diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8 index 56797016ef..3cbd2674d1 100644 --- a/doc/man/man8/slapacl.8 +++ b/doc/man/man8/slapacl.8 @@ -5,13 +5,14 @@ slapacl \- Check access to a list of attributes. .SH SYNOPSIS .B SBINDIR/slapacl -.B [\-v] +.B \-b DN .B [\-d level] +.B [\-D authcDN | \-U authcID] .B [\-f slapd.conf] .B [\-F confdir] -.B [\-D authcDN | \-U authcID] -.B \-b DN +.B [\-o name[=value] .B [\-u] +.B [\-v] .B [\-X authzID | \-o authzDN=DN] .B [attr[/access][:value]] [...] .LP @@ -35,13 +36,25 @@ pseudo-attribute is tested. .LP .SH OPTIONS .TP -.B \-v -enable verbose mode. +.BI \-b " DN" +specify the +.B DN +which access is requested to; the corresponding entry is fetched +from the database, and thus it must exist. +The DN is also used to determine what rules apply; thus, it must be +in the naming context of a configured database. See also +.BR \-u . .TP .BI \-d " level" enable debugging messages as defined by the specified .IR level . .TP +.BI \-D " authcDN" +specify a DN to be used as identity through the test session +when selecting appropriate +.B +clauses in access lists. +.TP .BI \-f " slapd.conf" specify an alternative .BR slapd.conf (5) @@ -60,62 +73,42 @@ default config directory will be made before trying to use the default config file. If a valid config directory exists then the default config file is ignored. .TP -.BI \-D " authcDN" -specify a DN to be used as identity through the test session -when selecting appropriate -.B -clauses in access lists. -.TP -.BI \-U " authcID" -specify an ID to be mapped to a -.B DN -as by means of -.B authz-regexp -or -.B authz-rewrite -rules (see -.BR slapd.conf (5) -for details); mutually exclusive with -.BR \-D . -.TP -.BI \-X " authzID" -specify an authorization ID to be mapped to a -.B DN -as by means of -.B authz-regexp -or -.B authz-rewrite -rules (see -.BR slapd.conf (5) -for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP. -.TP .BI \-o " option[=value]" Specify an .BR option with a(n optional) .BR value . -Possible options/values are: +Possible generic options/values are: .LP .nf - sockurl + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.RS +Possible options/values specific to +.B slapacl +are: +.RE +.nf + + authzDN domain peername - sockname - ssf - transport_ssf - tls_ssf sasl_ssf - authzDN + sockname + sockurl + ssf + tls_ssf + transport_ssf + .fi -.TP -.BI \-b " DN" -specify the -.B DN -which access is requested to; the corresponding entry is fetched -from the database, and thus it must exist. -The DN is also used to determine what rules apply; thus, it must be -in the naming context of a configured database. See also -.BR \-u . +.RS +See the related fields in +.BR slapd.access (5) +for details. +.RE .TP .BI \-u do not fetch the entry from the database. @@ -131,6 +124,32 @@ option is still used to select what rules apply; thus, it must be in the naming context of a configured database. See also .BR \-b . +.TP +.BI \-U " authcID" +specify an ID to be mapped to a +.B DN +as by means of +.B authz-regexp +or +.B authz-rewrite +rules (see +.BR slapd.conf (5) +for details); mutually exclusive with +.BR \-D . +.TP +.B \-v +enable verbose mode. +.TP +.BI \-X " authzID" +specify an authorization ID to be mapped to a +.B DN +as by means of +.B authz-regexp +or +.B authz-rewrite +rules (see +.BR slapd.conf (5) +for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP. .SH EXAMPLES The command .LP diff --git a/doc/man/man8/slapadd.8 b/doc/man/man8/slapadd.8 index f8ef62cd7e..39a9785d15 100644 --- a/doc/man/man8/slapadd.8 +++ b/doc/man/man8/slapadd.8 @@ -6,18 +6,19 @@ slapadd \- Add entries to a SLAPD database .SH SYNOPSIS .B SBINDIR/slapadd -.B [\-v] +.B [\-b suffix] .B [\-c] .B [\-g] -.B [\-u] -.B [\-q] -.B [\-w] .B [\-d level] -.B [\-b suffix] -.B [\-n dbnum] .B [\-f slapd.conf] .B [\-F confdir] .B [\-l ldif-file] +.B [\-n dbnum] +.B [\-o name[=value] +.B [\-q] +.B [\-u] +.B [\-v] +.B [\-w] .SH DESCRIPTION .LP .B Slapadd @@ -43,40 +44,6 @@ schema checks, and does not maintain operational attributes (such as createTimeStamp and modifiersName). .SH OPTIONS .TP -.B \-v -enable verbose mode. -.TP -.B \-c -enable continue (ignore errors) mode. -.TP -.B \-g -disable subordinate gluing. Only the specified database will be -processed, and not its glued subordinates (if any). -.TP -.B -s -disable schema checking. This option is intended to be used when loading -databases containing special objects, such as fractional objects on a -partial replica. Loading normal objects which do not conform to -schema may result in unexpected and ill behavior. -.TP -.B \-u -enable dry-run (don't write to backend) mode. -.TP -.B \-q -enable quick (fewer integrity checks) mode. Does fewer consistency checks -on the input data, and no consistency checks when writing the database. -Improves the load time but if any errors or interruptions occur the resulting -database will be unusable. -.TP -.BI \-w -write syncrepl context information. -After all entries are added, the contextCSN -will be updated with the greatest CSN in the database. -.TP -.BI \-d " level" -enable debugging messages as defined by the specified -.IR level . -.TP .BI \-b " suffix" Use the specified \fIsuffix\fR to determine which database to add entries to. The \-b cannot be used in conjunction @@ -84,13 +51,12 @@ with the .B \-n option. .TP -.BI \-n " dbnum" -Add entries to the \fIdbnum\fR\-th database listed in the -configuration file. The -.B \-n -cannot be used in conjunction with the -.B \-b -option. +.B \-c +enable continue (ignore errors) mode. +.TP +.BI \-d " level" +enable debugging messages as defined by the specified +.IR level . .TP .BI \-f " slapd.conf" specify an alternative @@ -111,8 +77,57 @@ config file. If a valid config directory exists then the default config file is ignored. If dryrun mode is also specified, no conversion will occur. .TP +.B \-g +disable subordinate gluing. Only the specified database will be +processed, and not its glued subordinates (if any). +.TP .BI \-l " ldif-file" Read LDIF from the specified file instead of standard input. +.TP +.BI \-n " dbnum" +Add entries to the \fIdbnum\fR\-th database listed in the +configuration file. The +.B \-n +cannot be used in conjunction with the +.B \-b +option. +.TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP +.B \-q +enable quick (fewer integrity checks) mode. Does fewer consistency checks +on the input data, and no consistency checks when writing the database. +Improves the load time but if any errors or interruptions occur the resulting +database will be unusable. +.TP +.B -s +disable schema checking. This option is intended to be used when loading +databases containing special objects, such as fractional objects on a +partial replica. Loading normal objects which do not conform to +schema may result in unexpected and ill behavior. +.TP +.B \-u +enable dry-run (don't write to backend) mode. +.TP +.B \-v +enable verbose mode. +.TP +.BI \-w +write syncrepl context information. +After all entries are added, the contextCSN +will be updated with the greatest CSN in the database. .SH LIMITATIONS Your .BR slapd (8) diff --git a/doc/man/man8/slapauth.8 b/doc/man/man8/slapauth.8 index 98ec37719f..69d8986c60 100644 --- a/doc/man/man8/slapauth.8 +++ b/doc/man/man8/slapauth.8 @@ -5,13 +5,14 @@ slapauth \- Check a list of string-represented IDs for authc/authz. .SH SYNOPSIS .B SBINDIR/slapauth -.B [\-v] .B [\-d level] .B [\-f slapd.conf] .B [\-F confdir] .B [\-M mech] +.B [\-o name[=value] .B [\-R realm] .B [\-U authcID] +.B [\-v] .B [\-X authzID] .B ID [...] .LP @@ -33,9 +34,6 @@ list given on the command-line. .LP .SH OPTIONS .TP -.B \-v -enable verbose mode. -.TP .BI \-d " level" enable debugging messages as defined by the specified .IR level . @@ -61,6 +59,20 @@ default config file is ignored. .BI \-M " mech" specify a mechanism. .TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP .BI \-R " realm" specify a realm. .TP @@ -86,6 +98,9 @@ If both and .I authzID are given via command line switch, the ID list cannot be present. +.TP +.B \-v +enable verbose mode. .SH EXAMPLES The command .LP diff --git a/doc/man/man8/slapcat.8 b/doc/man/man8/slapcat.8 index 4f80335d66..d5e803c9b5 100644 --- a/doc/man/man8/slapcat.8 +++ b/doc/man/man8/slapcat.8 @@ -6,17 +6,18 @@ slapcat \- SLAPD database to LDIF utility .SH SYNOPSIS .B SBINDIR/slapcat -.B [\-v] -.B [\-c] -.B [\-g] -.B [\-d level] -.B [\-b suffix] -.B [\-n dbnum] .B [\-a filter] -.B [\-s subtree-dn] +.B [\-b suffix] +.B [\-c] +.B [\-d level] .B [\-f slapd.conf] .B [\-F confdir] +.B [\-g] .B [\-l ldif-file] +.B [\-n dbnum] +.B [\-o name[=value] +.B [\-s subtree-dn] +.B [\-v] .B .LP .SH DESCRIPTION @@ -48,35 +49,6 @@ into superior first order and removing no-user-modification operational attributes. .SH OPTIONS .TP -.B \-v -Enable verbose mode. -.TP -.B \-c -Enable continue (ignore errors) mode. -.TP -.B \-g -disable subordinate gluing. Only the specified database will be -processed, and not its glued subordinates (if any). -.TP -.BI \-d " level" -Enable debugging messages as defined by the specified -.IR level . -.TP -.BI \-b " suffix" -Use the specified \fIsuffix\fR to determine which database to -generate output for. The \-b cannot be used in conjunction -with the -.B \-n -option. -.TP -.BI \-n " dbnum" -Generate output for the \fIdbnum\fR\-th database listed in the -configuration file. The -.B \-n -cannot be used in conjunction with the -.B \-b -option. -.TP .BI \-a " filter" Only dump entries matching the asserted filter. For example @@ -87,13 +59,19 @@ slapcat -a \\ will dump all but the "ou=People,dc=example,dc=com" subtree of the "dc=example,dc=com" database. .TP -.BI \-s " subtree-dn" -Only dump entries in the subtree specified by this DN. -Implies `-b subtree-dn' if no -.B \-b -or +.BI \-b " suffix" +Use the specified \fIsuffix\fR to determine which database to +generate output for. The \-b cannot be used in conjunction +with the .B \-n -option is given. +option. +.TP +.B \-c +Enable continue (ignore errors) mode. +.TP +.BI \-d " level" +Enable debugging messages as defined by the specified +.IR level . .TP .BI \-f " slapd.conf" Specify an alternative @@ -113,8 +91,45 @@ default config directory will be made before trying to use the default config file. If a valid config directory exists then the default config file is ignored. .TP +.B \-g +disable subordinate gluing. Only the specified database will be +processed, and not its glued subordinates (if any). +.TP .BI \-l " ldif-file" Write LDIF to specified file instead of standard output. +.TP +.BI \-n " dbnum" +Generate output for the \fIdbnum\fR\-th database listed in the +configuration file. The +.B \-n +cannot be used in conjunction with the +.B \-b +option. +.TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP +.BI \-s " subtree-dn" +Only dump entries in the subtree specified by this DN. +Implies `-b subtree-dn' if no +.B \-b +or +.B \-n +option is given. +.TP +.B \-v +Enable verbose mode. .SH LIMITATIONS In general, your .BR slapd (8) diff --git a/doc/man/man8/slapdn.8 b/doc/man/man8/slapdn.8 index 01513f2ee5..f297e5dcc7 100644 --- a/doc/man/man8/slapdn.8 +++ b/doc/man/man8/slapdn.8 @@ -5,11 +5,12 @@ slapdn \- Check a list of string-represented DNs based on schema syntax. .SH SYNOPSIS .B SBINDIR/slapdn -.B [\-v] .B [\-d level] .B [\-f slapd.conf] .B [\-F confdir] .B [\-N | \-P] +.B [\-o name[=value] +.B [\-v] .B DN [...] .LP .SH DESCRIPTION @@ -29,9 +30,6 @@ list given on the command-line. .LP .SH OPTIONS .TP -.B \-v -enable verbose mode. -.TP .BI \-d " level" enable debugging messages as defined by the specified .IR level . @@ -59,10 +57,27 @@ only output a normalized form of the DN, suitable to be used in a normalization tool; incompatible with .BR \-P . .TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP .BI \-P only output a prettified form of the DN, suitable to be used in a check and beautification tool; incompatible with .BR \-N . +.TP +.B \-v +enable verbose mode. .SH EXAMPLES To check a .B DN diff --git a/doc/man/man8/slapindex.8 b/doc/man/man8/slapindex.8 index 2da8317dc2..1d5f49c4e7 100644 --- a/doc/man/man8/slapindex.8 +++ b/doc/man/man8/slapindex.8 @@ -6,15 +6,16 @@ slapindex \- SLAPD index to LDIF utility .SH SYNOPSIS .B SBINDIR/slapindex -.B [\-v] -.B [\-c] -.B [\-g] -.B [\-q] -.B [\-d level] .B [\-b suffix] -.B [\-n dbnum] +.B [\-c] +.B [\-d level] .B [\-f slapd.conf] .B [\-F confdir] +.B [\-g] +.B [\-n dbnum] +.B [\-o name[=value] +.B [\-q] +.B [\-v] .B .LP .SH DESCRIPTION @@ -31,27 +32,6 @@ Databases configured as of this one are also re-indexed, unless \fB-g\fP is specified. .SH OPTIONS .TP -.B \-v -enable verbose mode. -.TP -.B \-c -enable continue (ignore errors) mode. -.TP -.B \-g -disable subordinate gluing. Only the specified database will be -processed, and not its glued subordinates (if any). -.TP -.B \-q -enable quick (fewer integrity checks) mode. Performs no consistency checks -when writing the database. Improves indexing time, -.B however -the database will most likely be unusable if any errors or -interruptions occur. -.TP -.BI \-d " level" -enable debugging messages as defined by the specified -.IR level . -.TP .BI \-b " suffix" Use the specified \fIsuffix\fR to determine which database to generate output for. The \-b cannot be used in conjunction @@ -59,13 +39,12 @@ with the .B \-n option. .TP -.BI \-n " dbnum" -Generate output for the \fIdbnum\fR\-th database listed in the -configuration file. The -.B \-n -cannot be used in conjunction with the -.B \-b -option. +.B \-c +enable continue (ignore errors) mode. +.TP +.BI \-d " level" +enable debugging messages as defined by the specified +.IR level . .TP .BI \-f " slapd.conf" specify an alternative @@ -84,6 +63,42 @@ If neither option is specified, an attempt to read the default config directory will be made before trying to use the default config file. If a valid config directory exists then the default config file is ignored. +.TP +.B \-g +disable subordinate gluing. Only the specified database will be +processed, and not its glued subordinates (if any). +.TP +.BI \-n " dbnum" +Generate output for the \fIdbnum\fR\-th database listed in the +configuration file. The +.B \-n +cannot be used in conjunction with the +.B \-b +option. +.TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP +.B \-q +enable quick (fewer integrity checks) mode. Performs no consistency checks +when writing the database. Improves indexing time, +.B however +the database will most likely be unusable if any errors or +interruptions occur. +.TP +.B \-v +enable verbose mode. .SH LIMITATIONS Your .BR slapd (8) diff --git a/doc/man/man8/slaptest.8 b/doc/man/man8/slaptest.8 index 3fcd484fbe..2e0e78fe0b 100644 --- a/doc/man/man8/slaptest.8 +++ b/doc/man/man8/slaptest.8 @@ -8,6 +8,7 @@ slaptest \- Check the suitability of the slapd.conf file. .B [\-d level] .B [\-f slapd.conf] .B [\-F confdir] +.B [\-o name[=value] .B [\-u] .B [\-v] .LP @@ -47,6 +48,20 @@ config file. If a valid config directory exists then the default config file is ignored. If dryrun mode is also specified, no conversion will occur. .TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP .B \-u enable dryrun mode (i.e. don't fail if databases cannot be opened, but config is fine). diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 83ecfc5267..5642c1b86c 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -106,10 +106,6 @@ static int version = 0; void *slap_tls_ctx; LDAP *slap_tls_ld; -#ifdef LOG_LOCAL4 -#define DEFAULT_SYSLOG_USER LOG_LOCAL4 -#endif /* LOG_LOCAL4 */ - static int slapd_opt_slp( const char *val, void *arg ) { @@ -162,7 +158,7 @@ struct option_helper { #if defined(LDAP_DEBUG) && defined(LDAP_SYSLOG) #ifdef LOG_LOCAL4 -static int +int parse_syslog_user( const char *arg, int *syslogUser ) { static slap_verbmasks syslogUsers[] = { @@ -182,12 +178,12 @@ parse_syslog_user( const char *arg, int *syslogUser ) #endif /* LOG_DAEMON */ { BER_BVNULL, 0 } }; - int i = verb_to_mask( optarg, syslogUsers ); + int i = verb_to_mask( arg, syslogUsers ); if ( BER_BVISNULL( &syslogUsers[ i ].word ) ) { Debug( LDAP_DEBUG_ANY, "unrecognized syslog user \"%s\".\n", - optarg, 0, 0 ); + arg, 0, 0 ); return 1; } @@ -197,7 +193,7 @@ parse_syslog_user( const char *arg, int *syslogUser ) } #endif /* LOG_LOCAL4 */ -static int +int parse_syslog_level( const char *arg, int *levelp ) { static slap_verbmasks str2syslog_level[] = { @@ -352,7 +348,7 @@ int main( int argc, char **argv ) char *sandbox = NULL; #endif #ifdef LOG_LOCAL4 - int syslogUser = DEFAULT_SYSLOG_USER; + int syslogUser = SLAP_DEFAULT_SYSLOG_USER; #endif int g_argc = argc; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 5a8bb9c5d6..5abf877253 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1021,6 +1021,10 @@ LDAP_SLAPD_F (int) lock_fclose LDAP_P(( FILE *fp, FILE *lfp )); LDAP_SLAPD_F (int) parse_debug_level LDAP_P(( const char *arg, int *levelp, char ***unknowns )); LDAP_SLAPD_F (int) +parse_syslog_level LDAP_P(( const char *arg, int *levelp )); +LDAP_SLAPD_F (int) +parse_syslog_user LDAP_P(( const char *arg, int *syslogUser )); +LDAP_SLAPD_F (int) parse_debug_unknowns LDAP_P(( char **unknowns, int *levelp )); /* diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index adfb016746..95eac5c9a6 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2681,21 +2681,27 @@ typedef struct slap_conn { SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate; } Connection; -#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) +#ifdef LDAP_DEBUG +#ifdef LDAP_SYSLOG +#ifdef LOG_LOCAL4 +#define SLAP_DEFAULT_SYSLOG_USER LOG_LOCAL4 +#endif /* LOG_LOCAL4 */ + #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) ) #define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level)) -#elif defined(LDAP_DEBUG) +#else /* !LDAP_SYSLOG */ #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ do { \ if ( ldap_debug & (level) ) \ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ } while (0) #define StatslogTest( level ) (ldap_debug & (level)) -#else +#endif /* !LDAP_SYSLOG */ +#else /* !LDAP_DEBUG */ #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) ((void) 0) #define StatslogTest( level ) (0) -#endif +#endif /* !LDAP_DEBUG */ /* * listener; need to access it from monitor backend diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index 59e1e01cf3..1a1ea03441 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -47,18 +47,26 @@ static FILE *leakfile; static LDIFFP dummy; +#ifdef LDAP_SYSLOG +int start_syslog; +static char **syslog_unknowns; +#ifdef LOG_LOCAL4 +static int syslogUser = SLAP_DEFAULT_SYSLOG_USER; +#endif /* LOG_LOCAL4 */ +#endif /* LDAP_SYSLOG */ + static void usage( int tool, const char *progname ) { char *options = NULL; fprintf( stderr, - "usage: %s [-v] [-d debuglevel] [-f configfile] [-F configdir]", + "usage: %s [-v] [-d debuglevel] [-f configfile] [-F configdir] [-o [=]]", progname ); switch( tool ) { case SLAPACL: options = "\n\t[-U authcID | -D authcDN] [-X authzID | -o authzDN=]" - "\n\t-b DN -o [=] [-u] [attr[/access][:value]] [...]\n"; + "\n\t-b DN [-u] [attr[/access][:value]] [...]\n"; break; case SLAPADD: @@ -95,19 +103,17 @@ usage( int tool, const char *progname ) } static int -parse_slapacl( void ) +parse_slapopt( void ) { - size_t len; + size_t len = 0; char *p; p = strchr( optarg, '=' ); - if ( p == NULL ) { - return -1; + if ( p != NULL ) { + len = p - optarg; + p++; } - len = p - optarg; - p++; - if ( strncasecmp( optarg, "sockurl", len ) == 0 ) { if ( !BER_BVISNULL( &listener_url ) ) { ber_memfree( listener_url.bv_val ); @@ -159,6 +165,28 @@ parse_slapacl( void ) } else if ( strncasecmp( optarg, "authzDN", len ) == 0 ) { ber_str2bv( p, 0, 1, &authzDN ); +#ifdef LDAP_SYSLOG + } else if ( strncasecmp( optarg, "syslog", len ) == 0 ) { + if ( parse_debug_level( p, &ldap_syslog, &syslog_unknowns ) ) { + return -1; + } + start_syslog = 1; + + } else if ( strncasecmp( optarg, "syslog-level", len ) == 0 ) { + if ( parse_syslog_level( p, &ldap_syslog_level ) ) { + return -1; + } + start_syslog = 1; + +#ifdef LOG_LOCAL4 + } else if ( strncasecmp( optarg, "syslog-user", len ) == 0 ) { + if ( parse_syslog_user( p, &syslogUser ) ) { + return -1; + } + start_syslog = 1; +#endif /* LOG_LOCAL4 */ +#endif /* LDAP_SYSLOG */ + } else { return -1; } @@ -200,6 +228,7 @@ slap_tool_init( * messages show up; use -d 0 to reset */ slap_debug = LDAP_DEBUG_NONE; #endif + ldap_syslog = 0; #ifdef CSRIMALLOC leakfilename = malloc( strlen( progname ) + STRLENOF( ".leak" ) + 1 ); @@ -212,31 +241,31 @@ slap_tool_init( switch( tool ) { case SLAPADD: - options = "b:cd:f:F:gl:n:qstuvw"; + options = "b:cd:f:F:gl:n:o:qstuvw"; break; case SLAPCAT: - options = "a:b:cd:f:F:gl:n:s:v"; + options = "a:b:cd:f:F:gl:n:o:s:v"; mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; break; case SLAPDN: - options = "d:f:F:NPv"; + options = "d:f:F:No:Pv"; mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; break; case SLAPTEST: - options = "d:f:F:uv"; + options = "d:f:F:o:uv"; mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; break; case SLAPAUTH: - options = "d:f:F:M:R:U:vX:"; + options = "d:f:F:M:o:R:U:vX:"; mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; break; case SLAPINDEX: - options = "b:cd:f:F:gn:qv"; + options = "b:cd:f:F:gn:o:qv"; mode |= SLAP_TOOL_READMAIN; break; @@ -324,7 +353,7 @@ slap_tool_init( break; case 'o': - if ( parse_slapacl() ) { + if ( parse_slapopt() ) { usage( tool, progname ); } break; @@ -382,6 +411,27 @@ slap_tool_init( } } +#ifdef LDAP_SYSLOG + if ( start_syslog ) { + char *logName; +#ifdef HAVE_EBCDIC + logName = ch_strdup( progname ); + __atoe( logName ); +#else + logName = (char *)progname; +#endif + +#ifdef LOG_LOCAL4 + openlog( logName, OPENLOG_OPTIONS, syslogUser ); +#elif LOG_DEBUG + openlog( logName, OPENLOG_OPTIONS ); +#endif +#ifdef HAVE_EBCDIC + free( logName ); +#endif + } +#endif /* LDAP_SYSLOG */ + switch ( tool ) { case SLAPADD: case SLAPCAT: @@ -424,8 +474,6 @@ slap_tool_init( break; } - ldap_syslog = 0; - if ( ldiffile == NULL ) { dummy.fp = tool == SLAPCAT ? stdout : stdin; ldiffp = &dummy; @@ -463,6 +511,14 @@ slap_tool_init( exit( EXIT_FAILURE ); } + if ( syslog_unknowns ) { + rc = parse_debug_unknowns( syslog_unknowns, &ldap_syslog ); + ldap_charray_free( syslog_unknowns ); + syslog_unknowns = NULL; + if ( rc ) + exit( EXIT_FAILURE ); + } + at_oc_cache = 1; switch ( tool ) {