================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP. My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
================
If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file. The programs
exit if the file cannot be read.
[Complete contents of file is used as password. Use:
echo -n "secret" > password
to create a file with "secret" as the password. The -n avoids
adding a newline (which would invalidate the password). Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]
I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords. [I fixed up ldapwhoami.]
Rerun autoconf after applying this patch. [Done.]
Note: I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt. (fstat() is used to warn if the file is publicly
readable or writeable.) [I used fstat() to set the buffer size to
read.]
[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
Version: head
OS: SuSE Linux 7.3
URL: ftp://ftp.openldap.org/incoming/norbert.klasen.rejects.20020605.patch
Submission from: (NULL) (62.104.216.66)
This patch adds an '-S' option to ldapmodify. If a filename is specified with
this option, records which could not successfully be added/modified/deleted from
the LDAP server will be written to the specified file. Most useful in
conjunction with '-c' option.
Adapted .Sahalayev@pgr.salford.ac.uk's submission.
Needs to be extended to support comma separated list of options
for other controls and such.
---
Copyright 2002, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.
Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
submitted by Jeff Costlow <j.costlow@f5.com> (ITS#1560).
Portions:
Copyright 2002, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
Add no-op control (needs backend implementation)
Updated modify password extended option API
Kludged control infrastructure to support frontend only controls
using best available mechanism. (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
Also, as written, the code will behave better in the face of unsolicited
noticifications (such as notice of disconnect). However, code needs to
be improved to better distinguished such from expected result response.
Delete improvements are limited to base object delete. Should be applied
to -p[rune] option as well.
-R now ignored
-C added to chase. No rebind proc yet, no checking of appropriate authentication.
complain if non-critical TLS was not started.
Fail if requested version is not supported.
ldapdelete:
deletechildren modified to use ldap_search_ext_s()
fixed deletechildren dn memory leak
ldapsearch:
modified to use ldap_search_ext()
references, extended results, and extended partial results. LDIF
extended to support these new features and reported version 2.
-L now limits output to LDIFv1 for compatibility reasons. No
-L is now LDIFv2. Old alternative form is no longer supported.
Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp
Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded
file://tmp/
an internal flag set. Used for SEQUENCE testing. Flag must
be set using debugger. Modified ber_printf to use new format
were needed for extensibility testing.
Added first cut -lldap support for extended responses.
Modified ldapsearch(1) to handle v3 search references when not
chasing. Also added extended/unsolicited notification handling
and extended partial response handling. Changes include a
number of LDIF enhancements.
Fixed getpassphrase() returns NULL bugs
macros into our namespace and limit use to headers. A subsequent
round will add macros to separately handle forward declarations
of variables from declaration of function prototypes. The last
round will add additional macros for declaring actual variables and
functions.
If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
