Commit Graph

7461 Commits

Author SHA1 Message Date
Pierangelo Masarati
f227a96053 more for the allop overlay 2005-08-20 11:53:31 +00:00
Pierangelo Masarati
95f65ff352 all-operational overlay: allows to configure part of te DIT so that requests
with requested attribute lists empty or containing "*" are expanded
to contain "+" as well, so that all operational attributes are returned.
This may be required to work around dumb clients that interrogate
the rootDSE requesting "*" and expecting operational attributes to be
returned as well.  To make it a bit more generic, it can be configured
to do the same for an arbitrary search described by an URI.  For example,

overlay		allop
allop-URI	ldap:///??sub

before any database instantiation causes all searches to return "*","+"
when ors_attrs is NULL or countains "*".
2005-08-20 11:48:13 +00:00
Pierangelo Masarati
fdfcf0406e need an AUXILIARY objectClass to play with some special error codes (need to update man page as well)... 2005-08-20 11:31:51 +00:00
Pierangelo Masarati
e5d302e84f normalize/pretty attributes when possible 2005-08-20 11:31:07 +00:00
Kurt Zeilenga
6f99b15ee0 Clarify second all user attrs comment 2005-08-20 07:00:16 +00:00
Kurt Zeilenga
5beeb04346 Clarify attribute comment 2005-08-20 06:58:22 +00:00
Pierangelo Masarati
725423ef4f couldn't slapcat with ACIs in slapd.conf :) 2005-08-19 00:30:10 +00:00
Pierangelo Masarati
3356017b93 complete ACI syntax exploitation 2005-08-19 00:25:18 +00:00
Pierangelo Masarati
9c02a32b7c more about matchedDN in back-meta (ITS#3944) 2005-08-18 14:55:28 +00:00
Pierangelo Masarati
ef38cc9501 cleanup 2005-08-18 12:50:48 +00:00
Pierangelo Masarati
66c173deb9 a bit redundant, but works around ITS#3951 2005-08-18 12:14:07 +00:00
Pierangelo Masarati
11211d0dae strip entryDN from search entries; frontend will reattach it :( 2005-08-18 11:26:29 +00:00
Pierangelo Masarati
e066ec210e merge sml_managing into sml_flags (SLAP_MOD_MANAGING) 2005-08-18 08:48:10 +00:00
Pierangelo Masarati
9487629061 zero out sml_managing any time a Modifications is built (use calloc?) 2005-08-18 08:12:26 +00:00
Howard Chu
315c4a3b72 ITS#3946 reset lockout status at beginning of all Binds 2005-08-18 07:05:56 +00:00
Luke Howard
2ff5c27f63 Check for NULL in be_match()
Use be_match() in backend.c operational processing
2005-08-18 04:34:04 +00:00
Luke Howard
53a15b6820 Use be_match() instead of testing pointer equivalence 2005-08-18 04:12:54 +00:00
Luke Howard
6cf14a777a Add be_match() macro: one cannot always compare BackendDB pointer
values in order to test equivalence, because the overlay engine
may have reset the backend pointer to a temporary copy on the stack.

So, we test pointer equivalence of the BackendDB itself, then of
be_nsuffix -- this macro can be updated if necessary.
2005-08-18 04:12:04 +00:00
Pierangelo Masarati
ef7421b87d more on manage access level 2005-08-18 02:25:10 +00:00
Pierangelo Masarati
add1add854 condition compile dynacl 2005-08-17 22:41:30 +00:00
Pierangelo Masarati
b2284183f9 more on manage 2005-08-17 22:06:46 +00:00
Pierangelo Masarati
965d00a1dd allow to manage entryUUID; allow to manage noUserMod attrs during add 2005-08-17 20:53:39 +00:00
Pierangelo Masarati
557f5eb2ca allow noUserMod attrs write proxying when manageDIT is set (still to work in frontend for add) 2005-08-17 19:40:02 +00:00
Pierangelo Masarati
5873048347 fix return code (prevents clean usage of back-ldap for internal searchs) 2005-08-17 19:38:36 +00:00
Pierangelo Masarati
ec49990d51 ACIs almost entirely factored out of slapd
Added OpenLDAPaciSyntax based on ITS#3877 by Nikita Shulga
aci_mask() doesn't exploit the normalized value yet (next step)
The case #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should
be removed
2005-08-17 17:14:57 +00:00
Howard Chu
d247840d6b ITS#3946 use connection_destroy hook to reset lockouts instead of unbind 2005-08-17 16:42:22 +00:00
Pierangelo Masarati
69c6cd5365 fix small issues with dynacl and ACI in general 2005-08-17 14:44:41 +00:00
Pierangelo Masarati
99ea177e05 implement overlapping targets enhancement (ITS#3711) 2005-08-17 08:34:49 +00:00
Pierangelo Masarati
76f52279ef fix "matched" return and return code (ITS#3944) 2005-08-17 08:25:48 +00:00
Pierangelo Masarati
24befe380c fix resources release issue 2005-08-17 08:25:10 +00:00
Pierangelo Masarati
c4ab7b1af2 in some cases, back-meta needs to propagate pseudo-root identity even if it's not the authorizing backend 2005-08-17 08:19:37 +00:00
Pierangelo Masarati
ecd99b83dd set "matched" as appropriate (ITS#3942) 2005-08-17 08:13:24 +00:00
Pierangelo Masarati
88e89bf4e7 cleanup 2005-08-17 08:08:23 +00:00
Luke Howard
d174f6720a Add read-only SLAPI_X_ADD_STRUCTURAL_CLASS pblock extension.
This is necessary to compensate for a regression in the SLAPI
implementation since it moved to an overlay: global add preop
plugins no longer have access to operational attributes,
because slap_mods_opattrs() is called by fe_op_add(), invoked
after the global SLAPI overlay.

(Some of our plugins need to the structural object class of the
to-be-added entry.)

I suppose an option would be to have the SLAPI overlay
optimistically call slap_mods_opattrs() (as long as this can be
called idempotently). If there are any other ideas let me know.
2005-08-17 07:25:27 +00:00
Kurt Zeilenga
65d2925249 ITS#3941: posixGroup should be STRUCTURAL 2005-08-17 07:10:02 +00:00
Hallvard Furuseth
a0b5f5138b Remove unused label "error_return" 2005-08-16 19:45:50 +00:00
Luke Howard
f68a2b1663 Make sure we release entry lock before sending paged response 2005-08-15 11:27:42 +00:00
Howard Chu
88dd1c5659 More optimization for CSN filter checks 2005-08-15 07:18:19 +00:00
Howard Chu
8c20a11293 Fix prev commit 2005-08-15 05:36:56 +00:00
Howard Chu
71bc69bfff Optimize FINDCSN case 2005-08-15 00:04:13 +00:00
Howard Chu
b15a72caec ITS#3931 fix dnRelativeMatch return values 2005-08-14 23:08:20 +00:00
Howard Chu
f4c1eee382 ITS#3935 tweak sessionlog description 2005-08-14 08:35:31 +00:00
Howard Chu
9326c2b313 ITS#3845 allow rootpw to be used for rootdn SASL binds, based on
patch from Jason Townsend
2005-08-14 08:00:54 +00:00
Hallvard Furuseth
9873eb7ab0 Add missing Statslog() statements (loglevel stats/stats2):
"ABANDON", "STARTTLS", "CANCEL", "WHOAMI", "PASSMOD", "EXT", "INTERM",
  "TLS established", SASL and Extended Response "RESULT".
In Statslog output "conn=xx fd=yy closed", append the reason in
  "()" unless client or server closed the connection after Unbind.
Still missing Statslog output from a number of failed requests.
2005-08-14 00:14:58 +00:00
Hallvard Furuseth
a222469d0d assert expects int. (int)<nonnull ptr/long> can be 0. Use assert(arg!=0/NULL). 2005-08-13 21:10:41 +00:00
Pierangelo Masarati
f6ef5170fa personally, I'm much more comfortable using hex for log levels... 2005-08-13 16:04:40 +00:00
Howard Chu
0246338206 utime is not needed here any more 2005-08-13 13:18:00 +00:00
Howard Chu
c722dd9ca8 Rework auto-recovery logic:
Removes ITS#3824 patch.
  Adds trace message for ITS#3833.
  Streamlines ITS#3607 patch.
2005-08-13 12:59:45 +00:00
Kurt Zeilenga
eceb493bc0 Use IANA assigned OIDs 2005-08-12 21:24:13 +00:00
Kurt Zeilenga
7dec65ee10 Replace 666 OIDs for Assertion/pre-read/post-read controls with
appropriate IANA assigned OIDs, and remove hide.
2005-08-12 18:08:15 +00:00