OpenLDAP 2.1 Change Log
-OpenLDAP 2.1.20 Engineering
+OpenLDAP 2.1.21 Engineering
+ Fixed liblber ber_get_next trickle bug (ITS#2490)
+ Fixed ldapsearch -p without -h bug (ITS#2532)
+ Fixed slapd option ordering bug (ITS#2217)
+ Removed lint
+ Documentation
+ Misc man page updates
OpenLDAP 2.1.20 Release
Fixed slapd idletimeout behavior (ITS#2374)
#endif
}
- if( ldapuri != NULL ) {
+ if( ldapuri == NULL ) {
+ if( ldapport && ( ldaphost == NULL )) {
+ fprintf( stderr, "%s: -p without -h is invalid.\n", prog );
+ exit( EXIT_FAILURE );
+ }
+ } else {
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -H incompatible with -h\n", prog );
exit( EXIT_FAILURE );
Aliases are dereferenced both in searching and in locating the base object
of the search.
.SH TLS OPTIONS
-If OpenLDAP is built with support for Transport Layer Security, there
-are more options you can specify.
-.TP
-.B TLS <level>
-Specifies whether client connections should use ldaps:// by default.
-This option is deprecated in favor of the
-.B URI
-option. Using the
-.B TLS
-option may break some applications.
-.LP
-The
-.B <level>
-can be specified as one of the following keywords:
-.RS
-.TP
-.B never
-This is the default. Connections will be opened in the clear unless
-TLS is explicitly specified (e.g. using an "ldaps://" URL.)
-.TP
-.B hard
-All connections will be established with TLS.
-Note that using this option effectively makes the library open every
-session as an ldaps session and is incompatible with the LDAPv3 StartTLS
-request.
-.RE
+If OpenLDAP is built with Transport Layer Security support, there
+are more options you can specify. These options are used when an
+.B ldaps:// URI
+is selected (by default or otherwise) or when the application
+negotiates TLS by issuing the LDAP Start TLS operation.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
+#include <ac/errno.h>
#ifdef HAVE_CONSOLE_H
#include <console.h>
return( EXIT_FAILURE );
}
- tag = ber_get_next( sb, &len, ber);
- if( tag == LBER_ERROR ) {
+ for (;;) {
+ tag = ber_get_next( sb, &len, ber);
+ if( tag != LBER_ERROR ) break;
+
+ if( errno == EWOULDBLOCK ) continue;
+ if( errno == EAGAIN ) continue;
+
perror( "ber_get_next" );
return( EXIT_FAILURE );
}
printf("decode: message tag 0x%lx and length %ld\n",
- (unsigned long) tag, (long) len );
+ (unsigned long) tag, (long) len );
for( s = argv[1]; *s; s++ ) {
char buf[128];
}
while ( towrite > 0 ) {
+#ifdef LBER_TRICKLE
+ sleep(1);
+ rc = ber_int_sb_write( sb, ber->ber_rwptr, 1 );
+#else
rc = ber_int_sb_write( sb, ber->ber_rwptr, towrite );
+#endif
if (rc<=0) {
return -1;
}
*/
if (ber->ber_rwptr == NULL) {
- /* XXYYZ
- * dtest does like this assert.
- */
- /* assert( ber->ber_buf == NULL ); */
+ assert( ber->ber_buf == NULL );
ber->ber_rwptr = (char *) &ber->ber_len-1;
ber->ber_ptr = ber->ber_rwptr;
ber->ber_tag = 0;
char buf[sizeof(ber->ber_len)-1];
ber_len_t tlen = 0;
+ errno = 0;
sblen=ber_int_sb_read( sb, ber->ber_rwptr,
((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
if (sblen<=0) return LBER_DEFAULT;
}
/* Did we run out of bytes? */
if ((char *)p == ber->ber_rwptr) {
+#if defined( EWOULDBLOCK )
+ errno = EWOULDBLOCK;
+#elif defined( EAGAIN )
+ errno = EAGAIN;
+#endif
return LBER_DEFAULT;
}
}
ber->ber_tag = tag;
ber->ber_ptr = (char *)p;
+ }
- if (sblen == 1) continue;
+ if ( ber->ber_ptr == ber->ber_rwptr ) {
+#if defined( EWOULDBLOCK )
+ errno = EWOULDBLOCK;
+#elif defined( EAGAIN )
+ errno = EAGAIN;
+#endif
+ return LBER_DEFAULT;
}
/* Now look for the length */
if (*ber->ber_ptr & 0x80) { /* multi-byte */
ber_len_t i;
- int llen = *(unsigned char *)ber->ber_ptr++ & 0x7f;
+ unsigned char *p = (unsigned char *)ber->ber_ptr;
+ int llen = *p++ & 0x7f;
if (llen > (int)sizeof(ber_len_t)) {
errno = ERANGE;
return LBER_DEFAULT;
}
/* Not enough bytes? */
- if (ber->ber_rwptr - ber->ber_ptr < llen) {
+ if (ber->ber_rwptr - (char *)p < llen) {
+#if defined( EWOULDBLOCK )
+ errno = EWOULDBLOCK;
+#elif defined( EAGAIN )
+ errno = EAGAIN;
+#endif
return LBER_DEFAULT;
}
- for (i=0;
- i<llen && ber->ber_ptr<ber->ber_rwptr;
- i++,ber->ber_ptr++)
+ for (i=0; i<llen; i++)
{
tlen <<=8;
- tlen |= *(unsigned char *)ber->ber_ptr;
+ tlen |= *p++;
}
+ ber->ber_ptr = p;
} else {
tlen = *(unsigned char *)ber->ber_ptr++;
}
to_go = ber->ber_end - ber->ber_rwptr;
assert( to_go > 0 );
+ errno = 0;
res = ber_int_sb_read( sb, ber->ber_rwptr, to_go );
if (res<=0) return LBER_DEFAULT;
ber->ber_rwptr+=res;
if( rc != LDAP_SUCCESS ) return rc;
if( mechanism == LDAP_SASL_SIMPLE ) {
- if( dn == NULL && cred != NULL ) {
+ if( dn == NULL && cred != NULL && cred->bv_len ) {
/* use default binddn */
dn = ld->ld_defbinddn;
}
"access_allowed: backend default %s access %s to \"%s\"\n",
access2str( access ),
be->be_dfltaccess >= access ? "granted" : "denied",
- op->o_dn.bv_val );
+ op->o_dn.bv_val ? op->o_dn.bv_val : "anonymous" );
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: backend default %s access %s to \"%s\"\n",
access2str( access ),
- be->be_dfltaccess >= access ? "granted" : "denied", op->o_dn.bv_val );
+ be->be_dfltaccess >= access ? "granted" : "denied",
+ op->o_dn.bv_val ? op->o_dn.bv_val : "anonymous" );
#endif
ret = be->be_dfltaccess >= access;
goto done;
} else if ( rc > 0 ||
( rc == 0 && (unsigned)optlen > tags[i].bv_len ))
{
- AC_MEMCPY( &tags[i+1], &tags[i],
- (ntags-i)*sizeof(struct berval) );
- tags[i].bv_val = opt;
- tags[i].bv_len = optlen;
+ AC_MEMCPY( &tags[i+2], &tags[i+1],
+ (ntags-i-1)*sizeof(struct berval) );
+ tags[i+1].bv_val = opt;
+ tags[i+1].bv_len = optlen;
goto done;
}
}
objectClass: organization
objectClass: extensibleObject
o: University of Michigan
-o;lang-x;lang-xx;lang-yy;lang-z;lang-y;lang-zz: University of Michigan
+o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: University of Michigan
name;lang-en-us: Billy Ray
name;lang-en-us: Billy Bob
cn;lang-en-us: Billy Ray
dn: o=University of Michigan,c=US
o: University of Michigan
-o;lang-x;lang-xx;lang-yy;lang-z;lang-y;lang-zz: University of Michigan
+o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: University of Michigan
name;lang-en-us: Billy Ray
name;lang-en-us: Billy Bob
cn;lang-en-us: Billy Ray