Import -H support and other misc. changes

2025-01-18 11:05:48 +08:00 · 2000-08-26 19:04:33 +00:00 · 2000-08-26 19:04:33 +00:00 · 681209a7c2
commit 681209a7c2
parent 92115eb352
14 changed files with 319 additions and 108 deletions
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@ -23,6 +23,7 @@
 static char	*prog;
 static char	*binddn = NULL;
 static struct berval passwd = { 0, NULL };
+static char *ldapuri = NULL;
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 static int	prune = 0;
@ -36,7 +37,7 @@ static char	*sasl_secprops = NULL;
 #endif
 static int	use_tls = 0;
 static int	not, verbose, contoper;
-static LDAP	*ld;
+static LDAP	*ld = NULL;

 static int dodelete LDAP_P((
    LDAP *ld,
@ -100,7 +101,7 @@ main( int argc, char **argv )

    prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;

-    while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+    while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
 	switch( i ) {
 	/* Delete Specific Options */
 	case 'c':	/* continuous operation mode */
@ -135,12 +136,31 @@ main( int argc, char **argv )
 	    binddn = strdup( optarg );
 	    break;
 	case 'h':	/* ldap host */
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -h incompatible with -H\n" );
+			return EXIT_FAILURE;
+		}
 		if( ldaphost != NULL ) {
 			fprintf( stderr, "%s: -h previously specified\n" );
 			return EXIT_FAILURE;
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'H':	/* ldap URI */
+		if( ldaphost != NULL ) {
+			fprintf( stderr, "%s: -H incompatible with -h\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapport ) {
+			fprintf( stderr, "%s: -H incompatible with -p\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -H previously specified\n" );
+			return EXIT_FAILURE;
+		}
+	    ldapuri = strdup( optarg );
+	    break;
 	case 'I':
 #ifdef HAVE_CYRUS_SASL
 		if( version == LDAP_VERSION2 ) {
@ -472,10 +492,27 @@ main( int argc, char **argv )
 	(void) SIGNAL( SIGPIPE, SIG_IGN );
 #endif

-    if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
-		perror( "ldap_init" );
-		return( EXIT_FAILURE );
-    }
+	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_init( %s, %d )\n",
+				ldaphost != NULL ? ldaphost : "<DEFAULT>",
+				ldapport );
+		}
+		ld = ldap_init( ldaphost, ldapport );
+
+	} else {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_initialize( %s )\n",
+				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+		}
+		(void) ldap_initialize( &ld, ldapuri );
+	}
+
+	if( ld == NULL ) {
+		fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+			rc, ldap_err2string(rc) );
+		return EXIT_FAILURE;
+	}

 	{
 		/* this seems prudent for searches below */
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@ -36,6 +36,7 @@
 static char	*prog;
 static char	*binddn = NULL;
 static struct berval passwd = { 0, NULL };
+static char *ldapuri = NULL;
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
@ -48,7 +49,7 @@ static char	*sasl_secprops = NULL;
 #endif
 static int	use_tls = 0;
 static int	ldapadd, replace, not, verbose, contoper, force;
-static LDAP	*ld;
+static LDAP	*ld = NULL;

 #define LDAPMOD_MAXLINE		4096

@ -157,7 +158,7 @@ main( int argc, char **argv )
    authmethod = -1;
 	version = -1;

-    while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+    while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
 	switch( i ) {
 	/* Modify Options */
 	case 'a':	/* add */
@ -195,12 +196,31 @@ main( int argc, char **argv )
 	    binddn = strdup( optarg );
 	    break;
 	case 'h':	/* ldap host */
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -h incompatible with -H\n" );
+			return EXIT_FAILURE;
+		}
 		if( ldaphost != NULL ) {
 			fprintf( stderr, "%s: -h previously specified\n" );
 			return EXIT_FAILURE;
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'H':	/* ldap URI */
+		if( ldaphost != NULL ) {
+			fprintf( stderr, "%s: -H incompatible with -h\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapport ) {
+			fprintf( stderr, "%s: -H incompatible with -p\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -H previously specified\n" );
+			return EXIT_FAILURE;
+		}
+	    ldapuri = strdup( optarg );
+	    break;
 	case 'I':
 #ifdef HAVE_CYRUS_SASL
 		if( version == LDAP_VERSION2 ) {
@ -539,9 +559,26 @@ main( int argc, char **argv )
 #endif

    if ( !not ) {
-	if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
-	    perror( "ldap_init" );
-	    return( EXIT_FAILURE );
+	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_init( %s, %d )\n",
+				ldaphost != NULL ? ldaphost : "<DEFAULT>",
+				ldapport );
+		}
+		ld = ldap_init( ldaphost, ldapport );
+
+	} else {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_initialize( %s )\n",
+				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+		}
+		(void) ldap_initialize( &ld, ldapuri );
+	}
+
+	if( ld == NULL ) {
+		fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+			rc, ldap_err2string(rc) );
+		return EXIT_FAILURE;
 	}

 	/* referrals */
--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
@ -35,6 +35,7 @@
 static char *prog = NULL;
 static char	*binddn = NULL;
 static struct berval passwd = { 0, NULL };
+static char	*ldapuri = NULL;
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
@ -47,7 +48,7 @@ static char	*sasl_secprops = NULL;
 #endif
 static int	use_tls = 0;
 static int	not, verbose, contoper;
-static LDAP	*ld;
+static LDAP	*ld = NULL;

 static int domodrdn(
    LDAP	*ld,
@ -116,7 +117,7 @@ main(int argc, char **argv)

    prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;

-    while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+    while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
 	switch( i ) {
 	/* Modrdn Options */
 	case 'c':
@ -157,12 +158,31 @@ main(int argc, char **argv)
 	    binddn = strdup( optarg );
 	    break;
 	case 'h':	/* ldap host */
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -h incompatible with -H\n" );
+			return EXIT_FAILURE;
+		}
 		if( ldaphost != NULL ) {
 			fprintf( stderr, "%s: -h previously specified\n" );
 			return EXIT_FAILURE;
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'H':	/* ldap URI */
+		if( ldaphost != NULL ) {
+			fprintf( stderr, "%s: -H incompatible with -h\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapport ) {
+			fprintf( stderr, "%s: -H incompatible with -p\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -H previously specified\n" );
+			return EXIT_FAILURE;
+		}
+	    ldapuri = strdup( optarg );
+	    break;
 	case 'I':
 #ifdef HAVE_CYRUS_SASL
 		if( version == LDAP_VERSION2 ) {
@ -515,10 +535,27 @@ main(int argc, char **argv)
 	(void) SIGNAL( SIGPIPE, SIG_IGN );
 #endif

-    if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
-	perror( "ldap_init" );
-	return( EXIT_FAILURE );
-    }
+	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_init( %s, %d )\n",
+				ldaphost != NULL ? ldaphost : "<DEFAULT>",
+				ldapport );
+		}
+		ld = ldap_init( ldaphost, ldapport );
+
+	} else {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_initialize( %s )\n",
+				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+		}
+		(void) ldap_initialize( &ld, ldapuri );
+	}
+
+	if( ld == NULL ) {
+		fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+			rc, ldap_err2string(rc) );
+		return EXIT_FAILURE;
+	}

 	/* referrals */
 	if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@ -41,7 +41,8 @@ usage(const char *s)
 "  -d level   set LDAP debugging level to `level'\n"
 "  -D binddn  bind DN\n"
 "  -f file    read operations from `file'\n"
-"  -h host    LDAP server\n"
+"  -h host    LDAP server(s)\n"
+"  -H URI     LDAP Uniform Resource Indentifier(s)\n"
 "  -I         use SASL Interactive mode\n"
 "  -n         show what would be done but don't actually search\n"
 "  -O props   SASL security properties\n"
@ -67,6 +68,7 @@ main( int argc, char *argv[] )
 	int rc;
 	char	*prog = NULL;
 	char	*ldaphost = NULL;
+	char	*ldapuri = NULL;

 	char	*dn = NULL;
 	char	*binddn = NULL;
@ -96,7 +98,7 @@ main( int argc, char *argv[] )
 #endif
 	int		use_tls = 0;
 	int		referrals = 0;
-	LDAP	       *ld;
+	LDAP	       *ld = NULL;
 	struct berval *bv = NULL;

 	int id, code;
@ -111,7 +113,7 @@ main( int argc, char *argv[] )
 		usage (argv[0]);

 	while( (i = getopt( argc, argv,
-		"Aa:Ss:" "Cd:D:h:InO:p:QRU:vw:WxX:Y:Z" )) != EOF )
+		"Aa:Ss:" "Cd:D:h:H:InO:p:QRU:vw:WxX:Y:Z" )) != EOF )
 	{
 		switch (i) {
 		/* Password Options */
@ -161,12 +163,31 @@ main( int argc, char *argv[] )
 	    binddn = strdup( optarg );
 	    break;
 	case 'h':	/* ldap host */
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -h incompatible with -H\n" );
+			return EXIT_FAILURE;
+		}
 		if( ldaphost != NULL ) {
 			fprintf( stderr, "%s: -h previously specified\n" );
 			return EXIT_FAILURE;
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'H':	/* ldap URI */
+		if( ldaphost != NULL ) {
+			fprintf( stderr, "%s: -H incompatible with -h\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapport ) {
+			fprintf( stderr, "%s: -H incompatible with -p\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -H previously specified\n" );
+			return EXIT_FAILURE;
+		}
+	    ldapuri = strdup( optarg );
+	    break;
 	case 'I':
 #ifdef HAVE_CYRUS_SASL
 		if( version == LDAP_VERSION2 ) {
@ -542,8 +563,25 @@ main( int argc, char *argv[] )
 #endif

 	/* connect to server */
-	if ((ld = ldap_init( ldaphost, ldapport )) == NULL) {
-		perror("ldap_init");
+	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_init( %s, %d )\n",
+				ldaphost != NULL ? ldaphost : "<DEFAULT>",
+				ldapport );
+		}
+		ld = ldap_init( ldaphost, ldapport );
+
+	} else {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_initialize( %s )\n",
+				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+		}
+		(void) ldap_initialize( &ld, ldapuri );
+	}
+
+	if( ld == NULL ) {
+		fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+			rc, ldap_err2string(rc) );
 		return EXIT_FAILURE;
 	}

--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@ -145,6 +145,7 @@ static char	*binddn = NULL;
 static struct berval passwd = { 0, NULL };
 static char	*base = NULL;
 static char	*ldaphost = NULL;
+static char *ldapuri = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
 static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
@ -166,7 +167,7 @@ main( int argc, char **argv )
 	int			rc, i, first, scope, deref, attrsonly, manageDSAit;
 	int			referrals, timelimit, sizelimit, debug;
 	int		authmethod, version, want_bindpw;
-	LDAP		*ld;
+	LDAP		*ld = NULL;

 	infile = NULL;
 	debug = verbose = not = vals2tmp = referrals =
@ -180,7 +181,7 @@ main( int argc, char **argv )
    prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;

 	while (( i = getopt( argc, argv,
-		"Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF )
+		"Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF )
 	{
 	switch( i ) {
 	/* Search Options */
@ -265,12 +266,31 @@ main( int argc, char **argv )
 	    binddn = strdup( optarg );
 	    break;
 	case 'h':	/* ldap host */
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -h incompatible with -H\n" );
+			return EXIT_FAILURE;
+		}
 		if( ldaphost != NULL ) {
 			fprintf( stderr, "%s: -h previously specified\n" );
 			return EXIT_FAILURE;
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'H':	/* ldap URI */
+		if( ldaphost != NULL ) {
+			fprintf( stderr, "%s: -H incompatible with -h\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapport ) {
+			fprintf( stderr, "%s: -H incompatible with -p\n" );
+			return EXIT_FAILURE;
+		}
+		if( ldapuri != NULL ) {
+			fprintf( stderr, "%s: -H previously specified\n" );
+			return EXIT_FAILURE;
+		}
+	    ldapuri = strdup( optarg );
+	    break;
 	case 'I':
 #ifdef HAVE_CYRUS_SASL
 		if( version == LDAP_VERSION2 ) {
@ -642,15 +662,26 @@ main( int argc, char **argv )
 	(void) SIGNAL( SIGPIPE, SIG_IGN );
 #endif

-	if ( verbose ) {
-		fprintf( stderr,
-			(ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, <DEFAULT> )\n"),
-			(ldaphost != NULL) ? ldaphost : "<DEFAULT>",
-			ldapport );
+
+	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_init( %s, %d )\n",
+				ldaphost != NULL ? ldaphost : "<DEFAULT>",
+				ldapport );
+		}
+		ld = ldap_init( ldaphost, ldapport );
+
+	} else {
+		if ( verbose ) {
+			fprintf( stderr, "ldap_initialize( %s )\n",
+				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+		}
+		(void) ldap_initialize( &ld, ldapuri );
 	}

-	if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
-		perror( "ldap_init" );
+	if( ld == NULL ) {
+		fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+			rc, ldap_err2string(rc) );
 		return EXIT_FAILURE;
 	}

--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@ -31,6 +31,8 @@ ldapdelete \- LDAP delete entry tool
 [\c
 .BI \-w \ passwd\fR]
 [\c
+.BI \-H \ ldapuri\fR]
+[\c
 .BI \-h \ ldaphost\fR]
 [\c
 .BI \-P \ 2\fR\||\|\fI3\fR]
@ -127,11 +129,16 @@ This is used instead of specifying the password on the command line.
 .BI \-w \ passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
 .BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
 .TP
 .BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
 .TP
 .BI \-P \ 2\fR\||\|\fI3
 Specify the LDAP protocol version to use.
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@ -35,6 +35,8 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
 [\c
 .BI \-w \ passwd\fR]
 [\c
+.BI \-H \ ldapuri\fR]
+[\c
 .BI \-h \ ldaphost\fR]
 [\c
 .BI \-p \ ldapport\fR]
@ -197,11 +199,16 @@ This is used instead of specifying the password on the command line.
 .BI \-w \ passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
 .BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
 .TP
 .BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
 .TP
 .BI \-P \ 2\fR\||\|\fI3
 Specify the LDAP protocol version to use.
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@ -31,6 +31,8 @@ ldapmodrdn \- LDAP rename entry tool
 [\c
 .BI \-w \ passwd\fR]
 [\c
+.BI \-H \ ldapuri\fR]
+[\c
 .BI \-h \ ldaphost\fR]
 [\c
 .BI \-p \ ldapport\fR]
@ -128,11 +130,16 @@ This is used instead of specifying the password on the command line.
 .B \-w passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
-.B \-h ldaphost
-Specify an alternate host on which the ldap server is running.
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
 .TP
-.B \-p ldapport
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
 .TP
 .BI \-P \ 2\fR\||\|\fI3
 Specify the LDAP protocol version to use.
--- a/doc/man/man1/ldappasswd.1
+++ b/doc/man/man1/ldappasswd.1
@ -17,6 +17,8 @@ ldappasswd \- change the password of an LDAP entry
 [\c
 .BI \-d \ debuglevel\fR]
 [\c
+.BI \-H \ ldapuri\fR]
+[\c
 .BI \-h \ ldaphost\fR]
 [\c
 .BR \-n ]
@ -87,8 +89,16 @@ Set the LDAP debugging level to \fIdebuglevel\fP.
 .B ldappasswd
 must be compiled with LDAP_DEBUG defined for this option to have any effect.
 .TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
 .BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
 .TP
 .B \-n
 Do not set password. (Can be useful when used in conjunction with
@ -102,9 +112,6 @@ This is used instead of specifying the password on the command line.
 .BI \-s \ newPasswd
 Set the new password to \fInewPasswd\fP.
 .TP
-.BI \-p \ ldapport
-Specify an alternate port on which the ldap server is running.
-.TP
 .B \-v
 Increase the verbosity of output.  Can be specified multiple times.
 .TP
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@ -37,6 +37,8 @@ ldapsearch \- LDAP search tool
 [\c
 .BI \-w \ bindpasswd\fR]
 [\c
+.BI \-H \ ldapuri\fR]
+[\c
 .BI \-h \ ldaphost\fR]
 [\c
 .BI \-p \ ldapport\fR]
@ -176,11 +178,16 @@ This is used instead of specifying the password on the command line.
 .BI \-w \ bindpasswd
 Use \fIbindpasswd\fP as the password for simple authentication.
 .TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
 .BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
 .TP
 .BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
 .TP
 .BI \-b \ searchbase
 Use \fIsearchbase\fP as the starting point for the search instead of
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@ -6,8 +6,8 @@
 slappasswd \- OpenLDAP password utility
 .SH SYNOPSIS
 .B SBINDIR/slappasswd
-.B [\-a]
 .B [\-v]
+.B [\-u]
 .B [\-s secret]
 .B [\-h hash]
 .B 
@ -15,24 +15,28 @@ slappasswd \- OpenLDAP password utility
 .SH DESCRIPTION
 .LP
 .B Slappasswd
-is used to compute a hashed password suitable for use
-as a userPassword value
+is used to generate an userPassword value
+suitable for use with
+.BR ldapmodify (1)
+or
 .BR slapd.conf (5)
-.BR rootpw .
+.I rootpw
+coniguration directive.
 .SH OPTIONS
 .TP
-.B \-a
-generate authPassword values instead of RFC2307 passwords
-.TP
 .B \-v
 enable verbose mode.
+.B \-u
+generate RFC2307 userPassword values (the default).  Future
+versions of this program may generate alternative syntaxes
+by default.  This option is provided for forward compatibility.
 .TP
 .BI \-s " secret"
 The secret to hash.  If not provided, the user will be prompted
 for the secret to hash.
 .TP
-.BI \-h " scheme"
-The hash scheme to use.  RFC2307 schemes supported include
+If -h is specified, one of the following RFC2307 schemes may
+be specified:
 .IR {CRYPT} ,
 .IR {MD5} ,
 .IR {SMD5} ,
@ -41,17 +45,11 @@ The hash scheme to use.  RFC2307 schemes supported include
 The default is 
 .IR {SSHA} .
 .LP
-If \-a is specified, the following authPassword schemes
-may be specified:
-.IR MD5 ,
-.IR SHA1 ", and"
-.IR X-CRYPT .
-The default is
-.IR SHA1 .
 .SH LIMITATIONS
-The practice storing hashed passwords in userPassword
-violates Standard Track schema and may hinder
-interoperability.  authPassword is not yet widely supported.
+The practice storing hashed passwords in userPassword violates
+Standard Track (RFC2256) schema specifications and may hinder
+interoperability.  A new attribute type to hold hashed
+passwords is needed.
 .SH "SECURITY CONSIDERATIONS"
 Use of hashed passwords does not protect passwords during
 protocol transfer.  TLS or other eavesdropping protections
@ -62,10 +60,10 @@ were clear text passwords.
 .BR ldappasswd (1),
 .BR ldapmodify (1),
 .BR slapd (8)
+.BR slapd.conf (5)
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
 .SH ACKNOWLEDGEMENTS
-.B	OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B	OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.  
+OpenLDAP is developed and maintained by
+The OpenLDAP Project (http://www.openldap.org/).
+OpenLDAP is derived from University of Michigan LDAP 3.3 Release.  
--- a/libraries/libldap/ldap.conf
+++ b/libraries/libldap/ldap.conf
@ -6,8 +6,8 @@
 # See ldap.conf(5) for details
 # This file should be world readable.

-#BASE	dc=OpenLDAP, dc=Org
-#URI	ldap://ldap.openldap.org ldap://ldap-master.openldap.org:666
+#BASE	dc=example, dc=com
+#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

 #SIZELIMIT	12
 #TIMELIMIT	15
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@ -240,47 +240,6 @@ ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
 	return LDAP_SUCCESS;
 }

-int
-ldap_start_tls_s ( LDAP *ld,
-				LDAPControl **serverctrls,
-				LDAPControl **clientctrls )
-{
-#ifdef HAVE_TLS
-	LDAPConn *lc;
-	int rc;
-	char *rspoid = NULL;
-	struct berval *rspdata = NULL;
-
-	if (ld->ld_conns == NULL) {
-		rc = ldap_open_defconn( ld );
-		if (rc != LDAP_SUCCESS)
-			return(rc);
-	}
-
-	for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
-		if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
-			return LDAP_OPERATIONS_ERROR;
-
-		/* XXYYZ: this initiates operaton only on default connection! */
-		rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
-			NULL, serverctrls, clientctrls, &rspoid, &rspdata);
-
-		if (rc != LDAP_SUCCESS)
-			return rc;
-		if (rspoid != NULL)
-			LDAP_FREE(rspoid);
-		if (rspdata != NULL)
-			ber_bvfree(rspdata);
-		rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
-		if (rc != LDAP_SUCCESS)
-			return rc;
-	}
-	return LDAP_SUCCESS;
-#else
-	return LDAP_NOT_SUPPORTED;
-#endif
-}
-
 int
 ldap_int_open_connection(
 	LDAP *ld,
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@ -8,8 +8,6 @@

 #include "portable.h"

-#ifdef HAVE_TLS
-
 #include <stdio.h>

 #include <ac/stdlib.h>
@ -21,6 +19,8 @@

 #include "ldap-int.h"

+#ifdef HAVE_TLS
+
 #ifdef LDAP_R_COMPILE
 #include <ldap_pvt_thread.h>
 #endif
@ -1033,7 +1033,46 @@ tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
 	return NULL;
 }
 #endif
-
-#else
-static int dummy;
 #endif
+
+int
+ldap_start_tls_s ( LDAP *ld,
+				LDAPControl **serverctrls,
+				LDAPControl **clientctrls )
+{
+#ifdef HAVE_TLS
+	LDAPConn *lc;
+	int rc;
+	char *rspoid = NULL;
+	struct berval *rspdata = NULL;
+
+	if (ld->ld_conns == NULL) {
+		rc = ldap_open_defconn( ld );
+		if (rc != LDAP_SUCCESS)
+			return(rc);
+	}
+
+	for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
+		if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
+			return LDAP_OPERATIONS_ERROR;
+
+		/* XXYYZ: this initiates operaton only on default connection! */
+		rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
+			NULL, serverctrls, clientctrls, &rspoid, &rspdata);
+
+		if (rc != LDAP_SUCCESS)
+			return rc;
+		if (rspoid != NULL)
+			LDAP_FREE(rspoid);
+		if (rspdata != NULL)
+			ber_bvfree(rspdata);
+		rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
+		if (rc != LDAP_SUCCESS)
+			return rc;
+	}
+	return LDAP_SUCCESS;
+#else
+	return LDAP_NOT_SUPPORTED;
+#endif
+}
+