================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP. My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
================
If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file. The programs
exit if the file cannot be read.
[Complete contents of file is used as password. Use:
echo -n "secret" > password
to create a file with "secret" as the password. The -n avoids
adding a newline (which would invalidate the password). Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]
I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords. [I fixed up ldapwhoami.]
Rerun autoconf after applying this patch. [Done.]
Note: I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt. (fstat() is used to warn if the file is publicly
readable or writeable.) [I used fstat() to set the buffer size to
read.]
[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
A surrogate parent is supposed to keep back-shell children from
deadlocking due to resources locked by a threading parent.
Implementation note: The surrogate parent closes all unused file
descriptors, so it logs errors to stderr instead of via Debug() and
uses relloc() instead of ch_realloc().
Also close a file descriptor leak if fork() fails in fork.c.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
newer versions of HP-UX. However, as the test causes
no problems on any system, it's left in place (as someone
might actually be using an older version of HP-UX).
---
Copyright 2001, Igor Khavkine, All rights reserved.
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
The old monitoring stuff has been removed; the new backend is
enabled by using --enable-monitor at configure time and requires
database monitor
in slapd.conf to be activated. At present it implements a subset
of the old monitoring options, and it should be extendable to
a number of different subsystems. The search operation has been
implementd; it does not honor abandon or size/time limits, though.
The compare and the abandon operations are planned.
Copyright Pierangelo Masarati <ando@sys-net.it>; the code is provided
AS IS with NO GUARANTEE. It can be used and distributed under the
conditions stated by the OpenLDAP Public License.
- librewrite, for string rewriting; it may be used in back-ldap
by configuring with '--enable-rewrite'. It must be used in
back-meta. There's a text file, 'libraries/librewrite/RATIONALE',
that explains the usage and the features. More comprehensive
documentation will follow.
- enhancements of back-ldap (ITS#989,ITS#998,ITS#1002,ITS#1054 and ITS#1137)
including dn rewriting, a fix to group acl matching and so
- back-meta: a new backend that proxies a set of remote servers
by spawning queries. It uses portions of back-ldap and the rewrite
capabilities of librewrite. It can be compiled by configuring
with `--enable-ldap --enable-rewrite --enable-meta'.
There's a text file, 'servers/slapd/back-meta/Documentation', that
describes the main features and config statements.
Note: someone (Kurt?) should run 'autoconf' and commit 'configure' as
my autoconf version must be different: my configures contain a number
of differences and I didn't feel comfortable in adding them :)
Copyright 2000, Caldera Systems, Inc All rights reserved.
This software is not subject to any license of Caldera Systems, Inc
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself
configure.in: check for AIX security library, set in AUTH_LIBS macro
top.mk: add AUTH_LIBS macro to SECURITY_LIBS
portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
getpwnam must always succeed for the given user. It is not a
fatal error if getspnam returns no result for the user: On
systems that support /etc/shadow, its usage is optional. The
same logic applies for AIX, SCO/HP SecureWare, etc.
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
