Pierangelo Masarati
2d948c7106
fix a couple of (too optimistic) comments...
2003-12-16 14:25:36 +00:00
Pierangelo Masarati
947f41832e
more clarifications on dnstyle usage
2003-12-16 11:20:59 +00:00
Luke Howard
c8f62b12d3
Honour any controls that are sent by a SLAPI plugin
2003-12-16 11:17:54 +00:00
Pierangelo Masarati
8fa476a5c6
line up comments and code
2003-12-16 11:05:52 +00:00
Pierangelo Masarati
4e83a282d0
improve error handling for attr val ACL syntax
2003-12-16 10:56:21 +00:00
Kurt Zeilenga
925db26754
Formating
2003-12-16 06:52:52 +00:00
Luke Howard
0bcddbc908
Don't leak SLAPI_RESCONTROLS when free'ing parameter block - these
...
are allocated by the plugin
2003-12-16 05:59:50 +00:00
Kurt Zeilenga
a736f237f8
Deprecate +objectClass in favor of @objectClass per IETF discussions
2003-12-16 05:55:52 +00:00
Kurt Zeilenga
37465b1f3a
Rework for overlay (should be checked by someone who knows this
...
stuff).
2003-12-16 03:59:24 +00:00
Kurt Zeilenga
5e77767be5
Requires --with-tls
2003-12-16 03:25:32 +00:00
Kurt Zeilenga
52c0adeb19
minor tweak and rebuild
2003-12-16 01:58:15 +00:00
Kurt Zeilenga
e3ffc1b165
Revert last commit
2003-12-16 01:55:56 +00:00
Pierangelo Masarati
e2483d8a9b
honor '!' (objectClass negation) when checking attribute presence in list
2003-12-16 01:10:33 +00:00
Pierangelo Masarati
ee34f3fb64
add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication
2003-12-16 00:49:10 +00:00
Howard Chu
6e6bef8f56
Fix - need to initialize lutil_passwd.
2003-12-16 00:39:29 +00:00
Kurt Zeilenga
d9ad3bcc50
Rework last commit
2003-12-15 23:32:52 +00:00
Kurt Zeilenga
ba783f89bf
Rev the API version number
2003-12-15 23:27:28 +00:00
Kurt Zeilenga
75b9f8acdc
Make a few OPERATIONAL REQUIREMENT clarifications
...
Clean up formating
2003-12-15 18:41:23 +00:00
Pierangelo Masarati
bc972e0656
allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user
2003-12-15 18:19:14 +00:00
Pierangelo Masarati
7444352358
describe detailed access levels required for each operation
2003-12-15 17:55:55 +00:00
Kurt Zeilenga
eec0f83fd7
Fix typos
2003-12-14 21:00:52 +00:00
Pierangelo Masarati
3a5c53a8b1
typo
2003-12-14 15:36:46 +00:00
Pierangelo Masarati
b4629f1e79
fix previous commits
2003-12-14 14:08:15 +00:00
Pierangelo Masarati
588f1f6185
resolve naming conflicts when compiling rwm overlay as static (will disappear as soon as rwm stuff is removed from back-ldap/back-meta)
2003-12-14 11:13:25 +00:00
Kurt Zeilenga
9920e9fbf6
Add support for -DOPENLDAP_FD_SETSIZE=N for use on Linux.
...
Works on BSD as well (equiv. to -DFD_SETSIZE=N).
2003-12-14 06:46:30 +00:00
Kurt Zeilenga
d5936c1242
Remove LDAP_DEPRECATED dependency
2003-12-14 03:15:28 +00:00
Kurt Zeilenga
4d29df5bd1
Add LDAP_DEPRECATED macro
...
Need to remove use of deprecated functions.
2003-12-14 02:47:42 +00:00
Kurt Zeilenga
5b0236f4ae
Add u: comment
2003-12-13 23:41:44 +00:00
Kurt Zeilenga
1fadacaa31
Forward parse the uauthzid. A realm cannot be specified unless
...
a mechanism is specified. (Few mechanisms (DIGEST-MD5 only) support
separate realms.)
2003-12-13 23:38:05 +00:00
Pierangelo Masarati
4602c935f7
saslAuthzTo/From stuff
...
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:
dn[.<style>]:<pattern>
<style> ::= exact ; exact match
children ; children of <pattern> match
subtree ; <pattern> or children of <pattern> match
regex ; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed
u[.<mech>][/<realm>]:<user>
when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified. <user> cannot contain ':'
and <mech> cannot contain '/'.
2003-12-13 23:02:59 +00:00
Howard Chu
0d8613c274
Use c_authmech when c_sasl_bind_mech is empty
2003-12-13 22:43:01 +00:00
Howard Chu
e85cd1e154
Fix prev commit, use c_authtype
2003-12-13 22:16:03 +00:00
Howard Chu
d9aec4ef28
Always set c_authmech
2003-12-13 21:39:51 +00:00
Kurt Zeilenga
4bedf015f0
cleanup
2003-12-13 18:57:00 +00:00
Kurt Zeilenga
dbc37977f2
Look for the '@' in userid@realm in reverse so that a@b@c results
...
in userid of a@b and realm of c.
2003-12-13 17:25:59 +00:00
Pierangelo Masarati
6e5ddd6420
note a potential problem
2003-12-13 17:21:17 +00:00
Pierangelo Masarati
5a00f25542
conn must be non-null
2003-12-13 15:29:49 +00:00
Pierangelo Masarati
d6bc071dd9
add subtree/children styles to saslAuthzTo/From; 'dn:' now defaults to exact
2003-12-13 12:23:56 +00:00
Pierangelo Masarati
43db7cf4bf
cleanup saslauthz code
2003-12-13 10:58:31 +00:00
Pierangelo Masarati
529a03df53
use dedicated admin identity to proxyAuthz
2003-12-13 10:57:42 +00:00
Pierangelo Masarati
9c5fe98a79
declare overlays_init()
2003-12-13 10:57:13 +00:00
Howard Chu
8a9d026097
Fix URI to work with either back-ldap or back-meta
2003-12-13 02:35:27 +00:00
Howard Chu
b011c51390
Clean up entry initialization
2003-12-13 02:00:07 +00:00
Howard Chu
39eb55b5f4
ITS#2869 fix decode length checks again
2003-12-11 13:24:06 +00:00
Kurt Zeilenga
169c9f60e4
More error code tweaks
2003-12-11 07:43:49 +00:00
Kurt Zeilenga
552a51ca50
Tweak the codes
2003-12-11 07:28:01 +00:00
Kurt Zeilenga
430b67aa60
Change API error codes to negative numbers so as not to clash
...
with newly assigned protocol result codes.
2003-12-11 05:26:32 +00:00
Jong Hyuk Choi
fa2aa5bb25
fix for concurrent persistent searches
2003-12-11 00:04:52 +00:00
Howard Chu
2aca8de6b3
Whitespace
2003-12-10 08:52:19 +00:00
Howard Chu
e28d089a93
Fixup overlay build environment
2003-12-10 08:45:53 +00:00