Commit Graph

797 Commits

Author SHA1 Message Date
Kurt Zeilenga
d912c2c711 Rework client control parsing... need to implement
common controls across all tools.
2002-08-29 21:36:36 +00:00
Kurt Zeilenga
20ef1d9fe4 Misc updates... 2002-08-29 04:56:05 +00:00
Kurt Zeilenga
4114c96ccd More clarifications 2002-08-28 04:22:12 +00:00
Kurt Zeilenga
1e0cc6da35 Fix typo 2002-08-28 04:08:02 +00:00
Kurt Zeilenga
7c283a6685 Fix tables numbering. Add note able system schema extensions. 2002-08-28 04:05:07 +00:00
Kurt Zeilenga
22d3c7f24e Clarify that manageDsaIT is not to specified when managing
entry DSEs.
2002-08-28 01:20:03 +00:00
Kurt Zeilenga
4ef042fee4 Clean up filters 2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0 Fix some formatting issues 2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518 clarify "authorization" feature as "proxy authorization". 2002-08-27 23:24:43 +00:00
Kurt Zeilenga
22915aac93 More OID clarifications. 2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b Fix typos 2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762 Warn about hijacking. 2002-08-27 18:17:09 +00:00
Kurt Zeilenga
09e64b6fe8 Add note regard StartTLS over 389. 2002-08-26 22:10:32 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Kurt Zeilenga
1b6c3fc57f Add dumpasn1 logging to TODO. 2002-08-21 18:45:08 +00:00
Kurt Zeilenga
22ec2b9e19 cleanup 2002-08-17 02:52:39 +00:00
Pierangelo Masarati
76e936e274 reflect recent additions to backend configuration 2002-08-13 17:13:57 +00:00
Kurt Zeilenga
d945a5aed9 minor updates 2002-08-12 18:07:24 +00:00
Howard Chu
1be4ab9d07 ITS#1893 Add (terse) schemadn description 2002-08-10 04:09:28 +00:00
Kurt Zeilenga
e2b8a3b139 Remove reference to getfilter(3) 2002-08-08 03:03:48 +00:00
Kurt Zeilenga
9c28c9b361 Zap LDAPv2-only stuff 2002-08-08 03:01:14 +00:00
Howard Chu
c3ca53cdfe Fix typo 2002-08-07 03:12:47 +00:00
Howard Chu
8971c2b730 ITS#1958 from Andrew Findlay with minor adjustments 2002-08-07 03:00:00 +00:00
Kurt Zeilenga
aab1f5b0a4 Minor updates 2002-08-05 20:05:25 +00:00
Kurt Zeilenga
884b476c32 Add note regarding user/system checks and operational attributes. 2002-08-02 00:55:50 +00:00
Kurt Zeilenga
fcae7e4286 namedref is now a Proposed Standard RFC 2002-07-24 15:48:27 +00:00
Kurt Zeilenga
65b5f64a0e Clarify use of slapd.conf(5) v ldap.conf(5). 2002-07-24 03:11:58 +00:00
Kurt Zeilenga
99133f7944 Fix a few typos 2002-07-10 03:12:47 +00:00
Kurt Zeilenga
b839e6fc8b Remove misleading (untrue) text about known syntax OID macros. 2002-06-27 16:27:07 +00:00
Kurt Zeilenga
0cd54a7d27 Fix typo in last commit 2002-06-21 21:25:38 +00:00
Kurt Zeilenga
2893a78d0a Add LIBRARY section to each man page 2002-06-21 07:32:54 +00:00
Kurt Zeilenga
95a835be51 Detail simple method 2002-06-19 01:39:26 +00:00
Howard Chu
55521da9cb Minor cleanup, add mention of BDB to tests 2002-06-18 19:35:29 +00:00
Kurt Zeilenga
39071ff932 SSF updates 2002-06-18 08:02:36 +00:00
Kurt Zeilenga
0d21db2858 SSF discussion 2002-06-18 07:41:56 +00:00
Kurt Zeilenga
2119d34ec6 More security considerations 2002-06-18 07:11:58 +00:00
Kurt Zeilenga
a50f336032 Add some basic network security information 2002-06-18 00:55:39 +00:00
Howard Chu
63b948806d In rootdn, add ref to SASL Authentication identities 2002-06-18 00:23:40 +00:00
Kurt Zeilenga
4c3f1fea00 Add initial security chapter (intro only). 2002-06-18 00:11:36 +00:00
Kurt Zeilenga
a4bcf4c630 Reorganize chapters 2002-06-18 00:05:23 +00:00
Kurt Zeilenga
cbaf9f6649 Make it clear that ldap_explode_dn() and friends are deprecated. 2002-06-17 22:45:34 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication.
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Kurt Zeilenga
7cfb89cf96 Formatting fix 2002-06-17 05:57:09 +00:00
Kurt Zeilenga
647d1ad562 Some LDBM v BDB cleanup 2002-06-17 05:56:55 +00:00
Kurt Zeilenga
9cee733563 add rootpw hash password comments 2002-06-17 05:33:32 +00:00