mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-04-06 15:00:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update slap_conn to maintain client provided dn and bound dn.

Browse Source 
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
	for use in slapd_conn.  Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
This commit is contained in:
Kurt Zeilenga 1999-01-19 05:10:50 +00:00
parent ef4ddc5ad7
commit e2a15115b0
34 changed files with 403 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
clients/tools/ldapdelete.c
View File

@ -170,7 +170,8 @@ static int dodelete(
int rc;
if ( verbose ) {
printf( "%sdeleting entry %s\n", not ? "!" : "", dn );
printf( "%sdeleting entry \"%s\"\n",
(not ? "!" : ""), dn );
}
if ( not ) {
rc = LDAP_SUCCESS;
@ -178,7 +179,7 @@ static int dodelete(
if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete" );
} else if ( verbose ) {
printf( "entry removed\n" );
printf( "\tremoved\n" );
}
}

12
include/ldapconfig.h.edit
View File

@ -219,11 +219,15 @@ Please try again later.\r\n"
#define SLAPD_PIDEXT ".pid"
/* extension of the slapd args file */
#define SLAPD_ARGSEXT ".args"
/* dn of the special "monitor" entry */
#define SLAPD_MONITOR_DN "cn=monitor"
/* dn of the special "config" entry */
#define SLAPD_CONFIG_DN "cn=config"
/* minimum max ids that a single index entry can map to in ldbm */
#define SLAPD_LDBM_MIN_MAXIDS 4000
/* the following DNs must be normalized and in uppercase! */
/* dn of the special "monitor" entry */
#define SLAPD_MONITOR_DN "CN=MONITOR"
/* dn of the special "config" entry */
#define SLAPD_CONFIG_DN "CN=CONFIG"
/* dn of the special "schema" entry */
/* #define SLAPD_SCHEMA_DN "CN=SCHEMA" */
#endif /* _LDAP_CONFIG_H */

56
servers/slapd/acl.c
View File

@ -16,7 +16,7 @@ static void string_expand(char *newbuf, int bufsiz, char *pattern,
/*
* access_allowed - check whether dn is allowed the requested access
* access_allowed - check whether op->o_ndn is allowed the requested access
* to entry e, attribute attr, value val. if val is null, access to
* the whole attribute is assumed (all values). this routine finds
* the applicable acl and calls acl_access_allowed() to make the
@ -34,7 +34,6 @@ access_allowed(
Entry *e,
char *attr,
struct berval *val,
char *dn,
int access
)
{
@ -50,7 +49,8 @@ access_allowed(
return( 0 );
}
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
edn = e->e_ndn;
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
@ -62,13 +62,12 @@ access_allowed(
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
a = acl_get_applicable( be, op, e, attr, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
@ -85,7 +84,6 @@ access_allowed(
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
@ -105,24 +103,26 @@ acl_get_applicable(
Operation *op,
Entry *e,
char *attr,
char *edn,
int nmatch,
regmatch_t *matches
)
{
int i, j;
struct acl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_get: no acl applicable to database root\n", 0, 0,
0 );
return( NULL );
}
edn = e->e_ndn;
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
@ -230,9 +230,9 @@ acl_access_allowed(
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
op->o_dn ? op->o_dn : "" );
op->o_ndn ? op->o_ndn : "" );
if ( be_isroot( be, op->o_dn ) ) {
if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
@ -248,12 +248,13 @@ acl_access_allowed(
return( default_access >= access );
}
odn = NULL;
if ( op->o_dn != NULL ) {
odn = dn_normalize_case( ch_strdup( op->o_dn ) );
odn = op->o_ndn;
if ( odn != NULL ) {
bv.bv_val = odn;
bv.bv_len = strlen( odn );
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
@ -264,15 +265,14 @@ acl_access_allowed(
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
op->o_ndn != NULL && *(op->o_ndn) && e->e_dn != NULL )
{
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
if ( strcasecmp( edn, op->o_ndn ) == 0 ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
@ -282,7 +282,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@ -294,7 +293,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@ -308,11 +306,10 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
if ( b->a_dnattr != NULL && op->o_ndn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
@ -325,7 +322,6 @@ acl_access_allowed(
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
@ -341,7 +337,6 @@ acl_access_allowed(
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
@ -350,8 +345,8 @@ acl_access_allowed(
return( (b->a_access & ~ACL_SELF) >= access );
}
#ifdef SLAPD_ACLGROUPS
if ( b->a_group != NULL && op->o_dn != NULL ) {
char buf[512];
if ( b->a_group != NULL && op->o_ndn != NULL ) {
char buf[1024];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
@ -359,6 +354,7 @@ acl_access_allowed(
*/
/* see if asker is listed in dnattr */
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
(void) dn_normalize_case(buf);
if (be_group(be, e, buf, odn,
b->a_objectclassvalue, b->a_groupattrname) == 0)
@ -366,14 +362,12 @@ acl_access_allowed(
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif /* SLAPD_ACLGROUPS */
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
@ -400,9 +394,7 @@ acl_check_modlist(
{
int i;
struct acl *a;
char *edn;
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
char *edn = e->e_ndn;
for ( ; mlist != NULL; mlist = mlist->ml_next ) {
regmatch_t matches[MAXREMATCHES];
@ -418,7 +410,7 @@ acl_check_modlist(
continue;
}
a = acl_get_applicable( be, op, e, mlist->ml_type, edn,
a = acl_get_applicable( be, op, e, mlist->ml_type,
MAXREMATCHES, matches );
switch ( mlist->ml_op & ~LDAP_MOD_BVALUES ) {
@ -431,7 +423,6 @@ acl_check_modlist(
if ( ! acl_access_allowed( a, be, conn, e, mlist->ml_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -442,7 +433,6 @@ acl_check_modlist(
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
@ -451,7 +441,6 @@ acl_check_modlist(
if ( ! acl_access_allowed( a, be, conn, e, mlist->ml_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -459,7 +448,6 @@ acl_check_modlist(
}
}
free(edn);
return( LDAP_SUCCESS );
}

8
servers/slapd/add.c
View File

@ -117,11 +117,11 @@ do_add( Connection *conn, Operation *op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
global_lastmod == ON)) && be->be_updatedn == NULL ) {
global_lastmod == ON)) && be->be_update_ndn == NULL ) {
add_created_attrs( op, e );
}

6
servers/slapd/back-ldbm/add.c
View File

@ -86,8 +86,8 @@ ldbm_back_add(
free( matched );
}
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -103,7 +103,7 @@ ldbm_back_add(
} else {
/* no parent, must be adding entry to root */
if ( ! be_isroot( be, op->o_dn ) ) {
if ( ! be_isroot( be, op->o_ndn ) ) {
pthread_mutex_unlock(&li->li_add_mutex);
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n", 0,
0, 0 );

15
servers/slapd/back-ldbm/bind.c
View File

@ -64,7 +64,8 @@ ldbm_back_bind(
Operation *op,
char *dn,
int method,
struct berval *cred
struct berval *cred,
char** edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@ -79,6 +80,8 @@ ldbm_back_bind(
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
*edn = NULL;
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
@ -91,6 +94,7 @@ ldbm_back_bind(
rc = 1;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
} else {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
@ -102,6 +106,8 @@ ldbm_back_bind(
return( rc );
}
*edn = ch_strdup( e->e_dn );
/* check for deleted */
switch ( method ) {
@ -114,6 +120,7 @@ ldbm_back_bind(
goto return_results;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@ -121,6 +128,7 @@ ldbm_back_bind(
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@ -130,14 +138,11 @@ ldbm_back_bind(
goto return_results;
}
#ifdef SLAPD_CRYPT
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
#else
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
#endif
{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}

5
servers/slapd/back-ldbm/compare.c
View File

@ -35,8 +35,9 @@ ldbm_back_compare(
}
/* check for deleted */
if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
op->o_dn, ACL_COMPARE ) ) {
if ( ! access_allowed( be, conn, op, e,
ava->ava_type, &ava->ava_value, ACL_COMPARE ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
rc = 1;
goto return_results;

11
servers/slapd/back-ldbm/delete.c
View File

@ -54,8 +54,9 @@ ldbm_back_delete(
}
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_WRITE ) ) {
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: insufficient access %s\n",
dn, 0, 0);
@ -80,8 +81,8 @@ ldbm_back_delete(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -93,7 +94,7 @@ ldbm_back_delete(
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, op->o_dn ) ) {
if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,

80
servers/slapd/back-ldbm/group.c
View File

@ -13,67 +13,68 @@
#ifdef SLAPD_ACLGROUPS
/* return 0 IFF edn is a value in member attribute
* of entry with bdn AND that entry has an objectClass
/* return 0 IFF op_dn is a value in member attribute
* of entry with gr_dn AND that entry has an objectClass
* value of groupOfNames
*/
int
ldbm_back_group(
Backend *be,
Backend *be,
Entry *target,
char *bdn,
char *edn,
char *objectclassValue,
char *groupattrName
char *gr_ndn,
char *op_ndn,
char *objectclassValue,
char *groupattrName
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
char *tdn, *xdn;
char *matched;
Attribute *objectClass;
Attribute *member;
int rc;
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: objectClass: %s attrName: %s\n",
objectclassValue, groupattrName, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: gr dn: \"%s\"\n",
gr_ndn, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: op dn: \"%s\"\n",
op_ndn, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: objectClass: \"%s\" attrName: \"%s\"\n",
objectclassValue, groupattrName, 0 );
tdn = dn_normalize_case( ch_strdup( target->e_dn ) );
xdn = dn_normalize_case( ch_strdup( bdn ) );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: tdn: %s\n", tdn, 0, 0 );
if (strcmp(tdn, xdn) == 0) {
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: tr dn: \"%s\"\n",
target->e_ndn, 0, 0 );
if (strcmp(target->e_ndn, gr_ndn) == 0) {
/* we already have a LOCKED copy of the entry */
e = target;
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: target is bdn: %s\n",
bdn, 0, 0 );
"=> ldbm_back_group: target is group: \"%s\"\n",
gr_ndn, 0, 0 );
} else {
/* can we find bdn entry with reader lock */
if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
/* can we find group entry with reader lock */
if ((e = dn2entry_r(be, gr_ndn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: cannot find bdn: %s matched: %s\n",
bdn, (matched ? matched : ""), 0 );
"=> ldbm_back_group: cannot find group: \"%s\" matched: \"%s\"\n",
gr_ndn, (matched ? matched : ""), 0 );
if (matched != NULL)
free(matched);
free(tdn);
free(xdn);
return( 1 );
}
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: found bdn: %s\n",
bdn, 0, 0 );
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: found group: \"%s\"\n",
gr_ndn, 0, 0 );
}
free(tdn);
free(xdn);
/* check for deleted */
/* find it's objectClass and member attribute values
* make sure this is a group entry
* finally test if we can find edn in the member attribute value list *
* finally test if we can find op_dn in the member attribute value list *
*/
rc = 1;
@ -92,8 +93,8 @@ ldbm_back_group(
bvObjectClass.bv_val = objectclassValue;
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
bvMembers.bv_val = edn;
bvMembers.bv_len = strlen( edn );
bvMembers.bv_val = op_ndn;
bvMembers.bv_len = strlen( op_ndn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE,
@ -101,12 +102,14 @@ ldbm_back_group(
objectclassValue, 0, 0 );
}
else if (value_find(member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: %s\n",
edn, bdn, groupattrName );
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
}
else {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: %s\n",
edn, bdn, groupattrName );
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" is in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
rc = 0;
}
}
@ -115,8 +118,9 @@ ldbm_back_group(
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
}
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
}
#endif /* SLAPD_ACLGROUPS */

6
servers/slapd/back-ldbm/modify.c
View File

@ -55,15 +55,15 @@ ldbm_back_modify(
switch ( mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
err = add_values( e, mod, op->o_dn );
err = add_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_DELETE:
err = delete_values( e, mod, op->o_dn );
err = delete_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_REPLACE:
err = replace_values( e, mod, op->o_dn );
err = replace_values( e, mod, op->o_ndn );
break;
}

10
servers/slapd/back-ldbm/modrdn.c
View File

@ -40,8 +40,8 @@ ldbm_back_modrdn(
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, e, "entry", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
@ -63,8 +63,8 @@ ldbm_back_modrdn(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -96,7 +96,7 @@ ldbm_back_modrdn(
}
} else {
/* no parent, modrdn entry directly under root */
if( ! be_isroot( be, op->o_dn ) ) {
if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,

20
servers/slapd/back-ldbm/search.c
View File

@ -57,14 +57,14 @@ ldbm_back_search(
Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) {
if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
tlimit = -1; /* allow root to set no limit */
} else {
tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
be->be_timelimit : tlimit;
stoptime = op->o_time + tlimit;
}
if ( slimit == 0 && be_isroot( be, op->o_dn ) ) {
if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
slimit = -1; /* allow root to set no limit */
} else {
slimit = (slimit > be->be_sizelimit || slimit < 1) ?
@ -85,7 +85,7 @@ ldbm_back_search(
realBase = ch_strdup(base);
}
(void) dn_normalize (realBase);
(void) dn_normalize_case( realBase );
Debug( LDAP_DEBUG_TRACE, "using base \"%s\"\n",
realBase, 0, 0 );
@ -181,10 +181,10 @@ ldbm_back_search(
* this for subtree searches, and don't check the filter explicitly
* here since it's only a candidate anyway.
*/
if ( e->e_dn != NULL &&
strncasecmp( e->e_dn, "ref=", 4 ) == 0 &&
(ref = attr_find( e->e_attrs, "ref" )) != NULL &&
scope == LDAP_SCOPE_SUBTREE )
if ( scope == LDAP_SCOPE_SUBTREE &&
e->e_ndn != NULL &&
strncmp( e->e_ndn, "REF=", 4 ) == 0 &&
(ref = attr_find( e->e_attrs, "ref" )) != NULL )
{
int i, len;
@ -215,8 +215,10 @@ ldbm_back_search(
scopeok = 1;
if ( scope == LDAP_SCOPE_ONELEVEL ) {
if ( (dn = dn_parent( be, e->e_dn )) != NULL ) {
(void) dn_normalize( dn );
scopeok = (dn == realBase) ? 1 : (! strcasecmp( dn, realBase ));
(void) dn_normalize_case( dn );
scopeok = (dn == realBase)
? 1
: (strcmp( dn, realBase ) ? 0 : 1 );
free( dn );
} else {
scopeok = (realBase == NULL || *realBase == '\0');

5
servers/slapd/back-perl/bind.c
View File

@ -34,7 +34,8 @@ perl_back_bind(
Operation *op,
char *dn,
int method,
struct berval *cred
struct berval *cred,
char** edn
)
{
int return_code;
@ -42,6 +43,8 @@ perl_back_bind(
PerlBackend *perl_back = (PerlBackend *) be->be_private;
*edn = NULL;
pthread_mutex_lock( &perl_interpreter_mutex );
{

5
servers/slapd/back-shell/bind.c
View File

@ -17,13 +17,16 @@ shell_back_bind(
Operation *op,
char *dn,
int method,
struct berval *cred
struct berval *cred,
char **edn
)
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
FILE *rfp, *wfp;
int rc;
*edn = NULL;
if ( si->si_bind == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"bind not implemented" );

43
servers/slapd/backend.c
View File

@ -223,28 +223,37 @@ be_issuffix(
}
int
be_isroot( Backend *be, char *dn )
be_isroot( Backend *be, char *ndn )
{
int rc;
char *ndn;
if ( dn == NULL || be->be_rootdn == NULL ) {
if ( ndn == NULL || be->be_root_ndn == NULL ) {
return( 0 );
}
ndn = dn_normalize_case( ch_strdup( dn ) );
rc = strcmp( be->be_rootdn, ndn ) ? 0 : 1;
rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1;
free(ndn);
return(rc);
}
char *
be_root_dn( Backend *be )
{
int rc;
if ( be->be_root_dn == NULL ) {
return( "" );
}
return be->be_root_dn;
}
int
be_isroot_pw( Backend *be, char *dn, struct berval *cred )
be_isroot_pw( Backend *be, char *ndn, struct berval *cred )
{
int result;
if ( ! be_isroot( be, dn ) ) {
if ( ! be_isroot( be, ndn ) ) {
return( 0 );
}
@ -252,7 +261,7 @@ be_isroot_pw( Backend *be, char *dn, struct berval *cred )
pthread_mutex_lock( &crypt_mutex );
#endif
result = lutil_passwd( cred->bv_val, be->be_rootpw );
result = lutil_passwd( cred->bv_val, be->be_root_pw );
#ifdef SLAPD_CRYPT
pthread_mutex_unlock( &crypt_mutex );
@ -293,17 +302,17 @@ be_unbind(
int
be_group(
Backend *be,
Entry *e,
char *bdn,
char *edn,
Entry *target,
char *gr_ndn,
char *op_ndn,
char *objectclassValue,
char *groupattrName
)
{
if (be->be_group)
return(be->be_group(be, e, bdn, edn,
objectclassValue, groupattrName));
else
return(1);
if (be->be_group)
return( be->be_group(be, target, gr_ndn, op_ndn,
objectclassValue, groupattrName) );
else
return(1);
}
#endif

85
servers/slapd/bind.c
View File

@ -29,8 +29,8 @@ do_bind(
{
BerElement *ber = op->o_ber;
int version, method, len;
char *cdn, *ndn;
unsigned long rc;
char *dn;
struct berval cred;
Backend *be;
@ -65,14 +65,15 @@ do_bind(
if ( ber_peek_tag( &tber, &tlen ) == LBER_SEQUENCE ) {
Debug( LDAP_DEBUG_ANY, "version 3.0 detected\n", 0, 0, 0 );
conn->c_version = 30;
rc = ber_scanf(ber, "{{iato}}", &version, &dn, &method, &cred);
rc = ber_scanf(ber, "{{iato}}", &version, &cdn, &method, &cred);
} else {
rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
}
}
#else
rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
#endif
if ( rc == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
@ -96,14 +97,21 @@ do_bind(
}
}
#endif /* compat30 */
dn_normalize( dn );
Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
version, cdn, method );
ndn = dn_normalize_case( ch_strdup( cdn ) );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d BIND dn=\"%s\" method=%d\n",
conn->c_connid, op->o_opid, dn, method, 0 );
conn->c_connid, op->o_opid, ndn, method, 0 );
if ( version != LDAP_VERSION2 ) {
if ( dn != NULL ) {
free( dn );
if ( cdn != NULL ) {
free( cdn );
}
if ( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@ -115,13 +123,13 @@ do_bind(
return;
}
Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
version, dn, method );
/* accept null binds */
if ( dn == NULL || *dn == '\0' ) {
if ( dn != NULL ) {
free( dn );
if ( ndn == NULL || *ndn == '\0' ) {
if ( cdn != NULL ) {
free( cdn );
}
if ( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@ -137,8 +145,9 @@ do_bind(
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
if ( (be = select_backend( ndn )) == NULL ) {
free( cdn );
free( ndn );
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}
@ -155,27 +164,57 @@ do_bind(
return;
}
/* alias suffix */
dn = suffixAlias ( dn, op, be );
if ( be->be_bind != NULL ) {
if ( (*be->be_bind)( be, conn, op, dn, method, &cred ) == 0 ) {
/* alias suffix */
char *edn;
ndn = suffixAlias( ndn, op, be );
dn_normalize_case( ndn );
if ( (*be->be_bind)( be, conn, op, ndn, method, &cred, &edn ) == 0 ) {
pthread_mutex_lock( &conn->c_dnmutex );
if ( conn->c_dn != NULL ) {
if ( conn->c_cdn != NULL ) {
free( conn->c_cdn );
}
conn->c_cdn = cdn;
cdn = NULL;
if ( conn->c_cdn != NULL ) {
free( conn->c_dn );
}
conn->c_dn = ch_strdup( dn );
if(edn != NULL) {
conn->c_dn = edn;
} else {
conn->c_dn = ndn;
ndn = NULL;
}
Debug( LDAP_DEBUG_TRACE, "do_bind: bound \"%s\" to \"%s\"\n",
conn->c_cdn, conn->c_dn, method );
pthread_mutex_unlock( &conn->c_dnmutex );
/* send this here to avoid a race condition */
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
} else if (edn != NULL) {
free( edn );
}
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
free( dn );
if( cdn != NULL ) {
free( cdn );
}
if( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}

23
servers/slapd/compare.c
View File

@ -24,7 +24,7 @@ do_compare(
Operation *op
)
{
char *dn;
char *ndn;
Ava ava;
int rc;
Backend *be;
@ -43,28 +43,29 @@ do_compare(
* }
*/
if ( ber_scanf( op->o_ber, "{a{ao}}", &dn, &ava.ava_type,
if ( ber_scanf( op->o_ber, "{a{ao}}", &ndn, &ava.ava_type,
&ava.ava_value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
dn, ava.ava_type, ava.ava_value.bv_val );
ndn, ava.ava_type, ava.ava_value.bv_val );
ndn = dn_normalize( ndn );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d CMP dn=\"%s\" attr=\"%s\"\n",
conn->c_connid, op->o_opid, dn, ava.ava_type, 0 );
conn->c_connid, op->o_opid, ndn, ava.ava_type, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
ava_free( &ava, 0 );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@ -72,13 +73,17 @@ do_compare(
return;
}
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
dn_normalize_case( ndn );
if ( be->be_compare != NULL ) {
(*be->be_compare)( be, conn, op, dn, &ava );
(*be->be_compare)( be, conn, op, ndn, &ava );
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
free( dn );
free( ndn );
ava_free( &ava, 0 );
}

9
servers/slapd/config.c
View File

@ -194,7 +194,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
be->be_rootdn = dn_normalize_case( ch_strdup( cargv[1] ) );
be->be_root_dn = ch_strdup( cargv[1] );
be->be_root_ndn = dn_normalize_case( ch_strdup( cargv[1] ) );
}
/* set super-secret magic database password */
@ -210,7 +211,7 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
be->be_rootpw = ch_strdup( cargv[1] );
be->be_root_pw = ch_strdup( cargv[1] );
}
/* make this database read-only */
@ -350,8 +351,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
be->be_updatedn = ch_strdup( cargv[1] );
(void) dn_normalize( be->be_updatedn );
be->be_update_ndn = ch_strdup( cargv[1] );
(void) dn_normalize_case( be->be_update_ndn );
}
/* replication log file to which changes are appended */

5
servers/slapd/daemon.c
View File

@ -87,6 +87,7 @@ slapd_daemon(
for ( i = 0; i < dtblsize; i++ ) {
c[i].c_dn = NULL;
c[i].c_cdn = NULL;
c[i].c_addr = NULL;
c[i].c_domain = NULL;
c[i].c_ops = NULL;
@ -344,6 +345,10 @@ slapd_daemon(
free( c[ns].c_dn );
c[ns].c_dn = NULL;
}
if ( c[ns].c_cdn != NULL ) {
free( c[ns].c_cdn );
c[ns].c_cdn = NULL;
}
pthread_mutex_unlock( &c[ns].c_dnmutex );
c[ns].c_starttime = currenttime;
c[ns].c_opsinitiated = 0;

36
servers/slapd/delete.c
View File

@ -25,7 +25,7 @@ do_delete(
Operation *op
)
{
char *dn, *odn;
char *ndn;
Backend *be;
Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@ -36,46 +36,47 @@ do_delete(
* DelRequest := DistinguishedName
*/
if ( ber_scanf( op->o_ber, "a", &dn ) == LBER_ERROR ) {
if ( ber_scanf( op->o_ber, "a", &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", dn, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", ndn, 0, 0 );
Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", dn, 0, 0 );
dn_normalize_case( ndn );
Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
dn = suffixAlias ( dn, op, be );
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
dn_normalize_case( ndn );
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_delete != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (*be->be_delete)( be, conn, op, dn ) == 0 ) {
replog( be, LDAP_REQ_DELETE, odn, NULL, 0 );
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (*be->be_delete)( be, conn, op, ndn ) == 0 ) {
replog( be, LDAP_REQ_DELETE, ndn, NULL, 0 );
}
} else {
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@ -86,6 +87,5 @@ do_delete(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
}

20
servers/slapd/filterentry.c
View File

@ -110,8 +110,9 @@ test_ava_filter(
int i, rc;
Attribute *a;
if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
&ava->ava_value, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
ava->ava_type, &ava->ava_value, ACL_SEARCH ) )
{
return( -2 );
}
@ -159,8 +160,9 @@ test_presence_filter(
char *type
)
{
if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL,
op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
type, NULL, ACL_SEARCH ) )
{
return( -2 );
}
@ -180,8 +182,9 @@ test_approx_filter(
int i, rc, match;
Attribute *a;
if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
NULL, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
ava->ava_type, NULL, ACL_SEARCH ) )
{
return( -2 );
}
@ -316,8 +319,9 @@ test_substring_filter(
Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
if ( be != NULL && ! access_allowed( be, conn, op, e, f->f_sub_type,
NULL, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
f->f_sub_type, NULL, ACL_SEARCH ) )
{
return( -2 );
}

1
servers/slapd/main.c
View File

@ -227,6 +227,7 @@ main( int argc, char **argv )
struct hostent *hp;
c.c_dn = NULL;
c.c_cdn = NULL;
c.c_ops = NULL;
c.c_sb.sb_sd = 0;
c.c_sb.sb_options = 0;

48
servers/slapd/modify.c
View File

@ -30,7 +30,7 @@ do_modify(
Operation *op
)
{
char *dn, *odn;
char *ndn;
char *last;
unsigned long tag, len;
LDAPModList *modlist, *tmp;
@ -58,15 +58,15 @@ do_modify(
* }
*/
if ( ber_scanf( op->o_ber, "{a" /*}*/, &dn ) == LBER_ERROR ) {
if ( ber_scanf( op->o_ber, "{a" /*}*/, &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", ndn, 0, 0 );
(void) dn_normalize_case( ndn );
/* collect modifications & save for later */
modlist = NULL;
@ -84,8 +84,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"decoding error" );
free( dn );
free( odn );
free( ndn );
free( *modtail );
*modtail = NULL;
modlist_free( modlist );
@ -98,8 +97,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"unrecognized modify operation" );
free( dn );
free( odn );
free( ndn );
modlist_free( modlist );
return;
}
@ -109,8 +107,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"no values given" );
free( dn );
free( odn );
free( ndn );
modlist_free( modlist );
return;
}
@ -131,42 +128,42 @@ do_modify(
#endif
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MOD dn=\"%s\"\n",
conn->c_connid, op->o_opid, dn, 0, 0 );
conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
modlist_free( modlist );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
dn = suffixAlias ( dn, op, be );
/* alias suffix if approp */
ndn = suffixAlias ( ndn, op, be );
(void) dn_normalize_case( ndn );
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modify != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED &&
global_lastmod == ON ) ) && be->be_updatedn == NULL ) {
global_lastmod == ON ) ) && be->be_update_ndn == NULL ) {
add_lastmods( op, &modlist );
}
if ( (*be->be_modify)( be, conn, op, odn, modlist ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, dn, modlist, 0 );
if ( (*be->be_modify)( be, conn, op, ndn, modlist ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, ndn, modlist, 0 );
}
/* send a referral */
@ -179,8 +176,7 @@ do_modify(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
modlist_free( modlist );
}

35
servers/slapd/modrdn.c
View File

@ -25,7 +25,7 @@ do_modrdn(
Operation *op
)
{
char *dn, *odn, *newrdn;
char *ndn, *newrdn;
int deloldrdn;
Backend *be;
@ -40,21 +40,21 @@ do_modrdn(
* }
*/
if ( ber_scanf( op->o_ber, "{aab}", &dn, &newrdn, &deloldrdn )
if ( ber_scanf( op->o_ber, "{aab}", &ndn, &newrdn, &deloldrdn )
== LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS,
"do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", dn, newrdn,
"do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", ndn, newrdn,
deloldrdn );
dn_normalize_case( ndn );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MODRDN dn=\"%s\"\n",
conn->c_connid, op->o_opid, dn, 0, 0 );
conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
@ -62,28 +62,32 @@ do_modrdn(
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
free( newrdn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
dn_normalize_case( ndn );
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modrdn != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (*be->be_modrdn)( be, conn, op, dn, newrdn,
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (*be->be_modrdn)( be, conn, op, ndn, newrdn,
deloldrdn ) == 0 ) {
replog( be, LDAP_REQ_MODRDN, odn, newrdn,
replog( be, LDAP_REQ_MODRDN, ndn, newrdn,
deloldrdn );
}
} else {
@ -95,7 +99,6 @@ do_modrdn(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
free( newrdn );
}

2
servers/slapd/monitor.c
View File

@ -91,7 +91,7 @@ monitor_info( Connection *conn, Operation *op )
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %d : %d : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
c[i].c_dn ? c[i].c_dn : "NULLDN",
c[i].c_cdn ? c[i].c_cdn : "NULLDN",
c[i].c_gettingber ? "r" : "",
c[i].c_writewaiter ? "w" : "" );
pthread_mutex_unlock( &c[i].c_dnmutex );

6
servers/slapd/operation.c
View File

@ -18,6 +18,9 @@ slap_op_free( Operation *op )
if ( op->o_dn != NULL ) {
free( op->o_dn );
}
if ( op->o_ndn != NULL ) {
free( op->o_ndn );
}
/* pthread_mutex_destroy( &op->o_abandonmutex ); */
free( (char *) op );
}
@ -45,7 +48,10 @@ slap_op_add(
(*tmp)->o_msgid = msgid;
(*tmp)->o_tag = tag;
(*tmp)->o_abandon = 0;
(*tmp)->o_dn = ch_strdup( dn != NULL ? dn : "" );
(*tmp)->o_ndn = dn_normalize_case( ch_strdup( (*tmp)->o_dn ) );
pthread_mutex_lock( &currenttime_mutex );
(*tmp)->o_time = currenttime;
pthread_mutex_unlock( &currenttime_mutex );

36
servers/slapd/proto-slap.h
View File

@ -7,11 +7,14 @@
* acl.c
*/
int access_allowed LDAP_P(( Backend *be, Connection *conn, Operation *op, Entry *e,
char *attr, struct berval *val, char *dn, int access ));
int access_allowed LDAP_P(( Backend *be, Connection *conn,
Operation *op, Entry *e,
char *attr, struct berval *val, int access ));
struct acl * acl_get_applicable LDAP_P(( Backend *be,
Operation *op, Entry *e,
char *attr, int nmatches, regmatch_t *matches ));
struct acl * acl_get_applicable LDAP_P(( Backend *be, Operation *op, Entry *e,
char *attr, char *edn, int nmatches, regmatch_t *matches ));
int acl_access_allowed LDAP_P(( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access, char *edn,
regmatch_t *matches ));
@ -58,8 +61,9 @@ void ava_free LDAP_P(( Ava *ava, int freeit ));
Backend * new_backend LDAP_P(( char *type ));
Backend * select_backend LDAP_P(( char * dn ));
int be_issuffix LDAP_P(( Backend *be, char *suffix ));
int be_isroot LDAP_P(( Backend *be, char *dn ));
int be_isroot_pw LDAP_P(( Backend *be, char *dn, struct berval *cred ));
int be_isroot LDAP_P(( Backend *be, char *ndn ));
int be_isroot_pw LDAP_P(( Backend *be, char *ndn, struct berval *cred ));
char* be_root_dn LDAP_P(( Backend *be ));
void be_close LDAP_P(( void ));
/*
@ -261,8 +265,9 @@ extern struct acl *global_acl;
extern struct objclass *global_oc;
extern time_t currenttime;
extern int be_group LDAP_P((Backend *be, Entry *e,
char *bdn, char *edn, char *objectclassValue, char *groupattrName));
extern int be_group LDAP_P((Backend *be, Entry *target,
char *gr_ndn, char *op_ndn,
char *objectclassValue, char *groupattrName));
extern void init LDAP_P((void));
extern void be_unbind LDAP_P((Connection *conn, Operation *op));
extern void config_info LDAP_P((Connection *conn, Operation *op));
@ -289,7 +294,9 @@ extern time_t starttime;
#endif
#ifdef SLAPD_LDBM
extern int ldbm_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
extern int ldbm_back_bind LDAP_P((Backend *be,
Connection *c, Operation *o,
char *dn, int method, struct berval *cred, char** edn ));
extern void ldbm_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int ldbm_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int ldbm_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));
@ -302,7 +309,8 @@ extern void ldbm_back_config LDAP_P((Backend *be, char *fname, int lineno, int a
extern void ldbm_back_init LDAP_P((Backend *be));
extern void ldbm_back_close LDAP_P((Backend *be));
extern int ldbm_back_group LDAP_P((Backend *be, Entry *target,
char *bdn, char *edn, char *objectclassValue, char *groupattrName ));
char *gr_ndn, char *op_ndn,
char *objectclassValue, char *groupattrName ));
#endif
#ifdef SLAPD_PASSWD
@ -311,7 +319,9 @@ extern void passwd_back_config LDAP_P((Backend *be, char *fname, int lineno, int
#endif
#ifdef SLAPD_SHELL
extern int shell_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
extern int shell_back_bind LDAP_P((Backend *be,
Connection *c, Operation *o,
char *dn, int method, struct berval *cred, char** edn ));
extern void shell_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int shell_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int shell_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));
@ -325,7 +335,9 @@ extern void shell_back_init LDAP_P((Backend *be));
#endif
#ifdef SLAPD_PERL
extern int perl_back_bind LDAP_P(( Backend *be, Connection *conn, Operation *op, char *dn, int method, struct berval *crede ));
extern int perl_back_bind LDAP_P(( Backend *be,
Connection *conn, Operation *op,
char *dn, int method, struct berval *cred, char** edn ));
extern void perl_back_unbind LDAP_P(( Backend *be, Connection *conn, Operation *op ));
extern int perl_back_search LDAP_P(( Backend *be, Connection *conn, Operation *op, char *base, int scope, int deref, int sizelimit, int timelimit, Filter *filter, char *filterstr, char **attrs, int attrsonly ));
extern int perl_back_compare LDAP_P((Backend *be, Connection *conn, Operation *op, char *dn, Ava *ava ));

16
servers/slapd/result.c
View File

@ -193,14 +193,15 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_READ ) ) {
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
{
Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
0, 0, 0 );
return( 1 );
}
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
edn = e->e_ndn;
#ifdef LDAP_COMPAT30
if ( (ber = ber_alloc_t( conn->c_version == 30 ? 0 : LBER_USE_DER ))
@ -251,12 +252,12 @@ send_search_entry(
a->a_type, 0, 0 );
acl = NULL;
} else {
acl = acl_get_applicable( be, op, e, a->a_type, edn,
acl = acl_get_applicable( be, op, e, a->a_type,
MAXREMATCHES, matches );
}
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
edn, matches ) )
if ( ! acl_access_allowed( acl, be, conn, e,
NULL, op, ACL_READ, edn, matches ) )
{
continue;
}
@ -302,8 +303,6 @@ send_search_entry(
}
}
free(edn);
#ifdef LDAP_COMPAT30
if ( conn->c_version == 30 ) {
rc = ber_printf( ber, "}}}}" );
@ -382,7 +381,6 @@ send_search_entry(
return( rc );
error_return:;
free(edn);
return( 1 );
}

10
servers/slapd/search.c
View File

@ -73,7 +73,8 @@ do_search(
"Unknown search scope" );
goto return_results;
}
(void) dn_normalize( base );
(void) dn_normalize_case( base );
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit,
@ -108,19 +109,19 @@ do_search(
#if defined( SLAPD_MONITOR_DN ) || defined( SLAPD_CONFIG_DN ) || defined( SLAPD_SCHEMA_DN )
if ( scope == LDAP_SCOPE_BASE ) {
#if defined( SLAPD_MONITOR_DN )
if ( strcasecmp( base, SLAPD_MONITOR_DN ) == 0 ) {
if ( strcmp( base, SLAPD_MONITOR_DN ) == 0 ) {
monitor_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_CONFIG_DN )
if ( strcasecmp( base, SLAPD_CONFIG_DN ) == 0 ) {
if ( strcmp( base, SLAPD_CONFIG_DN ) == 0 ) {
config_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_SCHEMA_DN )
if ( strcasecmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
if ( strcmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
schema_info( conn, op );
goto return_results;
}
@ -142,6 +143,7 @@ do_search(
/* translate the base if it matches an aliased base part */
base = suffixAlias ( base, op, be );
(void) dn_normalize_case( base );
/* actually do the search and send the result(s) */
if ( be->be_search != NULL ) {

13
servers/slapd/slap.h
View File

@ -218,8 +218,9 @@ typedef struct backend Backend;
struct backend {
char **be_suffix; /* the DN suffixes of data in this backend */
char **be_suffixAlias; /* the DN suffix aliases of data in this backend */
char *be_rootdn; /* the magic "root" dn for this db */
char *be_rootpw; /* the magic "root" password for this db */
char *be_root_dn; /* the magic "root" dn for this db */
char *be_root_ndn; /* the magic "root" normalized dn for this db */
char *be_root_pw; /* the magic "root" password for this db */
int be_readonly; /* 1 => db is in "read only" mode */
int be_maxDerefDepth; /* limit for depth of an alias deref */
int be_sizelimit; /* size limit for this backend */
@ -228,7 +229,7 @@ struct backend {
int be_dfltaccess; /* access given if no acl matches */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_updatedn; /* allowed to make changes (in replicas) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
int be_lastmod; /* keep track of lastmodified{by,time} */
char *be_type; /* type of database */
@ -237,7 +238,7 @@ struct backend {
/* backend routines */
int (*be_bind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o,
char *dn, int method, struct berval *cred ));
char *dn, int method, struct berval *cred, char** edn ));
void (*be_unbind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o ));
int (*be_search) LDAP_P((Backend *be,
@ -285,6 +286,7 @@ typedef struct slap_op {
unsigned long o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
char *o_dn; /* dn bound when op was initiated */
char *o_ndn; /* normalized dn bound when op was initiated */
char *o_suffix; /* suffix if aliased */
char *o_suffixAliased; /* pending suffix translation */
int o_authtype; /* auth method used to bind dn */
@ -311,7 +313,8 @@ typedef struct slap_op {
typedef struct slap_conn {
Sockbuf c_sb; /* ber connection stuff */
char *c_dn; /* current DN bound to this conn */
char *c_cdn; /* DN provided by the client */
char *c_dn; /* DN bound to this conn */
pthread_mutex_t c_dnmutex; /* mutex for c_dn field */
int c_authtype; /* auth method used to bind c_dn */
#ifdef LDAP_COMPAT

24
tests/data/modify.out.master
View File

@ -7,7 +7,7 @@ cn: All Staff
joinable: FALSE
multilinedescription: Everyone in the sample data
objectclass: rfc822mailgroup
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US
member: cn=Manager, o=University of Michigan, c=US
@ -67,7 +67,7 @@ drink: water
lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -97,7 +97,7 @@ homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
telephonenumber: +1 313 555 0355
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
multilinedescription: The replaced multiLineDescription $ Blah Woof.
drink: Iced Tea
drink: Mad Dog 20/20
@ -125,7 +125,7 @@ multilinedescription: Very tall
facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, o=Universit
@ -150,7 +150,7 @@ facsimiletelephonenumber: +1 313 555 7557
telephonenumber: +1 313 555 8343
mail: gjensen@mailgw.umich.edu
homephone: +1 313 555 8844
creatorsname: cn=Manager,o=University of Michigan,c=US
creatorsname: cn=Manager, o=University of Michigan, c=US
dn: ou=Groups, o=University of Michigan, c=US
objectclass: top
@ -186,7 +186,7 @@ member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of
member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of
Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
igan, c=US
@ -214,7 +214,7 @@ pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
drink: Orange Juice
dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c
@ -238,7 +238,7 @@ onvacation: FALSE
drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -264,7 +264,7 @@ drink: Sam Adams
homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -290,7 +290,7 @@ homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104
title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -332,7 +332,7 @@ homephone: +1 313 555 0388
drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -384,7 +384,7 @@ krbname: jdoe@umich.edu
nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700

10
tests/data/search.out.master
View File

@ -27,7 +27,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -56,7 +56,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -132,7 +132,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -160,7 +160,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US
@ -310,7 +310,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
niversity of Michigan, c=US
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: ou=People, o=University of Michigan, c=US

22
tests/data/test-ordered.ldif
View File

@ -134,7 +134,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -163,7 +163,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -193,7 +193,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US
@ -213,7 +213,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -241,7 +241,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@ -268,7 +268,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@ -295,7 +295,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -322,7 +322,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -349,7 +349,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -392,7 +392,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700

22
tests/data/test.ldif
View File

@ -88,7 +88,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -117,7 +117,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -147,7 +147,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: ou=Groups, o=University of Michigan, c=US
@ -184,7 +184,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -212,7 +212,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@ -239,7 +239,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@ -266,7 +266,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -293,7 +293,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -320,7 +320,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -363,7 +363,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700