using best available mechanism. (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
Also, as written, the code will behave better in the face of unsolicited
noticifications (such as notice of disconnect). However, code needs to
be improved to better distinguished such from expected result response.
Delete improvements are limited to base object delete. Should be applied
to -p[rune] option as well.
-R now ignored
-C added to chase. No rebind proc yet, no checking of appropriate authentication.
complain if non-critical TLS was not started.
Fail if requested version is not supported.
ldapdelete:
deletechildren modified to use ldap_search_ext_s()
fixed deletechildren dn memory leak
ldapsearch:
modified to use ldap_search_ext()
references, extended results, and extended partial results. LDIF
extended to support these new features and reported version 2.
-L now limits output to LDIFv1 for compatibility reasons. No
-L is now LDIFv2. Old alternative form is no longer supported.
Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp
Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded
file://tmp/
an internal flag set. Used for SEQUENCE testing. Flag must
be set using debugger. Modified ber_printf to use new format
were needed for extensibility testing.
Added first cut -lldap support for extended responses.
Modified ldapsearch(1) to handle v3 search references when not
chasing. Also added extended/unsolicited notification handling
and extended partial response handling. Changes include a
number of LDIF enhancements.
Fixed getpassphrase() returns NULL bugs
macros into our namespace and limit use to headers. A subsequent
round will add macros to separately handle forward declarations
of variables from declaration of function prototypes. The last
round will add additional macros for declaring actual variables and
functions.
copy of the code formerly in mail500, to properly track changes. An
exception is mail500.m4 that has been committed as maildap.m4 directly
to avoid breaking history twice.
If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
the presence of a certain value in some other attribute. Used to
implement mailForwardingAddress both in addition to normal delivery
and excluding normal delivery, selectable entry by entry. The model
is mailDeliveryOption in Netscape MS. The implementation aims to
become more general, though. Affects "search-with-filter", any
entry can potentially use a parameter, introduced with "param=".
Optimize the case where we have to copy the message to an address that
is served by the directory. Formerly, we would have the MTA deal with
it and invoke mail500 again later. This has necessitated loading the
list of domains that are solved by us with "domain". A new definition,
"host", takes the role of the old "domain" that was the FQDN of our
host for routing loop avoidance.
part into something to check against the cn of entries. It is
supported again thorugh the selector %s in the search.
Explicitly initialize some pointers in automatic storage.
anyway. A new syntax is defined, "present", that indicates that
values of an attribute type are not used, only presence is
significant. To do routing at the MTA, define both mailHost and
mailRoutingAddress with syntax "present". Otherwise, use "host" and
"rfc822" and mail500 will try to do routing by itself, if possible.
Read the comments in the code for the ugly details.
Added a new configuration line "own-address" that describes the FQDN of
our host to compare with mailHost. The line can be repeated.
nested groups or the laser mail routing draft. Mostly, this is
because a flag saying the attribute type is 'final' is not flexible
enough. The old 'final' flag is gone and replaced by a priority
level.
Change 'forward' to 'route' to be consistent with the laser wording.
Add new 'domain' spec in the configuration file to describe what are
the local domains so that we do not loop when doing the laser thing.
We were escaping asterisks in filters. This seems incorrect. Removed.
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
extremely broken and I can only wonder how I got some much mileage out
of it. The problem is that we deal with pointers to the groups
themselves, either in current_group or current_to and current_nto.
These pointers would break on reallocs. So now the the basic togroups
is an array to pointers to Group. Since the array can be resized at
any time, what we actually pass around is pointer to an array of
pointers to Group or Group ***.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
to validate input dn's BEFORE sending dn's to server.
Also fixed getfilter to use REG_EXTENDED|REG_NOSUB. (and fixed one
case where REG_BASIC was still used).
s/strdup/LDAP_STRDUP/
Added ldap_pvt_str2lower/upper
