s/case_ignore_compare/caseIgnoreIA5Match/
s/case_exact_normalize/caseExactIA5Normalize/
s/case_exact_compare/caseExactIA5Match/
to make room for UTF-8 and T.61 varients.
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed. Needs replog support.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
privs, additive/substractive rules, and rule continuation. Existing
rules that use 'defaultaccess none' should be 100% compatible. Rules
that rely other defaultaccess settings will require addition of
explicit clauses granting the access.
Needs additional testing and tuning of logs
provide prototype in lutil.h
use LBER_SOCKET_T instead of int in prototype. (didn't use
ber_socket_t so all of lber.h wouldn't have be dragged in)
rename signal handlers, use RETSIGTYPE, and make SIGHUP wake
rename fd to sd to reflect descriptor must be usable as a socket.
renamed sel_exit_fds to wake_sds to reflect current use
improve readability of sockpeer.c including removing obtuse goto.
to validate input dn's BEFORE sending dn's to server.
Also fixed getfilter to use REG_EXTENDED|REG_NOSUB. (and fixed one
case where REG_BASIC was still used).
s/strdup/LDAP_STRDUP/
Added ldap_pvt_str2lower/upper
LDAPext discussions).
Add attrs and attrsonly support to monitor/config info.
Add rdn attributes to schema/monitor/config.
Add extensibleObject objectclass to schema/monitor/config.
Add top objectclass to rootdse/monitor/config.
Remove opattrs option from send_search_entry().
by <who> <access> changed to by <who>+ <access> (joined with AND)
added peername=<regex> sockname=<regex> url=<regex>
removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower. Use where needed.
