using best available mechanism. (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
macros into our namespace and limit use to headers. A subsequent
round will add macros to separately handle forward declarations
of variables from declaration of function prototypes. The last
round will add additional macros for declaring actual variables and
functions.
SASL mech removed from backend bind callback (as SASL is managed by frontend)
Changes to some backends are untested (as I don't have all dependent
software install)
Calls value_normalize per substr component (like old code),
likely should have/call substr_normalize which takes all components
at once (to allow more sophisticated normalization)
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
basic structures for handing language tags and binary option
(but less actual code to actually support them). Provided
for reference only. Will not even compile.
attributes of the syntax. Such attribute values be transferred
using binary syntax unless ber2str/str2ber routines are provided.
Used in conjunction with ";binary" attribute description option
and/or the Binary syntax.
Revert normalization to matching rule per discussions with Julio.
May need separate normalization routines for stored value and asserted
value. Currently rely on passed in syntax/mr to allow "special" behavior.
Reworked filters to pass struct berval * instead of char *. (needs work)
Validation, normalization and matching needed.
routine. Could be combined into one routine.
Modify slapd matching rule struct to only have match function.
Modify old attribute such that 'bin' implies octetString, not 'binary'.
Add compatibility for IA5 strings. Only directoryStrings were handled
before.
Treat attribute types without syntax as incomplete, not default.
Add OctetStringValidate (always returns okay).
Add {UTF8,IA5}StringValidate/Normalize (IA5 based loosely on
case_exact_normalize). Need case{Exact,Ignore}UTFMatch, using IA5 versions
for now.
Removed default of syntax/mr handlders, should just skip
registration of syntax/mr's without handlers.
Added comments to slap.h about types versus descriptions.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed. Needs replog support.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
privs, additive/substractive rules, and rule continuation. Existing
rules that use 'defaultaccess none' should be 100% compatible. Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
and back-ldbm are preserved, they only use the up-cased DNs. back-passwd
uses the mixed-case DN. All others are using mixed-case DN, may need more
fixing.
by <who> <access> changed to by <who>+ <access> (joined with AND)
added peername=<regex> sockname=<regex> url=<regex>
removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower. Use where needed.
added slap_ and ldbm_ to many structures
added typedefs to many structures
used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
Includes support for update referral for each replicated backend.
Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world. Still testing in LDAPv3 world.
Added default referral (test009) test.
of a bind request and, upon failure, are left "anonymous."
Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.
Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls. Adds ACL_AUTH "auth" access level (above none,
below "compare"). bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName". This allows administrators to restrict
which entries can be bound to. (This will likely become default behavior
after testing has completed).
Added configuration support for "digest-realm <realm>" configure directive.
Added connection state and bind_in_progress fields to cn=monitor connection
attribute.
added lber_types.h.nt, lber_types.h.in
removal of NULLxxx internal macros (in favor of NULL).
ch_free added to slapd,slurpd/ch_malloc.c
#define free ch_free (should be removed after s/free/ch_free/g) in proto-slap.h
ch_malloc and friends use ber_memalloc and friends
Make _MOD_SOFTADD 0x1000 to minimize chance of conflict with legit changes
to API spec.
Fix memory leak in ldap_mods_free() and minor memory allocator issues.
added comments
removed LDAP_MAX_ATTR_LEN
removed LDAP_COMPAT* from <ldap.h> but not code.
move LDAP_DEFAULT_REFHOPCOUNT to ldap-int.h
added experimental options macros
added LDAP_CONTROL_REFERRALS macros
libldap:
Replace ld_attrbuffer with per use allocated attributed.
ldap_first/next_attribute attributes now must be freed (as per draft).
unifdef -DLDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
This commit includes many changes. All changes compile under NT but
have not been tested under UNIX.
A Summary of changes (likely incomplete):
NT changes:
Removed lint.
Clean up configuration support for "Debug", "Release", "SDebug",
and "SRelease" configurations.
Share output directories for clients, libraries,
and slapd. (maybe they should be combined further
and moved to build/{,S}{Debug,Release}).
Enable threading when _MT is defined.
Enable debuging when _DEBUG is defined.
Disable setting of NDEBUG under Release/SRelease. Asserts
are disabled in <ac/assert.h> when LDAP_DEBUG is not
defined.
Added 'build/main.dsp' Master project.
Removed non-slapd projects from slapd.dsp (see main.dsp).
Removed replaced many uses of _WIN32 macro with feature based
macros.
ldap_cdefs.h changes
#define LDAP_CONST const
(see below)
#define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST
To allow specifiers to be added before and after
the type declaration. (For DLL handling)
LBER/LDAP changes
Namespace changes:
s/lber_/ber_/ for here and there.
s/NAME_ERROR/LDAP_NAME_ERROR/g
Deleted NULLMSG and other NULL* macros for namespace reasons.
"const" libraries. Installed headers (ie: lber.h, ldap.h)
use LDAP_CONST macro. Normally set to 'const' when
__STDC__. Can be set externally to enable/disable
'constification' of external interface. Internal
interface always uses 'const'. Did not fix warnings
in -lldif (in lieu of new LDIF parser).
Added _ext API implementations (excepting search and bind).
Need to implement ldap_int_get_controls() for reponses
with controls.
Added numberous assert() checks.
LDAP_R
_MT defines HAVE_NT_THREADS
Added numberous assert() checks.
Changed ldap_pthread_t back to unsigned long. Used cast
to HANDLE in _join().
LDBM
Replaced _WIN32 with HAVE_SYSLOG
ud
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
slapd
Made connection sockbuf field a pointer to a sockbuf. This
removed slap.h dependency on lber-int.h. lber-int.h now only
included by those files needing to mess with the sockbuf.
Used ber_* functions/macros to access sockbuf internals whenever
possible.
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
Removed FD_SET unsigned lint
slapd/tools
Used EXEEXT to added ".exe" to routines. Need to define EXEEXT
under UNIX.
ldappasswd
Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand().
nt_debug
Minor cleanup. Added "portable.h" include and used <ac/*.h> where
appropriate. Added const to char* format argument.
Move cache_return_entry_w() out of ldbm_back_add when the add is successful.
This change breaks back-bdb2, it needs equvalent changes of those in back-ldbm.
remove race conditions on connection close.
BROKEN: various counters for dn=monitor.
Initial testing on FreeBSD (with and without pthreads) was successfull.
Have not yet tested preemptive threading environments.
Have not built against backends other than LDBM.
by portable.h with NDEBUG undefined. This makes assert() is always
available and automatically disables itself when LDAP_DEBUG is undefined.
I've included a basic assert() for pre-STDC compilers. It relies on
abort() which may not actually be available. (well replace abort()
with whatever is appropriate if and when we're faced with a pre-STDC
compiler that doesn't have assert()).
SLAP_C_ACTIVE vs SLAP_C_INACTIVE. Need to implement BINDING and CLOSING.
Added fields tracking pending (on bind) ops. Could also be used to
implement per-connection thread limits.
The new e_private field can be used for any backend purpose. In LDBM,
it's used to point th the private entry info struct. The LDBM entry
info struct is only visible to the LDBM cache.
WARNING: This change has not be ported to other backends! Breakage is likely.
Integration into ./configure ( --enable-bdb2 ).
Adaptation of the test-suite ( 'make' -> ldbm; 'make bdb2-local' -> bdb2 ).
Minor fixes in slapd/libldbm.
Separates per backend type from per backend database initialization
and startup. Also supports per type / per backend shutdown.
New frontend startup/shutdown routines are also provided:
slap_init() slap_startup() slap_shutdown() slap_destroy()
New frontend->backend startup/shutdown is managed by:
backend_init() backend_startup() backend_shutdown backend_destroy
backend_init() now calls bi_init() to initial all function pointers
for the backend (excepting bi_init() which is now the only hardcoded
entry point). New entry points are detailed in slap.h struct
backend_info. backend_info is a per database type structure.
Besides the new startup/shutdown entry points, the new interface
also supports per backend type configuration options. One could have:
backend bdb2 (new Berkeley DB 2 backend)
bdb2_home /directory
database bdb2
...
*** This code is fairly experimental ***
*** Much cleanup and testing is still needed ***
see slap.h for details on struct backend_db and backend_info.
Likely broke things for non-posix threadings....
Update -lldap_r implementation to:
remove attribute support
hide thread detachment
provide concurrency accessors
provide initialization function
fix gethostby{addr,name}_r codes (not coverred by HAVE_REENTRANT_FUNCTIONS)
Update servers/libraries to use ldap_pvt_thread_ calls.
Cleanup server codes (no #ifdef HAVE_PTHREAD_THIS or _THATs)!
Removed -llthread
Update slap_op to maintain dn and ndn (derived from conn->c_dn).
Update ldbm_back_bind to return actual bound dn (including rootdn)
for use in slapd_conn. Other backends use client dn.
Modify other codes to use ndn (normalized uppercase dn) most everywhere.
Aliasing, Suffixing and modrdn could use more work.
Applied suffixing to compare and modrdn.
creation codes to provide this field. Update cache_entrydn_cmp
to strcasecmp() the e_ndn instead of e_dn. Note: strcasecmp()
is still used as e_ndn isn't in uppercase. Maybe it should
be. Did not update other codes to use e_ndn. Hence, there
are lots of dn_normalize() calls that could be eliminated.
(The case determination of e_ndn should be made first).
rename 'struct conn' to 'struct slap_conn'
rename op_function to slap_op_func for functions add/delete/free
This change is need to avoid clashing with perl internals.
Resolved deadlock by passing target entry to be_group and using
this if dn same as bdn. It might actually be safer to check
entry ids instead of dns.
Resolved bogus add to cache after failed acl check by deferring
cache add until after parent/acl checks have successful been
completed.
Eliminated race condition caused by concurrent adds
of same dn by adding 'li_add_mutex' around the critical section
of code (most of ldbm_back_add).
This code is preliminary and still needs significant testing.
struct friendly (Friendly) changed to ldap_friendly (LDAPFriendly)
ldap_friendly friend prefix changed to 'lf_' from 'f_'
removed mod_next field from LDAPMod (struct ldapmod)
modified slapd to use new LDAPModList (struct ldapmodlist) struct.
Added LDAPv3 result codes to ldap.h
Most function and variable definitions are now preceded by its extern
definition, for error checking. Retyped a number of functions, usually
to return void. Fixed a number of printf format errors.
API changes (in ldap/include):
Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.
A number of `extern' declarations are left (some added by protoize), to
be cleaned away later. Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
updated clients to use ldap_get/set_options
ld_options is renamed ld_booleans. ldap-int.h has accessor macros.
updated libldap to use new accessor macros.
adds POSIX RegEx (and removes BSD re_comp/re_exec) support.
* POSIX RegEx is not currently included in the distribution, however
we will probably add Henry Spencer's REGEX library soon.
* ACL Group functionality is also included in this merge!
