---
Copyright 2001, Igor Khavkine, All rights reserved.
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
The old monitoring stuff has been removed; the new backend is
enabled by using --enable-monitor at configure time and requires
database monitor
in slapd.conf to be activated. At present it implements a subset
of the old monitoring options, and it should be extendable to
a number of different subsystems. The search operation has been
implementd; it does not honor abandon or size/time limits, though.
The compare and the abandon operations are planned.
Copyright Pierangelo Masarati <ando@sys-net.it>; the code is provided
AS IS with NO GUARANTEE. It can be used and distributed under the
conditions stated by the OpenLDAP Public License.
- librewrite, for string rewriting; it may be used in back-ldap
by configuring with '--enable-rewrite'. It must be used in
back-meta. There's a text file, 'libraries/librewrite/RATIONALE',
that explains the usage and the features. More comprehensive
documentation will follow.
- enhancements of back-ldap (ITS#989,ITS#998,ITS#1002,ITS#1054 and ITS#1137)
including dn rewriting, a fix to group acl matching and so
- back-meta: a new backend that proxies a set of remote servers
by spawning queries. It uses portions of back-ldap and the rewrite
capabilities of librewrite. It can be compiled by configuring
with `--enable-ldap --enable-rewrite --enable-meta'.
There's a text file, 'servers/slapd/back-meta/Documentation', that
describes the main features and config statements.
Note: someone (Kurt?) should run 'autoconf' and commit 'configure' as
my autoconf version must be different: my configures contain a number
of differences and I didn't feel comfortable in adding them :)
Copyright 2000, Caldera Systems, Inc All rights reserved.
This software is not subject to any license of Caldera Systems, Inc
This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself
(I previously said I'd only do this in re20 but its easier to do
here... and no big deal for those wanting to work on it to
define the macro via the environment)
configure.in: check for AIX security library, set in AUTH_LIBS macro
top.mk: add AUTH_LIBS macro to SECURITY_LIBS
portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
getpwnam must always succeed for the given user. It is not a
fatal error if getspnam returns no result for the user: On
systems that support /etc/shadow, its usage is optional. The
same logic applies for AIX, SCO/HP SecureWare, etc.
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
manual push bytes about. Allows ber_*_t to be any 32-bit or
larger type. Reworked AC_{HTON,NTOH}{L,S} macros to care only
about 32-bit (netlong) and 16-bit (netshort) reordering as
needed for BSD socket interface.
with the shared libraries instead of static, defaults to no
* build/lib-shared.mk: if LINK_BINS_DYNAMIC is set we create a symlink to
the .so and .so.# file along with the .a and .la files
* build/lib.mk: make sure the above links get removed on clean target
* build/top.mk: add define for LINK_BINS_DYNAMIC
* tests/scripts/defines.sh: add export for LD_LIBRARY_PATH so that tests will
run without requiring installation of libraries when we use --enable-dynamic
(LD_LIBRARY_PATH is always set, since it can't really hurt).
and related AC_SUBST() so that when back-tcl is compiled as a dynamic module we link
-ltcl to the module and not slapd (this is the correct way to do this since the .la file
handles giving the correct libs when we pass the module to it in the linker line with
-dlopen). Also modified the perl backend in a similar way except that the PERL_CPPFLAGS
always go to the module and never to slapd (slapd doesn't need them).
* build/mod.mk: added $(MODLIBS) to the dynamic module link line to accomodate module
specific libraries. These should be defined in the back-*/Makefile.in file for each
module (so far only back-tcl and back-perl need it).
* build/top.mk: modified the perl ldflags and cppflags slightly
* servers/slapd/Makefile.in: same here
* servers/slapd/back-perl/Makefile.in: added MODLIBS=$(MOD_PERL_LDFLAGS) for when we are
using a dynamic module (problem, libtool wont allow linking static libs into a libtool
lib, so unless perl's libs are compiled dynamic, then back-perl can't be a dynamic
module. We need a test for this on perl and tcl).
* servers/slapd/back-tcl/Makefile.in: added MODLIBS=$(MOD_TCL_LIB)
* back-perl and back-tcl now compile
libwrap was a dynamic library). Added -lwrap to new subst var WRAP_LIBS
so we have more control over where it get's linked (dynamic libwrap
causes problems when we link to programs that don't define certains
globals that libwrap expects).
* build/top.mk: Added placeholder for WRAP_LIBS subst
* servers/slapd/Makefile.in: Added $(WRAP_LIBS) to the slapd and sslapd
link command line specifically so it doesn't get thrown in with the rest
of the LIBS.
* configure: rebuilt
configure. Implementation is dependent upon autoconf internals.
Attempts to use AC_REVISION hammered by libtool bugs. Will submit
reports to libtool camp and rework configure.in once fixes are
released.
for inet_aton(). May be linked in when not absolutely necessary...
but no big deal, we'll likely start using res_search over sychronous
get{host,peer}byname calls anyways.
inet_aton() detection: use link instead of compile
