ rs->sr_attrs = op->oq_search.rs_attrs;
+ rs->sr_operational_attrs = NULL;
+ rs->sr_ctrls = NULL;
+ rs->sr_flags = 0;
+ rs->sr_err = LDAP_SUCCESS;
+ result = send_search_entry( op, rs );
switch (result) {
case 0: /* entry sent ok */
case 1: /* entry not sent */
break;
case -1: /* connection closed */
-#ifdef BDB_PSEARCH
- if (!IS_PSEARCH) {
-#endif
#ifdef SLAP_ZONE_ALLOC
- slap_zn_runlock(bdb->bi_cache.c_zctx, e);
-#endif
- bdb_cache_return_entry_r(bdb->bi_dbenv,
- &bdb->bi_cache, e, &lock);
-#ifdef BDB_PSEARCH
- }
+ slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
+ bdb_cache_return_entry_r(bdb->bi_dbenv,
+ &bdb->bi_cache, e, &lock);
e = NULL;
rs->sr_entry = NULL;
rs->sr_err = LDAP_OTHER;
loop_continue:
if( e != NULL ) {
/* free reader lock */
-#ifdef BDB_PSEARCH
- if (!IS_PSEARCH) {
- if (!(IS_POST_SEARCH &&
- entry_sync_state == LDAP_SYNC_DELETE)) {
-#ifdef SLAP_ZONE_ALLOC
- slap_zn_runlock(bdb->bi_cache.c_zctx, e);
-#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv,
- &bdb->bi_cache, e , &lock );
- if ( sop->o_nocaching ) {
- bdb_cache_delete_entry( bdb, ei, locker, &lock );
- }
- }
- }
-#else
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
bdb_cache_return_entry_r( bdb->bi_dbenv,
&bdb->bi_cache, e , &lock );
-#endif
e = NULL;
rs->sr_entry = NULL;
}
-#ifdef BDB_PSEARCH
- if ( sop->o_refresh_in_progress ) {
- if ( pce ) {
- pce->pc_sent = 1;
- }
- }
-#endif
-
ldap_pvt_thread_yield();
}
-#ifdef BDB_PSEARCH
- if ( syncUUID_set_cnt > 0 ) {
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_rspoid = LDAP_SYNC_INFO;
- rs->sr_ctrls = NULL;
- slap_send_syncinfo( sop, rs, LDAP_TAG_SYNC_ID_SET,
- NULL, 0, syncUUID_set, 0 );
- ber_bvarray_free_x( syncUUID_set, sop->o_tmpmemctx );
- syncUUID_set_cnt = 0;
- }
-#endif
-
nochange:
-#ifdef BDB_PSEARCH
- if (!IS_PSEARCH && !IS_POST_SEARCH) {
- if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
- if ( sop->o_sync_mode & SLAP_SYNC_PERSIST ) {
- struct berval cookie;
- slap_compose_sync_cookie( sop, &cookie, search_context_csn,
- sop->o_sync_state.sid, sop->o_sync_state.rid );
-
- if ( sync_send_present_mode ) {
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_rspoid = LDAP_SYNC_INFO;
- rs->sr_ctrls = NULL;
- slap_send_syncinfo( sop, rs,
- LDAP_TAG_SYNC_REFRESH_PRESENT, &cookie, 1, NULL, 0 );
-
- } else {
- if ( !no_sync_state_change ) {
- int slog_found = 0;
- ldap_pvt_thread_rdwr_rlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list,
- o_ps_link )
- {
- if ( ps_list->o_sync_slog_size > 0 ) {
- if ( ps_list->o_sync_state.sid ==
- sop->o_sync_state.sid )
- {
- slog_found = 1;
- break;
- }
- }
- }
-
- if ( slog_found ) {
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_rspoid = NULL;
- rs->sr_ctrls = NULL;
- slap_send_session_log( op, ps_list, rs );
- }
- ldap_pvt_thread_rdwr_runlock( &bdb->bi_pslist_rwlock );
- }
-
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_rspoid = LDAP_SYNC_INFO;
- rs->sr_ctrls = NULL;
- slap_send_syncinfo( sop, rs,
- LDAP_TAG_SYNC_REFRESH_DELETE, &cookie, 1, NULL, 0 );
- }
-
- if ( cookie.bv_val ) ch_free( cookie.bv_val );
-
- } else {
- /* refreshOnly mode */
- struct berval cookie;
- slap_compose_sync_cookie( sop, &cookie, search_context_csn,
- sop->o_sync_state.sid, sop->o_sync_state.rid );
-
- if ( sync_send_present_mode ) {
- slap_build_sync_done_ctrl( sop, rs, ctrls,
- num_ctrls++, 1, &cookie, LDAP_SYNC_REFRESH_PRESENTS );
-
- } else {
- if ( !no_sync_state_change ) {
- int slog_found = 0;
- ldap_pvt_thread_rdwr_rlock( &bdb->bi_pslist_rwlock );
- LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list,
- o_ps_link )
- {
- if ( ps_list->o_sync_slog_size > 0 ) {
- if ( ps_list->o_sync_state.sid ==
- sop->o_sync_state.sid ) {
- slog_found = 1;
- break;
- }
- }
- }
-
- if ( slog_found ) {
- slap_send_session_log( op, ps_list, rs );
- }
- ldap_pvt_thread_rdwr_runlock( &bdb->bi_pslist_rwlock );
- }
-
- slap_build_sync_done_ctrl( sop, rs, ctrls,
- num_ctrls++, 1, &cookie, LDAP_SYNC_REFRESH_DELETES );
- }
-
- rs->sr_ctrls = ctrls;
- rs->sr_ref = rs->sr_v2ref;
- rs->sr_err = (rs->sr_v2ref == NULL)
- ? LDAP_SUCCESS : LDAP_REFERRAL;
- rs->sr_rspoid = NULL;
- send_ldap_result( sop, rs );
- if ( ctrls[num_ctrls-1]->ldctl_value.bv_val != NULL ) {
- slap_sl_free( ctrls[num_ctrls-1]->ldctl_value.bv_val,
- sop->o_tmpmemctx );
- }
- slap_sl_free( ctrls[--num_ctrls], sop->o_tmpmemctx );
- ctrls[num_ctrls] = NULL;
- if ( cookie.bv_val ) ch_free( cookie.bv_val );
- }
-
- } else {
-#endif
- rs->sr_ctrls = NULL;
- rs->sr_ref = rs->sr_v2ref;
- rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
- rs->sr_rspoid = NULL;
- if ( get_pagedresults(sop) > SLAP_CONTROL_IGNORED ) {
- send_paged_response( sop, rs, NULL, 0 );
- } else {
- send_ldap_result( sop, rs );
- }
-#ifdef BDB_PSEARCH
- }
- }
-
- if ( sop->o_refresh_in_progress ) {
- sop->o_refresh_in_progress = 0;
+ rs->sr_ctrls = NULL;
+ rs->sr_ref = rs->sr_v2ref;
+ rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
+ rs->sr_rspoid = NULL;
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ send_paged_response( op, rs, NULL, 0 );
+ } else {
+ send_ldap_result( op, rs );
}
-#endif
rs->sr_err = LDAP_SUCCESS;
done:
-#ifdef BDB_PSEARCH
- if ( sop->o_psearch_finished ) {
- avl_free( sop->o_psearch_finished, ch_free );
- }
-
- if( !IS_PSEARCH && e != NULL ) {
- /* free reader lock */
-#ifdef SLAP_ZONE_ALLOC
- slap_zn_runlock(bdb->bi_cache.c_zctx, e);
-#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
- }
- ber_bvfree( search_context_csn );
-#endif
-
if ( !opinfo )
LOCK_ID_FREE( bdb->bi_dbenv, locker );
}
static int search_candidates(
- Operation *stackop,
Operation *op,
SlapReply *rs,
Entry *e,
* these clauses are redundant.
*/
if (!oc_filter(op->oq_search.rs_filter, 1, &depth)
- && !get_subentries_visibility(op)
-#ifdef BDB_PSEARCH
- && !is_sync_protocol(op)
-#endif
- ) {
+ && !get_subentries_visibility(op)) {
if( !get_manageDSAit(op) && !get_domainScope(op) ) {
/* match referral objects */
struct berval bv_ref = BER_BVC( "referral" );
if ( depth+1 > bdb->bi_search_stack_depth ) {
stack = ch_malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
} else {
- stack = search_stack( stackop );
+ stack = search_stack( op );
}
if( op->ors_deref & LDAP_DEREF_SEARCHING ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## Portions Copyright 1998-2003 Kurt D. Zeilenga.
## All rights reserved.
##
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
extended.c referral.c operational.c \
attr.c index.c key.c dbcache.c filterindex.c trans.c \
- dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c ctxcsn.c
+ dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
SRCS = $(XXSRCS)
OBJS = init.lo tools.lo config.lo \
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
extended.lo referral.lo operational.lo \
attr.lo index.lo key.lo dbcache.lo filterindex.lo trans.lo \
- dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo ctxcsn.lo
+ dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu @ Symas Corp.
* All rights reserved.
*
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## <http://www.OpenLDAP.org/license.html>.
SRCS = init.c config.c search.c bind.c unbind.c add.c compare.c \
- delete.c modify.c modrdn.c extended.c
+ delete.c modify.c modrdn.c extended.c chain.c
OBJS = init.lo config.lo search.lo bind.lo unbind.lo add.lo compare.lo \
- delete.lo modify.lo modrdn.lo extended.lo
+ delete.lo modify.lo modrdn.lo extended.lo chain.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
}
/* Count number of attributes in entry */
- for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next)
+ for ( i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next )
/* just count attrs */ ;
/* Create array of LDAPMods for ldap_add() */
attrs[ i ] = NULL;
ctrls = op->o_ctrls;
-#ifdef LDAP_BACK_PROXY_AUTHZ
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
goto cleanup;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
}
cleanup:
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
if ( attrs ) {
for ( --i; i >= 0; --i ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
#ifndef SLAPD_LDAP_H
#define SLAPD_LDAP_H
-#include "proto-ldap.h"
-
-#ifdef LDAP_DEVEL
-#define LDAP_BACK_PROXY_AUTHZ
-#endif
-
LDAP_BEGIN_DECL
struct slap_conn;
#define acl_authcDN acl_la.la_authcDN
#define acl_passwd acl_la.la_passwd
-#ifdef LDAP_BACK_PROXY_AUTHZ
/* ID assert stuff */
int idassert_mode;
#define LDAP_BACK_IDASSERT_LEGACY 0
int idassert_ppolicy;
/* end of ID assert stuff */
-#endif /* LDAP_BACK_PROXY_AUTHZ */
ldap_pvt_thread_mutex_t conn_mutex;
int savecred;
int rwm_started;
};
-int ldap_back_freeconn( Operation *op, struct ldapconn *lc );
-struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs);
-int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs);
-int ldap_back_retry(struct ldapconn *lc, Operation *op, SlapReply *rs);
-int ldap_back_map_result(SlapReply *rs);
-int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
- ber_int_t msgid, int sendok);
-int back_ldap_LTX_init_module(int argc, char *argv[]);
-
-extern int ldap_back_conn_cmp( const void *c1, const void *c2);
-extern int ldap_back_conn_dup( void *c1, void *c2 );
-extern void ldap_back_conn_free( void *c );
-
-#ifdef LDAP_BACK_PROXY_AUTHZ
-extern int
-ldap_back_proxy_authz_ctrl(
- struct ldapconn *lc,
- Operation *op,
- SlapReply *rs,
- LDAPControl ***pctrls );
-
-extern int
-ldap_back_proxy_authz_ctrl_free(
- Operation *op,
- LDAPControl ***pctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
-
LDAP_END_DECL
+#include "proto-ldap.h"
+
#endif /* SLAPD_LDAP_H */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
static LDAP_REBIND_PROC ldap_back_rebind;
-#ifdef LDAP_BACK_PROXY_AUTHZ
static int
ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
int
ldap_back_bind( Operation *op, SlapReply *rs )
rc = ldap_back_op_result( lc, op, rs, msgid, 1 );
if ( rc == LDAP_SUCCESS ) {
-#if defined(LDAP_BACK_PROXY_AUTHZ)
+ /* If defined, proxyAuthz will be used also when
+ * back-ldap is the authorizing backend; for this
+ * purpose, a successful bind is followed by a
+ * bind with the configured identity assertion */
+ /* NOTE: use with care */
if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
ldap_back_proxy_authz_bind( lc, op, rs );
if ( lc->lc_bound == 0 ) {
goto done;
}
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
lc->lc_bound = 1;
ber_dupbv( &lc->lc_bound_ndn, &op->o_req_ndn );
ldap_pvt_thread_mutex_lock( &lc->lc_mutex );
if ( !lc->lc_bound ) {
-#ifdef LDAP_BACK_PROXY_AUTHZ
/*
* FIXME: we need to let clients use proxyAuthz
* otherwise we cannot do symmetric pools of servers;
*/
/*
* if no bind took place yet, but the connection is bound
- * and the "proxyauthzdn" is set, then bind as
- * "proxyauthzdn" and explicitly add the proxyAuthz
- * control to every operation with the dn bound
- * to the connection as control value.
+ * and the "idassert-authcDN" (or other ID) is set,
+ * then bind as the asserting ideintity and explicitly
+ * add the proxyAuthz control to every operation with the
+ * dn bound to the connection as control value.
*/
if ( op->o_conn != NULL && BER_BVISNULL( &lc->lc_bound_ndn ) ) {
(void)ldap_back_proxy_authz_bind( lc, op, rs );
goto done;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
rs->sr_err = ldap_sasl_bind( lc->lc_ld,
lc->lc_bound_ndn.bv_val,
* to a successful state, get the error from the
* remote server response */
if ( ERR_OK( rs->sr_err ) ) {
+ int rc;
+ struct timeval tv = { 0, 0 };
+
+retry:;
/* if result parsing fails, note the failure reason */
- if ( ldap_result( lc->lc_ld, msgid, 1, NULL, &res ) == -1 ) {
+ switch ( ldap_result( lc->lc_ld, msgid, 1, &tv, &res ) ) {
+ case 0:
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000; /* 0.1 s */
+ ldap_pvt_thread_yield();
+ goto retry;
+
+ case -1:
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
+ break;
+
/* otherwise get the result; if it is not
* LDAP_SUCCESS, record it in the reply
* structure (this includes
* LDAP_COMPARE_{TRUE|FALSE}) */
- } else {
- int rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
+ default:
+ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
&match, &text, NULL, NULL, 1 );
rs->sr_text = text;
if ( rc != LDAP_SUCCESS ) {
return ldap_back_dobind( lc, op, rs );
}
-#ifdef LDAP_BACK_PROXY_AUTHZ
static int
ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
{
default:
if ( li->idassert_authz ) {
- struct berval authcDN = BER_BVISNULL( &op->o_conn->c_ndn ) ? slap_empty_bv : op->o_conn->c_ndn;
+ struct berval authcDN;
+ if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ authcDN = slap_empty_bv;
+ } else {
+ authcDN = op->o_conn->c_ndn;
+ }
rs->sr_err = slap_sasl_matches( op, li->idassert_authz,
&authcDN, &authcDN );
if ( rs->sr_err != LDAP_SUCCESS ) {
*pctrls = NULL;
+ rs->sr_err = LDAP_SUCCESS;
+
if ( ( BER_BVISNULL( &li->idassert_authcID ) || BER_BVISEMPTY( &li->idassert_authcID ) )
&& ( BER_BVISNULL( &li->idassert_authcDN ) || BER_BVISEMPTY( &li->idassert_authcDN ) ) ) {
goto done;
} else if ( li->idassert_authz ) {
int rc;
- struct berval authcDN = BER_BVISNULL( &op->o_conn->c_ndn ) ? slap_empty_bv : op->o_conn->c_ndn;
-
+ struct berval authcDN;
+ if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ authcDN = slap_empty_bv;
+ } else {
+ authcDN = op->o_conn->c_ndn;
+ }
rc = slap_sasl_matches( op, li->idassert_authz,
&authcDN, & authcDN );
if ( rc != LDAP_SUCCESS ) {
case LDAP_BACK_IDASSERT_SELF:
/* original behavior:
* assert the client's identity */
- assertedID = BER_BVISNULL( &op->o_conn->c_ndn ) ? slap_empty_bv : op->o_conn->c_ndn;
+ if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ assertedID = slap_empty_bv;
+ } else {
+ assertedID = op->o_conn->c_ndn;
+ }
break;
case LDAP_BACK_IDASSERT_ANONYMOUS:
{
LDAPControl **ctrls = *pctrls;
+ /* we assume that the first control is the proxyAuthz
+ * added by back-ldap, so it's the only one we explicitly
+ * free */
if ( ctrls && ctrls != op->o_ctrls ) {
assert( ctrls[ 0 ] );
return 0;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
--- /dev/null
+/* chain.c - chain LDAP operations */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "back-ldap.h"
+
+static BackendInfo *lback;
+
+#if 0
+static int
+ldap_chain_chk_referrals( Operation *op, SlapReply *rs )
+{
+ return LDAP_SUCCESS;
+}
+#endif
+
+static int
+ldap_chain_operational( Operation *op, SlapReply *rs )
+{
+ /* trap entries generated by back-ldap.
+ * FIXME: we need a better way to recognize them; a cleaner
+ * solution would be to be able to intercept the response
+ * of be_operational(), so that we can divert only those
+ * calls that fail because operational attributes were
+ * requested for entries that do not belong to the underlying
+ * database. This fix is likely to intercept also entries
+ * generated by back-perl and so. */
+ if ( rs->sr_entry->e_private == NULL ) {
+ return 0;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+ldap_chain_cb_response( Operation *op, SlapReply *rs )
+{
+ assert( op->o_tag == LDAP_REQ_SEARCH );
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ Attribute **ap = &rs->sr_entry->e_attrs;
+
+ for ( ; *ap != NULL; ap = &(*ap)->a_next ) {
+ /* will be generated later by frontend
+ * (a cleaner solution would be that
+ * the frontend checks if it already exists */
+ if ( ad_cmp( (*ap)->a_desc, slap_schema.si_ad_entryDN ) == 0 )
+ {
+ Attribute *a = *ap;
+
+ *ap = (*ap)->a_next;
+ attr_free( a );
+
+ /* there SHOULD be one only! */
+ break;
+ }
+ }
+
+ return SLAP_CB_CONTINUE;
+ }
+
+ return 0;
+}
+
+static int
+ldap_chain_response( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+ void *private = op->o_bd->be_private;
+ slap_callback *sc = op->o_callback;
+ int rc = 0;
+ int cache = op->o_do_not_cache;
+ char *authzid = NULL;
+ BerVarray ref;
+ struct berval ndn = op->o_ndn;
+
+ struct ldapinfo li, *lip = (struct ldapinfo *)on->on_bi.bi_private;
+
+ if ( rs->sr_err != LDAP_REFERRAL && rs->sr_type != REP_SEARCHREF )
+ return SLAP_CB_CONTINUE;
+
+ ref = rs->sr_ref;
+ rs->sr_ref = NULL;
+
+ op->o_callback = NULL;
+
+ if ( lip->url == NULL ) {
+ /* if we parse the URI then by no means
+ * we can cache stuff or reuse connections,
+ * because in back-ldap there's no caching
+ * based on the URI value, which is supposed
+ * to be set once for all (correct?) */
+ op->o_do_not_cache = 1;
+
+ /* FIXME: we're setting the URI of the first referral;
+ * what if there are more? Is this something we should
+ * worry about? */
+ li = *lip;
+ op->o_bd->be_private = &li;
+
+ if ( rs->sr_type != REP_SEARCHREF ) {
+ LDAPURLDesc *srv;
+ char *save_dn;
+
+ /* parse reference and use
+ * proto://[host][:port]/ only */
+ rc = ldap_url_parse_ext( ref[0].bv_val, &srv );
+ if ( rc != LDAP_URL_SUCCESS ) {
+ /* error */
+ return 1;
+ }
+
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ save_dn = srv->lud_dn;
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.url = ldap_url_desc2str( srv );
+ srv->lud_dn = save_dn;
+ ldap_free_urldesc( srv );
+
+ if ( li.url == NULL ) {
+ /* error */
+ return 1;
+ }
+ }
+
+ } else {
+ op->o_bd->be_private = on->on_bi.bi_private;
+ }
+
+ /* Chaining can be performed by a privileged user on behalf
+ * of normal users, using the ProxyAuthz control, by exploiting
+ * the identity assertion feature of back-ldap; see idassert-*
+ * directives in slapd-ldap(5).
+ */
+
+ switch ( op->o_tag ) {
+ case LDAP_REQ_BIND: {
+ struct berval rndn = op->o_req_ndn;
+ Connection *conn = op->o_conn;
+
+ op->o_req_ndn = slap_empty_bv;
+
+ op->o_conn = NULL;
+ rc = lback->bi_op_bind( op, rs );
+ op->o_req_ndn = rndn;
+ op->o_conn = conn;
+ }
+ break;
+ case LDAP_REQ_ADD:
+ {
+ int cleanup_attrs = 0;
+
+ if ( op->ora_e->e_attrs == NULL ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ];
+ size_t textlen = sizeof( textbuf );
+
+ /* global overlay; create entry */
+ /* NOTE: this is a hack to use the chain overlay
+ * as global. I expect to be able to remove this
+ * soon by using slap_mods2entry() earlier in
+ * do_add(), adding the operational attrs later
+ * if required. */
+ rs->sr_err = slap_mods2entry( op->ora_modlist,
+ &op->ora_e, 0, 1,
+ &rs->sr_text, textbuf, textlen );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ rc = 1;
+ break;
+ }
+ }
+ rc = lback->bi_op_add( op, rs );
+ if ( cleanup_attrs ) {
+ attrs_free( op->ora_e->e_attrs );
+ op->ora_e->e_attrs = NULL;
+ }
+ break;
+ }
+ case LDAP_REQ_DELETE:
+ rc = lback->bi_op_delete( op, rs );
+ break;
+ case LDAP_REQ_MODRDN:
+ rc = lback->bi_op_modrdn( op, rs );
+ break;
+ case LDAP_REQ_MODIFY:
+ rc = lback->bi_op_modify( op, rs );
+ break;
+ case LDAP_REQ_COMPARE:
+ rc = lback->bi_op_compare( op, rs );
+ break;
+ case LDAP_REQ_SEARCH:
+ if ( rs->sr_type == REP_SEARCHREF ) {
+ struct berval *curr = ref,
+ odn = op->o_req_dn,
+ ondn = op->o_req_ndn;
+ slap_callback sc2 = { 0 };
+ int tmprc = 0;
+ ber_len_t refcnt = 0;
+ BerVarray newref = NULL;
+
+ sc2.sc_response = ldap_chain_cb_response;
+ op->o_callback = &sc2;
+
+ rs->sr_type = REP_SEARCH;
+
+ /* copy the private info because we need to modify it */
+ for ( ; !BER_BVISNULL( &curr[0] ); curr++ ) {
+ LDAPURLDesc *srv;
+ char *save_dn;
+
+ /* parse reference and use
+ * proto://[host][:port]/ only */
+ tmprc = ldap_url_parse_ext( curr[0].bv_val, &srv );
+ if ( tmprc != LDAP_URL_SUCCESS ) {
+ /* error */
+ rc = 1;
+ goto end_of_searchref;
+ }
+
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ save_dn = srv->lud_dn;
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.url = ldap_url_desc2str( srv );
+ if ( li.url != NULL ) {
+ ber_str2bv_x( save_dn, 0, 1, &op->o_req_dn,
+ op->o_tmpmemctx );
+ ber_dupbv_x( &op->o_req_ndn, &op->o_req_dn,
+ op->o_tmpmemctx );
+ }
+
+ srv->lud_dn = save_dn;
+ ldap_free_urldesc( srv );
+
+ if ( li.url == NULL ) {
+ /* error */
+ rc = 1;
+ goto end_of_searchref;
+ }
+
+
+ /* FIXME: should we also copy filter and scope?
+ * according to RFC3296, no */
+ tmprc = lback->bi_op_search( op, rs );
+
+ ldap_memfree( li.url );
+ li.url = NULL;
+
+ op->o_tmpfree( op->o_req_dn.bv_val,
+ op->o_tmpmemctx );
+ op->o_tmpfree( op->o_req_ndn.bv_val,
+ op->o_tmpmemctx );
+
+ if ( tmprc ) {
+ /* error */
+ rc = 1;
+ goto end_of_searchref;
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ /* if search was not successful,
+ * at least return the referral! */
+ /* FIXME: assumes referrals
+ * are always created via
+ * referral_rewrite() and freed via
+ * ber_bvarray_free( rs->sr_ref ) */
+ newref = ch_realloc( newref, sizeof( struct berval ) * (refcnt + 2) );
+ ber_dupbv( &newref[ refcnt ], &curr[ 0 ] );
+ refcnt++;
+ BER_BVZERO( &newref[ refcnt ] );
+ }
+ }
+
+end_of_searchref:;
+ op->o_req_dn = odn;
+ op->o_req_ndn = ondn;
+ rs->sr_type = REP_SEARCHREF;
+ rs->sr_entry = NULL;
+
+ /* if the error was bad, it was already returned
+ * by back-ldap; destroy the referrals left;
+ * otherwise, let the frontend return them. */
+ if ( newref ) {
+ if ( rc == 0 ) {
+ rc = SLAP_CB_CONTINUE;
+ if ( ref != default_referral ) {
+ ber_bvarray_free( ref );
+ }
+ ref = newref;
+
+ } else {
+ ber_bvarray_free( newref );
+ }
+ }
+
+ } else {
+ rc = lback->bi_op_search( op, rs );
+ }
+ break;
+ case LDAP_REQ_EXTENDED:
+ rc = lback->bi_extended( op, rs );
+ /* FIXME: ldap_back_extended() by design
+ * doesn't send result; frontend is expected
+ * to send it... */
+ if ( rc != SLAPD_ABANDON ) {
+ send_ldap_extended( op, rs );
+ }
+ break;
+ default:
+ rc = SLAP_CB_CONTINUE;
+ break;
+ }
+ op->o_do_not_cache = cache;
+ op->o_bd->be_private = private;
+ op->o_callback = sc;
+ op->o_ndn = ndn;
+ if ( authzid ) {
+ op->o_tmpfree( authzid, op->o_tmpmemctx );
+ }
+ rs->sr_ref = ref;
+ if ( lip->url == NULL && li.url != NULL ) {
+ ldap_memfree( li.url );
+ }
+
+ return rc;
+}
+
+static int
+ldap_chain_db_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ void *private = be->be_private;
+ char *argv0 = NULL;
+ int rc;
+
+ be->be_private = on->on_bi.bi_private;
+ if ( strncasecmp( argv[ 0 ], "chain-", sizeof( "chain-" ) - 1 ) == 0 ) {
+ argv0 = argv[ 0 ];
+ argv[ 0 ] = &argv[ 0 ][ sizeof( "chain-" ) - 1 ];
+ }
+ rc = lback->bi_db_config( be, fname, lineno, argc, argv );
+ if ( argv0 ) {
+ argv[ 0 ] = argv0;
+ }
+
+ be->be_private = private;
+ return rc;
+}
+
+static int
+ldap_chain_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ void *private = be->be_private;
+ int rc;
+
+ if ( lback == NULL ) {
+ lback = backend_info( "ldap" );
+
+ if ( lback == NULL ) {
+ return -1;
+ }
+ }
+
+ be->be_private = NULL;
+ rc = lback->bi_db_init( be );
+ on->on_bi.bi_private = be->be_private;
+ be->be_private = private;
+
+ return rc;
+}
+
+static int
+ldap_chain_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ void *private = be->be_private;
+ int rc;
+
+ be->be_private = on->on_bi.bi_private;
+ rc = lback->bi_db_destroy( be );
+ on->on_bi.bi_private = be->be_private;
+ be->be_private = private;
+ return rc;
+}
+
+static slap_overinst ldapchain;
+
+int
+chain_init( void )
+{
+ ldapchain.on_bi.bi_type = "chain";
+ ldapchain.on_bi.bi_db_init = ldap_chain_db_init;
+ ldapchain.on_bi.bi_db_config = ldap_chain_db_config;
+ ldapchain.on_bi.bi_db_destroy = ldap_chain_db_destroy;
+
+ /* ... otherwise the underlying backend's function would be called,
+ * likely passing an invalid entry; on the contrary, the requested
+ * operational attributes should have been returned while chasing
+ * the referrals. This all in all is a bit messy, because part
+ * of the operational attributes are generated by they backend;
+ * part by the frontend; back-ldap should receive all the available
+ * ones from the remote server, but then, on it own, it strips those
+ * it assumes will be (re)generated by the frontend (e.g.
+ * subschemaSubentry.) */
+ ldapchain.on_bi.bi_operational = ldap_chain_operational;
+
+ ldapchain.on_response = ldap_chain_response;
+
+#if 0
+ ldapchain.on_bi.bi_chk_referrals = ldap_chain_chk_referrals;
+#endif
+
+ return overlay_register( &ldapchain );
+}
+
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
}
ctrls = op->o_ctrls;
-#ifdef LDAP_BACK_PROXY_AUTHZ
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
goto cleanup;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_ndn.bv_val,
}
cleanup:
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
return rc;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
}
ber_str2bv( argv[1], 0, 1, &li->acl_passwd );
-#ifdef LDAP_BACK_PROXY_AUTHZ
/* identity assertion stuff... */
} else if ( strncasecmp( argv[0], "idassert-", STRLENOF( "idassert-" ) ) == 0
- || strncasecmp( argv[0], "proxyauthz", STRLENOF( "proxyauthz" ) ) == 0 ) {
+ || strncasecmp( argv[0], "proxyauthz", STRLENOF( "proxyauthz" ) ) == 0 )
+ {
+ /* NOTE: "proxyauthz{DN,pw}" was initially used; it's now
+ * deprected and undocumented, it can be dropped at some
+ * point, since nobody should be really using it */
return parse_idassert( be, fname, lineno, argc, argv );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
}
-#ifdef LDAP_BACK_PROXY_AUTHZ
static int
parse_idassert(
BackendDB *be,
}
if ( strcasecmp( argv[1], "none" ) == 0 ) {
- /* FIXME: is this useful? */
+ /* FIXME: is this at all useful? */
li->idassert_authmethod = LDAP_AUTH_NONE;
if ( argc != 2 ) {
return 0;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
goto cleanup;
}
-#ifdef LDAP_BACK_PROXY_AUTHZ
ctrls = op->o_ctrls;
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
rc = -1;
goto cleanup;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_ndn.bv_val,
rc = ldap_back_op_result( lc, op, rs, msgid, 1 );
if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
- if ( ldap_back_retry (lc, op, rs )) goto retry;
+ if ( ldap_back_retry (lc, op, rs ) ) {
+ goto retry;
+ }
}
cleanup:
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
return rc;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
for ( i = 0; exop_table[i].extended != NULL; i++ ) {
if ( bvmatch( exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
{
-#ifdef LDAP_BACK_PROXY_AUTHZ
struct ldapconn *lc;
LDAPControl **oldctrls = NULL;
int rc;
op->o_ctrls = oldctrls;
return rc;
-#else /* ! LDAP_BACK_PROXY_AUTHZ */
- return ( *exop_table[i].extended )( op, rs );
-#endif /* ! LDAP_BACK_PROXY_AUTHZ */
}
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
bi->bi_connection_init = 0;
bi->bi_connection_destroy = ldap_back_conn_destroy;
+ if ( chain_init( ) ) {
+ return -1;
+ }
+
return 0;
}
BER_BVZERO( &li->acl_authcDN );
BER_BVZERO( &li->acl_passwd );
-#ifdef LDAP_BACK_PROXY_AUTHZ
li->idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
BER_BVZERO( &li->idassert_authcID );
/* by default, use proxyAuthz control on each operation */
li->idassert_flags = LDAP_BACK_AUTH_NONE;
-#endif /* LDAP_BACK_PROXY_AUTHZ */
ldap_pvt_thread_mutex_init( &li->conn_mutex );
"ldap_back_db_open: URI=%s\n",
li->url != NULL ? li->url : "", 0, 0 );
-#ifdef LDAP_BACK_PROXY_AUTHZ
/* by default, use proxyAuthz control on each operation */
switch ( li->idassert_mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
default:
break;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
#if 0 && defined(SLAPD_MONITOR)
{
+ /* FIXME: disabled because namingContexts doesn't have
+ * a matching rule, and using an MRA filter doesn't work
+ * because the normalized assertion is compared to the
+ * non-normalized value, which in general differ.
+ * See ITS#3406 */
struct berval filter,
base = BER_BVC( "cn=Databases,cn=Monitor" );
struct berval vals[ 2 ];
ch_free( li->acl_passwd.bv_val );
BER_BVZERO( &li->acl_passwd );
}
-#ifdef LDAP_BACK_PROXY_AUTHZ
if ( !BER_BVISNULL( &li->idassert_authcID ) ) {
ch_free( li->idassert_authcID.bv_val );
BER_BVZERO( &li->idassert_authcID );
ch_free( li->idassert_sasl_realm.bv_val );
BER_BVZERO( &li->idassert_sasl_realm );
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
if ( li->conntree ) {
avl_free( li->conntree, ldap_back_conn_free );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
modv[ i ] = 0;
ctrls = op->o_ctrls;
-#ifdef LDAP_BACK_PROXY_AUTHZ
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
goto cleanup;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_ndn.bv_val, modv,
}
cleanup:;
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
for ( i = 0; modv[ i ]; i++ ) {
ch_free( modv[ i ]->mod_bvalues );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
}
ctrls = op->o_ctrls;
-#ifdef LDAP_BACK_PROXY_AUTHZ
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
goto cleanup;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_rename( lc->lc_ld, op->o_req_ndn.bv_val,
}
cleanup:
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
return rc;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
extern BI_entry_get_rw ldap_back_entry_get;
+int ldap_back_freeconn( Operation *op, struct ldapconn *lc );
+struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs);
+int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs);
+int ldap_back_retry(struct ldapconn *lc, Operation *op, SlapReply *rs);
+int ldap_back_map_result(SlapReply *rs);
+int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
+ ber_int_t msgid, int sendok);
+int back_ldap_LTX_init_module(int argc, char *argv[]);
+
+extern int ldap_back_conn_cmp( const void *c1, const void *c2);
+extern int ldap_back_conn_dup( void *c1, void *c2 );
+extern void ldap_back_conn_free( void *c );
+
+extern int
+ldap_back_proxy_authz_ctrl(
+ struct ldapconn *lc,
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl ***pctrls );
+
+extern int
+ldap_back_proxy_authz_ctrl_free(
+ Operation *op,
+ LDAPControl ***pctrls );
+
+extern int chain_init( void );
+
LDAP_END_DECL
#endif /* PROTO_LDAP_H */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
}
ctrls = op->o_ctrls;
-#ifdef LDAP_BACK_PROXY_AUTHZ
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
if ( rc != LDAP_SUCCESS ) {
dontfreetext = 1;
goto finish;
}
-#endif /* LDAP_BACK_PROXY_AUTHZ */
retry:
rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_ndn.bv_val,
finish:;
send_ldap_result( op, rs );
-#ifdef LDAP_BACK_PROXY_AUTHZ
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-#endif /* LDAP_BACK_PROXY_AUTHZ */
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
attr->a_desc->ad_type->sat_syntax,
attr->a_desc->ad_type->sat_equality,
&attr->a_vals[i], &attr->a_nvals[i],
- NULL /* op->o_tmpmemctx */ );
+ NULL );
if ( rc != LDAP_SUCCESS ) {
BER_BVZERO( &attr->a_nvals[i] );
{
struct ldapconn *lc;
int rc = 1,
- is_oc,
do_not_cache;
struct berval bdn;
LDAPMessage *result = NULL,
Connection *oconn;
SlapReply rs;
int do_retry = 1;
+ LDAPControl **ctrls = NULL;
/* Tell getconn this is a privileged op */
do_not_cache = op->o_do_not_cache;
op->o_conn = oconn;
if ( at ) {
- is_oc = ( strcasecmp( "objectclass", at->ad_cname.bv_val ) == 0 );
- if ( oc && !is_oc ) {
- gattr[0] = "objectclass";
+ if ( oc && at != slap_schema.si_ad_objectClass ) {
+ gattr[0] = slap_schema.si_ad_objectClass->ad_cname.bv_val;
gattr[1] = at->ad_cname.bv_val;
gattr[2] = NULL;
*ptr++ = '\0';
}
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( lc, op, &rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
retry:
rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
- at ? gattr : NULL, 0, NULL, NULL, LDAP_NO_LIMIT,
+ at ? gattr : NULL, 0, ctrls, NULL, LDAP_NO_LIMIT,
LDAP_NO_LIMIT, &result );
if ( rc != LDAP_SUCCESS ) {
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
}
cleanup:
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
if ( result ) {
ldap_msgfree( result );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
send_ldap_result( op, rs );
return rs->sr_err;
}
+ rs->sr_text = NULL;
#ifdef LDBM_SUBENTRIES
subentry = is_entry_subentry( op->oq_add.rs_e );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
switch ( op->oq_bind.rb_method ) {
case LDAP_AUTH_SIMPLE:
- if ( ! access_allowed( op, e,
- password, NULL, ACL_AUTH, NULL ) )
- {
-#if 1
- rc = LDAP_INVALID_CREDENTIALS;
-#else
- rc = LDAP_INSUFFICIENT_ACCESS;
-#endif
- goto return_results;
- }
-
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
/* stop front end from sending result */
-#if 1
rc = LDAP_INVALID_CREDENTIALS;
-#else
- rc = LDAP_INAPPROPRIATE_AUTH;
-#endif
goto return_results;
}
- if ( slap_passwd_check( op->o_conn,
- a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+ if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
{
- /* stop front end from sending result */
+ /* failure; stop front end from sending result */
rc = LDAP_INVALID_CREDENTIALS;
goto return_results;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* FIXME : dn2entry() should return non-glue entry */
if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
- BerVarray deref = NULL;
-
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
cache_return_entry_r( &li->li_cache, matched );
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* FIXME: dn2entry() should return non-glue entry */
if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
- BerVarray deref = NULL;
if ( matched != NULL ) {
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* get entry with writer lock */
/* FIXME: dn2entry() should return non-glue entry */
if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
- BerVarray deref = NULL;
if ( matched != NULL ) {
rs->sr_matched = strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &deref, &tmpbv );
- }
- } else {
- deref = default_referral;
- }
- rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
- LDAP_SCOPE_DEFAULT );
+ rs->sr_ref = referral_rewrite( default_referral, NULL,
+ &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
- if ( deref != default_referral ) {
- ber_bvarray_free( deref );
- }
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
- Entry *e, *matched;
+ Entry *e, *matched;
+ int rc = LDAP_SUCCESS;
if( op->o_tag == LDAP_REQ_SEARCH ) {
/* let search take care of itself */
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
- if( is_entry_referral( matched ) ) {
- rs->sr_err = LDAP_OTHER;
+ if ( is_entry_referral( matched ) ) {
+ rc = rs->sr_err = LDAP_OTHER;
rs->sr_ref = get_entry_referrals( op, matched );
}
cache_return_entry_r( &li->li_cache, matched );
} else if ( default_referral != NULL ) {
- rs->sr_err = LDAP_OTHER;
+ rc = rs->sr_err = LDAP_OTHER;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
- if( rs->sr_ref != NULL ) {
+ if ( rs->sr_ref != NULL ) {
/* send referrals */
- rs->sr_err = LDAP_REFERRAL;
- send_ldap_result( op, rs );
- ber_bvarray_free( rs->sr_ref );
+ rc = rs->sr_err = LDAP_REFERRAL;
- } else if ( rs->sr_err != LDAP_SUCCESS ) {
+ } else {
rs->sr_text = rs->sr_matched ? "bad referral object" : "bad default referral";
+ }
+
+ if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
}
if ( rs->sr_matched ) free( (char *)rs->sr_matched );
+ if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
+ rs->sr_text = NULL;
rs->sr_ref = NULL;
rs->sr_matched = NULL;
- return rs->sr_err;
+
+ return rc;
}
if ( is_entry_referral( e ) ) {
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
- rs->sr_err = LDAP_REFERRAL;
- send_ldap_result( op, rs );
-
- ber_bvarray_free( rs->sr_ref );
+ rc = rs->sr_err = LDAP_REFERRAL;
+ rs->sr_text = NULL;
} else {
- send_ldap_error( op, rs, LDAP_OTHER,
- "bad referral object" );
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
}
+ send_ldap_result( op, rs );
- if( refs != NULL ) ber_bvarray_free( refs );
+ if ( refs != NULL ) ber_bvarray_free( refs );
+ rs->sr_err = rc;
rs->sr_ref = NULL;
+ rs->sr_text = NULL;
rs->sr_matched = NULL;
}
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
- return rs->sr_err;
+ return rc;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
struct berval matched_dn = BER_BVNULL;
if ( matched != NULL ) {
- BerVarray erefs;
- ber_dupbv( &matched_dn, &matched->e_name );
+ BerVarray erefs = NULL;
+
+ if ( ! access_allowed( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
- erefs = is_entry_referral( matched )
- ? get_entry_referrals( op, matched )
- : NULL;
+ } else {
+ ber_dupbv( &matched_dn, &matched->e_name );
+
+ erefs = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ }
cache_return_entry_r( &li->li_cache, matched );
- if( erefs ) {
+ if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->ors_scope );
ber_memfree( matched_dn.bv_val );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
- return LDAP_REFERRAL;
+ return rs->sr_err;
+ }
+
+ if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+ return rs->sr_err;
}
- if (!manageDSAit && is_entry_referral( e ) ) {
+ if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
- struct berval matched_dn;
- BerVarray erefs;
+ struct berval matched_dn = BER_BVNULL;
+ BerVarray erefs = NULL;
+
+ rs->sr_ref = NULL;
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( op, e );
- rs->sr_ref = NULL;
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
"ldbm_search: entry is referral\n",
0, 0, 0 );
- if( erefs ) {
+ if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->ors_scope );
ber_bvarray_free( erefs );
+
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_text = NULL;
+ }
}
rs->sr_matched = matched_dn.bv_val;
- if( rs->sr_ref ) {
- rs->sr_err = LDAP_REFERRAL;
- send_ldap_result( op, rs );
- ber_bvarray_free( rs->sr_ref );
-
- } else {
- send_ldap_error( op, rs, LDAP_OTHER,
- "bad referral object" );
- }
-
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
ber_memfree( matched_dn.bv_val );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
- return LDAP_OTHER;
+ return rs->sr_err;
}
if ( is_entry_alias( e ) ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
int
meta_back_add( Operation *op, SlapReply *rs )
{
- struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct metaconn *lc;
- int i, candidate = -1;
- Attribute *a;
- LDAPMod **attrs;
- struct berval mdn = BER_BVNULL, mapped;
- dncookie dc;
+ struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
+ struct metaconn *lc;
+ int i, candidate = -1;
+ int isupdate;
+ Attribute *a;
+ LDAPMod **attrs;
+ struct berval mdn = BER_BVNULL, mapped;
+ dncookie dc;
Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
op->o_req_dn.bv_val, 0, 0 );
if ( !meta_back_dobind( lc, op )
|| !meta_back_is_valid( lc, candidate ) ) {
- rs->sr_err = LDAP_OTHER;
+ rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_result( op, rs );
return -1;
}
/*
* Rewrite the add dn, if needed
*/
- dc.rwmap = &li->targets[ candidate ]->rwmap;
+ dc.rwmap = &li->targets[ candidate ]->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDN";
}
/* Count number of attributes in entry */
- for ( i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next );
+ for ( i = 1, a = op->ora_e->e_attrs; a; i++, a = a->a_next );
/* Create array of LDAPMods for ldap_add() */
attrs = ch_malloc( sizeof( LDAPMod * )*i );
- for ( i = 0, a = op->oq_add.rs_e->e_attrs; a; a = a->a_next ) {
+ isupdate = be_shadow_update( op );
+ for ( i = 0, a = op->ora_e->e_attrs; a; a = a->a_next ) {
int j;
- if ( a->a_desc->ad_type->sat_no_user_mod ) {
+ if ( !isupdate && a->a_desc->ad_type->sat_no_user_mod ) {
continue;
}
- ldap_back_map( &li->targets[ candidate ]->rwmap.rwm_at,
+ ldap_back_map( &li->targets[ candidate ]->mt_rwmap.rwm_at,
&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) {
continue;
* to allow their use in ACLs at the back-ldap
* level.
*/
- if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
+ if ( a->a_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ {
(void)ldap_dnattr_rewrite( &dc, a->a_vals );
}
}
attrs[ i ] = NULL;
- ldap_add_s( lc->conns[ candidate ].ld, mdn.bv_val, attrs );
+ (void)ldap_add_ext_s( lc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ attrs, NULL, NULL );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_vals.modv_bvals );
free( attrs[ i ] );
}
free( attrs );
- if ( mdn.bv_val != op->oq_add.rs_e->e_dn ) {
+ if ( mdn.bv_val != op->ora_e->e_dn ) {
free( mdn.bv_val );
+ BER_BVZERO( &mdn );
}
+
return meta_back_op_result( lc, op, rs );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
} /* else */
candidate = meta_back_select_unique_candidate( li, ndn );
- if ( candidate == -1 ) {
+ if ( candidate == META_TARGET_NONE ) {
return 1;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
#endif
} dncookie;
+#define META_BIND_NRETRIES 3
+#define META_BIND_TIMEOUT 1000
+
int ldap_back_freeconn( Operation *op, struct ldapconn *lc );
struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs);
int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs);
/* (end of) from back-ldap.h before rwm removal */
struct metasingleconn {
- int candidate;
+ int msc_candidate;
#define META_NOT_CANDIDATE 0
#define META_CANDIDATE 1
#define META_LAST_CONN -1
- LDAP *ld;
- struct berval bound_dn;
- struct berval cred;
- int bound;
+ LDAP *msc_ld;
+ struct berval msc_bound_ndn;
+ struct berval msc_cred;
+ int msc_bound;
#define META_UNBOUND 0
#define META_BOUND 1
#define META_ANONYMOUS 2
};
-#define META_LAST(lsc) ((lsc)->candidate == META_LAST_CONN)
+#define META_LAST(lsc) ((lsc)->msc_candidate == META_LAST_CONN)
struct metaconn {
- struct slap_conn *conn;
- struct rewrite_info *rwinfo;
+ struct slap_conn *mc_conn;
+ struct rewrite_info *mc_rwinfo;
/*
* means that the connection is bound;
* of course only one target actually is ...
*/
- int bound_target;
+ int mc_bound_target;
#define META_BOUND_NONE -1
#define META_BOUND_ALL -2
/* supersedes the connection stuff */
- struct metasingleconn *conns;
+ struct metasingleconn *mc_conns;
};
struct metatarget {
- char *uri;
- struct berval psuffix; /* pretty suffix */
- struct berval suffix; /* normalized suffix */
- struct berval binddn;
- struct berval bindpw;
+ char *mt_uri;
+ struct berval mt_psuffix; /* pretty suffix */
+ struct berval mt_nsuffix; /* normalized suffix */
+ struct berval mt_binddn;
+ struct berval mt_bindpw;
- struct berval pseudorootdn;
- struct berval pseudorootpw;
+ struct berval mt_pseudorootdn;
+ struct berval mt_pseudorootpw;
-#if 0
- struct rewrite_info *rwinfo;
-
- struct ldapmap oc_map;
- struct ldapmap at_map;
-#endif
- struct ldaprwmap rwmap;
+ struct ldaprwmap mt_rwmap;
};
struct metadncache {
void *c2
);
+#define META_TARGET_NONE (-1)
extern int
meta_dncache_get_target(
struct metadncache *cache,
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
Debug( LDAP_DEBUG_ARGS, "meta_back_bind: dn: %s.\n%s%s",
op->o_req_dn.bv_val, "", "" );
- if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
+ if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
isroot = 1;
- ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
+ ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
op_type = META_OP_REQUIRE_ALL;
}
lc = meta_back_getconn( op, rs, op_type,
/*
* Each target is scanned ...
*/
- lc->bound_target = META_BOUND_NONE;
+ lc->mc_bound_target = META_BOUND_NONE;
ndnlen = op->o_req_ndn.bv_len;
for ( i = 0; i < li->ntargets; i++ ) {
int lerr;
struct berval orig_dn = op->o_req_dn;
struct berval orig_ndn = op->o_req_ndn;
- struct berval orig_cred = op->oq_bind.rb_cred;
- int orig_method = op->oq_bind.rb_method;
+ struct berval orig_cred = op->orb_cred;
+ int orig_method = op->orb_method;
/*
* Skip non-candidates
*/
- if ( lc->conns[ i ].candidate != META_CANDIDATE ) {
+ if ( lc->mc_conns[ i ].msc_candidate != META_CANDIDATE ) {
continue;
}
"", "", "" );
}
- if ( isroot && li->targets[ i ]->pseudorootdn.bv_val != NULL ) {
- op->o_req_dn = li->targets[ i ]->pseudorootdn;
- op->o_req_ndn = li->targets[ i ]->pseudorootdn;
- op->oq_bind.rb_cred = li->targets[ i ]->pseudorootpw;
- op->oq_bind.rb_method = LDAP_AUTH_SIMPLE;
+ if ( isroot && li->targets[ i ]->mt_pseudorootdn.bv_val != NULL ) {
+ op->o_req_dn = li->targets[ i ]->mt_pseudorootdn;
+ op->o_req_ndn = li->targets[ i ]->mt_pseudorootdn;
+ op->orb_cred = li->targets[ i ]->mt_pseudorootpw;
+ op->orb_method = LDAP_AUTH_SIMPLE;
}
lerr = meta_back_do_single_bind( lc, op, rs, i );
if ( lerr != LDAP_SUCCESS ) {
rs->sr_err = lerr;
- ( void )meta_clear_one_candidate( &lc->conns[ i ], 1 );
+ ( void )meta_clear_one_candidate( &lc->mc_conns[ i ], 1 );
+
} else {
rc = LDAP_SUCCESS;
}
op->o_req_dn = orig_dn;
op->o_req_ndn = orig_ndn;
- op->oq_bind.rb_cred = orig_cred;
- op->oq_bind.rb_method = orig_method;
+ op->orb_cred = orig_cred;
+ op->orb_method = orig_method;
}
if ( isroot ) {
- lc->bound_target = META_BOUND_ALL;
+ lc->mc_bound_target = META_BOUND_ALL;
}
/*
int candidate
)
{
- struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct berval mdn = BER_BVNULL;
- ber_int_t msgid;
- dncookie dc;
- struct metasingleconn *lsc = &lc->conns[ candidate ];
- LDAPMessage *res;
+ struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
+ struct berval mdn = BER_BVNULL;
+ dncookie dc;
+ struct metasingleconn *lsc = &lc->mc_conns[ candidate ];
+ int msgid;
/*
* Rewrite the bind dn if needed
*/
- dc.rwmap = &li->targets[ candidate ]->rwmap;
+ dc.rwmap = &li->targets[ candidate ]->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDN";
}
if ( op->o_ctrls ) {
- rs->sr_err = ldap_set_option( lsc->ld,
+ rs->sr_err = ldap_set_option( lsc->msc_ld,
LDAP_OPT_SERVER_CONTROLS, op->o_ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
/* FIXME: this fixes the bind problem right now; we need
* to use the asynchronous version to get the "matched"
* and more in case of failure ... */
- rs->sr_err = ldap_sasl_bind_s(lsc->ld, mdn.bv_val,
- LDAP_SASL_SIMPLE, &op->oq_bind.rb_cred,
- op->o_ctrls, NULL, NULL);
+ rs->sr_err = ldap_sasl_bind( lsc->msc_ld, mdn.bv_val,
+ LDAP_SASL_SIMPLE, &op->orb_cred,
+ op->o_ctrls, NULL, &msgid );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ LDAPMessage *res;
+ struct timeval tv = { 0, 0 };
+ int rc;
+ int nretries = 0;
+
+ /*
+ * handle response!!!
+ */
+retry:;
+ switch ( ldap_result( lsc->msc_ld, msgid, 0, &tv, &res ) ) {
+ case 0:
+ if ( ++nretries <= META_BIND_NRETRIES ) {
+ ldap_pvt_thread_yield();
+ tv.tv_sec = 0;
+ tv.tv_usec = META_BIND_TIMEOUT;
+ goto retry;
+ }
+ rs->sr_err = LDAP_BUSY;
+ break;
+
+ case -1:
+ ldap_get_option( lsc->msc_ld, LDAP_OPT_ERROR_NUMBER,
+ &rs->sr_err );
+ break;
+
+ default:
+ rc = ldap_parse_result( lsc->msc_ld, res, &rs->sr_err,
+ NULL, NULL, NULL, NULL, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ rs->sr_err = rc;
+ }
+ break;
+ }
+ }
+
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
goto return_results;
}
- /*
- * FIXME: handle response!!!
- */
- if ( lsc->bound_dn.bv_val != NULL ) {
- ber_memfree( lsc->bound_dn.bv_val );
+ if ( !BER_BVISNULL( &lsc->msc_bound_ndn ) ) {
+ ber_memfree( lsc->msc_bound_ndn.bv_val );
}
- ber_dupbv( &lsc->bound_dn, &op->o_req_dn );
- lsc->bound = META_BOUND;
- lc->bound_target = candidate;
+ ber_dupbv( &lsc->msc_bound_ndn, &op->o_req_dn );
+ lsc->msc_bound = META_BOUND;
+ lc->mc_bound_target = candidate;
if ( li->savecred ) {
- if ( lsc->cred.bv_val ) {
- memset( lsc->cred.bv_val, 0, lsc->cred.bv_len );
- ber_memfree( lsc->cred.bv_val );
+ if ( !BER_BVISNULL( &lsc->msc_cred ) ) {
+ /* destroy sensitive data */
+ memset( lsc->msc_cred.bv_val, 0, lsc->msc_cred.bv_len );
+ ber_memfree( lsc->msc_cred.bv_val );
}
- ber_dupbv( &lsc->cred, &op->oq_bind.rb_cred );
- ldap_set_rebind_proc( lsc->ld, meta_back_rebind, lsc );
+ ber_dupbv( &lsc->msc_cred, &op->orb_cred );
+ ldap_set_rebind_proc( lsc->msc_ld, meta_back_rebind, lsc );
}
if ( li->cache.ttl != META_DNCACHE_DISABLED
int
meta_back_dobind( struct metaconn *lc, Operation *op )
{
- struct metasingleconn *lsc;
- int bound = 0, i;
+ struct metasingleconn *lsc;
+ int bound = 0, i;
/*
* all the targets are bound as pseudoroot
*/
- if ( lc->bound_target == META_BOUND_ALL ) {
+ if ( lc->mc_bound_target == META_BOUND_ALL ) {
return 1;
}
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); ++i, ++lsc ) {
int rc;
struct berval cred = BER_BVC("");
+ int msgid;
/*
* Not a candidate or something wrong with this target ...
*/
- if ( lsc->ld == NULL ) {
+ if ( lsc->msc_ld == NULL ) {
continue;
}
* If required, set controls
*/
if ( op->o_ctrls ) {
- if ( ldap_set_option( lsc->ld, LDAP_OPT_SERVER_CONTROLS,
+ if ( ldap_set_option( lsc->msc_ld, LDAP_OPT_SERVER_CONTROLS,
op->o_ctrls ) != LDAP_SUCCESS ) {
( void )meta_clear_one_candidate( lsc, 1 );
continue;
}
}
-
+
/*
* If the target is already bound it is skipped
*/
- if ( lsc->bound == META_BOUND && lc->bound_target == i ) {
+ if ( lsc->msc_bound == META_BOUND && lc->mc_bound_target == i ) {
++bound;
continue;
}
* (note: if the target was already bound, the anonymous
* bind clears the previous bind).
*/
- if ( lsc->bound_dn.bv_val ) {
- ber_memfree( lsc->bound_dn.bv_val );
- lsc->bound_dn.bv_val = NULL;
- lsc->bound_dn.bv_len = 0;
+ if ( !BER_BVISNULL( &lsc->msc_bound_ndn ) ) {
+ ber_memfree( lsc->msc_bound_ndn.bv_val );
+ BER_BVZERO( &lsc->msc_bound_ndn );
}
if ( /* FIXME: need li ... li->savecred && */
- lsc->cred.bv_val ) {
- memset( lsc->cred.bv_val, 0, lsc->cred.bv_len );
- ber_memfree( lsc->cred.bv_val );
- lsc->cred.bv_val = NULL;
- lsc->cred.bv_len = 0;
+ !BER_BVISNULL( &lsc->msc_cred ) )
+ {
+ /* destroy sensitive data */
+ memset( lsc->msc_cred.bv_val, 0, lsc->msc_cred.bv_len );
+ ber_memfree( lsc->msc_cred.bv_val );
+ BER_BVZERO( &lsc->msc_cred );
+ }
+
+ rc = ldap_sasl_bind( lsc->msc_ld, "", LDAP_SASL_SIMPLE, &cred,
+ op->o_ctrls, NULL, &msgid );
+ if ( rc == LDAP_SUCCESS ) {
+ LDAPMessage *res;
+ struct timeval tv = { 0, 0 };
+ int err;
+ int nretries = 0;
+
+ /*
+ * handle response!!!
+ */
+retry:;
+ switch ( ldap_result( lsc->msc_ld, msgid, 0, &tv, &res ) ) {
+ case 0:
+ if ( ++nretries <= META_BIND_NRETRIES ) {
+ ldap_pvt_thread_yield();
+ tv.tv_sec = 0;
+ tv.tv_usec = META_BIND_TIMEOUT;
+ goto retry;
+ }
+
+ rc = LDAP_BUSY;
+ break;
+
+ case -1:
+ ldap_get_option( lsc->msc_ld, LDAP_OPT_ERROR_NUMBER,
+ &rc );
+ break;
+
+ default:
+ rc = ldap_parse_result( lsc->msc_ld, res, &err,
+ NULL, NULL, NULL, NULL, 1 );
+ if ( rc == LDAP_SUCCESS ) {
+ rc = err;
+ }
+ break;
+ }
}
- rc = ldap_sasl_bind_s(lsc->ld, "", LDAP_SASL_SIMPLE, &cred,
- op->o_ctrls, NULL, NULL);
if ( rc != LDAP_SUCCESS ) {
-
Debug( LDAP_DEBUG_ANY,
"==>meta_back_dobind: (anonymous)"
" bind failed"
continue;
} /* else */
- lsc->bound = META_ANONYMOUS;
+ lsc->msc_bound = META_ANONYMOUS;
++bound;
}
return 0;
}
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc) && i < candidate;
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ) && i < candidate;
++i, ++lsc );
- if ( !META_LAST(lsc) ) {
- return( lsc->ld != NULL );
+ if ( !META_LAST( lsc ) ) {
+ return ( lsc->msc_ld != NULL );
}
return 0;
meta_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
ber_int_t msgid, void *params )
{
- struct metasingleconn *lc = params;
+ struct metasingleconn *lsc = params;
- return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val,
- LDAP_AUTH_SIMPLE );
+ return ldap_sasl_bind_s( ld, lsc->msc_bound_ndn.bv_val,
+ LDAP_SASL_SIMPLE, &lsc->msc_cred,
+ NULL, NULL, NULL );
}
/*
int
meta_back_op_result( struct metaconn *lc, Operation *op, SlapReply *rs )
{
- int i, rerr = LDAP_SUCCESS;
- struct metasingleconn *lsc;
- char *rmsg = NULL;
- char *rmatch = NULL;
- int free_rmsg = 0, free_rmatch = 0;
-
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
- char *msg = NULL;
- char *match = NULL;
+ int i,
+ rerr = LDAP_SUCCESS;
+ struct metasingleconn *lsc;
+ char *rmsg = NULL;
+ char *rmatch = NULL;
+ int free_rmsg = 0,
+ free_rmatch = 0;
+
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); ++i, ++lsc ) {
+ char *msg = NULL;
+ char *match = NULL;
rs->sr_err = LDAP_SUCCESS;
- ldap_get_option( lsc->ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err );
+ ldap_get_option( lsc->msc_ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err );
if ( rs->sr_err != LDAP_SUCCESS ) {
/*
* better check the type of error. In some cases
* success if at least one of the targets gave
* positive result ...
*/
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_ERROR_STRING, &msg );
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_MATCHED_DN, &match );
rs->sr_err = slap_map_api2result( rs );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
assert( li->ntargets != 0 );
for ( i = 0; i < li->ntargets; ++i ) {
- if ( meta_back_is_candidate( &li->targets[ i ]->suffix, ndn ) ) {
+ if ( meta_back_is_candidate( &li->targets[ i ]->mt_nsuffix, ndn ) )
+ {
++cnt;
}
}
struct berval *ndn
)
{
- int i;
+ int i;
switch ( meta_back_count_candidates( li, ndn ) ) {
case 1:
case 0:
default:
return ( li->defaulttarget == META_DEFAULT_TARGET_NONE
- ? -1 : li->defaulttarget );
+ ? META_TARGET_NONE : li->defaulttarget );
}
for ( i = 0; i < li->ntargets; ++i ) {
- if ( meta_back_is_candidate( &li->targets[ i ]->suffix, ndn ) ) {
+ if ( meta_back_is_candidate( &li->targets[ i ]->mt_nsuffix, ndn ) )
+ {
return i;
}
}
- return -1;
+ return META_TARGET_NONE;
}
/*
if ( i == candidate ) {
continue;
}
- meta_clear_one_candidate( &lc->conns[ i ], reallyclean );
+ meta_clear_one_candidate( &lc->mc_conns[ i ], reallyclean );
}
return 0;
int reallyclean
)
{
- lsc->candidate = META_NOT_CANDIDATE;
+ lsc->msc_candidate = META_NOT_CANDIDATE;
if ( !reallyclean ) {
return 0;
}
- if ( lsc->ld ) {
- ldap_unbind( lsc->ld );
- lsc->ld = NULL;
+ if ( lsc->msc_ld ) {
+ ldap_unbind_ext_s( lsc->msc_ld, NULL, NULL );
+ lsc->msc_ld = NULL;
}
- if ( lsc->bound_dn.bv_val != NULL ) {
- ber_memfree( lsc->bound_dn.bv_val );
- lsc->bound_dn.bv_val = NULL;
- lsc->bound_dn.bv_len = 0;
+ if ( !BER_BVISNULL( &lsc->msc_bound_ndn ) ) {
+ ber_memfree( lsc->msc_bound_ndn.bv_val );
+ BER_BVZERO( &lsc->msc_bound_ndn );
}
- if ( lsc->cred.bv_val != NULL ) {
- ber_memfree( lsc->cred.bv_val );
- lsc->cred.bv_val = NULL;
- lsc->cred.bv_len = 0;
+ if ( !BER_BVISNULL( &lsc->msc_cred ) ) {
+ ber_memfree( lsc->msc_cred.bv_val );
+ BER_BVZERO( &lsc->msc_cred );
}
return 0;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
int
meta_back_compare( Operation *op, SlapReply *rs )
{
- struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct metaconn *lc;
- struct metasingleconn *lsc;
- char *match = NULL, *err = NULL;
- struct berval mmatch = BER_BVNULL;
- int candidates = 0, last = 0, i, count = 0, rc;
- int cres = LDAP_SUCCESS, rres = LDAP_SUCCESS;
- int *msgid;
- dncookie dc;
+ struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
+ struct metaconn *lc;
+ struct metasingleconn *lsc;
+ char *match = NULL,
+ *err = NULL;
+ struct berval mmatch = BER_BVNULL;
+ int candidates = 0,
+ last = 0,
+ i,
+ count = 0,
+ rc,
+ cres = LDAP_SUCCESS,
+ rres = LDAP_SUCCESS,
+ *msgid;
+ dncookie dc;
lc = meta_back_getconn( op, rs, META_OP_ALLOW_MULTIPLE,
&op->o_req_ndn, NULL );
}
if ( !meta_back_dobind( lc, op ) ) {
- rs->sr_err = LDAP_OTHER;
+ rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_result( op, rs );
return -1;
}
dc.rs = rs;
dc.ctx = "compareDN";
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); ++i, ++lsc ) {
struct berval mdn = BER_BVNULL;
- struct berval mapped_attr = op->oq_compare.rs_ava->aa_desc->ad_cname;
- struct berval mapped_value = op->oq_compare.rs_ava->aa_value;
+ struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
+ struct berval mapped_value = op->orc_ava->aa_value;
- if ( lsc->candidate != META_CANDIDATE ) {
+ if ( lsc->msc_candidate != META_CANDIDATE ) {
msgid[ i ] = -1;
continue;
}
/*
* Rewrite the compare dn, if needed
*/
- dc.rwmap = &li->targets[ i ]->rwmap;
+ dc.rwmap = &li->targets[ i ]->mt_rwmap;
switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
* if attr is objectClass, try to remap the value
*/
- if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) {
- ldap_back_map( &li->targets[ i ]->rwmap.rwm_oc,
- &op->oq_compare.rs_ava->aa_value,
+ if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
+ ldap_back_map( &li->targets[ i ]->mt_rwmap.rwm_oc,
+ &op->orc_ava->aa_value,
&mapped_value, BACKLDAP_MAP );
if ( mapped_value.bv_val == NULL || mapped_value.bv_val[0] == '\0' ) {
* else try to remap the attribute
*/
} else {
- ldap_back_map( &li->targets[ i ]->rwmap.rwm_at,
- &op->oq_compare.rs_ava->aa_desc->ad_cname,
+ ldap_back_map( &li->targets[ i ]->mt_rwmap.rwm_at,
+ &op->orc_ava->aa_desc->ad_cname,
&mapped_attr, BACKLDAP_MAP );
if ( mapped_attr.bv_val == NULL || mapped_attr.bv_val[0] == '\0' ) {
continue;
}
- if ( op->oq_compare.rs_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+ if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
{
dc.ctx = "compareAttrDN";
- switch ( ldap_back_dn_massage( &dc, &op->oq_compare.rs_ava->aa_value, &mapped_value ) )
+ switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
{
case LDAP_UNWILLING_TO_PERFORM:
rc = 1;
* that returns determines the result; a constraint on unicity
* of the result ought to be enforced
*/
- msgid[ i ] = ldap_compare( lc->conns[ i ].ld, mdn.bv_val,
- mapped_attr.bv_val, mapped_value.bv_val );
+ rc = ldap_compare_ext( lc->mc_conns[ i ].msc_ld, mdn.bv_val,
+ mapped_attr.bv_val, &mapped_value,
+ NULL, NULL, &msgid[ i ] );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
- mdn.bv_val = NULL;
+ BER_BVZERO( &mdn );
}
- if ( mapped_attr.bv_val != op->oq_compare.rs_ava->aa_desc->ad_cname.bv_val ) {
+ if ( mapped_attr.bv_val != op->orc_ava->aa_desc->ad_cname.bv_val ) {
free( mapped_attr.bv_val );
+ BER_BVZERO( &mapped_attr );
}
- if ( mapped_value.bv_val != op->oq_compare.rs_ava->aa_value.bv_val ) {
+ if ( mapped_value.bv_val != op->orc_ava->aa_value.bv_val ) {
free( mapped_value.bv_val );
+ BER_BVZERO( &mapped_value );
}
- if ( msgid[ i ] == -1 ) {
+ if ( rc != LDAP_SUCCESS ) {
+ /* FIXME: what should we do with the error? */
continue;
}
/*
* FIXME: should we check for abandon?
*/
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); lsc++, i++ ) {
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); lsc++, i++ ) {
int lrc;
LDAPMessage *res = NULL;
continue;
}
- lrc = ldap_result( lsc->ld, msgid[ i ],
+ lrc = ldap_result( lsc->msc_ld, msgid[ i ],
0, NULL, &res );
if ( lrc == 0 ) {
rc = -1;
goto finish;
}
+
+ rc = ldap_parse_result( lsc->msc_ld, res,
+ &rs->sr_err,
+ NULL, NULL, NULL, NULL, 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ rres = rc;
+ rc = -1;
+ goto finish;
+ }
- rs->sr_err = ldap_result2error( lsc->ld, res, 1 );
switch ( rs->sr_err ) {
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
if ( err != NULL ) {
free( err );
}
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_ERROR_STRING, &err );
if ( match != NULL ) {
free( match );
}
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_MATCHED_DN, &match );
last = i;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
return NULL;
}
- lt->rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
- if ( lt->rwmap.rwm_rw == NULL ) {
+ lt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+ if ( lt->mt_rwmap.rwm_rw == NULL ) {
free( lt );
return NULL;
}
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchFilter";
rargv[ 2 ] = NULL;
- rewrite_parse( lt->rwmap.rwm_rw, "<suffix massage>",
+ rewrite_parse( lt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "default";
rargv[ 2 ] = NULL;
- rewrite_parse( lt->rwmap.rwm_rw, "<suffix massage>",
+ rewrite_parse( lt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
}
- ldap_back_map_init( <->rwmap.rwm_at, &mapping );
+ ldap_back_map_init( <->mt_rwmap.rwm_at, &mapping );
return lt;
}
dn.bv_val = ludp->lud_dn;
dn.bv_len = strlen( ludp->lud_dn );
- rc = dnPrettyNormal( NULL, &dn, &li->targets[ i ]->psuffix,
- &li->targets[ i ]->suffix, NULL );
+ rc = dnPrettyNormal( NULL, &dn, &li->targets[ i ]->mt_psuffix,
+ &li->targets[ i ]->mt_nsuffix, NULL );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"target '%s' DN is invalid\n",
}
}
- li->targets[ i ]->uri = ldap_url_list2urls( ludp );
+ li->targets[ i ]->mt_uri = ldap_url_list2urls( ludp );
ldap_free_urllist( ludp );
- if ( li->targets[ i ]->uri == NULL) {
+ if ( li->targets[ i ]->mt_uri == NULL) {
fprintf( stderr, "%s: line %d: no memory?\n",
fname, lineno );
return( 1 );
/*
* uri MUST be a branch of a suffix!
*/
- if ( select_backend( &li->targets[ i ]->suffix, 0, 0 ) == NULL ) {
+ if ( select_backend( &li->targets[ i ]->mt_nsuffix, 0, 0 ) == NULL ) {
fprintf( stderr,
"%s: line %d: <naming context> of URI does not resolve to a backend"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
- if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->binddn,
+ if ( dnNormalize( 0, NULL, NULL, &dn, &li->targets[ i ]->mt_binddn,
NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
fname, lineno );
return 1;
}
- ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->bindpw );
+ ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->mt_bindpw );
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
if ( dnNormalize( 0, NULL, NULL, &dn,
- &li->targets[ i ]->pseudorootdn, NULL ) != LDAP_SUCCESS )
+ &li->targets[ i ]->mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
"pseudoroot DN '%s' is invalid\n",
fname, lineno );
return 1;
}
- ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->pseudorootpw );
+ ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->mt_pseudorootpw );
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
* FIXME: no extra rewrite capabilities should be added
* to the database
*/
- return suffix_massage_config( li->targets[ i ]->rwmap.rwm_rw,
+ return suffix_massage_config( li->targets[ i ]->mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
/* rewrite stuff ... */
if ( strcasecmp( argv[0], "rewriteEngine" ) == 0 ) {
li->rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
}
- return rewrite_parse(li->rwinfo, fname, lineno,
- argc, argv);
+ return rewrite_parse( li->rwinfo, fname, lineno,
+ argc, argv );
}
- return rewrite_parse( li->targets[ i ]->rwmap.rwm_rw, fname, lineno,
- argc, argv );
+ return rewrite_parse( li->targets[ i ]->mt_rwmap.rwm_rw,
+ fname, lineno, argc, argv );
/* objectclass/attribute mapping */
} else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
return 1;
}
- return ldap_back_map_config( &li->targets[ i ]->rwmap.rwm_oc,
- &li->targets[ i ]->rwmap.rwm_at,
+ return ldap_back_map_config( &li->targets[ i ]->mt_rwmap.rwm_oc,
+ &li->targets[ i ]->mt_rwmap.rwm_at,
fname, lineno, argc, argv );
/* anything else */
} else {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
struct metaconn *lc1 = ( struct metaconn * )c1;
struct metaconn *lc2 = ( struct metaconn * )c2;
- return SLAP_PTRCMP( lc1->conn, lc2->conn );
+ return SLAP_PTRCMP( lc1->mc_conn, lc2->mc_conn );
}
/*
struct metaconn *lc1 = ( struct metaconn * )c1;
struct metaconn *lc2 = ( struct metaconn * )c2;
- return( ( lc1->conn == lc2->conn ) ? -1 : 0 );
+ return( ( lc1->mc_conn == lc2->mc_conn ) ? -1 : 0 );
}
/*
return;
}
- ravl_print( root->avl_right, depth+1 );
+ ravl_print( root->avl_right, depth + 1 );
for ( i = 0; i < depth; i++ ) {
printf( " " );
}
- printf( "c(%d) %d\n", ( ( struct metaconn * )root->avl_data )->conn->c_connid, root->avl_bf );
+ printf( "c(%d) %d\n", ( ( struct metaconn * )root->avl_data )->mc_conn->c_connid, root->avl_bf );
- ravl_print( root->avl_left, depth+1 );
+ ravl_print( root->avl_left, depth + 1 );
}
static void
/*
* make it a null-terminated array ...
*/
- lc->conns = ch_calloc( sizeof( struct metasingleconn ), ntargets+1 );
- if ( lc->conns == NULL ) {
+ lc->mc_conns = ch_calloc( sizeof( struct metasingleconn ), ntargets+1 );
+ if ( lc->mc_conns == NULL ) {
free( lc );
return NULL;
}
- lc->conns[ ntargets ].candidate = META_LAST_CONN;
+ lc->mc_conns[ ntargets ].msc_candidate = META_LAST_CONN;
for ( ; ntargets-- > 0; ) {
- lc->conns[ ntargets ].ld = NULL;
- lc->conns[ ntargets ].bound_dn.bv_val = NULL;
- lc->conns[ ntargets ].bound_dn.bv_len = 0;
- lc->conns[ ntargets ].cred.bv_val = NULL;
- lc->conns[ ntargets ].cred.bv_len = 0;
- lc->conns[ ntargets ].bound = META_UNBOUND;
+ lc->mc_conns[ ntargets ].msc_ld = NULL;
+ BER_BVZERO( &lc->mc_conns[ ntargets ].msc_bound_ndn );
+ BER_BVZERO( &lc->mc_conns[ ntargets ].msc_cred );
+ lc->mc_conns[ ntargets ].msc_bound = META_UNBOUND;
}
- lc->bound_target = META_BOUND_NONE;
+ lc->mc_bound_target = META_BOUND_NONE;
return lc;
}
return;
}
- if ( lc->conns ) {
- ch_free( lc->conns );
+ if ( lc->mc_conns ) {
+ ch_free( lc->mc_conns );
}
free( lc );
/*
* Already init'ed
*/
- if ( lsc->ld != NULL ) {
+ if ( lsc->msc_ld != NULL ) {
return LDAP_SUCCESS;
}
/*
* Attempts to initialize the connection to the target ds
*/
- rs->sr_err = ldap_initialize( &lsc->ld, lt->uri );
+ rs->sr_err = ldap_initialize( &lsc->msc_ld, lt->mt_uri );
if ( rs->sr_err != LDAP_SUCCESS ) {
return slap_map_api2result( rs );
}
* bound with a particular version, then so can we.
*/
vers = op->o_conn->c_protocol;
- ldap_set_option( lsc->ld, LDAP_OPT_PROTOCOL_VERSION, &vers );
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_PROTOCOL_VERSION, &vers );
/* FIXME: configurable? */
- ldap_set_option(lsc->ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON);
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
/*
* Set the network timeout if set
*/
if (li->network_timeout != 0){
- struct timeval network_timeout;
+ struct timeval network_timeout;
network_timeout.tv_usec = 0;
network_timeout.tv_sec = li->network_timeout;
- ldap_set_option( lsc->ld, LDAP_OPT_NETWORK_TIMEOUT, (void *) &network_timeout);
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_NETWORK_TIMEOUT,
+ (void *)&network_timeout );
}
/*
* Sets a cookie for the rewrite session
*/
- ( void )rewrite_session_init( lt->rwmap.rwm_rw, op->o_conn );
+ ( void )rewrite_session_init( lt->mt_rwmap.rwm_rw, op->o_conn );
/*
- * If the connection dn is not null, an attempt to rewrite it is made
+ * If the connection DN is not null, an attempt to rewrite it is made
*/
if ( op->o_conn->c_dn.bv_len != 0 ) {
- dc.rwmap = <->rwmap;
+ dc.rwmap = <->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDN";
* Rewrite the bind dn if needed
*/
if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
- &lsc->bound_dn) ) {
+ &lsc->msc_bound_ndn ) )
+ {
send_ldap_result( op, rs );
return rs->sr_err;
}
/* copy the DN idf needed */
- if ( lsc->bound_dn.bv_val == op->o_conn->c_dn.bv_val ) {
- ber_dupbv( &lsc->bound_dn, &op->o_conn->c_dn );
+ if ( lsc->msc_bound_ndn.bv_val == op->o_conn->c_dn.bv_val ) {
+ ber_dupbv( &lsc->msc_bound_ndn, &op->o_conn->c_dn );
}
- assert( lsc->bound_dn.bv_val );
+ assert( lsc->msc_bound_ndn.bv_val );
} else {
- ber_str2bv( "", 0, 1, &lsc->bound_dn );
+ ber_str2bv( "", 0, 1, &lsc->msc_bound_ndn );
}
- lsc->bound = META_UNBOUND;
+ lsc->msc_bound = META_UNBOUND;
/*
* The candidate is activated
*/
- lsc->candidate = META_CANDIDATE;
+ lsc->msc_candidate = META_CANDIDATE;
return LDAP_SUCCESS;
}
int *candidate )
{
struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct metaconn *lc, lc_curr;
- int cached = -1, i = -1, err = LDAP_SUCCESS;
- int new_conn = 0;
+ struct metaconn *lc, lc_curr;
+ int cached = META_TARGET_NONE,
+ i = META_TARGET_NONE,
+ err = LDAP_SUCCESS,
+ new_conn = 0;
/* Searches for a metaconn in the avl tree */
- lc_curr.conn = op->o_conn;
+ lc_curr.mc_conn = op->o_conn;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
lc = (struct metaconn *)avl_find( li->conntree,
(caddr_t)&lc_curr, meta_back_conn_cmp );
/* Looks like we didn't get a bind. Open a new session... */
if ( !lc ) {
lc = metaconn_alloc( li->ntargets );
- lc->conn = op->o_conn;
+ lc->mc_conn = op->o_conn;
new_conn = 1;
}
+ /*
+ * require all connections ...
+ */
+ if ( op_type == META_OP_REQUIRE_ALL ) {
+ for ( i = 0; i < li->ntargets; i++ ) {
+
+ /*
+ * The target is activated; if needed, it is
+ * also init'd
+ */
+ int lerr = init_one_conn( op, rs, li->targets[ i ],
+ &lc->mc_conns[ i ] );
+ if ( lerr != LDAP_SUCCESS ) {
+
+ /*
+ * FIXME: in case one target cannot
+ * be init'd, should the other ones
+ * be tried?
+ */
+ ( void )meta_clear_one_candidate( &lc->mc_conns[ i ], 1 );
+ err = lerr;
+ continue;
+ }
+ }
+ goto done;
+ }
+
/*
* looks in cache, if any
*/
* tries to get a unique candidate
* (takes care of default target
*/
- if ( i < 0 ) {
+ if ( i == META_TARGET_NONE ) {
i = meta_back_select_unique_candidate( li, ndn );
}
/*
* if any is found, inits the connection
*/
- if ( i < 0 ) {
+ if ( i == META_TARGET_NONE ) {
if ( new_conn ) {
metaconn_free( lc );
}
}
Debug( LDAP_DEBUG_CACHE,
- "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n%s",
- i, ndn->bv_val, "" );
+ "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n",
+ i, ndn->bv_val, 0 );
/*
* Clear all other candidates
* sends the appropriate result.
*/
err = init_one_conn( op, rs, li->targets[ i ],
- &lc->conns[ i ] );
+ &lc->mc_conns[ i ] );
if ( err != LDAP_SUCCESS ) {
/*
* be init'd, should the other ones
* be tried?
*/
- ( void )meta_clear_one_candidate( &lc->conns[ i ], 1 );
+ ( void )meta_clear_one_candidate( &lc->mc_conns[ i ], 1 );
if ( new_conn ) {
metaconn_free( lc );
}
*candidate = i;
}
- /*
- * require all connections ...
- */
- } else if (op_type == META_OP_REQUIRE_ALL) {
- for ( i = 0; i < li->ntargets; i++ ) {
-
- /*
- * The target is activated; if needed, it is
- * also init'd
- */
- int lerr = init_one_conn( op, rs, li->targets[ i ],
- &lc->conns[ i ] );
- if ( lerr != LDAP_SUCCESS ) {
-
- /*
- * FIXME: in case one target cannot
- * be init'd, should the other ones
- * be tried?
- */
- ( void )meta_clear_one_candidate( &lc->conns[ i ], 1 );
- err = lerr;
- continue;
- }
- }
-
/*
* if no unique candidate ...
*/
} else {
for ( i = 0; i < li->ntargets; i++ ) {
if ( i == cached
- || meta_back_is_candidate( &li->targets[ i ]->suffix, ndn ) ) {
+ || meta_back_is_candidate( &li->targets[ i ]->mt_nsuffix, ndn ) )
+ {
/*
* The target is activated; if needed, it is
*/
int lerr = init_one_conn( op, rs,
li->targets[ i ],
- &lc->conns[ i ] );
+ &lc->mc_conns[ i ] );
if ( lerr != LDAP_SUCCESS ) {
/*
* be init'd, should the other ones
* be tried?
*/
- ( void )meta_clear_one_candidate( &lc->conns[ i ], 1 );
+ ( void )meta_clear_one_candidate( &lc->mc_conns[ i ], 1 );
err = lerr;
continue;
}
}
}
+done:;
/* clear out init_one_conn non-fatal errors */
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_getconn: conn %ld inserted\n%s%s",
- lc->conn->c_connid, "", "" );
+ "=>meta_back_getconn: conn %ld inserted\n",
+ lc->mc_conn->c_connid, 0, 0 );
/*
* Err could be -1 in case a duplicate metaconn is inserted
metaconn_free( lc );
return NULL;
}
+
} else {
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_getconn: conn %ld fetched\n%s%s",
- lc->conn->c_connid, "", "" );
+ "=>meta_back_getconn: conn %ld fetched\n",
+ lc->mc_conn->c_connid, 0, 0 );
}
return lc;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
return -1;
}
- if ( !meta_back_dobind( lc, op )
- || !meta_back_is_valid( lc, candidate ) ) {
+ if ( !meta_back_dobind( lc, op ) ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+
+ } else if ( !meta_back_is_valid( lc, candidate ) ) {
rs->sr_err = LDAP_OTHER;
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
return -1;
}
/*
* Rewrite the compare dn, if needed
*/
- dc.rwmap = &li->targets[ candidate ]->rwmap;
+ dc.rwmap = &li->targets[ candidate ]->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "deleteDN";
return -1;
}
- ldap_delete_s( lc->conns[ candidate ].ld, mdn.bv_val );
+ (void)ldap_delete_ext_s( lc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ NULL, NULL );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
+ BER_BVZERO( &mdn );
}
return meta_back_op_result( lc, op, rs );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
{
struct metadncacheentry tmp_entry, *entry;
time_t curr_time;
- int target = -1;
+ int target = META_TARGET_NONE;
assert( cache );
assert( ndn );
*/
if ( cache->ttl < 0 ) {
target = entry->target;
+
} else {
/*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
} /* else: do the search */
candidate = meta_back_select_unique_candidate( li, gr_ndn );
- if ( candidate == -1 ) {
+ if ( candidate == META_TARGET_NONE ) {
goto cleanup;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
void *v_lc
)
{
- struct metaconn *lc = v_lc;
- struct metasingleconn *lsc;
+ struct metaconn *lc = v_lc;
+ struct metasingleconn *lsc;
- for ( lsc = lc->conns; !META_LAST(lsc); lsc++ ) {
- if ( lsc->ld != NULL ) {
- ldap_unbind( lsc->ld );
+ for ( lsc = lc->mc_conns; !META_LAST( lsc ); lsc++ ) {
+ if ( lsc->msc_ld != NULL ) {
+ ldap_unbind_ext_s( lsc->msc_ld, NULL, NULL );
}
- if ( lsc->bound_dn.bv_val ) {
- ber_memfree( lsc->bound_dn.bv_val );
+ if ( !BER_BVISNULL( &lsc->msc_bound_ndn ) ) {
+ ber_memfree( lsc->msc_bound_ndn.bv_val );
}
- if ( lsc->cred.bv_val ) {
- memset( lsc->cred.bv_val, 0, lsc->cred.bv_len );
- ber_memfree( lsc->cred.bv_val );
+ if ( !BER_BVISNULL( &lsc->msc_cred ) ) {
+ /* destroy sensitive data */
+ memset( lsc->msc_cred.bv_val, 0, lsc->msc_cred.bv_len );
+ ber_memfree( lsc->msc_cred.bv_val );
}
}
- free( lc->conns );
+ free( lc->mc_conns );
free( lc );
}
struct metatarget *lt
)
{
- if ( lt->uri ) {
- free( lt->uri );
+ if ( lt->mt_uri ) {
+ free( lt->mt_uri );
}
- if ( lt->psuffix.bv_val ) {
- free( lt->psuffix.bv_val );
+ if ( !BER_BVISNULL( <->mt_psuffix ) ) {
+ free( lt->mt_psuffix.bv_val );
}
- if ( lt->suffix.bv_val ) {
- free( lt->suffix.bv_val );
+ if ( !BER_BVISNULL( <->mt_nsuffix ) ) {
+ free( lt->mt_nsuffix.bv_val );
}
- if ( lt->binddn.bv_val ) {
- free( lt->binddn.bv_val );
+ if ( !BER_BVISNULL( <->mt_binddn ) ) {
+ free( lt->mt_binddn.bv_val );
}
- if ( lt->bindpw.bv_val ) {
- free( lt->bindpw.bv_val );
+ if ( !BER_BVISNULL( <->mt_bindpw ) ) {
+ free( lt->mt_bindpw.bv_val );
}
- if ( lt->pseudorootdn.bv_val ) {
- free( lt->pseudorootdn.bv_val );
+ if ( !BER_BVISNULL( <->mt_pseudorootdn ) ) {
+ free( lt->mt_pseudorootdn.bv_val );
}
- if ( lt->pseudorootpw.bv_val ) {
- free( lt->pseudorootpw.bv_val );
+ if ( !BER_BVISNULL( <->mt_pseudorootpw ) ) {
+ free( lt->mt_pseudorootpw.bv_val );
}
- if ( lt->rwmap.rwm_rw ) {
- rewrite_info_delete( <->rwmap.rwm_rw );
+ if ( lt->mt_rwmap.rwm_rw ) {
+ rewrite_info_delete( <->mt_rwmap.rwm_rw );
}
- avl_free( lt->rwmap.rwm_oc.remap, NULL );
- avl_free( lt->rwmap.rwm_oc.map, mapping_free );
- avl_free( lt->rwmap.rwm_at.remap, NULL );
- avl_free( lt->rwmap.rwm_at.map, mapping_free );
+ avl_free( lt->mt_rwmap.rwm_oc.remap, NULL );
+ avl_free( lt->mt_rwmap.rwm_oc.map, mapping_free );
+ avl_free( lt->mt_rwmap.rwm_at.remap, NULL );
+ avl_free( lt->mt_rwmap.rwm_at.map, mapping_free );
}
int
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2003 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
struct ldapmapping *map2 = (struct ldapmapping *)c2;
int rc = map1->src.bv_len - map2->src.bv_len;
if (rc) return rc;
- return ( strcasecmp(map1->src.bv_val, map2->src.bv_val) );
+ return ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) );
}
int
struct ldapmapping *map1 = (struct ldapmapping *)c1;
struct ldapmapping *map2 = (struct ldapmapping *)c2;
- return( ( strcasecmp(map1->src.bv_val, map2->src.bv_val) == 0 ) ? -1 : 0 );
+ return ( ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) == 0 ) ? -1 : 0 );
}
void
Avlnode *tree;
struct ldapmapping *mapping, fmapping;
- if (remap == BACKLDAP_REMAP)
+ if ( remap == BACKLDAP_REMAP ) {
tree = map->remap;
- else
+ } else {
tree = map->map;
+ }
- bv->bv_len = 0;
- bv->bv_val = NULL;
+ BER_BVZERO( bv );
fmapping.src = *s;
mapping = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
- if (mapping != NULL) {
- if ( mapping->dst.bv_val )
+ if ( mapping != NULL ) {
+ if ( !BER_BVISNULL( &mapping->dst ) ) {
*bv = mapping->dst;
+ }
return;
}
- if (!map->drop_missing)
+ if ( !map->drop_missing ) {
*bv = *s;
+ }
return;
}
char **na;
struct berval mapped;
- if (an == NULL) {
+ if ( an == NULL ) {
*mapped_attrs = NULL;
return LDAP_SUCCESS;
}
- for (i = 0; an[i].an_name.bv_val; i++) {
- /* */
- }
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
+ /* */ ;
na = (char **)ch_calloc( i + 1, sizeof(char *) );
- if (na == NULL) {
+ if ( na == NULL ) {
*mapped_attrs = NULL;
return LDAP_NO_MEMORY;
}
- for (i = j = 0; an[i].an_name.bv_val; i++) {
- ldap_back_map(at_map, &an[i].an_name, &mapped, remap);
- if (mapped.bv_val != NULL && mapped.bv_val != '\0')
+ for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
+ ldap_back_map( at_map, &an[i].an_name, &mapped, remap );
+ if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
na[j++] = mapped.bv_val;
+ }
}
- if (j == 0 && i != 0)
+ if ( j == 0 && i != 0 ) {
na[j++] = LDAP_NO_ATTRS;
+ }
na[j] = NULL;
*mapped_attrs = na;
int freeval = 0;
ldap_back_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
- if ( mapped_attr->bv_val == NULL || mapped_attr->bv_val[0] == '\0') {
+ if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
/*
* FIXME: are we sure we need to search oc_map if at_map fails?
*/
ldap_back_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap );
- if ( mapped_attr->bv_val == NULL || mapped_attr->bv_val[0] == '\0' ) {
+ if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
*mapped_attr = ad->ad_cname;
}
}
} else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
ldap_back_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
- if ( vtmp.bv_val == NULL || vtmp.bv_val[0] == '\0' ) {
+ if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
vtmp = *value;
}
/* cannot be a DN ... */
- fstr->bv_len = atmp.bv_len + ( sizeof("(=*)") - 1 );
- fstr->bv_val = malloc( fstr->bv_len + 128 );
+ fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
+ fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
- if ( f->f_sub_initial.bv_val != NULL ) {
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
len = fstr->bv_len;
filter_escape_value( &f->f_sub_initial, &vtmp );
}
if ( f->f_sub_any != NULL ) {
- for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
len = fstr->bv_len;
filter_escape_value( &f->f_sub_any[i], &vtmp );
}
}
- if ( f->f_sub_final.bv_val != NULL ) {
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
len = fstr->bv_len;
filter_escape_value( &f->f_sub_final, &vtmp );
return -1;
}
- fstr->bv_len = atmp.bv_len + ( sizeof("(=*)") - 1 );
+ fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
fstr->bv_val = malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
case LDAP_FILTER_AND:
case LDAP_FILTER_OR:
case LDAP_FILTER_NOT:
- fstr->bv_len = sizeof("(%)") - 1;
- fstr->bv_val = malloc( fstr->bv_len + 128 );
+ fstr->bv_len = STRLENOF( "(%)" );
+ fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128? */
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
f->f_choice == LDAP_FILTER_AND ? '&' :
}
} else {
- atmp.bv_len = 0;
- atmp.bv_val = "";
-
+ BER_BVSTR( &atmp, "" );
filter_escape_value( &f->f_mr_value, &vtmp );
}
-
+ /* FIXME: cleanup (less ?: operators...) */
fstr->bv_len = atmp.bv_len +
- ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
- ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
- vtmp.bv_len + ( sizeof("(:=)") - 1 );
+ ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
+ ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
+ vtmp.bv_len + ( STRLENOF( "(:=)" ) );
fstr->bv_val = malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
atmp.bv_val,
f->f_mr_dnattrs ? ":dn" : "",
- f->f_mr_rule_text.bv_len ? ":" : "",
- f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
+ !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
vtmp.bv_val );
ber_memfree( vtmp.bv_val );
} break;
case REWRITE_REGEXEC_OK:
if ( !BER_BVISNULL( fstr ) ) {
fstr->bv_len = strlen( fstr->bv_val );
+
} else {
*fstr = ftmp;
}
continue;
}
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
rc = ldap_back_dn_massage( dc, &olddn, &dn );
newurl = ldap_url_desc2str( ludp );
if ( newurl == NULL ) {
/* FIXME: leave attr untouched
- * even if ldap_url_desc2str failed... */
+ * even if ldap_url_desc2str failed...
+ */
break;
}
struct berval bv;
int i, last;
- for ( last = 0; a_vals[last].bv_val != NULL; last++ );
+ assert( a_vals != NULL );
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
last--;
- for ( i = 0; a_vals[i].bv_val != NULL; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
* it should be when searching (e.g. ACLs).
*/
ch_free( a_vals[i].bv_val );
- if (last > i ) {
+ if ( last > i ) {
a_vals[i] = a_vals[last];
}
- a_vals[last].bv_len = 0;
- a_vals[last].bv_val = NULL;
+ BER_BVZERO( &a_vals[last] );
last--;
break;
default:
/* leave attr untouched if massage failed */
- if ( bv.bv_val && bv.bv_val != a_vals[i].bv_val ) {
+ if ( !BER_BVISNULL( &bv ) && bv.bv_val != a_vals[i].bv_val ) {
ch_free( a_vals[i].bv_val );
a_vals[i] = bv;
}
struct berval bv;
int i, last;
- for ( last = 0; a_vals[last].bv_val; last++ );
+ assert( a_vals != NULL );
+
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
last--;
- for ( i = 0; a_vals[i].bv_val; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
default:
/* leave attr untouched if massage failed */
- if ( bv.bv_val && a_vals[i].bv_val != bv.bv_val ) {
+ if ( !BER_BVISNULL( &bv ) && a_vals[i].bv_val != bv.bv_val ) {
LBER_FREE( a_vals[i].bv_val );
a_vals[i] = bv;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
int
meta_back_modify( Operation *op, SlapReply *rs )
{
- struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct metaconn *lc;
- int rc = 0;
- LDAPMod **modv = NULL;
- LDAPMod *mods = NULL;
- Modifications *ml;
- int candidate = -1, i;
- struct berval mdn = BER_BVNULL;
- struct berval mapped;
- dncookie dc;
+ struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
+ struct metaconn *lc;
+ int rc = 0;
+ LDAPMod **modv = NULL;
+ LDAPMod *mods = NULL;
+ Modifications *ml;
+ int candidate = -1, i;
+ int isupdate;
+ struct berval mdn = BER_BVNULL;
+ struct berval mapped;
+ dncookie dc;
lc = meta_back_getconn( op, rs, META_OP_REQUIRE_SINGLE,
&op->o_req_ndn, &candidate );
goto cleanup;
}
- if ( !meta_back_dobind( lc, op )
- || !meta_back_is_valid( lc, candidate ) ) {
+ if ( !meta_back_dobind( lc, op ) ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+
+ } else if ( !meta_back_is_valid( lc, candidate ) ) {
rs->sr_err = LDAP_OTHER;
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
rc = -1;
goto cleanup;
}
/*
* Rewrite the modify dn, if needed
*/
- dc.rwmap = &li->targets[ candidate ]->rwmap;
+ dc.rwmap = &li->targets[ candidate ]->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "modifyDN";
goto cleanup;
}
- for ( i = 0, ml = op->oq_modify.rs_modlist; ml; i++ ,ml = ml->sml_next )
+ for ( i = 0, ml = op->orm_modlist; ml; i++ ,ml = ml->sml_next )
;
mods = ch_malloc( sizeof( LDAPMod )*i );
}
dc.ctx = "modifyAttrDN";
- for ( i = 0, ml = op->oq_modify.rs_modlist; ml; ml = ml->sml_next ) {
- int j;
+ isupdate = be_shadow_update( op );
+ for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ int j, is_oc = 0;
- if ( ml->sml_desc->ad_type->sat_no_user_mod ) {
+ if ( !isupdate && ml->sml_desc->ad_type->sat_no_user_mod ) {
continue;
}
- ldap_back_map( &li->targets[ candidate ]->rwmap.rwm_at,
- &ml->sml_desc->ad_cname, &mapped,
- BACKLDAP_MAP );
- if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) {
- continue;
+ if ( ml->sml_desc == slap_schema.si_ad_objectClass
+ || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
+ {
+ is_oc = 1;
+ mapped = ml->sml_desc->ad_cname;
+
+ } else {
+ ldap_back_map( &li->targets[ candidate ]->mt_rwmap.rwm_at,
+ &ml->sml_desc->ad_cname, &mapped,
+ BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
+ continue;
+ }
}
modv[ i ] = &mods[ i ];
* to allow their use in ACLs at the back-ldap
* level.
*/
- if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
- ( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
- }
-
- if ( ml->sml_values != NULL ){
- for (j = 0; ml->sml_values[ j ].bv_val; j++);
- mods[ i ].mod_bvalues = (struct berval **)ch_malloc((j+1) *
- sizeof(struct berval *));
- for (j = 0; ml->sml_values[ j ].bv_val; j++)
- mods[ i ].mod_bvalues[ j ] = &ml->sml_values[j];
- mods[ i ].mod_bvalues[ j ] = NULL;
+ if ( ml->sml_values != NULL ) {
+ if ( is_oc ) {
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ ;
+ mods[ i ].mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 ) *
+ sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
+ ldap_back_map( &li->targets[ candidate ]->mt_rwmap.rwm_oc,
+ &ml->sml_values[ j ],
+ &mapped, BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) )
+ {
+ continue;
+ }
+ mods[ i ].mod_bvalues[ j ] = &mapped;
+ }
+ mods[ i ].mod_bvalues[ j ] = NULL;
+
+ } else {
+ if ( ml->sml_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName )
+ {
+ ( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
+ if ( ml->sml_values == NULL ) {
+ continue;
+ }
+ }
+
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
+ ;
+ mods[ i ].mod_bvalues =
+ (struct berval **)ch_malloc( ( j + 1 ) *
+ sizeof( struct berval * ) );
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
+ mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
+ }
+ mods[ i ].mod_bvalues[ j ] = NULL;
+ }
} else {
mods[ i ].mod_bvalues = NULL;
}
modv[ i ] = 0;
- ldap_modify_s( lc->conns[ candidate ].ld, mdn.bv_val, modv );
+ rs->sr_err = ldap_modify_ext_s( lc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ modv, NULL, NULL );
cleanup:;
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
+ BER_BVZERO( &mdn );
}
if ( modv != NULL ) {
- for ( i = 0; modv[ i ]; i++) {
+ for ( i = 0; modv[ i ]; i++ ) {
free( modv[ i ]->mod_bvalues );
}
}
free( mods );
free( modv );
-
- if ( rc == 0 ) {
- return meta_back_op_result( lc, op, rs ) == LDAP_SUCCESS
- ? 0 : 1;
- } /* else */
+ if ( rc != -1 ) {
+ return meta_back_op_result( lc, op, rs );
+ }
+
send_ldap_result( op, rs );
- return rc;
+ return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
goto cleanup;
}
- if ( !meta_back_dobind( lc, op )
- || !meta_back_is_valid( lc, candidate ) ) {
+ assert( candidate != META_TARGET_NONE );
+
+ if ( !meta_back_dobind( lc, op ) ) {
+ rs->sr_err = LDAP_UNAVAILABLE;
+
+ } else if ( !meta_back_is_valid( lc, candidate ) ) {
rs->sr_err = LDAP_OTHER;
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
rc = -1;
goto cleanup;
}
dc.conn = op->o_conn;
dc.rs = rs;
- if ( op->oq_modrdn.rs_newSup ) {
+ if ( op->orr_newSup ) {
int nsCandidate, version = LDAP_VERSION3;
nsCandidate = meta_back_select_unique_candidate( li,
- op->oq_modrdn.rs_nnewSup );
+ op->orr_nnewSup );
if ( nsCandidate != candidate ) {
/*
* FIXME: is this the correct return code?
*/
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "cross-target rename not supported";
rc = -1;
goto cleanup;
}
- ldap_set_option( lc->conns[ nsCandidate ].ld,
+ ldap_set_option( lc->mc_conns[ nsCandidate ].msc_ld,
LDAP_OPT_PROTOCOL_VERSION, &version );
/*
* Rewrite the new superior, if defined and required
*/
- dc.rwmap = &li->targets[ nsCandidate ]->rwmap;
+ dc.rwmap = &li->targets[ nsCandidate ]->mt_rwmap;
dc.ctx = "newSuperiorDN";
- if ( ldap_back_dn_massage( &dc, op->oq_modrdn.rs_newSup, &mnewSuperior ) ) {
+ if ( ldap_back_dn_massage( &dc, op->orr_newSup, &mnewSuperior ) ) {
rc = -1;
goto cleanup;
}
/*
* Rewrite the modrdn dn, if required
*/
- dc.rwmap = &li->targets[ candidate ]->rwmap;
+ dc.rwmap = &li->targets[ candidate ]->mt_rwmap;
dc.ctx = "modrDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
rc = -1;
goto cleanup;
}
- ldap_rename2_s( lc->conns[ candidate ].ld, mdn.bv_val,
- op->oq_modrdn.rs_newrdn.bv_val,
+ rc = ldap_rename_s( lc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ op->orr_newrdn.bv_val,
mnewSuperior.bv_val,
- op->oq_modrdn.rs_deleteoldrdn );
+ op->orr_deleteoldrdn,
+ NULL, NULL ) != LDAP_SUCCESS;
cleanup:;
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
+ BER_BVZERO( &mdn );
}
- if ( mnewSuperior.bv_val != NULL
- && mnewSuperior.bv_val != op->oq_modrdn.rs_newSup->bv_val ) {
+ if ( !BER_BVISNULL( &mnewSuperior )
+ && mnewSuperior.bv_val != op->orr_newSup->bv_val )
+ {
free( mnewSuperior.bv_val );
+ BER_BVZERO( &mnewSuperior );
}
if ( rc == 0 ) {
} /* else */
send_ldap_result( op, rs );
- return rc;
+ return rc;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
}
if ( !meta_back_dobind( lc, op ) ) {
- rs->sr_err = LDAP_OTHER;
+ rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_result( op, rs );
return -1;
}
/*
* Inits searches
*/
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); ++i, ++lsc ) {
struct berval realbase = op->o_req_dn;
int realscope = op->ors_scope;
ber_len_t suffixlen = 0;
struct berval mfilter = BER_BVNULL;
char **mapped_attrs = NULL;
- if ( lsc->candidate != META_CANDIDATE ) {
+ if ( lsc->msc_candidate != META_CANDIDATE ) {
msgid[ i ] = -1;
continue;
}
/* should we check return values? */
if ( op->ors_deref != -1 ) {
- ldap_set_option( lsc->ld, LDAP_OPT_DEREF,
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_DEREF,
( void * )&op->ors_deref);
}
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
- ldap_set_option( lsc->ld, LDAP_OPT_TIMELIMIT,
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_TIMELIMIT,
( void * )&op->ors_tlimit);
}
if ( op->ors_slimit != SLAP_NO_LIMIT ) {
- ldap_set_option( lsc->ld, LDAP_OPT_SIZELIMIT,
+ ldap_set_option( lsc->msc_ld, LDAP_OPT_SIZELIMIT,
( void * )&op->ors_slimit);
}
- dc.rwmap = &li->targets[ i ]->rwmap;
+ dc.rwmap = &li->targets[ i ]->mt_rwmap;
/*
* modifies the base according to the scope, if required
*/
- suffixlen = li->targets[ i ]->suffix.bv_len;
+ suffixlen = li->targets[ i ]->mt_nsuffix.bv_len;
if ( suffixlen > op->o_req_ndn.bv_len ) {
switch ( op->ors_scope ) {
case LDAP_SCOPE_SUBTREE:
* illegal bases may be turned into
* the suffix of the target.
*/
- if ( dnIsSuffix( &li->targets[ i ]->suffix,
+ if ( dnIsSuffix( &li->targets[ i ]->mt_nsuffix,
&op->o_req_ndn ) ) {
- realbase = li->targets[ i ]->suffix;
+ realbase = li->targets[ i ]->mt_nsuffix;
is_scope++;
} else {
case LDAP_SCOPE_ONELEVEL:
{
- struct berval rdn = li->targets[ i ]->suffix;
+ struct berval rdn = li->targets[ i ]->mt_nsuffix;
rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn )
- && dnIsSuffix( &li->targets[ i ]->suffix, &op->o_req_ndn ) )
+ && dnIsSuffix( &li->targets[ i ]->mt_nsuffix, &op->o_req_ndn ) )
{
/*
* if there is exactly one level,
* make the target suffix the new
* base, and make scope "base"
*/
- realbase = li->targets[ i ]->suffix;
+ realbase = li->targets[ i ]->mt_nsuffix;
realscope = LDAP_SCOPE_BASE;
is_scope++;
break;
/*
* Maps required attributes
*/
- rc = ldap_back_map_attrs( &li->targets[ i ]->rwmap.rwm_at,
+ rc = ldap_back_map_attrs( &li->targets[ i ]->mt_rwmap.rwm_at,
op->ors_attrs, BACKLDAP_MAP,
&mapped_attrs );
if ( rc != LDAP_SUCCESS ) {
/*
* Starts the search
*/
- msgid[ i ] = ldap_search( lsc->ld, mbase.bv_val, realscope,
- mfilter.bv_val, mapped_attrs,
- op->ors_attrsonly );
+ rc = ldap_search_ext( lsc->msc_ld,
+ mbase.bv_val, realscope, mfilter.bv_val,
+ mapped_attrs, op->ors_attrsonly,
+ NULL, NULL,
+ NULL, op->ors_slimit, &msgid[ i ] );
if ( mapped_attrs ) {
free( mapped_attrs );
mapped_attrs = NULL;
}
if ( mfilter.bv_val != op->ors_filterstr.bv_val ) {
free( mfilter.bv_val );
- mfilter.bv_val = NULL;
+ BER_BVZERO( &mfilter );
}
if ( mbase.bv_val != realbase.bv_val ) {
free( mbase.bv_val );
- mbase.bv_val = NULL;
+ BER_BVZERO( &mbase );
}
- if ( msgid[ i ] == -1 ) {
+ if ( rc != LDAP_SUCCESS ) {
continue;
}
-
+
++candidates;
new_candidate:;
/* check for abandon */
ab = op->o_abandon;
- for ( i = 0, lsc = lc->conns; !META_LAST(lsc); lsc++, i++ ) {
+ for ( i = 0, lsc = lc->mc_conns; !META_LAST( lsc ); lsc++, i++ ) {
if ( msgid[ i ] == -1 ) {
continue;
}
if ( ab ) {
- ldap_abandon( lsc->ld, msgid[ i ] );
+ ldap_abandon_ext( lsc->msc_ld, msgid[ i ], NULL, NULL );
rc = 0;
break;
}
* get a LDAP_TIMELIMIT_EXCEEDED from
* one of them ...
*/
- rc = ldap_result( lsc->ld, msgid[ i ],
+ rc = ldap_result( lsc->msc_ld, msgid[ i ],
0, &tv, &res );
if ( rc == 0 ) {
continue;
} else if ( rc == -1 ) {
+really_bad:;
/* something REALLY bad happened! */
( void )meta_clear_unused_candidates( li,
lc, -1, 0 );
goto finish;
} else if ( rc == LDAP_RES_SEARCH_ENTRY ) {
- e = ldap_first_entry( lsc->ld, res );
+ e = ldap_first_entry( lsc->msc_ld, res );
meta_send_entry( op, rs, lc, i, e );
ldap_msgfree( res );
char **references = NULL;
int cnt;
- rc = ldap_parse_reference( lsc->ld, res,
+ rc = ldap_parse_reference( lsc->msc_ld, res,
&references, &rs->sr_ctrls, 1 );
res = NULL;
}
} else {
- rs->sr_err = ldap_result2error( lsc->ld,
- res, 1 );
+ if ( ldap_parse_result( lsc->msc_ld, res,
+ &rs->sr_err,
+ NULL, NULL, NULL, NULL, 1 ) )
+ {
+ res = NULL;
+ goto really_bad;
+ }
res = NULL;
sres = slap_map_api2result( rs );
if ( err != NULL ) {
free( err );
}
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_ERROR_STRING, &err );
if ( match.bv_val != NULL ) {
free( match.bv_val );
}
- ldap_get_option( lsc->ld,
+ ldap_get_option( lsc->msc_ld,
LDAP_OPT_MATCHED_DN, &match.bv_val );
Debug( LDAP_DEBUG_ANY,
if ( gotit == 0 ) {
tv.tv_sec = 0;
- tv.tv_usec = 100000;
+ tv.tv_usec = 100000; /* 0.1 s */
ldap_pvt_thread_yield();
+
} else {
tv.tv_sec = 0;
tv.tv_usec = 0;
if ( candidate_match == initial_candidates
&& match.bv_val != NULL && *match.bv_val ) {
dc.ctx = "matchedDN";
- dc.rwmap = &li->targets[ last ]->rwmap;
+ dc.rwmap = &li->targets[ last ]->mt_rwmap;
if ( ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
mmatch.bv_val = NULL;
/*
* Rewrite the dn of the result, if needed
*/
- dc.rwmap = &li->targets[ target ]->rwmap;
+ dc.rwmap = &li->targets[ target ]->mt_rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "searchResult";
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int last = 0;
- ldap_back_map( &li->targets[ target ]->rwmap.rwm_at,
+ ldap_back_map( &li->targets[ target ]->mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) {
continue;
if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
|| attr->a_vals == NULL ) {
- attr->a_vals = &slap_dummy_bv;
+ attr->a_vals = (struct berval *)&slap_dummy_bv;
} else if ( attr->a_desc == slap_schema.si_ad_objectClass
|| attr->a_desc == slap_schema.si_ad_structuralObjectClass ) {
for ( last = 0; attr->a_vals[ last ].bv_val; ++last );
for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
- ldap_back_map( &li->targets[ target ]->rwmap.rwm_oc,
+ ldap_back_map( &li->targets[ target ]->mt_rwmap.rwm_oc,
bv, &mapped, BACKLDAP_REMAP );
if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
free( bv->bv_val );
* everything pass thru the ldap backend.
*/
} else if ( attr->a_desc->ad_type->sat_syntax ==
- slap_schema.si_syn_distinguishedName ) {
+ slap_schema.si_syn_distinguishedName )
+ {
ldap_dnattr_result_rewrite( &dc, attr->a_vals );
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
{
int rc = 0;
- switch (rewrite_session( dc->rwmap->rwm_rw, dc->ctx, (dn->bv_len ? dn->bv_val : ""), dc->conn,
- &res->bv_val )) {
+ switch ( rewrite_session( dc->rwmap->rwm_rw, dc->ctx,
+ ( dn->bv_len ? dn->bv_val : "" ),
+ dc->conn, &res->bv_val ) )
+ {
case REWRITE_REGEXEC_OK:
if ( res->bv_val != NULL ) {
res->bv_len = strlen( res->bv_val );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
)
{
struct metainfo *li = ( struct metainfo * )be->be_private;
- struct metaconn *lc, lc_curr;
+ struct metaconn *lc,
+ lc_curr = { 0 };
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_conn_destroy: fetching conn %ld\n%s%s",
- conn->c_connid, "", "" );
+ "=>meta_back_conn_destroy: fetching conn %ld\n",
+ conn->c_connid, 0, 0 );
- lc_curr.conn = conn;
+ lc_curr.mc_conn = conn;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
lc = avl_delete( &li->conntree, ( caddr_t )&lc_curr,
int i;
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_conn_destroy: destroying conn %ld\n%s%s",
- lc->conn->c_connid, "", "" );
+ "=>meta_back_conn_destroy: destroying conn %ld\n",
+ lc->mc_conn->c_connid, 0, 0 );
/*
* Cleanup rewrite session
*/
for ( i = 0; i < li->ntargets; ++i ) {
- if ( lc->conns[ i ].ld == NULL ) {
+ if ( lc->mc_conns[ i ].msc_ld == NULL ) {
continue;
}
- rewrite_session_delete( li->targets[ i ]->rwmap.rwm_rw, conn );
- meta_clear_one_candidate( &lc->conns[ i ], 1 );
+ rewrite_session_delete( li->targets[ i ]->mt_rwmap.rwm_rw, conn );
+ meta_clear_one_candidate( &lc->mc_conns[ i ], 1 );
}
- free( lc->conns );
+ free( lc->mc_conns );
free( lc );
}
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
}
a->a_vals[ 0 ].bv_len = len;
AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
+
+ /* FIXME: touch modifyTimestamp? */
}
return( 0 );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
Modification *mod = &ml->sml_mod;
/*
- * accept all operational attributes
+ * accept all operational attributes;
+ * this includes modifersName and modifyTimestamp
+ * if lastmod is "on"
*/
if ( is_at_operational( mod->sm_desc->ad_type ) ) {
( void ) attr_delete( &e->e_attrs, mod->sm_desc );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
UI2BV( &a->a_vals[ 0 ], nCompleted );
ldap_pvt_mp_clear( nCompleted );
+ /* FIXME: touch modifyTimestamp? */
+
return( 0 );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* overlay.c - deals with overlay subsystem */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
a->a_vals[ 0 ].bv_len = len;
+ /* FIXME: touch modifyTimestamp? */
+
return( 0 );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
UI2BV( &a->a_vals[ 0 ], n );
ldap_pvt_mp_clear( n );
+ /* FIXME: touch modifyTimestamp? */
+
return 0;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
a->a_vals[ 0 ].bv_len = len;
AC_MEMCPY( a->a_vals[ 0 ].bv_val, buf, len + 1 );
+ /* FIXME: touch modifyTimestamp? */
+
return( 0 );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
assert( len == a->a_vals[ 0 ].bv_len );
AC_MEMCPY( a->a_vals[ 0 ].bv_val, tmbuf, len );
+
+ /* FIXME: touch modifyTimestamp? */
}
return( 0 );
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "slap.h"
-/*
- * former external.h
- */
-
-extern BI_init null_back_initialize;
-
-extern BI_db_init null_back_db_init;
-extern BI_db_destroy null_back_db_destroy;
-extern BI_db_config null_back_db_config;
-
-extern BI_op_bind null_back_bind;
-extern BI_op_search null_back_search;
-extern BI_op_compare null_back_compare;
-extern BI_op_modify null_back_modify;
-extern BI_op_modrdn null_back_modrdn;
-extern BI_op_add null_back_add;
-extern BI_op_delete null_back_delete;
-
struct null_info {
int bind_allowed;
};
-int
+static int
null_back_bind( Operation *op, SlapReply *rs )
{
struct null_info *ni = (struct null_info *) op->o_bd->be_private;
if ( ni->bind_allowed ) {
/* front end will send result on success (0) */
- return 0;
+ return LDAP_SUCCESS;
}
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
- return 1;
+ return rs->sr_err;
}
/* add, delete, modify, modrdn, search */
-int
+static int
null_back_success( Operation *op, SlapReply *rs )
{
rs->sr_err = LDAP_SUCCESS;
}
/* compare */
-int
+static int
null_back_false( Operation *op, SlapReply *rs )
{
rs->sr_err = LDAP_COMPARE_FALSE;
return 0;
}
-int
+static int
null_back_db_config(
BackendDB *be,
const char *fname,
- int lineno,
- int argc,
+ int lineno,
+ int argc,
char **argv )
{
struct null_info *ni = (struct null_info *) be->be_private;
return 0;
}
-
-int
+static int
null_back_db_init( BackendDB *be )
{
struct null_info *ni;
return 0;
}
-int
-null_back_db_destroy(
- Backend *be
-)
+static int
+null_back_db_destroy( Backend *be )
{
free( be->be_private );
return 0;
int
-null_back_initialize(
- BackendInfo *bi
-)
+null_back_initialize( BackendInfo *bi )
{
bi->bi_open = 0;
bi->bi_close = 0;
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## Portions Copyright 1999 John C. Quillan.
## All rights reserved.
##
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## Portions Copyright 1999 John C. Quillan.
## All rights reserved.
##
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
# Makefile.in for back-relay
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* back-relay.h - relay backend header file */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* config.c - relay backend configuration file routine */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* init.c - initialize relay backend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* op.c - relay backend operations */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
+
*/
#include "portable.h"
* - operational attributes
* - empty attributes
*/
+#define backsql_opattr_skip(ad) \
+ (is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref )
#define backsql_attr_skip(ad, vals) \
( \
( (ad) == slap_schema.si_ad_objectClass \
&& (vals) && BER_BVISNULL( &((vals)[ 1 ]) ) ) \
- || is_at_operational( (ad)->ad_type ) \
+ || backsql_opattr_skip( (ad) ) \
|| ( (vals) && BER_BVISNULL( &((vals)[ 0 ]) ) ) \
)
{
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
RETCODE rc;
- SQLHSTMT asth;
+ SQLHSTMT asth = SQL_NULL_HSTMT;
BACKSQL_ROW_NTS row;
assert( at );
/* first parameter no, parameter order */
SQLUSMALLINT pno, po;
/* procedure return code */
- int prc;
+ int prc = LDAP_SUCCESS;
for ( i = 0; i < row.ncols; i++ ) {
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
ber_len_t col_len;
rc = backsql_Prepare( dbh, &sth, at->bam_delete_proc, 0 );
pno + 2 - po, row.cols[ i ],
at->bam_delete_proc );
rc = SQLExecute( sth );
- if ( rc != SQL_SUCCESS ) {
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
Debug( LDAP_DEBUG_TRACE,
" backsql_modify_delete_all_values(): "
"delete_proc "
- "execution failed\n",
- 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env,
- dbh, sth, rc );
-
- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ "execution failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = op->ora_e->e_name.bv_val;
SQLFreeStmt( sth, SQL_DROP );
- rs->sr_text = "SQL-backend error";
- return rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
+ {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = op->ora_e->e_name.bv_val;
+ SQLFreeStmt( sth, SQL_DROP );
+ return rs->sr_err;
+ }
}
}
SQLFreeStmt( sth, SQL_DROP );
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
RETCODE rc;
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
Modifications *ml;
Debug( LDAP_DEBUG_TRACE, "==>backsql_modify_internal(): "
#if 0
/* NOTE: some day we'll have to pass
* the normalized values as well */
- BerVarray nvalues;
+ BerVarray sm_nvalues;
#endif
backsql_at_map_rec *at = NULL;
struct berval *at_val;
/* first parameter position, parameter order */
SQLUSMALLINT pno, po;
/* procedure return code */
- int prc;
+ int prc = LDAP_SUCCESS;
ad = ml->sml_mod.sm_desc;
sm_op = ( ml->sml_mod.sm_op & LDAP_MOD_OP );
goto add_only;
}
-
+
del_all:
rs->sr_err = backsql_modify_delete_all_values( op, rs, dbh, e_id, at );
if ( rs->sr_err != LDAP_SUCCESS ) {
!BER_BVISNULL( at_val );
i++, at_val++ )
{
+ prc = LDAP_SUCCESS;
rc = backsql_Prepare( dbh, &sth, at->bam_delete_proc, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
"executing \"%s\"\n",
at->bam_delete_proc, 0, 0 );
rc = SQLExecute( sth );
- if ( rc != SQL_SUCCESS ) {
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
Debug( LDAP_DEBUG_TRACE,
" backsql_modify_internal(): "
"delete_proc execution "
- "failed\n", 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env,
- dbh, sth, rc );
-
- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
- SQLFreeStmt( sth, SQL_DROP );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
+ "failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = at->bam_ad->ad_cname.bv_val;
goto done;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env,
+ dbh, sth, rc );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
+ {
+ SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = at->bam_ad->ad_cname.bv_val;
+ goto done;
+ }
}
}
SQLFreeStmt( sth, SQL_DROP );
struct berval *at_val;
unsigned long i;
RETCODE rc;
- /* first parameter #, parameter order */
- SQLUSMALLINT pno, po;
- /* procedure return code */
- int prc;
SQLUSMALLINT currpos;
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
at_rec = backsql_ad2at( oc, at->a_desc );
Debug( LDAP_DEBUG_TRACE, " backsql_add_attr(\"%s\"): "
"attribute \"%s\" is not registered "
"in objectclass \"%s\"\n",
- op->oq_add.rs_e->e_name.bv_val,
+ op->ora_e->e_name.bv_val,
at->a_desc->ad_cname.bv_val,
BACKSQL_OC_NAME( oc ) );
"add procedure is not defined "
"for attribute \"%s\" "
"of structuralObjectClass \"%s\"\n",
- op->oq_add.rs_e->e_name.bv_val,
+ op->ora_e->e_name.bv_val,
at->a_desc->ad_cname.bv_val,
BACKSQL_OC_NAME( oc ) );
!BER_BVISNULL( at_val );
i++, at_val = &at->a_vals[ i ] )
{
- char logbuf[] = "val[18446744073709551615UL], id=18446744073709551615UL";
+ /* procedure return code */
+ int prc = LDAP_SUCCESS;
+ /* first parameter #, parameter order */
+ SQLUSMALLINT pno, po;
+ char logbuf[] = "val[18446744073709551615UL], id=18446744073709551615UL";
/*
* Do not deal with the objectClass that is used
i, new_keyval );
Debug( LDAP_DEBUG_TRACE, " backsql_add_attr(\"%s\"): "
"executing \"%s\" %s\n",
- op->oq_add.rs_e->e_name.bv_val,
+ op->ora_e->e_name.bv_val,
at_rec->bam_add_proc, logbuf );
#endif
rc = SQLExecute( sth );
- if ( rc != SQL_SUCCESS ) {
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
Debug( LDAP_DEBUG_TRACE,
" backsql_add_attr(\"%s\"): "
- "add_proc execution failed\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
-
- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ "add_proc execution failed (rc=%d, prc=%d)\n",
+ op->ora_e->e_name.bv_val, rc, prc );
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+ rs->sr_text = op->ora_e->e_name.bv_val;
SQLFreeStmt( sth, SQL_DROP );
- rs->sr_text = "SQL-backend error";
- return rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = op->ora_e->e_name.bv_val;
+ SQLFreeStmt( sth, SQL_DROP );
+ return rs->sr_err;
+ }
}
}
SQLFreeStmt( sth, SQL_DROP );
backsql_add( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
- SQLHDBC dbh;
- SQLHSTMT sth;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
unsigned long new_keyval = 0;
RETCODE rc;
backsql_oc_map_rec *oc = NULL;
- backsql_entryID parent_id = BACKSQL_ENTRYID_INIT;
- Entry p;
+ backsql_srch_info bsi = { 0 };
+ Entry p = { 0 }, *e = NULL;
Attribute *at,
*at_objectClass = NULL;
+ struct berval scname = BER_BVNULL;
struct berval pdn;
struct berval realdn = BER_BVNULL;
+ int colnum;
+ slap_mask_t mask;
#ifdef BACKSQL_SYNCPROV
/*
#endif /* BACKSQL_SYNCPROV */
Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
/* check schema */
if ( global_schemacheck ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
- rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e,
+ rs->sr_err = entry_schema_check( op->o_bd, op->ora_e,
NULL,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"entry failed schema check -- aborting\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
+ e = NULL;
goto done;
}
}
- /* search structural objectClass */
- for ( at = op->oq_add.rs_e->e_attrs; at != NULL; at = at->a_next ) {
+ /* search structuralObjectClass */
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {
break;
}
}
/* there must exist */
- assert( at != NULL );
+ if ( at == NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+ const char *text;
+
+ /* search structuralObjectClass */
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
+ if ( at->a_desc == slap_schema.si_ad_objectClass ) {
+ break;
+ }
+ }
+
+ if ( at == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "no objectClass\n",
+ op->ora_e->e_name.bv_val, 0, 0 );
+ rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+ e = NULL;
+ goto done;
+ }
+
+ rs->sr_err = structural_class( at->a_vals, &scname, NULL,
+ &text, buf, sizeof( buf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "%s (%d)\n",
+ op->ora_e->e_name.bv_val, text, rs->sr_err );
+ e = NULL;
+ goto done;
+ }
+
+ } else {
+ scname = at->a_vals[0];
+ }
/* I guess we should play with sub/supertypes to find a suitable oc */
- oc = backsql_name2oc( bi, &at->a_vals[0] );
+ oc = backsql_name2oc( bi, &scname );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"cannot map structuralObjectClass \"%s\" -- aborting\n",
- op->oq_add.rs_e->e_name.bv_val,
- at->a_vals[0].bv_val, 0 );
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
goto done;
}
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create procedure is not defined "
"for structuralObjectClass \"%s\" - aborting\n",
- op->oq_add.rs_e->e_name.bv_val,
- at->a_vals[0].bv_val, 0 );
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
goto done;
} else if ( BACKSQL_CREATE_NEEDS_SELECT( bi )
"create procedure needs select procedure, "
"but none is defined for structuralObjectClass \"%s\" "
"- aborting\n",
- op->oq_add.rs_e->e_name.bv_val,
- at->a_vals[0].bv_val, 0 );
+ op->ora_e->e_name.bv_val,
+ scname.bv_val, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
goto done;
}
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"could not get connection handle - exiting\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
+ e = NULL;
goto done;
}
/*
* Check if entry exists
+ *
+ * NOTE: backsql_api_dn2odbc() is called explicitly because
+ * we need the mucked DN to pass it to the create procedure.
*/
- realdn = op->oq_add.rs_e->e_name;
+ realdn = op->ora_e->e_name;
if ( backsql_api_dn2odbc( op, rs, &realdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"backsql_api_dn2odbc(\"%s\") failed\n",
- op->oq_add.rs_e->e_name.bv_val, realdn.bv_val, 0 );
+ op->ora_e->e_name.bv_val, realdn.bv_val, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
- rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &realdn, 0 );
+ rs->sr_err = backsql_dn2id( op, rs, dbh, &realdn, NULL, 0, 0 );
if ( rs->sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"entry exists\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
rs->sr_err = LDAP_ALREADY_EXISTS;
+ e = op->ora_e;
goto done;
}
/*
* Get the parent dn and see if the corresponding entry exists.
*/
- if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
+ if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
- dnParent( &op->oq_add.rs_e->e_nname, &pdn );
+ dnParent( &op->ora_e->e_nname, &pdn );
}
- rs->sr_err = backsql_dn2id( op, rs, &parent_id, dbh, &pdn, 1 );
+ /*
+ * Get the parent
+ */
+ bsi.bsi_e = &p;
+ rs->sr_err = backsql_init_search( &bsi, &pdn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
- "could not lookup parent entry for new record \"%s\"\n",
- op->oq_add.rs_e->e_name.bv_val, pdn.bv_val, 0 );
-
- if ( rs->sr_err != LDAP_NO_SUCH_OBJECT ) {
- goto done;
- }
-
- /*
- * no parent!
- * if not attempting to add entry at suffix or with parent ""
- */
- if ( ( ( !be_isroot( op ) && !be_shadow_update( op ) )
- || !BER_BVISEMPTY( &pdn ) ) && !is_entry_glue( op->oq_add.rs_e )
- && !BACKSQL_ALLOW_ORPHANS( bi ) )
- {
- Debug( LDAP_DEBUG_TRACE, " backsql_add: %s denied\n",
- BER_BVISEMPTY( &pdn ) ? "suffix" : "entry at root",
- 0, 0 );
- /*
- * Look for matched
- */
- while ( 1 ) {
- struct berval dn;
- char *matched = NULL;
-
- dn = pdn;
- dnParent( &dn, &pdn );
-
- /*
- * Empty DN ("") defaults to LDAP_SUCCESS
- */
- rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &pdn, 1 );
- switch ( rs->sr_err ) {
- case LDAP_NO_SUCH_OBJECT:
- if ( !BER_BVISEMPTY( &pdn ) ) {
- break;
- }
- /* fail over to next case */
-
- case LDAP_SUCCESS:
- matched = pdn.bv_val;
- /* fail over to next case */
-
- default:
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
- rs->sr_matched = matched;
- goto done;
- }
- }
- } else {
-
-#ifdef BACKSQL_ARBITRARY_KEY
- ber_str2bv( "SUFFIX", 0, 1, &parent_id.eid_id );
-#else /* ! BACKSQL_ARBITRARY_KEY */
- parent_id.eid_id = 0;
-#endif /* ! BACKSQL_ARBITRARY_KEY */
- rs->sr_err = LDAP_SUCCESS;
- }
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "could not retrieve addDN parent "
+ "\"%s\" ID - %s matched=\"%s\"\n",
+ pdn.bv_val,
+ rs->sr_err == LDAP_REFERRAL ? "referral" : "no such entry",
+ rs->sr_matched ? rs->sr_matched : "(null)" );
+ e = &p;
+ goto done;
}
/* check "children" pseudo-attribute access to parent */
- p.e_attrs = NULL;
- p.e_name = pdn;
- dnParent( &op->oq_add.rs_e->e_nname, &p.e_nname );
if ( !access_allowed( op, &p, slap_schema.si_ad_children,
- NULL, ACL_WRITE, NULL ) ) {
+ NULL, ACL_WRITE, NULL ) )
+ {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &p;
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, op->oq_add.rs_e, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = op->ora_e;
+ goto done;
+ }
+
+ if ( !access_allowed_mask( op, op->ora_e,
+ slap_schema.si_ad_entry,
+ NULL, ACL_WRITE, NULL, &mask ) )
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = op->ora_e;
goto done;
}
* the id of the added row; otherwise the procedure
* is expected to return the id as the first column of a select
*/
-
- rc = SQLAllocStmt( dbh, &sth );
+ rc = backsql_Prepare( dbh, &sth, oc->bom_create_proc, 0 );
if ( rc != SQL_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
+ colnum = 1;
if ( BACKSQL_IS_ADD( oc->bom_expect_return ) ) {
rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &new_keyval );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_add_attr(): "
- "error binding keyval parameter for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding keyval parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
+ colnum++;
+ }
+
+ if ( oc->bom_create_hint ) {
+ at = attr_find( op->ora_e->e_attrs, oc->bom_create_hint );
+ if ( at && at->a_vals ) {
+ backsql_BindParamStr( sth, colnum, SQL_PARAM_INPUT,
+ at->a_vals[0].bv_val,
+ at->a_vals[0].bv_len );
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "create_proc hint: param = '%s'\n",
+ at->a_vals[0].bv_val, 0, 0 );
+
+ } else {
+ backsql_BindParamStr( sth, colnum, SQL_PARAM_INPUT,
+ "", 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_add(): "
+ "create_proc hint (%s) not avalable\n",
+ oc->bom_create_hint->ad_cname.bv_val,
+ 0, 0 );
+ }
+ colnum++;
}
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): executing \"%s\"\n",
- op->oq_add.rs_e->e_name.bv_val, oc->bom_create_proc, 0 );
- rc = SQLExecDirect( sth, oc->bom_create_proc, SQL_NTS );
+ op->ora_e->e_name.bv_val, oc->bom_create_proc, 0 );
+ rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create_proc execution failed\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
- if ( op->o_noop ) {
- SQLTransact( SQL_NULL_HENV, dbh, SQL_ROLLBACK );
- }
+ /* FIXME: after SQLExecute(), the row is already inserted
+ * (at least with PostgreSQL and unixODBC); needs investigation */
if ( !BACKSQL_IS_ADD( oc->bom_expect_return ) ) {
SWORD ncols;
if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
SQLFreeStmt( sth, SQL_DROP );
- rc = SQLAllocStmt( dbh, &sth );
+
+ rc = backsql_Prepare( dbh, &sth, oc->bom_create_keyval, 0 );
if ( rc != SQL_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
- rc = SQLExecDirect( sth, oc->bom_create_keyval, SQL_NTS );
+ rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
}
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create_proc result evaluation failed\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
} else if ( ncols != 1 ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create_proc result is bogus (ncols=%d)\n",
- op->oq_add.rs_e->e_name.bv_val, ncols, 0 );
+ op->ora_e->e_name.bv_val, ncols, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
if ( value_len <= 0 ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create_proc result is empty?\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc);
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
}
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"create_proc returned keyval=%ld\n",
- op->oq_add.rs_e->e_name.bv_val, new_keyval, 0 );
-
- for ( at = op->oq_add.rs_e->e_attrs; at != NULL; at = at->a_next ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_add(): "
- "adding attribute \"%s\"\n",
- at->a_desc->ad_cname.bv_val, 0, 0 );
-
- /*
- * Skip:
- * - the first occurrence of objectClass, which is used
- * to determine how to build the SQL entry (FIXME ?!?)
- * - operational attributes
- * - empty attributes (FIXME ?!?)
- */
- if ( backsql_attr_skip( at->a_desc, at->a_vals ) ) {
- continue;
- }
-
- if ( at->a_desc == slap_schema.si_ad_objectClass ) {
- at_objectClass = at;
- continue;
- }
-
- rs->sr_err = backsql_add_attr( op, rs, dbh, oc, at, new_keyval );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- goto done;
- }
- }
+ op->ora_e->e_name.bv_val, new_keyval, 0 );
- rc = backsql_Prepare( dbh, &sth, bi->sql_insentry_query, 0 );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_insentry_stmt, 0 );
if ( rc != SQL_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realdn );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_add_attr(): "
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"error binding DN parameter for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rc = backsql_BindParamInt( sth, 2, SQL_PARAM_INPUT, &oc->bom_id );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_add_attr(): "
- "error binding objectClass ID parameter for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding objectClass ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
- rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &parent_id.eid_id );
+ rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &bsi.bsi_base_id.eid_id );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_add_attr(): "
- "error binding parent ID parameter for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding parent ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rc = backsql_BindParamInt( sth, 4, SQL_PARAM_INPUT, &new_keyval );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_add_attr(): "
- "error binding entry ID parameter for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "error binding entry ID parameter "
+ "for objectClass %s\n",
+ op->ora_e->e_name.bv_val,
+ oc->bom_oc->soc_cname.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
Debug( LDAP_DEBUG_TRACE, " backsql_add(): executing \"%s\" for dn \"%s\"\n",
- bi->sql_insentry_query, op->oq_add.rs_e->e_name.bv_val, 0 );
+ bi->sql_insentry_stmt, op->ora_e->e_name.bv_val, 0 );
#ifdef BACKSQL_ARBITRARY_KEY
Debug( LDAP_DEBUG_TRACE, " for oc_map_id=%ld, "
- "parent_id=%s, keyval=%ld\n",
- oc->bom_id, parent_id.eid_id.bv_val, new_keyval );
+ "p_id=%s, keyval=%ld\n",
+ oc->bom_id, bsi.bsi_base_id.eid_id.bv_val, new_keyval );
#else /* ! BACKSQL_ARBITRARY_KEY */
Debug( LDAP_DEBUG_TRACE, " for oc_map_id=%ld, "
- "parent_id=%ld, keyval=%ld\n",
- oc->bom_id, parent_id.eid_id, new_keyval );
+ "p_id=%ld, keyval=%ld\n",
+ oc->bom_id, bsi.bsi_base_id.eid_id, new_keyval );
#endif /* ! BACKSQL_ARBITRARY_KEY */
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"could not insert ldap_entries record\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0 );
+ op->ora_e->e_name.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
/*
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
- /* FIXME: need ldap_entries.id of newly added entry */
- if ( at_objectClass ) {
- rs->sr_err = backsql_add_attr( op, rs, dbh, oc, at_objectClass, new_keyval );
+ SQLFreeStmt( sth, SQL_DROP );
+
+ for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(): "
+ "adding attribute \"%s\"\n",
+ at->a_desc->ad_cname.bv_val, 0, 0 );
+
+ /*
+ * Skip:
+ * - the first occurrence of objectClass, which is used
+ * to determine how to build the SQL entry (FIXME ?!?)
+ * - operational attributes
+ * - empty attributes (FIXME ?!?)
+ */
+ if ( backsql_attr_skip( at->a_desc, at->a_vals ) ) {
+ continue;
+ }
+
+ if ( at->a_desc == slap_schema.si_ad_objectClass ) {
+ at_objectClass = at;
+ continue;
+ }
+
+ rs->sr_err = backsql_add_attr( op, rs, dbh, oc, at, new_keyval );
if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = op->ora_e;
goto done;
}
}
- SQLFreeStmt( sth, SQL_DROP );
+ if ( at_objectClass ) {
+ rs->sr_err = backsql_add_attr( op, rs, dbh, oc,
+ at_objectClass, new_keyval );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = op->ora_e;
+ goto done;
+ }
+ }
done:;
/*
* Commit only if all operations succeed
*/
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
- SQLTransact( SQL_NULL_HENV, dbh, SQL_COMMIT );
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
- } else {
- SQLTransact( SQL_NULL_HENV, dbh, SQL_ROLLBACK );
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
}
/*
* in deleting that row.
*/
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ int disclose = 1;
+
+ if ( e == op->ora_e && !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ /* mask already collected */
+ disclose = 0;
+
+ } else if ( e == &p && !access_allowed( op, &p,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ disclose = 0;
+ }
+
+ if ( disclose == 0 ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
send_ldap_result( op, rs );
if ( !BER_BVISNULL( &realdn )
- && realdn.bv_val != op->oq_add.rs_e->e_name.bv_val )
+ && realdn.bv_val != op->ora_e->e_name.bv_val )
{
ch_free( realdn.bv_val );
}
- if ( !BER_BVISNULL( &parent_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &parent_id, 0 );
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ entry_clean( &p );
}
Debug( LDAP_DEBUG_TRACE, "<==backsql_add(\"%s\"): %d \"%s\"\n",
- op->oq_add.rs_e->e_name.bv_val,
+ op->ora_e->e_name.bv_val,
rs->sr_err,
rs->sr_text ? rs->sr_text : "" );
- return ( ( rs->sr_err == LDAP_SUCCESS ) ? op->o_noop : 1 );
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
+ return rs->sr_err;
}
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
static backsql_api *backsqlapi;
int
-backsql_api_config( backsql_info *bi, const char *name )
+backsql_api_config( backsql_info *bi, const char *name, int argc, char *argv[] )
{
backsql_api *ba;
ba2 = ch_malloc( sizeof( backsql_api ) );
*ba2 = *ba;
+
+ if ( ba2->ba_config ) {
+ if ( ( *ba2->ba_config )( ba2, argc, argv ) ) {
+ ch_free( ba2 );
+ return 1;
+ }
+ }
+
ba2->ba_next = bi->sql_api;
bi->sql_api = ba2;
return 0;
return 1;
}
+int
+backsql_api_destroy( backsql_info *bi )
+{
+ backsql_api *ba;
+
+ assert( bi );
+
+ ba = bi->sql_api;
+
+ if ( ba == NULL ) {
+ return 0;
+ }
+
+ for ( ; ba; ba = ba->ba_next ) {
+ if ( ba->ba_destroy ) {
+ (void)( *ba->ba_destroy )( ba );
+ }
+ }
+
+ return 0;
+}
+
int
backsql_api_register( backsql_api *ba )
{
backsql_api *ba2;
assert( ba );
+ assert( ba->ba_private == NULL );
if ( ba->ba_name == NULL ) {
fprintf( stderr, "API module has no name\n" );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Mararati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
* by OpenLDAP Software. Additional significant contributors include
- * Pierangelo Mararati
+ * Pierangelo Masarati and Mark Adamson.
*/
-
/*
* The following changes have been addressed:
*
* - check how to allow multiple operations with one statement, to remove
* BACKSQL_REALLOC_STMT from modify.c (a more recent unixODBC lib?)
*/
+/*
+ * Improvements submitted by (ITS#3432)
+ *
+ * 1. id_query.patch applied (with changes)
+ * 2. shortcut.patch applied (reworked)
+ * 3. create_hint.patch applied
+ * 4. count_query.patch applied (reworked)
+ * 5. returncodes.patch applied (with sanity checks)
+ * 6. connpool.patch under evaluation
+ * 7. modoc.patch under evaluation (requires
+ * manageDSAit and "manage"
+ * access privileges)
+ * 8. miscfixes.patch applied (reworked; other
+ * operations need to load the
+ * entire entry for ACL purposes;
+ * see ITS#3480, now fixed)
+ *
+ * original description:
+
+ Changes that were made to the SQL backend.
+
+The patches were made against 2.2.18 and can be applied individually,
+but would best be applied in the numerical order of the file names.
+A synopsis of each patch is given here:
+
+
+1. Added an option to set SQL query for the "id_query" operation.
+
+2. Added an option to the SQL backend called "use_subtree_shortcut".
+When a search is performed, the SQL query includes a WHERE clause
+which says the DN must be "LIKE %<searchbase>". The LIKE operation
+can be slow in an RDBM. This shortcut option says that if the
+searchbase of the LDAP search is the root DN of the SQL backend,
+and thus all objects will match the LIKE operator, do not include
+the "LIKE %<searchbase>" clause in the SQL query (it is replaced
+instead by the always true "1=1" clause to keep the "AND"'s
+working correctly). This option is off by default, and should be
+turned on only if all objects to be found in the RDBM are under the
+same root DN. Multiple backends working within the same RDBM table
+space would encounter problems. LDAP searches whose searchbase are
+not at the root DN will bypass this shortcut and employ the LIKE
+clause.
+
+3. Added a "create_hint" column to ldap_oc_mappings table. Allows
+taking the value of an attr named in "create_hint" and passing it to
+the create_proc procedure. This is necessary for when an objectClass's
+table is partition indexed by some indexing column and thus the value
+in that indexing column cannot change after the row is created. The
+value for the indexed column is passed into the create_proc, which
+uses it to fill in the indexed column as the new row is created.
+
+4. When loading the values of an attribute, the count(*) of the number
+of values is fetched first and memory is allocated for the array of
+values and normalized values. The old system of loading the values one
+by one and running realloc() on the array of values and normalized
+values each time was badly fragmenting memory. The array of values and
+normalized values would be side by side in memory, and realloc()'ing
+them over and over would force them to leapfrog each other through all
+of available memory. Attrs with a large number of values could not be
+loaded without crashing the slapd daemon.
+
+5. Added code to interpret the value returned by stored procedures
+which have expect_return set. Returned value is interpreted as an LDAP
+return code. This allows the distinction between the SQL failing to
+execute and the SQL running to completion and returning an error code
+which can indicate a policy violation.
+
+6. Added RDBM connection pooling. Once an operation is finished the
+connection to the RDBM is returned to a pool rather than closing.
+Allows the next operation to skip the initialization and authentication
+phases of contacting the RDBM. Also, if licensing with ODBC places
+a limit on the number of connections, an LDAP thread can block waiting
+for another thread to finish, so that no LDAP errors are returned
+for having more LDAP connections than allowed RDBM connections. An
+RDBM connection which receives an SQL error is marked as "tainted"
+so that it will be closed rather than returned to the pool.
+ Also, RDBM connections must be bound to a given LDAP connection AND
+operation number, and NOT just the connection number. Asynchronous
+LDAP clients can have multiple simultaneous LDAP operations which
+should not share the same RDBM connection. A given LDAP operation can
+even make multiple SQL operations (e.g. a BIND operation which
+requires SASL to perform an LDAP search to convert the SASL ID to an
+LDAP DN), so each RDBM connection now has a refcount that must reach
+zero before the connection is returned to the free pool.
+
+7. Added ability to change the objectClass of an object. Required
+considerable work to copy all attributes out of old object and into
+new object. Does a schema check before proceeding. Creates a new
+object, fills it in, deletes the old object, then changes the
+oc_map_id and keyval of the entry in the "ldap_entries" table.
+
+8. Generic fixes. Includes initializing pointers before they
+get used in error branch cases, pointer checks before dereferencing,
+resetting a return code to success after a COMPARE op, sealing
+memory leaks, and in search.c, changing some of the "1=1" tests to
+"2=2", "3=3", etc so that when reading slapd trace output, the
+location in the source code where the x=x test was added to the SQL
+can be easily distinguished.
+ */
#ifndef __BACKSQL_H__
#define __BACKSQL_H__
-#include "sql-types.h"
+/* former sql-types.h */
+#include <sql.h>
+#include <sqlext.h>
+
+typedef struct {
+ SWORD ncols;
+ BerVarray col_names;
+ UDWORD *col_prec;
+ char **cols;
+ SQLINTEGER *value_len;
+} BACKSQL_ROW_NTS;
/*
* Better use the standard length of 8192 (as of slap.h)?
*/
#undef BACKSQL_TRACE
+/*
+ * define if using MS SQL and workaround needed (see sql-wrap.c)
+ */
+#undef BACKSQL_MSSQL_WORKAROUND
+
+/*
+ * define to enable values counting for attributes
+ */
+#define BACKSQL_COUNTQUERY
+
+/*
+ * define to enable prettification/validation of values
+ */
+#define BACKSQL_PRETTY_VALIDATE
+
/*
* define to enable varchars as unique keys in user tables
*
*/
typedef struct backsql_api {
char *ba_name;
+ int (*ba_config)( struct backsql_api *self, int argc, char *argv[] );
+ int (*ba_destroy)( struct backsql_api *self );
+
int (*ba_dn2odbc)( Operation *op, SlapReply *rs, struct berval *dn );
int (*ba_odbc2dn)( Operation *op, SlapReply *rs, struct berval *dn );
- struct backsql_api *ba_next;
+
+ void *ba_private;
+ struct backsql_api *ba_next;
} backsql_api;
/*
/*
* Structure of corresponding LDAP objectClass definition
*/
- ObjectClass *bom_oc;
+ ObjectClass *bom_oc;
#define BACKSQL_OC_NAME(ocmap) ((ocmap)->bom_oc->soc_cname.bv_val)
- struct berval bom_keytbl;
- struct berval bom_keycol;
+ struct berval bom_keytbl;
+ struct berval bom_keycol;
/* expected to return keyval of newly created entry */
- char *bom_create_proc;
+ char *bom_create_proc;
/* in case create_proc does not return the keyval of the newly
* created row */
- char *bom_create_keyval;
+ char *bom_create_keyval;
/* supposed to expect keyval as parameter and delete
* all the attributes as well */
- char *bom_delete_proc;
+ char *bom_delete_proc;
/* flags whether delete_proc is a function (whether back-sql
* should bind first parameter as output for return code) */
- int bom_expect_return;
- unsigned long bom_id;
- Avlnode *bom_attrs;
+ int bom_expect_return;
+ unsigned long bom_id;
+ Avlnode *bom_attrs;
+ AttributeDescription *bom_create_hint;
} backsql_oc_map_rec;
/*
/* for optimization purposes attribute load query
* is preconstructed from parts on schemamap load time */
char *bam_query;
+#ifdef BACKSQL_COUNTQUERY
+ char *bam_countquery;
+#endif /* BACKSQL_COUNTQUERY */
/* following flags are bitmasks (first bit used for add_proc,
* second - for delete_proc) */
/* order of parameters for procedures above;
* (currently broken) */
/* #define BACKSQL_UPPERCASE_FILTER */
-#define BACKSQL_AT_CANUPPERCASE(at) ((at)->bam_sel_expr_u.bv_val)
+#define BACKSQL_AT_CANUPPERCASE(at) ( !BER_BVISNULL( &(at)->bam_sel_expr_u ) )
/* defines to support bitmasks above */
#define BACKSQL_ADD 0x1
#define BACKSQL_DEL 0x2
-#define BACKSQL_IS_ADD(x) ( BACKSQL_ADD & (x) )
-#define BACKSQL_IS_DEL(x) ( BACKSQL_DEL & (x) )
+#define BACKSQL_IS_ADD(x) ( ( BACKSQL_ADD & (x) ) == BACKSQL_ADD )
+#define BACKSQL_IS_DEL(x) ( ( BACKSQL_DEL & (x) ) == BACKSQL_DEL )
#define BACKSQL_NCMP(v1,v2) ber_bvcmp((v1),(v2))
ber_len_t bb_len;
} BerBuffer;
-#define BB_NULL { { 0, NULL }, 0 }
-
+#define BB_NULL { BER_BVNULL, 0 }
+
+/* the function must collect the entry associated to nbase */
+#define BACKSQL_ISF_GET_ID 0x1U
+#define BACKSQL_ISF_GET_ENTRY ( 0x2U | BACKSQL_ISF_GET_ID )
+#define BACKSQL_ISF_MATCHED 0x4U
+#define BACKSQL_IS_GET_ID(f) \
+ ( ( (f) & BACKSQL_ISF_GET_ID ) == BACKSQL_ISF_GET_ID )
+#define BACKSQL_IS_GET_ENTRY(f) \
+ ( ( (f) & BACKSQL_ISF_GET_ENTRY ) == BACKSQL_ISF_GET_ENTRY )
+#define BACKSQL_IS_MATCHED(f) \
+ ( ( (f) & BACKSQL_ISF_MATCHED ) == BACKSQL_ISF_MATCHED )
typedef struct backsql_srch_info {
Operation *bsi_op;
SlapReply *bsi_rs;
#define BSQL_SF_FILTER_ENTRYUUID 0x0020U
#define BSQL_SF_FILTER_ENTRYCSN 0x0040U
#define BSQL_SF_RETURN_ENTRYUUID (BSQL_SF_FILTER_ENTRYUUID << 8)
+#define BSQL_ISF(bsi, f) ( ( (bsi)->bsi_flags & f ) == f )
+#define BSQL_ISF_ALL_USER(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_USER)
+#define BSQL_ISF_ALL_OPER(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_OPER)
+#define BSQL_ISF_ALL_ATTRS(bsi) BSQL_ISF(bsi, BSQL_SF_ALL_ATTRS)
struct berval *bsi_base_ndn;
+ int bsi_use_subtree_shortcut;
backsql_entryID bsi_base_id;
int bsi_scope;
/* BACKSQL_SCOPE_BASE_LIKE can be set by API in ors_scope
/*
* Backend private data structure
*/
-typedef struct {
+typedef struct backsql_info {
char *sql_dbhost;
int sql_dbport;
char *sql_dbuser;
struct berval sql_children_cond;
char *sql_oc_query,
*sql_at_query;
- char *sql_insentry_query,
- *sql_delentry_query,
- *sql_delobjclasses_query,
- *sql_delreferrals_query;
+ char *sql_insentry_stmt,
+ *sql_delentry_stmt,
+ *sql_renentry_stmt,
+ *sql_delobjclasses_stmt;
char *sql_id_query;
char *sql_has_children_query;
struct berval sql_upper_func_open;
struct berval sql_upper_func_close;
BerVarray sql_concat_func;
-
struct berval sql_strcast_func;
+ AttributeName *sql_anlist;
+
unsigned int sql_flags;
#define BSQLF_SCHEMA_LOADED 0x0001
#define BSQLF_UPPER_NEEDS_CAST 0x0002
#define BSQLF_DONTCHECK_LDAPINFO_DN_RU 0x0020
#define BSQLF_USE_REVERSE_DN 0x0040
#define BSQLF_ALLOW_ORPHANS 0x0080
+#define BSQLF_USE_SUBTREE_SHORTCUT 0x0100
+#define BSQLF_FETCH_ALL_USERATTRS 0x0200
+#define BSQLF_FETCH_ALL_OPATTRS 0x0400
+#define BSQLF_FETCH_ALL_ATTRS (BSQLF_FETCH_ALL_USERATTRS|BSQLF_FETCH_ALL_OPATTRS)
+
+#define BACKSQL_ISF(si, f) \
+ (((si)->sql_flags & f) == f)
#define BACKSQL_SCHEMA_LOADED(si) \
- ((si)->sql_flags & BSQLF_SCHEMA_LOADED)
+ BACKSQL_ISF(si, BSQLF_SCHEMA_LOADED)
#define BACKSQL_UPPER_NEEDS_CAST(si) \
- ((si)->sql_flags & BSQLF_UPPER_NEEDS_CAST)
+ BACKSQL_ISF(si, BSQLF_UPPER_NEEDS_CAST)
#define BACKSQL_CREATE_NEEDS_SELECT(si) \
- ((si)->sql_flags & BSQLF_CREATE_NEEDS_SELECT)
+ BACKSQL_ISF(si, BSQLF_CREATE_NEEDS_SELECT)
#define BACKSQL_FAIL_IF_NO_MAPPING(si) \
- ((si)->sql_flags & BSQLF_FAIL_IF_NO_MAPPING)
+ BACKSQL_ISF(si, BSQLF_FAIL_IF_NO_MAPPING)
#define BACKSQL_HAS_LDAPINFO_DN_RU(si) \
- ((si)->sql_flags & BSQLF_HAS_LDAPINFO_DN_RU)
+ BACKSQL_ISF(si, BSQLF_HAS_LDAPINFO_DN_RU)
#define BACKSQL_DONTCHECK_LDAPINFO_DN_RU(si) \
- ((si)->sql_flags & BSQLF_DONTCHECK_LDAPINFO_DN_RU)
+ BACKSQL_ISF(si, BSQLF_DONTCHECK_LDAPINFO_DN_RU)
#define BACKSQL_USE_REVERSE_DN(si) \
- ((si)->sql_flags & BSQLF_USE_REVERSE_DN)
+ BACKSQL_ISF(si, BSQLF_USE_REVERSE_DN)
#define BACKSQL_CANUPPERCASE(si) \
(!BER_BVISNULL( &(si)->sql_upper_func ))
#define BACKSQL_ALLOW_ORPHANS(si) \
- ((si)->sql_flags & BSQLF_ALLOW_ORPHANS)
+ BACKSQL_ISF(si, BSQLF_ALLOW_ORPHANS)
+#define BACKSQL_USE_SUBTREE_SHORTCUT(si) \
+ BACKSQL_ISF(si, BSQLF_USE_SUBTREE_SHORTCUT)
+#define BACKSQL_FETCH_ALL_USERATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_USERATTRS)
+#define BACKSQL_FETCH_ALL_OPATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_OPATTRS)
+#define BACKSQL_FETCH_ALL_ATTRS(si) \
+ BACKSQL_ISF(si, BSQLF_FETCH_ALL_ATTRS)
Entry *sql_baseObject;
#ifdef BACKSQL_ARBITRARY_KEY
#define BACKSQL_IS_BASEOBJECT_ID(id) (bvmatch((id), &backsql_baseObject_bv))
#else /* ! BACKSQL_ARBITRARY_KEY */
#define BACKSQL_BASEOBJECT_ID 0
-#define BACKSQL_BASEOBJECT_IDSTR "0"
+#define BACKSQL_BASEOBJECT_IDSTR LDAP_XSTRING(BACKSQL_BASEOBJECT_ID)
#define BACKSQL_BASEOBJECT_KEYVAL 0
#define BACKSQL_IS_BASEOBJECT_ID(id) (*(id) == BACKSQL_BASEOBJECT_ID)
#endif /* ! BACKSQL_ARBITRARY_KEY */
#define BACKSQL_AVL_STOP 0
#define BACKSQL_AVL_CONTINUE 1
-#endif /* __BACKSQL_H__ */
-
+/* see ldap.h for the meaning of the macros and of the values */
+#define BACKSQL_LEGAL_ERROR( rc ) \
+ ( LDAP_RANGE( (rc), 0x00, 0x0e ) \
+ || LDAP_ATTR_ERROR( (rc) ) \
+ || LDAP_NAME_ERROR( (rc) ) \
+ || LDAP_SECURITY_ERROR( (rc) ) \
+ || LDAP_SERVICE_ERROR( (rc) ) \
+ || LDAP_UPDATE_ERROR( (rc) ) )
+#define BACKSQL_SANITIZE_ERROR( rc ) \
+ ( BACKSQL_LEGAL_ERROR( (rc) ) ? (rc) : LDAP_OTHER )
+#endif /* __BACKSQL_H__ */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
int
backsql_bind( Operation *op, SlapReply *rs )
{
- SQLHDBC dbh;
- AttributeDescription *password = slap_schema.si_ad_userPassword;
- Entry *e, user_entry;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ Entry e = { 0 };
Attribute *a;
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
AttributeName anlist[2];
int rc;
ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
0, 0, 0 );
- return 0;
+ return LDAP_SUCCESS;
}
ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn );
rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
rs->sr_text = "authentication method not supported";
send_ldap_result( op, rs );
- return 1;
+ return rs->sr_err;
}
/*
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
- send_ldap_result( op, rs );
- return 1;
+ goto error_return;
}
- anlist[0].an_name = password->ad_cname;
- anlist[0].an_desc = password;
+ anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname;
+ anlist[0].an_desc = slap_schema.si_ad_userPassword;
anlist[1].an_name.bv_val = NULL;
+ bsi.bsi_e = &e;
rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE,
- -1, -1, -1, NULL, dbh, op, rs, anlist,
- ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) );
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, anlist,
+ BACKSQL_ISF_GET_ENTRY );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
"could not retrieve bindDN ID - no such entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
- send_ldap_result( op, rs );
- return 1;
- }
-
- bsi.bsi_e = &user_entry;
- rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
- "error %d in backsql_id2entry() "
- "- auth failed\n", rc, 0, 0 );
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto error_return;
}
- e = &user_entry;
- if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) {
-#if 1
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
-#else
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
-#endif
- goto error_return;
- }
-
- a = attr_find( e->e_attrs, password );
+ a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword );
if ( a == NULL ) {
-#if 1
rs->sr_err = LDAP_INVALID_CREDENTIALS;
-#else
- rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
-#endif
goto error_return;
}
- if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
+ if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
+ {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto error_return;
}
error_return:;
if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ entry_clean( &e );
+ }
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
}
- if ( rs->sr_err ) {
+ if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
- return 1;
}
- Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
- return 0;
+ Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 );
+
+ return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
int
backsql_compare( Operation *op, SlapReply *rs )
{
- SQLHDBC dbh;
- Entry *e = NULL, user_entry;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ Entry e = { 0 };
Attribute *a = NULL;
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
int rc;
+ int manageDSAit = get_manageDSAit( op );
AttributeName anlist[2];
- user_entry.e_name.bv_val = NULL;
- user_entry.e_name.bv_len = 0;
- user_entry.e_nname.bv_val = NULL;
- user_entry.e_nname.bv_len = 0;
- user_entry.e_attrs = NULL;
-
Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
rs->sr_err = backsql_get_db_conn( op, &dbh );
- if (!dbh) {
+ if ( !dbh ) {
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
"could not get connection handle - exiting\n",
0, 0, 0 );
goto return_results;
}
- memset( &anlist[0], 0, 2 * sizeof( AttributeName ) );
- anlist[0].an_name = op->oq_compare.rs_ava->aa_desc->ad_cname;
- anlist[0].an_desc = op->oq_compare.rs_ava->aa_desc;
+ anlist[ 0 ].an_name = op->oq_compare.rs_ava->aa_desc->ad_cname;
+ anlist[ 0 ].an_desc = op->oq_compare.rs_ava->aa_desc;
+ BER_BVZERO( &anlist[ 1 ].an_name );
/*
- * Try to get attr as dynamic operational
+ * Get the entry
*/
+ bsi.bsi_e = &e;
+ rc = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, anlist,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "could not retrieve compareDN ID - no such entry\n",
+ 0, 0, 0 );
+ goto return_results;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &e, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
if ( is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
SlapReply nrs = { 0 };
+ Attribute **ap;
- user_entry.e_attrs = NULL;
- user_entry.e_name = op->o_req_dn;
- user_entry.e_nname = op->o_req_ndn;
+ for ( ap = &e.e_attrs; *ap; ap = &(*ap)->a_next )
+ ;
nrs.sr_attrs = anlist;
- nrs.sr_entry = &user_entry;
+ nrs.sr_entry = &e;
nrs.sr_attr_flags = SLAP_OPATTRS_NO;
nrs.sr_operational_attrs = NULL;
goto return_results;
}
- user_entry.e_attrs = nrs.sr_operational_attrs;
-
- } else {
- rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE,
- -1, -1, -1, NULL, dbh, op, rs, anlist,
- ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
- "could not retrieve compareDN ID - no such entry\n",
- 0, 0, 0 );
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
- goto return_results;
- }
-
- bsi.bsi_e = &user_entry;
- rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
- "error %d in backsql_id2entry() "
- "- compare failed\n", rc, 0, 0 );
- rs->sr_err = rc;
- goto return_results;
- }
+ *ap = nrs.sr_operational_attrs;
}
- e = &user_entry;
- if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+ if ( ! access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value,
- ACL_COMPARE, NULL ) ) {
+ ACL_COMPARE, NULL ) )
+ {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
- for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ for ( a = attrs_find( e.e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
- a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
{
rs->sr_err = LDAP_COMPARE_FALSE;
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
}
return_results:;
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ break;
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !BER_BVISNULL( &e.e_nname ) &&
+ ! access_allowed( op, &e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ break;
+ }
+
send_ldap_result( op, rs );
+ if ( rs->sr_matched ) {
+ rs->sr_matched = NULL;
+ }
+
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ entry_clean( &e );
}
- if ( e != NULL ) {
- entry_clean( e );
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
}
Debug(LDAP_DEBUG_TRACE,"<==backsql_compare()\n",0,0,0);
switch ( rs->sr_err ) {
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
- return 0;
+ return LDAP_SUCCESS;
default:
- return 1;
+ return rs->sr_err;
}
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
"at_query=%s\n", bi->sql_at_query, 0, 0 );
- } else if ( !strcasecmp( argv[ 0 ], "insentry_query" ) ) {
+ } else if ( !strcasecmp( argv[ 0 ], "insentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "insentry_query" ) )
+ {
if ( argc < 2 ) {
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): "
"missing SQL statement "
- "in \"insentry_query\" directive\n",
+ "in \"insentry_stmt\" directive\n",
fname, lineno, 0 );
return 1;
}
- bi->sql_insentry_query = ch_strdup( argv[ 1 ] );
+ bi->sql_insentry_stmt = ch_strdup( argv[ 1 ] );
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
- "insentry_query=%s\n", bi->sql_insentry_query, 0, 0 );
+ "insentry_stmt=%s\n", bi->sql_insentry_stmt, 0, 0 );
} else if ( !strcasecmp( argv[ 0 ], "create_needs_select" ) ) {
if ( argc < 2 ) {
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
"strcast_func=%s\n", bi->sql_strcast_func.bv_val, 0, 0 );
- } else if ( !strcasecmp( argv[ 0 ], "delentry_query" ) ) {
+ } else if ( !strcasecmp( argv[ 0 ], "delentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "delentry_query" ) )
+ {
if ( argc < 2 ) {
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): "
"missing SQL statement "
- "in \"delentry_query\" directive\n",
+ "in \"delentry_stmt\" directive\n",
fname, lineno, 0 );
return 1;
}
- bi->sql_delentry_query = ch_strdup( argv[ 1 ] );
+ bi->sql_delentry_stmt = ch_strdup( argv[ 1 ] );
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
- "delentry_query=%s\n", bi->sql_delentry_query, 0, 0 );
+ "delentry_stmt=%s\n", bi->sql_delentry_stmt, 0, 0 );
- } else if ( !strcasecmp( argv[ 0 ], "delobjclasses_query" ) ) {
+ } else if ( !strcasecmp( argv[ 0 ], "renentry_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "renentry_query" ) )
+ {
if ( argc < 2 ) {
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): "
"missing SQL statement "
- "in \"delobjclasses_query\" directive\n",
+ "in \"renentry_stmt\" directive\n",
fname, lineno, 0 );
return 1;
}
- bi->sql_delobjclasses_query = ch_strdup( argv[ 1 ] );
+ bi->sql_renentry_stmt = ch_strdup( argv[ 1 ] );
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
- "delobjclasses_query=%s\n", bi->sql_delobjclasses_query, 0, 0 );
+ "renentry_stmt=%s\n", bi->sql_renentry_stmt, 0, 0 );
- } else if ( !strcasecmp( argv[ 0 ], "delreferrals_query" ) ) {
+ } else if ( !strcasecmp( argv[ 0 ], "delobjclasses_stmt" ) ||
+ !strcasecmp( argv[ 0 ], "delobjclasses_query" ) )
+ {
if ( argc < 2 ) {
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): "
"missing SQL statement "
- "in \"delreferrals_query\" directive\n",
+ "in \"delobjclasses_stmt\" directive\n",
fname, lineno, 0 );
return 1;
}
- bi->sql_delreferrals_query = ch_strdup( argv[ 1 ] );
+ bi->sql_delobjclasses_stmt = ch_strdup( argv[ 1 ] );
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
- "delreferrals_query=%s\n", bi->sql_delreferrals_query, 0, 0 );
+ "delobjclasses_stmt=%s\n", bi->sql_delobjclasses_stmt, 0, 0 );
} else if ( !strcasecmp( argv[ 0 ], "has_ldapinfo_dn_ru") ) {
if ( argc < 2 ) {
}
} else if ( !strcasecmp( argv[ 0 ], "sqllayer") ) {
- if ( backsql_api_config( bi, argv[ 1 ] ) ) {
+ if ( backsql_api_config( bi, argv[ 1 ], argc - 2, &argv[ 2 ] ) )
+ {
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): "
"unable to load sqllayer \"%s\"\n",
return 1;
}
+ } else if ( !strcasecmp( argv[ 0 ], "id_query" ) ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing SQL condition "
+ "in \"id_query\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+ bi->sql_id_query = ch_strdup( argv[ 1 ] );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "id_query=%s\n", bi->sql_id_query, 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "use_subtree_shortcut") ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"use_subtree_shortcut\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_USE_SUBTREE_SHORTCUT;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"use_subtree_shortcut\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "use_subtree_shortcut=%s\n",
+ BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "fetch_all_attrs") ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing { yes | no }"
+ "in \"fetch_all_attrs\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_ATTRS;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ bi->sql_flags &= ~BSQLF_FETCH_ALL_ATTRS;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "\"fetch_all_attrs\" directive arg "
+ "must be \"yes\" or \"no\"\n",
+ fname, lineno, 0 );
+ return 1;
+
+ }
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_db_config(): "
+ "fetch_all_attrs=%s\n",
+ BACKSQL_FETCH_ALL_ATTRS( bi ) ? "yes" : "no",
+ 0, 0 );
+
+ } else if ( !strcasecmp( argv[ 0 ], "fetch_attrs") ) {
+ char *str, *s, *next;
+ char delimstr[] = ",";
+
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_db_config (%s line %d): "
+ "missing <attrlist>"
+ "in \"fetch_all_attrs <attrlist>\" directive\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ str = ch_strdup( argv[ 1 ] );
+ for ( s = ldap_pvt_strtok( str, delimstr, &next );
+ s != NULL;
+ s = ldap_pvt_strtok( NULL, delimstr, &next ) )
+ {
+ if ( strlen( s ) == 1 ) {
+ if ( *s == '*' ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_USERATTRS;
+ argv[ 1 ][ s - str ] = ',';
+
+ } else if ( *s == '+' ) {
+ bi->sql_flags |= BSQLF_FETCH_ALL_OPATTRS;
+ argv[ 1 ][ s - str ] = ',';
+ }
+ }
+ }
+ ch_free( str );
+ bi->sql_anlist = str2anlist( bi->sql_anlist, argv[ 1 ], delimstr );
+ if ( bi->sql_anlist == NULL ) {
+ return -1;
+ }
+
} else {
return SLAP_CONF_UNKNOWN;
}
fp = fopen( fname, "r" );
if ( fp == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "could not open back-sql baseObject attr file \"%s\" - absolute path?\n",
+ "could not open back-sql baseObject "
+ "attr file \"%s\" - absolute path?\n",
fname, 0, 0 );
perror( fname );
return LDAP_OTHER;
Attribute *a;
if( e == NULL ) {
- fprintf( stderr, "back-sql baseObject: could not parse entry (line=%d)\n",
- lineno );
+ fprintf( stderr, "back-sql baseObject: "
+ "could not parse entry (line=%d)\n",
+ lineno );
rc = LDAP_OTHER;
break;
}
/* make sure the DN is the database's suffix */
if ( !be_issuffix( be, &e->e_nname ) ) {
fprintf( stderr,
- "back-sql: invalid baseObject - dn=\"%s\" (line=%d)\n",
- e->e_dn, lineno );
+ "back-sql: invalid baseObject - "
+ "dn=\"%s\" (line=%d)\n",
+ e->e_name.bv_val, lineno );
entry_free( e );
rc = EXIT_FAILURE;
break;
* entry, and add each attribute type and description to baseObject
*/
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
- if ( attr_merge( bi->sql_baseObject, a->a_desc, a->a_vals,
- ( a->a_nvals == a->a_vals ) ? NULL : a->a_nvals ) )
+ if ( attr_merge( bi->sql_baseObject, a->a_desc,
+ a->a_vals,
+ ( a->a_nvals == a->a_vals ) ?
+ NULL : a->a_nvals ) )
{
rc = LDAP_OTHER;
break;
fclose( fp );
- Debug( LDAP_DEBUG_CONFIG, "back-sql baseObject file \"%s\" read.\n", fname, 0, 0 );
+ Debug( LDAP_DEBUG_CONFIG, "back-sql baseObject file \"%s\" read.\n",
+ fname, 0, 0 );
return rc;
}
"dn: %s\n"
"objectClass: extensibleObject\n"
"description: builtin baseObject for back-sql\n"
- "description: all entries mapped in the \"ldap_entries\" table\n"
- "description: must have \"" BACKSQL_BASEOBJECT_IDSTR "\" "
- "in the \"parent\" column",
+ "description: all entries mapped "
+ "in the \"ldap_entries\" table\n"
+ "description: must have "
+ "\"" BACKSQL_BASEOBJECT_IDSTR "\" "
+ "in the \"parent\" column",
be->be_suffix[0].bv_val );
bi->sql_baseObject = str2entry( buf );
return 0;
}
- rc = ldap_bv2rdn( &be->be_suffix[ 0 ], &rdn, (char **) &p, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn( &be->be_suffix[ 0 ], &rdn, (char **)&p,
+ LDAP_DN_FORMAT_LDAP );
if ( rc != LDAP_SUCCESS ) {
snprintf( buf, sizeof(buf),
- "unable to extract RDN from baseObject DN \"%s\" (%d: %s)",
- be->be_suffix[ 0 ].bv_val, rc, ldap_err2string( rc ) );
+ "unable to extract RDN "
+ "from baseObject DN \"%s\" (%d: %s)",
+ be->be_suffix[ 0 ].bv_val,
+ rc, ldap_err2string( rc ) );
Debug( LDAP_DEBUG_TRACE,
"<==backsql_db_config (%s line %d): %s\n",
fname, lineno, buf );
if ( rc != LDAP_SUCCESS ) {
snprintf( buf, sizeof(buf),
- "prettying of attribute #%d from baseObject "
+ "prettying of attribute #%d "
+ "from baseObject "
"DN \"%s\" failed: %d: %s",
iAVA, be->be_suffix[ 0 ].bv_val,
rc, ldap_err2string( rc ) );
Debug( LDAP_DEBUG_TRACE,
- "<==backsql_db_config (%s line %d): %s\n",
+ "<==backsql_db_config (%s line %d): "
+ "%s\n",
fname, lineno, buf );
return 1;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
backsql_delete( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
- SQLHDBC dbh;
- SQLHSTMT sth;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
RETCODE rc;
- int retval;
+ int prc = LDAP_SUCCESS;
backsql_oc_map_rec *oc = NULL;
- backsql_entryID e_id = BACKSQL_ENTRYID_INIT;
- Entry e;
+ backsql_srch_info bsi = { 0 };
+ backsql_entryID e_id = { 0 };
+ Entry d = { 0 }, p = { 0 }, *e = NULL;
+ struct berval pdn = BER_BVNULL;
+ int manageDSAit = get_manageDSAit( op );
/* first parameter no */
SQLUSMALLINT pno;
Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n",
op->o_req_ndn.bv_val, 0, 0 );
- dnParent( &op->o_req_dn, &e.e_name );
- dnParent( &op->o_req_ndn, &e.e_nname );
- e.e_attrs = NULL;
-
- /* check parent for "children" acl */
- if ( !access_allowed( op, &e, slap_schema.si_ad_children,
- NULL, ACL_WRITE, NULL ) ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
- "no write access to parent\n",
- 0, 0, 0 );
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- goto done;
-
- }
-
rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
0, 0, 0 );
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
+ e = NULL;
goto done;
}
- rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
- if ( rs->sr_err != LDAP_SUCCESS ) {
+ /*
+ * Get the entry
+ */
+ bsi.bsi_e = &d;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &d;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
+ "could not retrieve deleteDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &d.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &d;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &d, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &d;
+ goto done;
+ }
+
+ if ( !access_allowed( op, &d, slap_schema.si_ad_entry,
+ NULL, ACL_WRITE, NULL ) )
+ {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
- "could not lookup entry id\n", 0, 0, 0 );
+ "no write access to entry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &d;
goto done;
}
rs->sr_err = backsql_has_children( bi, dbh, &op->o_req_ndn );
switch ( rs->sr_err ) {
+ case LDAP_COMPARE_FALSE:
+ rs->sr_err = LDAP_SUCCESS;
+ break;
+
case LDAP_COMPARE_TRUE:
+ if ( get_treeDelete( op ) ) {
+ /* not supported yet */ ;
+ }
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"entry \"%s\" has children\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree delete not supported";
- goto done;
-
- case LDAP_COMPARE_FALSE:
- break;
+ /* fallthru */
default:
+ e = &d;
goto done;
}
- oc = backsql_id2oc( bi, e_id.eid_oc_id );
+ oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"cannot determine objectclass of entry -- aborting\n",
0, 0, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
goto done;
}
"for this objectclass - aborting\n", 0, 0, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
+ e = NULL;
+ goto done;
+ }
+
+ /*
+ * Get the parent
+ */
+ dnParent( &op->o_req_ndn, &pdn );
+ bsi.bsi_e = &p;
+ e_id = bsi.bsi_base_id;
+ rs->sr_err = backsql_init_search( &bsi, &pdn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
+ BACKSQL_ISF_GET_ENTRY );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
+ "could not retrieve deleteDN ID - no such entry\n",
+ 0, 0, 0 );
+ e = &p;
goto done;
}
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ /* check parent for "children" acl */
+ if ( !access_allowed( op, &p, slap_schema.si_ad_children,
+ NULL, ACL_WRITE, NULL ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
+ "no write access to parent\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &p;
+ goto done;
+
+ }
+
/* avl_apply ... */
rs->sr_err = backsql_delete_all_attrs( op, rs, dbh, &e_id, oc );
if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &d;
goto done;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
if ( BACKSQL_IS_DEL( oc->bom_expect_return ) ) {
pno = 1;
- rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &retval );
+ rc = backsql_BindParamInt( sth, 1, SQL_PARAM_OUTPUT, &prc );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_delete(): "
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rc = SQLExecute( sth );
- if ( rc != SQL_SUCCESS ) {
+ if ( rc == SQL_SUCCESS && prc == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ } else {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
- "delete_proc execution failed\n", 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
+ "delete_proc execution failed (rc=%d, prc=%d)\n",
+ rc, prc, 0 );
+
+
+ if ( prc != LDAP_SUCCESS ) {
+ /* SQL procedure executed fine
+ * but returned an error */
+ rs->sr_err = BACKSQL_SANITIZE_ERROR( prc );
+
+ } else {
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ rs->sr_err = LDAP_OTHER;
+ }
SQLFreeStmt( sth, SQL_DROP );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
+ e = &d;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
/* delete "auxiliary" objectClasses, if any... */
- rc = backsql_Prepare( dbh, &sth, bi->sql_delobjclasses_query, 0 );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_delobjclasses_stmt, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_delete(): "
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
- goto done;
- }
- SQLFreeStmt( sth, SQL_DROP );
-
- /* delete referrals, if any... */
- rc = backsql_Prepare( dbh, &sth, bi->sql_delreferrals_query, 0 );
- if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_delete(): "
- "error preparing ldap_referrals delete query\n",
- 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
-
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
- goto done;
- }
-
- rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id );
- if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_delete(): "
- "error binding referrals entry ID parameter "
- "for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh,
- sth, rc );
- SQLFreeStmt( sth, SQL_DROP );
-
- rs->sr_text = "SQL-backend error";
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- rc = SQLExecute( sth );
- switch ( rc ) {
- case SQL_NO_DATA:
- /* apparently there were no referrals
- * for this entry... */
- case SQL_SUCCESS:
- break;
-
- default:
- Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
- "failed to delete record from ldap_referrals\n",
- 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
- SQLFreeStmt( sth, SQL_DROP );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
/* delete entry... */
- rc = backsql_Prepare( dbh, &sth, bi->sql_delentry_query, 0 );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_delentry_stmt, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_delete(): "
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
+ rs->sr_err = LDAP_SUCCESS;
+
/*
* Commit only if all operations succeed
- *
- * FIXME: backsql_add() does not fail if add operations
- * are not available for some attributes, or if
- * a multiple value add actually results in a replace,
- * or if a single operation on an attribute fails
- * for any reason
*/
- SQLTransact( SQL_NULL_HENV, dbh,
- op->o_noop ? SQL_ROLLBACK : SQL_COMMIT );
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ CompletionType = SQL_COMMIT;
+ }
- rs->sr_err = LDAP_SUCCESS;
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+ }
done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
send_ldap_result( op, rs );
Debug( LDAP_DEBUG_TRACE, "<==backsql_delete()\n", 0, 0, 0 );
- return ( ( rs->sr_err == LDAP_SUCCESS ) ? op->o_noop : 1 );
+ if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &e_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &d.e_nname ) ) {
+ entry_clean( &d );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ entry_clean( &p );
+ }
+
+ return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
*/
#include "portable.h"
#endif /* BACKSQL_ARBITRARY_KEY */
backsql_entryID *
-backsql_free_entryID( backsql_entryID *id, int freeit )
+backsql_free_entryID( Operation *op, backsql_entryID *id, int freeit )
{
backsql_entryID *next;
if ( !BER_BVISNULL( &id->eid_dn )
&& id->eid_dn.bv_val != id->eid_ndn.bv_val )
{
- free( id->eid_dn.bv_val );
+ op->o_tmpfree( id->eid_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_dn );
}
- free( id->eid_ndn.bv_val );
+ op->o_tmpfree( id->eid_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_ndn );
}
#ifdef BACKSQL_ARBITRARY_KEY
- if ( id->eid_id.bv_val ) {
- free( id->eid_id.bv_val );
+ if ( !BER_BVISNULL( &id->eid_id ) ) {
+ op->o_tmpfree( id->eid_id.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_id );
}
- if ( id->eid_keyval.bv_val ) {
- free( id->eid_keyval.bv_val );
+ if ( !BER_BVISNULL( &id->eid_keyval ) ) {
+ op->o_tmpfree( id->eid_keyval.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_keyval );
}
#endif /* BACKSQL_ARBITRARY_KEY */
if ( freeit ) {
- free( id );
+ op->o_tmpfree( id, op->o_tmpmemctx );
}
return next;
backsql_dn2id(
Operation *op,
SlapReply *rs,
- backsql_entryID *id,
SQLHDBC dbh,
struct berval *ndn,
+ backsql_entryID *id,
+ int matched,
int muck )
{
backsql_info *bi = op->o_bd->be_private;
* positive cases, or the most appropriate error
*/
- Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): dn=\"%s\"%s\n",
- ndn->bv_val, id == NULL ? " (no ID)" : "", 0 );
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(\"%s\")%s%s\n",
+ ndn->bv_val, id == NULL ? " (no ID expected)" : "",
+ matched ? " matched expected" : "" );
+
+ if ( id ) {
+ /* NOTE: trap inconsistencies */
+ assert( BER_BVISNULL( &id->eid_ndn ) );
+ }
if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
Debug( LDAP_DEBUG_TRACE,
- "backsql_dn2id(): DN \"%s\" (%ld bytes) "
- "exceeds max DN length (%d):\n",
+ " backsql_dn2id(\"%s\"): DN length=%ld "
+ "exceeds max DN length %d:\n",
ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );
return LDAP_OTHER;
}
/* return baseObject if available and matches */
- if ( bi->sql_baseObject != NULL && dn_match( ndn, &bi->sql_baseObject->e_nname ) ) {
+ /* FIXME: if ndn is already mucked, we cannot check this */
+ if ( bi->sql_baseObject != NULL &&
+ dn_match( ndn, &bi->sql_baseObject->e_nname ) )
+ {
if ( id != NULL ) {
#ifdef BACKSQL_ARBITRARY_KEY
- ber_dupbv( &id->eid_id, &backsql_baseObject_bv );
- ber_dupbv( &id->eid_keyval, &backsql_baseObject_bv );
+ ber_dupbv_x( &id->eid_id, &backsql_baseObject_bv,
+ op->o_tmpmemctx );
+ ber_dupbv_x( &id->eid_keyval, &backsql_baseObject_bv,
+ op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
id->eid_id = BACKSQL_BASEOBJECT_ID;
id->eid_keyval = BACKSQL_BASEOBJECT_KEYVAL;
#endif /* ! BACKSQL_ARBITRARY_KEY */
id->eid_oc_id = BACKSQL_BASEOBJECT_OC;
- ber_dupbv( &id->eid_ndn, &bi->sql_baseObject->e_nname );
- ber_dupbv( &id->eid_dn, &bi->sql_baseObject->e_name );
+ ber_dupbv_x( &id->eid_ndn, &bi->sql_baseObject->e_nname,
+ op->o_tmpmemctx );
+ ber_dupbv_x( &id->eid_dn, &bi->sql_baseObject->e_name,
+ op->o_tmpmemctx );
id->eid_next = NULL;
}
}
/* begin TimesTen */
- Debug( LDAP_DEBUG_TRACE, "id_query \"%s\"\n", bi->sql_id_query, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): id_query \"%s\"\n",
+ ndn->bv_val, bi->sql_id_query, 0 );
assert( bi->sql_id_query );
rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
- "backsql_dn2id(): error preparing SQL:\n%s",
- bi->sql_id_query, 0, 0);
+ " backsql_dn2id(\"%s\"): "
+ "error preparing SQL:\n %s",
+ ndn->bv_val, bi->sql_id_query, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
* that can be searched using indexes
*/
- for ( i = 0, j = realndn.bv_len - 1; realndn.bv_val[ i ]; i++, j--) {
+ for ( i = 0, j = realndn.bv_len - 1; realndn.bv_val[ i ]; i++, j--)
+ {
upperdn[ i ] = realndn.bv_val[ j ];
}
upperdn[ i ] = '\0';
ldap_pvt_str2upper( upperdn );
- Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): upperdn=\"%s\"\n",
- upperdn, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
+ "upperdn=\"%s\"\n",
+ ndn->bv_val, upperdn, 0 );
ber_str2bv( upperdn, 0, 0, &tbbDN );
} else {
AC_MEMCPY( upperdn, realndn.bv_val, realndn.bv_len + 1 );
ldap_pvt_str2upper( upperdn );
Debug( LDAP_DEBUG_TRACE,
- "==>backsql_dn2id(): upperdn=\"%s\"\n",
- upperdn, 0, 0 );
+ " backsql_dn2id(\"%s\"): "
+ "upperdn=\"%s\"\n",
+ ndn->bv_val, upperdn, 0 );
ber_str2bv( upperdn, 0, 0, &tbbDN );
} else {
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &tbbDN );
if ( rc != SQL_SUCCESS) {
/* end TimesTen */
- Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
"error binding dn=\"%s\" parameter:\n",
- tbbDN.bv_val, 0, 0 );
+ ndn->bv_val, tbbDN.bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
+ Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
"error executing query (\"%s\", \"%s\"):\n",
- bi->sql_id_query, tbbDN.bv_val, 0 );
+ ndn->bv_val, bi->sql_id_query, tbbDN.bv_val );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
backsql_BindRowAsStrings( sth, &row );
rc = SQLFetch( sth );
if ( BACKSQL_SUCCESS( rc ) ) {
- char buf[BUFSIZ];
+ char buf[ SLAP_TEXT_BUFLEN ];
#ifdef LDAP_DEBUG
snprintf( buf, sizeof(buf),
row.cols[ 0 ], row.cols[ 1 ],
row.cols[ 2 ], row.cols[ 3 ] );
Debug( LDAP_DEBUG_TRACE,
- "<==backsql_dn2id(): %s\n", buf, 0, 0 );
+ " backsql_dn2id(\"%s\"): %s\n",
+ ndn->bv_val, buf, 0 );
#endif /* LDAP_DEBUG */
res = LDAP_SUCCESS;
struct berval dn;
#ifdef BACKSQL_ARBITRARY_KEY
- ber_str2bv( row.cols[ 0 ], 0, 1, &id->eid_id );
- ber_str2bv( row.cols[ 1 ], 0, 1, &id->eid_keyval );
+ ber_str2bv_x( row.cols[ 0 ], 0, 1, &id->eid_id,
+ op->o_tmpmemctx );
+ ber_str2bv_x( row.cols[ 1 ], 0, 1, &id->eid_keyval,
+ op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
id->eid_id = strtol( row.cols[ 0 ], NULL, 0 );
id->eid_keyval = strtol( row.cols[ 1 ], NULL, 0 );
res = LDAP_OTHER;
} else {
- res = dnPrettyNormal( NULL, &dn, &id->eid_dn, &id->eid_ndn, NULL );
+ res = dnPrettyNormal( NULL, &dn,
+ &id->eid_dn, &id->eid_ndn,
+ op->o_tmpmemctx );
if ( res != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
- "<==backsql_dn2id(\"%s\"): "
+ " backsql_dn2id(\"%s\"): "
"dnPrettyNormal failed (%d: %s)\n",
realndn.bv_val, res,
ldap_err2string( res ) );
/* cleanup... */
- (void)backsql_free_entryID( id, 0 );
+ (void)backsql_free_entryID( op, id, 0 );
}
if ( dn.bv_val != row.cols[ 3 ] ) {
} else {
res = LDAP_NO_SUCH_OBJECT;
- Debug( LDAP_DEBUG_TRACE, "<==backsql_dn2id(): no match\n",
- 0, 0, 0 );
+ if ( matched ) {
+ struct berval pdn = *ndn;
+
+ /*
+ * Look for matched
+ */
+ rs->sr_matched = NULL;
+ while ( !be_issuffix( op->o_bd, &pdn ) ) {
+ struct berval dn;
+ char *matchedDN = NULL;
+
+ dn = pdn;
+ dnParent( &dn, &pdn );
+
+ /*
+ * Empty DN ("") defaults to LDAP_SUCCESS
+ */
+ rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, id, 0, 1 );
+ switch ( rs->sr_err ) {
+ case LDAP_NO_SUCH_OBJECT:
+ /* try another one */
+ break;
+
+ case LDAP_SUCCESS:
+ matchedDN = pdn.bv_val;
+ /* fail over to next case */
+
+ default:
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_matched = matchedDN;
+ goto done;
+ }
+ }
+ }
}
backsql_FreeRow( &row );
done:;
+ Debug( LDAP_DEBUG_TRACE,
+ "<==backsql_dn2id(\"%s\"): err=%d\n",
+ ndn->bv_val, res, 0 );
if ( sth != SQL_NULL_HSTMT ) {
SQLFreeStmt( sth, SQL_DROP );
}
struct berval *dn,
unsigned long *nchildren )
{
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
BACKSQL_ROW_NTS row;
RETCODE rc;
int res = LDAP_SUCCESS;
backsql_srch_info *bsi = v_bsi;
backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
RETCODE rc;
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
BACKSQL_ROW_NTS row;
- int i;
+ unsigned long i,
+ k = 0,
+ oldcount = 0;
+#ifdef BACKSQL_COUNTQUERY
+ unsigned long count,
+ countsize = sizeof( count ),
+ j;
+ Attribute *attr = NULL;
+
+ slap_mr_normalize_func *normfunc = NULL;
+#endif /* BACKSQL_COUNTQUERY */
+#ifdef BACKSQL_PRETTY_VALIDATE
+ slap_syntax_validate_func *validate = NULL;
+ slap_syntax_transform_func *pretty = NULL;
+#endif /* BACKSQL_PRETTY_VALIDATE */
assert( at );
assert( bsi );
bsi->bsi_c_eid->eid_keyval );
#endif /* ! BACKSQL_ARBITRARY_KEY */
+#ifdef BACKSQL_PRETTY_VALIDATE
+ validate = at->bam_ad->ad_type->sat_syntax->ssyn_validate;
+ pretty = at->bam_ad->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( validate == NULL && pretty == NULL ) {
+ return 1;
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+#ifdef BACKSQL_COUNTQUERY
+ if ( at->bam_ad->ad_type->sat_equality ) {
+ normfunc = at->bam_ad->ad_type->sat_equality->smr_normalize;
+ }
+
+ /* Count how many rows will be returned. This avoids memory
+ * fragmentation that can result from loading the values in
+ * one by one and using realloc()
+ */
+ rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_countquery, 0 );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error preparing count query: %s\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ return 1;
+ }
+
+ rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
+ &bsi->bsi_c_eid->eid_keyval );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error binding key value parameter\n", 0, 0, 0 );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ rc = SQLExecute( sth );
+ if ( ! BACKSQL_SUCCESS( rc ) ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error executing attribute count query '%s'\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ SQLBindCol( sth, (SQLUSMALLINT)1, SQL_C_LONG,
+ (SQLPOINTER)&count,
+ (SQLINTEGER)sizeof( count ),
+ &countsize );
+
+ rc = SQLFetch( sth );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "error fetch results of count query: %s\n",
+ at->bam_countquery, 0, 0 );
+ backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
+ SQLFreeStmt( sth, SQL_DROP );
+ return 1;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
+ "number of values in query: %d\n", count, 0, 0 );
+ SQLFreeStmt( sth, SQL_DROP );
+ if ( count == 0 ) {
+ return 1;
+ }
+
+ attr = attr_find( bsi->bsi_e->e_attrs, at->bam_ad );
+ if ( attr != NULL ) {
+ BerVarray tmp;
+
+ if ( attr->a_vals != NULL ) {
+ for ( ; !BER_BVISNULL( &attr->a_vals[ oldcount ] ); oldcount++ )
+ /* just count */ ;
+ }
+
+ tmp = ch_realloc( attr->a_vals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
+ if ( tmp == NULL ) {
+ return 1;
+ }
+ attr->a_vals = tmp;
+ memset( &attr->a_vals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
+
+ if ( normfunc ) {
+ tmp = ch_realloc( attr->a_nvals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
+ if ( tmp == NULL ) {
+ return 1;
+ }
+ attr->a_nvals = tmp;
+ memset( &attr->a_nvals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ } else {
+ Attribute **ap;
+
+ /* Make space for the array of values */
+ attr = (Attribute *) ch_malloc( sizeof( Attribute ) );
+ attr->a_desc = at->bam_ad;
+ attr->a_flags = 0;
+ attr->a_next = NULL;
+ attr->a_vals = ch_calloc( count + 1, sizeof( struct berval ) );
+ if ( attr->a_vals == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "Out of memory!\n", 0,0,0 );
+ ch_free( attr );
+ return 1;
+ }
+ memset( attr->a_vals, 0, ( count + 1 ) * sizeof( struct berval ) );
+ if ( normfunc ) {
+ attr->a_nvals = ch_calloc( count + 1, sizeof( struct berval ) );
+ if ( attr->a_nvals == NULL ) {
+ ch_free( attr->a_vals );
+ ch_free( attr );
+ return 1;
+
+ } else {
+ memset( attr->a_nvals, 0, ( count + 1 ) * sizeof( struct berval ) );
+ }
+
+ } else {
+ attr->a_nvals = attr->a_vals;
+ }
+
+ for ( ap = &bsi->bsi_e->e_attrs; (*ap) != NULL; ap = &(*ap)->a_next )
+ /* goto last */ ;
+ *ap = attr;
+ }
+#endif /* BACKSQL_COUNTQUERY */
+
rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_query, 0 );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_values(): "
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error preparing query: %s\n", at->bam_query, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
return 1;
rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
&bsi->bsi_c_eid->eid_keyval );
if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_values(): "
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error binding key value parameter\n", 0, 0, 0 );
return 1;
}
#ifdef BACKSQL_TRACE
#ifdef BACKSQL_ARBITRARY_KEY
- Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_values(): "
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"query=\"%s\" keyval=%s\n", at->bam_query,
bsi->bsi_c_eid->eid_keyval.bv_val, 0 );
#else /* !BACKSQL_ARBITRARY_KEY */
- Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_values(): "
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"query=\"%s\" keyval=%d\n", at->bam_query,
bsi->bsi_c_eid->eid_keyval, 0 );
#endif /* ! BACKSQL_ARBITRARY_KEY */
rc = SQLExecute( sth );
if ( ! BACKSQL_SUCCESS( rc ) ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_values(): "
+ Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error executing attribute query \"%s\"\n",
at->bam_query, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
}
backsql_BindRowAsStrings( sth, &row );
-
- rc = SQLFetch( sth );
- for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
+#ifdef BACKSQL_COUNTQUERY
+ j = oldcount;
+#endif /* BACKSQL_COUNTQUERY */
+ for ( rc = SQLFetch( sth ), k = 0;
+ BACKSQL_SUCCESS( rc );
+ rc = SQLFetch( sth ), k++ )
+ {
for ( i = 0; i < row.ncols; i++ ) {
+
if ( row.value_len[ i ] > 0 ) {
- struct berval bv;
+ struct berval bv;
+ int retval;
+#ifdef BACKSQL_TRACE
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ retval = slap_bv2ad( &row.col_names[ i ], &ad, &text );
+ if ( retval != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "unable to find AttributeDescription %s "
+ "in schema (%d)\n",
+ bsi->bsi_e->e_name.bv_val,
+ row.col_names[ i ].bv_val, retval );
+ return 1;
+ }
+
+ if ( ad != at->bam_ad ) {
+ Debug( LDAP_DEBUG_ANY,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "column name %s differs from "
+ "AttributeDescription %s\n",
+ bsi->bsi_e->e_name.bv_val,
+ ad->ad_cname.bv_val,
+ at->bam_ad->ad_cname.bv_val );
+ return 1;
+ }
+#endif /* BACKSQL_TRACE */
- bv.bv_val = row.cols[ i ];
-#if 0
- bv.bv_len = row.col_prec[ i ];
-#else
/*
* FIXME: what if a binary
* is fetched?
*/
- bv.bv_len = strlen( row.cols[ i ] );
-#endif
- backsql_entry_addattr( bsi->bsi_e,
- &row.col_names[ i ], &bv,
+ ber_str2bv( row.cols[ i ], 0, 0, &bv );
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ struct berval pbv;
+
+ retval = pretty( at->bam_ad->ad_type->sat_syntax,
+ &bv, &pbv, bsi->bsi_op->o_tmpmemctx );
+ bv = pbv;
+
+ } else {
+ retval = validate( at->bam_ad->ad_type->sat_syntax,
+ &bv );
+ }
+
+ if ( retval != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: we're ignoring invalid values,
+ * but we're accepting the attributes;
+ * should we fail at all? */
+ snprintf( buf, sizeof( buf ),
+ "unable to %s value #%d "
+ "of AttributeDescription %s",
+ pretty ? "prettify" : "validate",
+ at->bam_ad->ad_cname.bv_val,
+ k - oldcount );
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "%s (%d)\n",
+ bsi->bsi_e->e_name.bv_val, buf, retval );
+ continue;
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+#ifndef BACKSQL_COUNTQUERY
+ (void)backsql_entry_addattr( bsi->bsi_e,
+ at->bam_ad, &bv,
bsi->bsi_op->o_tmpmemctx );
+#else /* BACKSQL_COUNTQUERY */
+ if ( normfunc ) {
+ struct berval nbv;
+
+ retval = (*normfunc)( SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ at->bam_ad->ad_type->sat_syntax,
+ at->bam_ad->ad_type->sat_equality,
+ &bv, &nbv,
+ bsi->bsi_op->o_tmpmemctx );
+
+ if ( retval != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* FIXME: we're ignoring invalid values,
+ * but we're accepting the attributes;
+ * should we fail at all? */
+ snprintf( buf, sizeof( buf ),
+ "unable to normalize value #%d "
+ "of AttributeDescription %s",
+ at->bam_ad->ad_cname.bv_val,
+ k - oldcount );
+ Debug( LDAP_DEBUG_TRACE,
+ "==>backsql_get_attr_vals(\"%s\"): "
+ "%s (%d)\n",
+ bsi->bsi_e->e_name.bv_val, buf, retval );
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ bsi->bsi_op->o_tmpfree( bv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
+ continue;
+ }
+ ber_dupbv( &attr->a_nvals[ j ], &nbv );
+ bsi->bsi_op->o_tmpfree( nbv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+
+ ber_dupbv( &attr->a_vals[ j ], &bv );
+
+ assert( j < oldcount + count );
+ j++;
+#endif /* BACKSQL_COUNTQUERY */
+
+#ifdef BACKSQL_PRETTY_VALIDATE
+ if ( pretty ) {
+ bsi->bsi_op->o_tmpfree( bv.bv_val,
+ bsi->bsi_op->o_tmpmemctx );
+ }
+#endif /* BACKSQL_PRETTY_VALIDATE */
+
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "prec=%d\n",
(int)row.col_prec[ i ], 0, 0 );
+
} else {
Debug( LDAP_DEBUG_TRACE, "NULL value "
"in this row for attribute \"%s\"\n",
int
backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid )
{
- backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ Operation *op = bsi->bsi_op;
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
int i;
int rc;
- AttributeDescription *ad_oc = slap_schema.si_ad_objectClass;
Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()\n", 0, 0, 0 );
goto done;
}
- ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, bsi->bsi_op->o_tmpmemctx );
- ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, bsi->bsi_op->o_tmpmemctx );
+ ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );
+ ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );
bsi->bsi_e->e_attrs = NULL;
bsi->bsi_e->e_private = NULL;
bsi->bsi_c_eid = eid;
#ifndef BACKSQL_ARBITRARY_KEY
+ /* FIXME: unused */
bsi->bsi_e->e_id = eid->eid_id;
#endif /* ! BACKSQL_ARBITRARY_KEY */
- rc = attr_merge_normalize_one( bsi->bsi_e, ad_oc,
- &bsi->bsi_oc->bom_oc->soc_cname,
- bsi->bsi_op->o_tmpmemctx );
+ rc = attr_merge_normalize_one( bsi->bsi_e,
+ slap_schema.si_ad_objectClass,
+ &bsi->bsi_oc->bom_oc->soc_cname,
+ bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
entry_clean( bsi->bsi_e );
return rc;
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"custom attribute list\n", 0, 0, 0 );
- for ( i = 0; bsi->bsi_attrs[ i ].an_name.bv_val; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {
backsql_at_map_rec **vat;
AttributeName *an = &bsi->bsi_attrs[ i ];
int j;
* because subtypes are already dealt with
* by backsql_supad2at()
*/
- for ( j = 0; bsi->bsi_attrs[ j ].an_name.bv_val; j++ ) {
+ for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {
/* skip self */
if ( j == i ) {
continue;
int rc;
bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
- bv[ 1 ].bv_val = NULL;
+ BER_BVZERO( &bv[ 1 ] );
rc = structural_class( bv, &soc, NULL,
&text, textbuf, textlen );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
BackendInfo *bi )
{
static char *controls[] = {
+ LDAP_CONTROL_ASSERT,
+ LDAP_CONTROL_MANAGEDSAIT,
#if 0 /* needs improvements */
-#ifdef LDAP_CONTROL_NOOP
LDAP_CONTROL_NOOP,
-#endif /* LDAP_CONTROL_NOOP */
#endif
+#ifdef LDAP_CONTROL_X_TREE_DELETE
+ LDAP_CONTROL_X_TREE_DELETE,
+#endif /* LDAP_CONTROL_X_TREE_DELETE */
#ifdef LDAP_CONTROL_VALUESRETURNFILTER
LDAP_CONTROL_VALUESRETURNFILTER,
#endif /* LDAP_CONTROL_VALUESRETURNFILTER */
bi->bi_controls = controls;
+ bi->bi_flags |=
+#if 0
+ SLAP_BFLAG_INCREMENT |
+#endif
+ SLAP_BFLAG_REFERRALS;
+
Debug( LDAP_DEBUG_TRACE,"==>sql_back_initialize()\n", 0, 0, 0 );
bi->bi_db_init = backsql_db_init;
free( bi->sql_subtree_cond.bv_val );
free( bi->sql_oc_query );
free( bi->sql_at_query );
- free( bi->sql_insentry_query );
- free( bi->sql_delentry_query );
- free( bi->sql_delobjclasses_query );
- free( bi->sql_delreferrals_query );
+ free( bi->sql_insentry_stmt );
+ free( bi->sql_delentry_stmt );
+ free( bi->sql_renentry_stmt );
+ free( bi->sql_delobjclasses_stmt );
+
+ if ( bi->sql_anlist ) {
+ int i;
+
+ for ( i = 0; !BER_BVISNULL( &bi->sql_anlist[i].an_name ); i++ )
+ {
+ ch_free( bi->sql_anlist[i].an_name.bv_val );
+ }
+ ch_free( bi->sql_anlist );
+ }
if ( bi->sql_baseObject ) {
entry_free( bi->sql_baseObject );
BackendDB *bd )
{
backsql_info *bi = (backsql_info*)bd->be_private;
- SQLHDBC dbh;
- ber_len_t idq_len;
+ SQLHDBC dbh = SQL_NULL_HDBC;
struct berbuf bb = BB_NULL;
char opbuf[ OPERATION_BUFFER_SIZE ];
bi->sql_at_query = ch_strdup( backsql_def_at_query );
}
- if ( bi->sql_insentry_query == NULL ) {
+ if ( bi->sql_insentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"entry insertion SQL statement not specified "
- "(use \"insentry_query\" directive in slapd.conf)\n",
+ "(use \"insentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
- backsql_def_insentry_query, 0, 0 );
- bi->sql_insentry_query = ch_strdup( backsql_def_insentry_query );
+ backsql_def_insentry_stmt, 0, 0 );
+ bi->sql_insentry_stmt = ch_strdup( backsql_def_insentry_stmt );
}
- if ( bi->sql_delentry_query == NULL ) {
+ if ( bi->sql_delentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"entry deletion SQL statement not specified "
- "(use \"delentry_query\" directive in slapd.conf)\n",
+ "(use \"delentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
- backsql_def_delentry_query, 0, 0 );
- bi->sql_delentry_query = ch_strdup( backsql_def_delentry_query );
+ backsql_def_delentry_stmt, 0, 0 );
+ bi->sql_delentry_stmt = ch_strdup( backsql_def_delentry_stmt );
}
- if ( bi->sql_delobjclasses_query == NULL ) {
+ if ( bi->sql_renentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
- "objclasses deletion SQL statement not specified "
- "(use \"delobjclasses_query\" directive in slapd.conf)\n",
+ "entry deletion SQL statement not specified "
+ "(use \"renentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
- backsql_def_delobjclasses_query, 0, 0 );
- bi->sql_delobjclasses_query = ch_strdup( backsql_def_delobjclasses_query );
+ backsql_def_renentry_stmt, 0, 0 );
+ bi->sql_renentry_stmt = ch_strdup( backsql_def_renentry_stmt );
}
- if ( bi->sql_delreferrals_query == NULL ) {
+ if ( bi->sql_delobjclasses_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
- "referrals deletion SQL statement not specified "
- "(use \"delreferrals_query\" directive in slapd.conf)\n",
+ "objclasses deletion SQL statement not specified "
+ "(use \"delobjclasses_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
- backsql_def_delreferrals_query, 0, 0 );
- bi->sql_delreferrals_query = ch_strdup( backsql_def_delreferrals_query );
+ backsql_def_delobjclasses_stmt, 0, 0 );
+ bi->sql_delobjclasses_stmt = ch_strdup( backsql_def_delobjclasses_stmt );
}
op->o_hdr = (Opheader *)&op[ 1 ];
/*
* Prepare ID selection query
*/
- bi->sql_id_query = NULL;
- idq_len = 0;
-
- if ( bi->sql_upper_func.bv_val == NULL ) {
- backsql_strcat( &bb, backsql_id_query, "dn=?", NULL );
+ if ( bi->sql_id_query == NULL ) {
+ /* no custom id_query provided */
+ if ( bi->sql_upper_func.bv_val == NULL ) {
+ backsql_strcat( &bb, backsql_id_query, "dn=?", NULL );
- } else {
- if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
- backsql_strcat( &bb, backsql_id_query,
- "dn_ru=?", NULL );
} else {
- if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
- backsql_strfcat( &bb, "sbl",
- backsql_id_query,
- &bi->sql_upper_func,
- (ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" );
+ if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
+ backsql_strcat( &bb, backsql_id_query,
+ "dn_ru=?", NULL );
} else {
- backsql_strfcat( &bb, "sblbcb",
- backsql_id_query,
- &bi->sql_upper_func,
- (ber_len_t)STRLENOF( "(dn)=" ), "(dn)=",
- &bi->sql_upper_func_open,
- '?',
- &bi->sql_upper_func_close );
+ if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
+ backsql_strfcat( &bb, "sbl",
+ backsql_id_query,
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" );
+ } else {
+ backsql_strfcat( &bb, "sblbcb",
+ backsql_id_query,
+ &bi->sql_upper_func,
+ (ber_len_t)STRLENOF( "(dn)=" ), "(dn)=",
+ &bi->sql_upper_func_open,
+ '?',
+ &bi->sql_upper_func_close );
+ }
}
}
+ bi->sql_id_query = bb.bb_val.bv_val;
}
- bi->sql_id_query = bb.bb_val.bv_val;
/*
* Prepare children ID selection query
0, 0, 0 );
return 1;
}
+
+ /* should never happen! */
+ assert( bd->be_nsuffix != NULL );
+
+ if ( BER_BVISNULL( &bd->be_nsuffix[ 1 ] ) ) {
+ /* enable if only one suffix is defined */
+ bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;
+ }
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_open(): "
"test succeeded, schema map loaded\n", 0, 0, 0 );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
backsql_modify( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
- SQLHDBC dbh;
+ SQLHDBC dbh = SQL_NULL_HDBC;
backsql_oc_map_rec *oc = NULL;
- backsql_entryID e_id = BACKSQL_ENTRYID_INIT;
- Entry e;
+ backsql_srch_info bsi = { 0 };
+ Entry m = { 0 }, *e = NULL;
+ int manageDSAit = get_manageDSAit( op );
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
/*
* FIXME: in case part of the operation cannot be performed
goto done;
}
- rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
- "could not lookup entry id\n", 0, 0, 0 );
- rs->sr_text = ( rs->sr_err == LDAP_OTHER )
- ? "SQL-backend error" : NULL;
+ bsi.bsi_e = &m;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &m;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modify(): "
+ "could not retrieve modifyDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &m.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &m;
+
+ } else {
+ e = NULL;
+ }
goto done;
}
#ifdef BACKSQL_ARBITRARY_KEY
Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
"modifying entry \"%s\" (id=%s)\n",
- e_id.eid_dn.bv_val, e_id.eid_id.bv_val, 0 );
+ bsi.bsi_base_id.eid_dn.bv_val,
+ bsi.bsi_base_id.eid_id.bv_val, 0 );
#else /* ! BACKSQL_ARBITRARY_KEY */
Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
"modifying entry \"%s\" (id=%ld)\n",
- e_id.eid_dn.bv_val, e_id.eid_id, 0 );
+ bsi.bsi_base_id.eid_dn.bv_val, bsi.bsi_base_id.eid_id, 0 );
#endif /* ! BACKSQL_ARBITRARY_KEY */
- oc = backsql_id2oc( bi, e_id.eid_oc_id );
+ if ( get_assert( op ) &&
+ ( test_filter( op, &m, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &m;
+ goto done;
+ }
+
+ oc = backsql_id2oc( bi, bsi.bsi_base_id.eid_oc_id );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modify(): "
"cannot determine objectclass of entry -- aborting\n",
*/
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
+ e = NULL;
goto done;
}
- e.e_attrs = NULL;
- e.e_name = op->o_req_dn;
- e.e_nname = op->o_req_ndn;
- if ( !acl_check_modlist( op, &e, op->oq_modify.rs_modlist ) ) {
+ if ( !acl_check_modlist( op, &m, op->oq_modify.rs_modlist ) ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ e = &m;
+ goto done;
+ }
- } else {
- rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id,
- op->oq_modify.rs_modlist );
+ rs->sr_err = backsql_modify_internal( op, rs, dbh, oc,
+ &bsi.bsi_base_id, op->oq_modify.rs_modlist );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &m;
+ goto do_transact;
}
- if ( rs->sr_err == LDAP_SUCCESS ) {
- /*
- * Commit only if all operations succeed
- */
- SQLTransact( SQL_NULL_HENV, dbh,
- op->o_noop ? SQL_ROLLBACK : SQL_COMMIT );
+ if ( global_schemacheck ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ entry_clean( &m );
+
+ bsi.bsi_e = &m;
+ rs->sr_err = backsql_id2entry( &bsi, &bsi.bsi_base_id );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &m;
+ goto do_transact;
+ }
+
+ rs->sr_err = entry_schema_check( op->o_bd, &m,
+ NULL,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry failed schema check -- aborting\n",
+ m.e_name.bv_val, 0, 0 );
+ e = NULL;
+ goto do_transact;
+ }
}
+do_transact:;
+ /*
+ * Commit only if all operations succeed
+ */
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ CompletionType = SQL_COMMIT;
+ }
+
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
+
done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
send_ldap_result( op, rs );
+
+ if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &m.e_nname ) ) {
+ entry_clean( &m );
+ }
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
Debug( LDAP_DEBUG_TRACE, "<==backsql_modify()\n", 0, 0, 0 );
- return rs->sr_err != LDAP_SUCCESS ? rs->sr_err : op->o_noop;
+ return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
backsql_modrdn( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
- SQLHDBC dbh;
- SQLHSTMT sth;
+ SQLHDBC dbh = SQL_NULL_HDBC;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
RETCODE rc;
backsql_entryID e_id = BACKSQL_ENTRYID_INIT,
- pe_id = BACKSQL_ENTRYID_INIT,
- new_pe_id = BACKSQL_ENTRYID_INIT;
+ n_id = BACKSQL_ENTRYID_INIT;
+ backsql_srch_info bsi = { 0 };
backsql_oc_map_rec *oc = NULL;
- struct berval p_dn = BER_BVNULL, p_ndn = BER_BVNULL,
+ struct berval pdn = BER_BVNULL, pndn = BER_BVNULL,
*new_pdn = NULL, *new_npdn = NULL,
new_dn = BER_BVNULL, new_ndn = BER_BVNULL,
realnew_dn = BER_BVNULL;
LDAPRDN new_rdn = NULL;
LDAPRDN old_rdn = NULL;
- Entry e;
+ Entry r = { 0 },
+ p = { 0 },
+ n = { 0 },
+ *e = NULL;
+ int manageDSAit = get_manageDSAit( op );
Modifications *mod = NULL;
struct berval *newSuperior = op->oq_modrdn.rs_newSup;
char *next;
"newrdn=\"%s\", newSuperior=\"%s\"\n",
op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val,
newSuperior ? newSuperior->bv_val : "(NULL)" );
+
rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
0, 0, 0 );
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
- send_ldap_result( op, rs );
- return 1;
+ e = NULL;
+ goto done;
}
- rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "could not lookup entry id (%d)\n",
- rs->sr_err, 0, 0 );
- rs->sr_text = ( rs->sr_err == LDAP_OTHER )
- ? "SQL-backend error" : NULL;
- send_ldap_result( op, rs );
- return 1;
+ bsi.bsi_e = &r;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &r;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve modrdnDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &r;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
}
#ifdef BACKSQL_ARBITRARY_KEY
e_id.eid_id, 0, 0 );
#endif /* ! BACKSQL_ARBITRARY_KEY */
+ if ( get_assert( op ) &&
+ ( test_filter( op, &r, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ e = &r;
+ goto done;
+ }
+
if ( backsql_has_children( bi, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"entry \"%s\" has children\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
- send_ldap_result( op, rs );
- return 1;
+ e = &r;
+ goto done;
}
- dnParent( &op->o_req_dn, &p_dn );
- dnParent( &op->o_req_ndn, &p_ndn );
+ /*
+ * Check for entry access to target
+ */
+ if ( !access_allowed( op, &r, slap_schema.si_ad_entry,
+ NULL, ACL_WRITE, NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE, " no access to entry\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto done;
+ }
+
+ dnParent( &op->o_req_dn, &pdn );
+ dnParent( &op->o_req_ndn, &pndn );
/*
* namingContext "" is not supported
*/
- if ( p_dn.bv_len == 0 ) {
+ if ( BER_BVISEMPTY( &pdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"parent is \"\" - aborting\n", 0, 0, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "not allowed within namingContext";
- send_ldap_result( op, rs );
- goto modrdn_return;
+ e = NULL;
+ goto done;
}
/*
* Check for children access to parent
*/
- e.e_attrs = NULL;
- e.e_name = p_dn;
- e.e_nname = p_ndn;
- if ( !access_allowed( op, &e, slap_schema.si_ad_children,
+ bsi.bsi_e = &p;
+ e_id = bsi.bsi_base_id;
+ rs->sr_err = backsql_init_search( &bsi, &pndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ BACKSQL_ISF_GET_ENTRY );
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "old parent entry id is %s\n",
+ bsi.bsi_base_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "old parent entry id is %ld\n",
+ bsi.bsi_base_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve renameDN ID - no such entry\n",
+ 0, 0, 0 );
+ e = &p;
+ goto done;
+ }
+
+ if ( !access_allowed( op, &p, slap_schema.si_ad_children,
NULL, ACL_WRITE, NULL ) ) {
Debug( LDAP_DEBUG_TRACE, " no access to parent\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- goto modrdn_return;
+ goto done;
}
if ( newSuperior ) {
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
/*
* namingContext "" is not supported
*/
- if ( newSuperior->bv_len == 0 ) {
+ if ( BER_BVISEMPTY( newSuperior ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"newSuperior is \"\" - aborting\n", 0, 0, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "not allowed within namingContext";
- send_ldap_result( op, rs );
- goto modrdn_return;
+ e = NULL;
+ goto done;
}
new_pdn = newSuperior;
new_npdn = op->oq_modrdn.rs_nnewSup;
- e.e_name = *new_pdn;
- e.e_nname = *new_npdn;
-
/*
* Check for children access to new parent
*/
- if ( !access_allowed( op, &e, slap_schema.si_ad_children,
+ bsi.bsi_e = &n;
+ rs->sr_err = backsql_init_search( &bsi, new_npdn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve renameDN ID - no such entry\n",
+ 0, 0, 0 );
+ e = &n;
+ goto done;
+ }
+
+ n_id = bsi.bsi_base_id;
+
+#ifdef BACKSQL_ARBITRARY_KEY
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "new parent entry id=%s\n",
+ n_id.eid_id.bv_val, 0, 0 );
+#else /* ! BACKSQL_ARBITRARY_KEY */
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
+ "new parent entry id=%ld\n",
+ n_id.eid_id, 0, 0 );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+
+ if ( !access_allowed( op, &n, slap_schema.si_ad_children,
NULL, ACL_WRITE, NULL ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"no access to new parent \"%s\"\n",
new_pdn->bv_val, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- goto modrdn_return;
+ e = &n;
+ goto done;
}
} else {
- new_pdn = &p_dn;
- new_npdn = &p_ndn;
+ n_id = bsi.bsi_base_id;
+ new_pdn = &pdn;
+ new_npdn = &pndn;
}
- if ( newSuperior && dn_match( &p_ndn, new_npdn ) ) {
+ if ( newSuperior && dn_match( &pndn, new_npdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"newSuperior is equal to old parent - ignored\n",
0, 0, 0 );
"- aborting\n", 0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "newSuperior is equal to old DN";
- send_ldap_result( op, rs );
- goto modrdn_return;
+ e = &r;
+ goto done;
}
build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn,
op->o_tmpmemctx );
- rs->sr_err = dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn,
+ build_new_dn( &new_ndn, new_npdn, &op->oq_modrdn.rs_nnewrdn,
op->o_tmpmemctx );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "new dn is invalid (\"%s\") - aborting\n",
- new_dn.bv_val, 0, 0 );
- rs->sr_text = "unable to build new DN";
- send_ldap_result( op, rs );
- goto modrdn_return;
- }
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new entry dn is \"%s\"\n",
new_dn.bv_val, 0, 0 );
- rs->sr_err = backsql_dn2id( op, rs, &pe_id, dbh, &p_ndn, 1 );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "could not lookup old parent entry id\n", 0, 0, 0 );
- rs->sr_text = ( rs->sr_err == LDAP_OTHER )
- ? "SQL-backend error" : NULL;
- send_ldap_result( op, rs );
- goto modrdn_return;
- }
-
-#ifdef BACKSQL_ARBITRARY_KEY
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "old parent entry id is %s\n", pe_id.eid_id.bv_val, 0, 0 );
-#else /* ! BACKSQL_ARBITRARY_KEY */
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "old parent entry id is %ld\n", pe_id.eid_id, 0, 0 );
-#endif /* ! BACKSQL_ARBITRARY_KEY */
-
- (void)backsql_free_entryID( &pe_id, 0 );
-
- rs->sr_err = backsql_dn2id( op, rs, &new_pe_id, dbh, new_npdn, 1 );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "could not lookup new parent entry id\n", 0, 0, 0 );
- rs->sr_text = ( rs->sr_err == LDAP_OTHER )
- ? "SQL-backend error" : NULL;
- send_ldap_result( op, rs );
- goto modrdn_return;
- }
-
-#ifdef BACKSQL_ARBITRARY_KEY
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "new parent entry id=%s\n", new_pe_id.eid_id.bv_val, 0, 0 );
-#else /* ! BACKSQL_ARBITRARY_KEY */
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "new parent entry id=%ld\n", new_pe_id.eid_id, 0, 0 );
-#endif /* ! BACKSQL_ARBITRARY_KEY */
-
-
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "executing delentry_query\n", 0, 0, 0 );
-
- rc = backsql_Prepare( dbh, &sth, bi->sql_delentry_query, 0 );
- if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_modrdn(): "
- "error preparing delentry_query\n", 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh,
- sth, rc );
-
- rs->sr_text = "SQL-backend error";
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id );
- if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE,
- " backsql_delete(): "
- "error binding entry ID parameter "
- "for objectClass %s\n",
- oc->bom_oc->soc_cname.bv_val, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh,
- sth, rc );
+ realnew_dn = new_dn;
+ if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
+ "backsql_api_dn2odbc(\"%s\") failed\n",
+ op->o_req_dn.bv_val, realnew_dn.bv_val, 0 );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
- rc = SQLExecute( sth );
- if ( rc != SQL_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "failed to delete record from ldap_entries\n",
- 0, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
- SQLFreeStmt( sth, SQL_DROP );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
- send_ldap_result( op, rs );
- goto done;
- }
-
- SQLFreeStmt( sth, SQL_DROP );
-
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "executing insentry_query\n", 0, 0, 0 );
+ "executing renentry_stmt\n", 0, 0, 0 );
- rc = backsql_Prepare( dbh, &sth, bi->sql_insentry_query, 0 );
+ rc = backsql_Prepare( dbh, &sth, bi->sql_renentry_stmt, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
- "error preparing insentry_query\n", 0, 0, 0 );
+ "error preparing renentry_stmt\n", 0, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- realnew_dn = new_dn;
- if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
- "backsql_api_dn2odbc(\"%s\") failed\n",
- op->o_req_dn.bv_val, realnew_dn.bv_val, 0 );
- SQLFreeStmt( sth, SQL_DROP );
-
- rs->sr_text = "SQL-backend error";
- rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
- rc = backsql_BindParamInt( sth, 2, SQL_PARAM_INPUT, &e_id.eid_oc_id );
+ rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT, &n_id.eid_id );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_add_attr(): "
- "error binding objectClass ID parameter for objectClass %s\n",
+ "error binding parent ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
- rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &new_pe_id.eid_id );
+ rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &e_id.eid_keyval );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_add_attr(): "
- "error binding parent ID parameter for objectClass %s\n",
+ "error binding entry ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
- rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_keyval );
+ rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_id );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_add_attr(): "
- "error binding entry ID parameter for objectClass %s\n",
+ "error binding ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
+ e = NULL;
goto done;
}
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
- "could not insert ldap_entries record\n", 0, 0, 0 );
+ "could not rename ldap_entries record\n", 0, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
- send_ldap_result( op, rs );
+ e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
{
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn: can't figure out "
- "type(s)/values(s) of newrdn\n",
+ "type(s)/values(s) of new_rdn\n",
0, 0, 0 );
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+ e = &r;
goto done;
}
- Debug( LDAP_DEBUG_TRACE,
- " backsql_modrdn: new_rdn_type=\"%s\", "
- "new_rdn_val=\"%s\"\n",
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn: "
+ "new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n",
new_rdn[ 0 ]->la_attr.bv_val,
new_rdn[ 0 ]->la_value.bv_val, 0 );
"the old_rdn type(s)/value(s)\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
- goto done;
+ e = NULL;
+ goto done;
}
}
- e.e_name = new_dn;
- e.e_nname = new_ndn;
- rs->sr_err = slap_modrdn2mods( op, rs, &e, old_rdn, new_rdn, &mod );
+ rs->sr_err = slap_modrdn2mods( op, rs, &r, old_rdn, new_rdn, &mod );
if ( rs->sr_err != LDAP_SUCCESS ) {
- goto modrdn_return;
- }
-
- if ( !acl_check_modlist( op, &e, mod )) {
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- goto modrdn_return;
+ e = &r;
+ goto done;
}
oc = backsql_id2oc( bi, e_id.eid_oc_id );
rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, mod );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ e = &r;
+ goto done;
+ }
+
+ if ( global_schemacheck ) {
+ char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ entry_clean( &r );
+ (void)backsql_free_entryID( op, &e_id, 0 );
+
+ bsi.bsi_e = &r;
+ rs->sr_err = backsql_init_search( &bsi, &new_ndn,
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs,
+ slap_anlist_all_attributes,
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &new_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ e = &r;
+ /* fallthru */
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
+ "could not retrieve modrdnDN ID - no such entry\n",
+ 0, 0, 0 );
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ /* FIXME: should always be true! */
+ e = &r;
+
+ } else {
+ e = NULL;
+ }
+ goto done;
+ }
+
+ e_id = bsi.bsi_base_id;
+
+ rs->sr_err = entry_schema_check( op->o_bd, &r,
+ NULL,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ "entry failed schema check -- aborting\n",
+ r.e_name.bv_val, 0, 0 );
+ e = NULL;
+ goto done;
+ }
+ }
done:;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( e != NULL ) {
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ send_ldap_result( op, rs );
+
/*
* Commit only if all operations succeed
*/
- if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
- SQLTransact( SQL_NULL_HENV, dbh, SQL_COMMIT );
+ if ( sth != SQL_NULL_HSTMT ) {
+ SQLUSMALLINT CompletionType = SQL_ROLLBACK;
+
+ if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
+ CompletionType = SQL_COMMIT;
+ }
- } else {
- SQLTransact( SQL_NULL_HENV, dbh, SQL_ROLLBACK );
+ SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
}
-modrdn_return:;
if ( !BER_BVISNULL( &realnew_dn ) && realnew_dn.bv_val != new_dn.bv_val ) {
ch_free( realnew_dn.bv_val );
}
}
}
- if ( !BER_BVISNULL( &new_pe_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &new_pe_id, 0 );
+ if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &e_id, 0 );
}
- send_ldap_result( op, rs );
+ if ( !BER_BVISNULL( &n_id.eid_ndn ) ) {
+ (void)backsql_free_entryID( op, &n_id, 0 );
+ }
+
+ if ( !BER_BVISNULL( &r.e_nname ) ) {
+ entry_clean( &r );
+ }
+
+ if ( !BER_BVISNULL( &p.e_nname ) ) {
+ entry_clean( &p );
+ }
+
+ if ( !BER_BVISNULL( &n.e_nname ) ) {
+ entry_clean( &n );
+ }
Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n", 0, 0, 0 );
- return op->o_noop;
+
+ return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
&& !got[ BACKSQL_OP_ENTRYUUID ]
&& attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID ) == NULL )
{
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
rc = backsql_init_search( &bsi, &rs->sr_entry->e_nname,
- LDAP_SCOPE_BASE, -1, -1, -1, NULL,
- dbh, op, rs, NULL,
- ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) );
+ LDAP_SCOPE_BASE,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL, dbh, op, rs, NULL,
+ BACKSQL_ISF_GET_ID );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
"could not retrieve entry ID - no such entry\n",
*ap = backsql_operational_entryUUID( bi, &bsi.bsi_base_id );
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
+
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
if ( *ap == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_operational(): "
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Mararati.
* All rights reserved.
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
* by OpenLDAP Software. Additional significant contributors include
- * Pierangelo Mararati
+ * Pierangelo Masarati
*/
/*
#define PROTO_SQL_H
#include "back-sql.h"
-#include "sql-types.h"
/*
* add.c
/*
* api.c
*/
-int backsql_api_config( backsql_info *si, const char *name );
+int backsql_api_config( backsql_info *bi, const char *name,
+ int argc, char *argv[] );
+int backsql_api_destroy( backsql_info *bi );
int backsql_api_register( backsql_api *ba );
int backsql_api_dn2odbc( Operation *op, SlapReply *rs, struct berval *dn );
int backsql_api_odbc2dn( Operation *op, SlapReply *rs, struct berval *dn );
#endif /* BACKSQL_ARBITRARY_KEY */
/* stores in *id the ID in table ldap_entries corresponding to DN, if any */
-int backsql_dn2id( Operation *op, SlapReply *rs, backsql_entryID *id,
- SQLHDBC dbh, struct berval *dn, int muck );
+int backsql_dn2id( Operation *op, SlapReply *rs, SQLHDBC dbh,
+ struct berval *ndn, backsql_entryID *id,
+ int matched, int muck );
/* stores in *nchildren the count of children for an entry */
int backsql_count_children( backsql_info *bi, SQLHDBC dbh,
int backsql_has_children( backsql_info *bi, SQLHDBC dbh, struct berval *dn );
/* frees *id and returns next in list */
-backsql_entryID *backsql_free_entryID( backsql_entryID *id, int freeit );
+backsql_entryID *backsql_free_entryID( Operation *op, backsql_entryID *id,
+ int freeit );
/* turns an ID into an entry */
int backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *id );
* search.c
*/
-#define BACKSQL_ISF_GET_ID 0x1U
-#define BACKSQL_ISF_MUCK 0x2U
int backsql_init_search( backsql_srch_info *bsi,
struct berval *nbase, int scope, int slimit, int tlimit,
time_t stoptime, Filter *filter, SQLHDBC dbh,
backsql_def_oc_query[],
backsql_def_needs_select_oc_query[],
backsql_def_at_query[],
- backsql_def_delentry_query[],
- backsql_def_insentry_query[],
- backsql_def_delobjclasses_query[],
- backsql_def_delreferrals_query[],
+ backsql_def_delentry_stmt[],
+ backsql_def_renentry_stmt[],
+ backsql_def_insentry_stmt[],
+ backsql_def_delobjclasses_stmt[],
backsql_def_subtree_cond[],
backsql_def_upper_subtree_cond[],
backsql_id_query[],
struct berbuf * backsql_strcat( struct berbuf *dest, ... );
struct berbuf * backsql_strfcat( struct berbuf *dest, const char *fmt, ... );
-int backsql_entry_addattr( Entry *e, struct berval *at_name,
+int backsql_entry_addattr( Entry *e, AttributeDescription *ad,
struct berval *at_val, void *memctx );
int backsql_merge_from_clause( struct berbuf *dest_from,
dn
);
-drop table ldap_referrals;
-create table ldap_referrals
- (
- entry_id integer not null references ldap_entries(id),
- url varchar(256) not null
-);
-
drop table ldap_entry_objclasses;
create table ldap_entry_objclasses
(
dbuser db2inst1
dbpasswd ibmdb2
subtree_cond "upper(ldap_entries.dn) LIKE CONCAT('%',?)"
-insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
+insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
upper_func "upper"
upper_needs_cast "yes"
create_needs_select "yes"
pers_id int NOT NULL
);
+drop table referrals;
+CREATE TABLE referrals (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ url varchar(255) NOT NULL
+);
+
ALTER TABLE authors_docs ADD
insert into authors_docs (pers_id,doc_id) values (1,1);
insert into authors_docs (pers_id,doc_id) values (1,2);
insert into authors_docs (pers_id,doc_id) values (2,1);
+
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9010/');
values (3,'organization','institutes','id','INSERT INTO institutes (id,name) VALUES ((SELECT max(id)+1 FROM institutes),'''')',
'SELECT max(id) FROM institutes','DELETE FROM institutes WHERE id=?',0);
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,expect_return)
+values (4,'referral','referrals','id','INSERT INTO referrals (id,name,url) VALUES ((SELECT max(id)+1 FROM referrals),'''','''')',
+ 'SELECT max(id) FROM referrals','DELETE FROM referrals WHERE id=?',0);
+
-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
-- id a unique number identifying the attribute
-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
NULL,NULL,3,0);
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (13,4,'ou','referrals.name','referrals',NULL,'UPDATE referrals SET name=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (14,4,'ref','referrals.url','referrals',NULL,'UPDATE referrals SET url=? WHERE id=?',NULL,3,0);
+
-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
-- id a unique number > 0 identifying the entry
-- dn the DN of the entry, in "pretty" form
-- oc_map_id the "ldap_oc_mappings.id" of the main objectClass of this entry (view it as the structuralObjectClass)
-- parent the "ldap_entries.id" of the parent of this objectClass; 0 if it is the "suffix" of the database
-- keyval the value of the "keytbl.keycol" defined for this objectClass
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(1,'dc=example,dc=com',3,0,1);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (1,'dc=example,dc=com',3,0,1);
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(2,'cn=Mitya Kovalev,dc=example,dc=com',1,1,1);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(3,'cn=Torvlobnor Puzdoy,dc=example,dc=com',1,1,2);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(4,'cn=Akakiy Zinberstein,dc=example,dc=com',1,1,3);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (5,'documentTitle=book1,dc=example,dc=com',2,1,1);
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(5,'documentTitle=book1,dc=example,dc=com',2,1,1);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
-insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values
-(6,'documentTitle=book2,dc=example,dc=com',2,1,2);
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (7,'ou=Referral,dc=example,dc=com',4,1,1);
-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
insert into ldap_entry_objclasses (entry_id,oc_name) values (1,'dcObject');
-insert into ldap_entry_objclasses (entry_id,oc_name) values (4,'referral');
-
--- referrals mapping: entries that should be treated as referrals are stored here
--- entry_id the "ldap_entries.id" of the entry that should be treated as a referral
--- url the URI of the referral
-insert into ldap_referrals (entry_id,url) values (4,'ldap://localhost/');
-
+insert into ldap_entry_objclasses (entry_id,oc_name) values (7,'extensibleObject');
values (4,'referral');
insert into ldap_referrals (entry_id,url)
-values (4,'http://localhost/');
+values (4,'ldap://localhost:9010/');
-- support procedures
dn
);
-drop table if exists ldap_referrals;
-create table ldap_referrals
- (
- entry_id integer not null references ldap_entries(id),
- url text not null
-);
-
drop table if exists ldap_entry_objclasses;
create table ldap_entry_objclasses
(
dbuser root
dbpasswd
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
-insentry_query "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
+insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
has_ldapinfo_dn_ru no
id
);
+drop table if exists referrals;
+CREATE TABLE referrals (
+ id int NOT NULL,
+ name varchar(255) NOT NULL,
+ url varchar(255) NOT NULL
+);
+
insert into authors_docs (pers_id,doc_id) values (1,1);
insert into authors_docs (pers_id,doc_id) values (1,2);
insert into authors_docs (pers_id,doc_id) values (2,1);
+
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9010/');
insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
values (3,'organization','institutes','id',NULL,NULL,0);
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
+values (4,'referral','referrals','id',NULL,NULL,0);
+
-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
-- id a unique number identifying the attribute
-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
NULL,NULL,3,0);
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (13,4,'ou','referrals.name','referrals',NULL,NULL,NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
+values (14,4,'ref','referrals.url','referrals',NULL,NULL,NULL,3,0);
+
-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
-- id a unique number > 0 identifying the entry
-- dn the DN of the entry, in "pretty" form
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
-
+
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
+values (7,'ou=Referral,dc=example,dc=com',4,1,1);
-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
values (1,'dcObject');
insert into ldap_entry_objclasses (entry_id,oc_name)
-values (4,'referral');
-
--- referrals mapping: entries that should be treated as referrals are stored here
--- entry_id the "ldap_entries.id" of the entry that should be treated as a referral
--- url the URI of the referral
-insert into ldap_referrals (entry_id,url)
-values (4,'ldap://localhost/');
+values (7,'extensibleObject');
dbuser ldap
dbpasswd ldap
subtree_cond "UPPER(ldap_entries.dn) LIKE CONCAT('%',UPPER(?))"
-insentry_query "INSERT INTO ldap_entries (id,dn,oc_map_id,parent,keyval) VALUES (ldap_entry_ids.nextval,?,?,?,?)"
+insentry_stmt "INSERT INTO ldap_entries (id,dn,oc_map_id,parent,keyval) VALUES (ldap_entry_ids.nextval,?,?,?,?)"
upper_func UPPER
-- entry_id the "ldap_entries.id" of the entry that should be treated as a referral
-- url the URI of the referral
insert into ldap_referrals (entry_id,url)
-values (4,'http://localhost/');
+values (4,'ldap://localhost:9010/');
-- procedures
UNIQUE ( dn )
);
-drop table ldap_referrals;
-create table ldap_referrals
- (
- entry_id integer not null references ldap_entries(id),
- url text not null
-);
-
drop table ldap_entry_objclasses;
create table ldap_entry_objclasses
(
dbname PostgreSQL
dbuser postgres
dbpasswd postgres
-insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
+insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
upper_func "upper"
strcast_func "text"
concat_pattern "?||?"
pers_id int not null
);
+drop table referrals;
+drop sequence referrals_id_seq;
+create table referrals (
+ id serial not null primary key,
+ name varchar(255) not null,
+ url varchar(255) not null
+);
+
insert into authors_docs (pers_id,doc_id) values (1,2);
insert into authors_docs (pers_id,doc_id) values (2,1);
+insert into referrals (id,name,url) values (1,'Referral','ldap://localhost:9010/');
insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (3,'organization','institutes','id','SELECT create_o()','DELETE FROM institutes WHERE id=?',0);
+insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return) values (4,'referral','referrals','id','SELECT create_referral()','DELETE FROM referrals WHERE id=?',0);
+
-- attributeType mappings: describe how an attributeType for a certain objectClass maps to the SQL data.
-- id a unique number identifying the attribute
-- oc_map_id the value of "ldap_oc_mappings.id" that identifies the objectClass this attributeType is defined for
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries AS dcObject,ldap_entry_objclasses AS auxObjectClass','institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',NULL,NULL,3,0);
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (13,4,'ou','referrals.name','referrals',NULL,'UPDATE referrals SET name=? WHERE id=?',NULL,3,0);
+
+insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return) values (14,4,'ref','referrals.url','referrals',NULL,'UPDATE referrals SET url=? WHERE id=?',NULL,3,0);
-- entries mapping: each entry must appear in this table, with a unique DN rooted at the database naming context
-- id a unique number > 0 identifying the entry
insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (6,'documentTitle=book2,dc=example,dc=com',2,1,2);
-
+insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (7,'ou=Referral,dc=example,dc=com',4,1,1);
+
-- objectClass mapping: entries that have multiple objectClass instances are listed here with the objectClass name (view them as auxiliary objectClass)
-- entry_id the "ldap_entries.id" of the entry this objectClass value must be added
-- oc_name the name of the objectClass; it MUST match the name of an objectClass that is loaded in slapd's schema
insert into ldap_entry_objclasses (entry_id,oc_name) values (1,'dcObject');
-insert into ldap_entry_objclasses (entry_id,oc_name) values (4,'referral');
-
--- referrals mapping: entries that should be treated as referrals are stored here
--- entry_id the "ldap_entries.id" of the entry that should be treated as a referral
--- url the URI of the referral
-insert into ldap_referrals (entry_id,url) values (4,'ldap://localhost/');
+insert into ldap_entry_objclasses (entry_id,oc_name) values (7,'extensibleObject');
-- procedures
-- these procedures are specific for this RDBMS and are used in mapping objectClass and attributeType creation/modify/deletion
select max(id) from institutes
' language 'sql';
+create function create_referral () returns int
+as '
+ select setval (''referrals_id_seq'', (select case when max(id) is null then 1 else max(id) end from referrals));
+ insert into referrals (id,name,url)
+ values ((select case when max(id) is null then 1 else nextval(''referrals_id_seq'') end from referrals),'''','''');
+ select max(id) from referrals
+' language 'sql';
+
-## Copyright 1997-2004 The OpenLDAP Foundation, All Rights Reserved.
+## Copyright 1997-2005 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, see COPYRIGHT file
#
-// Copyright 1997-2004 The OpenLDAP Foundation, All Rights Reserved.
+// Copyright 1997-2005 The OpenLDAP Foundation, All Rights Reserved.
// COPYING RESTRICTIONS APPLY, see COPYRIGHT file
// (c) Copyright 1999-2001 TimesTen Performance Software. All rights reserved.
dbuser root
dbpasswd
subtree_cond "ldap_entries.dn LIKE ?"
-insentry_query "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
+insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
values (4,'referral');
insert into ldap_referrals (entry_id,url)
-values (4,'http://localhost');
+values (4,'ldap://localhost:9010');
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
*/
#include "portable.h"
#endif /* ! BACKSQL_ALIASING_QUOTE */
at_map->bam_query = bb.bb_val.bv_val;
-
+
+#ifdef BACKSQL_COUNTQUERY
+ /* Query to count how many rows will be returned. */
+ BER_BVZERO( &bb.bb_val );
+ bb.bb_len = 0;
+ backsql_strfcat( &bb, "lblbcbl",
+ (ber_len_t)STRLENOF( "SELECT COUNT(*) FROM " ),
+ "SELECT COUNT(*) FROM ",
+ &at_map->bam_from_tbls,
+ (ber_len_t)STRLENOF( " WHERE " ), " WHERE ",
+ &oc_map->bom_keytbl,
+ '.',
+ &oc_map->bom_keycol,
+ (ber_len_t)STRLENOF( "=?" ), "=?" );
+
+ if ( !BER_BVISNULL( &at_map->bam_join_where ) ) {
+ backsql_strfcat( &bb, "lb",
+ (ber_len_t)STRLENOF( " AND " ), " AND ",
+ &at_map->bam_join_where );
+ }
+
+ at_map->bam_countquery = bb.bb_val.bv_val;
+#endif /* BACKSQL_COUNTQUERY */
+
return 0;
}
struct berbuf bb;
sbv.bv_val = s;
- snprintf( s, sizeof( s ), "%ld", oc_map->bom_id );
- sbv.bv_len = strlen( s );
+ sbv.bv_len = snprintf( s, sizeof( s ), "%ld", oc_map->bom_id );
/* extra objectClasses */
at_map = (backsql_at_map_rec *)ch_calloc(1,
&sbv );
at_map->bam_join_where = bb.bb_val;
- /* referral attribute */
- at_map = (backsql_at_map_rec *)ch_calloc( 1,
- sizeof( backsql_at_map_rec ) );
- at_map->bam_ad = slap_schema.si_ad_ref;
- ber_str2bv( "ldap_referrals.url", 0, 1, &at_map->bam_sel_expr );
- ber_str2bv( "ldap_referrals,ldap_entries", 0, 1, &at_map->bam_from_tbls );
-
- bb.bb_len = at_map->bam_from_tbls.bv_len + 1;
- bb.bb_val = at_map->bam_from_tbls;
- backsql_merge_from_clause( &bb, &oc_map->bom_keytbl );
- at_map->bam_from_tbls = bb.bb_val;
-
- BER_BVZERO( &bb.bb_val );
- bb.bb_len = 0;
- backsql_strfcat( &bb, "lbcblb",
- (ber_len_t)STRLENOF( "ldap_entries.id=ldap_referrals.entry_id AND ldap_entries.keyval=" ),
- "ldap_entries.id=ldap_referrals.entry_id AND ldap_entries.keyval=",
- &oc_map->bom_keytbl,
- '.',
- &oc_map->bom_keycol,
- (ber_len_t)STRLENOF( " AND ldap_entries.oc_map_id=" ),
- " AND ldap_entries.oc_map_id=",
- &sbv );
-
- at_map->bam_join_where = bb.bb_val;
-
- at_map->bam_oc = NULL;
-
- at_map->bam_add_proc = NULL;
- {
- char tmp[] =
- "INSERT INTO ldap_referrals "
- "(entry_id,url) VALUES "
- "((SELECT id FROM ldap_entries "
- "WHERE oc_map_id="
- "18446744073709551615UL " /* 64 bit ULONG */
- "AND keyval=?),?)";
- snprintf( tmp, sizeof(tmp),
- "INSERT INTO ldap_referrals "
- "(entry_id,url) VALUES "
- "((SELECT id FROM ldap_entries "
- "WHERE oc_map_id=%lu "
- "AND keyval=?),?)", oc_map->bom_id );
- at_map->bam_add_proc = ch_strdup( tmp );
- }
-
- at_map->bam_delete_proc = NULL;
- {
- char tmp[] =
- "DELETE FROM ldap_referrals "
- "WHERE entry_id=(SELECT id FROM ldap_entries "
- "WHERE oc_map_id="
- "18446744073709551615UL " /* 64 bit ULONG */
- "AND keyval=?) and url=?";
- snprintf( tmp, sizeof(tmp),
- "DELETE FROM ldap_referrals "
- "WHERE entry_id=(SELECT id FROM ldap_entries "
- "WHERE oc_map_id=%lu"
- "AND keyval=?) and url=?",
- oc_map->bom_id );
- at_map->bam_delete_proc = ch_strdup( tmp );
- }
-
- at_map->bam_param_order = 0;
- at_map->bam_expect_return = 0;
- at_map->bam_next = NULL;
-
- backsql_make_attr_query( oc_map, at_map );
- if ( avl_insert( &oc_map->bom_attrs, at_map, backsql_cmp_attr, backsql_dup_attr ) == BACKSQL_DUPLICATE ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_add_sysmaps(): "
- "duplicate attribute \"%s\" in objectClass \"%s\" map\n",
- at_map->bam_ad->ad_cname.bv_val,
- oc_map->bom_oc->soc_cname.bv_val, 0 );
- }
-
return 1;
}
backsql_BindRowAsStrings( bas->bas_sth, &at_row );
for ( ; rc = SQLFetch( bas->bas_sth ), BACKSQL_SUCCESS( rc ); ) {
const char *text = NULL;
+ char *next = NULL;
struct berval bv;
struct berbuf bb = BB_NULL;
at_map->bam_delete_proc = ch_strdup( at_row.cols[ 5 ] );
}
at_map->bam_param_order = strtol( at_row.cols[ 6 ],
- NULL, 0 );
+ &next, 0 );
+ if ( next == at_row.cols[ 6 ] || next[0] != '\0' ) {
+ /* error */
+ }
at_map->bam_expect_return = strtol( at_row.cols[ 7 ],
- NULL, 0 );
+ &next, 0 );
+ if ( next == at_row.cols[ 7 ] || next[0] != '\0' ) {
+ /* error */
+ }
backsql_make_attr_query( oc_map, at_map );
Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
"preconstructed query \"%s\"\n",
int
backsql_load_schema_map( backsql_info *bi, SQLHDBC dbh )
{
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
RETCODE rc;
BACKSQL_ROW_NTS oc_row;
unsigned long oc_id;
oc_map->bom_expect_return = strtol( oc_row.cols[ colnum + 1 ],
NULL, 0 );
+ colnum += 2;
+ if ( ( oc_row.ncols > colnum ) &&
+ ( oc_row.value_len[ colnum ] > 0 ) )
+ {
+ const char *text;
+
+ oc_map->bom_create_hint = NULL;
+ rc = slap_str2ad( oc_row.cols[ colnum ],
+ &oc_map->bom_create_hint, &text );
+ if ( rc != SQL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "load_schema_map(): "
+ "error matching "
+ "AttributeDescription %s "
+ "in create_hint: %s (%d)\n",
+ oc_row.cols[ colnum ],
+ text, rc );
+ backsql_PrintErrors( bi->sql_db_env, dbh,
+ sth, rc );
+ return LDAP_OTHER;
+ }
+ }
+
/*
* FIXME: first attempt to check for offending
* instructions in {create|delete}_proc
}
oc_id = oc_map->bom_id;
Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
- "objectClass \"%s\": keytbl=\"%s\" keycol=\"%s\"\n",
+ "objectClass \"%s\":\n keytbl=\"%s\" keycol=\"%s\"\n",
BACKSQL_OC_NAME( oc_map ),
oc_map->bom_keytbl.bv_val, oc_map->bom_keycol.bv_val );
if ( oc_map->bom_create_proc ) {
- Debug( LDAP_DEBUG_TRACE, "create_proc=\"%s\"\n",
+ Debug( LDAP_DEBUG_TRACE, " create_proc=\"%s\"\n",
oc_map->bom_create_proc, 0, 0 );
}
if ( oc_map->bom_create_keyval ) {
- Debug( LDAP_DEBUG_TRACE, "create_keyval=\"%s\"\n",
+ Debug( LDAP_DEBUG_TRACE, " create_keyval=\"%s\"\n",
oc_map->bom_create_keyval, 0, 0 );
}
+ if ( oc_map->bom_create_hint ) {
+ Debug( LDAP_DEBUG_TRACE, " create_hint=\"%s\"\n",
+ oc_map->bom_create_hint->ad_cname.bv_val,
+ 0, 0 );
+ }
if ( oc_map->bom_delete_proc ) {
- Debug( LDAP_DEBUG_TRACE, "delete_proc=\"%s\"\n",
+ Debug( LDAP_DEBUG_TRACE, " delete_proc=\"%s\"\n",
oc_map->bom_delete_proc, 0, 0 );
}
- Debug( LDAP_DEBUG_TRACE, "expect_return: "
+ Debug( LDAP_DEBUG_TRACE, " expect_return: "
"add=%d, del=%d; attributes:\n",
BACKSQL_IS_ADD( oc_map->bom_expect_return ),
BACKSQL_IS_DEL( oc_map->bom_expect_return ), 0 );
struct supad2at_t *va = (struct supad2at_t *)v_arg;
if ( is_at_subtype( at->bam_ad->ad_type, va->ad->ad_type ) ) {
- backsql_at_map_rec **ret;
+ backsql_at_map_rec **ret = NULL;
unsigned i;
/* if already listed, holler! (should never happen) */
}
ret = ch_realloc( va->ret,
- sizeof( backsql_at_map_rec *) * ( va->n + 2 ) );
+ sizeof( backsql_at_map_rec * ) * ( va->n + 2 ) );
if ( ret == NULL ) {
ch_free( va->ret );
+ va->ret = NULL;
+ va->n = 0;
return SUPAD2AT_STOP;
}
backsql_supad2at( backsql_oc_map_rec *objclass, AttributeDescription *supad,
backsql_at_map_rec ***pret )
{
- struct supad2at_t va;
+ struct supad2at_t va = { 0 };
int rc;
assert( objclass );
*pret = NULL;
- va.ret = NULL;
va.ad = supad;
- va.n = 0;
rc = avl_apply( objclass->bom_attrs, supad2at_f, &va,
SUPAD2AT_STOP, AVL_INORDER );
+++ /dev/null
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1999-2004 The OpenLDAP Foundation.
- * Portions Copyright 1999 Dmitry Kovalev.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
- */
-
-#ifndef __BACKSQL_SCHEMA_MAP_H__
-#define __BACKSQL_SCHEMA_MAP_H__
-
-typedef struct backsql_oc_map_rec {
- /*
- * Structure of corresponding LDAP objectClass definition
- */
- ObjectClass *bom_oc;
-#define BACKSQL_OC_NAME(ocmap) ((ocmap)->bom_oc->soc_cname.bv_val)
-
- struct berval bom_keytbl;
- struct berval bom_keycol;
- /* expected to return keyval of newly created entry */
- char *bom_create_proc;
- /* in case create_proc does not return the keyval of the newly
- * created row */
- char *bom_create_keyval;
- /* supposed to expect keyval as parameter and delete
- * all the attributes as well */
- char *bom_delete_proc;
- /* flags whether delete_proc is a function (whether back-sql
- * should bind first parameter as output for return code) */
- int bom_expect_return;
- unsigned long bom_id;
- Avlnode *bom_attrs;
-} backsql_oc_map_rec;
-
-typedef struct backsql_at_map_rec {
- /* Description of corresponding LDAP attribute type */
- AttributeDescription *bam_ad;
- /* ObjectClass if bam_ad is objectClass */
- ObjectClass *bam_oc;
-
- struct berval bam_from_tbls;
- struct berval bam_join_where;
- struct berval bam_sel_expr;
-
- /* TimesTen, or, if a uppercase function is defined,
- * an uppercased version of bam_sel_expr */
- struct berval bam_sel_expr_u;
-
- /* supposed to expect 2 binded values: entry keyval
- * and attr. value to add, like "add_name(?,?,?)" */
- char *bam_add_proc;
- /* supposed to expect 2 binded values: entry keyval
- * and attr. value to delete */
- char *bam_delete_proc;
- /* for optimization purposes attribute load query
- * is preconstructed from parts on schemamap load time */
- char *bam_query;
- /* following flags are bitmasks (first bit used for add_proc,
- * second - for delete_proc) */
- /* order of parameters for procedures above;
- * 1 means "data then keyval", 0 means "keyval then data" */
- int bam_param_order;
- /* flags whether one or more of procedures is a function
- * (whether back-sql should bind first parameter as output
- * for return code) */
- int bam_expect_return;
-
- /* next mapping for attribute */
- struct backsql_at_map_rec *bam_next;
-} backsql_at_map_rec;
-
-#define BACKSQL_AT_MAP_REC_INIT { NULL, NULL, BER_BVC(""), BER_BVC(""), BER_BVNULL, BER_BVNULL, NULL, NULL, NULL, 0, 0, NULL }
-
-/* define to uppercase filters only if the matching rule requires it
- * (currently broken) */
-/* #define BACKSQL_UPPERCASE_FILTER */
-#define BACKSQL_AT_CANUPPERCASE(at) ((at)->bam_sel_expr_u.bv_val)
-
-/* defines to support bitmasks above */
-#define BACKSQL_ADD 0x1
-#define BACKSQL_DEL 0x2
-
-#define BACKSQL_IS_ADD(x) ( BACKSQL_ADD & (x) )
-#define BACKSQL_IS_DEL(x) ( BACKSQL_DEL & (x) )
-
-#define BACKSQL_NCMP(v1,v2) ber_bvcmp((v1),(v2))
-
-int backsql_load_schema_map( backsql_info *si, SQLHDBC dbh );
-/* Deprecated */
-backsql_oc_map_rec *backsql_name2oc( backsql_info *si, struct berval *oc_name );
-backsql_oc_map_rec *backsql_oc2oc( backsql_info *si, ObjectClass *oc );
-backsql_oc_map_rec *backsql_id2oc( backsql_info *si, unsigned long id );
-/* Deprecated */
-backsql_at_map_rec *backsql_name2at( backsql_oc_map_rec *objclass,
- struct berval *at_name );
-backsql_at_map_rec *backsql_ad2at( backsql_oc_map_rec *objclass,
- AttributeDescription *ad );
-int backsql_supad2at( backsql_oc_map_rec *objclass,
- AttributeDescription *supad, backsql_at_map_rec ***pret );
-int backsql_destroy_schema_map( backsql_info *si );
-
-#endif /* __BACKSQL_SCHEMA_MAP_H__ */
-
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
*/
#include "portable.h"
* clear the list (retrieve all attrs)
*/
if ( ad == NULL ) {
- ch_free( bsi->bsi_attrs );
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx );
bsi->bsi_attrs = NULL;
bsi->bsi_flags |= BSQL_SF_ALL_ATTRS;
return 1;
Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
"adding \"%s\" to list\n", ad->ad_cname.bv_val, 0, 0 );
- an = (AttributeName *)ch_realloc( bsi->bsi_attrs,
- sizeof( AttributeName ) * ( n_attrs + 2 ) );
+ an = (AttributeName *)bsi->bsi_op->o_tmprealloc( bsi->bsi_attrs,
+ sizeof( AttributeName ) * ( n_attrs + 2 ),
+ bsi->bsi_op->o_tmpmemctx );
if ( an == NULL ) {
return -1;
}
AttributeName *attrs,
unsigned flags )
{
- AttributeName *p;
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
int rc = LDAP_SUCCESS;
bsi->bsi_base_ndn = nbase;
+ bsi->bsi_use_subtree_shortcut = 0;
BER_BVZERO( &bsi->bsi_base_id.eid_dn );
BER_BVZERO( &bsi->bsi_base_id.eid_ndn );
bsi->bsi_scope = scope;
bsi->bsi_rs = rs;
bsi->bsi_flags = BSQL_SF_NONE;
- /*
- * handle "*"
- */
- if ( attrs == NULL ) {
- /* also add request for all operational */
- bsi->bsi_attrs = NULL;
- bsi->bsi_flags |= BSQL_SF_ALL_USER;
+ bsi->bsi_attrs = NULL;
+
+ if ( BACKSQL_FETCH_ALL_ATTRS( bi ) ) {
+ /*
+ * if requested, simply try to fetch all attributes
+ */
+ bsi->bsi_flags |= BSQL_SF_ALL_ATTRS;
} else {
- int got_oc = 0;
+ if ( BACKSQL_FETCH_ALL_USERATTRS( bi ) ) {
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
- bsi->bsi_attrs = (AttributeName *)ch_calloc( 1,
- sizeof( AttributeName ) );
- BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name );
-
- for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) {
- /*
- * ignore "1.1"; handle "+"
- */
- if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
- bsi->bsi_flags |= BSQL_SF_ALL_USER;
- continue;
+ } else if ( BACKSQL_FETCH_ALL_OPATTRS( bi ) ) {
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+ }
- } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
- bsi->bsi_flags |= BSQL_SF_ALL_OPER;
- continue;
+ if ( attrs == NULL ) {
+ /* NULL means all user attributes */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
- } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
- continue;
+ } else {
+ AttributeName *p;
+ int got_oc = 0;
- } else if ( p->an_desc == slap_schema.si_ad_objectClass ) {
- got_oc = 1;
+ bsi->bsi_attrs = (AttributeName *)bsi->bsi_op->o_tmpalloc(
+ sizeof( AttributeName ),
+ bsi->bsi_op->o_tmpmemctx );
+ BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name );
+
+ for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) {
+ if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ /* handle "*" */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ /* handle "+" */
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
+ /* ignore "1.1" */
+ continue;
+
+ } else if ( p->an_desc == slap_schema.si_ad_objectClass ) {
+ got_oc = 1;
+ }
+
+ backsql_attrlist_add( bsi, p->an_desc );
}
- backsql_attrlist_add( bsi, p->an_desc );
+ if ( got_oc == 0 && !( bsi->bsi_flags & BSQL_SF_ALL_USER ) ) {
+ /* add objectClass if not present,
+ * because it is required to understand
+ * if an entry is a referral, an alias
+ * or so... */
+ backsql_attrlist_add( bsi, slap_schema.si_ad_objectClass );
+ }
}
- if ( got_oc == 0 ) {
- /* add objectClass if not present,
- * because it is required to understand
- * if an entry is a referral, an alias
- * or so... */
- backsql_attrlist_add( bsi, slap_schema.si_ad_objectClass );
+ if ( !BSQL_ISF_ALL_ATTRS( bsi ) && bi->sql_anlist ) {
+ AttributeName *p;
+
+ /* use hints if available */
+ for ( p = bi->sql_anlist; !BER_BVISNULL( &p->an_name ); p++ ) {
+ if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ /* handle "*" */
+ bsi->bsi_flags |= BSQL_SF_ALL_USER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+
+ } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ /* handle "+" */
+ bsi->bsi_flags |= BSQL_SF_ALL_OPER;
+
+ /* if all attrs are requested, there's
+ * no need to continue */
+ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) {
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ bsi->bsi_attrs = NULL;
+ break;
+ }
+ continue;
+ }
+
+ backsql_attrlist_add( bsi, p->an_desc );
+ }
+
}
}
bsi->bsi_flt_where.bb_len = 0;
bsi->bsi_filter_oc = NULL;
- if ( flags & BACKSQL_ISF_GET_ID ) {
+ if ( BACKSQL_IS_GET_ID( flags ) ) {
+ int matched = BACKSQL_IS_MATCHED( flags );
+ int getentry = BACKSQL_IS_GET_ENTRY( flags );
+ int gotit = 0;
+
assert( op->o_bd->be_private );
- rc = backsql_dn2id( op, rs, &bsi->bsi_base_id, dbh, nbase,
- ( flags & BACKSQL_ISF_MUCK ) );
+ rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
+ matched, 1 );
+
+ /* the entry is collected either if requested for by getentry
+ * or if get noSuchObject and requested to climb the tree,
+ * so that a matchedDN or a referral can be returned */
+ if ( ( rc == LDAP_NO_SUCH_OBJECT && matched ) || getentry ) {
+ if ( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) ) {
+ assert( bsi->bsi_e != NULL );
+
+ if ( dn_match( nbase, &bsi->bsi_base_id.eid_ndn ) )
+ {
+ gotit = 1;
+ }
+
+ /*
+ * let's see if it is a referral and, in case, get it
+ */
+ backsql_attrlist_add( bsi, slap_schema.si_ad_ref );
+ rc = backsql_id2entry( bsi, &bsi->bsi_base_id );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( is_entry_referral( bsi->bsi_e ) )
+ {
+ BerVarray erefs = get_entry_referrals( op, bsi->bsi_e );
+ if ( erefs ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ rs->sr_ref = referral_rewrite( erefs,
+ &bsi->bsi_e->e_nname,
+ &op->o_req_dn,
+ scope );
+ ber_bvarray_free( erefs );
+
+ } else {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+ }
+
+ } else if ( !gotit ) {
+ rc = rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, scope );
+ rc = rs->sr_err = LDAP_REFERRAL;
+ }
+ }
+ }
+
+ bsi->bsi_status = rc;
+
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ case LDAP_REFERRAL:
+ break;
+
+ default:
+ bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
+ bsi->bsi_op->o_tmpmemctx );
+ break;
}
- return ( bsi->bsi_status = rc );
+ return rc;
}
static int
/* always uppercase strings by now */
#ifdef BACKSQL_UPPERCASE_FILTER
- if ( SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
- bi->sql_caseIgnoreMatch ) )
+ if ( f->f_sub_desc->ad_type->sat_substr &&
+ SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
+ bi->sql_caseIgnoreMatch ) )
#endif /* BACKSQL_UPPERCASE_FILTER */
{
casefold = 1;
}
- if ( SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
- bi->sql_telephoneNumberMatch ) )
+ if ( f->f_sub_desc->ad_type->sat_substr &&
+ SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
+ bi->sql_telephoneNumberMatch ) )
{
struct berval bv;
backsql_merge_from_tbls( bsi, &ldap_entry_objclasses );
backsql_strfcat( &bsi->bsi_flt_where, "lbl",
- (ber_len_t)STRLENOF( "1=1 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ),
- "1=1 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */,
+ (ber_len_t)STRLENOF( "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */ ),
+ "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */,
&bsi->bsi_oc->bom_oc->soc_cname,
- (ber_len_t)STRLENOF( /* (' */ "')" ),
- /* (' */ "')" );
+ (ber_len_t)STRLENOF( /* ((' */ "'))" ),
+ /* ((' */ "'))" );
bsi->bsi_status = LDAP_SUCCESS;
rc = 1;
goto done;
case LDAP_FILTER_PRESENT:
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "3=3" ), "3=3" );
bsi->bsi_status = LDAP_SUCCESS;
rc = 1;
goto done;
case LDAP_FILTER_PRESENT:
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "4=4" ), "4=4" );
break;
default:
#ifdef BACKSQL_SYNCPROV
} else if ( ad == slap_schema.si_ad_entryCSN ) {
/*
- * TODO: introduce appropriate entryCSN filtering
- * to support syncrepl as producer...
+ * support for syncrepl as producer...
*/
if ( !bsi->bsi_op->o_sync ) {
/* unsupported at present... */
/* if doing a syncrepl, try to return as much as possible,
* and always match the filter */
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "5=5" ), "5=5" );
/* save for later use in operational attributes */
/* FIXME: saves only the first occurrence, because
* candidate.
*/
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "6=6" ), "6=6" );
if ( ad == slap_schema.si_ad_hasSubordinates ) {
/*
* instruct candidate selection algorithm
/* search anyway; other parts of the filter
* may succeeed */
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "7=7" ), "7=7" );
bsi->bsi_status = LDAP_SUCCESS;
rc = 1;
goto done;
casefold = 1;
}
+ /* FIXME: directoryString filtering should use a similar
+ * approach to deal with non-prettified values like
+ * " A non prettified value ", by using a LIKE
+ * filter with all whitespaces collapsed to a single '%' */
if ( SLAP_MR_ASSOCIATED( matching_rule,
bi->sql_telephoneNumberMatch ) )
{
/* fall thru to next case */
case LDAP_FILTER_LE:
+ filter_value = &f->f_av_value;
+
/* always uppercase strings by now */
#ifdef BACKSQL_UPPERCASE_FILTER
- if ( SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering,
- bi->sql_caseIgnoreMatch ) )
+ if ( at->bam_ad->ad_type->sat_ordering &&
+ SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering,
+ bi->sql_caseIgnoreMatch ) )
#endif /* BACKSQL_UPPERCASE_FILTER */
{
casefold = 1;
/* unhandled filter type; should not happen */
assert( 0 );
backsql_strfcat( &bsi->bsi_flt_where, "l",
- (ber_len_t)STRLENOF( "1=1" ), "1=1" );
+ (ber_len_t)STRLENOF( "8=8" ), "8=8" );
break;
}
assert( query );
BER_BVZERO( query );
+ bsi->bsi_use_subtree_shortcut = 0;
+
Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
BER_BVZERO( &bsi->bsi_sel.bb_val );
BER_BVZERO( &bsi->bsi_sel.bb_val );
case LDAP_SCOPE_SUBORDINATE:
#endif /* LDAP_SCOPE_SUBORDINATE */
case LDAP_SCOPE_SUBTREE:
- if ( BACKSQL_CANUPPERCASE( bi ) ) {
+ if ( BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ) {
+ int i;
+ BackendDB *bd = bsi->bsi_op->o_bd;
+
+ assert( bd->be_nsuffix );
+
+ for ( i = 0; !BER_BVISNULL( &bd->be_nsuffix[ i ] ); i++ )
+ {
+ if ( dn_match( &bd->be_nsuffix[ i ],
+ bsi->bsi_base_ndn ) )
+ {
+ /* pass this to the candidate selection
+ * routine so that the DN is not bound
+ * to the select statement */
+ bsi->bsi_use_subtree_shortcut = 1;
+ break;
+ }
+ }
+ }
+
+ if ( bsi->bsi_use_subtree_shortcut ) {
+ /* Skip the base DN filter, as every entry will match it */
+ backsql_strfcat( &bsi->bsi_join_where, "l",
+ (ber_len_t)STRLENOF( "9=9"), "9=9");
+
+ } else if ( !BER_BVISNULL( &bi->sql_subtree_cond ) ) {
+ backsql_strfcat( &bsi->bsi_join_where, "b", &bi->sql_subtree_cond );
+
+ } else if ( BACKSQL_CANUPPERCASE( bi ) ) {
backsql_strfcat( &bsi->bsi_join_where, "bl",
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ),
"(ldap_entries.dn) LIKE ?" );
+
} else {
backsql_strfcat( &bsi->bsi_join_where, "l",
(ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ),
{
backsql_oc_map_rec *oc = v_oc;
backsql_srch_info *bsi = v_bsi;
+ Operation *op = bsi->bsi_op;
backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
struct berval query;
- SQLHSTMT sth;
+ SQLHSTMT sth = SQL_NULL_HSTMT;
RETCODE rc;
int res;
BACKSQL_ROW_NTS row;
#endif /* LDAP_SCOPE_SUBORDINATE */
case LDAP_SCOPE_SUBTREE:
{
+ /* if short-cutting the search base,
+ * don't bind any parameter */
+ if ( bsi->bsi_use_subtree_shortcut ) {
+ break;
+ }
+
/*
* We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
* however this should be handled earlier
continue;
}
- ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
+ ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
if ( dn.bv_val != row.cols[ 3 ] ) {
free( dn.bv_val );
}
}
if ( bi->sql_baseObject && dn_match( &ndn, &bi->sql_baseObject->e_nname ) ) {
- free( pdn.bv_val );
- free( ndn.bv_val );
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
continue;
}
c_id = (backsql_entryID *)ch_calloc( 1,
sizeof( backsql_entryID ) );
#ifdef BACKSQL_ARBITRARY_KEY
- ber_str2bv( row.cols[ 0 ], 0, 1, &c_id->eid_id );
- ber_str2bv( row.cols[ 1 ], 0, 1, &c_id->eid_keyval );
+ ber_str2bv_x( row.cols[ 0 ], 0, 1, &c_id->eid_id,
+ op->o_tmpmemctx );
+ ber_str2bv_x( row.cols[ 1 ], 0, 1, &c_id->eid_keyval,
+ op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
c_id->eid_id = strtol( row.cols[ 0 ], NULL, 0 );
c_id->eid_keyval = strtol( row.cols[ 1 ], NULL, 0 );
backsql_search( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
- SQLHDBC dbh;
+ SQLHDBC dbh = SQL_NULL_HDBC;
int sres;
- Entry user_entry = { 0 };
- int manageDSAit;
+ Entry user_entry = { 0 },
+ base_entry = { 0 };
+ int manageDSAit = get_manageDSAit( op );
time_t stoptime = 0;
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
backsql_entryID *eid = NULL;
- struct berval nbase = BER_BVNULL,
- realndn = BER_BVNULL;
-
- manageDSAit = get_manageDSAit( op );
+ struct berval nbase = BER_BVNULL;
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
"base=\"%s\", filter=\"%s\", scope=%d,",
op->o_req_ndn.bv_val,
- op->ors_filterstr.bv_val,
+ op->ors_filterstr.bv_val ? op->ors_filterstr.bv_val : "(no filter)",
op->ors_scope );
Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
"attributes to load: %s\n",
/* compute it anyway; root does not use it */
stoptime = op->o_time + op->ors_tlimit;
- realndn = op->o_req_ndn;
- if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_search(\"%s\"): "
- "backsql_api_dn2odbc(\"%s\") failed\n",
- op->o_req_ndn.bv_val, realndn.bv_val, 0 );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
- send_ldap_result( op, rs );
- goto done;
- }
-
/* init search */
- rs->sr_err = backsql_init_search( &bsi, &realndn,
+ bsi.bsi_e = &base_entry;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
op->ors_scope,
op->ors_slimit, op->ors_tlimit,
stoptime, op->ors_filter,
dbh, op, rs, op->ors_attrs,
- ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) );
- if ( rs->sr_err != LDAP_SUCCESS ) {
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
+
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ /* fall thru */
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !BER_BVISNULL( &base_entry.e_nname )
+ && ! access_allowed( op, &base_entry,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ rs->sr_matched = NULL;
+ rs->sr_text = NULL;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
send_ldap_result( op, rs );
goto done;
+
+ }
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ {
+ slap_mask_t mask;
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &base_entry, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+
+ }
+ if ( ! access_allowed_mask( op, &base_entry,
+ slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ }
+ send_ldap_result( op, rs );
+ goto done;
+ }
}
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ bsi.bsi_e = NULL;
bsi.bsi_n_candidates =
( op->ors_limit == NULL /* isroot == TRUE */ ? -2 :
*/
for ( eid = bsi.bsi_id_list;
eid != NULL;
- eid = backsql_free_entryID( eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
+ eid = backsql_free_entryID( op,
+ eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
{
int rc;
Attribute *a_hasSubordinate = NULL,
case LDAP_SCOPE_SUBTREE:
/* FIXME: this should never fail... */
if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) {
+ assert( 0 );
goto next_entry2;
}
break;
}
- /* don't recollect baseObject ... */
if ( BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
+ /* don't recollect baseObject... */
e = bi->sql_baseObject;
+ } else if ( eid == &bsi.bsi_base_id ) {
+ /* don't recollect searchBase object... */
+ e = &base_entry;
+
} else {
bsi.bsi_e = &user_entry;
rc = backsql_id2entry( &bsi, eid );
"- skipping\n", rc, 0, 0 );
continue;
}
-
e = &user_entry;
}
Entry user_entry2 = { 0 };
/* retry with the full entry... */
- (void)backsql_init_search( &bsi2,
+ bsi2.bsi_e = &user_entry2;
+ rc = backsql_init_search( &bsi2,
&e->e_nname,
LDAP_SCOPE_BASE,
- -1, -1, -1, NULL,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL,
dbh, op, rs, NULL,
- BACKSQL_ISF_MUCK );
- bsi2.bsi_e = &user_entry2;
- rc = backsql_id2entry( &bsi2, eid );
+ BACKSQL_ISF_GET_ENTRY );
if ( rc == LDAP_SUCCESS ) {
if ( is_entry_referral( &user_entry2 ) )
{
refs = get_entry_referrals( op,
&user_entry2 );
- } /* else: FIXME: inconsistency! */
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ }
entry_clean( &user_entry2 );
}
+ if ( bsi2.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi2.bsi_attrs,
+ op->o_tmpmemctx );
+ }
}
if ( refs ) {
ber_bvarray_free( refs );
}
- if ( !rs->sr_ref ) {
- rs->sr_text = "bad_referral object";
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+
+ } else {
+ rs->sr_text = "bad referral object";
}
rs->sr_entry = e;
- rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = user_entry.e_name.bv_val;
send_search_reference( op, rs );
if ( e == &user_entry ) {
rs->sr_flags = REP_ENTRY_MODIFIABLE;
}
+ /* FIXME: need the whole entry (ITS#3480) */
sres = send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
rs->sr_operational_attrs = NULL;
- switch ( sres ) {
- case 0:
- break;
-
- default:
+ if ( sres == -1 ) {
/*
* FIXME: send_search_entry failed;
* better stop
*/
- case -1:
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
"connection lost\n", 0, 0, 0 );
goto end_of_search;
}
next_entry:;
- entry_clean( &user_entry );
+ if ( e == &user_entry ) {
+ entry_clean( &user_entry );
+ }
next_entry2:;
if ( op->ors_slimit != SLAP_NO_LIMIT
}
end_of_search:;
+ entry_clean( &base_entry );
+
/* in case we got here accidentally */
entry_clean( &user_entry );
#endif /* BACKSQL_SYNCPROV */
done:;
- if ( !BER_BVISNULL( &realndn ) && realndn.bv_val != op->o_req_ndn.bv_val ) {
- ch_free( realndn.bv_val );
- }
-
- if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
- }
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
- if ( bsi.bsi_attrs ) {
- ch_free( bsi.bsi_attrs );
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &nbase )
int rw,
Entry **ent )
{
- backsql_srch_info bsi;
- SQLHDBC dbh;
+ backsql_srch_info bsi = { 0 };
+ SQLHDBC dbh = SQL_NULL_HDBC;
int rc;
SlapReply rs = { 0 };
AttributeName anlist[ 2 ];
+ *ent = NULL;
+
rc = backsql_get_db_conn( op, &dbh );
if ( !dbh ) {
return LDAP_OTHER;
BER_BVZERO( &anlist[ 1 ].an_name );
}
+ bsi.bsi_e = ch_malloc( sizeof( Entry ) );
rc = backsql_init_search( &bsi,
ndn,
LDAP_SCOPE_BASE,
- SLAP_NO_LIMIT, SLAP_NO_LIMIT, -1, NULL,
+ SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+ (time_t)(-1), NULL,
dbh, op, &rs, at ? anlist : NULL,
- ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
- bsi.bsi_e = ch_malloc( sizeof( Entry ) );
- rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
+ BACKSQL_ISF_GET_ENTRY );
if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
}
if ( rc == LDAP_SUCCESS ) {
}
return_results:;
+ if ( bsi.bsi_attrs != NULL ) {
+ op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
+ }
+
if ( rc != LDAP_SUCCESS ) {
if ( bsi.bsi_e ) {
entry_free( bsi.bsi_e );
+++ /dev/null
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1999-2004 The OpenLDAP Foundation.
- * Portions Copyright 1999 Dmitry Kovalev.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
- */
-#ifndef __BACKSQL_SQL_TYPES_H__
-#define __BACKSQL_SQL_TYPES_H__
-
-#include <sql.h>
-#include <sqlext.h>
-
-typedef struct {
- SWORD ncols;
- BerVarray col_names;
- UDWORD *col_prec;
- char **cols;
- SQLINTEGER *value_len;
-} BACKSQL_ROW_NTS;
-
-#endif /* __BACKSQL_SQL_TYPES_H__ */
-
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
+ * Portions Copyright 2004 Mark Adamson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati and Mark Adamson.
*/
#include "portable.h"
backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, char *query, int timeout )
{
RETCODE rc;
- char drv_name[ 30 ];
- SWORD len;
rc = SQLAllocStmt( dbh, sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "==>backsql_Prepare()\n", 0, 0, 0 );
#endif /* BACKSQL_TRACE */
- SQLGetInfo( dbh, SQL_DRIVER_NAME, drv_name, sizeof( drv_name ), &len );
+#ifdef BACKSQL_MSSQL_WORKAROUND
+ {
+ char drv_name[ 30 ];
+ SWORD len;
+
+ SQLGetInfo( dbh, SQL_DRIVER_NAME, drv_name, sizeof( drv_name ), &len );
#ifdef BACKSQL_TRACE
- Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): driver name=\"%s\"\n",
- drv_name, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): driver name=\"%s\"\n",
+ drv_name, 0, 0 );
#endif /* BACKSQL_TRACE */
- ldap_pvt_str2upper( drv_name );
- if ( !strncmp( drv_name, "SQLSRV32.DLL", sizeof( drv_name ) ) ) {
- /*
- * stupid default result set in MS SQL Server
- * does not support multiple active statements
- * on the same connection -- so we are trying
- * to make it not to use default result set...
- */
- Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
- "enabling MS SQL Server default result "
- "set workaround\n", 0, 0, 0 );
- rc = SQLSetStmtOption( *sth, SQL_CONCURRENCY,
- SQL_CONCUR_ROWVER );
- if ( rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): "
- "SQLSetStmtOption(SQL_CONCURRENCY,"
- "SQL_CONCUR_ROWVER) failed:\n",
- 0, 0, 0 );
- backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
- SQLFreeStmt( *sth, SQL_DROP );
- return rc;
+ ldap_pvt_str2upper( drv_name );
+ if ( !strncmp( drv_name, "SQLSRV32.DLL", STRLENOF( "SQLSRV32.DLL" ) ) ) {
+ /*
+ * stupid default result set in MS SQL Server
+ * does not support multiple active statements
+ * on the same connection -- so we are trying
+ * to make it not to use default result set...
+ */
+ Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
+ "enabling MS SQL Server default result "
+ "set workaround\n", 0, 0, 0 );
+ rc = SQLSetStmtOption( *sth, SQL_CONCURRENCY,
+ SQL_CONCUR_ROWVER );
+ if ( rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): "
+ "SQLSetStmtOption(SQL_CONCURRENCY,"
+ "SQL_CONCUR_ROWVER) failed:\n",
+ 0, 0, 0 );
+ backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
+ SQLFreeStmt( *sth, SQL_DROP );
+ return rc;
+ }
}
}
+#endif /* BACKSQL_MSSQL_WORKAROUND */
if ( timeout > 0 ) {
Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
+ * Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
- * by OpenLDAP Software.
+ * by OpenLDAP Software. Additional significant contributors include
+ * Pierangelo Masarati.
*/
#include "portable.h"
"SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,"
"param_order,expect_return,sel_expr_u FROM ldap_attr_mappings "
"WHERE oc_map_id=?";
-char backsql_def_delentry_query[] = "DELETE FROM ldap_entries WHERE id=?";
-char backsql_def_insentry_query[] =
+char backsql_def_delentry_stmt[] = "DELETE FROM ldap_entries WHERE id=?";
+char backsql_def_renentry_stmt[] =
+ "UPDATE ldap_entries SET dn=?,parent=?,keyval=? WHERE id=?";
+char backsql_def_insentry_stmt[] =
"INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) "
"VALUES (?,?,?,?)";
-char backsql_def_delobjclasses_query[] = "DELETE FROM ldap_entry_objclasses "
- "WHERE entry_id=?";
-char backsql_def_delreferrals_query[] = "DELETE FROM ldap_referrals "
+char backsql_def_delobjclasses_stmt[] = "DELETE FROM ldap_entry_objclasses "
"WHERE entry_id=?";
char backsql_def_subtree_cond[] = "ldap_entries.dn LIKE CONCAT('%',?)";
char backsql_def_upper_subtree_cond[] = "(ldap_entries.dn) LIKE CONCAT('%',?)";
int
backsql_entry_addattr(
- Entry *e,
- struct berval *at_name,
- struct berval *at_val,
- void *memctx )
+ Entry *e,
+ AttributeDescription *ad,
+ struct berval *val,
+ void *memctx )
{
- AttributeDescription *ad;
int rc;
- const char *text;
#ifdef BACKSQL_TRACE
- Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(): "
- "at_name=\"%s\", at_val=\"%s\"\n",
- at_name->bv_val, at_val->bv_val, 0 );
+ Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): %s=%s\n",
+ e->e_name.bv_val, ad->ad_cname->bv_val, val->bv_val );
#endif /* BACKSQL_TRACE */
- ad = NULL;
- rc = slap_bv2ad( at_name, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(): "
- "failed to find AttributeDescription for \"%s\"\n",
- at_name->bv_val, 0, 0 );
- return 0;
- }
-
- rc = attr_merge_normalize_one( e, ad, at_val, memctx );
+ rc = attr_merge_normalize_one( e, ad, val, memctx );
- if ( rc != 0 ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(): "
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): "
"failed to merge value \"%s\" for attribute \"%s\"\n",
- at_val->bv_val, at_name->bv_val, 0 );
- return 0;
+ e->e_name.bv_val, val->bv_val, ad->ad_cname.bv_val );
+ return rc;
}
#ifdef BACKSQL_TRACE
- Debug( LDAP_DEBUG_TRACE, "<==backsql_query_addattr()\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_entry_addattr(\"%s\")\n",
+ e->e_name.bv_val, 0, 0 );
#endif /* BACKSQL_TRACE */
- return 1;
+ return LDAP_SUCCESS;
}
static char *
snprintf( uuidbuf, sizeof( uuidbuf ),
"%08x-%04x-%04x-0000-000000000000",
( id->eid_oc_id & 0xFFFFFFFF ),
- ( ( id->eid_keyval & 0xFFFF0000 ) >> 16 ),
+ ( ( id->eid_keyval & 0xFFFF0000 ) >> 020 /* 16 */ ),
( id->eid_keyval & 0xFFFF ) );
#endif /* ! BACKSQL_ARBITRARY_KEY */
{
fprintf( stderr, "==> backsql_entryUUID_decode()\n" );
- *oc_id = ( entryUUID->bv_val[0] << 3 )
- + ( entryUUID->bv_val[1] << 2 )
- + ( entryUUID->bv_val[2] << 1 )
+ *oc_id = ( entryUUID->bv_val[0] << 030 /* 24 */ )
+ + ( entryUUID->bv_val[1] << 020 /* 16 */ )
+ + ( entryUUID->bv_val[2] << 010 /* 8 */ )
+ entryUUID->bv_val[3];
#ifdef BACKSQL_ARBITRARY_KEY
+ /* FIXME */
#else /* ! BACKSQL_ARBITRARY_KEY */
- *keyval = ( entryUUID->bv_val[4] << 3 )
- + ( entryUUID->bv_val[5] << 2 )
- + ( entryUUID->bv_val[6] << 1 )
+ *keyval = ( entryUUID->bv_val[4] << 030 /* 24 */ )
+ + ( entryUUID->bv_val[5] << 020 /* 16 */ )
+ + ( entryUUID->bv_val[6] << 010 /* 8 */ )
+ entryUUID->bv_val[7];
#endif /* ! BACKSQL_ARBITRARY_KEY */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* imported into slapd without appropriate __declspec(dllimport) directives.
*/
-/*
- * This file is automatically generated by configure; it defines
- * the BackendInfo binfo[] structure with the configured static
- * backend info. It assumes that every backend of type <name>
- * provides an initialization function
- *
- * int name_back_initialize( BackendInfo *bi )
- *
- * that populates the rest of the structure.
- */
-
-#include "backend.h"
-
int nBackendInfo = 0;
BackendInfo *backendInfo = NULL;
}
for( ;
- binfo[nBackendInfo].bi_type != NULL;
+ slap_binfo[nBackendInfo].bi_type != NULL;
nBackendInfo++ )
{
- assert( binfo[nBackendInfo].bi_init );
+ assert( slap_binfo[nBackendInfo].bi_init );
- rc = binfo[nBackendInfo].bi_init( &binfo[nBackendInfo] );
+ rc = slap_binfo[nBackendInfo].bi_init( &slap_binfo[nBackendInfo] );
if(rc != 0) {
Debug( LDAP_DEBUG_ANY,
"backend_init: initialized for type \"%s\"\n",
- binfo[nBackendInfo].bi_type, 0, 0 );
+ slap_binfo[nBackendInfo].bi_type, 0, 0 );
/* destroy those we've already inited */
for( nBackendInfo--;
nBackendInfo >= 0 ;
nBackendInfo-- )
{
- if ( binfo[nBackendInfo].bi_destroy ) {
- binfo[nBackendInfo].bi_destroy(
- &binfo[nBackendInfo] );
+ if ( slap_binfo[nBackendInfo].bi_destroy ) {
+ slap_binfo[nBackendInfo].bi_destroy(
+ &slap_binfo[nBackendInfo] );
}
}
return rc;
}
if ( nBackendInfo > 0) {
- backendInfo = binfo;
+ backendInfo = slap_binfo;
return 0;
}
{
BackendInfo *newBackendInfo = 0;
- /* if backendInfo == binfo no deallocation of old backendInfo */
- if (backendInfo == binfo) {
+ /* if backendInfo == slap_binfo no deallocation of old backendInfo */
+ if (backendInfo == slap_binfo) {
newBackendInfo = ch_calloc(nBackendInfo + 1, sizeof(BackendInfo));
AC_MEMCPY(newBackendInfo, backendInfo,
sizeof(BackendInfo) * nBackendInfo);
if ( rc ) return rc;
- if ( !LDAP_STAILQ_EMPTY( &backendDB[i].be_syncinfo )) {
+ if ( backendDB[i].be_syncinfo ) {
syncinfo_t *si;
if ( !( backendDB[i].be_search && backendDB[i].be_add &&
continue;
}
- LDAP_STAILQ_FOREACH( si, &backendDB[i].be_syncinfo, si_next ) {
+ {
+ si = backendDB[i].be_syncinfo;
si->si_be = &backendDB[i];
init_syncrepl( si );
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
{
int i;
BackendDB *bd;
- syncinfo_t *si_entry;
struct slap_csn_entry *csne;
ldap_pvt_thread_pool_destroy( &syncrepl_pool, 1 );
/* destroy each backend database */
for( i = 0, bd = backendDB; i < nBackendDB; i++, bd++ ) {
- while ( !LDAP_STAILQ_EMPTY( &bd->be_syncinfo )) {
- si_entry = LDAP_STAILQ_FIRST( &bd->be_syncinfo );
- LDAP_STAILQ_REMOVE_HEAD( &bd->be_syncinfo, si_next );
- syncinfo_free( si_entry );
+ if ( bd->be_syncinfo ) {
+ syncinfo_free( bd->be_syncinfo );
}
if ( bd->be_pending_csn_list ) {
}
ber_bvarray_free( bd->be_suffix );
ber_bvarray_free( bd->be_nsuffix );
- if ( bd->be_rootdn.bv_val ) free( bd->be_rootdn.bv_val );
- if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
- if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
acl_destroy( bd->be_acl, frontendDB->be_acl );
}
free( backendDB );
}
#ifdef SLAPD_MODULES
- if (backendInfo != binfo) {
+ if (backendInfo != slap_binfo) {
free(backendInfo);
}
#endif /* SLAPD_MODULES */
}
ber_bvarray_free( bd->be_suffix );
ber_bvarray_free( bd->be_nsuffix );
- if ( bd->be_rootdn.bv_val ) free( bd->be_rootdn.bv_val );
- if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
- if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
acl_destroy( bd->be_acl, frontendDB->be_acl );
}
be->be_pcl_mutexp = &be->be_pcl_mutex;
ldap_pvt_thread_mutex_init( be->be_pcl_mutexp );
- LDAP_STAILQ_INIT( &be->be_syncinfo );
-
/* assign a default depth limit for alias deref */
be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH;
int manageDSAit,
int noSubs )
{
- int i, j;
- ber_len_t len, dnlen = dn->bv_len;
- Backend *be = NULL;
+ int i, j;
+ ber_len_t len, dnlen = dn->bv_len;
+ Backend *be = NULL;
for ( i = 0; i < nbackends; i++ ) {
- for ( j = 0; backends[i].be_nsuffix != NULL &&
- backends[i].be_nsuffix[j].bv_val != NULL; j++ )
+ if ( backends[i].be_nsuffix == NULL ) {
+ continue;
+ }
+
+ for ( j = 0; !BER_BVISNULL( &backends[i].be_nsuffix[j] ); j++ )
{
if ( ( SLAP_GLUE_SUBORDINATE( &backends[i] ) )
&& noSubs )
{
int i;
- for ( i = 0;
- be->be_nsuffix != NULL && be->be_nsuffix[i].bv_val != NULL;
- i++ )
- {
+ if ( be->be_nsuffix == NULL ) {
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &be->be_nsuffix[i] ); i++ ) {
if ( bvmatch( &be->be_nsuffix[i], bvsuffix ) ) {
- return( 1 );
+ return 1;
}
}
- return( 0 );
+ return 0;
}
int
be_isroot_dn( Backend *be, struct berval *ndn )
{
- if ( !ndn->bv_len ) {
- return( 0 );
- }
-
- if ( !be->be_rootndn.bv_len ) {
- return( 0 );
+ if ( BER_BVISEMPTY( ndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+ return 0;
}
return dn_match( &be->be_rootndn, ndn );
}
-int
-be_sync_update( Operation *op )
-{
- return ( SLAP_SYNC_SHADOW( op->o_bd ) && syncrepl_isupdate( op ) );
-}
-
int
be_slurp_update( Operation *op )
{
return ( SLAP_SLURP_SHADOW( op->o_bd ) &&
- be_isupdate_dn( op->o_bd, &op->o_ndn ));
+ be_isupdate_dn( op->o_bd, &op->o_ndn ) );
}
int
be_shadow_update( Operation *op )
{
- return ( SLAP_SHADOW( op->o_bd ) &&
- ( syncrepl_isupdate( op ) || be_isupdate_dn( op->o_bd, &op->o_ndn )));
+ return ( SLAP_SYNC_SHADOW( op->o_bd ) ||
+ ( SLAP_SHADOW( op->o_bd ) && be_isupdate_dn( op->o_bd, &op->o_ndn ) ) );
}
int
be_isupdate_dn( Backend *be, struct berval *ndn )
{
- if ( !ndn->bv_len ) return( 0 );
-
- if ( !be->be_update_ndn.bv_len ) return( 0 );
+ if ( BER_BVISEMPTY( ndn ) || BER_BVISEMPTY( &be->be_update_ndn ) ) {
+ return 0;
+ }
return dn_match( &be->be_update_ndn, ndn );
}
return 0;
}
- if( op->o_bd->be_rootpw.bv_len == 0 ) {
+ if ( BER_BVISEMPTY( &op->o_bd->be_rootpw ) ) {
return 0;
}
}
if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) &&
- op->o_ndn.bv_len == 0 )
+ BER_BVISEMPTY( &op->o_ndn ) )
{
rs->sr_text = "modifications require authentication";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
}
#ifdef SLAP_X_LISTENER_MOD
- if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & ( op->o_ndn.bv_len > 0 ? S_IWUSR : S_IWOTH ) ) ) {
+ if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn ) ? S_IWUSR : S_IWOTH ) ) ) {
/* no "w" mode means readonly */
rs->sr_text = "modifications not allowed on this listener";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
/* should check mechanism */
if( ( op->o_transport_ssf < ssf->sss_transport
&& op->o_authtype == LDAP_AUTH_SIMPLE )
- || op->o_dn.bv_len == 0 )
+ || BER_BVISEMPTY( &op->o_dn ) )
{
rs->sr_text = "strong(er) authentication required";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
}
if( requires & SLAP_REQUIRE_SASL ) {
- if( op->o_authtype != LDAP_AUTH_SASL || op->o_dn.bv_len == 0 ) {
+ if( op->o_authtype != LDAP_AUTH_SASL || BER_BVISEMPTY( &op->o_dn ) ) {
rs->sr_text = "SASL authentication required";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
return rs->sr_err;
}
if( requires & SLAP_REQUIRE_AUTHC ) {
- if( op->o_dn.bv_len == 0 ) {
+ if( BER_BVISEMPTY( &op->o_dn ) ) {
rs->sr_text = "authentication required";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
return rs->sr_err;
}
#ifdef SLAP_X_LISTENER_MOD
- if ( !starttls && op->o_dn.bv_len == 0 ) {
+ if ( !starttls && BER_BVISEMPTY( &op->o_dn ) ) {
if ( op->o_conn->c_listener &&
!( op->o_conn->c_listener->sl_perms & S_IXOTH ))
{
if ( !starttls && !updateop ) {
if ( op->o_conn->c_listener &&
!( op->o_conn->c_listener->sl_perms &
- ( op->o_dn.bv_len > 0 ? S_IRUSR : S_IROTH )))
+ ( !BER_BVISEMPTY( &op->o_dn ) ? S_IRUSR : S_IROTH )))
{
/* no "r" mode means no read */
rs->sr_text = "read not allowed on this listener";
op->o_bd = select_backend( gr_ndn, 0, 0 );
- for (g = op->o_groups; g; g=g->ga_next) {
- if (g->ga_be != op->o_bd || g->ga_oc != group_oc ||
- g->ga_at != group_at || g->ga_len != gr_ndn->bv_len)
+ for ( g = op->o_groups; g; g = g->ga_next ) {
+ if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
+ g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
+ {
continue;
- if (strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0)
+ }
+ if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
break;
+ }
}
- if (g) {
+ if ( g ) {
rc = g->ga_res;
goto done;
}
e = target;
rc = 0;
} else {
- rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e );
+ rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
#ifdef LDAP_SLAPI
if ( rc == 0 ) {
rc = 1;
- for (i=0; a->a_vals[i].bv_val; i++) {
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
LDAP_URL_SUCCESS )
{
continue;
}
- nbase.bv_val = NULL;
+ BER_BVZERO( &nbase );
/* host part must be empty */
/* attrs and extensions parts must be empty */
- if (( ludp->lud_host && *ludp->lud_host ) ||
+ if ( ( ludp->lud_host && *ludp->lud_host ) ||
ludp->lud_attrs || ludp->lud_exts )
{
goto loopit;
{
goto loopit;
}
- switch(ludp->lud_scope) {
+ switch ( ludp->lud_scope ) {
case LDAP_SCOPE_BASE:
- if ( !dn_match( &nbase, op_ndn )) goto loopit;
+ if ( !dn_match( &nbase, op_ndn ) ) {
+ goto loopit;
+ }
break;
case LDAP_SCOPE_ONELEVEL:
- dnParent(op_ndn, &bv );
- if ( !dn_match( &nbase, &bv )) goto loopit;
+ dnParent( op_ndn, &bv );
+ if ( !dn_match( &nbase, &bv ) ) {
+ goto loopit;
+ }
break;
case LDAP_SCOPE_SUBTREE:
- if ( !dnIsSuffix( op_ndn, &nbase )) goto loopit;
+ if ( !dnIsSuffix( op_ndn, &nbase ) ) {
+ goto loopit;
+ }
break;
#ifdef LDAP_SCOPE_SUBORDINATE
case LDAP_SCOPE_SUBORDINATE:
}
loopit:
ldap_free_urldesc( ludp );
- if ( nbase.bv_val ) {
+ if ( !BER_BVISNULL( &nbase ) ) {
op->o_tmpfree( nbase.bv_val, op->o_tmpmemctx );
}
if ( rc == 0 ) break;
#endif /* LDAP_SLAPI */
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
- g = op->o_tmpalloc(sizeof(GroupAssertion) + gr_ndn->bv_len,
- op->o_tmpmemctx);
+ g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
+ op->o_tmpmemctx );
g->ga_be = op->o_bd;
g->ga_oc = group_oc;
g->ga_at = group_at;
g->ga_res = rc;
g->ga_len = gr_ndn->bv_len;
- strcpy(g->ga_ndn, gr_ndn->bv_val);
+ strcpy( g->ga_ndn, gr_ndn->bv_val );
g->ga_next = op->o_groups;
op->o_groups = g;
}
return 1;
}
- for ( i=0; a->a_vals[i].bv_val; i++ ) ;
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ;
v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
op->o_tmpmemctx );
- for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
+ for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( op->o_conn && access_allowed( op,
e, a->a_desc,
&a->a_nvals[i],
}
ber_dupbv_x( &v[j],
&a->a_nvals[i], op->o_tmpmemctx );
- if (v[j].bv_val ) j++;
+ if ( !BER_BVISNULL( &v[j] ) ) {
+ j++;
+ }
}
- if (j == 0) {
+ if ( j == 0 ) {
op->o_tmpfree( v, op->o_tmpmemctx );
*vals = NULL;
rc = 1;
} else {
- v[j].bv_val = NULL;
- v[j].bv_len = 0;
+ BER_BVZERO( &v[j] );
*vals = v;
rc = 0;
}
BerVarray *vals,
slap_access_t access )
{
- Entry *e;
- Attribute *a;
- int i, j, rc = LDAP_SUCCESS;
- AccessControlState acl_state = ACL_STATE_INIT;
- Backend *be = op->o_bd;
+ Entry *e = NULL;
+ Attribute *a = NULL;
+ int freeattr = 0, i, j, rc = LDAP_SUCCESS;
+ AccessControlState acl_state = ACL_STATE_INIT;
+ Backend *be = op->o_bd;
op->o_bd = select_backend( edn, 0, 0 );
if ( target && dn_match( &target->e_nname, edn ) ) {
e = target;
+
} else {
- rc = be_entry_get_rw(op, edn, NULL, entry_at, 0, &e );
+ rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e );
}
if ( e ) {
a = attr_find( e->e_attrs, entry_at );
+ if ( a == NULL ) {
+ SlapReply rs = { 0 };
+ AttributeName anlist[ 2 ];
+
+ anlist[ 0 ].an_name = entry_at->ad_cname;
+ anlist[ 0 ].an_desc = entry_at;
+ BER_BVZERO( &anlist[ 1 ].an_name );
+ rs.sr_attrs = anlist;
+
+ rs.sr_attr_flags = slap_attr_flags( rs.sr_attrs );
+
+ rc = backend_operational( op, &rs );
+
+ if ( rc == LDAP_SUCCESS ) {
+ a = rs.sr_operational_attrs;
+ }
+ }
+
if ( a ) {
BerVarray v;
goto freeit;
}
- for ( i=0; a->a_vals[i].bv_val; i++ ) ;
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ ;
- v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
+ v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
op->o_tmpmemctx );
- for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
- if ( op->o_conn && access > ACL_NONE && access_allowed( op,
- e, entry_at,
- &a->a_nvals[i],
- access, &acl_state ) == 0 ) {
+ for ( i = 0,j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ {
+ if ( op->o_conn && access > ACL_NONE &&
+ access_allowed( op, e,
+ entry_at,
+ &a->a_nvals[i],
+ access,
+ &acl_state ) == 0 )
+ {
continue;
}
- ber_dupbv_x( &v[j],
- &a->a_nvals[i], op->o_tmpmemctx );
- if (v[j].bv_val ) j++;
+ ber_dupbv_x( &v[j], &a->a_nvals[i],
+ op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &v[j] ) ) {
+ j++;
+ }
}
- if (j == 0) {
+ if ( j == 0 ) {
op->o_tmpfree( v, op->o_tmpmemctx );
*vals = NULL;
rc = LDAP_INSUFFICIENT_ACCESS;
+
} else {
- v[j].bv_val = NULL;
- v[j].bv_len = 0;
+ BER_BVZERO( &v[j] );
*vals = v;
rc = LDAP_SUCCESS;
}
#ifdef LDAP_SLAPI
else if ( op->o_pb ) {
/* try any computed attributes */
- computed_attr_context ctx;
- AttributeName aname;
+ computed_attr_context ctx;
slapi_int_pblock_set_operation( op->o_pb, op );
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)vals;
- if ( compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ) == 1)
+ rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr );
+ if ( rc == 1 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
- else
+
+ } else {
rc = LDAP_SUCCESS;
+ }
}
#endif /* LDAP_SLAPI */
-freeit: if (e != target ) {
+freeit: if ( e != target ) {
be_entry_release_r( op, e );
}
+ if ( freeattr ) {
+ attr_free( a );
+ }
}
op->o_bd = be;
{
Attribute **ap;
int rc = 0;
- BackendDB *be_orig;
+ BackendDB *be_orig;
for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
/* just count them */ ;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
for (; on; on=on->on_next ) {
func = &on->on_bi.bi_op_bind;
if ( func[which] ) {
- db.bd_info = (BackendInfo *)on;
+ op->o_bd->bd_info = (BackendInfo *)on;
rc = func[which]( op, rs );
if ( rc != SLAP_CB_CONTINUE ) break;
}
func = &oi->oi_orig->bi_op_bind;
if ( func[which] && rc == SLAP_CB_CONTINUE ) {
- db.bd_info = oi->oi_orig;
+ op->o_bd->bd_info = oi->oi_orig;
rc = func[which]( op, rs );
}
/* should not fall thru this far without anything happening... */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
} else if ( !BER_BVISNULL( &op->orb_edn ) ) {
free( op->orb_edn.bv_val );
+ BER_BVZERO( &op->orb_edn );
}
} else {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 by IBM Corporation.
* All rights reserved.
*
free_comp_filter( ComponentFilter* f );
static int
-test_comp_filter( Syntax *syn, ComponentSyntaxInfo *a, struct berval *bv,
- ComponentFilter *f );
+test_comp_filter( Syntax *syn, ComponentSyntaxInfo *a, ComponentFilter *f );
int
componentCertificateValidate(
struct berval *value,
void *assertedValue )
{
- struct berval* bv;
- Attribute *a = (Attribute*)value;
+ ComponentSyntaxInfo *csi_attr = (ComponentSyntaxInfo*)value;
MatchingRuleAssertion * ma = (MatchingRuleAssertion*)assertedValue;
- void* assert_nm;
int num_attr, rc, i;
- if ( !mr || !ma->ma_cf )
- return LDAP_INAPPROPRIATE_MATCHING;
- /* Check if the component module is loaded */
- if ( !attr_converter || !nibble_mem_allocator )
- return LDAP_INAPPROPRIATE_MATCHING;
+ if ( !mr || !ma->ma_cf ) return LDAP_INAPPROPRIATE_MATCHING;
- /* Check if decoded component trees are already linked */
- num_attr = 0;
- if ( !a->a_comp_data ) {
- for ( ; a->a_vals[num_attr].bv_val != NULL; num_attr++ );
- if ( num_attr <= 0 )/* no attribute value */
- return LDAP_INAPPROPRIATE_MATCHING;
- num_attr++;
- /* following malloced will be freed by comp_tree_free () */
- a->a_comp_data = malloc( sizeof( ComponentData ) + sizeof( ComponentSyntaxInfo* )*num_attr );
- if ( !a->a_comp_data )
- return LDAP_NO_MEMORY;
- a->a_comp_data->cd_tree = (ComponentSyntaxInfo**)((char*)a->a_comp_data + sizeof(ComponentData));
- a->a_comp_data->cd_tree[ num_attr - 1] = (ComponentSyntaxInfo*)NULL;
- a->a_comp_data->cd_mem_op = nibble_mem_allocator ( 1024*16, 1024 );
+ /* Check if the component module is loaded */
+ if ( !attr_converter || !nibble_mem_allocator ) {
+ return LDAP_OTHER;
}
- for ( bv = a->a_vals, i = 0 ; bv->bv_val != NULL; bv++, i++ ) {
- /* decodes current attribute into components */
- if ( num_attr != 0 ) {
- a->a_comp_data->cd_tree[i] = attr_converter (a, syntax, bv);
- }
- /* decoding error */
- if ( !a->a_comp_data->cd_tree[i] )
- return LDAP_OPERATIONS_ERROR;
+ rc = test_comp_filter( syntax, csi_attr, ma->ma_cf );
- rc = test_comp_filter( syntax, a->a_comp_data->cd_tree[i], bv, ma->ma_cf );
-
- if ( rc == LDAP_COMPARE_TRUE ) {
- *matchp = 0;
- return LDAP_SUCCESS;
- }
- else if ( rc == LDAP_COMPARE_FALSE ) {
- continue;
- }
- else {
- return LDAP_INAPPROPRIATE_MATCHING;
- }
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ *matchp = 0;
+ return LDAP_SUCCESS;
+ }
+ else if ( rc == LDAP_COMPARE_FALSE ) {
+ *matchp = 1;
+ return LDAP_SUCCESS;
+ }
+ else {
+ return LDAP_INAPPROPRIATE_MATCHING;
}
- *matchp = 1;
- return LDAP_SUCCESS;
-
}
int
struct berval *value,
void *assertedValue )
{
- /* Only for Registeration */
+ /* Only for registration */
*matchp = 0;
return LDAP_SUCCESS;
}
struct berval *value,
void *assertedValue )
{
- /* Only for Registeration */
+ /* Only for registration */
*matchp = 0;
return LDAP_SUCCESS;
}
ci_temp = &dup_cr->cr_list;
ci_curr = cr->cr_list;
- for ( ; ci_curr ; ci_curr = ci_curr->ci_next, ci_temp = &(*ci_temp)->ci_next ) {
+ for ( ; ci_curr != NULL ;
+ ci_curr = ci_curr->ci_next, ci_temp = &(*ci_temp)->ci_next )
+ {
*ci_temp = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
if ( !ci_temp ) return NULL;
**ci_temp = *ci_curr;
ComponentAssertion* ca;
int len;
- if ( !in_ca->ca_comp_ref )
- return SLAPD_DISCONNECT;
+ if ( !in_ca->ca_comp_ref ) return SLAPD_DISCONNECT;
*out_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
- if ( !(*out_ca) )
- return LDAP_NO_MEMORY;
+ if ( !(*out_ca) ) return LDAP_NO_MEMORY;
(*out_ca)->ca_comp_data.cd_tree = NULL;
(*out_ca)->ca_comp_data.cd_mem_op = NULL;
(*out_ca)->ca_ma_value.bv_val = assert_bv->bv_val;
len = get_len_of_next_assert_value ( assert_bv, '$' );
- if ( len <= 0 )
- return SLAPD_DISCONNECT;
+ if ( len <= 0 ) return SLAPD_DISCONNECT;
(*out_ca)->ca_ma_value.bv_len = len;
return LDAP_SUCCESS;
int
-get_aliased_filter ( Operation* op, MatchingRuleAssertion* ma, AttributeAliasing* aa, const char** text )
+get_aliased_filter( Operation* op,
+ MatchingRuleAssertion* ma, AttributeAliasing* aa,
+ const char** text )
{
int rc;
struct berval assert_bv;
}
int
-get_comp_filter( Operation* op, struct berval* bv, ComponentFilter** filt,
- const char **text )
+get_comp_filter( Operation* op, struct berval* bv,
+ ComponentFilter** filt, const char **text )
{
ComponentAssertionValue cav;
int rc;
eat_whsp( cav );
if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
return LDAP_COMP_FILTER_ITEM;
- }
- else if ( cav_cur_len( cav ) >= 7 && strncmp( cav->cav_ptr, "and", 3 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "and", 3 ) == 0 )
+ {
return LDAP_COMP_FILTER_AND;
- }
- else if ( cav_cur_len( cav ) >= 6 && strncmp( cav->cav_ptr, "or" , 2 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 6 &&
+ strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
+ {
return LDAP_COMP_FILTER_OR;
- }
- else if ( cav_cur_len( cav ) >= 7 && strncmp( cav->cav_ptr, "not", 3 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "not", 3 ) == 0 )
+ {
return LDAP_COMP_FILTER_NOT;
- }
- else
+
+ } else {
return LDAP_COMP_FILTER_UNDEFINED;
+ }
}
static ber_tag_t
comp_next_element( ComponentAssertionValue* cav )
{
-
eat_whsp( cav );
if ( *(cav->cav_ptr) == ',' ) {
/* move pointer to the next CA */
static int
get_comp_filter_list( Operation *op, ComponentAssertionValue *cav,
- ComponentFilter** f, const char** text )
+ ComponentFilter** f, const char** text )
{
ComponentFilter **new;
int err;
Debug( LDAP_DEBUG_FILTER, "get_comp_filter_list\n", 0, 0, 0 );
new = f;
- for ( tag = comp_first_element( cav ); tag != LDAP_COMP_FILTER_UNDEFINED;
+ for ( tag = comp_first_element( cav );
+ tag != LDAP_COMP_FILTER_UNDEFINED;
tag = comp_next_element( cav ) )
{
err = parse_comp_filter( op, cav, new, text );
- if ( err != LDAP_SUCCESS )
- return ( err );
+ if ( err != LDAP_SUCCESS ) return ( err );
new = &(*new)->cf_next;
}
*new = NULL;
static int
get_componentId( Operation *op, ComponentAssertionValue* cav,
- ComponentId ** cid, const char** text )
+ ComponentId ** cid, const char** text )
{
ber_tag_t type;
ComponentId _cid;
cav->cav_ptr += strlen("content");
break;
case LDAP_COMPREF_SELECT :
- if ( cav->cav_ptr[len] != '(' )
- return LDAP_COMPREF_UNDEFINED;
+ if ( cav->cav_ptr[len] != '(' ) return LDAP_COMPREF_UNDEFINED;
for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
cav->cav_ptr[len] != '\"' && cav->cav_ptr[len] != ')'
; len++ );
return LDAP_COMPREF_UNDEFINED;
}
- if ( op )
+ if ( op ) {
*cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
- else
+ } else {
*cid = malloc( sizeof( ComponentId ) );
+ }
**cid = _cid;
return LDAP_SUCCESS;
}
peek_componentId_type( ComponentAssertionValue* cav )
{
eat_whsp( cav );
- if ( cav->cav_ptr[0] == '-' )
+
+ if ( cav->cav_ptr[0] == '-' ) {
return LDAP_COMPREF_FROM_END;
- else if ( cav->cav_ptr[0] == '(' )
+
+ } else if ( cav->cav_ptr[0] == '(' ) {
return LDAP_COMPREF_SELECT;
- else if ( cav->cav_ptr[0] == '*' )
+
+ } else if ( cav->cav_ptr[0] == '*' ) {
return LDAP_COMPREF_ALL;
- else if ( cav->cav_ptr[0] == '0' )
+
+ } else if ( cav->cav_ptr[0] == '0' ) {
return LDAP_COMPREF_COUNT;
- else if ( cav->cav_ptr[0] > '0' && cav->cav_ptr[0] <= '9' )
+
+ } else if ( cav->cav_ptr[0] > '0' && cav->cav_ptr[0] <= '9' ) {
return LDAP_COMPREF_FROM_BEGINNING;
- else if ( (cav->cav_end - cav->cav_ptr) >= 7 &&
+
+ } else if ( (cav->cav_end - cav->cav_ptr) >= 7 &&
strncmp(cav->cav_ptr,"content",7) == 0 )
+ {
return LDAP_COMPREF_CONTENT;
- else if ( (cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z') ||
+ } else if ( (cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z') ||
(cav->cav_ptr[0] >= 'A' && cav->cav_ptr[0] <= 'Z') )
-
+ {
return LDAP_COMPREF_IDENTIFIER;
- else
- return LDAP_COMPREF_UNDEFINED;
+ }
+
+ return LDAP_COMPREF_UNDEFINED;
}
static ber_tag_t
comp_next_id( ComponentAssertionValue* cav )
{
-
if ( *(cav->cav_ptr) == '.' ) {
cav->cav_ptr++;
return LDAP_COMPREF_DEFINED;
}
- else return LDAP_COMPREF_UNDEFINED;
+
+ return LDAP_COMPREF_UNDEFINED;
}
static int
-get_component_reference( Operation *op, ComponentAssertionValue* cav,
- ComponentReference** cr, const char** text )
+get_component_reference(
+ Operation *op,
+ ComponentAssertionValue* cav,
+ ComponentReference** cr,
+ const char** text )
{
int rc, count = 0;
ber_int_t type;
eat_whsp( cav );
start = cav->cav_ptr;
- if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS )
- return rc;
- if ( op )
- ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
- else
+ if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) return rc;
+ if ( op ) {
+ ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ),
+ op->o_tmpmemctx );
+ } else {
ca_comp_ref = malloc( sizeof( ComponentReference ) );
+ }
if ( !ca_comp_ref ) return LDAP_NO_MEMORY;
cr_list = &ca_comp_ref->cr_list;
for ( type = peek_componentId_type( cav ) ; type != LDAP_COMPREF_UNDEFINED
- ; type = comp_next_id( cav ), count++ ) {
+ ; type = comp_next_id( cav ), count++ )
+ {
rc = get_componentId( op, cav, cr_list, text );
if ( rc == LDAP_SUCCESS ) {
if ( count == 0 ) ca_comp_ref->cr_curr = ca_comp_ref->cr_list;
cr_list = &(*cr_list)->ci_next;
- }
- else if ( rc == LDAP_COMPREF_UNDEFINED )
+
+ } else if ( rc == LDAP_COMPREF_UNDEFINED ) {
return rc;
+ }
}
ca_comp_ref->cr_len = count;
end = cav->cav_ptr;
if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) {
- if ( op )
+ if ( op ) {
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
- else
+ } else {
free( ca_comp_ref );
+ }
return rc;
}
if ( rc == LDAP_SUCCESS ) {
*cr = ca_comp_ref;
**cr = *ca_comp_ref;
- }
- else if ( op )
+
+ } else if ( op ) {
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
- else
+
+ } else {
free( ca_comp_ref ) ;
+ }
(*cr)->cr_string.bv_val = start;
(*cr)->cr_string.bv_len = end - start + 1;
}
int
-insert_component_reference( ComponentReference *cr, ComponentReference** cr_list) {
- if ( !cr )
- return LDAP_PARAM_ERROR;
+insert_component_reference(
+ ComponentReference *cr,
+ ComponentReference** cr_list)
+{
+ if ( !cr ) return LDAP_PARAM_ERROR;
+
if ( !(*cr_list) ) {
*cr_list = cr;
cr->cr_next = NULL;
is_component_reference( char* attr ) {
int i;
for ( i=0; attr[i] != '\0' ; i++ ) {
- if ( attr[i] == '.' )
- return (1);
+ if ( attr[i] == '.' ) return (1);
}
return (0);
}
int
-extract_component_reference( char* attr, ComponentReference** cr ) {
- int i, rc;
- char* cr_ptr;
- int cr_len;
- ComponentAssertionValue cav;
+extract_component_reference(
+ char* attr,
+ ComponentReference** cr )
+{
+ int i, rc;
+ char* cr_ptr;
+ int cr_len;
+ ComponentAssertionValue cav;
char text[1][128];
- for ( i=0; attr[i] != '\0' ; i++ ) {
- if ( attr[i] == '.' ) break;
- }
+ for ( i=0; attr[i] != '\0' ; i++ ) {
+ if ( attr[i] == '.' ) break;
+ }
+
+ if (attr[i] != '.' ) return LDAP_PARAM_ERROR;
+ attr[i] = '\0';
- if (attr[i] != '.' )
- return LDAP_PARAM_ERROR;
- else
- attr[i] = '\0';
- cr_ptr = attr + i + 1 ;
- cr_len = strlen ( cr_ptr );
- if ( cr_len <= 0 )
- return LDAP_PARAM_ERROR;
+ cr_ptr = attr + i + 1 ;
+ cr_len = strlen ( cr_ptr );
+ if ( cr_len <= 0 ) return LDAP_PARAM_ERROR;
/* enclosed between double quotes*/
cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2);
memcpy( cav.cav_buf+1, cr_ptr, cr_len );
cav.cav_buf[0] = '"';
cav.cav_buf[cr_len+1] = '"';
- cav.cav_end = cr_ptr + cr_len + 2;
+ cav.cav_end = cr_ptr + cr_len + 2;
- rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
- if ( rc != LDAP_SUCCESS )
- return rc;
+ rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
+ if ( rc != LDAP_SUCCESS ) return rc;
(*cr)->cr_string.bv_val = cav.cav_buf;
(*cr)->cr_string.bv_len = cr_len + 2;
return LDAP_SUCCESS;
}
+
static int
-get_ca_use_default( Operation *op, ComponentAssertionValue* cav,
- int* ca_use_def, const char** text )
+get_ca_use_default( Operation *op,
+ ComponentAssertionValue* cav,
+ int* ca_use_def, const char** text )
{
strip_cav_str( cav, "useDefaultValues" );
+
if ( peek_cav_str( cav, "TRUE" ) == LDAP_SUCCESS ) {
strip_cav_str( cav, "TRUE" );
*ca_use_def = 1;
+
} else if ( peek_cav_str( cav, "FALSE" ) == LDAP_SUCCESS ) {
strip_cav_str( cav, "FALSE" );
*ca_use_def = 0;
+
} else {
return LDAP_INVALID_SYNTAX;
}
if ( cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == ',' ||
cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == '{' ||
cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '\n' )
+ {
break;
+ }
}
if ( count == 0 ) {
rule_text.bv_val = cav->cav_ptr;
*mr = mr_bvfind( &rule_text );
cav->cav_ptr += count;
- Debug( LDAP_DEBUG_FILTER, "get_matching_rule: %s\n", (*mr)->smr_mrule.mr_oid, 0, 0 );
+ Debug( LDAP_DEBUG_FILTER, "get_matching_rule: %s\n",
+ (*mr)->smr_mrule.mr_oid, 0, 0 );
if ( *mr == NULL ) {
*text = "component matching rule not recognized";
return LDAP_INAPPROPRIATE_MATCHING;
if ( cav->cav_ptr[count] == '"' ) sequent_dquote++;
else sequent_dquote = 0;
- if ( cav->cav_ptr[count] == '\0' || (cav->cav_ptr+count) > cav->cav_end ) {
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
break;
}
- if ( ( cav->cav_ptr[count] == '"' && cav->cav_ptr[count-1] != '"') ||
- ( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) ) {
+ if ( ( cav->cav_ptr[count] == '"' &&
+ cav->cav_ptr[count-1] != '"') ||
+ ( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) )
+ {
succeed = 1;
break;
}
}
- if ( !succeed || cav->cav_ptr[count] != '"' )
+ if ( !succeed || cav->cav_ptr[count] != '"' ) {
return LDAP_FILTER_ERROR;
+ }
bv->bv_val = cav->cav_ptr + 1;
bv->bv_len = count - 1; /* exclude '"' */
- }
- else if ( cav->cav_ptr[0] == '\'' ) {
+
+ } else if ( cav->cav_ptr[0] == '\'' ) {
for( count = 1 ; ; count++ ) {
- if ( cav->cav_ptr[count] == '\0' || (cav->cav_ptr+count) > cav->cav_end ) {
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
break;
}
- if ((cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'B')||
- (cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'H') ) {
+ if ((cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'B') ||
+ (cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'H') )
+ {
succeed = 1;
break;
}
}
- if ( !succeed || !(cav->cav_ptr[count] == 'H' || cav->cav_ptr[count] == 'B') )
- return LDAP_FILTER_ERROR;
+ if ( !succeed ||
+ !(cav->cav_ptr[count] == 'H' || cav->cav_ptr[count] == 'B') )
+ {
+ return LDAP_FILTER_ERROR;
+ }
bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
bv->bv_len = count - 2;/* exclude "'H" or "'B" */
- }
- else if ( cav->cav_ptr[0] == '{' ) {
+ } else if ( cav->cav_ptr[0] == '{' ) {
for( count = 1, unclosed_brace = 1 ; ; count++ ) {
if ( cav->cav_ptr[count] == '{' ) unclosed_brace++;
if ( cav->cav_ptr[count] == '}' ) unclosed_brace--;
- if ( cav->cav_ptr[count] == '\0' || (cav->cav_ptr+count) > cav->cav_end )
+ if ( cav->cav_ptr[count] == '\0' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
break;
+ }
if ( unclosed_brace == 0 ) {
succeed = 1;
break;
}
}
- if ( !succeed || cav->cav_ptr[count] != '}' )
- return LDAP_FILTER_ERROR;
+ if ( !succeed || cav->cav_ptr[count] != '}' ) return LDAP_FILTER_ERROR;
bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
bv->bv_len = count - 1;/* exclude "'B" */
- }
- else {
+
+ } else {
succeed = 1;
/*Find following white space where the value is ended*/
for( count = 1 ; ; count++ ) {
- if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '{' || (cav->cav_ptr+count) > cav->cav_end ) {
+ if ( cav->cav_ptr[count] == '\0' ||
+ cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' ||
+ cav->cav_ptr[count] == '{' ||
+ (cav->cav_ptr+count) > cav->cav_end )
+ {
break;
}
}
}
cav->cav_ptr += bv->bv_len;
-
return LDAP_SUCCESS;
}
static int
get_matching_value( Operation *op, ComponentAssertion* ca,
- ComponentAssertionValue* cav, struct berval* bv,
- const char** text )
+ ComponentAssertionValue* cav, struct berval* bv,
+ const char** text )
{
if ( !(ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT)) ) {
if ( get_GSER_value( cav, bv ) != LDAP_SUCCESS ) {
eat_whsp( cav );
if ( cav_cur_len( cav ) >= strlen( str ) &&
strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
+ {
return LDAP_SUCCESS;
- else
- return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_INVALID_SYNTAX;
}
static int
{
eat_whsp( cav );
if ( cav_cur_len( cav ) >= strlen( str ) &&
- strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 ) {
+ strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
+ {
cav->cav_ptr += strlen( str );
return LDAP_SUCCESS;
}
- else
- return LDAP_INVALID_SYNTAX;
+
+ return LDAP_INVALID_SYNTAX;
}
/*
if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
strip_cav_str( cav , "item:" );
return LDAP_COMP_FILTER_ITEM;
- }
- else if ( cav_cur_len( cav ) >= 7 && strncmp( cav->cav_ptr, "and", 3 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "and", 3 ) == 0 )
+ {
strip_cav_str( cav , "and:" );
return LDAP_COMP_FILTER_AND;
- }
- else if ( cav_cur_len( cav ) >= 6 && strncmp( cav->cav_ptr, "or" , 2 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 6 &&
+ strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
+ {
strip_cav_str( cav , "or:" );
return LDAP_COMP_FILTER_OR;
- }
- else if ( cav_cur_len( cav ) >= 7 && strncmp( cav->cav_ptr, "not", 3 ) == 0 ) {
+
+ } else if ( cav_cur_len( cav ) >= 7 &&
+ strncmp( cav->cav_ptr, "not", 3 ) == 0 )
+ {
strip_cav_str( cav , "not:" );
return LDAP_COMP_FILTER_NOT;
}
- else
- return LBER_ERROR;
+
+ return LBER_ERROR;
}
/*
test_comp_filter_and(
Syntax *syn,
ComponentSyntaxInfo *a,
- struct berval *bv,
ComponentFilter *flist )
{
ComponentFilter *f;
int rtn = LDAP_COMPARE_TRUE;
for ( f = flist ; f != NULL; f = f->cf_next ) {
- int rc = test_comp_filter( syn, a, bv, f );
+ int rc = test_comp_filter( syn, a, f );
if ( rc == LDAP_COMPARE_FALSE ) {
rtn = rc;
break;
test_comp_filter_or(
Syntax *syn,
ComponentSyntaxInfo *a,
- struct berval *bv,
ComponentFilter *flist )
{
ComponentFilter *f;
int rtn = LDAP_COMPARE_TRUE;
for ( f = flist ; f != NULL; f = f->cf_next ) {
- int rc = test_comp_filter( syn, a, bv, f );
+ int rc = test_comp_filter( syn, a, f );
if ( rc == LDAP_COMPARE_TRUE ) {
rtn = rc;
break;
int
csi_value_match( MatchingRule *mr, struct berval* bv_attr,
- struct berval* bv_assert )
+ struct berval* bv_assert )
{
int rc;
int match;
assert( mr != NULL );
assert( !(mr->smr_usage & SLAP_MR_COMPONENT) );
- if( !mr->smr_match ) {
- return LDAP_INAPPROPRIATE_MATCHING;
- }
+ if( !mr->smr_match ) return LDAP_INAPPROPRIATE_MATCHING;
rc = (mr->smr_match)( &match, 0, NULL /*ad->ad_type->sat_syntax*/,
- mr, bv_attr, bv_assert );
- if ( rc == LDAP_SUCCESS )
- return match? LDAP_COMPARE_FALSE:LDAP_COMPARE_TRUE;
- else
- return rc;
+ mr, bv_attr, bv_assert );
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ return match ? LDAP_COMPARE_FALSE : LDAP_COMPARE_TRUE;
}
/*
test_comp_filter_item(
Syntax *syn,
ComponentSyntaxInfo *csi_attr,
- struct berval *bv,
ComponentAssertion *ca )
{
int rc, len;
if ( strcmp(ca->ca_ma_rule->smr_mrule.mr_oid,
OID_COMP_FILTER_MATCH ) == 0 && ca->ca_cf ) {
/* componentFilterMatch inside of componentFilterMatch */
- rc = test_comp_filter( syn, csi_attr, bv, ca->ca_cf );
+ rc = test_comp_filter( syn, csi_attr, ca->ca_cf );
return rc;
}
return LDAP_PROTOCOL_ERROR;
}
ca->ca_comp_data.cd_mem_op = assert_nm;
- }
- else {
+
+ } else {
assert_nm = ca->ca_comp_data.cd_mem_op;
}
/* component reference initialization */
- if ( ca->ca_comp_ref )
+ if ( ca->ca_comp_ref ) {
ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
+ }
rc = test_components( attr_nm, assert_nm, csi_attr, ca );
/* free memory used for storing extracted attribute value */
test_comp_filter(
Syntax *syn,
ComponentSyntaxInfo *a,
- struct berval *bv,
ComponentFilter *f )
{
int rc;
rc = f->cf_result;
break;
case LDAP_COMP_FILTER_AND:
- rc = test_comp_filter_and( syn, a, bv, f->cf_and );
+ rc = test_comp_filter_and( syn, a, f->cf_and );
break;
case LDAP_COMP_FILTER_OR:
- rc = test_comp_filter_or( syn, a, bv, f->cf_or );
+ rc = test_comp_filter_or( syn, a, f->cf_or );
break;
case LDAP_COMP_FILTER_NOT:
- rc = test_comp_filter( syn, a, bv, f->cf_not );
+ rc = test_comp_filter( syn, a, f->cf_not );
switch ( rc ) {
case LDAP_COMPARE_TRUE:
}
break;
case LDAP_COMP_FILTER_ITEM:
- rc = test_comp_filter_item( syn, a, bv, f->cf_ca );
+ rc = test_comp_filter_item( syn, a, f->cf_ca );
break;
default:
rc = LDAP_PROTOCOL_ERROR;
free_comp_filter_list( ComponentFilter* f )
{
ComponentFilter* tmp;
- for ( tmp = f; tmp; tmp = tmp->cf_next )
- {
+ for ( tmp = f; tmp; tmp = tmp->cf_next ) {
free_comp_filter( tmp );
}
}
free_comp_filter( ComponentFilter* f )
{
if ( !f ) {
- Debug( LDAP_DEBUG_FILTER, "free_comp_filter:Invalid filter so failed to release memory\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_FILTER,
+ "free_comp_filter: Invalid filter so failed to release memory\n",
+ 0, 0, 0 );
return;
}
switch ( f->cf_choice ) {
free_comp_filter( f->cf_any );
break;
case LDAP_COMP_FILTER_ITEM:
- if ( nibble_mem_free && f->cf_ca->ca_comp_data.cd_mem_op )
+ if ( nibble_mem_free && f->cf_ca->ca_comp_data.cd_mem_op ) {
nibble_mem_free( f->cf_ca->ca_comp_data.cd_mem_op );
+ }
break;
-
default:
break;
}
+/* component.h */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2005 The OpenLDAP Foundation.
+ * Portions Copyright 2004 by IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
#ifndef _H_SLAPD_COMPONENT
#define _H_SLAPD_COMPONENT
#include "portable.h"
+
#include <ac/string.h>
#include <ac/socket.h>
#include <ldap_pvt.h>
*/
#define MAX_ALIASING_ENTRY 128
typedef struct comp_attribute_aliasing {
- AttributeDescription* aa_aliasing_ad;
- AttributeDescription* aa_aliased_ad;
- ComponentFilter* aa_cf;
+ AttributeDescription* aa_aliasing_ad;
+ AttributeDescription* aa_aliased_ad;
+ ComponentFilter* aa_cf;
MatchingRule* aa_mr;
char* aa_cf_str;
} AttributeAliasing;
typedef struct comp_matchingrule_aliasing {
- MatchingRule* mra_aliasing_attr;
- MatchingRule* mra_aliased_attr;
- AttributeDescription* mra_attr;
- ComponentFilter* mra_cf;
+ MatchingRule* mra_aliasing_attr;
+ MatchingRule* mra_aliased_attr;
+ AttributeDescription* mra_attr;
+ ComponentFilter* mra_cf;
MatchingRule* mra_mr;
- char* aa_cf_str;
+ char* mra_cf_str;
} MatchingRuleAliasing;
#endif
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
{ "ucdata-path", 2, 2, 0, "path", ARG_IGNORED, NULL, NULL, NULL, NULL },
{ "sizelimit", 2, 2, 0, "limit", ARG_MAGIC|CFG_SIZE, &config_sizelimit, NULL, NULL, NULL },
{ "timelimit", 2, 2, 0, "limit", ARG_MAGIC|CFG_TIME, &config_timelimit, NULL, NULL, NULL },
- { "limits", 2, 2, 0, "limits", ARG_DB|ARG_MAGIC|CFG_LIMITS, &config_generic, NULL, NULL, NULL },
+ { "limits", 2, 0, 0, "limits", ARG_DB|ARG_MAGIC|CFG_LIMITS, &config_generic, NULL, NULL, NULL },
{ "overlay", 2, 2, 0, "overlay", ARG_MAGIC, &config_overlay, NULL, NULL, NULL },
{ "suffix", 2, 2, 0, "suffix", ARG_DB|ARG_MAGIC, &config_suffix, NULL, NULL, NULL },
{ "maxDerefDepth", 2, 2, 0, "depth", ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH, &config_generic, NULL, NULL, NULL },
)
{
syncinfo_t *si;
- syncinfo_t *si_entry;
int rc = 0;
- int duplicated_replica_id = 0;
si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
}
si->si_tls = SYNCINFO_TLS_OFF;
- if ( be->be_rootndn.bv_val ) {
- ber_dupbv( &si->si_updatedn, &be->be_rootndn );
- }
si->si_bindmethod = LDAP_AUTH_SIMPLE;
si->si_schemachecking = 0;
ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
si->si_retryinterval = NULL;
si->si_retrynum_init = NULL;
si->si_retrynum = NULL;
- si->si_syncCookie.ctxcsn = NULL;
- si->si_syncCookie.octet_str = NULL;
- si->si_syncCookie.sid = -1;
si->si_manageDSAit = 0;
si->si_tlimit = 0;
si->si_slimit = 0;
rc = parse_syncrepl_line( cargv, cargc, si );
- LDAP_STAILQ_FOREACH( si_entry, &be->be_syncinfo, si_next ) {
- if ( si->si_rid == si_entry->si_rid ) {
- Debug( LDAP_DEBUG_ANY,
- "add_syncrepl: duplicated replica id\n",0, 0, 0 );
- duplicated_replica_id = 1;
- break;
- }
- }
-
- if ( rc < 0 || duplicated_replica_id ) {
+ if ( rc < 0 ) {
Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
syncinfo_free( si );
return 1;
} else {
Debug( LDAP_DEBUG_CONFIG,
"Config: ** successfully added syncrepl \"%s\"\n",
- si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 );
+ BER_BVISNULL( &si->si_provideruri ) ?
+ "(null)" : si->si_provideruri.bv_val, 0, 0 );
if ( !si->si_schemachecking ) {
SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
}
si->si_be = be;
- LDAP_STAILQ_INSERT_TAIL( &be->be_syncinfo, si, si_next );
+ be->be_syncinfo = si;
return 0;
}
}
#define SLIMITSTR "sizelimit"
#define TLIMITSTR "timelimit"
#define SCHEMASTR "schemachecking"
-#define UPDATEDNSTR "updatedn"
#define BINDMETHSTR "bindmethod"
#define SIMPLESTR "simple"
#define SASLSTR "sasl"
#define LMREQSTR "req"
#define SRVTABSTR "srvtab"
#define SUFFIXSTR "suffix"
+#define UPDATEDNSTR "updatedn"
/* mandatory */
#define GOT_ID 0x0001
STRLENOF( PROVIDERSTR "=" ) ) )
{
val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" );
- si->si_provideruri = ch_strdup( val );
- si->si_provideruri_bv = (BerVarray)
- ch_calloc( 2, sizeof( struct berval ));
- ber_str2bv( si->si_provideruri, strlen( si->si_provideruri ),
- 1, &si->si_provideruri_bv[0] );
- si->si_provideruri_bv[1].bv_len = 0;
- si->si_provideruri_bv[1].bv_val = NULL;
+ ber_str2bv( val, 0, 1, &si->si_provideruri );
gots |= GOT_PROVIDER;
} else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=",
STRLENOF(STARTTLSSTR "=") ) )
} else {
si->si_tls = SYNCINFO_TLS_ON;
}
- } else if ( !strncasecmp( cargv[ i ], UPDATEDNSTR "=",
- STRLENOF( UPDATEDNSTR "=" ) ) )
- {
- struct berval updatedn = BER_BVNULL;
- int rc;
-
- val = cargv[ i ] + STRLENOF( UPDATEDNSTR "=" );
- ber_str2bv( val, 0, 0, &updatedn );
- ch_free( si->si_updatedn.bv_val );
- rc = dnNormalize( 0, NULL, NULL, &updatedn, &si->si_updatedn, NULL );
- if ( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "Error: parse_syncrepl_line: "
- "update DN \"%s\" is invalid: %d (%s)\n",
- updatedn, rc, ldap_err2string( rc ) );
- return -1;
- }
-
} else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=",
STRLENOF( BINDMETHSTR "=" ) ) )
{
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
-#if 0 /* DELETE ME */
- if ( op->o_cancel != SLAP_CANCEL_ACK &&
- ( op->o_sync_mode & SLAP_SYNC_PERSIST ) )
- {
- slap_sl_mem_detach( ctx, memctx );
- } else if ( op->o_sync_slog_size != -1 ) {
- slap_sl_mem_detach( ctx, memctx );
- LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
- LDAP_STAILQ_NEXT(op, o_next) = NULL;
- conn->c_n_ops_executing--;
- conn->c_n_ops_completed++;
-
- } else
-#endif
- {
- LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
- LDAP_STAILQ_NEXT(op, o_next) = NULL;
- slap_op_free( op );
- conn->c_n_ops_executing--;
- conn->c_n_ops_completed++;
- }
+ LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+ slap_op_free( op );
+ conn->c_n_ops_executing--;
+ conn->c_n_ops_completed++;
switch( tag ) {
case LBER_ERROR:
}
#endif
if(tag == LDAP_REQ_BIND) {
- /* immediately abandon all exiting operations upon BIND */
+ /* immediately abandon all existing operations upon BIND */
connection_abandon( conn );
}
c = connection_get( s );
- slapd_clr_write( s, 0);
-
if( c == NULL ) {
Debug( LDAP_DEBUG_ANY,
"connection_write(%ld): no connection!\n",
return -1;
}
+ slapd_clr_write( s, 0);
+
c->c_n_write++;
Debug( LDAP_DEBUG_TRACE,
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static SLAP_CTRL_PARSE_FN parseDomainScope;
static SLAP_CTRL_PARSE_FN parseTreeDelete;
static SLAP_CTRL_PARSE_FN parseSearchOptions;
-
-#ifdef LDAP_CONTROL_SUBENTRIES
static SLAP_CTRL_PARSE_FN parseSubentries;
-#endif
#undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
SLAP_CTRL_MODIFY, NULL,
parsePermissiveModify, LDAP_SLIST_ENTRY_INITIALIZER(next) },
#endif
-#ifdef LDAP_CONTROL_X_TREE_DELETE
+#ifdef SLAP_CONTROL_X_TREE_DELETE
{ LDAP_CONTROL_X_TREE_DELETE,
(int)offsetof(struct slap_control_ids, sc_treeDelete),
- SLAP_CTRL_DELETE, NULL,
+ SLAP_CTRL_HIDE|SLAP_CTRL_DELETE, NULL,
parseTreeDelete, LDAP_SLIST_ENTRY_INITIALIZER(next) },
#endif
#ifdef LDAP_CONTORL_X_SEARCH_OPTIONS
return LDAP_PROTOCOL_ERROR;
}
-#if 0 /* DELETE ME */
- if ( op->o_sync != SLAP_CONTROL_NONE ) {
- rs->sr_text = "paged results control specified with sync control";
- return LDAP_PROTOCOL_ERROR;
- }
-#endif
-
if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
rs->sr_text = "paged results control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
- /* Other search flags not recognised so far */
+ /* Other search flags not recognised so far,
+ * including:
+ * LDAP_SEARCH_FLAG_PHANTOM_ROOM
+ */
rs->sr_text = "searchOptions contained unrecongized flag";
return LDAP_UNWILLING_TO_PERFORM;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
slapd_close( wd );
}
+ SLAP_EVENT_CLR_WRITE( wd );
}
for ( i = 0; nrfds > 0; i++ )
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
NOID, { 0, "" }, { 0, "" }, NULL, 0, { 0, "" }, NULL
};
+static const struct berval dn_bv = BER_BVC("dn");
+
int entry_destroy(void)
{
if ( ebuf ) free( ebuf );
{
int rc;
Entry *e;
- char *type;
+ struct berval type;
struct berval vals[2];
struct berval nvals[2], *nvalsp;
AttributeDescription *ad, *ad_prev;
const char *text;
char *next;
int attr_cnt;
+ int freeval;
/*
* LDIF is used as the string format.
break;
}
- if ( ldif_parse_line( s, &type, &vals[0].bv_val, &vals[0].bv_len ) != 0 ) {
+ if ( ldif_parse_line2( s, &type, vals, &freeval ) != 0 ) {
Debug( LDAP_DEBUG_TRACE,
"<= str2entry NULL (parse_line)\n", 0, 0, 0 );
continue;
}
- if ( strcasecmp( type, "dn" ) == 0 ) {
- free( type );
+ if ( type.bv_len == dn_bv.bv_len &&
+ strcasecmp( type.bv_val, dn_bv.bv_val ) == 0 ) {
if ( e->e_dn != NULL ) {
Debug( LDAP_DEBUG_ANY, "str2entry: "
"entry %ld has multiple DNs \"%s\" and \"%s\"\n",
(long) e->e_id, e->e_dn, vals[0].bv_val );
- free( vals[0].bv_val );
+ if ( freeval ) free( vals[0].bv_val );
entry_free( e );
return NULL;
}
rc = dnPrettyNormal( NULL, &vals[0], &e->e_name, &e->e_nname, NULL );
+ if ( freeval ) free( vals[0].bv_val );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "str2entry: "
"entry %ld has invalid DN \"%s\"\n",
(long) e->e_id, vals[0].bv_val, 0 );
entry_free( e );
- free( vals[0].bv_val );
return NULL;
}
- free( vals[0].bv_val );
continue;
}
ad_prev = ad;
ad = NULL;
- rc = slap_str2ad( type, &ad, &text );
+ rc = slap_bv2ad( &type, &ad, &text );
if( rc != LDAP_SUCCESS ) {
Debug( slapMode & SLAP_TOOL_MODE
? LDAP_DEBUG_ANY : LDAP_DEBUG_TRACE,
- "<= str2entry: str2ad(%s): %s\n", type, text, 0 );
+ "<= str2entry: str2ad(%s): %s\n", type.bv_val, text, 0 );
if( slapMode & SLAP_TOOL_MODE ) {
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return NULL;
}
- rc = slap_str2undef_ad( type, &ad, &text );
+ rc = slap_bv2undef_ad( &type, &ad, &text );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"<= str2entry: str2undef_ad(%s): %s\n",
- type, text, 0 );
+ type.bv_val, text, 0 );
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return NULL;
}
}
ad->ad_cname.bv_val, attr_cnt,
ad->ad_type->sat_syntax->ssyn_oid );
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return NULL;
}
ad->ad_cname.bv_val, attr_cnt,
ad->ad_type->sat_syntax->ssyn_oid );
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return NULL;
}
if( pretty ) {
- free( vals[0].bv_val );
+ if ( freeval ) free( vals[0].bv_val );
vals[0] = pval;
+ freeval = 1;
}
}
"<= str2entry NULL (smr_normalize %d)\n", rc, 0, 0 );
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return NULL;
}
Debug( LDAP_DEBUG_ANY,
"<= str2entry NULL (attr_merge)\n", 0, 0, 0 );
entry_free( e );
- free( vals[0].bv_val );
- free( type );
+ if ( freeval ) free( vals[0].bv_val );
return( NULL );
}
- free( type );
- free( vals[0].bv_val );
+ if ( freeval ) free( vals[0].bv_val );
free( nvals[0].bv_val );
attr_cnt++;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_extended( op, rs );
+
done:
return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Attribute *a;
void *memctx;
BER_MEMFREE_FN *memfree;
+#ifdef LDAP_COMP_MATCH
+ int i, num_attr_vals;
+#endif
if ( op == NULL ) {
memctx = NULL;
struct berval *bv;
#ifdef LDAP_COMP_MATCH
/* Component Matching */
- if( mra->ma_cf &&
- mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
- {
- int ret;
- int rc;
- const char *text;
-
- rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
- (struct berval *)a,(void*) mra , &text );
- if ( rc != LDAP_SUCCESS ) return rc;
- if ( ret == 0 ) return LDAP_COMPARE_TRUE;
- else return LDAP_COMPARE_FALSE;
+ if( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ num_attr_vals = 0;
+ if ( !a->a_comp_data ) {
+ for ( ;
+ a->a_vals[num_attr_vals].bv_val != NULL;
+ num_attr_vals++ )
+ {
+ /* empty */;
+ }
+ if ( num_attr_vals <= 0 ) {
+ /* no attribute value */
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ num_attr_vals++;
+
+ /* following malloced will be freed by comp_tree_free () */
+ a->a_comp_data = malloc( sizeof( ComponentData ) +
+ sizeof( ComponentSyntaxInfo* )*num_attr_vals );
+
+ if ( !a->a_comp_data ) return LDAP_NO_MEMORY;
+ a->a_comp_data->cd_tree = (ComponentSyntaxInfo**)
+ ((char*)a->a_comp_data + sizeof(ComponentData));
+ a->a_comp_data->cd_tree[num_attr_vals - 1] =
+ (ComponentSyntaxInfo*) NULL;
+ a->a_comp_data->cd_mem_op =
+ nibble_mem_allocator( 1024*16, 1024 );
+ }
}
#endif
} else {
bv = a->a_vals;
}
-
+#ifdef LDAP_COMP_MATCH
+ i = 0;
+#endif
for ( ; bv->bv_val != NULL; bv++ ) {
int ret;
int rc;
const char *text;
- rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
- bv, &mra->ma_value, &text );
+#ifdef LDAP_COMP_MATCH
+ if( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ /* Check if decoded component trees are already linked */
+ if ( num_attr_vals ) {
+ a->a_comp_data->cd_tree[i] = attr_converter(
+ a, a->a_desc->ad_type->sat_syntax, bv );
+ }
+ /* decoding error */
+ if ( !a->a_comp_data->cd_tree[i] ) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+ rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
+ (struct berval*)a->a_comp_data->cd_tree[i++],
+ (void*)mra, &text );
+ } else
+#endif
+ {
+ rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
+ bv, &mra->ma_value, &text );
+ }
if( rc != LDAP_SUCCESS ) return rc;
if ( ret == 0 ) return LDAP_COMPARE_TRUE;
* XXX: fairly optimistic: if the function is defined,
* then PRESENCE must succeed, because hasSubordinate
* is boolean-valued; I think we may live with this
- * simplification by now
+ * simplification by now.
*/
if ( op && op->o_bd && op->o_bd->be_has_subordinates ) {
return LDAP_COMPARE_TRUE;
/* frontend.c - routines for dealing with frontend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* FIXME: do we need this? */
frontendDB->be_pcl_mutexp = &frontendDB->be_pcl_mutex;
ldap_pvt_thread_mutex_init( frontendDB->be_pcl_mutexp );
-
- LDAP_STAILQ_INIT( &frontendDB->be_syncinfo );
#endif
/* suffix */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
#include "../../libraries/liblber/lber-int.h" /* get ber_strndup() */
#include "lutil_ldap.h"
-#if 0
-struct sync_cookie *slap_sync_cookie = NULL;
-#else
struct slap_sync_cookie_s slap_sync_cookie =
LDAP_STAILQ_HEAD_INITIALIZER( slap_sync_cookie );
-#endif
void
slap_compose_sync_cookie(
Operation *op,
struct berval *cookie,
struct berval *csn,
- int sid,
int rid )
{
char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ];
- if ( csn->bv_val == NULL ) {
- if ( sid == -1 ) {
- if ( rid == -1 ) {
- cookiestr[0] = '\0';
- } else {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "rid=%03d", rid );
- }
+ if ( BER_BVISNULL( csn )) {
+ if ( rid == -1 ) {
+ cookiestr[0] = '\0';
} else {
- if ( rid == -1 ) {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "sid=%03d", sid );
- } else {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "sid=%03d,rid=%03d", sid, rid );
- }
+ snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
+ "rid=%03d", rid );
}
} else {
- if ( sid == -1 ) {
- if ( rid == -1 ) {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "csn=%s", csn->bv_val );
- } else {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "csn=%s,rid=%03d", csn->bv_val, rid );
- }
+ if ( rid == -1 ) {
+ snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
+ "csn=%s", csn->bv_val );
} else {
- if ( rid == -1 ) {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "csn=%s,sid=%03d", csn->bv_val, sid );
- } else {
- snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
- "csn=%s,sid=%03d,rid=%03d", csn->bv_val, sid, rid );
- }
+ snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
+ "csn=%s,rid=%03d", csn->bv_val, rid );
}
}
ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie );
if ( cookie == NULL )
return;
- if ( cookie->ctxcsn ) {
- ber_bvarray_free( cookie->ctxcsn );
- cookie->ctxcsn = NULL;
+ if ( !BER_BVISNULL( &cookie->ctxcsn )) {
+ ch_free( cookie->ctxcsn.bv_val );
+ BER_BVZERO( &cookie->ctxcsn );
}
- if ( cookie->octet_str ) {
- ber_bvarray_free( cookie->octet_str );
- cookie->octet_str = NULL;
+ if ( !BER_BVISNULL( &cookie->octet_str )) {
+ ch_free( cookie->octet_str.bv_val );
+ BER_BVZERO( &cookie->octet_str );
}
if ( free_cookie ) {
char *csn_str;
int csn_str_len;
int valid = 0;
- char *sid_ptr;
- char *sid_str;
char *rid_ptr;
char *rid_str;
char *cval;
- struct berval ctxcsn;
if ( cookie == NULL )
return -1;
- while (( csn_ptr = strstr( cookie->octet_str[0].bv_val, "csn=" )) != NULL ) {
+ while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) {
AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
slap_syntax_validate_func *validate;
struct berval stamp;
break;
}
if ( valid ) {
- ber_str2bv( csn_str, csn_str_len, 1, &ctxcsn );
- ber_bvarray_add( &cookie->ctxcsn, &ctxcsn );
+ ber_str2bv( csn_str, csn_str_len, 1, &cookie->ctxcsn );
} else {
- cookie->ctxcsn = NULL;
+ BER_BVZERO( &cookie->ctxcsn );
}
- if (( sid_ptr = strstr( cookie->octet_str->bv_val, "sid=" )) != NULL ) {
- sid_str = SLAP_STRNDUP( sid_ptr,
- SLAP_SYNC_SID_SIZE + sizeof("sid=") - 1 );
- if ( (cval = strchr( sid_str, ',' )) != NULL ) {
- *cval = '\0';
- }
- cookie->sid = atoi( sid_str + sizeof("sid=") - 1 );
- ch_free( sid_str );
- } else {
- cookie->sid = -1;
- }
-
- if (( rid_ptr = strstr( cookie->octet_str->bv_val, "rid=" )) != NULL ) {
+ if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) {
rid_str = SLAP_STRNDUP( rid_ptr,
SLAP_SYNC_RID_SIZE + sizeof("rid=") - 1 );
if ( (cval = strchr( rid_str, ',' )) != NULL ) {
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE + 4 ];
struct berval octet_str = BER_BVNULL;
struct berval ctxcsn = BER_BVNULL;
- struct berval ctxcsn_dup = BER_BVNULL;
- struct berval slap_syncCookie;
if ( cookie == NULL )
return -1;
"csn=%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
1900, 1, 1, 0, 0, 0, 0, 0, 0 );
octet_str.bv_val = csnbuf;
- build_new_dn( &slap_syncCookie, &cookie->octet_str[0], &octet_str, NULL );
- ber_bvarray_free( cookie->octet_str );
- cookie->octet_str = NULL;
- ber_bvarray_add( &cookie->octet_str, &slap_syncCookie );
+ ch_free( cookie->octet_str.bv_val );
+ ber_dupbv( &cookie->octet_str, &octet_str );
ctxcsn.bv_val = octet_str.bv_val + 4;
ctxcsn.bv_len = octet_str.bv_len - 4;
- ber_dupbv( &ctxcsn_dup, &ctxcsn );
- ber_bvarray_add( &cookie->ctxcsn, &ctxcsn_dup );
+ ber_dupbv( &cookie->ctxcsn, &ctxcsn );
return 0;
}
return NULL;
if ( dst ) {
- ber_bvarray_free( dst->ctxcsn );
- ber_bvarray_free( dst->octet_str );
+ ch_free( dst->ctxcsn.bv_val );
+ ch_free( dst->octet_str.bv_val );
+ BER_BVZERO( &dst->ctxcsn );
+ BER_BVZERO( &dst->octet_str );
new = dst;
} else {
new = ( struct sync_cookie * )
ch_calloc( 1, sizeof( struct sync_cookie ));
}
- new->sid = src->sid;
new->rid = src->rid;
- if ( src->ctxcsn ) {
- for ( i=0; src->ctxcsn[i].bv_val; i++ ) {
- ber_dupbv( &tmp_bv, &src->ctxcsn[i] );
- ber_bvarray_add( &new->ctxcsn, &tmp_bv );
- }
+ if ( !BER_BVISNULL( &src->ctxcsn )) {
+ ber_dupbv( &new->ctxcsn, &src->ctxcsn );
}
- if ( src->octet_str ) {
- for ( i=0; src->octet_str[i].bv_val; i++ ) {
- ber_dupbv( &tmp_bv, &src->octet_str[i] );
- ber_bvarray_add( &new->octet_str, &tmp_bv );
- }
+ if ( !BER_BVISNULL( &src->octet_str )) {
+ ber_dupbv( &new->octet_str, &src->octet_str );
}
return new;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
struct berval oc, ad;
oc.bv_val = pattern + 1;
+ pattern = strchr( pattern, '=' );
+ if ( pattern == NULL ) {
+ return -1;
+ }
- ad.bv_val = strchr(pattern, '/');
+ ad.bv_val = strchr( oc.bv_val, '/' );
if ( ad.bv_val != NULL ) {
const char *text = NULL;
int rc;
oc.bv_len = ad.bv_val - oc.bv_val;
ad.bv_val++;
- ad.bv_len = strlen( ad.bv_val );
+ ad.bv_len = pattern - ad.bv_val;
rc = slap_bv2ad( &ad, &group_ad, &text );
if ( rc != LDAP_SUCCESS ) {
goto no_ad;
}
- pattern = ad.bv_val + ad.bv_len;
-
} else {
- oc.bv_len = strlen( oc.bv_val );
-
- pattern = oc.bv_val + oc.bv_len;
+ oc.bv_len = pattern - oc.bv_val;
}
group_oc = oc_bvfind( &oc );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
int
lock_fclose( FILE *fp, FILE *lfp )
{
+ int rc = fclose( fp );
/* unlock */
ldap_unlockf( fileno(lfp) );
fclose( lfp );
- return( fclose( fp ) );
+ return( rc );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
rs->sr_err = frontendDB->be_modrdn( op, rs );
cleanup:
-
slap_graduate_commit_csn( op );
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );
- if ( pnewSuperior.bv_val ) op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx );
- if ( nnewSuperior.bv_val ) op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &pnewSuperior ) )
+ op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &nnewSuperior ) )
+ op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx );
return rs->sr_err;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
op->o_hdr = (Opheader *)(op+1);
op->o_controls = (void **)(op->o_hdr+1);
-#if 0 /* DELETE ME */
- slap_sync_cookie_free( &op->o_sync_state, 0 );
- if ( op->o_sync_csn.bv_val != NULL ) {
- ch_free( op->o_sync_csn.bv_val );
- }
- op->o_sync_state.sid = -1;
- op->o_sync_slog_size = -1;
- op->o_sync_state.rid = -1;
-#endif
-
ldap_pvt_thread_mutex_lock( &slap_op_mutex );
LDAP_STAILQ_INSERT_HEAD( &slap_free_ops, op, o_next );
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
op->o_opid = id;
op->o_res_ber = NULL;
-#if 0 /* DELETE ME */
- op->o_sync_state.sid = -1;
- op->o_sync_slog_size = -1;
- op->o_sync_state.rid = -1;
- LDAP_STAILQ_FIRST( &op->o_sync_slog_list ) = NULL;
- op->o_sync_slog_list.stqh_last = &LDAP_STAILQ_FIRST( &op->o_sync_slog_list );
-#endif
-
#if defined( LDAP_SLAPI )
if ( slapi_plugins_used ) {
op->o_pb = slapi_pblock_new();
/* operational.c - routines to deal with on-the-fly operational attrs */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2003-2004 The OpenLDAP Foundation.
+## Copyright 2003-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## <http://www.OpenLDAP.org/license.html>.
SRCS = overlays.c \
- chain.c \
denyop.c \
dyngroup.c \
glue.c \
syncprov.c \
unique.c
OBJS = overlays.lo \
- chain.lo \
denyop.lo \
dyngroup.lo \
glue.lo \
XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
-chain.la : chain.lo $(@PLAT@_LINK_LIBS)
- $(LTLINK_MOD) -module -o $@ chain.lo version.lo $(LINK_LIBS)
-
denyop.la : denyop.lo $(@PLAT@_LINK_LIBS)
$(LTLINK_MOD) -module -o $@ denyop.lo version.lo $(LINK_LIBS)
+++ /dev/null
-/* chain.c - chain LDAP operations */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2003-2004 The OpenLDAP Foundation.
- * Portions Copyright 2003 Howard Chu.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by the Howard Chu for inclusion
- * in OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#if defined(SLAPD_LDAP)
-
-#ifdef SLAPD_OVER_CHAIN
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/socket.h>
-
-#include "slap.h"
-#include "../back-ldap/back-ldap.h"
-
-static BackendInfo *lback;
-
-static int
-ldap_chain_chk_referrals( Operation *op, SlapReply *rs )
-{
- return LDAP_SUCCESS;
-}
-
-static int
-ldap_chain_operational( Operation *op, SlapReply *rs )
-{
- /* trap entries generated by back-ldap.
- * FIXME: we need a better way to recognize them; a cleaner
- * solution would be to be able to intercept the response
- * of be_operational(), so that we can divert only those
- * calls that fail because operational attributes were
- * requested for entries that do not belong to the underlying
- * database. This fix is likely to intercept also entries
- * generated by back-perl and so. */
- if ( rs->sr_entry->e_private == NULL ) {
- return 0;
- }
-
- return SLAP_CB_CONTINUE;
-}
-
-static int
-ldap_chain_cb_response( Operation *op, SlapReply *rs )
-{
- assert( op->o_tag == LDAP_REQ_SEARCH );
-
- if ( rs->sr_type == REP_SEARCH ) {
- Attribute **ap = &rs->sr_entry->e_attrs;
-
- for ( ; *ap != NULL; ap = &(*ap)->a_next ) {
- /* will be generated later by frontend
- * (a cleaner solution would be that
- * the frontend checks if it already exists */
- if ( ad_cmp( (*ap)->a_desc, slap_schema.si_ad_entryDN ) == 0 )
- {
- Attribute *a = *ap;
-
- *ap = (*ap)->a_next;
- attr_free( a );
-
- /* there SHOULD be one only! */
- break;
- }
- }
-
- return SLAP_CB_CONTINUE;
- }
-
- return 0;
-}
-
-static int
-ldap_chain_response( Operation *op, SlapReply *rs )
-{
- slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
- void *private = op->o_bd->be_private;
- slap_callback *sc = op->o_callback;
- LDAPControl **prev = op->o_ctrls;
- LDAPControl **ctrls = NULL, authz;
- int i, nctrls, rc = 0;
- int cache = op->o_do_not_cache;
- char *authzid = NULL;
- BerVarray ref;
- struct berval ndn = op->o_ndn;
-
- struct ldapinfo li, *lip = (struct ldapinfo *)on->on_bi.bi_private;
-
- if ( rs->sr_err != LDAP_REFERRAL && rs->sr_type != REP_SEARCHREF )
- return SLAP_CB_CONTINUE;
-
- ref = rs->sr_ref;
- rs->sr_ref = NULL;
-
- op->o_callback = NULL;
-
- if ( lip->url == NULL ) {
- /* if we parse the URI then by no means
- * we can cache stuff or reuse connections,
- * because in back-ldap there's no caching
- * based on the URI value, which is supposed
- * to be set once for all (correct?) */
- op->o_do_not_cache = 1;
-
- /* FIXME: we're setting the URI of the first referral;
- * what if there are more? Is this something we should
- * worry about? */
- li = *lip;
- op->o_bd->be_private = &li;
-
- if ( rs->sr_type != REP_SEARCHREF ) {
- LDAPURLDesc *srv;
- char *save_dn;
-
- /* parse reference and use
- * proto://[host][:port]/ only */
- rc = ldap_url_parse_ext( ref[0].bv_val, &srv );
- if ( rc != LDAP_URL_SUCCESS) {
- /* error */
- return 1;
- }
-
- /* remove DN essentially because later on
- * ldap_initialize() will parse the URL
- * as a comma-separated URL list */
- save_dn = srv->lud_dn;
- srv->lud_dn = "";
- srv->lud_scope = LDAP_SCOPE_DEFAULT;
- li.url = ldap_url_desc2str( srv );
- srv->lud_dn = save_dn;
- ldap_free_urldesc( srv );
-
- if ( li.url == NULL ) {
- /* error */
- return 1;
- }
- }
-
- } else {
- op->o_bd->be_private = on->on_bi.bi_private;
- }
-
- /* Chaining is performed by a privileged user on behalf
- * of a normal user, using the ProxyAuthz control. However,
- * Binds are done separately, on an anonymous session.
- */
- if ( op->o_tag != LDAP_REQ_BIND ) {
- for ( i = 0; prev && prev[i]; i++ )
- /* count and set prev to the last one */ ;
- nctrls = i;
-
- /* Add an extra NULL slot */
- if ( !prev ) {
- i++;
- }
-
- ctrls = op->o_tmpalloc((i + 1)*sizeof(LDAPControl *),
- op->o_tmpmemctx);
- for ( i = 0; i < nctrls; i++ ) {
- ctrls[i] = prev[i];
- }
- ctrls[nctrls] = &authz;
- ctrls[nctrls + 1] = NULL;
- authz.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
- authz.ldctl_iscritical = 1;
- authz.ldctl_value = op->o_dn;
- if ( !BER_BVISEMPTY( &op->o_dn ) ) {
- authzid = op->o_tmpalloc( op->o_dn.bv_len + STRLENOF("dn:"),
- op->o_tmpmemctx );
- strcpy(authzid, "dn:");
- strcpy(authzid + STRLENOF("dn:"), op->o_dn.bv_val);
- authz.ldctl_value.bv_len = op->o_dn.bv_len + STRLENOF("dn:");
- authz.ldctl_value.bv_val = authzid;
- }
- op->o_ctrls = ctrls;
- op->o_ndn = op->o_bd->be_rootndn;
- }
-
- switch ( op->o_tag ) {
- case LDAP_REQ_BIND: {
- struct berval rndn = op->o_req_ndn;
- Connection *conn = op->o_conn;
-
- op->o_req_ndn = slap_empty_bv;
-
- op->o_conn = NULL;
- rc = lback->bi_op_bind( op, rs );
- op->o_req_ndn = rndn;
- op->o_conn = conn;
- }
- break;
- case LDAP_REQ_ADD:
- {
- int cleanup_attrs = 0;
-
- if ( op->ora_e->e_attrs == NULL ) {
- char textbuf[ SLAP_TEXT_BUFLEN ];
- size_t textlen = sizeof( textbuf );
-
- /* global overlay; create entry */
- /* NOTE: this is a hack to use the chain overlay
- * as global. I expect to be able to remove this
- * soon by using slap_mods2entry() earlier in
- * do_add(), adding the operational attrs later
- * if required. */
- rs->sr_err = slap_mods2entry( op->ora_modlist,
- &op->ora_e, 0, 1,
- &rs->sr_text, textbuf, textlen );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_result( op, rs );
- rc = 1;
- break;
- }
- }
- rc = lback->bi_op_add( op, rs );
- if ( cleanup_attrs ) {
- attrs_free( op->ora_e->e_attrs );
- op->ora_e->e_attrs = NULL;
- }
- break;
- }
- case LDAP_REQ_DELETE:
- rc = lback->bi_op_delete( op, rs );
- break;
- case LDAP_REQ_MODRDN:
- rc = lback->bi_op_modrdn( op, rs );
- break;
- case LDAP_REQ_MODIFY:
- rc = lback->bi_op_modify( op, rs );
- break;
- case LDAP_REQ_COMPARE:
- rc = lback->bi_op_compare( op, rs );
- break;
- case LDAP_REQ_SEARCH:
- if ( rs->sr_type == REP_SEARCHREF ) {
- struct berval *curr = ref,
- odn = op->o_req_dn,
- ondn = op->o_req_ndn;
- slap_callback sc2 = { 0 };
- int tmprc = 0;
- ber_len_t refcnt = 0;
- BerVarray newref = NULL;
-
- sc2.sc_response = ldap_chain_cb_response;
- op->o_callback = &sc2;
-
- rs->sr_type = REP_SEARCH;
-
- /* copy the private info because we need to modify it */
- for ( ; !BER_BVISNULL( &curr[0] ); curr++ ) {
- LDAPURLDesc *srv;
- char *save_dn;
-
- /* parse reference and use
- * proto://[host][:port]/ only */
- tmprc = ldap_url_parse_ext( curr[0].bv_val, &srv );
- if ( tmprc != LDAP_URL_SUCCESS ) {
- /* error */
- rc = 1;
- goto end_of_searchref;
- }
-
- /* remove DN essentially because later on
- * ldap_initialize() will parse the URL
- * as a comma-separated URL list */
- save_dn = srv->lud_dn;
- srv->lud_dn = "";
- srv->lud_scope = LDAP_SCOPE_DEFAULT;
- li.url = ldap_url_desc2str( srv );
- if ( li.url != NULL ) {
- ber_str2bv_x( save_dn, 0, 1, &op->o_req_dn,
- op->o_tmpmemctx );
- ber_dupbv_x( &op->o_req_ndn, &op->o_req_dn,
- op->o_tmpmemctx );
- }
-
- srv->lud_dn = save_dn;
- ldap_free_urldesc( srv );
-
- if ( li.url == NULL ) {
- /* error */
- rc = 1;
- goto end_of_searchref;
- }
-
-
- /* FIXME: should we also copy filter and scope?
- * according to RFC3296, no */
- tmprc = lback->bi_op_search( op, rs );
-
- ldap_memfree( li.url );
- li.url = NULL;
-
- op->o_tmpfree( op->o_req_dn.bv_val,
- op->o_tmpmemctx );
- op->o_tmpfree( op->o_req_ndn.bv_val,
- op->o_tmpmemctx );
-
- if ( tmprc ) {
- /* error */
- rc = 1;
- goto end_of_searchref;
- }
-
- if ( rs->sr_err != LDAP_SUCCESS ) {
- /* if search was not successful,
- * at least return the referral! */
- /* FIXME: assumes referrals
- * are always created via
- * referral_rewrite() and freed via
- * ber_bvarray_free( rs->sr_ref ) */
- newref = ch_realloc( newref, sizeof( struct berval ) * (refcnt + 2) );
- ber_dupbv( &newref[ refcnt ], &curr[ 0 ] );
- refcnt++;
- BER_BVZERO( &newref[ refcnt ] );
- }
- }
-
-end_of_searchref:;
- op->o_req_dn = odn;
- op->o_req_ndn = ondn;
- rs->sr_type = REP_SEARCHREF;
- rs->sr_entry = NULL;
-
- /* if the error was bad, it was already returned
- * by back-ldap; destroy the referrals left;
- * otherwise, let the frontend return them. */
- if ( newref ) {
- if ( rc == 0 ) {
- rc = SLAP_CB_CONTINUE;
- if ( ref != default_referral ) {
- ber_bvarray_free( ref );
- }
- ref = newref;
-
- } else {
- ber_bvarray_free( newref );
- }
- }
-
- } else {
- rc = lback->bi_op_search( op, rs );
- }
- break;
- case LDAP_REQ_EXTENDED:
- rc = lback->bi_extended( op, rs );
- break;
- default:
- rc = SLAP_CB_CONTINUE;
- break;
- }
- op->o_do_not_cache = cache;
- op->o_ctrls = prev;
- op->o_bd->be_private = private;
- op->o_callback = sc;
- op->o_ndn = ndn;
- if ( ctrls ) {
- op->o_tmpfree( ctrls, op->o_tmpmemctx );
- }
- if ( authzid ) {
- op->o_tmpfree( authzid, op->o_tmpmemctx );
- }
- rs->sr_ref = ref;
- if ( lip->url == NULL && li.url != NULL ) {
- ldap_memfree( li.url );
- }
-
- return rc;
-}
-
-static int
-ldap_chain_config(
- BackendDB *be,
- const char *fname,
- int lineno,
- int argc,
- char **argv
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- char *argv0 = NULL;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- if ( strncasecmp( argv[ 0 ], "chain-", sizeof( "chain-" ) - 1 ) == 0 ) {
- argv0 = argv[ 0 ];
- argv[ 0 ] = &argv[ 0 ][ sizeof( "chain-" ) - 1 ];
- }
- rc = lback->bi_db_config( be, fname, lineno, argc, argv );
- if ( argv0 ) {
- argv[ 0 ] = argv0;
- }
-
- be->be_private = private;
- return rc;
-}
-
-static int
-ldap_chain_init(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = NULL;
- rc = lback->bi_db_init( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
-
- return rc;
-}
-
-static int
-ldap_chain_destroy(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- rc = lback->bi_db_destroy( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
- return rc;
-}
-
-static slap_overinst ldapchain;
-
-int
-chain_init()
-{
- lback = backend_info( "ldap" );
-
- if ( !lback ) {
- return -1;
- }
-
- ldapchain.on_bi.bi_type = "chain";
- ldapchain.on_bi.bi_db_init = ldap_chain_init;
- ldapchain.on_bi.bi_db_config = ldap_chain_config;
- ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
-
- /* ... otherwise the underlying backend's function would be called,
- * likely passing an invalid entry; on the contrary, the requested
- * operational attributes should have been returned while chasing
- * the referrals. This all in all is a bit messy, because part
- * of the operational attributes are generated by they backend;
- * part by the frontend; back-ldap should receive all the available
- * ones from the remote server, but then, on it own, it strips those
- * it assumes will be (re)generated by the frontend (e.g.
- * subschemaSubentry.) */
- ldapchain.on_bi.bi_operational = ldap_chain_operational;
-
- ldapchain.on_response = ldap_chain_response;
-
-
- ldapchain.on_bi.bi_chk_referrals = ldap_chain_chk_referrals;
-
- return overlay_register( &ldapchain );
-}
-
-#if SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC
-int init_module(int argc, char *argv[]) {
- return chain_init();
-}
-#endif /* SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC */
-
-#endif /* SLAPD_OVER_CHAIN */
-
-#endif /* ! defined(SLAPD_LDAP) */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu.
* All rights reserved.
*
/* denyop.c - Denies operations */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Copyright 2003 by Howard Chu.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* lastmod.c - returns last modification info */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Copyright 2003 by Howard Chu.
* All rights reserved.
*
#include "slap.h"
-#if SLAPD_OVER_CHAIN == SLAPD_MOD_STATIC
-extern int chain_init();
-#endif
#if SLAPD_OVER_DENYOP == SLAPD_MOD_STATIC
extern int denyop_init();
#endif
char *name;
int (*func)();
} funcs[] = {
-#if SLAPD_OVER_CHAIN == SLAPD_MOD_STATIC
- { "LDAP Chain Response", chain_init },
-#endif
#if SLAPD_OVER_DENYOP == SLAPD_MOD_STATIC
{ "Deny Operation", denyop_init },
#endif
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* Portions Copyright 2003 Symas Corporation.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Howard Chu, Symas Corporation.
* Portions Copyright 2004 Hewlett-Packard Company.
* All rights reserved.
}
}
/* If password aging is in effect, set the pwdChangedTime */
- if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_isupdate( op )) {
+ if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_shadow_update( op )) {
struct berval timestamp;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
struct tm *ltm;
PassPolicy pp;
Modifications *mods = NULL, *modtail, *ml, *delmod, *addmod;
Attribute *pa, *ha, *ra, at;
- int repl_user = be_isupdate( op );
const char *txt;
pw_hist *tl = NULL, *p;
int zapReset, send_ctrl = 0;
const char *txt;
bv = oldpw.bv_val ? &oldpw : delmod->sml_values;
- rc = slap_passwd_check( op->o_conn, pa, bv, &txt );
+ /* FIXME: no access checking? */
+ rc = slap_passwd_check( op, NULL, pa, bv, &txt );
if (rc != LDAP_SUCCESS) {
Debug( LDAP_DEBUG_TRACE,
"old password check failed: %s\n", txt, 0, 0 );
/*
* Last check - the password history.
*/
- if (slap_passwd_check( op->o_conn, pa, bv, &txt ) == LDAP_SUCCESS) {
+ /* FIXME: no access checking? */
+ if (slap_passwd_check( op, NULL, pa, bv, &txt ) == LDAP_SUCCESS) {
/*
* This is bad - it means that the user is attempting
* to set the password to the same as the old one.
cr[1].bv_val = NULL;
for(p=tl; p; p=p->next) {
cr[0] = p->pw;
- rc = slap_passwd_check( op->o_conn, &at, bv, &txt );
+ /* FIXME: no access checking? */
+ rc = slap_passwd_check( op, NULL, &at, bv, &txt );
if (rc != LDAP_SUCCESS) continue;
}
do_modify:
- if ((pwmod) && (!repl_user)) {
+ if ((pwmod) && (!be_shadow_update( op ))) {
struct berval timestamp;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
struct tm *ltm;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Symas Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Pierangelo Masarati.
* All rights reserved.
*
(struct ldaprwmap *)on->on_bi.bi_private;
struct berval dn = BER_BVNULL,
- *dnp = NULL,
ndn = BER_BVNULL;
int rc = 0;
dncookie dc;
* and the caller sets op->o_req_dn = op->o_req_ndn,
* only rewrite the op->o_req_ndn and use it as
* op->o_req_dn as well */
+ ndn = op->o_req_ndn;
if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
- dnp = &dn;
+ dn = op->o_req_dn;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
}
- rc = rwm_dn_massage( &dc, &op->o_req_dn, dnp, &ndn );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
- if ( ( dnp && dn.bv_val == op->o_req_dn.bv_val ) ||
- ( !dnp && ndn.bv_val == op->o_req_ndn.bv_val ) ) {
+ if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
+ || ndn.bv_val == op->o_req_ndn.bv_val )
+ {
return LDAP_SUCCESS;
}
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
- if ( dnp ) {
+ op->o_req_ndn = ndn;
+ if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn = dn;
} else {
op->o_req_dn = ndn;
}
- op->o_req_ndn = ndn;
return LDAP_SUCCESS;
}
i;
Attribute **ap = NULL;
char *olddn = op->o_req_dn.bv_val;
+ int isupdate;
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "addDN" );
}
/* Count number of attributes in entry */
+ isupdate = be_shadow_update( op );
for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
struct berval mapped;
Attribute *a;
- if ( (*ap)->a_desc->ad_type->sat_no_user_mod ) {
+ if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
goto next_attr;
}
struct ldaprwmap *rwmap =
(struct ldaprwmap *)on->on_bi.bi_private;
+ int isupdate;
Modifications **mlp;
int rc;
return -1;
}
+ isupdate = be_shadow_update( op );
for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
int is_oc = 0;
Modifications *ml;
- if ( (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
+ if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
goto next_mod;
}
dc.tofrom = 0;
dc.normalized = 0;
#endif /* ! ENABLE_REWRITE */
- rc = rwm_dn_massage( &dc, op->orr_newSup, &newSup, &nnewSup );
+ newSup = *op->orr_newSup;
+ nnewSup = *op->orr_nnewSup;
+ rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
dc.normalized = 0;
#endif /* ! ENABLE_REWRITE */
ber_str2bv( rs->sr_matched, 0, 0, &dn );
- rc = rwm_dn_massage( &dc, &dn, &mdn, NULL );
+ mdn = dn;
+ rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = rc;
rs->sr_text = "Rewrite error";
dncookie dc;
int rc;
Attribute **ap;
+ int isupdate;
/*
* Rewrite the dn attrs, if needed
* an error (because multiple instances of attrs in
* response are not valid), or merge the values (what
* about duplicate values?) */
+ isupdate = be_shadow_update( op );
for ( ap = a_first; *ap; ) {
struct ldapmapping *m;
int drop_missing;
goto cleanup_attr;
}
- if ( (*ap)->a_desc->ad_type->sat_no_user_mod
+ if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod
&& (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
{
goto next_attr;
* from the one known to the meta, and a DN with unknown
* attributes is returned.
*/
- rc = rwm_dn_massage( &dc, &e->e_name, &dn, &ndn );
+ dn = e->e_name;
+ ndn = e->e_nname;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
if ( rc != LDAP_SUCCESS ) {
rc = 1;
goto fail;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
#endif /* !ENABLE_REWRITE */
} dncookie;
-int rwm_dn_massage( dncookie *dc, struct berval *in,
- struct berval *dn, struct berval *ndn );
+int rwm_dn_massage( dncookie *dc, struct berval *in, struct berval *dn );
+int rwm_dn_massage_pretty( dncookie *dc, struct berval *in, struct berval *pdn );
+int rwm_dn_massage_normalize( dncookie *dc, struct berval *in, struct berval *ndn );
+int rwm_dn_massage_pretty_normalize( dncookie *dc, struct berval *in, struct berval *pdn, struct berval *ndn );
/* attributeType/objectClass mapping */
int rwm_mapping_cmp (const void *, const void *);
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
/* FIXME: after rewriting, we should also remap attributes ... */
+/*
+ * massages "in" and normalizes it into "ndn"
+ *
+ * "ndn" may be untouched if no massaging occurred and its value was not null
+ */
+int
+rwm_dn_massage_normalize(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *ndn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage and normalize a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( ndn ) ) {
+ return rc;
+ }
+
+ rc = dnNormalize( 0, NULL, NULL, &mdn, ndn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
+/*
+ * massages "in" and prettifies it into "pdn"
+ *
+ * "pdn" may be untouched if no massaging occurred and its value was not null
+ */
+int
+rwm_dn_massage_pretty(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *pdn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage and pretty a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( pdn ) ) {
+ return rc;
+ }
+
+ rc = dnPretty( NULL, &mdn, pdn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
+/*
+ * massages "in" and prettifies and normalizes it into "pdn" and "ndn"
+ *
+ * "pdn" may be untouched if no massaging occurred and its value was not null;
+ * "ndn" may be untouched if no massaging occurred and its value was not null;
+ * if no massage occurred and "ndn" value was not null, it is filled
+ * with the normaized value of "pdn", much like ndn = dnNormalize( pdn )
+ */
+int
+rwm_dn_massage_pretty_normalize(
+ dncookie *dc,
+ struct berval *in,
+ struct berval *pdn,
+ struct berval *ndn )
+{
+ int rc;
+ struct berval mdn = BER_BVNULL;
+
+ /* massage, pretty and normalize a DN */
+ rc = rwm_dn_massage( dc, in, &mdn );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( pdn ) ) {
+ if ( BER_BVISNULL( ndn ) ) {
+ rc = dnNormalize( 0, NULL, NULL, &mdn, ndn, NULL );
+ }
+ return rc;
+ }
+
+ rc = dnPrettyNormal( NULL, &mdn, pdn, ndn, NULL );
+
+ if ( mdn.bv_val != in->bv_val ) {
+ ch_free( mdn.bv_val );
+ }
+
+ return rc;
+}
+
#ifdef ENABLE_REWRITE
+/*
+ * massages "in" into "dn"
+ *
+ * "dn" may contain the value of "in" if no massage occurred
+ */
int
rwm_dn_massage(
dncookie *dc,
struct berval *in,
- struct berval *dn,
- struct berval *ndn
+ struct berval *dn
)
{
int rc = 0;
struct berval mdn;
+ assert( dc );
assert( in );
-
- if ( dn == NULL && ndn == NULL ) {
- return LDAP_OTHER;
- }
+ assert( dn );
rc = rewrite_session( dc->rwmap->rwm_rw, dc->ctx,
( in->bv_len ? in->bv_val : "" ),
dc->conn, &mdn.bv_val );
switch ( rc ) {
case REWRITE_REGEXEC_OK:
- if ( !BER_BVISNULL( &mdn ) ) {
-
+ if ( !BER_BVISNULL( &mdn ) && mdn.bv_val != in->bv_val ) {
mdn.bv_len = strlen( mdn.bv_val );
-
- if ( dn != NULL && ndn != NULL ) {
- rc = dnPrettyNormal( NULL, &mdn, dn, ndn, NULL );
-
- } else if ( dn != NULL ) {
- rc = dnPretty( NULL, &mdn, dn, NULL );
-
- } else if ( ndn != NULL) {
- rc = dnNormalize( 0, NULL, NULL, &mdn, ndn, NULL );
- }
-
- if ( mdn.bv_val != in->bv_val ) {
- ch_free( mdn.bv_val );
- }
-
+ *dn = mdn;
} else {
- /* we assume the input string is already in pretty form,
- * and that the normalized version is already available */
- if ( dn ) {
- *dn = *in;
- if ( ndn ) {
- BER_BVZERO( ndn );
- }
- } else {
- *ndn = *in;
- }
- rc = LDAP_SUCCESS;
+ *dn = *in;
}
+ rc = LDAP_SUCCESS;
Debug( LDAP_DEBUG_ARGS,
"[rw] %s: \"%s\" -> \"%s\"\n",
- dc->ctx, in->bv_val, dn ? dn->bv_val : ndn->bv_val );
+ dc->ctx, in->bv_val, dn->bv_val );
break;
case REWRITE_REGEXEC_UNWILLING:
int
rwm_dn_massage(
dncookie *dc,
- struct berval *tmpin,
- struct berval *dn,
- struct berval *ndn
+ struct berval *in,
+ struct berval *dn
)
{
int i, src, dst;
- struct berval pretty = BER_BVNULL,
- normal = BER_BVNULL,
- *in = tmpin;
+ struct berval tmpin;
- if ( dn == NULL && ndn == NULL ) {
- return LDAP_OTHER;
- }
+ assert( dc );
+ assert( in );
+ assert( dn );
- if ( in == NULL || BER_BVISNULL( in ) ) {
- if ( dn ) {
- BER_BVZERO( dn );
- }
- if ( ndn ) {
- BER_BVZERO( ndn );
- }
+ BER_BVZERO( dn );
+
+ if ( BER_BVISNULL( in ) ) {
return LDAP_SUCCESS;
}
if ( dc->rwmap == NULL || dc->rwmap->rwm_suffix_massage == NULL ) {
- if ( dn ) {
- *dn = *in;
- if ( ndn ) {
- BER_BVZERO( ndn );
- }
- } else {
- *ndn = *in;
- }
+ *dn = *in;
return LDAP_SUCCESS;
}
src = 0 + dc->normalized;
dst = 2 + dc->normalized;
+ tmpin = *in;
+
} else {
int rc;
/* DN from remote server may be in arbitrary form.
* Pretty it so we can parse reliably.
*/
- if ( dc->normalized && dn == NULL ) {
- rc = dnNormalize( 0, NULL, NULL, in, &normal, NULL );
-
- } else if ( !dc->normalized && ndn == NULL ) {
- rc = dnPretty( NULL, in, &pretty, NULL );
+ if ( dc->normalized ) {
+ rc = dnNormalize( 0, NULL, NULL, in, &tmpin, NULL );
} else {
- rc = dnPrettyNormal( NULL, in, &pretty, &normal, NULL );
+ rc = dnPretty( NULL, in, &tmpin, NULL );
}
if ( rc != LDAP_SUCCESS ) {
return rc;
}
-
- if ( dc->normalized && !BER_BVISNULL( &normal ) ) {
- in = &normal;
-
- } else if ( !dc->normalized && !BER_BVISNULL( &pretty ) ) {
- in = &pretty;
- }
}
for ( i = 0;
- dc->rwmap->rwm_suffix_massage[i].bv_val != NULL;
- i += 4 ) {
+ !BER_BVISNULL( &dc->rwmap->rwm_suffix_massage[i] );
+ i += 4 )
+ {
int aliasLength = dc->rwmap->rwm_suffix_massage[i+src].bv_len;
- int diff = in->bv_len - aliasLength;
+ int diff = tmpin.bv_len - aliasLength;
if ( diff < 0 ) {
/* alias is longer than dn */
continue;
- } else if ( diff > 0 && ( !DN_SEPARATOR(in->bv_val[diff-1]))) {
+ } else if ( diff > 0 && ( !DN_SEPARATOR(tmpin.bv_val[diff-1])))
+ {
/* FIXME: DN_SEPARATOR() is intended to work
* on a normalized/pretty DN, so that ';'
* is never used as a DN separator */
/* At a DN Separator */
}
- if ( !strcmp( dc->rwmap->rwm_suffix_massage[i+src].bv_val, &in->bv_val[diff] ) ) {
- struct berval *out;
-
- if ( dn ) {
- out = dn;
- } else {
- out = ndn;
- }
- out->bv_len = diff + dc->rwmap->rwm_suffix_massage[i+dst].bv_len;
- out->bv_val = ch_malloc( out->bv_len + 1 );
- strncpy( out->bv_val, in->bv_val, diff );
- strcpy( &out->bv_val[diff], dc->rwmap->rwm_suffix_massage[i+dst].bv_val );
+ if ( !strcmp( dc->rwmap->rwm_suffix_massage[i+src].bv_val,
+ &tmpin.bv_val[diff] ) )
+ {
+ dn->bv_len = diff + dc->rwmap->rwm_suffix_massage[i+dst].bv_len;
+ dn->bv_val = ch_malloc( dn->bv_len + 1 );
+ strncpy( dn->bv_val, tmpin.bv_val, diff );
+ strcpy( &dn->bv_val[diff], dc->rwmap->rwm_suffix_massage[i+dst].bv_val );
Debug( LDAP_DEBUG_ARGS,
"rwm_dn_massage:"
" converted \"%s\" to \"%s\"\n",
- in->bv_val, out->bv_val, 0 );
- if ( dn && ndn ) {
- rc = dnNormalize( 0, NULL, NULL, dn, ndn, NULL );
- }
+ in->bv_val, dn->bv_val, 0 );
break;
}
}
- if ( !BER_BVISNULL( &pretty ) ) {
- ch_free( pretty.bv_val );
- }
-
- if ( !BER_BVISNULL( &normal ) ) {
- ch_free( normal.bv_val );
+ if ( tmpin.bv_val != in->bv_val ) {
+ ch_free( tmpin.bv_val );
}
- in = tmpin;
-
/* Nothing matched, just return the original DN */
- if ( dc->normalized && BER_BVISNULL( ndn ) ) {
- *ndn = *in;
-
- } else if ( !dc->normalized && BER_BVISNULL( dn ) ) {
+ if ( BER_BVISNULL( dn ) ) {
*dn = *in;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
struct berval *mapped_value,
int remap )
{
- struct berval vtmp;
+ struct berval vtmp = BER_BVNULL;
int freeval = 0;
rwm_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
fdc.ctx = "searchFilterAttrDN";
#endif /* ENABLE_REWRITE */
- rc = rwm_dn_massage( &fdc, value, NULL, &vtmp );
+ vtmp = *value;
+ rc = rwm_dn_massage_normalize( &fdc, value, &vtmp );
switch ( rc ) {
case LDAP_SUCCESS:
if ( vtmp.bv_val != value->bv_val ) {
int i, last;
dncookie dc;
- struct berval dn, ndn, *ndnp = NULL;
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
assert( a_vals );
dc.normalized = 0;
#endif /* ! ENABLE_REWRITE */
- for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
+ for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
+ ;
+ last--;
+
if ( pa_nvals != NULL ) {
- ndnp = &ndn;
-
if ( *pa_nvals == NULL ) {
- *pa_nvals = ch_malloc( last * sizeof(struct berval) );
- memset( *pa_nvals, 0, last * sizeof(struct berval) );
+ *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) );
+ memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) );
}
}
- last--;
for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
struct berval olddn, oldval;
}
continue;
}
+
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
- rc = rwm_dn_massage( &dc, &olddn, &dn, ndnp );
+ dn = olddn;
+ if ( pa_nvals ) {
+ ndn = olddn;
+ rc = rwm_dn_massage_pretty_normalize( &dc, &olddn,
+ &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_pretty( &dc, &olddn, &dn );
+ }
+
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
ludp->lud_dn = dn.bv_val;
newurl = ldap_url_desc2str( ludp );
+ ludp->lud_dn = olddn.bv_val;
+ ch_free( dn.bv_val );
if ( newurl == NULL ) {
/* FIXME: leave attr untouched
- * even if ldap_url_desc2str failed... */
+ * even if ldap_url_desc2str failed...
+ */
break;
}
if ( pa_nvals ) {
ludp->lud_dn = ndn.bv_val;
newurl = ldap_url_desc2str( ludp );
+ ludp->lud_dn = olddn.bv_val;
+ ch_free( ndn.bv_val );
if ( newurl == NULL ) {
/* FIXME: leave attr untouched
- * even if ldap_url_desc2str failed... */
+ * even if ldap_url_desc2str failed...
+ */
ch_free( a_vals[i].bv_val );
a_vals[i] = oldval;
break;
int i, last;
dncookie dc;
- struct berval dn, *dnp = NULL, ndn, *ndnp = NULL;
+ struct berval dn = BER_BVNULL,
+ ndn = BER_BVNULL;
BerVarray in;
if ( a_vals ) {
in = a_vals;
- dnp = &dn;
} else {
if ( pa_nvals == NULL || *pa_nvals == NULL ) {
#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );
+ last--;
if ( pa_nvals != NULL ) {
- ndnp = &ndn;
-
if ( *pa_nvals == NULL ) {
- *pa_nvals = ch_malloc( last * sizeof(struct berval) );
- memset( *pa_nvals, 0, last * sizeof(struct berval) );
+ *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) );
+ memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) );
}
}
- last--;
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
int rc;
- rc = rwm_dn_massage( &dc, &in[i], dnp, ndnp );
+ if ( a_vals ) {
+ dn = in[i];
+ if ( pa_nvals ) {
+ ndn = (*pa_nvals)[i];
+ rc = rwm_dn_massage_pretty_normalize( &dc, &in[i], &dn, &ndn );
+ } else {
+ rc = rwm_dn_massage_pretty( &dc, &in[i], &dn );
+ }
+ } else {
+ ndn = in[i];
+ rc = rwm_dn_massage_normalize( &dc, &in[i], &ndn );
+ }
+
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
}
} else {
- assert( ndnp != NULL );
-
if ( !BER_BVISNULL( &ndn ) && ndn.bv_val != (*pa_nvals)[i].bv_val ) {
ch_free( (*pa_nvals)[i].bv_val );
(*pa_nvals)[i] = ndn;
continue;
}
+ /* FIXME: URLs like "ldap:///dc=suffix" if passed
+ * thru ldap_url_parse() and ldap_url_desc2str()
+ * get rewritten as "ldap:///dc=suffix??base";
+ * we don't want this to occur... */
+ if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
+ ludp->lud_scope = LDAP_SCOPE_DEFAULT;
+ }
+
ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
-
- rc = rwm_dn_massage( dc, &olddn, &dn, NULL );
+
+ dn = olddn;
+ rc = rwm_dn_massage_pretty( dc, &olddn, &dn );
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
newurl = ldap_url_desc2str( ludp );
if ( newurl == NULL ) {
/* FIXME: leave attr untouched
- * even if ldap_url_desc2str failed... */
+ * even if ldap_url_desc2str failed...
+ */
break;
}
struct berval dn;
int rc;
- rc = rwm_dn_massage( dc, &a_vals[i], &dn, NULL );
+ dn = a_vals[i];
+ rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn );
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
/* seqmod.c - sequenced modifies */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* syncprov.c - syncrepl provider */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
struct berval s_base; /* ndn of search base */
ID s_eid; /* entryID of search base */
Operation *s_op; /* search op */
- int s_sid;
int s_rid;
struct berval s_filterstr;
int s_flags; /* search status */
#define SLAP_SYNC_REFRESH_AND_PERSIST (LDAP_SYNC_REFRESH_AND_PERSIST<<SLAP_CONTROL_SHIFT)
#define PS_IS_REFRESHING 0x01
+#define PS_IS_DETACHED 0x02
/* Record of which searches matched at premodify step */
typedef struct syncmatches {
} slog_entry;
typedef struct sessionlog {
- struct sessionlog *sl_next;
- int sl_sid;
struct berval sl_mincsn;
int sl_num;
int sl_size;
Attribute *a = attr_find( rs->sr_entry->e_attrs,
slap_schema.si_ad_entryCSN );
- if ( a && ber_bvcmp( &a->a_vals[0], maxcsn )) {
+ if ( a && ber_bvcmp( &a->a_vals[0], maxcsn ) > 0 ) {
maxcsn->bv_len = a->a_vals[0].bv_len;
strcpy( maxcsn->bv_val, a->a_vals[0].bv_val );
}
AttributeAssertion eq;
int i, rc = LDAP_SUCCESS;
fpres_cookie pcookie;
- sync_control *srs;
+ sync_control *srs = NULL;
if ( mode != FIND_MAXCSN ) {
srs = op->o_controls[slap_cids.sc_LDAPsync];
- if ( srs->sr_state.ctxcsn->bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
+ if ( srs->sr_state.ctxcsn.bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
return LDAP_OTHER;
}
}
fop.ors_slimit = SLAP_NO_LIMIT;
cb.sc_private = &maxcsn;
cb.sc_response = findmax_cb;
+ strcpy( cbuf, si->si_ctxcsn.bv_val );
maxcsn.bv_val = cbuf;
- maxcsn.bv_len = 0;
+ maxcsn.bv_len = si->si_ctxcsn.bv_len;
break;
case FIND_CSN:
cf.f_choice = LDAP_FILTER_LE;
- cf.f_av_value = *srs->sr_state.ctxcsn;
+ cf.f_av_value = srs->sr_state.ctxcsn;
fbuf.bv_len = sprintf( buf, "(entryCSN<=%s)",
cf.f_av_value.bv_val );
fop.ors_attrsonly = 1;
af.f_next = NULL;
af.f_and = &cf;
cf.f_choice = LDAP_FILTER_LE;
- cf.f_av_value = *srs->sr_state.ctxcsn;
+ cf.f_av_value = srs->sr_state.ctxcsn;
cf.f_next = op->ors_filter;
fop.ors_filter = ⁡
filter2bv_x( &fop, fop.ors_filter, &fop.ors_filterstr );
switch( mode ) {
case FIND_MAXCSN:
- if ( maxcsn.bv_len ) {
- strcpy( si->si_ctxcsnbuf, maxcsn.bv_val );
- si->si_ctxcsn.bv_len = maxcsn.bv_len;
- }
+ strcpy( si->si_ctxcsnbuf, maxcsn.bv_val );
+ si->si_ctxcsn.bv_len = maxcsn.bv_len;
break;
case FIND_CSN:
/* If matching CSN was not found, invalidate the context. */
}
ctrls[1] = NULL;
- slap_compose_sync_cookie( op, &cookie, &opc->sctxcsn,
- so->s_sid, so->s_rid );
+ slap_compose_sync_cookie( op, &cookie, &opc->sctxcsn, so->s_rid );
e_uuid.e_attrs = &a_uuid;
a_uuid.a_desc = slap_schema.si_ad_entryUUID;
return;
}
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
- filter_free( so->s_op->ors_filter );
- for ( ga = so->s_op->o_groups; ga; ga=gnext ) {
- gnext = ga->ga_next;
- ch_free( ga );
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ filter_free( so->s_op->ors_filter );
+ for ( ga = so->s_op->o_groups; ga; ga=gnext ) {
+ gnext = ga->ga_next;
+ ch_free( ga );
+ }
+ ch_free( so->s_op );
}
- ch_free( so->s_op );
ch_free( so->s_base.bv_val );
for ( sr=so->s_res; sr; sr=srnext ) {
srnext = sr->s_next;
static int
syncprov_drop_psearch( syncops *so, int lock )
{
- if ( lock )
- ldap_pvt_thread_mutex_lock( &so->s_op->o_conn->c_mutex );
- so->s_op->o_conn->c_n_ops_executing--;
- so->s_op->o_conn->c_n_ops_completed++;
- LDAP_STAILQ_REMOVE( &so->s_op->o_conn->c_ops, so->s_op, slap_op,
- o_next );
- if ( lock )
- ldap_pvt_thread_mutex_unlock( &so->s_op->o_conn->c_mutex );
+ if ( so->s_flags & PS_IS_DETACHED ) {
+ if ( lock )
+ ldap_pvt_thread_mutex_lock( &so->s_op->o_conn->c_mutex );
+ so->s_op->o_conn->c_n_ops_executing--;
+ so->s_op->o_conn->c_n_ops_completed++;
+ LDAP_STAILQ_REMOVE( &so->s_op->o_conn->c_ops, so->s_op, slap_op,
+ o_next );
+ if ( lock )
+ ldap_pvt_thread_mutex_unlock( &so->s_op->o_conn->c_mutex );
+ }
syncprov_free_syncop( so );
+
+ return 0;
}
static int
rs->sr_err = LDAP_CANCELLED;
send_ldap_result( so->s_op, rs );
}
- /* Our cloned searches have no ctrls set.
- * we don't want to muck with real search ops
- * from the frontend.
- */
- if ( ! so->s_op->o_sync )
- syncprov_drop_psearch( so, 0 );
+ syncprov_drop_psearch( so, 0 );
}
return SLAP_CB_CONTINUE;
}
e = op->ora_e;
}
- /* Never replicate these */
- if ( is_entry_syncConsumerSubentry( e )) {
- goto done;
- }
if ( saveit ) {
ber_dupbv_x( &opc->sdn, &e->e_name, op->o_tmpmemctx );
ber_dupbv_x( &opc->sndn, &e->e_nname, op->o_tmpmemctx );
op->o_tmpfree( opc->sdn.bv_val, op->o_tmpmemctx );
op->o_callback = cb->sc_next;
op->o_tmpfree(cb, op->o_tmpmemctx);
+
+ return 0;
}
static void
sessionlog *sl;
slog_entry *se;
- for ( sl = si->si_logs; sl; sl=sl->sl_next ) {
+ sl = si->si_logs;
+ {
/* Allocate a record. UUIDs are not NUL-terminated. */
se = ch_malloc( sizeof( slog_entry ) + opc->suuid.bv_len +
csn->bv_len + 1 );
}
}
+ /* Don't do any processing for consumer contextCSN updates */
+ if ( SLAP_SYNC_SHADOW( op->o_bd ) &&
+ op->o_msgid == SLAP_SYNC_UPDATE_MSGID ) {
+ ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+ return SLAP_CB_CONTINUE;
+ }
+
si->si_numops++;
if ( si->si_chkops || si->si_chktime ) {
int do_check=0;
op->o_conn->c_n_ops_executing++;
op->o_conn->c_n_ops_completed--;
LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op2, o_next );
+ so->s_flags |= PS_IS_DETACHED;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
Debug( LDAP_DEBUG_ANY, "bogus referral in context\n",0,0,0 );
return SLAP_CB_CONTINUE;
}
- if ( srs->sr_state.ctxcsn ) {
+ if ( !BER_BVISNULL( &srs->sr_state.ctxcsn )) {
Attribute *a = attr_find( rs->sr_entry->e_attrs,
slap_schema.si_ad_entryCSN );
+
/* Don't send the ctx entry twice */
- if ( bvmatch( &a->a_nvals[0], srs->sr_state.ctxcsn ))
+ if ( a && bvmatch( &a->a_nvals[0], &srs->sr_state.ctxcsn ) )
return LDAP_SUCCESS;
}
rs->sr_ctrls = op->o_tmpalloc( sizeof(LDAPControl *)*2,
slap_compose_sync_cookie( op, &cookie,
&op->ors_filter->f_and->f_ava->aa_value,
- srs->sr_state.sid, srs->sr_state.rid );
+ srs->sr_state.rid );
/* Is this a regular refresh? */
if ( !ss->ss_so ) {
sop = ch_malloc( sizeof( syncops ));
*sop = so;
ldap_pvt_thread_mutex_init( &sop->s_mutex );
- sop->s_sid = srs->sr_state.sid;
sop->s_rid = srs->sr_state.rid;
sop->s_inuse = 1;
ctxcsn.bv_val = csnbuf;
/* If we have a cookie, handle the PRESENT lookups */
- if ( srs->sr_state.ctxcsn ) {
+ if ( !BER_BVISNULL( &srs->sr_state.ctxcsn )) {
sessionlog *sl;
/* The cookie was validated when it was parsed, just use it */
/* If just Refreshing and nothing has changed, shortcut it */
- if ( bvmatch( srs->sr_state.ctxcsn, &ctxcsn )) {
+ if ( bvmatch( &srs->sr_state.ctxcsn, &ctxcsn )) {
nochange = 1;
if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
LDAPControl *ctrls[2];
goto shortcut;
}
/* Do we have a sessionlog for this search? */
- for ( sl=si->si_logs; sl; sl=sl->sl_next )
- if ( sl->sl_sid == srs->sr_state.sid ) break;
+ sl=si->si_logs;
if ( sl ) {
ldap_pvt_thread_mutex_lock( &sl->sl_mutex );
- if ( ber_bvcmp( srs->sr_state.ctxcsn, &sl->sl_mincsn ) >= 0 ) {
+ if ( ber_bvcmp( &srs->sr_state.ctxcsn, &sl->sl_mincsn ) >= 0 ) {
do_present = 0;
/* mutex is unlocked in playlog */
- syncprov_playlog( op, rs, sl, srs->sr_state.ctxcsn, &ctxcsn );
+ syncprov_playlog( op, rs, sl, &srs->sr_state.ctxcsn, &ctxcsn );
} else {
ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
}
fava->f_choice = LDAP_FILTER_GE;
fava->f_ava = op->o_tmpalloc( sizeof(AttributeAssertion), op->o_tmpmemctx );
fava->f_ava->aa_desc = slap_schema.si_ad_entryCSN;
- ber_dupbv_x( &fava->f_ava->aa_value, srs->sr_state.ctxcsn, op->o_tmpmemctx );
+ ber_dupbv_x( &fava->f_ava->aa_value, &srs->sr_state.ctxcsn, op->o_tmpmemctx );
}
fava->f_next = op->ors_filter;
op->ors_filter = fand;
} else if ( strcasecmp( argv[0], "syncprov-sessionlog" ) == 0 ) {
sessionlog *sl;
- int sid, size;
- if ( argc != 3 ) {
+ int size;
+ if ( argc != 2 ) {
fprintf( stderr, "%s: line %d: wrong number of arguments in "
- "\"syncprov-sessionlog <sid> <size>\"\n", fname, lineno );
+ "\"syncprov-sessionlog <size>\"\n", fname, lineno );
return -1;
}
- sid = atoi( argv[1] );
- if ( sid < 0 || sid > 999 ) {
- fprintf( stderr,
- "%s: line %d: session log id %d is out of range [0..999]\n",
- fname, lineno, sid );
- return -1;
- }
- size = atoi( argv[2] );
+ size = atoi( argv[1] );
if ( size < 0 ) {
fprintf( stderr,
"%s: line %d: session log size %d is negative\n",
fname, lineno, size );
return -1;
}
- for ( sl = si->si_logs; sl; sl=sl->sl_next ) {
- if ( sl->sl_sid == sid ) {
- sl->sl_size = size;
- break;
- }
- }
+ sl = si->si_logs;
if ( !sl ) {
sl = ch_malloc( sizeof( sessionlog ) + LDAP_LUTIL_CSNSTR_BUFSIZE );
sl->sl_mincsn.bv_val = (char *)(sl+1);
sl->sl_mincsn.bv_len = 0;
- sl->sl_sid = sid;
- sl->sl_size = size;
sl->sl_num = 0;
sl->sl_head = sl->sl_tail = NULL;
- sl->sl_next = si->si_logs;
ldap_pvt_thread_mutex_init( &sl->sl_mutex );
si->si_logs = sl;
}
+ sl->sl_size = size;
return 0;
}
sr = op->o_tmpcalloc( 1, sizeof(struct sync_control), op->o_tmpmemctx );
sr->sr_rhint = rhint;
if (!BER_BVISNULL(&cookie)) {
- ber_bvarray_add( &sr->sr_state.octet_str, &cookie );
+ ber_dupbv( &sr->sr_state.octet_str, &cookie );
slap_parse_sync_cookie( &sr->sr_state );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Symas Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
goto error_return;
}
+ /* check for referrals */
+ if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
+ rc = rs->sr_err;
+ goto error_return;
+ }
#ifndef SLAPD_MULTIMASTER
/* This does not apply to multi-master case */
return bv;
}
+/*
+ * if "e" is provided, access to each value of the password is checked first
+ */
int
slap_passwd_check(
- Connection *conn,
- Attribute *a,
- struct berval *cred,
- const char **text )
+ Operation *op,
+ Entry *e,
+ Attribute *a,
+ struct berval *cred,
+ const char **text )
{
- int result = 1;
- struct berval *bv;
+ int result = 1;
+ struct berval *bv;
+ AccessControlState acl_state = ACL_STATE_INIT;
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
ldap_pvt_thread_mutex_lock( &passwd_mutex );
#ifdef SLAPD_SPASSWD
- lutil_passwd_sasl_conn = conn->c_sasl_authctx;
+ lutil_passwd_sasl_conn = op->o_conn->c_sasl_authctx;
#endif
#endif
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
- if( !lutil_passwd( bv, cred, NULL, text ) ) {
+ /* if e is provided, check access */
+ if ( e && access_allowed( op, e, a->a_desc, bv,
+ ACL_AUTH, &acl_state ) == 0 )
+ {
+ continue;
+ }
+
+ if ( !lutil_passwd( bv, cred, NULL, text ) ) {
result = 0;
break;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
LDAP_SLAPD_F (int) be_isroot LDAP_P(( Operation *op ));
LDAP_SLAPD_F (int) be_isroot_dn LDAP_P(( Backend *be, struct berval *ndn ));
LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Operation *op ));
-LDAP_SLAPD_F (int) be_sync_update LDAP_P(( Operation *op ));
LDAP_SLAPD_F (int) be_slurp_update LDAP_P(( Operation *op ));
#define be_isupdate( op ) be_slurp_update( (op) )
LDAP_SLAPD_F (int) be_shadow_update LDAP_P(( Operation *op ));
SlapReply *rs
));
+LDAP_SLAPD_V(BackendInfo) slap_binfo[];
+
/*
* backglue.c
*/
* ldapsync.c
*/
LDAP_SLAPD_F (void) slap_compose_sync_cookie LDAP_P((
- Operation *, struct berval *, struct berval *, int, int ));
+ Operation *, struct berval *, struct berval *, int ));
LDAP_SLAPD_F (void) slap_sync_cookie_free LDAP_P((
struct sync_cookie *, int free_cookie ));
LDAP_SLAPD_F (int) slap_parse_sync_cookie LDAP_P((
LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) passwd_extop;
LDAP_SLAPD_F (int) slap_passwd_check(
- Connection *conn,
- Attribute *attr,
+ Operation *op,
+ Entry *e,
+ Attribute *a,
struct berval *cred,
- const char **text );
+ const char **text );
LDAP_SLAPD_F (void) slap_passwd_generate( struct berval * );
LDAP_SLAPD_F (void) slap_passwd_hash_type(
struct berval *cred,
struct berval *hash,
- char *htype,
+ char *htype,
const char **text );
LDAP_SLAPD_F (struct berval *) slap_passwd_return(
struct berval *cred );
LDAP_SLAPD_F (int) slap_passwd_parse(
- struct berval *reqdata,
- struct berval *id,
- struct berval *oldpass,
- struct berval *newpass,
- const char **text );
+ struct berval *reqdata,
+ struct berval *id,
+ struct berval *oldpass,
+ struct berval *newpass,
+ const char **text );
/*
* phonetic.c
struct berval *, struct berval * ));
LDAP_SLAPD_F (struct berval *) slap_uuidstr_from_normalized LDAP_P((
struct berval *, struct berval *, void * ));
-LDAP_SLAPD_F (int) syncrepl_isupdate LDAP_P(( Operation * ));
-LDAP_SLAPD_F (int) syncrepl_isupdate_dn LDAP_P(( Backend *, struct berval * ));
LDAP_SLAPD_F (void) syncinfo_free LDAP_P(( syncinfo_t * ));
/* syntax.c */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
struct berval *target,
int scope )
{
- int i;
- BerVarray refs;
- struct berval *iv, *jv;
+ int i;
+ BerVarray refs;
+ struct berval *iv, *jv;
- if( in == NULL ) return NULL;
+ if ( in == NULL ) {
+ return NULL;
+ }
- for( i=0; in[i].bv_val != NULL ; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
/* just count them */
}
- if( i < 1 ) return NULL;
+ if ( i < 1 ) {
+ return NULL;
+ }
- refs = SLAP_MALLOC( (i+1) * sizeof( struct berval ) );
- if( refs == NULL ) {
+ refs = SLAP_MALLOC( ( i + 1 ) * sizeof( struct berval ) );
+ if ( refs == NULL ) {
Debug( LDAP_DEBUG_ANY,
"referral_rewrite: SLAP_MALLOC failed\n", 0, 0, 0 );
return NULL;
}
- for( iv=in,jv=refs; iv->bv_val != NULL ; iv++ ) {
- LDAPURLDesc *url;
- int rc = ldap_url_parse_ext( iv->bv_val, &url );
-
- if( rc == LDAP_URL_ERR_BADSCHEME ) {
+ for ( iv = in, jv = refs; !BER_BVISNULL( iv ); iv++ ) {
+ LDAPURLDesc *url;
+ char *dn;
+ int rc;
+
+ rc = ldap_url_parse_ext( iv->bv_val, &url );
+ if ( rc == LDAP_URL_ERR_BADSCHEME ) {
ber_dupbv( jv++, iv );
continue;
- } else if( rc != LDAP_URL_SUCCESS ) {
+ } else if ( rc != LDAP_URL_SUCCESS ) {
continue;
}
- {
- char *dn = url->lud_dn;
- url->lud_dn = referral_dn_muck(
- ( dn && *dn ) ? dn : NULL,
+ dn = url->lud_dn;
+ url->lud_dn = referral_dn_muck( ( dn && *dn ) ? dn : NULL,
base, target );
+ ldap_memfree( dn );
- ldap_memfree( dn );
- }
-
- if( url->lud_scope == LDAP_SCOPE_DEFAULT ) {
+ if ( url->lud_scope == LDAP_SCOPE_DEFAULT ) {
url->lud_scope = scope;
}
jv->bv_val = ldap_url_desc2str( url );
- jv->bv_len = strlen( jv->bv_val );
+ if ( jv->bv_val != NULL ) {
+ jv->bv_len = strlen( jv->bv_val );
- ldap_free_urldesc( url );
+ } else {
+ ber_dupbv( jv, iv );
+ }
jv++;
+
+ ldap_free_urldesc( url );
}
- if( jv == refs ) {
+ if ( jv == refs ) {
ch_free( refs );
refs = NULL;
} else {
- jv->bv_val = NULL;
+ BER_BVZERO( jv );
}
return refs;
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */
BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS),/* Language Range Options */
-
-#ifdef LDAP_DEVEL
+#ifdef LDAP_FEATURE_SUBORDINATE_SCOPE
BER_BVC(LDAP_FEATURE_SUBORDINATE_SCOPE), /* "children" search scope */
+#endif
+#ifdef LDAP_FEATURE_MODIFY_INCREMENT
BER_BVC(LDAP_FEATURE_MODIFY_INCREMENT), /* Modify/increment */
#endif
{0,NULL}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
* All rights reserved.
*
if ( !BER_BVISNULL( out ) ) {
char *val = out->bv_val;
ber_str2bv_x( val, 0, 1, out, ctx );
- free( val );
+ if ( val != in->bv_val ) {
+ free( val );
+ }
} else {
ber_dupbv_x( out, in, ctx );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
File Description
---- -----------
collective.schema Collective attributes (experimental)
-corba.schema Corba Object (RFC 2714)
+corba.schema Corba Object
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot
-duaconf.schema Client Configuration (experimental)
+dyngroup.schema Dynamic Group (experimental)
inetorgperson.schema InetOrgPerson
-java.schema Java Object (RFC 2713)
+java.schema Java Object
misc.schema Miscellaneous Schema (experimental)
nis.schema Network Information Service
openldap.schema OpenLDAP Project (FYI)
-ppolicy.schema Password Policy Schema (experimental)
+ppolicy.schema Password Policy Schema (work in progress)
Additional "generally useful" schema definitions can be submitted
using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
This notice applies to all files in this directory.
-Copyright 1998-2004 The OpenLDAP Foundation, Redwood City, California, USA
+Copyright 1998-2005 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms, with or without
+++ /dev/null
-# collective.schema -- Collective attribute schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2004 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (2003). All Rights Reserved.
-## Please see full copyright statement below.
-
-# From draft-zeilenga-ldap-collective-xx.txt [portions trimmed]:
-# Collective Attributes in LDAP
-
-#Abstract
-#
-# X.500 collective attributes allow common characteristics to be shared
-# between collections of entries. This document summarizes the X.500
-# information model for collective attributes and describes use of
-# collective attributes in LDAP (Lightweight Directory Access Protocol).
-# This document provides schema definitions for collective attributes
-# for use in LDAP.
-
-#3. Collective Attribute Types
-#
-# A userApplications attribute type can be defined to be COLLECTIVE
-# [RFC2252]. This indicates that the same attribute values will appear
-# in the entries of an entry collection subject to the use of the
-# collectiveExclusions attribute and other administrative controls.
-#
-# Collective attribute types are commonly defined as subtypes of non-
-# collective attribute types. By convention, collective attributes are
-# named by prefixing the name of their non-collective supertype with
-# "c-". For example, the collective telephone attribute is named
-# c-TelephoneNumber after its non-collective supertype telephoneNumber.
-#
-# Non-collective attributes types SHALL NOT subtype collective
-# attributes.
-#
-# Collective attributes SHALL NOT be SINGLE-VALUED. Collective
-# attribute types SHALL NOT appear in the attribute types of an object
-# class definition.
-#
-# Operational attributes SHALL NOT be defined to be collective.
-#
-# The remainder of section provides a summary of collective attributes
-# derived from those defined in [X.520]. Implementations of this
-# specification SHOULD support the following collective attributes and
-# MAY support additional collective attributes.
-#
-#
-#3.1. Collective Locality Name
-#
-# The c-l attribute type specifies a locality name for a collection of
-# entries.
-#
-attributeType ( 2.5.4.7.1 NAME 'c-l'
- SUP l COLLECTIVE )
-#
-#
-#3.2. Collective State or Province Name
-#
-# The c-st attribute type specifies a state or province name for a
-# collection of entries.
-#
-attributeType ( 2.5.4.8.1 NAME 'c-st'
- SUP st COLLECTIVE )
-#
-#
-#3.3. Collective Street Address
-#
-# The c-street attribute type specifies a street address for a
-# collection of entries.
-#
-attributeType ( 2.5.4.9.1 NAME 'c-street'
- SUP street COLLECTIVE )
-#
-#
-#3.4. Collective Organization Name
-#
-# The c-o attribute type specifies an organization name for a collection
-# of entries.
-#
-attributeType ( 2.5.4.10.1 NAME 'c-o'
- SUP o COLLECTIVE )
-#
-#
-#3.5. Collective Organizational Unit Name
-#
-# The c-ou attribute type specifies an organizational unit name for a
-# collection of entries.
-#
-attributeType ( 2.5.4.11.1 NAME 'c-ou'
- SUP ou COLLECTIVE )
-#
-#
-#3.6. Collective Postal Address
-#
-# The c-PostalAddress attribute type specifies a postal address for a
-# collection of entries.
-#
-attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
- SUP postalAddress COLLECTIVE )
-#
-#
-#3.7. Collective Postal Code
-#
-# The c-PostalCode attribute type specifies a postal code for a
-# collection of entries.
-#
-attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
- SUP postalCode COLLECTIVE )
-#
-#
-#3.8. Collective Post Office Box
-#
-# The c-PostOfficeBox attribute type specifies a post office box for a
-# collection of entries.
-#
-attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
- SUP postOfficeBox COLLECTIVE )
-#
-#
-#3.9. Collective Physical Delivery Office Name
-#
-# The c-PhysicalDeliveryOfficeName attribute type specifies a physical
-# delivery office name for a collection of entries.
-#
-attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
- SUP physicalDeliveryOfficeName COLLECTIVE )
-#
-#
-#3.10. Collective Telephone Number
-#
-# The c-TelephoneNumber attribute type specifies a telephone number for
-# a collection of entries.
-#
-attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
- SUP telephoneNumber COLLECTIVE )
-#
-#
-#3.11. Collective Telex Number
-#
-# The c-TelexNumber attribute type specifies a telex number for a
-# collection of entries.
-#
-attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
- SUP telexNumber COLLECTIVE )
-#
-#
-#3.13. Collective Facsimile Telephone Number
-#
-# The c-FacsimileTelephoneNumber attribute type specifies a facsimile
-# telephone number for a collection of entries.
-#
-attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
- SUP facsimileTelephoneNumber COLLECTIVE )
-#
-#
-#3.14. Collective International ISDN Number
-#
-# The c-InternationalISDNNumber attribute type specifies an
-# international ISDN number for a collection of entries.
-#
-attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
- SUP internationalISDNNumber COLLECTIVE )
-
-# Full Copyright
-#
-# Copyright (C) The Internet Society (2003). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished
-# to others, and derivative works that comment on or otherwise explain
-# it or assist in its implmentation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph
-# are included on all such copies and derivative works. However,
-# this document itself may not be modified in any way, such as by
-# removing the copyright notice or references to the Internet Society
-# or other Internet organizations, except as needed for the purpose
-# of developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be followed,
-# or as required to translate it into languages other than English.
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
-## Portions Copyright (C) The Internet Society (1999). All Rights Reserved.
+## Portions Copyright (C) The Internet Society (1999).
## Please see full copyright statement below.
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-# Obsoleted by enhancedSearchGuide
+# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
- DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: name of DMD'
SUP name )
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
# Standard object classes from RFC2256
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
- DESC 'RFC2459: legacy attribute for email addresses in DNs'
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# uTCTimeSyntax
# ::= {pilotAttributeType 23}
#
-## OBSOLETE
+## Deprecated in favor of modifyTimeStamp
#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
# OBSOLETE
# distinguishedNameSyntax
# ::= {pilotAttributeType 24}
#
-## OBSOLETE
+## Deprecated in favor of modifiersName
#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
# DESC 'RFC1274: last modifier, replaced by modifiersName'
# OBSOLETE
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2004 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-## Notes:
-## - The matching rule for attributes followReferrals and dereferenceAliases
-## has been changed to booleanMatch since their syntax is boolean
-## - There was a typo in the name of the dereferenceAliases attributeType
-## in the DUAConfigProfile objectClass definition
-## - Credit goes to the original Authors
-
-#
-# Application Working Group M. Ansari
-# INTERNET-DRAFT Sun Microsystems, Inc.
-# Expires Febuary 2003 L. Howard
-# PADL Software Pty. Ltd.
-# B. Joslin [ed.]
-# Hewlett-Packard Company
-#
-# September 15th, 2003
-# Intended Category: Informational
-#
-#
-# A Configuration Schema for LDAP Based
-# Directory User Agents
-# <draft-joslin-config-schema-07.txt>
-#
-#Status of this Memo
-#
-# This memo provides information for the Internet community. This
-# memo does not specify an Internet standard of any kind. Distribu-
-# tion of this memo is unlimited.
-#
-# This document is an Internet-Draft and is in full conformance with
-# all provisions of Section 10 of RFC2026.
-#
-# This document is an Internet-Draft. Internet-Drafts are working
-# documents of the Internet Engineering Task Force (IETF), its areas,
-# and its working groups. Note that other groups may also distribute
-# working documents as Internet-Drafts.
-#
-# Internet-Drafts are draft documents valid for a maximum of six
-# months. Internet-Drafts may be updated, replaced, or made obsolete
-# by other documents at any time. It is not appropriate to use
-# Internet-Drafts as reference material or to cite them other than as
-# a "working draft" or "work in progress".
-#
-# To learn the current status of any Internet-Draft, please check the
-# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
-# Directories on ds.internic.net (US East Coast), nic.nordu.net
-# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-# Rim).
-#
-# Distribution of this document is unlimited.
-#
-#
-# Abstract
-#
-# This document describes a mechanism for global configuration of
-# similar directory user agents. This document defines a schema for
-# configuration of these DUAs that may be discovered using the Light-
-# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
-# bute types and an objectclass are proposed, along with specific
-# guidelines for interpreting them. A significant feature of the
-# global configuration policy for DUAs is a mechanism that allows
-# DUAs to re-configure their schema to that of the end user's
-# environment. This configuration is achieved through attribute and
-# objectclass mapping. This document is intended to be a skeleton
-# for future documents that describe configuration of specific DUA
-# services.
-#
-#
-# [trimmed]
-#
-#
-# 2. General Issues
-#
-# The schema defined by this document is defined under the "DUA Con-
-# figuration Schema." This schema is derived from the OID: iso (1)
-# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
-# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
-# DUA Configuration Schema (1). This OID is represented in this
-# document by the keystring "DUAConfSchemaOID"
-# (1.3.6.1.4.1.11.1.3.1).
-objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
-#
-# 2.2 Attributes
-#
-# The attributes and classes defined in this document are summarized
-# below.
-#
-# The following attributes are defined in this document:
-#
-# preferredServerList
-# defaultServerList
-# defaultSearchBase
-# defaultSearchScope
-# authenticationMethod
-# credentialLevel
-# serviceSearchDescriptor
-#
-#
-#
-# Joslin [Page 3]
-# Internet-Draft DUA Configuration Schema October 2002
-#
-#
-# serviceCredentialLevel
-# serviceAuthenticationMethod
-# attributeMap
-# objectclassMap
-# searchTimeLimit
-# bindTimeLimit
-# followReferrals
-# dereferenceAliases
-# profileTTL
-#
-# 2.3 Object Classes
-#
-# The following object class is defined in this document:
-#
-# DUAConfigProfile
-#
-#
-attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
- DESC 'Default LDAP server host address used by a DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
- DESC 'Default LDAP base DN used by a DUA'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
- DESC 'Preferred LDAP server host addresses to be used by a
- DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
- DESC 'Maximum time in seconds a DUA should allow for a
- search to complete'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
- DESC 'Maximum time in seconds a DUA should allow for the
- bind operation to complete'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
- DESC 'Tells DUA if it should follow referrals
- returned by a DSA search result'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
- DESC 'Tells DUA if it should dereference aliases'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
- DESC 'A keystring which identifies the type of
- authentication method used to contact the DSA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
- DESC 'Time to live, in seconds, before a client DUA
- should re-read this configuration profile'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
- DESC 'LDAP search descriptor list used by a DUA'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
- DESC 'Attribute mappings used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
- DESC 'Identifies type of credentials a DUA should
- use when binding to the LDAP server'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
- DESC 'Objectclass mappings used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
- DESC 'Default search scope used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
- DESC 'Identifies type of credentials a DUA
- should use when binding to the LDAP server for a
- specific service'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
- DESC 'Authentication method used by a service of the DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-#
-# 4. Class Definition
-#
-# The objectclass below is constructed from the attributes defined in
-# 3, with the exception of the cn attribute, which is defined in RFC
-# 2256 [8]. cn is used to represent the name of the DUA configura-
-# tion profile.
-#
-objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
- SUP top STRUCTURAL
- DESC 'Abstraction of a base configuration for a DUA'
- MUST ( cn )
- MAY ( defaultServerList $ preferredServerList $
- defaultSearchBase $ defaultSearchScope $
- searchTimeLimit $ bindTimeLimit $
- credentialLevel $ authenticationMethod $
- followReferrals $ dereferenceAliases $
- serviceSearchDescriptor $ serviceCredentialLevel $
- serviceAuthenticationMethod $ objectclassMap $
- attributeMap $ profileTTL ) )
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
-# Dynamic Group schema, as defined by Netscape
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://enterprise.netscape.com/docs/enterprise/60/admin/esusrgrp.htm#1019520
+# for details.
#
# depends upon:
# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# Not recommended for production use! Use with caution!
objectIdentifier NetscapeRoot 2.16.840.1.113730
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# Use with extreme caution!
#-----------------------------------------------------------
-#
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
#-----------------------------------------------------------
-#
# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
#
attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
NAME 'rfc822MailMember'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#-----------------------------------------------------------
-#
# !!!no I-D!!!
+# (a work in progress)
#
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
NAME 'nisMailAlias'
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
-## Portions Copyright (C) The Internet Society (2004). All Rights Reserved.
+## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
-# Definitions from Draft behera-ldap-password-policy-07
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
-
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
-#
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
# Internet-Draft P. Behera
# draft behera-ldap-password-policy-07.txt L. Poitou
# Intended Category: Proposed Standard Sun Microsystems
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return LDAP_OBJECT_CLASS_VIOLATION;
}
+ *text = NULL;
+
return LDAP_SUCCESS;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return LDAP_SUCCESS;
}
+void
hashDigestify(
HASH_CONTEXT *HASHcontext,
unsigned char *HASHdigest,
digest.bv_val = (char *)HASHdigest;
digest.bv_len = sizeof(HASHdigest);
- for( i=0; values[i].bv_val != NULL; i++ ) {
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
/* just count them */
}
slen = syntax->ssyn_oidlen;
mlen = mr->smr_oidlen;
- for( i=0; values[i].bv_val != NULL; i++ ) {
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
hashDigestify( &HASHcontext, HASHdigest, prefix, 0,
syntax, mr, (unsigned char *)values[i].bv_val, values[i].bv_len );
ber_dupbv_x( &keys[i], &digest, ctx );
}
- keys[i].bv_val = NULL;
- keys[i].bv_len = 0;
+ BER_BVZERO( &keys[i] );
*keysp = keys;
syntax, mr, (unsigned char *)value->bv_val, value->bv_len );
ber_dupbv_x( keys, &digest, ctx );
- keys[1].bv_val = NULL;
- keys[1].bv_len = 0;
+ BER_BVZERO( &keys[1] );
*keysp = keys;
ber_len_t inlen = 0;
/* Add up asserted input length */
- if( sub->sa_initial.bv_val ) {
+ if ( !BER_BVISNULL( &sub->sa_initial ) ) {
inlen += sub->sa_initial.bv_len;
}
- if( sub->sa_any ) {
- for(i=0; sub->sa_any[i].bv_val != NULL; i++) {
+ if ( sub->sa_any ) {
+ for ( i = 0; !BER_BVISNULL( &sub->sa_any[i] ); i++ ) {
inlen += sub->sa_any[i].bv_len;
}
}
- if( sub->sa_final.bv_val ) {
+ if ( !BER_BVISNULL( &sub->sa_final ) ) {
inlen += sub->sa_final.bv_len;
}
- if( sub->sa_initial.bv_val ) {
- if( inlen > left.bv_len ) {
+ if ( !BER_BVISNULL( &sub->sa_initial ) ) {
+ if ( inlen > left.bv_len ) {
match = 1;
goto done;
}
match = memcmp( sub->sa_initial.bv_val, left.bv_val,
sub->sa_initial.bv_len );
- if( match != 0 ) {
+ if ( match != 0 ) {
goto done;
}
inlen -= sub->sa_initial.bv_len;
}
- if( sub->sa_final.bv_val ) {
- if( inlen > left.bv_len ) {
+ if ( !BER_BVISNULL( &sub->sa_final ) ) {
+ if ( inlen > left.bv_len ) {
match = 1;
goto done;
}
&left.bv_val[left.bv_len - sub->sa_final.bv_len],
sub->sa_final.bv_len );
- if( match != 0 ) {
+ if ( match != 0 ) {
goto done;
}
inlen -= sub->sa_final.bv_len;
}
- if( sub->sa_any ) {
- for(i=0; sub->sa_any[i].bv_val; i++) {
+ if ( sub->sa_any ) {
+ for ( i = 0; !BER_BVISNULL( &sub->sa_any[i] ); i++ ) {
ber_len_t idx;
char *p;
retry:
- if( inlen > left.bv_len ) {
+ if ( inlen > left.bv_len ) {
/* not enough length */
match = 1;
goto done;
}
- if( sub->sa_any[i].bv_len == 0 ) {
+ if ( BER_BVISEMPTY( &sub->sa_any[i] ) ) {
continue;
}
idx = p - left.bv_val;
- if( idx >= left.bv_len ) {
+ if ( idx >= left.bv_len ) {
/* this shouldn't happen */
return LDAP_OTHER;
}
left.bv_val = p;
left.bv_len -= idx;
- if( sub->sa_any[i].bv_len > left.bv_len ) {
+ if ( sub->sa_any[i].bv_len > left.bv_len ) {
/* not enough left */
match = 1;
goto done;
sub->sa_any[i].bv_val,
sub->sa_any[i].bv_len );
- if( match != 0 ) {
+ if ( match != 0 ) {
left.bv_val++;
left.bv_len--;
goto retry;
digest.bv_val = (char *)HASHdigest;
digest.bv_len = sizeof(HASHdigest);
- nkeys=0;
+ nkeys = 0;
- for( i=0; values[i].bv_val != NULL; i++ ) {
+ for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
/* count number of indices to generate */
if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
if( values[i].bv_len >= index_substr_if_maxlen ) {
slen = syntax->ssyn_oidlen;
mlen = mr->smr_oidlen;
- nkeys=0;
- for( i=0; values[i].bv_val != NULL; i++ ) {
+ nkeys = 0;
+ for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
ber_len_t j,max;
if( ( flags & SLAP_INDEX_SUBSTR_ANY ) &&
}
if( nkeys > 0 ) {
- keys[nkeys].bv_val = NULL;
+ BER_BVZERO( &keys[nkeys] );
*keysp = keys;
} else {
ch_free( keys );
sa = (SubstringsAssertion *) assertedValue;
if( flags & SLAP_INDEX_SUBSTR_INITIAL &&
- sa->sa_initial.bv_val != NULL &&
+ !BER_BVISNULL( &sa->sa_initial ) &&
sa->sa_initial.bv_len >= index_substr_if_minlen )
{
nkeys++;
}
}
- if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
+ if ( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
ber_len_t i;
- for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
+ for( i=0; !BER_BVISNULL( &sa->sa_any[i] ); i++ ) {
if( sa->sa_any[i].bv_len >= index_substr_any_len ) {
/* don't bother accounting with stepping */
nkeys += sa->sa_any[i].bv_len -
}
if( flags & SLAP_INDEX_SUBSTR_FINAL &&
- sa->sa_final.bv_val != NULL &&
+ !BER_BVISNULL( &sa->sa_final ) &&
sa->sa_final.bv_len >= index_substr_if_minlen )
{
nkeys++;
nkeys = 0;
if( flags & SLAP_INDEX_SUBSTR_INITIAL &&
- sa->sa_initial.bv_val != NULL &&
+ !BER_BVISNULL( &sa->sa_initial ) &&
sa->sa_initial.bv_len >= index_substr_if_minlen )
{
pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
pre = SLAP_INDEX_SUBSTR_PREFIX;
klen = index_substr_any_len;
- for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
+ for( i=0; !BER_BVISNULL( &sa->sa_any[i] ); i++ ) {
if( sa->sa_any[i].bv_len < index_substr_any_len ) {
continue;
}
}
if( flags & SLAP_INDEX_SUBSTR_FINAL &&
- sa->sa_final.bv_val != NULL &&
+ !BER_BVISNULL( &sa->sa_final ) &&
sa->sa_final.bv_len >= index_substr_if_minlen )
{
pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
}
if( nkeys > 0 ) {
- keys[nkeys].bv_val = NULL;
+ BER_BVZERO( &keys[nkeys] );
*keysp = keys;
} else {
ch_free( keys );
*/
if( in->bv_val[0] != '\'' ||
- in->bv_val[in->bv_len-2] != '\'' ||
- in->bv_val[in->bv_len-1] != 'B' )
+ in->bv_val[in->bv_len - 2] != '\'' ||
+ in->bv_val[in->bv_len - 1] != 'B' )
{
return LDAP_INVALID_SYNTAX;
}
- for( i=in->bv_len-3; i>0; i-- ) {
+ for( i = in->bv_len - 3; i > 0; i-- ) {
if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
return LDAP_INVALID_SYNTAX;
}
int rc;
struct berval dn, uid;
- if( in->bv_len == 0 ) return LDAP_SUCCESS;
+ if( BER_BVISEMPTY( in ) ) return LDAP_SUCCESS;
ber_dupbv( &dn, in );
if( !dn.bv_val ) return LDAP_OTHER;
/* if there's a "#", try bitStringValidate()... */
uid.bv_val = strrchr( dn.bv_val, '#' );
- if ( uid.bv_val ) {
+ if ( !BER_BVISNULL( &uid ) ) {
uid.bv_val++;
uid.bv_len = dn.bv_len - ( uid.bv_val - dn.bv_val );
Debug( LDAP_DEBUG_TRACE, ">>> nameUIDPretty: <%s>\n", val->bv_val, 0, 0 );
- if( val->bv_len == 0 ) {
+ if( BER_BVISEMPTY( val ) ) {
ber_dupbv_x( out, val, ctx );
} else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
struct berval uidval = BER_BVNULL;
uidval.bv_val = strrchr( val->bv_val, '#' );
- if ( uidval.bv_val ) {
+ if ( !BER_BVISNULL( &uidval ) ) {
uidval.bv_val++;
uidval.bv_len = val->bv_len - ( uidval.bv_val - val->bv_val );
dnval.bv_val[dnval.bv_len] = '\0';
} else {
- uidval.bv_val = NULL;
+ BER_BVZERO( &uidval );
}
}
return rc;
}
- if( uidval.bv_val ) {
+ if( !BER_BVISNULL( &uidval ) ) {
int i, c, got1;
char *tmp;
struct berval uid = BER_BVNULL;
uid.bv_val = strrchr( out.bv_val, '#' );
- if ( uid.bv_val ) {
+ if ( !BER_BVISNULL( &uid ) ) {
uid.bv_val++;
uid.bv_len = out.bv_len - ( uid.bv_val - out.bv_val );
uid.bv_val[-1] = '\0';
out.bv_len -= uid.bv_len + 1;
} else {
- uid.bv_val = NULL;
+ BER_BVZERO( &uid );
}
}
return LDAP_INVALID_SYNTAX;
}
- if( uid.bv_val ) {
+ if( !BER_BVISNULL( &uid ) ) {
char *tmp;
tmp = ch_realloc( normalized->bv_val,
int len;
unsigned char *u = (unsigned char *)in->bv_val;
- if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
+ if( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
/* directory strings cannot be empty */
return LDAP_INVALID_SYNTAX;
}
- for( count = in->bv_len; count > 0; count-=len, u+=len ) {
+ for( count = in->bv_len; count > 0; count -= len, u += len ) {
/* get the length indicated by the first byte */
len = LDAP_UTF8_CHARLEN2( u, len );
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
- if( val->bv_val == NULL ) {
+ if( BER_BVISNULL( val ) ) {
/* assume we're dealing with a syntax (e.g., UTF8String)
* which allows empty strings
*/
- normalized->bv_len = 0;
- normalized->bv_val = NULL;
+ BER_BVZERO( normalized );
return LDAP_SUCCESS;
}
nvalue.bv_len = 0;
nvalue.bv_val = tmp.bv_val;
- wasspace=1; /* trim leading spaces */
- for( i=0; i<tmp.bv_len; i++) {
+ wasspace = 1; /* trim leading spaces */
+ for( i = 0; i < tmp.bv_len; i++) {
if ( ASCII_SPACE( tmp.bv_val[i] )) {
if( wasspace++ == 0 ) {
/* trim repeated spaces */
}
}
- if( nvalue.bv_len ) {
+ if( !BER_BVISEMPTY( &nvalue ) ) {
if( wasspace ) {
/* last character was a space, trim it */
--nvalue.bv_len;
struct berval *newkeys;
BerVarray keys=NULL;
- for( j=0; values[j].bv_val != NULL; j++ ) {
+ for( j = 0; !BER_BVISNULL( &values[j] ); j++ ) {
struct berval val = BER_BVNULL;
/* Yes, this is necessary */
UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX, NULL );
- assert( val.bv_val != NULL );
+ assert( !BER_BVISNULL( &val ) );
/* Isolate how many words there are. There will be a key for each */
for( wordcount = 0, c = val.bv_val; *c; c++) {
ber_memfree( val.bv_val );
}
- keys[keycount].bv_val = NULL;
+ BER_BVZERO( &keys[keycount] );
*keysp = keys;
return LDAP_SUCCESS;
/* Yes, this is necessary */
val = UTF8bvnormalize( ((struct berval *)assertedValue),
NULL, LDAP_UTF8_APPROX, NULL );
- if( val == NULL || val->bv_val == NULL ) {
+ if( val == NULL || BER_BVISNULL( val ) ) {
keys = (struct berval *)ch_malloc( sizeof(struct berval) );
- keys[0].bv_val = NULL;
+ BER_BVZERO( &keys[0] );
*keysp = keys;
ber_bvfree( val );
return LDAP_SUCCESS;
ber_bvfree( val );
- keys[count].bv_val = NULL;
+ BER_BVZERO( &keys[count] );
*keysp = keys;
return LDAP_SUCCESS;
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ));
/* validator should have refused an empty string */
- assert( val->bv_len );
+ assert( !BER_BVISEMPTY( val ) );
q = normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
normalized->bv_len = q - normalized->bv_val;
- if( normalized->bv_len == 0 ) {
+ if( BER_BVISEMPTY( normalized ) ) {
slap_sl_free( normalized->bv_val, ctx );
- normalized->bv_val = NULL;
+ BER_BVZERO( normalized );
return LDAP_INVALID_SYNTAX;
}
{
struct berval val = *in;
- if( val.bv_len == 0 ) {
+ if( BER_BVISEMPTY( &val ) ) {
/* disallow empty strings */
return LDAP_INVALID_SYNTAX;
}
ber_len_t i;
struct berval val = *in;
- if( val.bv_len == 0 ) return LDAP_INVALID_SYNTAX;
+ if ( BER_BVISEMPTY( &val ) ) return LDAP_INVALID_SYNTAX;
if ( val.bv_val[0] == '-' ) {
val.bv_len--;
val.bv_val++;
- if( val.bv_len == 0 ) { /* bare "-" */
+ if( BER_BVISEMPTY( &val ) ) { /* bare "-" */
return LDAP_INVALID_SYNTAX;
}
v.bv_len--;
}
- if( v.bv_len == 0 ) vsign = 0;
+ if( BER_BVISEMPTY( &v ) ) vsign = 0;
a = *asserted;
if( a.bv_val[0] == '-' ) {
a.bv_len--;
}
- if( a.bv_len == 0 ) vsign = 0;
+ if( BER_BVISEMPTY( &a ) ) vsign = 0;
match = vsign - asign;
if( match == 0 ) {
{
ber_len_t i;
- if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
for(i=0; i < val->bv_len; i++) {
if( !SLAP_PRINTABLE(val->bv_val[i]) ) {
{
ber_len_t i, len;
- if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
for(i=0,len=0; i < val->bv_len; i++) {
int c = val->bv_val[i];
{
ber_len_t i;
- if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
for(i=0; i < val->bv_len; i++) {
if( !LDAP_ASCII(val->bv_val[i]) ) {
char *p, *q;
int casefold = !SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match);
- assert( val->bv_len );
+ assert( !BER_BVISEMPTY( val ) );
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
*q = '\0';
normalized->bv_len = q - normalized->bv_val;
- if( normalized->bv_len == 0 ) {
+ if( BER_BVISEMPTY( normalized ) ) {
normalized->bv_val = slap_sl_realloc( normalized->bv_val, 2, ctx );
normalized->bv_val[0] = ' ';
normalized->bv_val[1] = '\0';
{
ber_len_t i;
- if( in->bv_len == 0 ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISEMPTY( in ) ) return LDAP_INVALID_SYNTAX;
for(i=0; i < in->bv_len; i++) {
if( !SLAP_NUMERIC(in->bv_val[i]) ) {
/* removal all spaces */
char *p, *q;
- assert( val->bv_len );
+ assert( !BER_BVISEMPTY( val ) );
normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
normalized->bv_len = q - normalized->bv_val;
- if( normalized->bv_len == 0 ) {
+ if( BER_BVISEMPTY( normalized ) ) {
normalized->bv_val = slap_sl_realloc( normalized->bv_val, 2, ctx );
normalized->bv_val[0] = ' ';
normalized->bv_val[1] = '\0';
if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
i.bv_val = strchr( in->bv_val, '$' );
- if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
sn.bv_val = in->bv_val;
sn.bv_len = i.bv_val - in->bv_val;
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
i.bv_val = strchr( val->bv_val, '$' );
- if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
sn.bv_val = val->bv_val;
sn.bv_len = i.bv_val - val->bv_val;
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
- if( out->bv_val == NULL ) {
+ if( BER_BVISNULL( out ) ) {
slap_sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
i.bv_val = strchr( val->bv_val, '$' );
- if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
+ if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX;
sn.bv_val = val->bv_val;
sn.bv_len = i.bv_val - val->bv_val;
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
- if( out->bv_val == NULL ) {
+ if( BER_BVISNULL( out ) ) {
slap_sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
ASN1_INTEGER *sn = NULL;
X509 *xcert = NULL;
- if( val->bv_len == 0 ) goto done;
+ if( BER_BVISEMPTY( val ) ) goto done;
if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx);
len = sizeof("YYYYmmddHHMMSSZ")-1 + fraction.bv_len;
normalized->bv_val = slap_sl_malloc( len + 1, ctx );
- if ( normalized->bv_val == NULL ) {
+ if ( BER_BVISNULL( normalized ) ) {
return LBER_ERROR_MEMORY;
}
sprintf( normalized->bv_val, "%02d%02d%02d%02d%02d%02d%02d",
parts[0], parts[1], parts[2] + 1, parts[3] + 1,
parts[4], parts[5], parts[6] );
- if ( fraction.bv_len ) {
+ if ( !BER_BVISEMPTY( &fraction ) ) {
memcpy( normalized->bv_val + sizeof("YYYYmmddHHMMSSZ")-2,
fraction.bv_val, fraction.bv_len );
normalized->bv_val[sizeof("YYYYmmddHHMMSSZ")-2] = '.';
return LDAP_INVALID_SYNTAX;
}
- if( tmp.bv_len == 0 ) return LDAP_SUCCESS;
+ if( BER_BVISEMPTY( &tmp ) ) return LDAP_SUCCESS;
- while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) {
+ while( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == ' ' ) ) {
tmp.bv_len++;
tmp.bv_val--;
}
- if( tmp.bv_len && ( tmp.bv_val[0] == '$' )) {
+ if( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == '$' ) ) {
tmp.bv_len++;
tmp.bv_val--;
} else {
return LDAP_INVALID_SYNTAX;
}
- while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) {
+ while( !BER_BVISEMPTY( &tmp ) && ( tmp.bv_val[0] == ' ' ) ) {
tmp.bv_len++;
tmp.bv_val--;
}
char *p, *e;
int commas = 0;
- if ( val->bv_len == 0 ) {
+ if ( BER_BVISEMPTY( val ) ) {
return LDAP_INVALID_SYNTAX;
}
{
char *p, *e;
- if ( val->bv_len == 0 ) {
+ if ( BER_BVISEMPTY( val ) ) {
return LDAP_INVALID_SYNTAX;
}
/* grab next word */
comp.bv_val = &val->bv_val[len];
len = val->bv_len - len;
- for( comp.bv_len=0;
+ for( comp.bv_len = 0;
!ASCII_SPACE(comp.bv_val[comp.bv_len]) && comp.bv_len < len;
comp.bv_len++ )
{
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
"matchingRuleUse ) )",
subentryObjectClass, SLAP_OC_OPERATIONAL,
offsetof(struct slap_internal_schema, si_oc_subschema) },
-#ifdef LDAP_DEVEL
+#ifdef LDAP_COLLECTIVE_ATTRIBUTES
{ "collectiveAttributeSubentry", "( 2.5.17.2 "
"NAME 'collectiveAttributeSubentry' "
+ "DESC 'RFC3671: collective attribute subentry' "
"AUXILIARY )",
subentryObjectClass,
SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
- offsetof(struct slap_internal_schema, si_oc_collectiveAttributeSubentry) },
+ offsetof( struct slap_internal_schema,
+ si_oc_collectiveAttributeSubentry) },
+#endif
+#ifdef LDAP_DYNAMIC_OBJECTS
{ "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
"NAME 'dynamicObject' "
"DESC 'RFC2589: Dynamic Object' "
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
-#ifdef LDAP_DEVEL
+#ifdef LDAP_COLLECTIVE_ATTRIBUTES
{ "collectiveAttributeSubentries", "( 2.5.18.12 "
"NAME 'collectiveAttributeSubentries' "
+ "DESC 'RFC3671: collective attribute subentries' "
"EQUALITY distinguishedNameMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
"NO-USER-MODIFICATION USAGE directoryOperation )",
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) },
{ "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' "
+ "DESC 'RFC3671: collective attribute exclusions' "
"EQUALITY objectIdentifierMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
"USAGE directoryOperation )",
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_namingCSN) },
-#if 0
+#ifdef LDAP_SUPERIOR_UUID
{ "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' "
"DESC 'UUID of the superior entry' "
"EQUALITY octetStringMatch "
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_contextCSN) },
-#ifdef LDAP_DEVEL
+#ifdef LDAP_SYNC_TIMESTAMP
{ "syncTimestamp", "( 1.3.6.1.4.1.4203.666.1.26 NAME 'syncTimestamp' "
"DESC 'Time which object was replicated' "
"EQUALITY generalizedTimeMatch "
offsetof(struct slap_internal_schema, si_ad_aci) },
#endif
-#ifdef LDAP_DEVEL
+#ifdef LDAP_DYNAMIC_OBJECTS
{ "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
"DESC 'RFC2589: entry time-to-live' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE "
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
rs->sr_err = frontendDB->be_search( op, rs );
return_results:;
-#if 0 /* DELETE ME */
- if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) ) {
- return rs->sr_err;
- }
- if ( ( op->o_sync_slog_size != -1 ) ) {
- return rs->sr_err;
- }
-#endif
if ( !BER_BVISNULL( &op->o_req_dn ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
}
* if we don't hold it.
*/
-#if 0 /* DELETE ME */
- /* Sync control overrides manageDSAit */
-
- if ( manageDSAit != SLAP_CONTROL_NONE ) {
- if ( op->o_sync_mode & SLAP_SYNC_REFRESH ) {
- be_manageDSAit = SLAP_CONTROL_NONE;
- } else {
- be_manageDSAit = manageDSAit;
- }
- } else {
- be_manageDSAit = manageDSAit;
- }
-#else
- be_manageDSAit = manageDSAit;
-#endif
+ be_manageDSAit = manageDSAit;
op->o_bd = select_backend( &op->o_req_ndn, be_manageDSAit, 1 );
if ( op->o_bd == NULL ) {
+++ /dev/null
-/* sessionlog.c -- Session History Management Routines */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2003-2004 The OpenLDAP Foundation.
- * Portions Copyright 2003 IBM Corporation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/socket.h>
-
-#include "lutil.h"
-#include "slap.h"
-#include "lutil_ldap.h"
-
-#if 0 /* DELETE ME -- needs to be reimplemented with syncprov overlay */
-int
-slap_send_session_log(
- Operation *op,
- Operation *sop,
- SlapReply *rs
-)
-{
- Entry e;
- AttributeName uuid_attr[2];
- LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
- int num_ctrls = 0;
- struct slog_entry *slog_e;
- int result;
- int match;
- const char *text;
-
- uuid_attr[0].an_desc = NULL;
- uuid_attr[0].an_oc = NULL;
- uuid_attr[0].an_oc_exclude = 0;
- uuid_attr[0].an_name.bv_len = 0;
- uuid_attr[0].an_name.bv_val = NULL;
- e.e_attrs = NULL;
- e.e_id = 0;
- e.e_name.bv_val = NULL;
- e.e_name.bv_len = 0;
- e.e_nname.bv_val = NULL;
- e.e_nname.bv_len = 0;
-
- for( num_ctrls = 0;
- num_ctrls < SLAP_MAX_RESPONSE_CONTROLS;
- num_ctrls++ ) {
- ctrls[num_ctrls] = NULL;
- }
- num_ctrls = 0;
-
- LDAP_STAILQ_FOREACH( slog_e, &sop->o_sync_slog_list, sl_link ) {
-
- if ( op->o_sync_state.ctxcsn->bv_val == NULL ) {
- match = 1;
- } else {
- value_match( &match, slap_schema.si_ad_entryCSN,
- slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- op->o_sync_state.ctxcsn, &slog_e->sl_csn, &text );
- }
-
- if ( match < 0 ) {
- rs->sr_err = slap_build_sync_state_ctrl_from_slog( op, rs, slog_e,
- LDAP_SYNC_DELETE, ctrls, num_ctrls++, 0, NULL );
-
- if ( rs->sr_err != LDAP_SUCCESS )
- return rs->sr_err;
-
- if ( e.e_name.bv_val )
- ch_free( e.e_name.bv_val );
- ber_dupbv( &e.e_name, &slog_e->sl_name );
-
- rs->sr_entry = &e;
- rs->sr_attrs = uuid_attr;
- rs->sr_ctrls = ctrls;
- rs->sr_flags = 0;
- result = send_search_entry( op, rs );
- slap_sl_free( ctrls[num_ctrls-1]->ldctl_value.bv_val, op->o_tmpmemctx );
- slap_sl_free( ctrls[--num_ctrls], op->o_tmpmemctx );
- ctrls[num_ctrls] = NULL;
- rs->sr_ctrls = NULL;
- }
- }
- return LDAP_SUCCESS;
-}
-
-int
-slap_add_session_log(
- Operation *op,
- Operation *sop,
- Entry *e
-)
-{
- struct slog_entry* slog_e;
- Attribute *a;
-
- slog_e = (struct slog_entry *) ch_calloc (1, sizeof( struct slog_entry ));
- a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
- ber_dupbv( &slog_e->sl_uuid, &a->a_nvals[0] );
- ber_dupbv( &slog_e->sl_name, &e->e_name );
- ber_dupbv( &slog_e->sl_csn, &op->o_sync_csn );
- LDAP_STAILQ_INSERT_TAIL( &sop->o_sync_slog_list, slog_e, sl_link );
- sop->o_sync_slog_len++;
-
- while ( sop->o_sync_slog_len > sop->o_sync_slog_size ) {
- slog_e = LDAP_STAILQ_FIRST( &sop->o_sync_slog_list );
- if ( sop->o_sync_slog_omitcsn.bv_val ) {
- ch_free( sop->o_sync_slog_omitcsn.bv_val );
- }
- ber_dupbv( &sop->o_sync_slog_omitcsn, &slog_e->sl_csn );
- LDAP_STAILQ_REMOVE_HEAD( &sop->o_sync_slog_list, sl_link );
- ch_free( slog_e->sl_uuid.bv_val );
- ch_free( slog_e->sl_name.bv_val );
- ch_free( slog_e->sl_csn.bv_val );
- ch_free( slog_e );
- sop->o_sync_slog_len--;
- }
-
- return LDAP_SUCCESS;
-}
-#endif
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
set = NULL;
switch ( op ) {
- case '|':
+ case '|': /* union */
if ( lset == NULL || BER_BVISNULL( lset ) ) {
if ( rset == NULL ) {
if ( lset == NULL ) {
- return cp->op->o_tmpcalloc( 1,
+ set = cp->op->o_tmpcalloc( 1,
sizeof(struct berval),
cp->op->o_tmpmemctx );
+ BER_BVZERO( set );
+ return set;
}
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
}
}
}
+ last = i;
+
for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
int exists = 0;
+
for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {
- if ( dn_match( &rset[ i ], &set[ j ] ) )
+ if ( bvmatch( &rset[ i ], &set[ j ] ) )
{
if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
cp->op->o_tmpfree( rset[ i ].bv_val, cp->op->o_tmpmemctx );
if ( !exists ) {
if ( op_flags & SLAP_SET_RREFVAL ) {
- ber_dupbv_x( &set[ j ], &rset[ i ], cp->op->o_tmpmemctx );
+ ber_dupbv_x( &set[ last ], &rset[ i ], cp->op->o_tmpmemctx );
} else {
- set[ j ] = rset[ i ];
+ set[ last ] = rset[ i ];
}
+ last++;
}
}
+ BER_BVZERO( &set[ last ] );
}
break;
- case '&':
+ case '&': /* intersection */
if ( lset == NULL || BER_BVISNULL( lset )
|| rset == NULL || BER_BVISNULL( rset ) )
{
set = cp->op->o_tmpcalloc( 1, sizeof(struct berval),
cp->op->o_tmpmemctx );
+ BER_BVZERO( set );
} else {
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
last = slap_set_size( set ) - 1;
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
- if ( dn_match( &set[ i ], &rset[ j ] ) ) {
+ if ( bvmatch( &set[ i ], &rset[ j ] ) ) {
break;
}
}
}
break;
+ case '+': /* string concatenation */
+ i = slap_set_size( rset );
+ j = slap_set_size( lset );
+
+ set = cp->op->o_tmpcalloc( i * j + 1, sizeof(struct berval),
+ cp->op->o_tmpmemctx );
+ if ( set == NULL ) {
+ break;
+ }
+
+ for ( last = 0, i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
+ for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
+ struct berval bv;
+ long k;
+
+ bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
+ bv.bv_val = cp->op->o_tmpalloc( bv.bv_len + 1,
+ cp->op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ slap_set_dispose( cp, set, 0 );
+ set = NULL;
+ goto done;
+ }
+ AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
+ AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
+ bv.bv_val[ bv.bv_len ] = '\0';
+
+ for ( k = 0; k < last; k++ ) {
+ if ( bvmatch( &set[ k ], &bv ) ) {
+ cp->op->o_tmpfree( bv.bv_val, cp->op->o_tmpmemctx );
+ break;
+ }
+ }
+
+ if ( k == last ) {
+ set[ last++ ] = bv;
+ }
+ }
+ }
+ BER_BVZERO( &set[ last ] );
+ break;
+
default:
break;
}
+done:;
if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
cp->op->o_tmpfree( lset, cp->op->o_tmpmemctx );
}
BerVarray vals, nset;
int i;
- if ( set == NULL )
- return cp->op->o_tmpcalloc( 1, sizeof(struct berval),
+ if ( set == NULL ) {
+ set = cp->op->o_tmpcalloc( 1, sizeof(struct berval),
cp->op->o_tmpmemctx );
+ BER_BVZERO( set );
+ return set;
+ }
- if ( BER_BVISNULL( set ) )
+ if ( BER_BVISNULL( set ) ) {
return set;
+ }
nset = cp->op->o_tmpcalloc( 1, sizeof(struct berval), cp->op->o_tmpmemctx );
if ( nset == NULL ) {
SetCookie *cp, struct berval *fbv,
struct berval *user, struct berval *target, BerVarray *results )
{
+#define STACK_SIZE 64
#define IS_SET(x) ( (unsigned long)(x) >= 256 )
#define IS_OP(x) ( (unsigned long)(x) < 256 )
#define SF_ERROR(x) do { rc = -1; goto _error; } while (0)
#define SF_TOP() ( (BerVarray)( (stp < 0) ? 0 : stack[ stp ] ) )
#define SF_POP() ( (BerVarray)( (stp < 0) ? 0 : stack[ stp-- ] ) )
#define SF_PUSH(x) do { \
- if (stp >= 63) SF_ERROR(overflow); \
+ if (stp >= (STACK_SIZE - 1)) SF_ERROR(overflow); \
stack[ ++stp ] = (BerVarray)(long)(x); \
} while (0)
BerVarray set, lset;
- BerVarray stack[64] = { 0 };
+ BerVarray stack[ STACK_SIZE ] = { 0 };
int len, rc, stp;
unsigned op;
char c, *filter = fbv->bv_val;
}
break;
- case '&':
- case '|':
+ case '|': /* union */
+ case '&': /* intersection */
+ case '+': /* string concatenation */
set = SF_POP();
if ( IS_OP( set ) ) {
SF_ERROR( syntax );
if ( BER_BVISNULL( set ) ) {
SF_ERROR( memory );
}
+ BER_BVZERO( &set[ 1 ] );
} else if ( len == 4
&& memcmp( "user", filter, len ) == 0 )
if ( BER_BVISNULL( set ) ) {
SF_ERROR( memory );
}
+ BER_BVZERO( &set[ 1 ] );
} else if ( SF_TOP() != (void *)'/' ) {
SF_ERROR( syntax );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
so_right = LDAP_LIST_FIRST(&sh->sh_sopool);
LDAP_LIST_REMOVE(so_right, so_link);
- so_right->so_ptr = so_left->so_ptr + (1 << j);
+ so_right->so_ptr = (void *)((char *)so_left->so_ptr + (1 << j));
if (j == order + 1) {
ptr = so_left->so_ptr;
diff = (unsigned long)((char*)ptr -
return (void*)ch_malloc(size);
}
}
+
+ /* FIXME: missing return; guessing... */
+ return NULL;
}
void *
while (so) {
if ((char*)so->so_ptr == (char*)tmpp) {
LDAP_LIST_REMOVE(so, so_link);
- } else if ((char*)tmpp == so->so_ptr + order_size) {
+ } else if ((char*)tmpp == (char *)so->so_ptr + order_size) {
LDAP_LIST_REMOVE(so, so_link);
tmpp = so->so_ptr;
break;
struct slab_heap *sh = NULL;
void *ctx;
+ if ( slapMode & SLAP_TOOL_MODE ) return NULL;
+
#ifdef NO_THREADS
sh = slheap;
#else
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
LDAP_BEGIN_DECL
+#ifdef LDAP_DEVEL
+#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
+#define SLAP_DYNACL
+#define LDAP_COMP_MATCH /* experimental */
+#define LDAP_DYNAMIC_OBJECTS
+#define LDAP_SYNC_TIMESTAMP
+#define LDAP_COLLECTIVE_ATTRIBUTES
+#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
+#endif
+
+#if defined(LDAP_DEVEL) && defined(ENABLE_REWRITE)
+/* use librewrite for sasl-regexp */
+#define SLAP_AUTH_REWRITE 1
+#endif /* LDAP_DEVEL && ENABLE_REWRITE */
+
/*
* SLAPD Memory allocation macros
*
struct berval * out,
void *memctx));
-#ifdef LDAP_DEVEL
-#define LDAP_COMP_MATCH
-#endif
-
#ifdef LDAP_COMP_MATCH
typedef void* slap_component_transform_func LDAP_P((
struct berval * in ));
typedef enum slap_access_e {
ACL_INVALID_ACCESS = -1,
ACL_NONE = 0,
+ ACL_DISCLOSE,
ACL_AUTH,
ACL_COMPARE,
ACL_SEARCH,
ACL_READ,
- ACL_WRITE
+ ACL_WRITE,
+ ACL_MANAGE
} slap_access_t;
typedef enum slap_control_e {
} AuthorizationInformation;
-#ifdef LDAP_DEVEL
-#define SLAP_DYNACL
-#endif /* LDAP_DEVEL */
-
#ifdef SLAP_DYNACL
struct slap_op;
#define ACL_ACCESS2PRIV(access) (0x01U << (access))
#define ACL_PRIV_NONE ACL_ACCESS2PRIV( ACL_NONE )
+#define ACL_PRIV_DISCLOSE ACL_ACCESS2PRIV( ACL_DISCLOSE )
#define ACL_PRIV_AUTH ACL_ACCESS2PRIV( ACL_AUTH )
#define ACL_PRIV_COMPARE ACL_ACCESS2PRIV( ACL_COMPARE )
#define ACL_PRIV_SEARCH ACL_ACCESS2PRIV( ACL_SEARCH )
#define ACL_PRIV_READ ACL_ACCESS2PRIV( ACL_READ )
#define ACL_PRIV_WRITE ACL_ACCESS2PRIV( ACL_WRITE )
+#define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE )
#define ACL_PRIV_MASK 0x00ffUL
#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)
#define ACL_LVL_NONE (ACL_PRIV_NONE|ACL_PRIV_LEVEL)
-#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_NONE)
+#define ACL_LVL_DISCLOSE (ACL_PRIV_DISCLOSE|ACL_LVL_NONE)
+#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_DISCLOSE)
#define ACL_LVL_COMPARE (ACL_PRIV_COMPARE|ACL_LVL_AUTH)
#define ACL_LVL_SEARCH (ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
#define ACL_LVL_READ (ACL_PRIV_READ|ACL_LVL_SEARCH)
#define ACL_LVL_WRITE (ACL_PRIV_WRITE|ACL_LVL_READ)
+#define ACL_LVL_MANAGE (ACL_PRIV_MANAGE|ACL_LVL_WRITE)
#define ACL_LVL(m,l) (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
#define ACL_LVL_IS_NONE(m) ACL_LVL((m),ACL_LVL_NONE)
+#define ACL_LVL_IS_DISCLOSE(m) ACL_LVL((m),ACL_LVL_DISCLOSE)
#define ACL_LVL_IS_AUTH(m) ACL_LVL((m),ACL_LVL_AUTH)
#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE)
#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH)
#define ACL_LVL_IS_READ(m) ACL_LVL((m),ACL_LVL_READ)
#define ACL_LVL_IS_WRITE(m) ACL_LVL((m),ACL_LVL_WRITE)
+#define ACL_LVL_IS_MANAGE(m) ACL_LVL((m),ACL_LVL_MANAGE)
#define ACL_LVL_ASSIGN_NONE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
+#define ACL_LVL_ASSIGN_DISCLOSE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_DISCLOSE)
#define ACL_LVL_ASSIGN_AUTH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
#define ACL_LVL_ASSIGN_COMPARE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
#define ACL_LVL_ASSIGN_SEARCH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
+#define ACL_LVL_ASSIGN_MANAGE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_MANAGE)
slap_mask_t a_access_mask;
#define SLAP_SYNC_RID_SIZE 3
#define SLAP_SYNCUUID_SET_SIZE 256
+#define SLAP_SYNC_UPDATE_MSGID 2
+
struct nonpresent_entry {
struct berval *npe_name;
struct berval *npe_nname;
};
struct sync_cookie {
- struct berval *ctxcsn;
- long sid;
- struct berval *octet_str;
+ struct berval ctxcsn;
+ struct berval octet_str;
long rid;
LDAP_STAILQ_ENTRY(sync_cookie) sc_next;
};
typedef struct syncinfo_s {
struct slap_backend_db *si_be;
long si_rid;
- char *si_provideruri;
- BerVarray si_provideruri_bv;
+ struct berval si_provideruri;
#define SYNCINFO_TLS_OFF 0
#define SYNCINFO_TLS_ON 1
#define SYNCINFO_TLS_CRITICAL 2
int si_tls;
- struct berval si_updatedn;
int si_bindmethod;
char *si_binddn;
char *si_passwd;
Avlnode *si_presentlist;
LDAP *si_ld;
LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist;
- LDAP_STAILQ_ENTRY( syncinfo_s ) si_next;
} syncinfo_t;
LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry );
struct be_pcl *be_pending_csn_list;
ldap_pvt_thread_mutex_t be_pcl_mutex;
ldap_pvt_thread_mutex_t *be_pcl_mutexp;
- LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */
+ syncinfo_t *be_syncinfo; /* For syncrepl */
char *be_realm;
void *be_pb; /* Netscape plugin */
int ps_count;
} PagedResultsState;
-#define LDAP_PSEARCH_BY_ADD 0x01
-#define LDAP_PSEARCH_BY_DELETE 0x02
-#define LDAP_PSEARCH_BY_PREMODIFY 0x03
-#define LDAP_PSEARCH_BY_MODIFY 0x04
-#define LDAP_PSEARCH_BY_SCOPEOUT 0x05
-#define LDAP_PSEARCH_BY_PREDELETE 0x06
-
-struct psid_entry { /* DELETE ME */
- struct slap_op *ps_op;
- LDAP_LIST_ENTRY(psid_entry) ps_link;
-};
-
-#if 0 /* DELETE ME */
-struct slog_entry {
- struct berval sl_uuid;
- struct berval sl_name;
- struct berval sl_csn;
- LDAP_STAILQ_ENTRY(slog_entry) sl_link;
-};
-
-/* session lists */
-struct slap_session_entry {
- int se_id;
- int se_size;
- struct berval se_spec;
- LDAP_LIST_ENTRY( slap_session_entry ) se_link;
-};
-#endif
-
struct slap_csn_entry {
struct berval ce_csn;
unsigned long ce_opid;
LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link;
};
-struct pc_entry {
- ID pc_id;
- int pc_sent;
- struct berval pc_csn;
- struct berval pc_entryUUID;
- struct berval pc_ename;
- struct berval pc_enname;
- LDAP_TAILQ_ENTRY( pc_entry ) pc_link;
-};
-
/*
* Caches the result of a backend_group check for ACL evaluation
*/
#define get_pagedresults(op) ((int)(op)->o_pagedresults)
-#ifdef BDB_PSEARCH
- struct sync_cookie o_sync_state;
- int o_sync_rhint;
- struct berval o_sync_cid;
- int o_sync_slog_size;
- struct berval o_sync_csn;
- struct berval o_sync_slog_omitcsn;
- int o_sync_slog_len;
- LDAP_STAILQ_HEAD(sl, slog_entry) o_sync_slog_list;
-
- int o_ps_entries;
- int o_no_psearch;
- LDAP_LIST_ENTRY(slap_op) o_ps_link;
- LDAP_LIST_HEAD(pe, psid_entry) o_pm_list;
-
- int o_refresh_in_progress;
- LDAP_TAILQ_HEAD(pc_pre, pc_entry) o_ps_pre_candidates;
- LDAP_TAILQ_HEAD(pc_post, pc_entry) o_ps_post_candidates;
- Avlnode *o_psearch_finished;
- struct pc_entry *o_ps_send_wait;
- ldap_pvt_thread_mutex_t o_pcmutex;
-#endif
-
AuthorizationInformation o_authz;
BerElement *o_ber; /* ber of the request */
#define SLAP_ZONE_ALLOC 1
#undef SLAP_ZONE_ALLOC
-#if defined(LDAP_DEVEL) && defined(ENABLE_REWRITE)
-/* use librewrite for sasl-regexp */
-#define SLAP_AUTH_REWRITE 1
-#endif /* LDAP_DEVEL && ENABLE_REWRITE */
-
#ifdef LDAP_COMP_MATCH
/*
* Extensible Filter Definition
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
slap_mask_t mask;
AttributeDescription *desc = NULL;
int rc;
- struct berval val;
+ struct berval val = BER_BVNULL,
+ *valp = NULL;
const char *text;
char accessmaskbuf[ACCESSMASK_MAXLEN];
char *accessstr;
val.bv_val[0] = '\0';
val.bv_val++;
val.bv_len = strlen( val.bv_val );
+ valp = &val;
}
accessstr = strchr( attr, '/' );
break;
}
- rc = access_allowed_mask( op, &e, desc, &val, access,
+ rc = access_allowed_mask( op, &e, desc, valp, access,
NULL, &mask );
if ( accessstr ) {
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
#include "slapcommon.h"
static char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
-static const struct berval slap_syncrepl_bvc = BER_BVC("syncreplxxx");
-static const struct berval slap_syncrepl_cn_bvc = BER_BVC("cn=syncreplxxx");
-static struct berval slap_syncrepl_bv = BER_BVNULL;
-static struct berval slap_syncrepl_cn_bv = BER_BVNULL;
-
-struct subentryinfo {
- struct berval cn;
- struct berval ndn;
- struct berval rdn;
- struct berval cookie;
- LDAP_SLIST_ENTRY( subentryinfo ) sei_next;
-};
+static char maxcsnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
int
slapadd( int argc, char **argv )
const char *progname = "slapadd";
struct berval csn;
- struct berval maxcsn = BER_BVNULL;
- struct berval ldifcsn = BER_BVNULL;
+ struct berval maxcsn;
int match;
- int provider_subentry = 0;
- struct subentryinfo *sei;
- LDAP_SLIST_HEAD( consumer_subentry_slist, subentryinfo ) consumer_subentry;
Attribute *attr;
Entry *ctxcsn_e;
- ID ctxcsn_id;
- struct berval ctxcsn_ndn = BER_BVNULL;
+ ID ctxcsn_id, id;
int ret;
struct berval bvtext;
int i;
struct berval mc;
- struct sync_cookie sc;
slap_tool_init( progname, SLAPADD, argc, argv );
- LDAP_SLIST_INIT( &consumer_subentry );
-
if( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_entry_put )
exit( EXIT_FAILURE );
}
+ if ( update_ctxcsn ) {
+ maxcsn.bv_val = maxcsnbuf;
+ maxcsn.bv_len = 0;
+ }
+
while( ldif_read_record( ldiffp, &lineno, &buf, &lmax ) ) {
Entry *e = str2entry( buf );
attr_merge( e, slap_schema.si_ad_entryCSN, vals, NULL );
}
- if ( !is_entry_syncProviderSubentry( e ) &&
- !is_entry_syncConsumerSubentry( e ) &&
- update_ctxcsn != SLAP_TOOL_CTXCSN_KEEP ) {
+ if ( update_ctxcsn ) {
attr = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
if ( maxcsn.bv_len != 0 ) {
+ match = 0;
value_match( &match, slap_schema.si_ad_entryCSN,
slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
match = -1;
}
if ( match < 0 ) {
- if ( maxcsn.bv_val )
- ch_free( maxcsn.bv_val );
- ber_dupbv( &maxcsn, &attr->a_nvals[0] );
+ strcpy( maxcsn.bv_val, attr->a_nvals[0].bv_val );
+ maxcsn.bv_len = attr->a_nvals[0].bv_len;
}
}
}
- if ( dryrun ) {
- if ( verbose ) {
- fprintf( stderr, "(dry) added: \"%s\"\n", e->e_dn );
- }
- goto done;
- }
-
- if ( update_ctxcsn == SLAP_TOOL_CTXCSN_KEEP &&
- ( replica_promotion || replica_demotion )) {
- if ( is_entry_syncProviderSubentry( e )) {
- if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
- fprintf( stderr, "%s: consumer and provider subentries "
- "are both present\n", progname );
- rc = EXIT_FAILURE;
- entry_free( e );
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
- while ( sei ) {
- ch_free( sei->cn.bv_val );
- ch_free( sei->ndn.bv_val );
- ch_free( sei->rdn.bv_val );
- ch_free( sei->cookie.bv_val );
- LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
- ch_free( sei );
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
- }
- break;
- }
- if ( provider_subentry ) {
- fprintf( stderr, "%s: multiple provider subentries are "
- "present : add -w flag to refresh\n", progname );
- rc = EXIT_FAILURE;
- entry_free( e );
- break;
- }
- attr = attr_find( e->e_attrs, slap_schema.si_ad_contextCSN );
- if ( attr == NULL ) {
- entry_free( e );
- continue;
- }
- provider_subentry = 1;
- ber_dupbv( &maxcsn, &attr->a_nvals[0] );
- } else if ( is_entry_syncConsumerSubentry( e )) {
- if ( provider_subentry ) {
- fprintf( stderr, "%s: consumer and provider subentries "
- "are both present\n", progname );
- rc = EXIT_FAILURE;
- entry_free( e );
- break;
- }
-
- attr = attr_find( e->e_attrs, slap_schema.si_ad_cn );
-
- if ( attr == NULL ) {
- entry_free( e );
- continue;
- }
-
- if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
- LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
- value_match( &match, slap_schema.si_ad_cn,
- slap_schema.si_ad_cn->ad_type->sat_equality,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &sei->cn, &attr->a_nvals[0], &text );
- }
- if ( !match ) {
- fprintf( stderr, "%s: multiple consumer subentries "
- "have the same id : add -w flag to refresh\n",
- progname );
- rc = EXIT_FAILURE;
- entry_free( e );
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
- while ( sei ) {
- ch_free( sei->cn.bv_val );
- ch_free( sei->ndn.bv_val );
- ch_free( sei->rdn.bv_val );
- ch_free( sei->cookie.bv_val );
- LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
- ch_free( sei );
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
- }
- break;
- }
- }
- sei = ch_calloc( 1, sizeof( struct subentryinfo ));
- ber_dupbv( &sei->cn, &attr->a_nvals[0] );
- ber_dupbv( &sei->ndn, &e->e_nname );
- dnExtractRdn( &sei->ndn, &sei->rdn, NULL );
- attr = attr_find( e->e_attrs, slap_schema.si_ad_syncreplCookie );
- if ( attr == NULL ) {
- ch_free( sei->cn.bv_val );
- ch_free( sei->ndn.bv_val );
- ch_free( sei->rdn.bv_val );
- ch_free( sei->cookie.bv_val );
- ch_free( sei );
- entry_free( e );
- continue;
- }
- ber_dupbv( &sei->cookie, &attr->a_nvals[0] );
- LDAP_SLIST_INSERT_HEAD( &consumer_subentry, sei, sei_next );
+ if ( !dryrun ) {
+ id = be->be_entry_put( be, e, &bvtext );
+ if( id == NOID ) {
+ fprintf( stderr, "%s: could not add entry dn=\"%s\" "
+ "(line=%d): %s\n", progname, e->e_dn,
+ lineno, bvtext.bv_val );
+ rc = EXIT_FAILURE;
+ entry_free( e );
+ if( continuemode ) continue;
+ break;
}
}
- if (( !is_entry_syncProviderSubentry( e ) &&
- !is_entry_syncConsumerSubentry( e )) ||
- ( !replica_promotion && !replica_demotion ))
- {
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if (!dryrun) {
- ID id = be->be_entry_put( be, e, &bvtext );
- if( id == NOID ) {
- fprintf( stderr, "%s: could not add entry dn=\"%s\" "
- "(line=%d): %s\n", progname, e->e_dn,
- lineno, bvtext.bv_val );
- rc = EXIT_FAILURE;
- entry_free( e );
- if( continuemode ) continue;
- break;
- }
-
- if ( verbose ) {
- fprintf( stderr, "added: \"%s\" (%08lx)\n",
- e->e_dn, (long) id );
- }
+ if ( verbose ) {
+ if ( dryrun ) {
+ fprintf( stderr, "added: \"%s\"\n",
+ e->e_dn );
} else {
- if ( verbose ) {
- fprintf( stderr, "(dry) added: \"%s\"\n", e->e_dn );
- }
+ fprintf( stderr, "added: \"%s\" (%08lx)\n",
+ e->e_dn, (long) id );
}
}
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
- if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
- maxcsn.bv_len = 0;
- maxcsn.bv_val = NULL;
- LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
- sc.octet_str = &sei->cookie;
- slap_parse_sync_cookie( &sc );
- if ( maxcsn.bv_len != 0 ) {
- value_match( &match, slap_schema.si_ad_syncreplCookie,
- slap_schema.si_ad_syncreplCookie->ad_type->sat_ordering,
+ if ( update_ctxcsn && !dryrun && maxcsn.bv_len ) {
+ ctxcsn_id = be->be_dn2id_get( be, be->be_nsuffix );
+ if ( ctxcsn_id == NOID ) {
+ fprintf( stderr, "%s: context entry is missing\n", progname );
+ rc = EXIT_FAILURE;
+ } else {
+ ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
+ if ( ret == LDAP_SUCCESS ) {
+ attr = attr_find( ctxcsn_e->e_attrs,
+ slap_schema.si_ad_contextCSN );
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &maxcsn, &sc.ctxcsn[0], &text );
- } else {
- match = -1;
- }
- if ( match < 0 ) {
- if ( maxcsn.bv_val )
- ch_free( maxcsn.bv_val );
- ber_dupbv( &maxcsn, &sc.ctxcsn[0] );
- }
- sc.octet_str = NULL;
- slap_sync_cookie_free( &sc, 0 );
- }
- }
-
- slap_compose_sync_cookie( NULL, &mc, &maxcsn, -1, -1 );
-
- if ( SLAP_LASTMOD(be) && replica_promotion ) {
- if ( provider_subentry || update_ctxcsn == SLAP_TOOL_CTXCSN_BATCH ||
- !LDAP_SLIST_EMPTY( &consumer_subentry )) {
- build_new_dn( &ctxcsn_ndn, &be->be_nsuffix[0],
- (struct berval *)&slap_ldapsync_cn_bv, NULL );
- ctxcsn_id = be->be_dn2id_get( be, &ctxcsn_ndn );
-
- if ( ctxcsn_id == NOID ) {
- ctxcsn_e = slap_create_context_csn_entry( be, &maxcsn );
-
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
- if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not add ctxcsn subentry\n",
- progname);
- rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "added: \"%s\" (%08lx)\n",
- ctxcsn_e->e_dn, (long) ctxcsn_id );
- }
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) added: \"%s\"\n", ctxcsn_e->e_dn );
- }
- }
- entry_free( ctxcsn_e );
- } else {
- ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
- if ( ret == LDAP_SUCCESS ) {
- attr = attr_find( ctxcsn_e->e_attrs,
- slap_schema.si_ad_contextCSN );
+ &maxcsn, &attr->a_nvals[0], &text );
+ if ( match > 0 ) {
AC_MEMCPY( attr->a_vals[0].bv_val, maxcsn.bv_val, maxcsn.bv_len );
attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
attr->a_vals[0].bv_len = maxcsn.bv_len;
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_modify( be, ctxcsn_e, &bvtext );
- if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not modify ctxcsn "
- "subentry\n", progname);
- rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "modified: \"%s\" (%08lx)\n",
- ctxcsn_e->e_dn, (long) ctxcsn_id );
- }
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) modified: \"%s\"\n",
- ctxcsn_e->e_dn );
- }
- }
- } else {
- fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
- progname);
- rc = EXIT_FAILURE;
- }
- }
- }
- } else if ( SLAP_LASTMOD(be) && replica_demotion &&
- ( update_ctxcsn == SLAP_TOOL_CTXCSN_BATCH ||
- provider_subentry )) {
-
- ber_dupbv( &slap_syncrepl_bv, (struct berval *) &slap_syncrepl_bvc );
- ber_dupbv( &slap_syncrepl_cn_bv,
- (struct berval *) &slap_syncrepl_cn_bvc );
-
- if ( replica_id_list == NULL ) {
- replica_id_list = ch_calloc( 2, sizeof( int ));
- replica_id_list[0] = 0;
- replica_id_list[1] = -1;
- }
-
- for ( i = 0; replica_id_list[i] > -1 ; i++ ) {
- slap_syncrepl_bv.bv_len = snprintf( slap_syncrepl_bv.bv_val,
- slap_syncrepl_bvc.bv_len+1,
- "syncrepl%d", replica_id_list[i] );
- slap_syncrepl_cn_bv.bv_len = snprintf( slap_syncrepl_cn_bv.bv_val,
- slap_syncrepl_cn_bvc.bv_len+1,
- "cn=syncrepl%d", replica_id_list[i] );
- build_new_dn( &ctxcsn_ndn, &be->be_nsuffix[0],
- (struct berval *)&slap_syncrepl_cn_bv, NULL );
- ctxcsn_id = be->be_dn2id_get( be, &ctxcsn_ndn );
-
- if ( ctxcsn_id == NOID ) {
- ctxcsn_e = slap_create_syncrepl_entry( be, &mc,
- &slap_syncrepl_cn_bv,
- &slap_syncrepl_bv );
-
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
- if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not add ctxcsn subentry\n",
- progname);
- rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "added: \"%s\" (%08lx)\n",
- ctxcsn_e->e_dn, (long) ctxcsn_id );
- }
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) added: \"%s\"\n",
- ctxcsn_e->e_dn );
- }
- }
- entry_free( ctxcsn_e );
- } else {
- ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
- if ( ret == LDAP_SUCCESS ) {
- attr = attr_find( ctxcsn_e->e_attrs,
- slap_schema.si_ad_syncreplCookie );
- AC_MEMCPY( attr->a_vals[0].bv_val, mc.bv_val, mc.bv_len );
- attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
- attr->a_vals[0].bv_len = maxcsn.bv_len;
-
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_modify( be,
- ctxcsn_e, &bvtext );
- if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not modify ctxcsn "
- "subentry\n", progname);
- rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "modified: \"%s\" (%08lx)\n",
- ctxcsn_e->e_dn, (long) ctxcsn_id );
- }
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) modified: \"%s\"\n",
- ctxcsn_e->e_dn );
- }
- }
- } else {
- fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
- progname);
- rc = EXIT_FAILURE;
- }
- }
- }
-
- if ( slap_syncrepl_bv.bv_val ) {
- ch_free( slap_syncrepl_bv.bv_val );
- }
- if ( slap_syncrepl_cn_bv.bv_val ) {
- ch_free( slap_syncrepl_cn_bv.bv_val );
- }
- } else if ( SLAP_LASTMOD(be) && replica_demotion &&
- !LDAP_SLIST_EMPTY( &consumer_subentry )) {
-
- LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
- ctxcsn_id = be->be_dn2id_get( be, &sei->ndn );
-
- if ( ctxcsn_id == NOID ) {
- ctxcsn_e = slap_create_syncrepl_entry( be, &sei->cookie,
- &sei->rdn, &sei->cn );
-
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
+ ctxcsn_id = be->be_entry_modify( be, ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not add ctxcsn subentry\n",
- progname);
+ fprintf( stderr, "%s: could not modify ctxcsn\n",
+ progname);
rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "added: \"%s\" (%08lx)\n",
+ } else if ( verbose ) {
+ fprintf( stderr, "modified: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) added: \"%s\"\n",
- ctxcsn_e->e_dn );
- }
- }
- entry_free( ctxcsn_e );
- } else {
- ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
- if ( ret == LDAP_SUCCESS ) {
- attr = attr_find( ctxcsn_e->e_attrs,
- slap_schema.si_ad_syncreplCookie );
- AC_MEMCPY( attr->a_vals[0].bv_val, sei->cookie.bv_val, sei->cookie.bv_len );
- attr->a_vals[0].bv_val[sei->cookie.bv_len] = '\0';
- attr->a_vals[0].bv_len = sei->cookie.bv_len;
-
- /* dryrun moved earlier */
- assert( !dryrun );
-
- if ( !dryrun ) {
- ctxcsn_id = be->be_entry_modify( be,
- ctxcsn_e, &bvtext );
- if( ctxcsn_id == NOID ) {
- fprintf( stderr, "%s: could not modify ctxcsn "
- "subentry\n", progname);
- rc = EXIT_FAILURE;
- }
- if ( verbose ) {
- fprintf( stderr, "modified: \"%s\" (%08lx)\n",
- ctxcsn_e->e_dn, (long) ctxcsn_id );
- }
- } else {
- if ( verbose ) {
- fprintf( stderr, "(dry) modified: \"%s\"\n",
- ctxcsn_e->e_dn );
- }
- }
- } else {
- fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
- progname);
- rc = EXIT_FAILURE;
}
}
- }
-
- if ( slap_syncrepl_bv.bv_val ) {
- ch_free( slap_syncrepl_bv.bv_val );
- }
- if ( slap_syncrepl_cn_bv.bv_val ) {
- ch_free( slap_syncrepl_cn_bv.bv_val );
- }
- }
-
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
- while ( sei ) {
- ch_free( sei->cn.bv_val );
- ch_free( sei->ndn.bv_val );
- ch_free( sei->rdn.bv_val );
- ch_free( sei->cookie.bv_val );
- LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
- ch_free( sei );
- sei = LDAP_SLIST_FIRST( &consumer_subentry );
+ }
}
ch_free( buf );
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
}
}
- if ( retrieve_ctxcsn == 0 ) {
- if ( is_entry_syncProviderSubentry( e ) ) {
- be_entry_release_r( &op, e );
- continue;
- }
- }
-
- if ( retrieve_synccookie == 0 ) {
- if ( is_entry_syncConsumerSubentry( e ) ) {
- be_entry_release_r( &op, e );
- continue;
- }
- }
-
if( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
{
char *options = NULL;
fprintf( stderr,
- "usage: %s [-v] [-c] [-d debuglevel] [-f configfile]\n",
+ "usage: %s [-v] [-c] [-d debuglevel] [-f configfile]",
progname );
switch( tool ) {
+ case SLAPACL:
+ options = "\n\t[-U authcID | -D authcDN]"
+ " -b DN [attr[/access][:value]] [...]\n";
+ break;
+
case SLAPADD:
- options = "\t[-n databasenumber | -b suffix]\n"
- "\t[-l ldiffile] [-u] [-p [-w] | -r [-i syncreplidlist] [-w]]\n";
+ options = "\n\t[-n databasenumber | -b suffix]\n"
+ "\t[-l ldiffile] [-u] [-w]\n";
+ break;
+
+ case SLAPAUTH:
+ options = "\n\t[-U authcID] [-X authzID] [-R realm] [-M mech] ID [...]\n";
break;
case SLAPCAT:
- options = "\t[-n databasenumber | -b suffix]"
- " [-l ldiffile] [-a filter] [-m] [-k]\n";
+ options = "\n\t[-n databasenumber | -b suffix]"
+ " [-l ldiffile] [-a filter]\n";
break;
case SLAPDN:
- options = "\tDN [...]\n";
+ options = " DN [...]\n";
break;
case SLAPINDEX:
- options = "\t[-n databasenumber | -b suffix]\n";
+ options = "\n\t[-n databasenumber | -b suffix]\n";
break;
- case SLAPAUTH:
- options = "\t[-U authcID] [-X authzID] [-R realm] [-M mech] ID [...]\n";
- break;
-
- case SLAPACL:
- options = "\t[-U authcID | -D authcDN]"
- " -b DN [attr[/access][:value]] [...]\n";
+ case SLAPTEST:
+ options = " [-u]\n";
break;
}
int truncatemode = 0;
#ifdef CSRIMALLOC
- leakfilename = malloc( strlen( progname ) + STRLEOF( ".leak" ) - 1 );
+ leakfilename = malloc( strlen( progname ) + STRLENOF( ".leak" ) + 1 );
sprintf( leakfilename, "%s.leak", progname );
if( ( leakfile = fopen( leakfilename, "w" )) == NULL ) {
leakfile = stderr;
switch( tool ) {
case SLAPADD:
- options = "b:cd:f:i:l:n:prtuvWw";
+ options = "b:cd:f:l:n:tuvw";
break;
case SLAPCAT:
- options = "a:b:cd:f:kl:mn:s:v";
+ options = "a:b:cd:f:l:n:s:v";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
break;
case SLAPDN:
- case SLAPTEST:
options = "d:f:v";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
break;
+ case SLAPTEST:
+ options = "d:f:uv";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
case SLAPAUTH:
options = "d:f:M:R:U:vX:";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
conffile = strdup( optarg );
break;
- case 'i': /* specify syncrepl id list */
- replica_id_string = strdup( optarg );
- if ( !isdigit( (unsigned char) *replica_id_string )) {
- usage( tool, progname );
- exit( EXIT_FAILURE );
- }
- slap_str2clist( &replica_id_strlist, replica_id_string, "," );
- for ( i = 0; replica_id_strlist && replica_id_strlist[i]; i++ ) ;
- replica_id_list = ch_calloc( i + 1, sizeof( int ) );
- for ( i = 0; replica_id_strlist && replica_id_strlist[i]; i++ ) {
- replica_id_list[i] = atoi( replica_id_strlist[i] );
- if ( replica_id_list[i] >= 1000 ) {
- fprintf(stderr,
- "%s: syncrepl id %d is out of range [0..999]\n",
- progname, replica_id_list[i] );
- exit( EXIT_FAILURE );
- }
- }
- replica_id_list[i] = -1;
- break;
-
- case 'k': /* Retrieve sync cookie entry */
- retrieve_synccookie = 1;
- break;
-
case 'l': /* LDIF file */
ldiffile = strdup( optarg );
break;
- case 'm': /* Retrieve ldapsync entry */
- retrieve_ctxcsn = 1;
- break;
-
case 'M':
ber_str2bv( optarg, 0, 0, &mech );
break;
dbnum = atoi( optarg ) - 1;
break;
- case 'p': /* replica promotion */
- replica_promotion = 1;
- break;
-
- case 'r': /* replica demotion */
- replica_demotion = 1;
- break;
-
case 'R':
realm = optarg;
break;
verbose++;
break;
- case 'W': /* write context csn on every entry add */
- update_ctxcsn = SLAP_TOOL_CTXCSN_BATCH;
- /* FIXME : update_ctxcsn = SLAP_TOOL_CTXCSN_ENTRY; */
- break;
-
- case 'w': /* write context csn on at the end */
- update_ctxcsn = SLAP_TOOL_CTXCSN_BATCH;
+ case 'w': /* write context csn at the end */
+ update_ctxcsn++;
break;
case 'X':
usage( tool, progname );
}
- if ( replica_promotion && replica_demotion ) {
- usage( tool, progname );
-
- } else if ( !replica_promotion && !replica_demotion ) {
- if ( update_ctxcsn != SLAP_TOOL_CTXCSN_KEEP ) {
- usage( tool, progname );
- }
- }
break;
case SLAPDN:
#endif
if ( !dryrun && slap_startup( be ) ) {
- fprintf( stderr, "slap_startup failed\n" );
+
+ switch ( tool ) {
+ case SLAPTEST:
+ fprintf( stderr, "slap_startup failed "
+ "(test would succeed using "
+ "the -u switch)\n" );
+ break;
+
+ default:
+ fprintf( stderr, "slap_startup failed\n" );
+ break;
+ }
+
exit( EXIT_FAILURE );
}
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
SLAPLAST
};
-#define SLAP_TOOL_CTXCSN_KEEP 0
-#define SLAP_TOOL_CTXCSN_ENTRY 1
-#define SLAP_TOOL_CTXCSN_BATCH 2
-
typedef struct tool_vars {
Backend *tv_be;
int tv_verbose;
int tv_update_ctxcsn;
- int tv_retrieve_ctxcsn;
- int tv_retrieve_synccookie;
- int tv_replica_promotion;
- int tv_replica_demotion;
- char *tv_replica_id_string;
- char **tv_replica_id_strlist;
- int *tv_replica_id_list;
int tv_continuemode;
int tv_nosubordinates;
int tv_dryrun;
#define be tool_globals.tv_be
#define verbose tool_globals.tv_verbose
#define update_ctxcsn tool_globals.tv_update_ctxcsn
-#define retrieve_ctxcsn tool_globals.tv_retrieve_ctxcsn
-#define retrieve_synccookie tool_globals.tv_retrieve_synccookie
-#define replica_promotion tool_globals.tv_replica_promotion
-#define replica_demotion tool_globals.tv_replica_demotion
-#define replica_id_string tool_globals.tv_replica_id_string
-#define replica_id_strlist tool_globals.tv_replica_id_strlist
-#define replica_id_list tool_globals.tv_replica_id_list
#define continuemode tool_globals.tv_continuemode
#define nosubordinates tool_globals.tv_nosubordinates
#define dryrun tool_globals.tv_dryrun
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## Portions Copyright IBM Corp. 1997,2002,2003
## All rights reserved.
##
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
static int
isValidParam( Slapi_PBlock *pb, int param )
{
+ if ( !pb ) {
+ return INVALID_PARAM;
+ }
+
if ( pb->ckParams == TRUE ) {
if ( IBM_RESERVED( param ) ) return LDAP_SUCCESS;
if (param == SLAPI_PLUGIN_AUDIT_FN ||
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2004 The OpenLDAP Foundation.
+ * Copyright 2002-2005 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 by IBM Corporation.
* Portions Copyright 2003 by Howard Chu, Symas Corporation.
* All rights reserved.
#undef ldap_debug
#include "../../libraries/libldap/ldap-int.h"
-#define SYNCREPL_STR "syncreplxxx"
-#define CN_STR "cn="
-
-static const struct berval slap_syncrepl_bvc = BER_BVC(SYNCREPL_STR);
-static const struct berval slap_syncrepl_cn_bvc = BER_BVC(CN_STR SYNCREPL_STR);
-
static int syncuuid_cmp( const void *, const void * );
static void avl_ber_bvfree( void * );
static void syncrepl_del_nonpresent( Operation *, syncinfo_t *, BerVarray );
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &ctx );
- if ( si->si_syncCookie.octet_str &&
- !BER_BVISNULL( &si->si_syncCookie.octet_str[0] ) )
+ if ( !BER_BVISNULL( &si->si_syncCookie.octet_str ) )
{
ber_printf( ber, "{eO}",
abs(si->si_type),
- &si->si_syncCookie.octet_str[0] );
+ &si->si_syncCookie.octet_str );
} else {
ber_printf( ber, "{e}",
abs(si->si_type) );
int rc;
int cmdline_cookie_found = 0;
- char syncrepl_cbuf[sizeof(CN_STR SYNCREPL_STR)];
- struct berval syncrepl_cn_bv;
struct sync_cookie *sc = NULL;
struct berval *psub;
#ifdef HAVE_TLS
psub = &si->si_be->be_nsuffix[0];
/* Init connection to master */
- rc = ldap_initialize( &si->si_ld, si->si_provideruri );
+ rc = ldap_initialize( &si->si_ld, si->si_provideruri.bv_val );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"do_syncrep1: ldap_initialize failed (%s)\n",
- si->si_provideruri, 0, 0 );
+ si->si_provideruri.bv_val, 0, 0 );
return rc;
}
if( rc != LDAP_OPT_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
"(%s,SECPROPS,\"%s\") failed!\n",
- si->si_provideruri, si->si_secprops, 0 );
+ si->si_provideruri.bv_val, si->si_secprops, 0 );
goto done;
}
}
op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
? op->o_sasl_ssf : op->o_tls_ssf;
- /* get syncrepl cookie of shadow replica from subentry */
- assert( si->si_rid < 1000 );
- syncrepl_cn_bv.bv_val = syncrepl_cbuf;
- syncrepl_cn_bv.bv_len = snprintf( syncrepl_cbuf, sizeof(syncrepl_cbuf),
- CN_STR "syncrepl%ld", si->si_rid );
- build_new_dn( &op->o_req_ndn, psub, &syncrepl_cn_bv, op->o_tmpmemctx );
- op->o_req_dn = op->o_req_ndn;
-
- LDAP_STAILQ_FOREACH( sc, &slap_sync_cookie, sc_next ) {
- if ( si->si_rid == sc->rid ) {
- cmdline_cookie_found = 1;
- break;
- }
- }
- if ( cmdline_cookie_found ) {
- /* cookie is supplied in the command line */
- BerVarray cookie = NULL;
- struct berval cookie_bv;
+ if ( BER_BVISNULL( &si->si_syncCookie.octet_str )) {
+ /* get contextCSN shadow replica from database */
+ BerVarray csn = NULL;
+ struct berval newcookie;
- LDAP_STAILQ_REMOVE( &slap_sync_cookie, sc, sync_cookie, sc_next );
- slap_sync_cookie_free( &si->si_syncCookie, 0 );
+ assert( si->si_rid < 1000 );
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ op->o_req_dn = op->o_req_ndn;
- /* read stored cookie if it exists */
+ /* try to read stored contextCSN */
backend_attribute( op, NULL, &op->o_req_ndn,
- slap_schema.si_ad_syncreplCookie, &cookie, ACL_READ );
+ slap_schema.si_ad_contextCSN, &csn, ACL_READ );
+ if ( csn ) {
+ ch_free( si->si_syncCookie.ctxcsn.bv_val );
+ ber_dupbv( &si->si_syncCookie.ctxcsn, csn );
+ ber_bvarray_free_x( csn, op->o_tmpmemctx );
+ }
- if ( !cookie ) {
- /* no stored cookie */
- if ( sc->ctxcsn == NULL ||
- BER_BVISNULL( sc->ctxcsn ) ) {
+ si->si_syncCookie.rid = si->si_rid;
+
+ LDAP_STAILQ_FOREACH( sc, &slap_sync_cookie, sc_next ) {
+ if ( si->si_rid == sc->rid ) {
+ cmdline_cookie_found = 1;
+ break;
+ }
+ }
+
+ if ( cmdline_cookie_found ) {
+ /* cookie is supplied in the command line */
+
+ LDAP_STAILQ_REMOVE( &slap_sync_cookie, sc, sync_cookie, sc_next );
+
+ if ( BER_BVISNULL( &sc->ctxcsn ) ) {
/* if cmdline cookie does not have ctxcsn */
/* component, set it to an initial value */
slap_init_sync_cookie_ctxcsn( sc );
}
+ slap_sync_cookie_free( &si->si_syncCookie, 0 );
slap_dup_sync_cookie( &si->si_syncCookie, sc );
slap_sync_cookie_free( sc, 1 );
- sc = NULL;
-
- } else {
- /* stored cookie */
- struct berval newcookie = BER_BVNULL;
- ber_dupbv( &cookie_bv, &cookie[0] );
- ber_bvarray_add( &si->si_syncCookie.octet_str, &cookie_bv );
- slap_parse_sync_cookie( &si->si_syncCookie );
- ber_bvarray_free( si->si_syncCookie.octet_str );
- si->si_syncCookie.octet_str = NULL;
- ber_bvarray_free_x( cookie, op->o_tmpmemctx );
- if ( sc->sid != -1 ) {
- /* command line cookie wins */
- si->si_syncCookie.sid = sc->sid;
- }
- if ( sc->ctxcsn != NULL ) {
- /* command line cookie wins */
- if ( si->si_syncCookie.ctxcsn ) {
- ber_bvarray_free( si->si_syncCookie.ctxcsn );
- si->si_syncCookie.ctxcsn = NULL;
- }
- ber_dupbv( &cookie_bv, &sc->ctxcsn[0] );
- ber_bvarray_add( &si->si_syncCookie.ctxcsn, &cookie_bv );
- }
- if ( sc->rid != -1 ) {
- /* command line cookie wins */
- si->si_syncCookie.rid = sc->rid;
- }
- slap_sync_cookie_free( sc, 1 );
- sc = NULL;
- slap_compose_sync_cookie( NULL, &newcookie,
- &si->si_syncCookie.ctxcsn[0],
- si->si_syncCookie.sid, si->si_syncCookie.rid );
- ber_bvarray_add( &si->si_syncCookie.octet_str, &newcookie );
}
- } else {
- /* no command line cookie is specified */
- if ( si->si_syncCookie.octet_str == NULL ) {
- BerVarray cookie = NULL;
- struct berval cookie_bv;
- /* try to read stored cookie */
- backend_attribute( op, NULL, &op->o_req_ndn,
- slap_schema.si_ad_syncreplCookie, &cookie, ACL_READ );
- if ( cookie ) {
- ber_dupbv( &cookie_bv, &cookie[0] );
- ber_bvarray_add( &si->si_syncCookie.octet_str, &cookie_bv );
- slap_parse_sync_cookie( &si->si_syncCookie );
- ber_bvarray_free_x( cookie, op->o_tmpmemctx );
- }
- }
+ slap_compose_sync_cookie( NULL, &si->si_syncCookie.octet_str,
+ &si->si_syncCookie.ctxcsn, si->si_syncCookie.rid );
}
rc = ldap_sync_search( si, op->o_tmpmemctx );
}
}
- slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
-
return rc;
}
int syncstate;
struct berval syncUUID = BER_BVNULL;
- struct sync_cookie syncCookie = { NULL, -1, NULL };
- struct sync_cookie syncCookie_req = { NULL, -1, NULL };
+ struct sync_cookie syncCookie = { 0 };
+ struct sync_cookie syncCookie_req = { 0 };
struct berval cookie = BER_BVNULL;
int rc, err, i;
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
ber_scanf( ber, /*"{"*/ "m}", &cookie );
if ( !BER_BVISNULL( &cookie ) ) {
- struct berval tmp_bv;
- ber_dupbv( &tmp_bv, &cookie );
- ber_bvarray_add( &syncCookie.octet_str, &tmp_bv );
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
}
- if ( syncCookie.octet_str &&
- !BER_BVISNULL( &syncCookie.octet_str[0] ) )
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie );
}
if ( syncrepl_message_to_entry( si, op, msg,
&modlist, &entry, syncstate ) == LDAP_SUCCESS ) {
rc_efree = syncrepl_entry( si, op, entry, &modlist,
- syncstate, &syncUUID, &syncCookie_req, syncCookie.ctxcsn );
- if ( syncCookie.octet_str &&
- !BER_BVISNULL( &syncCookie.octet_str[0] ) )
+ syncstate, &syncUUID, &syncCookie_req, &syncCookie.ctxcsn );
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
syncrepl_updateCookie( si, op, psub, &syncCookie );
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
ber_scanf( ber, "m", &cookie );
if ( !BER_BVISNULL( &cookie ) ) {
- struct berval tmp_bv;
- ber_dupbv( &tmp_bv, &cookie );
- ber_bvarray_add( &syncCookie.octet_str, &tmp_bv);
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie);
}
- if ( syncCookie.octet_str &&
- !BER_BVISNULL( &syncCookie.octet_str[0] ) )
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie );
}
}
ber_scanf( ber, /*"{"*/ "}" );
}
- if ( syncCookie_req.ctxcsn == NULL ) {
+ if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
match = -1;
- } else if ( syncCookie.ctxcsn == NULL ) {
+ } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
match = 1;
} else {
value_match( &match, slap_schema.si_ad_entryCSN,
slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &syncCookie_req.ctxcsn[0], &syncCookie.ctxcsn[0],
+ &syncCookie_req.ctxcsn, &syncCookie.ctxcsn,
&text );
}
- if ( syncCookie.octet_str && !BER_BVISNULL( syncCookie.octet_str ) &&
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) &&
match < 0 && err == LDAP_SUCCESS )
{
syncrepl_updateCookie( si, op, psub, &syncCookie );
{
ber_scanf( ber, "m", &cookie );
if ( !BER_BVISNULL( &cookie ) ) {
- struct berval tmp_bv;
- ber_dupbv( &tmp_bv, &cookie );
- ber_bvarray_add( &syncCookie.octet_str,
- &tmp_bv);
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
}
- if ( syncCookie.octet_str &&
- !BER_BVISNULL( &syncCookie.octet_str[0] ) )
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie );
}
{
ber_scanf( ber, "m", &cookie );
if ( !BER_BVISNULL( &cookie ) ) {
- struct berval tmp_bv;
- ber_dupbv( &tmp_bv, &cookie );
- ber_bvarray_add( &syncCookie.octet_str,
- &tmp_bv );
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
}
- if ( syncCookie.octet_str &&
- !BER_BVISNULL( &syncCookie.octet_str[0] ) )
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie );
}
continue;
}
- if ( syncCookie_req.ctxcsn == NULL ) {
+ if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
match = -1;
- } else if ( syncCookie.ctxcsn == NULL ) {
+ } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
match = 1;
} else {
value_match( &match, slap_schema.si_ad_entryCSN,
slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &syncCookie_req.ctxcsn[0],
- &syncCookie.ctxcsn[0], &text );
+ &syncCookie_req.ctxcsn,
+ &syncCookie.ctxcsn, &text );
}
- if ( syncCookie.ctxcsn && !BER_BVISNULL( &syncCookie.ctxcsn[0] ) &&
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
match < 0 )
{
syncrepl_updateCookie( si, op, psub, &syncCookie);
break;
}
- if ( syncCookie.octet_str ) {
+ if ( !BER_BVISNULL( &syncCookie.octet_str )) {
slap_sync_cookie_free( &syncCookie_req, 0 );
slap_dup_sync_cookie( &syncCookie_req, &syncCookie );
slap_sync_cookie_free( &syncCookie, 0 );
op->o_tmpmemctx = NULL;
op->o_tmpmfuncs = &ch_mfuncs;
- op->o_dn = si->si_updatedn;
- op->o_ndn = si->si_updatedn;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
op->o_bd = be = si->si_be;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
/* Establish session, do search */
if ( !si->si_ld ) {
if ( !si->si_retrynum || si->si_retrynum[i] == -2 ) {
ldap_pvt_runqueue_remove( &slapd_rq, rtask );
- LDAP_STAILQ_REMOVE( &be->be_syncinfo, si, syncinfo_s, si_next );
- syncinfo_free( si );
} else if ( si->si_retrynum[i] >= -1 ) {
if ( si->si_retrynum[i] > 0 )
si->si_retrynum[i]--;
int ret = LDAP_SUCCESS;
struct berval pdn = BER_BVNULL;
- struct berval org_req_dn = BER_BVNULL;
- struct berval org_req_ndn = BER_BVNULL;
- struct berval org_dn = BER_BVNULL;
- struct berval org_ndn = BER_BVNULL;
- int org_managedsait;
dninfo dni = {0};
int retry = 1;
ava.aa_value = *syncUUID;
op->ors_filter = &f;
- op->ors_filterstr.bv_len = STRLENOF( "entryUUID=" ) + syncUUID->bv_len;
+ op->ors_filterstr.bv_len = STRLENOF( "(entryUUID=)" ) + syncUUID->bv_len;
op->ors_filterstr.bv_val = (char *) slap_sl_malloc(
op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
- AC_MEMCPY( op->ors_filterstr.bv_val, "entryUUID=", STRLENOF( "entryUUID=" ) );
- AC_MEMCPY( &op->ors_filterstr.bv_val[STRLENOF( "entryUUID=" )],
+ AC_MEMCPY( op->ors_filterstr.bv_val, "(entryUUID=", STRLENOF( "(entryUUID=" ) );
+ AC_MEMCPY( &op->ors_filterstr.bv_val[STRLENOF( "(entryUUID=" )],
syncUUID->bv_val, syncUUID->bv_len );
+ op->ors_filterstr.bv_val[op->ors_filterstr.bv_len - 1] = ')';
op->ors_filterstr.bv_val[op->ors_filterstr.bv_len] = '\0';
op->o_tag = LDAP_REQ_SEARCH;
cb.sc_response = null_callback;
cb.sc_private = si;
- if ( entry && entry->e_name.bv_val ) {
+ if ( entry && !BER_BVISNULL( &entry->e_name ) ) {
Debug( LDAP_DEBUG_SYNC,
"syncrepl_entry: %s\n",
entry->e_name.bv_val, 0, 0 );
dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0, 0 );
}
- org_req_dn = op->o_req_dn;
- org_req_ndn = op->o_req_ndn;
- org_dn = op->o_dn;
- org_ndn = op->o_ndn;
- org_managedsait = get_manageDSAit( op );
- op->o_dn = op->o_bd->be_rootdn;
- op->o_ndn = op->o_bd->be_rootndn;
- op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
-
if ( syncstate != LDAP_SYNC_DELETE ) {
- attr_delete( &entry->e_attrs, slap_schema.si_ad_entryUUID );
- attr_merge_one( entry, slap_schema.si_ad_entryUUID,
- &syncUUID_strrep, syncUUID );
+ Attribute *a = attr_find( entry->e_attrs, slap_schema.si_ad_entryUUID );
+
+ if ( a == NULL ) {
+ /* add if missing */
+ attr_merge_one( entry, slap_schema.si_ad_entryUUID,
+ &syncUUID_strrep, syncUUID );
+
+ } else if ( !bvmatch( &a->a_nvals[0], syncUUID ) ) {
+ /* replace only if necessary */
+ if ( a->a_nvals != a->a_vals ) {
+ ber_memfree( a->a_nvals[0].bv_val );
+ ber_dupbv( &a->a_nvals[0], syncUUID );
+ }
+ ber_memfree( a->a_vals[0].bv_val );
+ ber_dupbv( &a->a_vals[0], &syncUUID_strrep );
+ }
}
switch ( syncstate ) {
assert( *modlist );
/* Delete all the old attrs */
- for ( i=0; i<dni.attrs; i++) {
- mod = ch_malloc( sizeof(Modifications));
+ for ( i = 0; i < dni.attrs; i++ ) {
+ mod = ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_DELETE;
mod->sml_desc = dni.ads[i];
- mod->sml_type =mod->sml_desc->ad_cname;
+ mod->sml_type = mod->sml_desc->ad_cname;
mod->sml_values = NULL;
mod->sml_nvalues = NULL;
if ( !modhead ) modhead = mod;
SlapReply rs_modify = {REP_RESULT};
struct nonpresent_entry *np_list, *np_prev;
int rc;
- Modifications *ml;
- Modifications *mlnext;
- Modifications *mod;
- Modifications *modlist = NULL;
- Modifications **modtail;
AttributeName an[2];
struct berval pdn = BER_BVNULL;
struct berval org_req_dn = BER_BVNULL;
struct berval org_req_ndn = BER_BVNULL;
- struct berval org_dn = BER_BVNULL;
- struct berval org_ndn = BER_BVNULL;
- int org_managedsait;
op->o_req_dn = si->si_base;
op->o_req_ndn = si->si_base;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_limit = NULL;
op->ors_filter = &uf;
- op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
uf.f_ava = &eq;
uf.f_av_desc = slap_schema.si_ad_entryUUID;
op->ors_filter = str2filter_x( op, si->si_filterstr.bv_val );
op->ors_filterstr = si->si_filterstr;
op->o_nocaching = 1;
- op->o_managedsait = SLAP_CONTROL_NONE;
if ( limits_check( op, &rs_search ) == 0 ) {
rc = be->be_search( op, &rs_search );
if ( op->ors_filter ) filter_free_x( op, op->ors_filter );
}
- op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
op->o_nocaching = 0;
if ( !LDAP_LIST_EMPTY( &si->si_nonpresentlist ) ) {
+
+ slap_queue_csn( op, &si->si_syncCookie.ctxcsn );
+
np_list = LDAP_LIST_FIRST( &si->si_nonpresentlist );
while ( np_list != NULL ) {
LDAP_LIST_REMOVE( np_list, npe_link );
rc = op->o_bd->be_delete( op, &rs_delete );
if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
- modtail = &modlist;
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_objectClass;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = &gcbva[0];
- *modtail = mod;
- modtail = &mod->sml_next;
-
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_structuralObjectClass;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = &gcbva[1];
- *modtail = mod;
- modtail = &mod->sml_next;
+ Modifications mod1, mod2;
+ mod1.sml_op = LDAP_MOD_REPLACE;
+ mod1.sml_desc = slap_schema.si_ad_objectClass;
+ mod1.sml_type = mod1.sml_desc->ad_cname;
+ mod1.sml_values = &gcbva[0];
+ mod1.sml_nvalues = NULL;
+ mod1.sml_next = &mod2;
+
+ mod2.sml_op = LDAP_MOD_REPLACE;
+ mod2.sml_desc = slap_schema.si_ad_structuralObjectClass;
+ mod2.sml_type = mod2.sml_desc->ad_cname;
+ mod2.sml_values = &gcbva[1];
+ mod2.sml_nvalues = NULL;
+ mod2.sml_next = NULL;
op->o_tag = LDAP_REQ_MODIFY;
- op->orm_modlist = modlist;
+ op->orm_modlist = &mod1;
rc = be->be_modify( op, &rs_modify );
-
- for ( ml = modlist; ml != NULL; ml = mlnext ) {
- mlnext = ml->sml_next;
- free( ml );
- }
}
- org_req_dn = op->o_req_dn;
- org_req_ndn = op->o_req_ndn;
- org_dn = op->o_dn;
- org_ndn = op->o_ndn;
- org_managedsait = get_manageDSAit( op );
- op->o_dn = op->o_bd->be_rootdn;
- op->o_ndn = op->o_bd->be_rootndn;
- op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
-
while ( rs_delete.sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
}
}
- op->o_managedsait = org_managedsait;
- op->o_dn = org_dn;
- op->o_ndn = org_ndn;
- op->o_req_dn = org_req_dn;
- op->o_req_ndn = org_req_ndn;
op->o_delete_glue_parent = 0;
ber_bvfree( np_prev->npe_name );
ber_bvfree( np_prev->npe_nname );
- BER_BVZERO( &op->o_req_dn );
- BER_BVZERO( &op->o_req_ndn );
ch_free( np_prev );
}
+
+ slap_graduate_commit_csn( op );
}
return;
return;
}
-static struct berval ocbva[] = {
- BER_BVC("top"),
- BER_BVC("subentry"),
- BER_BVC("syncConsumerSubentry"),
- BER_BVNULL
-};
-
-static struct berval cnbva[] = {
- BER_BVNULL,
- BER_BVNULL
-};
-
-static struct berval ssbva[] = {
- BER_BVC("{}"),
- BER_BVNULL
-};
-
-static struct berval scbva[] = {
- BER_BVNULL,
- BER_BVNULL
-};
-
void
syncrepl_updateCookie(
syncinfo_t *si,
struct sync_cookie *syncCookie )
{
Backend *be = op->o_bd;
- Modifications *ml;
- Modifications *mlnext;
- Modifications *mod;
- Modifications *modlist = NULL;
- Modifications **modtail = &modlist;
+ Modifications mod = {0};
+ struct berval vals[2];
const char *text;
char txtbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof txtbuf;
- Entry* e = NULL;
int rc;
- char syncrepl_cbuf[sizeof(CN_STR SYNCREPL_STR)];
- struct berval slap_syncrepl_dn_bv = BER_BVNULL;
- struct berval slap_syncrepl_cn_bv = BER_BVNULL;
-
slap_callback cb = { NULL };
- SlapReply rs_add = {REP_RESULT};
SlapReply rs_modify = {REP_RESULT};
slap_sync_cookie_free( &si->si_syncCookie, 0 );
slap_dup_sync_cookie( &si->si_syncCookie, syncCookie );
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_objectClass;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = ocbva;
- *modtail = mod;
- modtail = &mod->sml_next;
-
- ber_dupbv( &cnbva[0], (struct berval *) &slap_syncrepl_bvc );
- assert( si->si_rid < 1000 );
- cnbva[0].bv_len = snprintf( cnbva[0].bv_val,
- slap_syncrepl_bvc.bv_len + 1,
- "syncrepl%ld", si->si_rid );
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_cn;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = cnbva;
- *modtail = mod;
- modtail = &mod->sml_next;
-
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_subtreeSpecification;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = ssbva;
- *modtail = mod;
- modtail = &mod->sml_next;
-
- /* Keep this last, so we can avoid touching the previous
- * attributes unnecessarily.
- */
- if ( scbva[0].bv_val ) ch_free( scbva[0].bv_val );
- ber_dupbv( &scbva[0], &si->si_syncCookie.octet_str[0] );
- mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_desc = slap_schema.si_ad_syncreplCookie;
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = scbva;
- *modtail = mod;
- modtail = &mod->sml_next;
-
- slap_queue_csn( op, si->si_syncCookie.ctxcsn );
-
- mlnext = mod;
+ mod.sml_op = LDAP_MOD_REPLACE;
+ mod.sml_desc = slap_schema.si_ad_contextCSN;
+ mod.sml_type = mod.sml_desc->ad_cname;
+ mod.sml_values = vals;
+ vals[0] = si->si_syncCookie.ctxcsn;
+ vals[1].bv_val = NULL;
+ vals[1].bv_len = 0;
- op->o_tag = LDAP_REQ_ADD;
- rc = slap_mods_opattrs( op, modlist, modtail,
- &text, txtbuf, textlen, 0 );
-
- for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
- ml->sml_op = LDAP_MOD_REPLACE;
- }
+ slap_queue_csn( op, &si->si_syncCookie.ctxcsn );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_updateCookie: mods opattrs (%s)\n",
- text, 0, 0 );
- }
-
- e = ( Entry * ) ch_calloc( 1, sizeof( Entry ));
+ op->o_tag = LDAP_REQ_MODIFY;
- slap_syncrepl_cn_bv.bv_val = syncrepl_cbuf;
assert( si->si_rid < 1000 );
- slap_syncrepl_cn_bv.bv_len = snprintf( slap_syncrepl_cn_bv.bv_val,
- slap_syncrepl_cn_bvc.bv_len + 1,
- "cn=syncrepl%ld", si->si_rid );
-
- build_new_dn( &slap_syncrepl_dn_bv, pdn, &slap_syncrepl_cn_bv,
- op->o_tmpmemctx );
- ber_dupbv( &e->e_name, &slap_syncrepl_dn_bv );
- ber_dupbv( &e->e_nname, &slap_syncrepl_dn_bv );
-
- if ( !BER_BVISNULL( &slap_syncrepl_dn_bv ) ) {
- slap_sl_free( slap_syncrepl_dn_bv.bv_val, op->o_tmpmemctx );
- }
-
- e->e_attrs = NULL;
-
- rc = slap_mods2entry( modlist, &e, 1, 1, &text, txtbuf, textlen );
-
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_updateCookie: mods2entry (%s)\n",
- text, 0, 0 );
- }
cb.sc_response = null_callback;
cb.sc_private = si;
op->o_callback = &cb;
- op->o_req_dn = e->e_name;
- op->o_req_ndn = e->e_nname;
+ op->o_req_dn = op->o_bd->be_suffix[0];
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
- /* update persistent cookie */
-update_cookie_retry:
- op->o_tag = LDAP_REQ_MODIFY;
- /* Just modify the cookie value, not the entire entry */
- op->orm_modlist = mod;
+ /* update contextCSN */
+ op->o_msgid = SLAP_SYNC_UPDATE_MSGID;
+ op->orm_modlist = &mod;
rc = be->be_modify( op, &rs_modify );
+ op->o_msgid = 0;
if ( rs_modify.sr_err != LDAP_SUCCESS ) {
- if ( rs_modify.sr_err == LDAP_REFERRAL ||
- rs_modify.sr_err == LDAP_NO_SUCH_OBJECT ) {
- op->o_tag = LDAP_REQ_ADD;
- op->ora_e = e;
- rc = be->be_add( op, &rs_add );
- if ( rs_add.sr_err != LDAP_SUCCESS ) {
- if ( rs_add.sr_err == LDAP_ALREADY_EXISTS ) {
- goto update_cookie_retry;
- } else if ( rs_add.sr_err == LDAP_REFERRAL ||
- rs_add.sr_err == LDAP_NO_SUCH_OBJECT ) {
- Debug( LDAP_DEBUG_ANY,
- "cookie will be non-persistent\n",
- 0, 0, 0 );
- } else {
- Debug( LDAP_DEBUG_ANY,
- "be_add failed (%d)\n", rs_add.sr_err, 0, 0 );
- }
- } else {
- be_entry_release_w( op, e );
- goto done;
- }
- } else {
- Debug( LDAP_DEBUG_ANY,
- "be_modify failed (%d)\n", rs_modify.sr_err, 0, 0 );
- }
- }
- if ( e != NULL ) {
- entry_free( e );
+ Debug( LDAP_DEBUG_ANY,
+ "be_modify failed (%d)\n", rs_modify.sr_err, 0, 0 );
}
done :
slap_graduate_commit_csn( op );
-
- if ( !BER_BVISNULL( &cnbva[0] ) ) {
- ch_free( cnbva[0].bv_val );
- BER_BVZERO( &cnbva[0] );
- }
- if ( !BER_BVISNULL( &scbva[0] ) ) {
- ch_free( scbva[0].bv_val );
- BER_BVZERO( &scbva[0] );
- }
-
- if ( mlnext->sml_next ) {
- slap_mods_free( mlnext->sml_next );
- mlnext->sml_next = NULL;
- }
-
- for (ml = modlist ; ml != NULL; ml = mlnext ) {
- mlnext = ml->sml_next;
- free( ml );
- }
-
return;
}
-int
-syncrepl_isupdate( Operation *op )
-{
- return ( syncrepl_isupdate_dn( op->o_bd, &op->o_ndn ));
-}
-
-int
-syncrepl_isupdate_dn(
- Backend* be,
- struct berval* ndn )
-{
- syncinfo_t* si;
- int ret = 0;
-
- if ( !LDAP_STAILQ_EMPTY( &be->be_syncinfo )) {
- LDAP_STAILQ_FOREACH( si, &be->be_syncinfo, si_next ) {
- if ( ( ret = dn_match( &si->si_updatedn, ndn ) ) ) {
- return ret;
- }
- }
- }
- return 0;
-}
-
static int
dn_callback(
Operation* op,
return LDAP_SUCCESS;
}
-Entry *
-slap_create_syncrepl_entry(
- Backend *be,
- struct berval *context_csn,
- struct berval *rdn,
- struct berval *cn )
-{
- Entry* e;
-
- struct berval bv;
-
- e = ( Entry * ) ch_calloc( 1, sizeof( Entry ));
-
- attr_merge( e, slap_schema.si_ad_objectClass, ocbva, NULL );
-
- attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
- &ocbva[1], NULL );
-
- attr_merge_one( e, slap_schema.si_ad_cn, cn, NULL );
-
- if ( context_csn ) {
- attr_merge_one( e, slap_schema.si_ad_syncreplCookie,
- context_csn, NULL );
- }
-
- BER_BVSTR( &bv, "{}" );
- attr_merge_one( e, slap_schema.si_ad_subtreeSpecification, &bv, NULL );
-
- build_new_dn( &e->e_name, &be->be_nsuffix[0], rdn, NULL );
- ber_dupbv( &e->e_nname, &e->e_name );
-
- return e;
-}
-
struct berval *
slap_uuidstr_from_normalized(
struct berval* uuidstr,
void
syncinfo_free( syncinfo_t *sie )
{
- if ( sie->si_provideruri ) {
- ch_free( sie->si_provideruri );
- }
- if ( sie->si_provideruri_bv ) {
- ber_bvarray_free( sie->si_provideruri_bv );
- }
- if ( sie->si_updatedn.bv_val ) {
- ch_free( sie->si_updatedn.bv_val );
+ if ( !BER_BVISNULL( &sie->si_provideruri ) ) {
+ ch_free( sie->si_provideruri.bv_val );
}
if ( sie->si_binddn ) {
ch_free( sie->si_binddn );
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 1999 PM Lashley.
* All rights reserved.
*
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$*/
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2003-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Mark Benson.
* Portions Copyright 2002 John Morrissey.
* All rights reserved.
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 2003 Mark Benson.
* All rights reserved.
*
lderr = op_ldap_add( ri, re, errmsg, errfree );
if ( lderr != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "Error: ldap_add_s failed adding \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
+ "Error: ldap_add_s failed adding DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
}
break;
lderr = op_ldap_modify( ri, re, errmsg, errfree );
if ( lderr != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "Error: ldap_modify_s failed modifying \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
+ "Error: ldap_modify_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
}
break;
lderr = op_ldap_delete( ri, re, errmsg, errfree );
if ( lderr != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "Error: ldap_delete_s failed deleting \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
+ "Error: ldap_delete_s failed deleting DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
}
break;
lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
if ( lderr != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "Error: ldap_modrdn_s failed modifying %s: %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
+ "Error: ldap_modrdn_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
}
break;
default:
Debug( LDAP_DEBUG_ANY,
- "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
+ "Error: do_ldap: bad op \"%d\", DN \"%s\"\n",
re->re_changetype, re->re_dn, 0 );
return DO_LDAP_ERR_FATAL;
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
FILE *lfp
)
{
+ int rc = fclose( fp );
+
/* unlock */
ldap_unlockf( fileno(lfp) );
fclose( lfp );
- return( fclose( fp ) );
+ return( rc );
}
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
-$(RM) -r testrun *leak *gmon *core
veryclean-local: FORCE
- @-$(RM) data schema ucdata
+ @-$(RM) run data schema ucdata
+# Try to read an entry inside the Alumni Association container.
+# It should give us noSuchObject if we're not bound...
+# ... and should return all attributes if we're bound as anyone
+# under Example.
dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
cn: James A Jones 1
facsimileTelephoneNumber: +1 313 555 4332
telephoneNumber: +1 313 555 0895
+# Using ldapsearch to retrieve all the entries...
dn: cn=All Staff,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
--- /dev/null
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupOfNames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham@mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+
--- /dev/null
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupOfNames
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homePhone: +1 313 555 0454
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: cn=Renamed Group,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+description: testing chain overlay writes...
+member: cn=New Group,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: Renamed Group
+
+dn: cn=Renamed User,ou=People,dc=example,dc=com
+objectClass: person
+sn: User
+description: testing chain overlay writes...
+seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com
+cn: Renamed User
+
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
telephoneNumber: +49 1234-567-890
description: Just added in o=Beispiel,c=DE naming context
-# refldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE??sub
+# refldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE??sub
# searching base="o=Esempio,c=IT"...
dn: o=Esempio,c=IT
telephoneNumber: +49 1234-567-890
description: Just added in o=Beispiel,c=DE naming context
-# refldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE??sub
+# refldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE??sub
# searching filter="(objectClass=referral)"
# attrs="'*' ref"
ou: Referrals
description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
spiel,c=DE
-description: ...and modified as ldap://ldap.example.com:389/ou=Referrals,o=Bei
- spiel,c=DE
-ref: ldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE
+description: ...and modified as ldap://localhost:9010/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE
# base="o=Example,c=US"...
dn: ou=Referrals,o=Example,c=US
ou: Referrals
description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
spiel,c=DE
-description: ...and modified as ldap://ldap.example.com:389/ou=Referrals,o=Bei
- spiel,c=DE
-ref: ldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE??base
+description: ...and modified as ldap://localhost:9010/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE
# base="o=Esempio,c=IT"...
dn: ou=Referrals,o=Esempio,c=IT
ou: Referrals
description: Just added as ldap://localhost.localdomain:389/ou=Referrals,o=Bei
spiel,c=DE
-description: ...and modified as ldap://ldap.example.com:389/ou=Referrals,o=Bei
- spiel,c=DE
-ref: ldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE??base
+description: ...and modified as ldap://localhost:9010/ou=Referrals,o=Beispiel,
+ c=DE
+ref: ldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE
# searching filter="(seeAlso=cn=all staff,ou=Groups,o=Example,c=US)"
# attrs="seeAlso"
dn: cn=Added User,ou=Alumni Association,ou=People,o=Example,c=US
seeAlso: cn=All Staff,ou=Groups,o=Example,c=US
-# refldap://ldap.example.com:389/ou=Referrals,o=Beispiel,c=DE??sub
+# refldap://localhost:9010/ou=Referrals,o=Beispiel,c=DE??sub
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
by dn.regex=".+,dc=example,dc=com" +c continue
by dn.subtree="dc=example,dc=com" +rs continue
+ by dn.children="dc=example,dc=com" +d continue
by * stop
#access to attr=member,uniquemember dn.subtree="dc=example,dc=com"
22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
--- /dev/null
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2005 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+pidfile ./testrun/slapd.1.pid
+argsfile ./testrun/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#
+# uses the chain overlay as global;
+# no chain-URI is configured, so the URI is parsed out of the referral
+overlay chain
+chain-acl-authcDN "cn=Manager,dc=example,dc=com"
+chain-acl-passwd secret
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory ./testrun/db.1.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+index objectClass eq
+index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
--- /dev/null
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
+ kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2005 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+pidfile ./testrun/slapd.2.pid
+argsfile ./testrun/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory ./testrun/db.2.a
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+index objectClass eq
+index cn,sn,uid pres,eq,sub
+
+#
+# uses the chain overlay as database specific;
+# the chain-URI is configured, so only that URI is chained
+overlay chain
+chain-uri @URI1@
+chain-acl-authcDN "cn=Manager,dc=example,dc=com"
+chain-acl-passwd secret
+
+#monitor#database monitor
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
authz-policy both
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
-authz-regexp "^uid=(us/)*([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
#
# normal installations should protect root dse,
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
2:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
2:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#mod#moduleload back_@BACKEND@.la
#monitormod#modulepath ../servers/slapd/back-monitor/
#monitormod#moduleload back_monitor.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-method "simple"
+#ldapyes#chain-idassert-authcDN "cn=Manager,dc=example,dc=com"
+#ldapyes#chain-idassert-passwd secret
+#ldapyes#chain-idassert-mode self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-method "simple"
+#ldapmod#chain-idassert-authcDN "cn=Manager,dc=example,dc=com"
+#ldapmod#chain-idassert-passwd secret
+#ldapmod#chain-idassert-mode self
#######################################################################
# database definitions
rootdn "cn=Replica,dc=example,dc=com"
rootpw secret
updatedn "cn=Replica,dc=example,dc=com"
-updateref "ldap://localhost:9010"
+updateref @URI1@
#ldbm#index objectClass eq
#ldbm#index cn,sn,uid pres,eq,sub
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
-#monitor#database monitor
+#monitor#database monitor
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
include ./schema/misc.schema
include ./schema/nis.schema
include ./schema/openldap.schema
+#
+include ./schema/duaconf.schema
+include ./schema/dyngroup.schema
+include ./schema/ppolicy.schema
+
#
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#ibmdb2#concat_pattern "?||?"
#ibmdb2#children_cond "ucase(ldap_entries.dn)=ucase(cast(? as varchar(255)))"
#ibmdb2#create_needs_select "yes"
-#ibmdb2#insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#ibmdb2#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
#
# PostgreSQL
-#postgres#insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
-#postgres#upper_func "upper"
-#postgres#strcast_func "text"
-#postgres#concat_pattern "?||?"
+#postgres#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select case when max(id) is null then 1 else max(id) + 1 end from ldap_entries),?,?,?,?)"
+#postgres#upper_func "upper"
+#postgres#strcast_func "text"
+#postgres#concat_pattern "?||?"
#
# MySQL
-#mysql#concat_pattern "concat(?,?)"
+#mysql#concat_pattern "concat(?,?)"
has_ldapinfo_dn_ru no
15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#ldbm#index cn,sn,uid pres,eq,sub
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
-#sessionlog 1 100
overlay syncprov
+#syncprov-sessionlog 100
#monitor#database monitor
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#monitormod#moduleload back_monitor.la
#syncprovmod#modulepath ../servers/slapd/overlays/
#syncprovmod#moduleload syncprov.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-method "simple"
+#ldapyes#chain-idassert-authcDN "cn=Manager,dc=example,dc=com"
+#ldapyes#chain-idassert-passwd secret
+#ldapyes#chain-idassert-mode self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-method "simple"
+#ldapmod#chain-idassert-authcDN "cn=Manager,dc=example,dc=com"
+#ldapmod#chain-idassert-passwd secret
+#ldapmod#chain-idassert-mode self
#######################################################################
# consumer database definitions
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI1@
- updatedn="cn=Replica,dc=example,dc=com"
binddn="cn=Manager,dc=example,dc=com"
bindmethod=simple
credentials=secret
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
- attrs="*"
+ attrs="*,+"
schemachecking=off
scope=sub
type=refreshAndPersist
+updateref @URI1@
overlay syncprov
#ldbm#index cn,sn,uid pres,eq,sub
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI4@
- updatedn="cn=Replica,dc=example,dc=com"
binddn="cn=Replica,dc=example,dc=com"
bindmethod=simple
credentials=secret
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#ldbm#index cn,sn,uid pres,eq,sub
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI1@
- updatedn="cn=Replica,dc=example,dc=com"
binddn="cn=Manager,dc=example,dc=com"
bindmethod=simple
credentials=secret
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
rootpw secret
#ldbm#index objectClass eq
#ldbm#index cn,sn,uid pres,eq,sub
+#ldbm#index entryUUID eq
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
-
-sessionlog 1 100
+#bdb#index entryUUID,entryCSN eq
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI1@
- updatedn="cn=Replica,dc=example,dc=com"
binddn="cn=Manager,dc=example,dc=com"
bindmethod=simple
credentials=secret
scope=sub
type=refreshOnly
interval=00:00:00:10
+updateref @URI1@
overlay syncprov
+syncprov-sessionlog 100
+
-#monitor#database monitor
+#monitor#database monitor
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
rootpw secret
#ldbm#index objectClass eq
#ldbm#index cn,sn,uid pres,eq,sub
+#ldbm#index entryUUID eq
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID,entryCSN eq
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI2@
- updatedn="cn=Replica,dc=example,dc=com"
binddn="cn=Replica,dc=example,dc=com"
bindmethod=simple
credentials=secret
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
t Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentIdentifier: document 2
+# refldap://localhost:9010/dc=example,dc=com??one
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
givenName: Torvlobnor
telephoneNumber: 545-4563
-# refldap://localhost/dc=example,dc=com??one
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
# Testing subtree search...
dn: documentTitle=book1,dc=example,dc=com
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentIdentifier: document 2
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
givenName: Torvlobnor
telephoneNumber: 545-4563
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+# Testing subtree search with manageDSAit...
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: ou=Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Referral
+ref: ldap://localhost:9010/
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
# Testing invalid filter...
# Testing exact search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing substrings initial search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing substrings any search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing substrings final search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing approx search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing extensible filter search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing search for telephoneNumber...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
telephoneNumber: 332-2334
# Testing AND search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
dc: example
# Testing OR search...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
givenName: Torvlobnor
telephoneNumber: 545-4563
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
# Testing NOT search on objectClass...
dn: documentTitle=book1,dc=example,dc=com
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentIdentifier: document 2
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentIdentifier: document 2
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
givenName: Torvlobnor
telephoneNumber: 545-4563
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
# Testing attribute inheritance in filter...
dn: dc=example,dc=com
givenName: Torvlobnor
telephoneNumber: 545-4563
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
# Testing "auxiliary" objectClass in filter...
dn: dc=example,dc=com
dc: example
# Testing hasSubordinates in filter...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example
dc: example
-# refldap://localhost/dc=example,dc=com??sub
-
# Testing entryUUID in filter...
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
telephoneNumber: 332-2334
# Testing attribute inheritance in requested attributes...
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: cn=Mitya Kovalev,dc=example,dc=com
cn: Mitya Kovalev
sn: Kovalev
dn: documentTitle=book2,dc=example,dc=com
objectClass: document
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
objectClass: inetOrgPerson
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
# Testing operational attributes in request...
dn: documentTitle=book1,dc=example,dc=com
hasSubordinates: FALSE
entryUUID: 00000002-0000-0002-0000-000000000000
+# refldap://localhost:9010/dc=example,dc=com??sub
+
dn: dc=example,dc=com
structuralObjectClass: organization
entryDN: dc=example,dc=com
hasSubordinates: FALSE
entryUUID: 00000001-0000-0002-0000-000000000000
-# refldap://localhost/dc=example,dc=com??sub
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+structuralObjectClass: inetOrgPerson
+entryDN: cn=Akakiy Zinberstein,dc=example,dc=com
+subschemaSubentry: cn=Subschema
+hasSubordinates: FALSE
+entryUUID: 00000001-0000-0003-0000-000000000000
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+# refldap://localhost:9010/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX YYYY
+telephoneNumber: +39 02 XXXX ZZZZ
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+telephoneNumber: +1 800 900 1234
+telephoneNumber: +1 800 900 1235
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: dc=subnet2,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet 2
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9010/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book1,dc=example,dc=com
+objectClass: document
+description: abstract1
+documentTitle: book1
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
+documentIdentifier: document 1
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book1,dc=example,dc=com
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: dc=subnet2,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet 2
+
+dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Torvlobnor Puzdoy
+sn: Puzdoy
+seeAlso: documentTitle=book1,dc=example,dc=com
+givenName: Torvlobnor
+telephoneNumber: 545-4563
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9010/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: o=An Org,dc=example,dc=com
+objectClass: organization
+o: An Org
+
+dn: documentTitle=book2,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: book2
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=book2,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=book2,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9010/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
documentIdentifier: document 3
+# refldap://localhost:9010/dc=example,dc=com??sub
+
+# Using ldapsearch to retrieve the modified entry...
+dn: ou=Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Referral
+ref: ldap://localhost:9009/
+
+# Using ldapsearch to retrieve the renamed entry...
+dn: ou=Renamed Referral,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: Renamed Referral
+ref: ldap://localhost:9009/
+
+# Using ldapsearch to retrieve all the entries...
+dn: cn=Akakiy Zinberstein,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Akakiy Zinberstein
+sn: Zinberstein
+givenName: Akakiy
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example
+dc: example
+
+dn: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Lev Tolstoij
+sn: Tolstoij
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+seeAlso: documentTitle=War and Peace,dc=example,dc=com
+givenName: Lev
+telephoneNumber: +39 02 XXXX ZZZZ
+telephoneNumber: +39 333 ZZZ 1234
+
+dn: cn=Mitya Kovalev,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Mitya Kovalev
+sn: Kovalev
+seeAlso: documentTitle=Renamed Book,dc=example,dc=com
+givenName: Mitya
+telephoneNumber: +1 800 123 4567
+telephoneNumber: 222-3234
+telephoneNumber: 332-2334
+
+dn: documentTitle=Renamed Book,dc=example,dc=com
+objectClass: document
+description: abstract2
+documentTitle: Renamed Book
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
+documentIdentifier: document 2
+
+dn: o=Renamed Org,dc=example,dc=com
+objectClass: organization
+o: Renamed Org
+
+dn: cn=Some One,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
+cn: Some One
+sn: One
+givenName: Some
+
+dn: dc=subnet,dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: SubNet
+dc: subnet
+
+dn: cn=SubNet User,dc=subnet,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: SubNet User
+sn: User
+givenName: SubNet
+
+dn: documentTitle=War and Peace,dc=example,dc=com
+objectClass: document
+description: Historical novel
+documentTitle: War and Peace
+documentAuthor: cn=Lev Tolstoij,dc=subnet,dc=example,dc=com
+documentIdentifier: document 3
+
+# refldap://localhost:9009/dc=example,dc=com??sub
+
--- /dev/null
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: referral
+objectclass: extensibleobject
+ou: Groups
+ref: @URI2@ou=Groups,dc=example,dc=com
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectclass: OpenLDAPperson
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectclass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homephone: +1 313 555 0454
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectclass: OpenLDAPperson
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: OpenLDAPperson
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham@mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
--- /dev/null
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectClass: referral
+objectclass: extensibleObject
+ou: People
+ref: @URI1@ou=People,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+ou: Groups
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 1999-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
-e "s/@RELAY@/${RELAY}/" \
-e "s/^#${RELAY}#//" \
-e "s/^#${BACKENDTYPE}#//" \
+ -e "s/^#${AC_glue}#//" \
-e "s/^#${AC_ldap}#//" \
-e "s/^#${AC_meta}#//" \
-e "s/^#${AC_relay}#//" \
-e "s/^#${AC_pcache}#//" \
-e "s/^#${AC_ppolicy}#//" \
-e "s/^#${AC_refint}#//" \
+ -e "s/^#${AC_syncprov}#//" \
-e "s/^#${AC_unique}#//" \
-e "s/^#${AC_rwm}#//" \
-e "s/^#${MON}#//" \
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
LDAPGLUECONF2=$DATADIR/slapd-ldapgluepeople.conf
LDAPGLUECONF3=$DATADIR/slapd-ldapgluegroups.conf
RWMCONF=$DATADIR/slapd-relay.conf
+CHAINCONF1=$DATADIR/slapd-chain1.conf
+CHAINCONF2=$DATADIR/slapd-chain2.conf
SQLCONF=$DATADIR/slapd-sql.conf
CONF1=$TESTDIR/slapd.1.conf
LDIFLDAPGLUE2=$DATADIR/test-ldapgluepeople.ldif
LDIFLDAPGLUE3=$DATADIR/test-ldapgluegroups.ldif
LDIFCOMPMATCH=$DATADIR/test-compmatch.ldif
+LDIFCHAIN1=$DATADIR/test-chain1.ldif
+LDIFCHAIN2=$DATADIR/test-chain2.ldif
SQLADD=$DATADIR/sql-add.ldif
MONITOR=""
REFDN="c=US"
LDAPGLUEOUT=$DATADIR/ldapglue.out
LDAPGLUEANONYMOUSOUT=$DATADIR/ldapglueanonymous.out
RELAYOUT=$DATADIR/relay.out
+CHAINOUT=$DATADIR/chain.out
+CHAINMODOUT=$DATADIR/chainmod.out
SQLREAD=$DATADIR/sql-read.out
SQLWRITE=$DATADIR/sql-write.out
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
-echo "Testing virtual naming context mapping with $RELAY backend..."
+echo "Using $RELAY backend..."
echo ""
echo "Starting slapd on TCP/IP port $PORT1..."
cat /dev/null > $SEARCHOUT
BASEDN="dc=example,dc=com"
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
fi
BASEDN="o=Example,c=US"
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
fi
BASEDN="o=Esempio,c=IT"
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
fi
BASEDN="o=Beispiel,c=DE"
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
#
BASEDN="o=Beispiel,c=DE"
-echo "modifying database \"$BASEDN\"..."
+echo "Modifying database \"$BASEDN\"..."
$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
-M >> $TESTOUT 2>&1 << EOMODS
dn: cn=Added User,ou=Alumni Association,ou=People,$BASEDN
dn: ou=Referrals,$BASEDN
changetype: modify
replace: ref
-ref: ldap://ldap.example.com:389/ou=Referrals,$BASEDN
+ref: ldap://localhost:9010/ou=Referrals,$BASEDN
-
add: description
-description: ...and modified as ldap://ldap.example.com:389/ou=Referrals,$BASEDN
+description: ...and modified as ldap://localhost:9010/ou=Referrals,$BASEDN
-
EOMODS
exit $RC
fi
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
fi
BASEDN="o=Esempio,c=IT"
-echo "searching base=\"$BASEDN\"..."
+echo "Searching base=\"$BASEDN\"..."
echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1
RC=$?
fi
FILTER="(objectClass=referral)"
-echo "searching filter=\"$FILTER\""
+echo "Searching filter=\"$FILTER\""
echo " attrs=\"'*' ref\""
echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
echo "# attrs=\"'*' ref\"" >> $SEARCHOUT
BASEDN="o=Example,c=US"
FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)"
-echo "searching filter=\"$FILTER\""
+echo "Searching filter=\"$FILTER\""
echo " attrs=\"seeAlso\""
echo " base=\"$BASEDN\"..."
echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT
fi
BASEDN="o=Example,c=US"
-echo "changing password to database \"$BASEDN\"..."
+echo "Changing password to database \"$BASEDN\"..."
$LDAPPASSWD -h $LOCALHOST -p $PORT1 -D "cn=Manager,$BASEDN" -w $PASSWD \
-s $PASSWD "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
>> $TESTOUT 2>&1
fi
BASEDN="o=Beispiel,c=DE"
-echo "binding with newly changed password to database \"$BASEDN\"..."
+echo "Binding with newly changed password to database \"$BASEDN\"..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \
-D "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
-w $PASSWD >> $TESTOUT 2>&1
fi
BASEDN="o=Esempio,c=IT"
-echo "comparing to database \"$BASEDN\"..."
+echo "Comparing to database \"$BASEDN\"..."
$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
"cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \
"seeAlso:cn=All Staff,ou=Groups,$BASEDN" >> $TESTOUT 2>&1
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
exit $RC
fi
+echo "Testing subtree search with manageDSAit..."
+echo "# Testing subtree search with manageDSAit..." >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M '*' ref >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
echo "Testing invalid filter..."
echo "# Testing invalid filter..." >> $SEARCHOUT
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
;;
esac
+echo -n "Testing compare on hasSubordinates (should be TRUE)... "
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BASEDN" \
+ "hasSubordinates:TRUE" >> $TESTOUT 2>&1
+
+RC=$?
+case $RC in
+6)
+ echo "TRUE"
+ ;;
+5) echo "FALSE!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+*) echo "failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
echo "Filtering ldapsearch results..."
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif..."
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
exit $RC
fi
+cat /dev/null > $SEARCHOUT
+
BASEDN="dc=example,dc=com"
+
+echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
case ${RDBMS} in
# list here the RDBMSes whose mapping allows writes
postgres|ibmdb2)
MANAGERDN="cn=Manager,${BASEDN}"
echo "Testing add..."
$LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
- -h $LOCALHOST -p $PORT1 > \
- $TESTOUT 2>&1 << EOMODS
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
version: 1
# Adding an organization...
o: SubNet
dc: subnet
+# Adding another organization with an "auxiliary" objectClass..
+dn: dc=subnet2,${BASEDN}
+changetype: add
+objectClass: organization
+objectClass: dcObject
+o: SubNet 2
+dc: subnet2
+
# Adding a person...
dn: cn=Lev Tolstoij,${BASEDN}
changetype: add
documentTitle: War and Peace
documentAuthor: cn=Lev Tolstoij,dc=example,dc=com
documentIdentifier: document 3
-
EOMODS
RC=$?
exit $RC
fi
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
echo "Testing modify..."
$LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
- -h $LOCALHOST -p $PORT1 > \
- $TESTOUT 2>&1 << EOMODS
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
version: 1
# Deleting all telephone numbers...
changetype: modify
delete: userPassword
-
-
EOMODS
RC=$?
exit $RC
fi
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
echo "Testing delete..."
$LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
- -h $LOCALHOST -p $PORT1 > \
- $TESTOUT 2>&1 << EOMODS
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
version: 1
# Deleting a person...
changetype: delete
# Deleting a document...
-dn: documentTitle=book1,dc=example,dc=com
+dn: documentTitle=book1,${BASEDN}
changetype: delete
-# Deleting a person with an "auxiliary" objectClass...
-dn: cn=Akakiy Zinberstein,dc=example,dc=com
+# Deleting an organization with an "auxiliary" objectClass...
+dn: dc=subnet2,${BASEDN}
changetype: delete
-
EOMODS
RC=$?
exit $RC
fi
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
echo "Testing rename..."
$LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
- -h $LOCALHOST -p $PORT1 > \
- $TESTOUT 2>&1 << EOMODS
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
version: 1
-# Renaming an organization
+# Renaming an organization...
dn: o=An Org,${BASEDN}
changetype: modrdn
newrdn: o=Renamed Org
deleteoldrdn: 1
-# Renaming a person
+# Moving a person to another subtree...
dn: cn=Lev Tolstoij,${BASEDN}
changetype: modrdn
newrdn: cn=Lev Tolstoij
deleteoldrdn: 0
newsuperior: dc=subnet,${BASEDN}
-# Renaming a book
+# Renaming a book...
dn: documentTitle=book2,${BASEDN}
changetype: modrdn
newrdn: documentTitle=Renamed Book
deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
+ "objectClass=*" >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Adding a child to a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: cn=Should Fail,ou=Referral,${BASEDN}
+changetype: add
+objectClass: inetOrgPerson
+cn: Should Fail
+sn: Fail
+telephoneNumber: +39 02 23456789
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ echo "Modifying a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Renaming a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Deleting a referral (should fail)..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: delete
+EOMODS
+
+ RC=$?
+ if test $RC = 0 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Adding a referral..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Another Referral,${BASEDN}
+changetype: add
+objectClass: referral
+objectClass: extensibleObject
+ou: Another Referral
+ref: ldap://localhost:9009/
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Modifying a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modify
+replace: ref
+ref: ldap://localhost:9009/
+-
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the modified entry..."
+ echo "# Using ldapsearch to retrieve the modified entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Renaming a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Referral,${BASEDN}
+changetype: modrdn
+newrdn: ou=Renamed Referral
+deleteoldrdn: 1
+EOMODS
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to retrieve the renamed entry..."
+ echo "# Using ldapsearch to retrieve the renamed entry..." >> $SEARCHOUT
+ $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Renamed Referral,$BASEDN" -M \
+ "objectClass=*" '*' ref >> $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Deleting a referral with manageDSAit..."
+ $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \
+ -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS
+version: 1
+
+dn: ou=Renamed Referral,${BASEDN}
+changetype: delete
EOMODS
RC=$?
fi
echo "Using ldapsearch to retrieve all the entries..."
+ echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \
- "objectClass=*" > $SEARCHOUT 2>&1
+ "objectClass=*" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
cat /dev/null > $SEARCHOUT
-#
-# Try to read an entry inside the Alumni Association container. It should
-# give us nothing if we're not bound, and should return all attributes
-# if we're bound as anyone under UM.
-#
-$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "objectclass=*" \
- >> $SEARCHOUT 2>&1
-
+echo "# Try to read an entry inside the Alumni Association container.
+# It should give us noSuchObject if we're not bound..." \
+>> $SEARCHOUT
+# FIXME: temporarily remove the "No such object" message to make
+# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd
+$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "(objectclass=*)" \
+ 2>&1 | grep -v "^No such object" >> $SEARCHOUT
+
+echo "# ... and should return all attributes if we're bound as anyone
+# under Example." \
+>> $SEARCHOUT
$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \
- -D "$BABSDN" -w bjensen "objectclass=*" >> $SEARCHOUT 2>&1
+ -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
#
# Check group access. Try to modify Babs' entry. Two attempts:
EOMODS6
echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'objectClass=*' >> $SEARCHOUT 2>&1
RC=$?
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
if test $? != 0 ; then
- echo "comparison failed - modify operations did not complete correctly"
+ echo "comparison failed - operations did not complete correctly"
exit 1
fi
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# - start slurpd
# - populate over ldap
# - perform some modifies and deleted
+# - attempt to modify the slave (referral or chain)
# - retrieve database over ldap and compare against expected results
#
echo "Waiting 15 seconds for slurpd to send changes..."
sleep 15
+echo "Stopping the slave..."
+kill -HUP $SLAVEPID
+KILLPIDS="$PID $SLURPPID"
+
+echo "Waiting 5 seconds for slave slapd to die..."
+sleep 5
+
+echo "Applying more changes to the master slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This change was applied after killing the slave slapd...
+
+EOMODS
+
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Stopping slurpd..."
+kill -HUP $SLURPPID
+KILLPIDS="$PID"
+
+echo "Waiting 5 seconds for slurpd to die..."
+sleep 5
+
+echo "Applying more changes to the master slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This change was applied after killing slurpd...
+
+EOMODS
+
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Restarting slave slapd on TCP/IP port $PORT2..."
+echo "RESTART" >> $LOG2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+echo "Using ldapsearch to check that slave slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Restarting slurpd..."
+echo "RESTART" >> $SLURPLOG
+$SLURPD -f $CONF1 -d ${SLURPD_DEBUG-5} -t $DBDIR1B >> $SLURPLOG 2>&1 &
+SLURPPID=$!
+if test $WAIT != 0 ; then
+ echo SLURPPID $SLURPPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLURPPID"
+
+echo "Waiting 15 seconds for slurpd to send changes..."
+sleep 15
+
+echo "Try updating the slave slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+RC=$?
+
+if test $BACKLDAP = "ldapno" ; then
+ # expect 10 (LDAP_REFERRAL)...
+ if test $RC != 10 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+else
+ # expect 0 (LDAP_SUCCESS)...
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting 15 seconds for slurpd to send changes..."
+ sleep 15
+fi
+
echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > $MASTEROUT 2>&1
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
exit 0
fi
-mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
#
# Test replication:
# - start slave
# - populate over ldap
# - perform some modifies and deleted
+# - attempt to modify the slave (referral)
# - retrieve database over ldap and compare against expected results
#
echo "Waiting 15 seconds for syncrepl to receive changes..."
sleep 15
+echo "Try updating the slave slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+RC=$?
+
+# expect 10 (LDAP_REFERRAL)...
+if test $RC != 10 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > $MASTEROUT 2>&1
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# - start slave
# - populate over ldap
# - perform some modifies and deleted
+# - attempt to modify the slave (referral or chain)
# - retrieve database over ldap and compare against expected results
#
echo "Waiting 15 seconds for syncrepl to receive changes..."
sleep 15
+echo "Stopping the provider, sleeping 10 seconds and restarting it..."
+kill -HUP "$PID"
+sleep 10
+echo "RESTART" >> $LOG1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+echo "Using ldapsearch to check that master slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
echo "Using ldapmodify to modify master directory..."
#
echo "Waiting 25 seconds for syncrepl to receive changes..."
sleep 25
+echo "Try updating the slave slapd..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+RC=$?
+
+if test $BACKLDAP = "ldapno" ; then
+ # expect 10 (LDAP_REFERRAL)...
+ if test $RC != 10 ; then
+ echo "ldapmodify should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+else
+ # expect 0 (LDAP_SUCCESS)...
+ if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting 15 seconds for syncrepl to receive changes..."
+ sleep 15
+fi
+
echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > $MASTEROUT 2>&1
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
if test $BACKRELAY = relayno ; then
echo "relay backend not available, test skipped"
else
- RELAYS="${RELAYS}relay "
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}relay"
fi
# back-ldap
if test $BACKLDAP = ldapno ; then
echo "ldap backend not available, test skipped"
else
- RELAYS="${RELAYS}ldap "
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}ldap"
fi
# back-meta
if test $BACKMETA = metano ; then
echo "meta backend not available, test skipped"
else
- RELAYS="${RELAYS}meta "
+ if test "x$RELAYS" != "x" ; then
+ RELAYS="${RELAYS} "
+ fi
+ RELAYS="${RELAYS}meta"
fi
fi
-echo "Using $RELAYS..."
+if test "x$RELAYS" = "x" ; then
+ echo "no relaying capable backend is available"
+ echo ">>>>> Test succeeded"
+ exit 0
+fi
+
+echo "Testing virtual naming context mapping with $RELAYS backend(s)..."
echo ""
first=1
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
--- /dev/null
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2005 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $ADDCONF
+. $CONFFILTER < $LDIFCHAIN1 > $SEARCHOUT
+$SLAPADD -f $ADDCONF -l $SEARCHOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 1 failed ($RC)!"
+ exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $ADDCONF
+. $CONFFILTER < $LDIFCHAIN2 > $SEARCHOUT
+$SLAPADD -f $ADDCONF -l $SEARCHOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd 2 failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting first slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID1=$!
+if test $WAIT != 0 ; then
+ echo PID $PID1
+ read foo
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID2=$!
+if test $WAIT != 0 ; then
+ echo PID $PID2
+ read foo
+fi
+
+KILLPIDS="$PID1 $PID2"
+
+echo "Using ldapsearch to check that first slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapsearch to check that second slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+for P in $PORT1 $PORT2 ; do
+ echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
+ $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
+ > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $CHAINOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - chained search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+done
+
+#
+# Testing writes to first server
+#
+echo "Writing to first server with scope on second server..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: add
+objectClass: groupOfNames
+cn: New Group
+member:
+
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: modify
+add: description
+description: testing chain overlay writes...
+-
+replace: member
+member: cn=New Group,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+-
+add: owner
+owner: cn=Manager,dc=example,dc=com
+-
+
+dn: cn=New Group,ou=Groups,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Renamed Group
+deleteoldrdn: 1
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: delete
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#
+# Testing writes to second server
+#
+echo "Writing to second server with scope on first server..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOMODS
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: add
+objectClass: person
+cn: New User
+sn: User
+seeAlso: cn=New Group,ou=Groups,dc=example,dc=com
+
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: modify
+add: description
+description: testing chain overlay writes...
+-
+replace: seeAlso
+seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com
+-
+
+dn: cn=New User,ou=People,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Renamed User
+deleteoldrdn: 1
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: delete
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+for P in $PORT1 $PORT2 ; do
+ echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
+ $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
+ > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $CHAINMODOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - chained search didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+done
+
+NEWPW=newsecret
+echo "Using ldappasswd on second server with scope on first server..."
+$LDAPPASSWD -h $LOCALHOST -p $PORT2 \
+ -w secret -s $NEWPW \
+ -D "$MANAGERDN" "$BJORNSDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Binding with newly changed password on first server..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \
+ -D "$BJORNSDN" -w $NEWPW
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
+
projects / openldap / commitdiff