From 681209a7c2ba46e6c5d8cbdbbba2b035914a284f Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 26 Aug 2000 19:04:33 +0000 Subject: [PATCH] Import -H support and other misc. changes --- clients/tools/ldapdelete.c | 49 ++++++++++++++++++++++++++++++++----- clients/tools/ldapmodify.c | 47 +++++++++++++++++++++++++++++++---- clients/tools/ldapmodrdn.c | 49 ++++++++++++++++++++++++++++++++----- clients/tools/ldappasswd.c | 48 ++++++++++++++++++++++++++++++++---- clients/tools/ldapsearch.c | 49 ++++++++++++++++++++++++++++++------- doc/man/man1/ldapdelete.1 | 7 ++++++ doc/man/man1/ldapmodify.1 | 7 ++++++ doc/man/man1/ldapmodrdn.1 | 13 +++++++--- doc/man/man1/ldappasswd.1 | 13 +++++++--- doc/man/man1/ldapsearch.1 | 7 ++++++ doc/man/man8/slappasswd.8 | 44 ++++++++++++++++----------------- libraries/libldap/ldap.conf | 4 +-- libraries/libldap/open.c | 41 ------------------------------- libraries/libldap/tls.c | 49 +++++++++++++++++++++++++++++++++---- 14 files changed, 319 insertions(+), 108 deletions(-) diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index f512bd3b1f..c01c90f3f8 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -23,6 +23,7 @@ static char *prog; static char *binddn = NULL; static struct berval passwd = { 0, NULL }; +static char *ldapuri = NULL; static char *ldaphost = NULL; static int ldapport = 0; static int prune = 0; @@ -36,7 +37,7 @@ static char *sasl_secprops = NULL; #endif static int use_tls = 0; static int not, verbose, contoper; -static LDAP *ld; +static LDAP *ld = NULL; static int dodelete LDAP_P(( LDAP *ld, @@ -100,7 +101,7 @@ main( int argc, char **argv ) prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1; - while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { + while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { switch( i ) { /* Delete Specific Options */ case 'c': /* continuous operation mode */ @@ -135,12 +136,31 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; case 'I': #ifdef HAVE_CYRUS_SASL if( version == LDAP_VERSION2 ) { @@ -472,10 +492,27 @@ main( int argc, char **argv ) (void) SIGNAL( SIGPIPE, SIG_IGN ); #endif - if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { - perror( "ldap_init" ); - return( EXIT_FAILURE ); - } + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); + } + + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); + return EXIT_FAILURE; + } { /* this seems prudent for searches below */ diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index b8245cce2d..2be61b8dad 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -36,6 +36,7 @@ static char *prog; static char *binddn = NULL; static struct berval passwd = { 0, NULL }; +static char *ldapuri = NULL; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL @@ -48,7 +49,7 @@ static char *sasl_secprops = NULL; #endif static int use_tls = 0; static int ldapadd, replace, not, verbose, contoper, force; -static LDAP *ld; +static LDAP *ld = NULL; #define LDAPMOD_MAXLINE 4096 @@ -157,7 +158,7 @@ main( int argc, char **argv ) authmethod = -1; version = -1; - while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { + while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { switch( i ) { /* Modify Options */ case 'a': /* add */ @@ -195,12 +196,31 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; case 'I': #ifdef HAVE_CYRUS_SASL if( version == LDAP_VERSION2 ) { @@ -539,9 +559,26 @@ main( int argc, char **argv ) #endif if ( !not ) { - if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { - perror( "ldap_init" ); - return( EXIT_FAILURE ); + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); + } + + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); + return EXIT_FAILURE; } /* referrals */ diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 6642dd5fc4..2e68fa816e 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -35,6 +35,7 @@ static char *prog = NULL; static char *binddn = NULL; static struct berval passwd = { 0, NULL }; +static char *ldapuri = NULL; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL @@ -47,7 +48,7 @@ static char *sasl_secprops = NULL; #endif static int use_tls = 0; static int not, verbose, contoper; -static LDAP *ld; +static LDAP *ld = NULL; static int domodrdn( LDAP *ld, @@ -116,7 +117,7 @@ main(int argc, char **argv) prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1; - while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { + while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) { switch( i ) { /* Modrdn Options */ case 'c': @@ -157,12 +158,31 @@ main(int argc, char **argv) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; case 'I': #ifdef HAVE_CYRUS_SASL if( version == LDAP_VERSION2 ) { @@ -515,10 +535,27 @@ main(int argc, char **argv) (void) SIGNAL( SIGPIPE, SIG_IGN ); #endif - if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { - perror( "ldap_init" ); - return( EXIT_FAILURE ); - } + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); + } + + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); + return EXIT_FAILURE; + } /* referrals */ if( ldap_set_option( ld, LDAP_OPT_REFERRALS, diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 578463598c..9a6cb8838a 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -41,7 +41,8 @@ usage(const char *s) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -f file read operations from `file'\n" -" -h host LDAP server\n" +" -h host LDAP server(s)\n" +" -H URI LDAP Uniform Resource Indentifier(s)\n" " -I use SASL Interactive mode\n" " -n show what would be done but don't actually search\n" " -O props SASL security properties\n" @@ -67,6 +68,7 @@ main( int argc, char *argv[] ) int rc; char *prog = NULL; char *ldaphost = NULL; + char *ldapuri = NULL; char *dn = NULL; char *binddn = NULL; @@ -96,7 +98,7 @@ main( int argc, char *argv[] ) #endif int use_tls = 0; int referrals = 0; - LDAP *ld; + LDAP *ld = NULL; struct berval *bv = NULL; int id, code; @@ -111,7 +113,7 @@ main( int argc, char *argv[] ) usage (argv[0]); while( (i = getopt( argc, argv, - "Aa:Ss:" "Cd:D:h:InO:p:QRU:vw:WxX:Y:Z" )) != EOF ) + "Aa:Ss:" "Cd:D:h:H:InO:p:QRU:vw:WxX:Y:Z" )) != EOF ) { switch (i) { /* Password Options */ @@ -161,12 +163,31 @@ main( int argc, char *argv[] ) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; case 'I': #ifdef HAVE_CYRUS_SASL if( version == LDAP_VERSION2 ) { @@ -542,8 +563,25 @@ main( int argc, char *argv[] ) #endif /* connect to server */ - if ((ld = ldap_init( ldaphost, ldapport )) == NULL) { - perror("ldap_init"); + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); + } + + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); return EXIT_FAILURE; } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 7d1b27e3ac..dd2712bdcd 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -145,6 +145,7 @@ static char *binddn = NULL; static struct berval passwd = { 0, NULL }; static char *base = NULL; static char *ldaphost = NULL; +static char *ldapuri = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; @@ -166,7 +167,7 @@ main( int argc, char **argv ) int rc, i, first, scope, deref, attrsonly, manageDSAit; int referrals, timelimit, sizelimit, debug; int authmethod, version, want_bindpw; - LDAP *ld; + LDAP *ld = NULL; infile = NULL; debug = verbose = not = vals2tmp = referrals = @@ -180,7 +181,7 @@ main( int argc, char **argv ) prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1; while (( i = getopt( argc, argv, - "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF ) + "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF ) { switch( i ) { /* Search Options */ @@ -265,12 +266,31 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; case 'I': #ifdef HAVE_CYRUS_SASL if( version == LDAP_VERSION2 ) { @@ -642,15 +662,26 @@ main( int argc, char **argv ) (void) SIGNAL( SIGPIPE, SIG_IGN ); #endif - if ( verbose ) { - fprintf( stderr, - (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, )\n"), - (ldaphost != NULL) ? ldaphost : "", - ldapport ); + + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); } - if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { - perror( "ldap_init" ); + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); return EXIT_FAILURE; } diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1 index f9c90b9e16..a9373cabe9 100644 --- a/doc/man/man1/ldapdelete.1 +++ b/doc/man/man1/ldapdelete.1 @@ -31,6 +31,8 @@ ldapdelete \- LDAP delete entry tool [\c .BI \-w \ passwd\fR] [\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c .BI \-P \ 2\fR\||\|\fI3\fR] @@ -127,11 +129,16 @@ This is used instead of specifying the password on the command line. .BI \-w \ passwd Use \fIpasswd\fP as the password for simple authentication. .TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s). +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of -H. .TP .BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of -H. .TP .BI \-P \ 2\fR\||\|\fI3 Specify the LDAP protocol version to use. diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1 index 2d5f5387fe..8a93505a77 100644 --- a/doc/man/man1/ldapmodify.1 +++ b/doc/man/man1/ldapmodify.1 @@ -35,6 +35,8 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools [\c .BI \-w \ passwd\fR] [\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c .BI \-p \ ldapport\fR] @@ -197,11 +199,16 @@ This is used instead of specifying the password on the command line. .BI \-w \ passwd Use \fIpasswd\fP as the password for simple authentication. .TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s). +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of -H. .TP .BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of -H. .TP .BI \-P \ 2\fR\||\|\fI3 Specify the LDAP protocol version to use. diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1 index 03675c938b..f0b3db990a 100644 --- a/doc/man/man1/ldapmodrdn.1 +++ b/doc/man/man1/ldapmodrdn.1 @@ -31,6 +31,8 @@ ldapmodrdn \- LDAP rename entry tool [\c .BI \-w \ passwd\fR] [\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c .BI \-p \ ldapport\fR] @@ -128,11 +130,16 @@ This is used instead of specifying the password on the command line. .B \-w passwd Use \fIpasswd\fP as the password for simple authentication. .TP -.B \-h ldaphost -Specify an alternate host on which the ldap server is running. +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s). .TP -.B \-p ldapport +.BI \-h \ ldaphost +Specify an alternate host on which the ldap server is running. +Deprecated in favor of -H. +.TP +.BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of -H. .TP .BI \-P \ 2\fR\||\|\fI3 Specify the LDAP protocol version to use. diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1 index 512c7d5367..4660f77de5 100644 --- a/doc/man/man1/ldappasswd.1 +++ b/doc/man/man1/ldappasswd.1 @@ -17,6 +17,8 @@ ldappasswd \- change the password of an LDAP entry [\c .BI \-d \ debuglevel\fR] [\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c .BR \-n ] @@ -87,8 +89,16 @@ Set the LDAP debugging level to \fIdebuglevel\fP. .B ldappasswd must be compiled with LDAP_DEBUG defined for this option to have any effect. .TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s). +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of -H. +.TP +.BI \-p \ ldapport +Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of -H. .TP .B \-n Do not set password. (Can be useful when used in conjunction with @@ -102,9 +112,6 @@ This is used instead of specifying the password on the command line. .BI \-s \ newPasswd Set the new password to \fInewPasswd\fP. .TP -.BI \-p \ ldapport -Specify an alternate port on which the ldap server is running. -.TP .B \-v Increase the verbosity of output. Can be specified multiple times. .TP diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index b35b00cd72..30683779b6 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -37,6 +37,8 @@ ldapsearch \- LDAP search tool [\c .BI \-w \ bindpasswd\fR] [\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c .BI \-p \ ldapport\fR] @@ -176,11 +178,16 @@ This is used instead of specifying the password on the command line. .BI \-w \ bindpasswd Use \fIbindpasswd\fP as the password for simple authentication. .TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s). +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of -H. .TP .BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of -H. .TP .BI \-b \ searchbase Use \fIsearchbase\fP as the starting point for the search instead of diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 index a99091c5f8..77ffd39490 100644 --- a/doc/man/man8/slappasswd.8 +++ b/doc/man/man8/slappasswd.8 @@ -6,8 +6,8 @@ slappasswd \- OpenLDAP password utility .SH SYNOPSIS .B SBINDIR/slappasswd -.B [\-a] .B [\-v] +.B [\-u] .B [\-s secret] .B [\-h hash] .B @@ -15,24 +15,28 @@ slappasswd \- OpenLDAP password utility .SH DESCRIPTION .LP .B Slappasswd -is used to compute a hashed password suitable for use -as a userPassword value +is used to generate an userPassword value +suitable for use with +.BR ldapmodify (1) +or .BR slapd.conf (5) -.BR rootpw . +.I rootpw +coniguration directive. .SH OPTIONS .TP -.B \-a -generate authPassword values instead of RFC2307 passwords -.TP .B \-v enable verbose mode. +.B \-u +generate RFC2307 userPassword values (the default). Future +versions of this program may generate alternative syntaxes +by default. This option is provided for forward compatibility. .TP .BI \-s " secret" The secret to hash. If not provided, the user will be prompted for the secret to hash. .TP -.BI \-h " scheme" -The hash scheme to use. RFC2307 schemes supported include +If -h is specified, one of the following RFC2307 schemes may +be specified: .IR {CRYPT} , .IR {MD5} , .IR {SMD5} , @@ -41,17 +45,11 @@ The hash scheme to use. RFC2307 schemes supported include The default is .IR {SSHA} . .LP -If \-a is specified, the following authPassword schemes -may be specified: -.IR MD5 , -.IR SHA1 ", and" -.IR X-CRYPT . -The default is -.IR SHA1 . .SH LIMITATIONS -The practice storing hashed passwords in userPassword -violates Standard Track schema and may hinder -interoperability. authPassword is not yet widely supported. +The practice storing hashed passwords in userPassword violates +Standard Track (RFC2256) schema specifications and may hinder +interoperability. A new attribute type to hold hashed +passwords is needed. .SH "SECURITY CONSIDERATIONS" Use of hashed passwords does not protect passwords during protocol transfer. TLS or other eavesdropping protections @@ -62,10 +60,10 @@ were clear text passwords. .BR ldappasswd (1), .BR ldapmodify (1), .BR slapd (8) +.BR slapd.conf (5) .LP "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) .SH ACKNOWLEDGEMENTS -.B OpenLDAP -is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -.B OpenLDAP -is derived from University of Michigan LDAP 3.3 Release. +OpenLDAP is developed and maintained by +The OpenLDAP Project (http://www.openldap.org/). +OpenLDAP is derived from University of Michigan LDAP 3.3 Release. diff --git a/libraries/libldap/ldap.conf b/libraries/libldap/ldap.conf index 03d508c94f..bd1ae7714d 100644 --- a/libraries/libldap/ldap.conf +++ b/libraries/libldap/ldap.conf @@ -6,8 +6,8 @@ # See ldap.conf(5) for details # This file should be world readable. -#BASE dc=OpenLDAP, dc=Org -#URI ldap://ldap.openldap.org ldap://ldap-master.openldap.org:666 +#BASE dc=example, dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 57eec85a35..2ae39d4c0f 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -240,47 +240,6 @@ ldap_initialize( LDAP **ldp, LDAP_CONST char *url ) return LDAP_SUCCESS; } -int -ldap_start_tls_s ( LDAP *ld, - LDAPControl **serverctrls, - LDAPControl **clientctrls ) -{ -#ifdef HAVE_TLS - LDAPConn *lc; - int rc; - char *rspoid = NULL; - struct berval *rspdata = NULL; - - if (ld->ld_conns == NULL) { - rc = ldap_open_defconn( ld ); - if (rc != LDAP_SUCCESS) - return(rc); - } - - for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) { - if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0) - return LDAP_OPERATIONS_ERROR; - - /* XXYYZ: this initiates operaton only on default connection! */ - rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS, - NULL, serverctrls, clientctrls, &rspoid, &rspdata); - - if (rc != LDAP_SUCCESS) - return rc; - if (rspoid != NULL) - LDAP_FREE(rspoid); - if (rspdata != NULL) - ber_bvfree(rspdata); - rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx ); - if (rc != LDAP_SUCCESS) - return rc; - } - return LDAP_SUCCESS; -#else - return LDAP_NOT_SUPPORTED; -#endif -} - int ldap_int_open_connection( LDAP *ld, diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index 9aed9ebe08..4f64d783fd 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -8,8 +8,6 @@ #include "portable.h" -#ifdef HAVE_TLS - #include #include @@ -21,6 +19,8 @@ #include "ldap-int.h" +#ifdef HAVE_TLS + #ifdef LDAP_R_COMPILE #include #endif @@ -1033,7 +1033,46 @@ tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length ) return NULL; } #endif - -#else -static int dummy; #endif + +int +ldap_start_tls_s ( LDAP *ld, + LDAPControl **serverctrls, + LDAPControl **clientctrls ) +{ +#ifdef HAVE_TLS + LDAPConn *lc; + int rc; + char *rspoid = NULL; + struct berval *rspdata = NULL; + + if (ld->ld_conns == NULL) { + rc = ldap_open_defconn( ld ); + if (rc != LDAP_SUCCESS) + return(rc); + } + + for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) { + if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0) + return LDAP_OPERATIONS_ERROR; + + /* XXYYZ: this initiates operaton only on default connection! */ + rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS, + NULL, serverctrls, clientctrls, &rspoid, &rspdata); + + if (rc != LDAP_SUCCESS) + return rc; + if (rspoid != NULL) + LDAP_FREE(rspoid); + if (rspdata != NULL) + ber_bvfree(rspdata); + rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx ); + if (rc != LDAP_SUCCESS) + return rc; + } + return LDAP_SUCCESS; +#else + return LDAP_NOT_SUPPORTED; +#endif +} +