Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only. Needs to be ported to back-bdb.
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
and back-ldbm are preserved, they only use the up-cased DNs. back-passwd
uses the mixed-case DN. All others are using mixed-case DN, may need more
fixing.
Includes support for update referral for each replicated backend.
Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world. Still testing in LDAPv3 world.
Added default referral (test009) test.
of a bind request and, upon failure, are left "anonymous."
Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.
Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls. Adds ACL_AUTH "auth" access level (above none,
below "compare"). bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName". This allows administrators to restrict
which entries can be bound to. (This will likely become default behavior
after testing has completed).
specific which methods may be used. This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.
Likely broke things for non-posix threadings....
Update -lldap_r implementation to:
remove attribute support
hide thread detachment
provide concurrency accessors
provide initialization function
fix gethostby{addr,name}_r codes (not coverred by HAVE_REENTRANT_FUNCTIONS)
Update servers/libraries to use ldap_pvt_thread_ calls.
Cleanup server codes (no #ifdef HAVE_PTHREAD_THIS or _THATs)!
Removed -llthread
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
for use in slapd_conn. Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
Remove MD5 and SHA1 options (both are now always on). Rename
functions to be lutil_ instead of ldap_.
Create --enable-cleartext option. Default is currently 'on'.
