Add comment concerning sequencing issues which need to be resolved
by reworking of connection state machine. Add note that a race
condition exists until this rework is complete.
Rework extended operations to return pointer to static error text.
Only return SLAPD_DISCONNECT with a send_ldap_disconnect()
was called.
Add initial code for support predetermined filter results
when filter is undefined (or known to be true or false).
plus these changes unhidden changes:
remove now meaning --enable-discreteaci configure option
fix ITS#451, slapd filters
Add ber_bvecadd() to support above
constify ldap_pvt_find_wildcard() and misc slapd routines
renamed some slap.h macros
likely broken something
basic structures for handing language tags and binary option
(but less actual code to actually support them). Provided
for reference only. Will not even compile.
attributes of the syntax. Such attribute values be transferred
using binary syntax unless ber2str/str2ber routines are provided.
Used in conjunction with ";binary" attribute description option
and/or the Binary syntax.
unless access requested is WRITE. This allows you to apply
an ACL to limit search/reading of no-user-modification attributes.
Writes, of course, are always prohibited (by do_add, do_modify).
Revert normalization to matching rule per discussions with Julio.
May need separate normalization routines for stored value and asserted
value. Currently rely on passed in syntax/mr to allow "special" behavior.
Reworked filters to pass struct berval * instead of char *. (needs work)
Validation, normalization and matching needed.
routine. Could be combined into one routine.
Modify slapd matching rule struct to only have match function.
Modify old attribute such that 'bin' implies octetString, not 'binary'.
Add compatibility for IA5 strings. Only directoryStrings were handled
before.
Treat attribute types without syntax as incomplete, not default.
Add OctetStringValidate (always returns okay).
Add {UTF8,IA5}StringValidate/Normalize (IA5 based loosely on
case_exact_normalize). Need case{Exact,Ignore}UTFMatch, using IA5 versions
for now.
Removed default of syntax/mr handlders, should just skip
registration of syntax/mr's without handlers.
Added comments to slap.h about types versus descriptions.
s/case_ignore_compare/caseIgnoreIA5Match/
s/case_exact_normalize/caseExactIA5Normalize/
s/case_exact_compare/caseExactIA5Match/
to make room for UTF-8 and T.61 varients.
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.
Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed. Needs replog support.
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
frontend to complete parsing of extended op reqdata.
Modify password extended operation to allow optional id (DN)
entry to change (not tested). Also, provide room to allow
server side password generation (not implemented). Added optional old
password field to support proxying (not implemented).
Need to implement replog() support.
referral URL is not a '/'. Also in send_search_reference, corrected the
comparison for the pre-V3 case. Previously, referrals were being dropped
completely for V2 subtree searches. More work is still needed, V2 onelevel
referral handling is wrong.
user password. Likely to be modified to use bind control
instead. Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
