- only for equality matching
- only components of ASN.1 types used in an X.509 certificate can be indexed
(composite types except for RDN and DN are not supported yet)
- how to use
index [attribute name].[component reference] eq
Ex)
index userCertificate eq
index userCertificate.toBeSigned.issuer.rdnSequence eq
index userCertificate.toBeSigned.serialNumber eq
index userCertificate.toBeSigned.version eq
2) attribute aliasing support
- x509CertificateIssuer
- x509CertificateSerial
- x509CertificateIssuerAndIssuer
3) AuthorityKeyIdentifier support(one of certificate extension)
4) Misc. improvement
- integrate OID and its decoder mapping table
- normalize and validate the values of both component asserions and
extracted components
5) Misc. bug fix
2) nibble type memory support when decoding
3) description type object identifier support
4) OPTIONAL, DEFAULT support in certificate decoder/extractor/matching
5) Misc bug fix
- fix for the client caching code (cache is flushed after modifications
rather than removing only the changed entry)
The code was submitted by Jeff Costlow <j.costlow@f5.com> under the
following terms:
Copyright 2002, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
- Attributes are now organized by the attribute type (i.e. one can add more
LDAPAttribute-Objects with the same type without violating the X.500 data
model)
- Detects OpenLDAP 2.0 and builds correctly with it.
- Increment major version to 2, library file to libldaptcl2.0.so.
- Can now perform add/delete/replace modifications in a single command.
- Replaced calls to TclX_WrongArgs with core Tcl_WrongNumArgs to reduce
dependency on Extended Tcl.
- Wrap dereference search control with #ifdef LDAP_OPT_DEREF.
- Deref during search should work.
- Add protocol_version option to ldap init command.
- Add LDAPTCL_PROTOCOL_VERSION_DEFAULT to allow specifying the default
protocol version used.
- Add controlArray(timeout) to control timeouts during searches.
- Add controlArray(cache) to control caching current search results.
(Experience has show this to be not very useful or not working correctly.
Caching search results should probably be done in Ldaptcl rather than
letting the LDAP API do it.)
- Add "compare" subcommand
- Add experimental trap subcommand (undocumented -- use at your own risk).
caused incorrect data in result array and possibly segmentation
violations when searches terminated due to errors such as timeout,
exceeding search limit, or the remote server going down in the middle
of a search. Also correctly puts error message on top of
traceback stack (instead of randomly in memory per the stale result obj).
A segmentation violation could have manifested later in the program's
life, or perhaps during termination of the interpreter.
- Filter no longer a required controlArray member, defaults to objectclass=*.
- Sets errorCode with LDAP macro string value (better to test than the more
human readable values).
- Shorten minimum required characters for search scope definitions: now allows
"base", "one", and "sub". For the latter two, additional characters are
ignored.
- Now compiles successfully with -devel branch (though less tested).
- Client cache management code enabled for OpenLDAP versions <= 1.2.4. (This
code is relatively untested and feedback is welcome.)
- More installation cleanups to work easily as a dynamically loadable Tcl
package.
Add timeout to control array.
Add -lldap -llber when building shared library.
Clean up pkgIndex.tcl creation and installation (should now support
"package require" out of the box).
This commit includes many changes. All changes compile under NT but
have not been tested under UNIX.
A Summary of changes (likely incomplete):
NT changes:
Removed lint.
Clean up configuration support for "Debug", "Release", "SDebug",
and "SRelease" configurations.
Share output directories for clients, libraries,
and slapd. (maybe they should be combined further
and moved to build/{,S}{Debug,Release}).
Enable threading when _MT is defined.
Enable debuging when _DEBUG is defined.
Disable setting of NDEBUG under Release/SRelease. Asserts
are disabled in <ac/assert.h> when LDAP_DEBUG is not
defined.
Added 'build/main.dsp' Master project.
Removed non-slapd projects from slapd.dsp (see main.dsp).
Removed replaced many uses of _WIN32 macro with feature based
macros.
ldap_cdefs.h changes
#define LDAP_CONST const
(see below)
#define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST
To allow specifiers to be added before and after
the type declaration. (For DLL handling)
LBER/LDAP changes
Namespace changes:
s/lber_/ber_/ for here and there.
s/NAME_ERROR/LDAP_NAME_ERROR/g
Deleted NULLMSG and other NULL* macros for namespace reasons.
"const" libraries. Installed headers (ie: lber.h, ldap.h)
use LDAP_CONST macro. Normally set to 'const' when
__STDC__. Can be set externally to enable/disable
'constification' of external interface. Internal
interface always uses 'const'. Did not fix warnings
in -lldif (in lieu of new LDIF parser).
Added _ext API implementations (excepting search and bind).
Need to implement ldap_int_get_controls() for reponses
with controls.
Added numberous assert() checks.
LDAP_R
_MT defines HAVE_NT_THREADS
Added numberous assert() checks.
Changed ldap_pthread_t back to unsigned long. Used cast
to HANDLE in _join().
LDBM
Replaced _WIN32 with HAVE_SYSLOG
ud
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
slapd
Made connection sockbuf field a pointer to a sockbuf. This
removed slap.h dependency on lber-int.h. lber-int.h now only
included by those files needing to mess with the sockbuf.
Used ber_* functions/macros to access sockbuf internals whenever
possible.
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
Removed FD_SET unsigned lint
slapd/tools
Used EXEEXT to added ".exe" to routines. Need to define EXEEXT
under UNIX.
ldappasswd
Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand().
nt_debug
Minor cleanup. Added "portable.h" include and used <ac/*.h> where
appropriate. Added const to char* format argument.