Commit Graph

2331 Commits

Author SHA1 Message Date
Pierangelo Masarati
8a3768276a candidate check using new macro from Kurt 2001-10-02 19:15:05 +00:00
Kurt Zeilenga
773b1907d2 Add BDB_IDL_N() macro for ando 2001-10-02 19:04:12 +00:00
Pierangelo Masarati
becb7ff0ce forward porting of time/size limits from back-ldbm (pending the definition of the most appropriate way to determine the number of candidates) 2001-10-02 12:00:01 +00:00
Pierangelo Masarati
4ac9b37db7 forward porting of empty parent dn checks from back-ldbm 2001-10-02 10:44:14 +00:00
Pierangelo Masarati
5544720505 forward porting of composite rdn handling from back-ldbm 2001-10-02 10:39:04 +00:00
Pierangelo Masarati
6e4a050657 fix memory leak in case of ACL failure (no write permission to rdn attributes) 2001-10-02 10:36:35 +00:00
Howard Chu
693a81e1db More CLDAP tweaks, to differentiate between real LDAPv2 CLDAP and "other"
LDAP/UDP messages. Slapd marks received CLDAP messages as LDAP_VERSION2.
The client library can generate CLDAP queries if -Protocol 2 is chosen,
otherwise not. LDAPv2 CLDAP cannot query the slapd rootDSE, gets no reply.
2001-10-02 01:02:23 +00:00
Pierangelo Masarati
1c010c59a1 fix candidate selection based on scope 2001-10-01 22:12:23 +00:00
Pierangelo Masarati
af8488c37d fix result bug; add hooks for error selection based on priority (now the last one is selected) 2001-10-01 22:11:37 +00:00
Pierangelo Masarati
ccef53677f fix various result returning bugs, mostly related to candidate selction that results in invalid candidates (bug detected by Markus Storm <Markus.Storm@mediaWays.net>) 2001-10-01 16:16:51 +00:00
Kurt Zeilenga
44146a1cb7 Rework DB_THREAD support. CDB support needs reimplementation. 2001-10-01 06:08:46 +00:00
Stig Venaas
3c28bb413d Removed a superfluous line left after the ai_addr == NULL fix 2001-09-29 09:40:47 +00:00
Kurt Zeilenga
e78265738d Rework getaddrinfo() stuff for ai_addr == NULL 2001-09-29 06:33:54 +00:00
Kurt Zeilenga
a1ecd9b697 Fix reference stats2 message 2001-09-28 01:44:13 +00:00
Howard Chu
926b454765 Set protocol to LDAP_VERSION2 on UDP session. 2001-09-28 00:49:01 +00:00
Howard Chu
647b5f84ee Resurrection/rewrite of CLDAP (RFC1798 Connectionless LDAP).
Compile with -DLDAP_CONNECTIONLESS to use this code.
For slapd, use "-h cldap://" to listen on UDP.
For ldapsearch, use "-H cldap://" to query on UDP.
Client-side support is very minimal:
  no automatic timeout/retries
  no basedn wildcard expansion on results
  no support for specifying multiple servers at once.
2001-09-28 00:18:40 +00:00
Howard Chu
ef7b93242d Replace some calloc/realloc with ch_calloc/ch_realloc for consistency. 2001-09-26 23:42:53 +00:00
Kurt Zeilenga
c45a6f5c23 Fix up binary search 2001-09-26 03:50:48 +00:00
Kurt Zeilenga
5f4d8a71e6 Use a 64MB stack (instead of a 64K on some systems) by default.
This should be tunable...
2001-09-26 02:35:41 +00:00
Kurt Zeilenga
8c758b34f8 Fix build errors 2001-09-26 01:54:39 +00:00
Kurt Zeilenga
37d44620a5 idl_check for back-bdb 2001-09-25 23:56:49 +00:00
Kurt Zeilenga
ef59732180 Add a sample ACL 2001-09-25 20:30:51 +00:00
Kurt Zeilenga
61de99937f ldif.h include cleanup 2001-09-25 00:03:24 +00:00
Kurt Zeilenga
2af75ecc6a Trim both \n and \r\n from config files. 2001-09-24 22:18:02 +00:00
Howard Chu
2124673988 Tweaked ID_BLOCKs to record NIDs for INDIRECT blocks as well as directs.
Use high bit of NMAX to indicate an INDIRECT. Changes are behind
  #ifdef USE_INDIRECT_NIDS
2001-09-22 06:52:32 +00:00
Howard Chu
58f4ffca59 Fix another SEGV from previous patch. 2001-09-22 05:35:52 +00:00
Howard Chu
00a28378f8 Fix previous idl_find patch. Cannot test <=0 with unsigned ints, duh... 2001-09-22 04:10:03 +00:00
Howard Chu
b52795c283 Add idl_find binary search routine, used by idl_insert and idl_split_block
instead of linear search.
2001-09-21 20:30:27 +00:00
Kurt Zeilenga
c0c9c47032 bump MAXARGS to 500 2001-09-21 00:48:47 +00:00
Mark Adamson
465ecb85f0 Finished the integerMatch matching rule and the integer syntax. 2001-09-20 15:50:49 +00:00
Pierangelo Masarati
f082328f45 logs changes even if no appropriate replica (or none at all) is defined (ITS#1335) 2001-09-19 09:09:51 +00:00
Kurt Zeilenga
22688a7ad6 Minor cleanup of last commit 2001-09-18 18:24:47 +00:00
Kurt Zeilenga
fb852d7d80 comment out inetLocalMailReciepent as it has no assigned OID 2001-09-18 17:52:43 +00:00
Howard Chu
6b9b0660c9 Fix ITS#1213, OID macro parsing in attributetypes 2001-09-18 11:30:00 +00:00
Kurt Zeilenga
7a18352c06 Patch for SASL EXTERNAL. Needs to be tested with other mechanisms. 2001-09-18 07:44:18 +00:00
Howard Chu
bb06fd8d6b Fix crashes for SASL/EXTERNAL binds:
in slap_sasl_getdn, test id, not dn. dn is still NULL
  also, don't check for trailing slash
  in slap_sasl_bind, initialize reslen to 0
2001-09-18 03:10:05 +00:00
Kurt Zeilenga
d05e6af326 Clean up include logging 2001-09-17 22:38:52 +00:00
Kurt Zeilenga
baa49e18de Back out ManageDsaIt change. 2001-09-16 22:03:38 +00:00
Kurt Zeilenga
dba27a3a17 Minor cleanup 2001-09-16 22:02:50 +00:00
Kurt Zeilenga
2d5a817288 Remove lint 2001-09-16 22:00:53 +00:00
Pierangelo Masarati
8a78d022bc cleanup and cast of logs 2001-09-13 21:30:44 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
0a155934ab Add root DSE supportedFeatures support. 2001-09-09 04:01:07 +00:00
Kurt Zeilenga
82a4f473ce Update 'invalid data' error message. 2001-09-08 03:55:41 +00:00
Kurt Zeilenga
a8b7e93ef4 Add referral scope checks (ITS#1289) from dshriver@sharemedia.com 2001-09-08 02:37:02 +00:00
Kurt Zeilenga
cd51428dbe Add IDL debugging code from SuSE. 2001-09-07 21:58:31 +00:00
Dmitry Kovalev
358835218a finish the prefious fixes... it is really hard to commit a truly good patch without even a chance to check if it is compilable ;) 2001-09-07 18:50:52 +00:00
Dmitry Kovalev
6bf69cbf39 some cosmetics and minor problems fixed, pointed out by Mei-Hui Su (c++-style comments, newlines etc.) 2001-09-07 13:04:11 +00:00
Kurt Zeilenga
ed9b7332fb Add <limits.h> 2001-09-07 02:08:32 +00:00
Kurt Zeilenga
1b42a20565 Remove extensible filter #ifdef 2001-09-04 18:45:05 +00:00
Kurt Zeilenga
3889e1d955 Add some EINTR logic to back-shell. Assumes fgets() handles
such errors in a particular manner.
2001-09-02 00:10:57 +00:00
Kurt Zeilenga
a2ba804e47 Add general extensible matching support and integerBitAndMatch
and integerBitOrMatch enhancement (ITS#1302 + minor changes)
from Luke Howard <lukeh@padl.com>.
2001-09-01 17:10:43 +00:00
Kurt Zeilenga
2c9a238571 Allow dn.base="" 2001-09-01 05:01:31 +00:00
Kurt Zeilenga
ef7b181f8b Open databases using WRCREAT not READER. 2001-09-01 05:00:27 +00:00
Kurt Zeilenga
a49392981a There is no TLSProtocol option. 2001-08-31 16:48:30 +00:00
Mark Adamson
fac77083cc Skip over the "dn:" prefix when passing a DN to dn_normalize(). 2001-08-29 23:01:24 +00:00
Kurt Zeilenga
2f761834b2 Fix NEW_LGGING typo 2001-08-29 19:49:05 +00:00
Kurt Zeilenga
9a80d76f44 Minor rework of *text = textbuf fix 2001-08-28 21:43:00 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Stig Venaas
70f7e55344 Changed get_listener_addresses() to not use getaddrinfo() for PF_LOCAL 2001-08-26 11:03:27 +00:00
Mark Adamson
7378872731 Need to set error text pointer sooner in entry_schema_check(), or Debug() will SEGV 2001-08-15 15:27:26 +00:00
Pierangelo Masarati
b637967b95 fix malformed test 2001-08-04 16:46:03 +00:00
Pierangelo Masarati
8ee6168916 fix a reference to volative memory in back-ldbm/passwd.c that caused garbage messages to be returned to ldappasswd 2001-08-04 15:46:08 +00:00
Pierangelo Masarati
1eb3f8b2e4 add limits stuff to back-ldap 2001-08-04 11:10:35 +00:00
Pierangelo Masarati
b5bb74bb02 cleanup limits stuff in back-meta 2001-08-04 11:10:08 +00:00
Pierangelo Masarati
6a5b253bc6 allow multiple limits setting on one global/per backend config line 2001-08-04 11:09:25 +00:00
Pierangelo Masarati
4919363fa0 more intuitive special limits configuration 2001-08-03 17:25:39 +00:00
Pierangelo Masarati
414783058d enforces detailed search limits 2001-08-03 17:15:14 +00:00
Dmitry Kovalev
2f4d324f60 A big bunch of improvements, contributed by Sam Drake and Raj Damani.
Summary of changes is cited below.
The patch still needs some cosmetic changes to be made, but is ready for testing.

-----Original Message-----
From: Sam Drake [mailto:drake@timesten.com]
Sent: Saturday, April 07, 2001 10:40 PM
To: 'mitya@seismic.ru'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Slapd frontend performance issues


FYI, here is a short description of the changes I made.  I'll package up the
changes asap, but it may take a couple of days.

The performance numbers quoted in this report were seen at my location with
a 100,000 object database ... the slower numbers I mentioned earlier were
reported by a customer with a 1,000,000 object database.

I also can't explain the very poor performance I saw with OpenLDAP and LDBM
with a 100,000 object database.

...Sam Drake / TimesTen Performance Software

----------

Work Performed

OpenLDAP 2.0.9, including back-sql, was built successfully on Solaris
8 using gcc.  The LDAP server itself, slapd, passed all tests bundled
with OpenLDAP.  OpenLDAP was built using Sleepycat LDBM release 3.1.17
as the "native" storage manager.

The experimental back-sql facility in slapd was also built
successfully.  It was built using Oracle release 8.1.7 and the Oracle
ODBC driver and ODBC Driver Manager from Merant.  Rudimentary testing
was performed with the data and examples provided with back-sql, and
back-sql was found to be functional.

Slapd and back-sql were then tested with TimesTen, using TimesTen
4.1.1.  Back-sql was not immediately functional with TimesTen due to a
number of SQL limitations in the TimesTen product.

Functional issues encountered were:

1. Back-sql issued SELECT statements including the construct,
   "UPPER(?)".  While TimesTen supports UPPER, it does not support the
   use of parameters as input to builtin functions.  Back-sql was
   modified to convert the parameter to upper case prior to giving it
   to the underlying database ... a change that is appropriate for all
   databases.

2. Back-sql issued SELECT statements using the SQL CONCAT function.
   TimesTen does not support this function.  Back-sql was modified to
   concatentate the necessary strings itself (in "C" code) prior to
   passing the parameters to SQL.  This change is also appropriate for
   all databases, not just TimesTen.

Once these two issues were resolved, back-sql could successfully
process LDAP searches using the sample data and examples provided with
back-sql.

While performance was not measured at this point, numerous serious
performance problems were observed with the back-sql code and the
generated SQL.  In particular:

1. In the process of implementing an LDAP search, back-sql will
   generate and execute a SQL query for all object classes stored in
   back-sql.  During the source of generating each SQL query, it is
   common for back-sql to determine that a particular object class can
   not possibly have any members satisfying the search.  For example,
   this can occur if the query searches an attribute of the LDAP
   object that does not exist in the SQL schema.  In this case,
   back-sql would generate and issue the SQL query anyway, including a
   clause such as "WHERE 1=0" in the generated SELECT.  The overhead
   of parsing, optimizing and executing the query is non-trivial, and
   the answer (the empty set) is known in advance. Solution: Back-sql
   was modified to stop executing a SQL query when it can be
   predetermined that the query will return no rows.

2. Searches in LDAP are fundamentally case-insensitive ("abc" is equal
   to "aBc").  However, in SQL this is not normally the case.
   Back-sql thus generated SQL SELECT statements including clauses of
   the form, "WHERE UPPER(attribute) = 'JOE'".  Even if an index is
   defined on the attribute in the relational database, the index can
   not be used to satisfy the query, as the index is case sensitive.
   The relational database then is forced to scan all rows in the
   table in order to satisfy the query ... an expensive and
   non-scalable proposition.  Solution: Back-sql was modified to allow
   the schema designer to add additional "upper cased" columns to the
   SQL schema.  These columns, if present, contain an upper cased
   version of the "standard" field, and will be used preferentially
   for searching.  Such columns can be provided for all searchable
   columns, some columns, or no columns.  An application using
   database "triggers" or similar mechanisms can automatically
   maintain these upper cased columns when the standard column is
   changed.

3. In order to implement the hierarchical nature of LDAP object
   hierarchies, OpenLDAP uses suffix searches in SQL.  For example, to
   find all objects in the subtree "o=TimesTen,c=us", a SQL SELECT
   statement of the form, "WHERE UPPER(dn) LIKE '%O=TIMESTEN,C=US'"
   would be employed.  Aside from the UPPER issue discussed above, a
   second performance problem in this query is the use of suffix
   search.  In TimesTen (and most relational databases), indexes can
   be used to optimize exact-match searches and prefix searches.
   However, suffix searches must be performed by scanning every row in
   the table ... an expensive and non-scalable proposition.  Solution:
   Back-sql was modified to optionally add a new "dn_ru" column to the
   ldap_entries table.  This additional column, if present, contains a
   byte-reversed and upper cased version of the DN.  This allows
   back-sql to generate indexable prefix searches.  This column is
   also easily maintained automatically through the use of triggers.

Results

A simple database schema was generated holding the LDAP objects and
attributes specified by our customer.  An application was written to
generate test databases.  Both TimesTen and Oracle 8.1.7 were
populated with 100,000 entry databases.

Load Times

Using "slapadd" followed by "slapindex", loading and indexing 100,000
entries in an LDBM database ran for 19 minutes 10 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
a disk based RDBMS took 17 minutes 53 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
TimesTen took 1 minute 40 seconds.

Search Times

The command, "timex timesearch.sh '(cn=fname210100*)'" was used to
test search times.  This command issues the same LDAP search 4000
times over a single LDAP connection.  Both the client and server
(slapd) were run on the same machine.

With TimesTen as the database, 4000 queries took 14.93 seconds, for a
rate of 267.9 per second.

With a disk based RDBMS as the database, 4000 queries took 77.79 seconds,
for a
rate of 51.42 per second.

With LDBM as the database, 1 query takes 76 seconds, or 0.076 per
second.  Something is clearly broken.
2001-08-02 17:28:59 +00:00
Kurt Zeilenga
b22ad8cf60 Add some addl. logging 2001-08-02 03:37:20 +00:00
Pierangelo Masarati
8471ef7ed0 add global, per backend and per op_ndn time/size soft, hard and to-be-checked limits (exploited by back-ldbm); see slapd.conf(5) for details 2001-08-01 10:09:04 +00:00
Pierangelo Masarati
419a5ae8c9 fix typo; try to delete dn2id in case of late failure 2001-07-31 10:54:39 +00:00
Pierangelo Masarati
d8cb33ebe8 added acl check for added/removed rdn attrs 2001-07-31 10:02:19 +00:00
Kurt Zeilenga
50223981d9 Fix typo 2001-07-31 07:53:21 +00:00
Kurt Zeilenga
b09727567d Clean up 2001-07-31 04:55:14 +00:00
Kurt Zeilenga
60c4893b93 Last changes should have been #ifdef 2001-07-31 04:30:11 +00:00
Kurt Zeilenga
0bcc892fdf Fix basic operations 2001-07-31 04:24:29 +00:00
Kurt Zeilenga
ca7ba1a3fd Fix slapadd crash when only a subset of databases have been initialized.
Likely should have a general solution to this.
2001-07-31 00:16:44 +00:00
Pierangelo Masarati
4362654eb6 fixes another assert in case of subtle error (schema failure while applying rdn changes) 2001-07-30 20:12:34 +00:00
Pierangelo Masarati
8edccd2554 fixes ITS#1261 (abort on modrdn with new dn already existing) 2001-07-30 14:54:02 +00:00
Pierangelo Masarati
6c81656a95 fixed some memory allocation nonsense 2001-07-29 17:21:28 +00:00
Pierangelo Masarati
c78416fdbd exploits regex-based per op_ndn time/size limits 2001-07-28 11:25:00 +00:00
Pierangelo Masarati
4051547dfa handle regex-based per op_ndn time/size limits 2001-07-28 11:24:22 +00:00
Kurt Zeilenga
279ef73485 Remove assert(0) 2001-07-28 01:06:06 +00:00
Stig Venaas
e3caeb2264 Removed duplicate code by replacing case-Exact/Ignore-Filter/Indexer and
case-Exact/Ignore-Substrings-Match/Filter/Indexer with common code for
the caseExact and caseIgnore cases
2001-07-27 22:54:43 +00:00
Stig Venaas
159fa1b26c Making the approx multistring code default. Leaving the old code for now,
but can really be removed.
2001-07-26 22:33:28 +00:00
Kurt Zeilenga
d4df1af590 Misc cleanup of asserts 2001-07-26 01:08:00 +00:00
Stig Venaas
92ec77f6dc Made approxMatch/Indexer/Filter all do Unicode cannonical normalization
followed by stripping of characters with 8th bit set. The normalization
is needed to make exact match imply approx match.
2001-07-25 21:22:55 +00:00
Kurt Zeilenga
e2b3914982 ITS#1274 fix 2001-07-24 19:54:04 +00:00
Kurt Zeilenga
d31da9dd01 Rework single-value check 2001-07-24 04:31:01 +00:00
Kurt Zeilenga
3e7e6bc6d5 Add an improved single value constraint check. 2001-07-24 03:25:17 +00:00
Pierangelo Masarati
589a5c7442 added extra check to suffix param of replica entry 2001-07-23 14:32:59 +00:00
Kurt Zeilenga
3a2f9e84ba Fix typo 2001-07-22 03:25:45 +00:00
Kurt Zeilenga
0cdf9e3124 fix up UTF8MATCH 2001-07-22 02:45:21 +00:00
Kurt Zeilenga
f310142d2c Use DN normalize 2001-07-22 00:32:58 +00:00
Stig Venaas
d326f96c32 We shouldn't need UTF8oncasecmp() and UTF8casechr() anymore, removing
them.
2001-07-22 00:31:04 +00:00
Kurt Zeilenga
7000f3e8cb Zap old DN code 2001-07-21 23:45:04 +00:00
Kurt Zeilenga
978e417699 Make some additional UTF8 public
Remove lint
2001-07-21 23:13:04 +00:00
Kurt Zeilenga
da2f6f6805 Zap !UTF8MATCH code 2001-07-21 23:02:06 +00:00
Kurt Zeilenga
5cb6b1ce02 Back out DN changes, needs more work 2001-07-21 22:44:55 +00:00
Kurt Zeilenga
9207e19978 unifdef -DMULTIATTRVAL_RDN 2001-07-21 21:21:32 +00:00
Pierangelo Masarati
ece9bdb0eb Added the suffix=<dn> parameter to replica config directive
to allow selective replication of subtrees of a single database.
Multiple occurrences allow the same replica to handle different
subtrees
2001-07-21 14:15:23 +00:00
Pierangelo Masarati
9ee9f1e0e1 Reworked again the caching in case of failure.
Now operations that set the status of an entry to CREATING (add.c, modrdn.c)
need to set it to COMMIT, by calling cache_entry_commit, before returning
the entry itself, otherwise the entry is removed from the cache
and its private data is freed.
Should fix crashes due to add failures as in ITS#1245
2001-07-21 10:53:06 +00:00
Pierangelo Masarati
aec4430d59 Reworked API of nextid; e_private gets destroyed separately from the entry in case add fails (should fix ITS#1245) 2001-07-20 09:50:28 +00:00
Stig Venaas
0e614ca0ec Made caseExactMatch() use Unicode normalization 2001-07-17 20:09:37 +00:00
Stig Venaas
6c362d77ac Made caseIgnoreSubstringsMatch and caseExactSubstringsMatch use proper
Unicode cannonical normalization
2001-07-17 19:35:23 +00:00
Randy Kunkee
82f3004a16 Prevent ldbm_sync from being called by ldbm_cache_close when the new
dbsync configuration is in use, which was preventing the performance
gains of this mode.
2001-07-16 23:21:36 +00:00
Stig Venaas
ea47735802 Fixed UTF8 encoding checks for substrings assertions 2001-07-16 22:48:52 +00:00
Randy Kunkee
f06021e335 Fix ITS#1239:
slapadd core-dumps when destroying db's env (Sleepycat 3.2.9) (ITS#1239)
Only call ldbm_shutdown_env if the database has been opened, ie. when
li->li_dbenv != NULL.  Would appear any time a shutdown occurred and
not all LDBM databases were opened.
2001-07-16 22:16:24 +00:00
Stig Venaas
9b0e583576 Fixed bug in caseExactSubstringsIndexer() and caseIgnoreSubstringsIndexer().
UTF8 normalization must be done before we compute number of keys since
string length might increase.
2001-07-15 21:28:07 +00:00
Kurt Zeilenga
40d68d8374 Extend assertion value syntax checks to some other cases. Needs to
be applied to substrings assertions as well.
2001-07-15 17:25:49 +00:00
Kurt Zeilenga
c46014e27e Fix typo in disallow logging 2001-07-15 17:25:00 +00:00
Stig Venaas
886a7575d0 Fixed segfault in caseIgnoreFilter when assertion value has bad UTF8 coding 2001-07-15 16:21:36 +00:00
Pierangelo Masarati
e864abf685 reworked slapd_mods_free into mimic to avoid extra obj linking into tools 2001-07-14 17:48:12 +00:00
Pierangelo Masarati
5fdba27288 This is the skeleton of back-monitor, the slapd monitoring backend.
The old monitoring stuff has been removed; the new backend is
enabled by using --enable-monitor at configure time and requires

	database monitor

in slapd.conf to be activated.  At present it implements a subset
of the old monitoring options, and it should be extendable to
a number of different subsystems.  The search operation has been
implementd; it does not honor abandon or size/time limits, though.
The compare and the abandon operations are planned.

Copyright Pierangelo Masarati <ando@sys-net.it>; the code is provided
AS IS with NO GUARANTEE.  It can be used and distributed under the
conditions stated by the OpenLDAP Public License.
2001-07-14 17:34:24 +00:00
Kurt Zeilenga
ca43453b95 Quick and dirty hack to add password modify replication. 2001-07-14 01:26:02 +00:00
Pierangelo Masarati
a453d7eacf dn_validate/dn_normalize has been rewritten by
David A. Cooper <david.cooper@nist.gov> (ITS#1232)
according to draft-ietf-ldapbis-dn-05.txt

A copyright statement follows:

  The functions normalize_unicode(), get_hexpair(), write_hex_pair(),
  get_next_byte(), get_next_char(), get_ber_length(),
  ber_parse_primitive_string(), ber_parse_string(), String_normalize(),
  DirectoryString_normalize(), PrintableString_normalize(),
  IA5String_normalize(), ber_parse_primitive_bitstring(),
  ber_parse_bitstring(), getNext8bits(), bitString_normalize(), match_oid(),
  match_key(), get_validated_av_in_dn(), get_validated_rdn_in_dn(),
  and get_validated_dn() in this file were developed at the National Institute
  of Standards and Technology by employees of the Federal Government in the
  course of their official duties. Pursuant to title 17 Section 105 of the
  United States Code the code in these functions is not subject to copyright
  protection and is in the public domain. The copyright for all other code in
  this file is as specified below.
2001-07-13 08:21:14 +00:00
Pierangelo Masarati
b0a60a5d3d added function cache_find_entry_ndn2id that avoids an unnecessary call to dn_normalize; now dn2id calls this function, while the original function has been left as a wrapper 2001-07-11 08:41:42 +00:00
Pierangelo Masarati
27e5c484e6 reworked rdn_attrs to use ldap_explode_rdn; maybe we should remove escapes "\" from parts directly in ldap_explode_rdn 2001-07-10 18:19:22 +00:00
Gary Williams
453e69d636 fix bad debug message 2001-07-10 16:42:26 +00:00
Pierangelo Masarati
005823e032 Forbid empty ("") dn! (followup 5 to ITS#1173) 2001-07-09 10:35:43 +00:00
Pierangelo Masarati
2baa2f0f24 If add to "" is allowed, also modrdn should 2001-07-07 15:40:25 +00:00
Pierangelo Masarati
04c29fb3ea dn2idl API changed for consistency with other dn2id* funcs 2001-07-07 14:49:42 +00:00
Pierangelo Masarati
a4dc886f02 moved some slap_mods_* functions into mods.c, so mods.o can be included
by slapd/tools/*; slap_mods_free is needed by ldbm_back_modrdn after
fixing ITS#1184 (at present -DMULTIATTRVAL_RDN is needed when compiling
back-ldbm/modrdn.c to trigger the compilation of new code).
2001-07-07 09:13:05 +00:00
Pierangelo Masarati
da9ea54700 fixed test on "" (empty) parent dn 2001-07-06 14:40:27 +00:00
Pierangelo Masarati
f4acf94c83 honors '+' rdn separator in adding/deleting attributes; needs -DMULTIATTRVAL_RDN. Please test 2001-07-06 12:24:34 +00:00
Pierangelo Masarati
bff5608926 protos and declarations for charray and rdn stuff 2001-07-06 12:23:22 +00:00
Pierangelo Masarati
38ce12a6f6 added rdn_attrs: parses a rdn and returns types and values in two arrays (honors '+' separator according to RFC 2253) 2001-07-06 12:22:01 +00:00
Pierangelo Masarati
016328a1da added misc charray utilities 2001-07-06 12:20:26 +00:00
Kurt Zeilenga
38e8fefe17 Fix root dse checks 2001-07-06 02:14:47 +00:00
Kurt Zeilenga
9d6852d584 Correct X.500 reference 2001-07-06 02:11:17 +00:00
Pierangelo Masarati
901ce99dde added a comment to rdn_validate: needs to be rewritten according to dn_validate 2001-07-05 20:33:15 +00:00
Pierangelo Masarati
cd74b62fd2 rdn check to prevent illegal rdns in modrdn (copied from dn_rdn) fixes ITS#1102 2001-07-05 08:40:40 +00:00
Pierangelo Masarati
5ad8efbb47 Used API signature from back-bdb; compiles and passes make test 2001-07-03 11:23:18 +00:00
Pierangelo Masarati
fdd45144ca separate ID return value form return status in dn2id (back-ldbm/dn2id.c) 2001-07-02 19:42:27 +00:00
Randy Kunkee
a9097044ea Remove global_backendsyncfreq code (code has been pushed down into back-ldbm). 2001-06-28 18:02:46 +00:00
Randy Kunkee
6a6fd6059d Change to _TRACE instead of _ANY for sync daemon internals. 2001-06-28 09:27:01 +00:00
Randy Kunkee
0ef87764d7 Move backend_syncfreq code down into back-ldbm. Creates new configuration
for LDBM backends called "dbsync", which takes minimum of one argument up
to 3 args which are sync frequency, # of delays, and delay periods.  See
man page update for "dbsync" configuration for more details.
2001-06-28 09:20:33 +00:00
Kurt Zeilenga
77f776dfd1 Another round of TLS updates to support secure referral chasing 2001-06-25 19:17:42 +00:00
Kurt Zeilenga
c4f5497ac6 move TLS ctx to lconn struct in prep for supporting TLS with referrals
need to rework cert check to use per lconn host name
2001-06-25 07:33:42 +00:00
Pierangelo Masarati
6364cea1d3 catch up with bi_db_sync stuff 2001-06-23 15:43:21 +00:00
Kurt Zeilenga
6dd25ba1e6 Plug idl leakage 2001-06-23 05:05:08 +00:00
Kurt Zeilenga
5aefca3be1 Add comments to three-value logic 2001-06-23 02:42:39 +00:00
Kurt Zeilenga
323a03aa90 Fix three value logic 2001-06-23 02:26:09 +00:00
Kurt Zeilenga
1229cfcc3f Backout directory config option 2001-06-22 21:00:24 +00:00
Kurt Zeilenga
60f4554c76 plug substrings filter memory leak 2001-06-22 18:09:19 +00:00
Randy Kunkee
d492880870 Add sync_daemon to daemon.c, enabled by global configuration
backendsyncfreq <seconds>.  Setting this automatically enables
dbnosync (because the synchronizer takes care of it).
2001-06-22 08:38:58 +00:00
Randy Kunkee
1656f2c774 Patches from Mark Whitehouse (with changes from myself) to make the
dbcachesize setting actually work for db-3.2.9.
2001-06-21 18:54:56 +00:00
Kurt Zeilenga
733d6296a6 Fix undefined filter parsing 2001-06-16 02:20:48 +00:00
Kurt Zeilenga
bee0650d9c Work in progress codes. !UNTESTED! 2001-06-15 07:08:37 +00:00
Kurt Zeilenga
11b6d1f284 Misc updates for NT4 2001-06-15 04:16:55 +00:00
Kurt Zeilenga
e2edf459cb Remove extraneous variable 2001-06-15 00:00:52 +00:00
Kurt Zeilenga
ff993c7ddb Misc updates to password codes / docs 2001-06-13 05:40:24 +00:00
Kurt Zeilenga
8d4c20cd6d Adding crypt(3) salt format (ITS#1202) from Jeff Costlow <j.costlow@f5.com>
with minor changes by committer
---
Copyright 2001, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.

This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
2001-06-13 03:47:17 +00:00
Kurt Zeilenga
67cf14466e Check schema NAMEs 2001-06-07 22:47:02 +00:00
Kurt Zeilenga
cda7d4b2fc Check for children 2001-06-07 00:19:23 +00:00
Kurt Zeilenga
6a647d917f Check for duplicate entries 2001-06-06 22:17:57 +00:00
Kurt Zeilenga
adae86a7db Add more detailed reporting of schema violations to client. 2001-06-06 00:23:56 +00:00
Kurt Zeilenga
891079fb09 Fix undefined attribute type error text usage 2001-06-04 16:46:33 +00:00
Pierangelo Masarati
970abe2637 semicolon after colon in goto labels; no C++ style comments; unused vars removed or #ifdef'd 2001-06-03 08:55:17 +00:00
Pierangelo Masarati
5a2014b863 semicolon after colon in goto labels 2001-06-03 08:53:13 +00:00
Kurt Zeilenga
9a0b6e92d7 Default ACL clause should be "by * none stop" not "by * stop".
That is, default rule should set permissions to none.
2001-06-01 20:09:03 +00:00
Kurt Zeilenga
5f0473d127 Fix typo in last commit 2001-05-30 06:28:32 +00:00
Kurt Zeilenga
e4653bde68 Allow empty numericString matching 2001-05-30 06:06:14 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated
sessions (defaults: 256K and 16M respectively).
2001-05-29 20:00:55 +00:00
Kurt Zeilenga
351e436dcf Add an LDBM backend "directory" directive (in addition to
the existing database "directory" directive) to allow setting
of a DB_ENV directory.  Should likely be database specific.
2001-05-29 01:51:37 +00:00
Kurt Zeilenga
7d89fb5446 Fix empty suffix separator test. 2001-05-28 19:40:42 +00:00
Kurt Zeilenga
b56b9859c7 Fix typo (no functional change) 2001-05-28 19:40:15 +00:00
Kurt Zeilenga
820042d013 Add some additional filter checks 2001-05-24 01:07:00 +00:00
Kurt Zeilenga
2433719316 add missing return bug 2001-05-24 00:42:08 +00:00
Kurt Zeilenga
8360b4396f Take rc out from #ifdef 2001-05-20 17:39:32 +00:00
Pierangelo Masarati
c5a9ffa62e pseudo-root dn bind; a couple of minor fixes 2001-05-19 17:02:39 +00:00
Kurt Zeilenga
b8788e8a75 minor cleanup 2001-05-18 17:10:03 +00:00
Kurt Zeilenga
0aef7722e6 Add support for obsolete attributes.
We don't support collective attributes (yet).
Remove exit() calls from scheme parsers.  Need to do same for acl parser.
2001-05-17 07:31:59 +00:00
Pierangelo Masarati
90766f4d4f minor cleanup; some error handling and log fixes 2001-05-16 23:06:15 +00:00
Pierangelo Masarati
395cc1d7bb added new log; minor cleanup of rewrite stuff 2001-05-16 22:55:44 +00:00
Kurt Zeilenga
a76935fe00 Note that schema submissions should come with a reference
to a stable specification.
2001-05-16 20:42:20 +00:00
Kurt Zeilenga
1669cd4d7b Add '=' to printableString to be consistent with ASN.1 description
of syntax.  RFC 1778/2252 are wrong and will need to be updated.
2001-05-16 19:20:29 +00:00
Kurt Zeilenga
ce8fcda8c4 Improve error message when parent is referral or not present 2001-05-16 19:19:16 +00:00
Pierangelo Masarati
0b4c7e0181 added new logging to back-meta 2001-05-13 23:44:22 +00:00
Pierangelo Masarati
00dfed1d0e cleanup of the tests in back-meta/data; after build, run "setup.sh"
in back-meta/data and follow instructions.
minor update of "Changes" and "TODO".
2001-05-13 17:58:03 +00:00
Kurt Zeilenga
0445405299 if continuation line starts with a tab, rewrite it to a space 2001-05-12 18:43:06 +00:00
Pierangelo Masarati
74fa239a20 This is the commit of:
- librewrite, for string rewriting; it may be used in back-ldap
    by configuring with '--enable-rewrite'. It must be used in
    back-meta. There's a text file, 'libraries/librewrite/RATIONALE',
    that explains the usage and the features. More comprehensive
    documentation will follow.
  - enhancements of back-ldap (ITS#989,ITS#998,ITS#1002,ITS#1054 and ITS#1137)
    including dn rewriting, a fix to group acl matching and so
  - back-meta: a new backend that proxies a set of remote servers
    by spawning queries. It uses portions of back-ldap and the rewrite
    capabilities of librewrite. It can be compiled by configuring
    with `--enable-ldap --enable-rewrite --enable-meta'.
    There's a text file, 'servers/slapd/back-meta/Documentation', that
    describes the main features and config statements.

Note: someone (Kurt?) should run 'autoconf' and commit 'configure' as
my autoconf version must be different: my configures contain a number
of differences and I didn't feel comfortable in adding them :)
2001-05-12 00:51:28 +00:00
Gary Williams
cabeec26d4 fix debug line (ITS 1145) 2001-05-11 20:19:16 +00:00
Kurt Zeilenga
cf2cb85fab Clean up logging 2001-05-10 17:40:12 +00:00
Kurt Zeilenga
af2ab5f0a5 Make sure we yield() on a failed accept() 2001-05-10 17:39:10 +00:00
Kurt Zeilenga
4baa7c47da Add better modlist2mod error reporting (to client) 2001-05-10 03:41:17 +00:00
Kurt Zeilenga
f48cb50f12 Zap presentation address match define 2001-05-09 23:43:06 +00:00
Kurt Zeilenga
24ea49810f Clean up some #ifdefs 2001-05-09 23:42:49 +00:00
Kurt Zeilenga
d523048634 Fix have inet_ntop bug 2001-05-09 23:41:16 +00:00
Kurt Zeilenga
b57bc8b35b Note that misc is experimental 2001-05-09 04:17:55 +00:00
Kurt Zeilenga
5f7bf65deb Add ITS#876 nisSchema 2001-05-09 04:16:47 +00:00
Kurt Zeilenga
a8e3501a11 Update copyright 2001-05-08 02:06:33 +00:00
Kurt Zeilenga
9617b89374 Add DESC to various schema elements 2001-05-08 02:03:44 +00:00
Kurt Zeilenga
60c5e77cd6 Fix disconnect bug 2001-05-06 20:01:18 +00:00
Kurt Zeilenga
4055077607 Add simple configure support for sockbuf max incoming 2001-05-05 07:29:21 +00:00
Kurt Zeilenga
be26f1a9f7 Fix typos 2001-05-04 22:50:51 +00:00
Kurt Zeilenga
abce5abf34 Quick sb_max_incoming hack, should be configurable (likely
with differing anonymous vs authenticated values).
2001-05-04 21:55:07 +00:00
Kurt Zeilenga
aa983f343e Clean up entry_free()
assert of e_private was not freed by caller
2001-05-04 01:02:36 +00:00
Kurt Zeilenga
383391b460 detect and use fcntl (for BSD/OS)
detect inet_ntop (for MacOSX)
2001-05-03 05:53:34 +00:00
Kurt Zeilenga
508890e75b Add telephone number indexing support (reuse only) 2001-05-03 00:59:47 +00:00
Kurt Zeilenga
87dc3e2091 Use SMD5 is SHA1 is not available 2001-05-02 19:46:30 +00:00
Kurt Zeilenga
3310663d02 RANDFILE directives 2001-05-02 19:46:01 +00:00
Kurt Zeilenga
3fdbff6923 SLP updates 2001-05-02 19:44:21 +00:00
Kurt Zeilenga
66aa425d92 Be a bit more liberal 2001-05-02 19:43:38 +00:00
Kurt Zeilenga
2133318df7 Fix LDIF bug 2001-05-02 19:41:57 +00:00
Kurt Zeilenga
f8b4ed8afb Fix secprops mimic'ing 2001-05-02 19:41:27 +00:00
Kurt Zeilenga
a045117bf2 fix typo in comment 2001-04-21 01:32:03 +00:00
Kurt Zeilenga
1eb0170482 s/<anonymous>/cn=anonymous/ to avoid syntax issues 2001-04-19 19:29:38 +00:00
Kurt Zeilenga
da0e6d3d98 Previously added modrdn restriction to restrictive. Need to
check newSuperior.
2001-04-19 19:29:00 +00:00
Kurt Zeilenga
c2c7ccc228 Disallow anonymous modification. 2001-04-19 19:28:15 +00:00
Kurt Zeilenga
7537abfb06 Fix referral handling bug 2001-04-12 23:02:20 +00:00
Gary Williams
a26612bc00 fix for select_backend suggested G. Gombas (ITS 1090) 2001-03-27 15:04:06 +00:00
Kurt Zeilenga
20690a532e Fix typo 2001-03-17 17:43:36 +00:00
Kurt Zeilenga
a5ea7aefd6 Add name and uid support to dnaddr 2001-03-15 04:48:29 +00:00
Kurt Zeilenga
fd41a199c0 Make sure we have a separator when doing suffix matching 2001-03-15 03:05:33 +00:00
Kurt Zeilenga
9f8a0e7d1b Normalize DN 2001-03-15 03:04:51 +00:00
Kurt Zeilenga
efaab64b69 Normalized user DN 2001-03-15 03:03:01 +00:00
Kurt Zeilenga
5eaa8fc85f Fix error text bugs 2001-03-15 03:02:23 +00:00
Kurt Zeilenga
e0e0b255f7 Fix typo in $SRCS 2001-03-15 03:01:54 +00:00
Kurt Zeilenga
339a1504d6 Fix syntax/matching-rules for ref and labeledURI 2001-03-15 03:00:52 +00:00
Mark Valence
4b87d9c7d2 Fixed bug (my own, rather old too) that causes a crash on exit when ru
n as a service on NT.
2001-03-11 05:13:57 +00:00
Gary Williams
80ab3d6a6e fix logging line 2001-03-02 14:17:01 +00:00
Mark Valence
2c677743ad bug fix 2001-02-20 16:08:14 +00:00
Mark Valence
95bc47ce79 fix mistype. 2001-02-20 16:07:05 +00:00
Mark Valence
6e6118c6cc attribute & objectclass mapping rules 2001-02-19 19:14:12 +00:00
Mark Valence
efcb4533be Fixed aci syntax validation to use UTF (aci attrs can have dn's) 2001-02-19 19:06:21 +00:00
Gary Williams
9cf6ee8ccd fix acl log line 2001-02-08 13:21:20 +00:00
Gary Williams
8ac7efd02d Add some logging for bad attributes 2001-02-06 16:06:38 +00:00
Kurt Zeilenga
0fc62be316 Rework security restrictions for SASL bind 2001-02-03 03:17:22 +00:00
Kurt Zeilenga
f9a302b1f6 Revamp last commit 2001-02-03 02:32:14 +00:00
Kurt Zeilenga
8091aedc76 Add security checks to root DSE searches.
Fix checking of require statements.
2001-02-03 02:21:37 +00:00
Gary Williams
7c53c9ba1c fix windows-specific logging line 2001-02-02 14:49:35 +00:00
Gary Williams
7cf56432be small changes to logging 2001-02-02 13:50:16 +00:00
Gary Williams
e565505f21 fix logging macros (thanks Mei) 2001-02-02 13:49:26 +00:00
Stig Venaas
ac95c255a8 Using UTF8normcmp() from lunicode, removing our own UTF8casecmp() 2001-01-31 15:58:00 +00:00
Stig Venaas
a8b77998f5 Made caseIgnoreIndexer(), caseIgnoreFilter(),
caseIgnoreSubstringsIndexer(), caseIgnoreSubstringsFilter(),
caseExactIndexer(), caseExactFilter(), caseExactSubstringsIndexer() and
caseExactSubstringsFilter() use UTF8normalize
2001-01-26 15:56:29 +00:00
Stig Venaas
b92bceed2a Now loading all UCDATA files 2001-01-26 14:33:09 +00:00
Stig Venaas
b371357c13 Made dnNormalize() do Unicode normalization and case folding.
dn_normalize() now uses dnNormalize() and fails if normalized string is
longer than original string.
2001-01-25 16:51:59 +00:00
Kurt Zeilenga
d717d9c897 Add DNS SRV to error text 2001-01-24 17:25:30 +00:00
Stig Venaas
13e628bcf4 Load UCDATA composition data 2001-01-24 15:31:53 +00:00
Kurt Zeilenga
fa21f7fe86 Fix IP= port numbers 2001-01-24 00:08:15 +00:00
Mark Adamson
68ab73a0f5 Make sure the variable used for SASL REALM is initialized, in case of no REALM. 2001-01-23 19:18:03 +00:00
Kurt Zeilenga
65cdfa68f0 Fix more typos 2001-01-22 22:03:44 +00:00
Kurt Zeilenga
a4f37d6303 Fix typo 2001-01-22 21:10:54 +00:00
Kurt Zeilenga
10730ca226 Add objectClass kind checking
Kludge NADF schema to conform
2001-01-22 08:09:25 +00:00
Kurt Zeilenga
b849a6ec78 Add default to default option 2001-01-20 01:15:44 +00:00
Howard Chu
4703fe82b2 Pierangelo Masarati's bugfixes and enhancements for suffix-massaging.
See the Changes file for detailed description.
2001-01-19 21:27:20 +00:00
Kurt Zeilenga
28d1dbd8ac Add "sasl-external-x509dn-convert" configuration option aimed
at providing authid TLS/X.509 to LDAP DN mapping.  Experimental.
2001-01-19 00:47:32 +00:00
Kurt Zeilenga
1302713f09 Fix SASL_REALM bug
Minor cleanup of logging code, variable scope
2001-01-19 00:01:25 +00:00