Commit Graph

9805 Commits

Author SHA1 Message Date
Pierangelo Masarati
2d948c7106 fix a couple of (too optimistic) comments... 2003-12-16 14:25:36 +00:00
Pierangelo Masarati
947f41832e more clarifications on dnstyle usage 2003-12-16 11:20:59 +00:00
Luke Howard
c8f62b12d3 Honour any controls that are sent by a SLAPI plugin 2003-12-16 11:17:54 +00:00
Pierangelo Masarati
8fa476a5c6 line up comments and code 2003-12-16 11:05:52 +00:00
Pierangelo Masarati
4e83a282d0 improve error handling for attr val ACL syntax 2003-12-16 10:56:21 +00:00
Kurt Zeilenga
925db26754 Formating 2003-12-16 06:52:52 +00:00
Luke Howard
0bcddbc908 Don't leak SLAPI_RESCONTROLS when free'ing parameter block - these
are allocated by the plugin
2003-12-16 05:59:50 +00:00
Kurt Zeilenga
a736f237f8 Deprecate +objectClass in favor of @objectClass per IETF discussions 2003-12-16 05:55:52 +00:00
Kurt Zeilenga
37465b1f3a Rework for overlay (should be checked by someone who knows this
stuff).
2003-12-16 03:59:24 +00:00
Kurt Zeilenga
5e77767be5 Requires --with-tls 2003-12-16 03:25:32 +00:00
Kurt Zeilenga
52c0adeb19 minor tweak and rebuild 2003-12-16 01:58:15 +00:00
Kurt Zeilenga
e3ffc1b165 Revert last commit 2003-12-16 01:55:56 +00:00
Pierangelo Masarati
e2483d8a9b honor '!' (objectClass negation) when checking attribute presence in list 2003-12-16 01:10:33 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Howard Chu
6e6bef8f56 Fix - need to initialize lutil_passwd. 2003-12-16 00:39:29 +00:00
Kurt Zeilenga
d9ad3bcc50 Rework last commit 2003-12-15 23:32:52 +00:00
Kurt Zeilenga
ba783f89bf Rev the API version number 2003-12-15 23:27:28 +00:00
Kurt Zeilenga
75b9f8acdc Make a few OPERATIONAL REQUIREMENT clarifications
Clean up formating
2003-12-15 18:41:23 +00:00
Pierangelo Masarati
bc972e0656 allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user 2003-12-15 18:19:14 +00:00
Pierangelo Masarati
7444352358 describe detailed access levels required for each operation 2003-12-15 17:55:55 +00:00
Kurt Zeilenga
eec0f83fd7 Fix typos 2003-12-14 21:00:52 +00:00
Pierangelo Masarati
3a5c53a8b1 typo 2003-12-14 15:36:46 +00:00
Pierangelo Masarati
b4629f1e79 fix previous commits 2003-12-14 14:08:15 +00:00
Pierangelo Masarati
588f1f6185 resolve naming conflicts when compiling rwm overlay as static (will disappear as soon as rwm stuff is removed from back-ldap/back-meta) 2003-12-14 11:13:25 +00:00
Kurt Zeilenga
9920e9fbf6 Add support for -DOPENLDAP_FD_SETSIZE=N for use on Linux.
Works on BSD as well (equiv. to -DFD_SETSIZE=N).
2003-12-14 06:46:30 +00:00
Kurt Zeilenga
d5936c1242 Remove LDAP_DEPRECATED dependency 2003-12-14 03:15:28 +00:00
Kurt Zeilenga
4d29df5bd1 Add LDAP_DEPRECATED macro
Need to remove use of deprecated functions.
2003-12-14 02:47:42 +00:00
Kurt Zeilenga
5b0236f4ae Add u: comment 2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31 Forward parse the uauthzid. A realm cannot be specified unless
a mechanism is specified.  (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7 saslAuthzTo/From stuff
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:

dn[.<style>]:<pattern>

<style> ::= 	exact		; exact match
		children	; children of <pattern> match
		subtree		; <pattern> or children of <pattern> match
		regex		; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed

u[.<mech>][/<realm>]:<user>

when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified.  <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Howard Chu
0d8613c274 Use c_authmech when c_sasl_bind_mech is empty 2003-12-13 22:43:01 +00:00
Howard Chu
e85cd1e154 Fix prev commit, use c_authtype 2003-12-13 22:16:03 +00:00
Howard Chu
d9aec4ef28 Always set c_authmech 2003-12-13 21:39:51 +00:00
Kurt Zeilenga
4bedf015f0 cleanup 2003-12-13 18:57:00 +00:00
Kurt Zeilenga
dbc37977f2 Look for the '@' in userid@realm in reverse so that a@b@c results
in userid of a@b and realm of c.
2003-12-13 17:25:59 +00:00
Pierangelo Masarati
6e5ddd6420 note a potential problem 2003-12-13 17:21:17 +00:00
Pierangelo Masarati
5a00f25542 conn must be non-null 2003-12-13 15:29:49 +00:00
Pierangelo Masarati
d6bc071dd9 add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact 2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf cleanup saslauthz code 2003-12-13 10:58:31 +00:00
Pierangelo Masarati
529a03df53 use dedicated admin identity to proxyAuthz 2003-12-13 10:57:42 +00:00
Pierangelo Masarati
9c5fe98a79 declare overlays_init() 2003-12-13 10:57:13 +00:00
Howard Chu
8a9d026097 Fix URI to work with either back-ldap or back-meta 2003-12-13 02:35:27 +00:00
Howard Chu
b011c51390 Clean up entry initialization 2003-12-13 02:00:07 +00:00
Howard Chu
39eb55b5f4 ITS#2869 fix decode length checks again 2003-12-11 13:24:06 +00:00
Kurt Zeilenga
169c9f60e4 More error code tweaks 2003-12-11 07:43:49 +00:00
Kurt Zeilenga
552a51ca50 Tweak the codes 2003-12-11 07:28:01 +00:00
Kurt Zeilenga
430b67aa60 Change API error codes to negative numbers so as not to clash
with newly assigned protocol result codes.
2003-12-11 05:26:32 +00:00
Jong Hyuk Choi
fa2aa5bb25 fix for concurrent persistent searches 2003-12-11 00:04:52 +00:00
Howard Chu
2aca8de6b3 Whitespace 2003-12-10 08:52:19 +00:00
Howard Chu
e28d089a93 Fixup overlay build environment 2003-12-10 08:45:53 +00:00