mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,871 Commits 38 Branches 307 Tags 74 MiB
cd23b2ddf4
Commit Graph

381 Commits

Author SHA1 Message Date
Howard Chu
62da6969dc Preliminary backend overlay support, based on backglue, not tested... 2003-06-11 02:27:51 +00:00
Kurt Zeilenga
544805dcec localize SYNCREPL config defines 2003-06-10 18:36:47 +00:00
Kurt Zeilenga
a908d75f0c s/tls/starttls/ 
s/master/provider/
 2003-06-10 18:33:44 +00:00
Howard Chu
283471d84e Fix syncinfo reference after free 2003-05-24 06:50:48 +00:00
Hallvard Furuseth
05d7b891ec Move SLAPD_MONITOR_DN out of format strings. 
Otherwise slapd would break if SLAPD_MONITOR_DN contained a '%'.
 2003-05-20 18:16:45 +00:00
Jong Hyuk Choi
986bcd52a9 -syncUUID search in syncrepl 
-test017-syncreplication
 2003-05-09 06:50:44 +00:00
Jong Hyuk Choi
9543844d39 strdup cleanup 2003-05-02 18:00:33 +00:00
Hallvard Furuseth
3420d12bdc Fix printf/Debug format arguments. 2003-05-02 13:08:47 +00:00
Jong Hyuk Choi
e8cd5c2386 - LDAP_SYNCREPL defined in include/ldap.h 
- add "updatedn" to the replication specification
- return referral to update to the slave server
 2003-05-01 23:39:29 +00:00
Jong Hyuk Choi
e885605f21 cleanup 2003-04-29 23:32:58 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Jong Hyuk Choi
77b58e69a5 tab cleanup 2003-04-29 17:55:26 +00:00
Howard Chu
1643145b03 Fix multi-line string literals. new GCC complains... 2003-04-22 16:06:29 +00:00
Jong Hyuk Choi
86a46c267a OpenLDAP synchronization based replication engine 2003-04-21 14:08:13 +00:00
Pierangelo Masarati
adf3744dd6 fix backsql new API; use berbuf instead of berval 2003-04-15 21:55:25 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Howard Chu
3a71bddbc4 ITS#2389 - added conn_max_pending/auth config keywords to cap the number 
of outstanding requests on a connection. Set rate limits for request
execution:
   no connection can have more than maxthreads/2 ops executing at once.
   a connection that is write-blocked will not execute any new ops.
   queued ops must drain before any new ops can execute.
If the queue exceeds the max_pending limit, the connection is closed.
...also fixed a bug where a connection was not marked active if it never
received a Bind.
 2003-03-27 03:35:46 +00:00
Howard Chu
bbad1de8e1 Added lutil_passwd_init, _destroy, _add for dynamically adding passwd 
schemes. Declarations in lutil.h require lutil.h never be included before
lber.h, always after.
 2003-03-11 05:58:53 +00:00
Pierangelo Masarati
118bf1e9f9 apply a different fix for ITS#2342 2003-03-03 23:06:58 +00:00
Howard Chu
8f88bc1f8f Free default_passwd_hash on cleanup 2003-02-16 06:13:34 +00:00
Kurt Zeilenga
aaf253318b Move include <slapi.h> behind #ifdef 2003-02-10 02:09:00 +00:00
Kurt Zeilenga
8f82e9f772 ITS#2117: remove suffixalias support until someone fixes it 2003-02-09 07:20:03 +00:00
Kurt Zeilenga
698d73d5f3 Disable reverse lookups by default for security 
(and performance) reasons.
 2003-02-08 07:40:19 +00:00
Kurt Zeilenga
c315e28779 Move RDN checks to entry_schema_check() so that it is consistently 
applied (and disabled via schemacheck off).  Removed add-rdn-values flag.
 2003-02-07 20:12:26 +00:00
Pierangelo Masarati
7a97f37bd4 add 'add-rdn-values {on|off}' (default off) switch 2003-02-07 15:19:58 +00:00
Pierangelo Masarati
c3847a6136 slapi header cleanup 2003-01-27 21:53:23 +00:00
Luke Howard
7d5978b4aa Put #endif in correct place when commenting out backend directive check 
for plugins (now that global plugins are nominally supported)
 2003-01-21 15:14:07 +00:00
Luke Howard
17b761cf96 Allow global plugins. 2003-01-21 15:11:35 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
df5d69df8f allow a custom error log file for plugins by means of a slapd.conf directive; add very bare-bone back-monitor info about installed plugins 2002-12-14 15:04:37 +00:00
Hallvard Furuseth
54728f367e Implement user-defined tagging attribute options and ranges 2002-12-12 13:56:05 +00:00
Pierangelo Masarati
1b70e16448 SLAPI - Netscape plugin API for slapd - based on patch contributed by Steve Omrani <somrani@us.ibm.com> as ITS#2073 2002-12-07 17:19:29 +00:00
Kurt Zeilenga
da76c1951e First-cut proxy authorization support. 2002-12-03 06:11:32 +00:00
Kurt Zeilenga
8754c8f2a3 #unifdef paged results, remove lint 2002-11-28 04:38:41 +00:00
Pierangelo Masarati
415a8d325f add limits to entries count for paged results 2002-11-21 20:49:02 +00:00
Julius Enarusai
2d98b19bf7 Converted ch_malloc, ch_calloc and ch_realloc calls to SLAP_MALLOC and 
SLAP_CALLOC in add_value/add_value_one functions and propagated errors to
all functions that use these functions.
 2002-11-01 18:59:52 +00:00
Pierangelo Masarati
53e1930fd0 use keyword "unlimited" instead of -1 for no limits 2002-10-31 09:57:24 +00:00
Kurt Zeilenga
36569048ff Add "allow update_anon" 
Fix -USLAP_X_LISTENER_MOD builds
 2002-10-25 18:47:24 +00:00
Kurt Zeilenga
acc32b9d9e Basic framework for DIT Content Rules (not yet enforced) 2002-10-09 07:11:50 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
f5e6d1db41 #unifdef -DSCHEMA_DN 2002-09-29 04:30:38 +00:00
Kurt Zeilenga
1c75a7f25c Fix inverted bvmatch logic in modrdn 2002-08-12 08:45:20 +00:00
Howard Chu
07ebdca237 ITS#1893, use "schemadn" to configure subschemasubentry DN. (diff was 
inaccessible, this is original code, not contributed.)
 2002-08-10 03:10:52 +00:00
Howard Chu
554311a4c8 Fix cargv leak in recursive read_config() 2002-08-07 08:22:43 +00:00
Kurt Zeilenga
8a3d02bf6b misc cleanup 2002-07-23 18:35:12 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication. 
Add protected simple authentication as a "strong" mechanism.
 2002-06-17 22:18:27 +00:00
Pierangelo Masarati
b9254b8ab4 should compile even without Cyrus SASL 2002-06-15 15:01:17 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema. 
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
 2002-06-14 08:10:14 +00:00
Kurt Zeilenga
116e165a5c Be less forgiving (don't ignore so many configuration errors) 2002-06-08 18:38:52 +00:00
Kurt Zeilenga
a784e4d054 Add rootdn check when rootpw is set. 2002-06-08 18:04:43 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Kurt Zeilenga
bdad40c696 Disallow addition of system schema via config files. 2002-05-30 05:23:37 +00:00
Pierangelo Masarati
2ca323d2b5 Fixes ITS#1786: dynamically growing number of tokens in config line 
for both slapd and slurpd

Copyright 2002, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.

Applied with changes
 2002-05-02 08:48:14 +00:00
Howard Chu
7fae7fe155 Changed be_[n]suffix, be_[n]suffixAlias to BerVarray. No more bvec's anywhere. 2002-05-01 18:50:14 +00:00
Julius Enarusai
ed8f299245 ITS#1730: Misc typos in NEW_LOGGING code from Hallvard 2002-04-25 22:12:44 +00:00
Kurt Zeilenga
0ca5d06f77 Re: PRIVATE: Patch: Passwords (ITS#1740) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
 2002-04-22 17:31:16 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to 
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
 2002-04-18 12:26:36 +00:00
Kurt Zeilenga
709ce4fa6c Re: Patch: ctype functions require 'unsigned char' args (ITS#1678) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.

Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'.  So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
 2002-04-15 20:42:42 +00:00
Howard Chu
bf6fccd7bb ITS#1740 2002-04-13 10:56:16 +00:00
Pierangelo Masarati
4a2b9b2195 ITS#1730 2002-04-08 18:39:23 +00:00
Pierangelo Masarati
f4dba925ff add a switch that enables/disables reverse lookups if configured with rlookups 2002-04-03 15:40:49 +00:00
Pierangelo Masarati
9bf3ccd0bf allow attribute exclusion list in selective replica 2002-03-30 08:52:20 +00:00
Howard Chu
a1063a041d Fix previous commit, lutil_passwd_scheme() returns boolean, not pointer. 2002-03-18 08:56:47 +00:00
Pierangelo Masarati
a1b65bcdfe detect unavailable hash algorithms at startup 2002-03-09 11:02:32 +00:00
Julius Enarusai
08d0a48ac5 The following file fails compile when NEW_LOGGING is enabled. 2002-03-07 17:50:56 +00:00
Kurt Zeilenga
32fb8b0bff Add ACL state recording to avoid multiple evaluation of 
value-independent access controls.
 2002-02-09 05:14:17 +00:00
Howard Chu
f50b75f0c2 Added replica attr=<attribute list> support to filter replog content 2002-02-08 06:44:33 +00:00
Howard Chu
c3c85b4062 Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try, 
and hard/demand.
 2002-01-27 02:56:18 +00:00
Pierangelo Masarati
cb8299d124 allow trailing '\' to continue a config line (ITS#1551) 2002-01-23 16:28:48 +00:00
Kurt Zeilenga
13af7fb073 Misc. cleanup, remove lint, remove unused deprecated functions, etc. 2002-01-15 07:29:15 +00:00
Kurt Zeilenga
504404725a Flip some bits in the backend flags mask 2002-01-11 02:31:47 +00:00
Kurt Zeilenga
55501e886f Rework backend (lastmod + glue + system schema) flags 2002-01-10 22:34:11 +00:00
Kurt Zeilenga
c80d93f2bb Start of new operational attribute framework 2002-01-10 00:17:21 +00:00
Pierangelo Masarati
a744ca2be3 fix logs 2002-01-05 16:53:08 +00:00
Pierangelo Masarati
ca60d05dd1 fix malformed test 2002-01-05 15:44:08 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
f52cc9bab5 Change struct berval ** to BVarray 2002-01-02 11:00:36 +00:00
Howard Chu
975a5e9a24 Added dnPretty2/dnNormalize2 using preallocated destination berval 2001-12-29 04:48:00 +00:00
Howard Chu
0039cb2a37 More dnPrettyNormal 2001-12-28 07:58:54 +00:00
Kurt Zeilenga
b17572c7d3 cleanup 2001-12-27 23:01:09 +00:00
Kurt Zeilenga
ef7a99ff99 Additional struct berval DN changes... 2001-12-26 23:26:55 +00:00
Kurt Zeilenga
2dd27b0786 More struct berval DNs 2001-12-25 19:48:26 +00:00
Kurt Zeilenga
3336619c80 More "char *" to struct berval DN changes 2001-12-25 02:30:01 +00:00
Kurt Zeilenga
5ee89d6167 Use struct berval DNs for root DN and update DN 2001-12-25 00:05:26 +00:00
Kurt Zeilenga
0c28b66a75 use dnPretty instead of dn_pretty 2001-12-23 00:43:57 +00:00
Kurt Zeilenga
d23313a068 LDAPv2 disallow and other flag changes 
Fix compile errors
 2001-12-21 04:44:34 +00:00
Howard Chu
923cdcf3c5 fix from jon@symas.com - missing arguments to Debug/LDAP_LOG 2001-12-17 22:47:36 +00:00
Howard Chu
ff682be26e Added acl_destroy, acl_free. 2001-12-15 12:41:53 +00:00
Howard Chu
826056e75b More thorough backend_destroy. Added config_destroy. Destroy slap_listeners. 
Plugged other small leaks.
 2001-12-15 12:05:58 +00:00
Pierangelo Masarati
e754997da0 minor cleanup 2001-12-11 11:30:01 +00:00
Howard Chu
ef0b308bea Changed backglue configuration. Added noSubordinates arg to select_backend 
to deal with glued subordinates.
 2001-12-10 12:09:40 +00:00
Pierangelo Masarati
95f1740aa6 improvements to monitor backend: added a log entry that lists the current log level and can be modified via protocol at runtime, to change the log level; minor improvements; fixed a problem in dealing with dn normalization 2001-12-10 09:50:06 +00:00
Howard Chu
fd7e23c188 Converted suffixAlias to struct bervals. 2001-12-09 14:57:42 +00:00
Howard Chu
55a217d9ae Changed be_nsuffix from char ** to struct berval ** to eliminate strlen's 2001-12-08 05:15:58 +00:00
Pierangelo Masarati
379e0e9d50 another step towards schema aware normalization: ava sorting in rdns; now by defining USE_LDAP_DN_PARSING both the new dn parsing and the server side normalization is used. There might be, every now and then, a flaw mostly due to naive normalization of pseudo-dn (thinking about some acl/regex stuff and so) 2001-12-05 19:26:30 +00:00
Pierangelo Masarati
aee3600276 minor cleanup 2001-11-17 16:18:07 +00:00
Kurt Zeilenga
82fad7d0c8 First stable an implementing latest namedref specification. 
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only.  Needs to be ported to back-bdb.
 2001-10-26 02:05:14 +00:00
Pierangelo Masarati
271c323281 Fixes ITS#1385 2001-10-25 15:15:34 +00:00
Kurt Zeilenga
23bf2fb086 Fix error messages 2001-10-24 05:27:49 +00:00
Kurt Zeilenga
fcd1ce0e28 Use defined Root DSE attributes. 
Developed by Julius Enarusai/IBM
Copyright IBM Corp. 2001

Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001.  No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
 2001-10-23 23:29:41 +00:00
Kurt Zeilenga
2af75ecc6a Trim both \n and \r\n from config files. 2001-09-24 22:18:02 +00:00
Kurt Zeilenga
c0c9c47032 bump MAXARGS to 500 2001-09-21 00:48:47 +00:00
Kurt Zeilenga
d05e6af326 Clean up include logging 2001-09-17 22:38:52 +00:00
Kurt Zeilenga
a49392981a There is no TLSProtocol option. 2001-08-31 16:48:30 +00:00
Pierangelo Masarati
b637967b95 fix malformed test 2001-08-04 16:46:03 +00:00
Pierangelo Masarati
6a5b253bc6 allow multiple limits setting on one global/per backend config line 2001-08-04 11:09:25 +00:00
Pierangelo Masarati
8471ef7ed0 add global, per backend and per op_ndn time/size soft, hard and to-be-checked limits (exploited by back-ldbm); see slapd.conf(5) for details 2001-08-01 10:09:04 +00:00
Pierangelo Masarati
4051547dfa handle regex-based per op_ndn time/size limits 2001-07-28 11:24:22 +00:00
Pierangelo Masarati
589a5c7442 added extra check to suffix param of replica entry 2001-07-23 14:32:59 +00:00
Pierangelo Masarati
ece9bdb0eb Added the suffix=<dn> parameter to replica config directive 
to allow selective replication of subtrees of a single database.
Multiple occurrences allow the same replica to handle different
subtrees
 2001-07-21 14:15:23 +00:00
Kurt Zeilenga
c46014e27e Fix typo in disallow logging 2001-07-15 17:25:00 +00:00
Pierangelo Masarati
5fdba27288 This is the skeleton of back-monitor, the slapd monitoring backend. 
The old monitoring stuff has been removed; the new backend is
enabled by using --enable-monitor at configure time and requires

	database monitor

in slapd.conf to be activated.  At present it implements a subset
of the old monitoring options, and it should be extendable to
a number of different subsystems.  The search operation has been
implementd; it does not honor abandon or size/time limits, though.
The compare and the abandon operations are planned.

Copyright Pierangelo Masarati <ando@sys-net.it>; the code is provided
AS IS with NO GUARANTEE.  It can be used and distributed under the
conditions stated by the OpenLDAP Public License.
 2001-07-14 17:34:24 +00:00
Randy Kunkee
a9097044ea Remove global_backendsyncfreq code (code has been pushed down into back-ldbm). 2001-06-28 18:02:46 +00:00
Randy Kunkee
d492880870 Add sync_daemon to daemon.c, enabled by global configuration 
backendsyncfreq <seconds>.  Setting this automatically enables
dbnosync (because the synchronizer takes care of it).
 2001-06-22 08:38:58 +00:00
Kurt Zeilenga
8d4c20cd6d Adding crypt(3) salt format (ITS#1202) from Jeff Costlow <j.costlow@f5.com> 
with minor changes by committer
---
Copyright 2001, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.

This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
 2001-06-13 03:47:17 +00:00
Kurt Zeilenga
cc6fab319e Add support for separate max incoming for anonymous and authenticated 
sessions (defaults: 256K and 16M respectively).
 2001-05-29 20:00:55 +00:00
Kurt Zeilenga
8360b4396f Take rc out from #ifdef 2001-05-20 17:39:32 +00:00
Kurt Zeilenga
0aef7722e6 Add support for obsolete attributes. 
We don't support collective attributes (yet).
Remove exit() calls from scheme parsers.  Need to do same for acl parser.
 2001-05-17 07:31:59 +00:00
Kurt Zeilenga
0445405299 if continuation line starts with a tab, rewrite it to a space 2001-05-12 18:43:06 +00:00
Kurt Zeilenga
4055077607 Add simple configure support for sockbuf max incoming 2001-05-05 07:29:21 +00:00
Kurt Zeilenga
3310663d02 RANDFILE directives 2001-05-02 19:46:01 +00:00
Stig Venaas
b92bceed2a Now loading all UCDATA files 2001-01-26 14:33:09 +00:00
Stig Venaas
13e628bcf4 Load UCDATA composition data 2001-01-24 15:31:53 +00:00
Kurt Zeilenga
28d1dbd8ac Add "sasl-external-x509dn-convert" configuration option aimed 
at providing authid TLS/X.509 to LDAP DN mapping.  Experimental.
 2001-01-19 00:47:32 +00:00
Gary Williams
84658f8a11 add new logging 2001-01-17 21:12:54 +00:00
Gary Williams
d531a20f52 more new logging (finally), behind NEW_LOGGING 2001-01-11 17:11:23 +00:00
Stig Venaas
b44cc963c2 Improved ucdata loading error handling 2000-11-09 12:39:18 +00:00
Stig Venaas
87e58fb031 Changed ucdata loading, all is done in config.c. Tried to make ucdata load 
when found in config file, or before first call to dn_normalize/dn_validate
 2000-11-02 10:10:36 +00:00
Gary Williams
d65bf04894 add logfile directive to config (behind NEW_LOGGING) 2000-10-25 16:49:23 +00:00
Kurt Zeilenga
dbdba34972 First-cut at manageDSAit-aware backend selection. 2000-10-21 03:29:02 +00:00
Gary Williams
696de70df4 fix lutil_set_debug_level call 2000-10-20 14:46:33 +00:00
Gary Williams
aacd6e78f4 convert text level to int 2000-10-17 19:42:24 +00:00
Kurt Zeilenga
f7e9842160 Remove "defaultaccess" option. No longer needed as without 
ACLs, the only sane and useful option is "read".
 2000-10-13 04:45:24 +00:00
Howard Chu
004f4f3260 Fix TLSVerifyClient. Applied in wrong branch before. 2000-10-13 00:54:05 +00:00
Gary Williams
bbc0ac00b2 get new debug configuration 2000-10-12 20:11:49 +00:00
Kurt Zeilenga
1b635156ab s/saslregex/sasl-regex/ 
Other minor updates
 2000-10-06 21:16:36 +00:00
Kurt Zeilenga
2b82d4f486 remove lint 
update bdb codes
 2000-09-22 01:40:57 +00:00
Kurt Zeilenga
d78a515860 Fix build issues 2000-09-21 23:00:51 +00:00
Mark Adamson
bf1ee530ea Implementation of SASL authorization. 2000-09-21 17:32:54 +00:00
Kurt Zeilenga
d6a56aaf25 Fix typo in last commit 2000-09-12 19:35:19 +00:00
Kurt Zeilenga
bd9de9d90d Clean up defaultSearchBase code 2000-09-12 18:21:09 +00:00
Kurt Zeilenga
5852f7188b Add 'defaultSearchBase' configuration directive to help support 
brain-damaged LDAPv2 clients.
 2000-09-11 21:57:14 +00:00
Kurt Zeilenga
3342ea3b49 Add more bind allow/disallow flags 2000-09-11 18:24:24 +00:00
Kurt Zeilenga
2e13824d0d Add "allow tls_2_anon" to allow StartTLS to force session to anonymous. 
Add "disallow tls_authc" to disallow StartTLS when session is authenticated.
Create and use connection2anonymous routine for consistency.
 2000-09-08 22:59:01 +00:00
Kurt Zeilenga
d463b3cab1 Add missing "disallow bind_anon" directive (ITS#721) 2000-09-07 17:53:05 +00:00
Kurt Zeilenga
cee040a321 Bring UCdata infrastructure. 2000-09-03 23:48:35 +00:00
Randy Kunkee
58bb439d08 Raise MAXARGS to 200, since the schema syntax burns more. 2000-08-31 22:16:16 +00:00
Kurt Zeilenga
a60438c1ce Add sasl-host option and treat sasl-realm as global only 
(ie: not backend specific).
 2000-08-30 01:44:39 +00:00
Kurt Zeilenga
4520cd4ec2 Align with man page 2000-08-28 19:19:47 +00:00
Kurt Zeilenga
bf3df2f7a6 restrictops, requires, disallow knobs; ssf acls; and misc other changes 
man pages to follow...
 2000-08-28 18:38:48 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/ 
Use AC_FMEMCPY where appropriate (-llber)
 2000-07-28 01:07:07 +00:00
Randy Kunkee
46ca9103b6 Fix MAXARGS boundary condition problem: slapd crashed if number of tokens 
parsed == MAXARGS (only applicable if you have really large objectclasses).
 2000-07-19 01:40:05 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session. 
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
 2000-07-13 22:54:38 +00:00
Mark Valence
d4d03e36e5 Added "threads" config to slapd.conf. 2000-07-04 19:24:13 +00:00
Kurt Zeilenga
2c7f89b1b2 remove locale option. OpenLDAP is designed only for the "C" locale. 2000-06-20 16:55:23 +00:00
Kurt Zeilenga
ec426532b2 Reworked thread code to better support thread-library specific 
r/w locks and thread pools.  Hide internal structures (using
pthread'ish technics).  Place common code in threads.c.  Move
no-thread code to thr_stub.c.  Move thread pool code to tpool.c.
Removed setconcurrency call from initializer, added 'concurrency'
directive to slapd.  Tested code under pthreads, pth, and no-threads.
 2000-06-13 02:42:13 +00:00
Kurt Zeilenga
693fb9424a unifdef -DSLAPD_SCHEMA_NOT_COMPAT -USLAPD_SCHEMA_COMPAT 2000-06-06 19:43:18 +00:00
Kurt Zeilenga
7b14e1304a Relocate schema_init() call to main() 
Add schema_prep() call to main()
Similiar changes to slapcommon.c
Add schema_prep() impl to schema_init.c
Add slap_ad_entry and slap_ad_children globals.
Add "entry" and "children" to openldap.schema (this likely should
  be added to schema via code, not configuration)
 2000-05-15 20:04:36 +00:00
Kurt Zeilenga
4bc786f34b Y2k copyright update 2000-05-13 02:47:56 +00:00
Kurt Zeilenga
0dbaf87730 Another round of changes behind -DSLAPD_SCHEMA_NOT_COMPAT 
plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something
 2000-02-14 20:57:34 +00:00
Kurt Zeilenga
3a6e906194 Replace -DSLAPD_SCHEMA_COMPAT with -USLAPD_SCHEMA_NOT_COMPAT 2000-01-31 22:14:16 +00:00
Kurt Zeilenga
c5da0c76ce Additional changes to migrate to new schema codes 
Still not usable.
 2000-01-28 20:01:00 +00:00
Kurt Zeilenga
5e12c84a6f Add simple password test program. 
Rework lutil_passwd routines to use struct berval instead of strings.
 1999-12-09 01:11:16 +00:00
Kurt Zeilenga
d5edb4bff6 Reengineered ldappasswd(1). Uses extended operation to set 
user password.  Likely to be modified to use bind control
instead.  Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
 1999-12-08 04:37:59 +00:00
Mark Valence
249313f75a Removed previous changes for extensions -- extensions now use moduleload. 1999-11-09 21:18:37 +00:00
Mark Valence
c8aa051571 Load extension library on "extension" keyword in configs (actual load routine is in extended.c). Protected by #ifdef SLAPD_EXTERNAL_EXTENSIONS. 1999-11-09 03:37:05 +00:00
Kurt Zeilenga
f6829ee903 Initial commit of new ACL engine. Engine supports descrete access 
privs, additive/substractive rules, and rule continuation.  Existing
rules that use 'defaultaccess none' should be 100% compatible.  Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
 1999-10-21 17:53:56 +00:00
Kurt Zeilenga
859dbe1398 Change the defaultaccess to 'auth' 
Set defaultaccess to 'read' in distribution slapd.conf and add warnings
Set schemacheck to 'on' in distribution slapd.conf and add warnings
 1999-10-15 20:34:42 +00:00
Kurt Zeilenga
7e53b5bdeb Change 'attribute' directive to 'attributetype' 
(and allowing 'attribute' for backwards compatibility).
manuals and *.schema to be updated as time permits.
 1999-10-13 20:28:00 +00:00
Kurt Zeilenga
7a0b0b2bbf In preparation for adding dn_rewrite()... 
s/dn_normalize/dn_validate/
s/dn_normalize_case/dn_normalize/
 1999-09-24 01:46:37 +00:00
Kurt Zeilenga
fc10815fc8 config should return error if backend or database initialization fail. 1999-09-13 18:47:05 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers. 
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
 1999-09-08 19:06:24 +00:00
Hallvard Furuseth
1cde481298 Move `#include "ldap_defaults.h"' into slap.h, which #ifdefs on it. 1999-09-03 23:10:05 +00:00
Hallvard Furuseth
76a94de251 Fix: obey be->be_readonly. Also add & obey global_readonly. 1999-09-02 10:39:51 +00:00
Kurt Zeilenga
bc1186bfb1 Fix "database fubar" crash 1999-08-26 19:09:40 +00:00
Kurt Zeilenga
5c63fd55b5 Implement ldap_dn_normalize and friends. Should be used by clients 
to validate input dn's BEFORE sending dn's to server.
Also fixed getfilter to use REG_EXTENDED|REG_NOSUB.  (and fixed one
case where REG_BASIC was still used).
s/strdup/LDAP_STRDUP/
Added ldap_pvt_str2lower/upper
 1999-08-25 06:44:08 +00:00
Kurt Zeilenga
2a74677799 const'fication 1999-08-20 19:00:44 +00:00
Howard Chu
75c9a1e222 Add OIDmacros for attribute & objectclass numericOIDs. Allow parsing 
attribute syntaxes using syntax description in addition to syntax OID.
Removed all whitespace from syntax descriptions.
 1999-08-19 22:09:33 +00:00
Howard Chu
22ad6bd6d4 Add "modulepath" config statement for setting the search path for locating 
loadable modules. Gratuitously renamed "loadmodule" to "moduleload".
"modulepath" takes a single argument, a colon-separated list of absolute
pathnames.
 1999-08-17 01:30:09 +00:00
Howard Chu
0743e963ca Modified to use libtool's ltdl instead of gmodule 1999-08-07 07:58:11 +00:00
Kurt Zeilenga
9c3ed0310b Add copyright notices. 1999-08-06 23:07:46 +00:00
Kurt Zeilenga
10591cb47d Update default access usage comment. 1999-08-03 21:35:53 +00:00
Kurt Zeilenga
df8f7cbb9b s/exit(1)/exit(EXIT_FAILURE)/ 
s/exit(0)/exit(EXIT_SUCCESS)/
add <ac/stdlib.h> where needed and other minor header adjustments
 1999-08-03 18:14:24 +00:00
Kurt Zeilenga
5456f4ed18 Default lastmod to ON. 1999-07-27 20:05:37 +00:00
Kurt Zeilenga
c12547cf3b Resurrect suffix aliasing... 1999-07-27 18:43:30 +00:00
Kurt Zeilenga
68d561a97b Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns 
NULL does not meet basic syntax rules.
 1999-07-22 17:14:42 +00:00
Kurt Zeilenga
a11630f9b8 Fix maxDeref directive 1999-07-22 00:49:25 +00:00
Kurt Zeilenga
933908f72f ACL CHANGES: 
by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.
 1999-07-21 20:54:23 +00:00
Julio Sánchez Fernández
288a28a762 Add support for TLSVerifyClient. 1999-07-20 18:05:50 +00:00
Kurt Zeilenga
170836751a Namespace changes 
added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.
 1999-07-19 19:40:33 +00:00
Julio Sánchez Fernández
fd8b582aa9 We should stop using SSL to refer to TLS. This is a first step. 1999-07-16 10:28:51 +00:00
Kurt Zeilenga
73276e84ae Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. 
Includes support for update referral for each replicated backend.
	Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world.  Still testing in LDAPv3 world.
Added default referral (test009) test.
 1999-07-16 02:45:46 +00:00
Julio Sánchez Fernández
fd49eacc4b Parse more TLS options in slapd.conf 1999-07-15 21:05:08 +00:00
Julio Sánchez Fernández
d92c7c1c7d A couple of options for TLS configuration. Still a conflict here, 
the default context is initialized before the config file is read,
so the locations are not know at context initialization.
 1999-07-15 15:04:02 +00:00
Kurt Zeilenga
549c89f817 Regarding previous commit: 
Fix broken ACL macros.
	Fix o_dn/o_ndn == NULL vs "".
 1999-07-04 19:53:00 +00:00
Kurt Zeilenga
106eef41d8 HEADS UP: connections are forced to "anonymous" status upon receiving 
of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).
 1999-07-04 18:46:24 +00:00
Kurt Zeilenga
b7bbc7504d More bind changes to support SASL/DIGEST. 
Added configuration support for "digest-realm <realm>" configure directive.
Added connection state and bind_in_progress fields to cn=monitor connection
attribute.
 1999-07-02 19:48:07 +00:00
Bastiaan Bakker
5a470f8959 Merged dynamic module support patch (see ITS #196). To enable, run ./configure w 
ith --enable-modules. GLib v1.2 or higher is required.
 1999-06-24 17:06:34 +00:00
Kurt Zeilenga
7e4b3bc2e7 initial commit of idletimeout code... everything but the actual timeout. 1999-06-18 22:54:19 +00:00