Commit Graph

164 Commits

Author SHA1 Message Date
Pierangelo Masarati
59aea47963 improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform" 2002-11-21 12:58:59 +00:00
Pierangelo Masarati
b9e442d7de clarify how to specify no limits 2002-10-31 11:26:19 +00:00
Pierangelo Masarati
53e1930fd0 use keyword "unlimited" instead of -1 for no limits 2002-10-31 09:57:24 +00:00
Kurt Zeilenga
c14cbc1fb7 Update anon 2002-10-26 02:53:36 +00:00
Kurt Zeilenga
6bc33d28c0 Note --without-threads limitation 2002-10-16 16:54:27 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Kurt Zeilenga
90e320398a Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected". 2002-10-08 00:51:19 +00:00
Kurt Zeilenga
68aebc05c9 Clean up hash password scheme stuff 2002-09-20 17:27:08 +00:00
Kurt Zeilenga
11a07153d6 Add some clarification as to what hash algorithms are used
with each password-hash scheme.
2002-09-20 17:12:58 +00:00
Kurt Zeilenga
2ca678ea2e More LDAPNOINIT statement to top of DESCRIPTION 2002-09-04 20:59:57 +00:00
Pierangelo Masarati
5a0ba6e429 document another (optional) config directive 2002-08-31 10:27:49 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Pierangelo Masarati
76e936e274 reflect recent additions to backend configuration 2002-08-13 17:13:57 +00:00
Howard Chu
1be4ab9d07 ITS#1893 Add (terse) schemadn description 2002-08-10 04:09:28 +00:00
Kurt Zeilenga
9c28c9b361 Zap LDAPv2-only stuff 2002-08-08 03:01:14 +00:00
Kurt Zeilenga
99133f7944 Fix a few typos 2002-07-10 03:12:47 +00:00
Kurt Zeilenga
b839e6fc8b Remove misleading (untrue) text about known syntax OID macros. 2002-06-27 16:27:07 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication.
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Howard Chu
98b1e09c44 Note that TLS_CERT and TLS_KEY are user-only options. 2002-06-16 12:10:23 +00:00
Howard Chu
dca986280e Fix typo in previous commit 2002-06-16 07:29:06 +00:00
Howard Chu
0f0c268c6d Minor cleanup and reformat, added TLS options. 2002-06-16 07:19:31 +00:00
Kurt Zeilenga
220b41bc91 Patch: Bugs with back-ldap/meta mappings (ITS#1787)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

manpage patch for ITS#1787.
2002-06-14 20:41:40 +00:00
Howard Chu
7b9d3b4a26 Added sasl-authz-policy 2002-06-14 11:02:57 +00:00
Kurt Zeilenga
b43ad1dd0e Generate man page date from version.sh 2002-06-13 03:59:10 +00:00
Kurt Zeilenga
faf91f1f1f Update to the 'gentle SIGHUP' patch. (ITS#1679)
- Let write operations return unwilling-to-perform after
  'gentle shutdown' has been initiated.
- Change -1 to 2 in slapd_gentle_shutdown and slapd_shutdown, since
  sig_atomic_t can be unsigned (ITS#1736).  The 'gentle SIGHUP' patch
  is older than ITS#1736 but was applied later, so it reintroduced
  the problem.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, June 2002.
2002-06-12 15:43:19 +00:00
Kurt Zeilenga
dfeac21baa Add {CLEARTEXT} to password-hash possibilities 2002-06-12 00:50:28 +00:00
Kurt Zeilenga
133a4ebbc4 Note that rootpw can only be set if rootdn is under suffix. 2002-06-08 18:40:36 +00:00
Kurt Zeilenga
951ca2bd68 Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

It has just occurred to me - duh - that the process ID of a back-shell
command is a perfectly good unique ID for it, and more useful than
any connection id/message id thingy.  Doesn't need extra arguments
to the shell commands either, except a pid: line to abandon.
And msgid: can still be removed in a future version.
Here is a patch.


Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-06-05 16:40:16 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Kurt Zeilenga
15e6a98bba Patch: Non-unique msgid for abandon in back-<shell,tcl> (ITS#1793)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here is a patch which does what I described.  Of course, someone has
to decide if that is the right solution:-)
- Add an "opid:" line to the input to back-shell commands.
- Add an "abandonid: <opid> line to back-shell/abandon input.
- Replace message id with opid in back-tcl arguments.
- Add an abandonid = <opid> argument to back-tcl/abandon.
An opid (operation ID) is a "connection ID/message ID" string.  I
would have liked to use another name to avoid confusion with struct
slap_op->o_opid, but I could not think of another apt word.

This also fixes ITS#1784 and ITS#1792.  Since calling conventions
changed anyway, I fixed back-shell by adding abandonid: and making
opid: always be the ID of the current operation.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:11:39 +00:00
Kurt Zeilenga
2ab8810555 Documentation patch #4 (ITS#1749)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Small changes:
- Fix typo slapd_meta -> slapd-meta in slapd-meta(5).
- Add slapd-dnssrv(5) to SEE ALSO in slapd.conf(5).
- Add descriptions of the files in FILES sections.
- Add $HOME/.udrc to FILES in ud(1) and ud.conf(5).
- Add ldaprc (without ".") and ENVIRONMENT VARIABLES in ldap.conf(5).
- Change manpage references to proper ".BR name (section)".

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, May 2002.
2002-05-09 02:07:41 +00:00
Kurt Zeilenga
46e33e4634 Fix typos 2002-05-04 04:35:41 +00:00
Kurt Zeilenga
7b1d619a58 Basic dnssrv man page 2002-05-04 04:34:58 +00:00
Pierangelo Masarati
71aa1c5dc9 clarifications 2002-05-02 16:49:47 +00:00
Pierangelo Masarati
4f24ebbb8d 3rd step at updating docs by hallvard Furuseth (with minor changes in slapd-meta.5) 2002-05-02 16:35:16 +00:00
Howard Chu
d879fb351b Added config keyword descriptions from ITS#966. Minor cleanup. 2002-05-01 20:24:56 +00:00
Pierangelo Masarati
4ad033a298 couple of fixes 2002-05-01 19:36:24 +00:00
Howard Chu
0bb46f937b From Hallvard, with slight changes 2002-05-01 19:21:21 +00:00
Pierangelo Masarati
1aa96af216 second round at ITS#1749 2002-05-01 16:38:30 +00:00
Pierangelo Masarati
22c45ec87b couple of fixes 2002-04-29 20:36:04 +00:00
Pierangelo Masarati
d019bff7b8 First commit of Hallvard's backend documentation effort
Backend documentation patch, version 1

================
Most of this text is taken from OpenLDAP.  The work of rewriting it
to manual pages is done by by Hallvard B. Furuseth and placed into
the public domain.  This software is not subject to any license of
the University of Oslo.
================

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
2002-04-29 20:24:29 +00:00
Howard Chu
5de276fa25 ITS#1749 added maxderefdepth, suffiaxalias, TLSCACertificatePath,
ucdata-path, moduleload, modulepath. sasl-external-x509dn-convert has
been deleted from the code.
2002-04-20 10:06:23 +00:00
Howard Chu
e265b47181 Comment out "logfile", its code is behind #ifdef NEW_LOGGING in config.c. 2002-04-20 09:23:19 +00:00
Howard Chu
5770a81595 ITS#1749 added "debug" description, commented out because it has no effect
without NEW_LOGGING. Added logfile.
2002-04-20 09:07:24 +00:00
Howard Chu
510f57c8dd ITS#1749 added BDB options 2002-04-20 08:12:03 +00:00
Pierangelo Masarati
4906410ca5 fix typo 2002-04-13 15:07:40 +00:00
Howard Chu
491c0f22e0 ITS#1735 fix typos 2002-04-11 07:39:51 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00