configure.in: check for AIX security library, set in AUTH_LIBS macro
top.mk: add AUTH_LIBS macro to SECURITY_LIBS
portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
getpwnam must always succeed for the given user. It is not a
fatal error if getspnam returns no result for the user: On
systems that support /etc/shadow, its usage is optional. The
same logic applies for AIX, SCO/HP SecureWare, etc.
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
manual push bytes about. Allows ber_*_t to be any 32-bit or
larger type. Reworked AC_{HTON,NTOH}{L,S} macros to care only
about 32-bit (netlong) and 16-bit (netshort) reordering as
needed for BSD socket interface.
with the shared libraries instead of static, defaults to no
* build/lib-shared.mk: if LINK_BINS_DYNAMIC is set we create a symlink to
the .so and .so.# file along with the .a and .la files
* build/lib.mk: make sure the above links get removed on clean target
* build/top.mk: add define for LINK_BINS_DYNAMIC
* tests/scripts/defines.sh: add export for LD_LIBRARY_PATH so that tests will
run without requiring installation of libraries when we use --enable-dynamic
(LD_LIBRARY_PATH is always set, since it can't really hurt).
and related AC_SUBST() so that when back-tcl is compiled as a dynamic module we link
-ltcl to the module and not slapd (this is the correct way to do this since the .la file
handles giving the correct libs when we pass the module to it in the linker line with
-dlopen). Also modified the perl backend in a similar way except that the PERL_CPPFLAGS
always go to the module and never to slapd (slapd doesn't need them).
* build/mod.mk: added $(MODLIBS) to the dynamic module link line to accomodate module
specific libraries. These should be defined in the back-*/Makefile.in file for each
module (so far only back-tcl and back-perl need it).
* build/top.mk: modified the perl ldflags and cppflags slightly
* servers/slapd/Makefile.in: same here
* servers/slapd/back-perl/Makefile.in: added MODLIBS=$(MOD_PERL_LDFLAGS) for when we are
using a dynamic module (problem, libtool wont allow linking static libs into a libtool
lib, so unless perl's libs are compiled dynamic, then back-perl can't be a dynamic
module. We need a test for this on perl and tcl).
* servers/slapd/back-tcl/Makefile.in: added MODLIBS=$(MOD_TCL_LIB)
* back-perl and back-tcl now compile
libwrap was a dynamic library). Added -lwrap to new subst var WRAP_LIBS
so we have more control over where it get's linked (dynamic libwrap
causes problems when we link to programs that don't define certains
globals that libwrap expects).
* build/top.mk: Added placeholder for WRAP_LIBS subst
* servers/slapd/Makefile.in: Added $(WRAP_LIBS) to the slapd and sslapd
link command line specifically so it doesn't get thrown in with the rest
of the LIBS.
* configure: rebuilt
configure. Implementation is dependent upon autoconf internals.
Attempts to use AC_REVISION hammered by libtool bugs. Will submit
reports to libtool camp and rework configure.in once fixes are
released.
for inet_aton(). May be linked in when not absolutely necessary...
but no big deal, we'll likely start using res_search over sychronous
get{host,peer}byname calls anyways.
inet_aton() detection: use link instead of compile
updated patch submitted Philipp Klaus <ldapml@internet.access.ch>
Can be enabled using --enable-multimaster. TODO:
Replication test likely should be adjusted to test multimaster environment.
used to fetch the pw_passwd which is than passwd to crypt().
getspnam() is used instead of getpwnam() when available.
Added configration detection of pw_passwd, shadow.h, getpwnam()
and getspnam().