If application provide one, use it. If application doesn't
provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.
This means a ldaps connection may drop before any LDAP protocol exchange
occurs (due to expired cert, unrecognized CAs, etc.).
Change ldap_pvt_tls_connect to copy any TLS error string to ld_error upon
connection failure, otherwise client just sees "can't contact LDAP server."
slapd/connection.c: add flush/delay when SSL_accept fails, to allow any
TLS alerts we generated to propagate back to the client. (Which will then
be picked up by ldap_pvt_tls_connect on the client...)
ldap_domain2dn()
ldap_domain2hostlist()
and provide prototype to soon-to-be-implemented
ldap_dn2domain().
ldap_dnssrv_init(), if needed, can easily be implemented
using ldap_create(), ldap_set_option() and the above
commands.
with authentication id and authorization ids. Note: this routine
doesn't actually negotiate anything. It likely should be renamed
ldap_sasl_auth_s() or ldap_sasl_bind_multistep() or something.
modules are dynamically loaded, they summon libldap when needed.
However, depending on the security libraries available when the
shared libldap was built, the latter brings up other dependencies.
On some platforms, it seems that no solution is available: no
indirect dynamic dependencies. But for some platforms where this
is supported (in particular, Linux), the shared libldap must
contain info on what other dynamic libraries it needs. We were
failing to put this info into the shared library. This patch
seems to fix it.
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
