moved labeledURI into system schema
attribute types that inherit from labeledURI may be used in dynamic
groups e.g. access to * by group/groupOfURLs/memberURL=foo
- currenty works for refreshOnly mode of LDAP Sync
- Context CSN for add / modify is implemented
- code for delete / modrdn / refreshAndPersist will be soon committed
Currently discovered via a "feature", but should use a control.
Start of a control made, but needs to be better integrated (with
auto use in ldapmodify(1)).
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
Rename internal slapi_XXX API to slapi_x_XXX
Always set result code/matched/error text in operation parameter block
to make available to postoperation plugins
behaviour:
1. Plugins never return LDAP result codes, instead they return a
small integer (0 or -1, others for special cases)
2. Preoperation plugins can abort processing by returning a non-
zero value to the frontend
3. Postoperation plugins never abort processing (all are called)
and their return values are ignored
(see in slapd(8) the description on how to enforce file permissions
on sockets in ldapi schema); at present, only user permissions are
used as follows: the url extension x-mod=-rwxrwxrwx is used; only
the user permisisons are considered, e.g. the first set of rwx;
"r" means read is allowed from that listener
"w" means write is allowed on that listener
"x" means bind is not required on that listener
these restrictions ADD to those already present, and are actually
checked AFTER the other restrictions, but BEFORE ACLs, so they can
be used to apply gross restrictions but should not be viewed as
a replacement of ACLs. To compile this, #define SLAP_X_LISTENER_MOD
