mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,147 Commits 38 Branches 307 Tags 74 MiB
f5e36e1bbd
Commit Graph

586 Commits

Author SHA1 Message Date
Pierangelo Masarati
16d820ad84 add iterator on overlays 2004-03-16 21:56:40 +00:00
Howard Chu
db52f51943 Preserve old slap_passwd_hash() signature, add slap_passwd_hash_type() 2004-03-15 20:58:41 +00:00
Pierangelo Masarati
f145457d0c move limits check and preparation in a helper function 2004-03-09 14:32:00 +00:00
Howard Chu
4504b48c6b default_passwd_hash now takes a list of schemes 
passwordModify exop will generate all the configured hashes
 2004-03-02 22:12:23 +00:00
Jong Hyuk Choi
53d191e14d syncrepl update: 1) improve error handling 2) glueing support for non-leaf deletion (TODO : deletion of leaf glue entries in the delete / modrdn code) 2004-02-22 20:44:44 +00:00
Pierangelo Masarati
4e57108991 allow search limits based on groups (ITS#2967) 2004-02-18 16:40:36 +00:00
Howard Chu
c9d033ae30 Fix syncrepl slapd_shutdown detection, would not stop on a gentlehup. 2004-01-15 21:35:05 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
c7f1759e80 Misc cleanup 2003-12-30 01:26:38 +00:00
Kurt Zeilenga
fcad25da47 Misc code cleanup 2003-12-29 22:25:43 +00:00
Howard Chu
d8f9f4ee22 Revert prev commit, unnecessary 2003-12-25 14:57:26 +00:00
Howard Chu
329bd66d6a Use a separate mutex for the replication timestamp 2003-12-24 14:32:33 +00:00
Howard Chu
d31230f859 Fix replog sequencing - assign sequence numbers at beginning of operation, 
instead of getting a timestamp at the end. This makes it possible for
slurpd to sort the log later.
 2003-12-23 18:48:36 +00:00
Pierangelo Masarati
42d7d6d743 propagate flags to sasl-regexp functions (will need it later) 2003-12-18 18:32:45 +00:00
Kurt Zeilenga
9647ccd945 Completely untested built-in EXTERNAL implementation 
Needs identity mapping and proxy authorization support
 2003-12-18 06:52:39 +00:00
Pierangelo Masarati
4602c935f7 saslAuthzTo/From stuff 
when comparing IDs to saslAuthzTo/From values, the saslAuthzTo
saslAuthzFrom values can take different forms:

dn[.<style>]:<pattern>

<style> ::= 	exact		; exact match
		children	; children of <pattern> match
		subtree		; <pattern> or children of <pattern> match
		regex		; <pattern> is regcomp() & regexec()
if no <style>, then exact is assumed

u[.<mech>][/<realm>]:<user>

when parsing a proxyAuthz value, only exact DN is allowed,
and no <mech> can be specified.  <user> cannot contain ':'
and <mech> cannot contain '/'.
 2003-12-13 23:02:59 +00:00
Pierangelo Masarati
9c5fe98a79 declare overlays_init() 2003-12-13 10:57:13 +00:00
Howard Chu
864aea13f7 ITS#2864 removed sl_mark/sl_release code 2003-12-07 04:00:47 +00:00
Luke Howard
399b57eada Use gmtime_r() if HAVE_GMTIME_R is defined (need to add autoconf check) 2003-12-06 05:37:00 +00:00
Jong Hyuk Choi
2bb75d5469 misc cleanup 2003-12-01 17:56:36 +00:00
Howard Chu
42d8c0a39d Added slap_null_cb 2003-12-01 12:03:20 +00:00
Kurt Zeilenga
4e15a84452 Updated notices 2003-11-27 01:17:14 +00:00
Jong Hyuk Choi
1fdda703e6 Support multiple sync replication at the consumer : 
1) simultaneous operation of multiple active sync replication threads
2) cookie management for individual sync replication thread
   (include rid=%3d to the slapd cookie command line option (-c))
 2003-11-26 19:49:47 +00:00
Jong Hyuk Choi
f97dc983ac Collective entryUUID transmission of PRESENT messages in a single PDU 
(refer to draft-zeilenga-ldup-sync-04.txt)
 2003-11-20 02:14:47 +00:00
Jong Hyuk Choi
91e69fc335 add slap_uuidstr_from_normalized() 2003-11-19 00:45:59 +00:00
Jong Hyuk Choi
f3586499d0 update ldapsync/syncrepl code according to the new version of 
the protocol (draft-zeilenga-ldup-sync-04)
 2003-11-11 20:25:19 +00:00
Jong Hyuk Choi
279760a467 1. Session history support 
- memory based session history to minimize sync traffic
	- when client is covered by a session history, then
      [add+delete] mode is used
	- when client cookie is not covered by the history because
      the cookie is too outdated and/or the history is truncated,
	  [add+present] mode is used
2. Sync cookie syntax : comma separated name=value pairs
	- csn=yyyymmddhh:mm:ssZ#0xSSSS#r#ssssr,sid=nnn
 2003-11-10 02:44:25 +00:00
Howard Chu
782d1be0ad Fix prev commit, don't timeout outbound connections 2003-10-25 21:14:07 +00:00
Howard Chu
08676eb49d Add support for outbound connections in main listener. 
Restructure syncrepl/persist to use outbound connection manager.
 2003-10-24 12:57:24 +00:00
Howard Chu
645c2bcb02 Drop unused arguments from syncrepl_add_glue 2003-10-24 08:10:16 +00:00
Howard Chu
01f7a7466b SLAPI fix - no-op when slapi_plugins_used == 0 2003-10-24 05:58:42 +00:00
Howard Chu
b6835be962 ITS#2747, Reorganize syncrepl, fix some memleaks. More remain. 2003-10-18 14:13:37 +00:00
Jong Hyuk Choi
9d59b5a41c ITS #2766 (remove slap_syncrepl_bvc & slap_syncrepl_cn_bvc from proto-slap.h) 2003-10-14 20:40:44 +00:00
Luke Howard
7a1c94acd3 Add entry_dup(); make slapi_entry_dup() use it 2003-10-08 00:48:33 +00:00
Jong Hyuk Choi
a8574a450f slaptools update : replica promotion / demotion 
new slapadd options
-p       : promote : If the ldif file contains syncConsumerSubentries, convert
                     them to a single syncProviderSubentry. Its contextCSN
                     attribute has the largest value of the syncreplCookie
                     attributes of the syncConsumerSubentries.
                     syncProviderSubentry in the ldif file is retained.
-p -w    : promote : Recalculate contextCSN based on entryCSN of each entry.
           create    Existing syncConsumerSubentries and syncProviderSubentry
                     are ignored and not added to the directory.
-r       : demote  : If the ldif file contains syncProviderSubentry, convert it
                     to a syncConsumerSubentry having the default syncrepl id
                     of 0. syncConsumerSubentries in the ldif file are retained.
-r -w    : demote  : Recalculate syncreplCookie based on entryCSN of each entry.
           create    Existing syncConsumerSubentries and syncProviderSubentry
                     are ignored and not added to the directory. The default
                     syncrepl id of 0 will be used for the new
                     syncConsumerSubentry.
-r -w -i %d[,%d]*  : Using the comma separated list followed by the -i option,
                     it is possible to create multiple syncConsumerSubentries
                     having the syncrepl ids specified in the list.
                     syncreplCookie values of these sycnConsumerSubentries
                     will have the same value, either from the maximum
                     entryCSN value or from the contextCSN value of the
                     syncProviderSubentry.
 2003-10-07 20:01:37 +00:00
Howard Chu
c58ac9d8f1 Add memctx param to build_new_dn(). cleanup DN leaks. 2003-09-24 04:30:41 +00:00
Howard Chu
0b23dff298 ITS#2735 - plug memory leaks, cleanup 2003-09-23 22:52:35 +00:00
Jong Hyuk Choi
537ccc3f5f fix for persistent search termination (ITS#2724) 
- the consumer slapd did not terminate when the provider is alive
 - use a timeout in ldap_result() of syncrepl.c
 2003-09-17 10:34:10 +00:00
Kurt Zeilenga
99f968b597 Initial support for pre/post read controls. 
TODO:
	Fix transactional consistency
	Add client response control handling
 2003-09-16 18:56:04 +00:00
Howard Chu
72adc38cdf Construct ctxcsn entries directly, plug memory leaks, remove 
dependency on slap_mods_check and slap_mods2entry
 2003-09-12 18:52:34 +00:00
Jong Hyuk Choi
c25a892e62 misc cleanup 2003-09-04 19:48:53 +00:00
Jong Hyuk Choi
c36f32a9e4 slaptool update for LDAP Sync replication 2003-08-30 15:19:35 +00:00
Jong Hyuk Choi
090ac0a772 unifdef LDAP_SYNC and LDAP_SYNCREPL 2003-08-27 22:16:04 +00:00
Jong Hyuk Choi
3be0b77c88 Context CSN Patch (2) 
- BDB context csn codes moved to a separate function in back-bdb/ctxcsn.c
 2003-08-25 19:15:04 +00:00
Jong Hyuk Choi
660617ae66 Context CSN patch (1) 
- currenty works for refreshOnly mode of LDAP Sync
- Context CSN for add / modify is implemented
- code for delete / modrdn / refreshAndPersist will be soon committed
 2003-08-23 02:51:33 +00:00
Kurt Zeilenga
b54780f940 Add initial support for modify/increment. No over/under flow detection. 
Currently discovered via a "feature", but should use a control.
Start of a control made, but needs to be better integrated (with
auto use in ldapmodify(1)).
 2003-08-07 16:42:40 +00:00
Jong Hyuk Choi
2b803b0459 SyncRepl is changed to share the following routnines : 
slap_mods_opattrs(), slap_mods_check(), slap_mods2entry()
 2003-07-11 01:01:27 +00:00
Jong Hyuk Choi
b231c33efa export glueing code 2003-07-08 20:07:07 +00:00
Jong Hyuk Choi
cc6f31782d - partial attribute replication tested ok 
- conf file processing udpate
- misc updates
 2003-07-02 14:51:23 +00:00
Jong Hyuk Choi
fd13d4d50f misc cleanup 2003-07-01 15:43:25 +00:00
Jong Hyuk Choi
5bc1e1a3c9 Berkeley DB congestion avoidance 2003-07-01 11:55:18 +00:00
Jong Hyuk Choi
5d203d0cc5 not returning glue entries unless manageDSAit is set 2003-06-25 16:22:08 +00:00
Jong Hyuk Choi
f07179ca61 syncrepl changes 
- can handle multiple syncinfo
- ldap_sync_search() added
 2003-06-11 17:03:57 +00:00
Howard Chu
62da6969dc Preliminary backend overlay support, based on backglue, not tested... 2003-06-11 02:27:51 +00:00
Kurt Zeilenga
2fcbaf29d9 read get_extop func 2003-06-01 00:09:32 +00:00
Kurt Zeilenga
16af7fdd4c Hide experimental controls and extended operations 2003-05-31 20:19:02 +00:00
Kurt Zeilenga
12304f64e5 Merge partial and intermediate responses 2003-05-31 05:01:49 +00:00
Howard Chu
676984e8d3 Fix slap_EXOP declarations 2003-05-29 07:18:58 +00:00
Howard Chu
9dace23dec Change slap_sasl_authorized to take an Operation instead of a Connection, 
for compatibility with proxyAuthz control
 2003-05-24 02:44:46 +00:00
Jong Hyuk Choi
7e7429267e persistent search updates with recent changes 2003-05-20 20:21:39 +00:00
Jong Hyuk Choi
986bcd52a9 -syncUUID search in syncrepl 
-test017-syncreplication
 2003-05-09 06:50:44 +00:00
Jong Hyuk Choi
45776bff04 a runqueue for periodic thread execution (for syncrepl) 2003-05-07 02:06:01 +00:00
Howard Chu
46e2b97757 ITS#2424 use two SASL contexts per session to conform to RFC 2222 2003-05-01 04:11:57 +00:00
Howard Chu
7e2273b30e Added errmsg arg to lutil_passwd_{check,hash} functions 2003-04-30 07:52:05 +00:00
Kurt Zeilenga
5cd994ed21 remove dnNormalize2 
replace calls to dnNormalize2 with calls to dnNormalize
 2003-04-29 18:28:14 +00:00
Kurt Zeilenga
eebc51b9bf remove dnPretty 
rename dnPretty2 to dnPretty
 2003-04-29 18:13:10 +00:00
Hallvard Furuseth
8a2bb1d1cc Declare lap_free_ctrls() and sl_mem_init(). 2003-04-29 14:53:05 +00:00
Jong Hyuk Choi
86a46c267a OpenLDAP synchronization based replication engine 2003-04-21 14:08:13 +00:00
Pierangelo Masarati
629885a269 use SLAP_PTRCMP 2003-04-18 17:16:48 +00:00
Pierangelo Masarati
3a5cd746b7 use global bervals for TRUE/FALSE 2003-04-16 19:49:00 +00:00
Howard Chu
be28bf247e Added sl_context() to return the context associated with an alloc'd ptr. 
Improved ch_malloc/sl_malloc compatibility.
 2003-04-12 05:12:40 +00:00
Howard Chu
ece7452b05 More memory context tweaks 2003-04-11 01:29:28 +00:00
Howard Chu
374d919fc0 More memory context tweaks 2003-04-10 06:21:53 +00:00
Howard Chu
f897519d11 Minor cleanups 2003-04-09 23:37:00 +00:00
Howard Chu
813d5c8ed8 First cut at thread-local malloc. Only used by search() for now... 
Needs work in normalizers, etc.
 2003-04-09 16:52:03 +00:00
Pierangelo Masarati
43b1658160 normalize while merging values 2003-04-08 23:27:22 +00:00
Howard Chu
6f9901e9ce Moved get_alias_dn from back-ldbm to frontend 2003-04-05 06:34:20 +00:00
Kurt Zeilenga
c75be97ae9 #ifdef -DSLAP_NVALUES 2003-04-05 03:35:16 +00:00
Howard Chu
9355dca9af Consolidated slap_callbacks into one function. Removed send_search_result. 2003-04-01 04:12:18 +00:00
Howard Chu
e8c58b4e7f Major API change - (SLAP_OP_BLOCKS) All request parameters are 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
 2003-03-30 09:03:54 +00:00
Pierangelo Masarati
4325d05ebc add function prototypes 2003-03-29 11:46:02 +00:00
Howard Chu
3a71bddbc4 ITS#2389 - added conn_max_pending/auth config keywords to cap the number 
of outstanding requests on a connection. Set rate limits for request
execution:
   no connection can have more than maxthreads/2 ops executing at once.
   a connection that is write-blocked will not execute any new ops.
   queued ops must drain before any new ops can execute.
If the queue exceeds the max_pending limit, the connection is closed.
...also fixed a bug where a connection was not marked active if it never
received a Bind.
 2003-03-27 03:35:46 +00:00
Howard Chu
99950e4fe4 Deleted BackendInfo->bi_acl_attribute, bi_acl_group. 
Replaced with bi_entry_get_rw.
Implemented for back-bdb, back-ldbm, back-ldap.
 2003-03-26 11:50:03 +00:00
Pierangelo Masarati
1277616c40 use an "unknown" listener name/url when faking connections 2003-03-11 18:25:51 +00:00
Pierangelo Masarati
9702e837e8 fix attr_merge_one hack 2003-03-01 15:41:54 +00:00
Pierangelo Masarati
bf35f8e37f improved filter mapping/rewrite; improved result rewriting; improved attribute/objectclass mapping configuration 2003-03-01 11:08:53 +00:00
Kurt Zeilenga
16c9e81c80 SLAP_NVALUES: test003 now passes (with help of a substr mr hack) 2003-03-01 00:14:32 +00:00
Luke Howard
cc39f75261 Support for dynamic registration of controls, both through native and 
SLAPI plugins.
 2003-02-28 12:34:35 +00:00
Kurt Zeilenga
152829be87 SLAP_NVALUES: 
schema engine updated (but not schema routines so things don't run yet)
	nvalues mostly populated, enough for tests 0-2 to pass
	schema routines needs lots of work
	modify/mods codes needs lots of work
 2003-02-27 01:54:43 +00:00
Kurt Zeilenga
f1441afbac Backout prototype rename 2003-02-26 15:53:31 +00:00
Kurt Zeilenga
dd66e6e929 SLAP_NVALUES, round 3 2003-02-26 07:39:30 +00:00
Kurt Zeilenga
2a8dec95ba SLAP_NVALUES back-monitor temporary hack 2003-02-25 21:19:42 +00:00
Kurt Zeilenga
8502301b00 Round one of SLAP_NVALUES code 2003-02-25 21:08:48 +00:00
Howard Chu
65bf90ff73 Use struct berval for exop reqoid everywhere. Define berval constants 
for the known exops.
 2003-02-16 06:15:28 +00:00
Kurt Zeilenga
8f82e9f772 ITS#2117: remove suffixalias support until someone fixes it 2003-02-09 07:20:03 +00:00
Kurt Zeilenga
c315e28779 Move RDN checks to entry_schema_check() so that it is consistently 
applied (and disabled via schemacheck off).  Removed add-rdn-values flag.
 2003-02-07 20:12:26 +00:00
Pierangelo Masarati
7a97f37bd4 add 'add-rdn-values {on|off}' (default off) switch 2003-02-07 15:19:58 +00:00
Jong Hyuk Choi
e1bf8cc437 Intermediate Response 2003-02-03 17:28:19 +00:00
Luke Howard
dfc7d338a6 Add sendreference callback 2003-02-01 07:04:13 +00:00
Jong Hyuk Choi
0c43007e55 LDAP cancel operation 2003-01-25 00:36:50 +00:00
Luke Howard
819d4093ae Honour PermitModify control when adding or deleting values. This code needs 
review although, with the control disabled, it should not affect existing
code paths.
 2003-01-24 01:43:09 +00:00
Hallvard Furuseth
e384faf927 Return 0 or 1 from is_entry_*(), to kill 'signed vs. unsigned' warnings. 2003-01-22 22:01:21 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Hallvard Furuseth
2bcb48361d Remove casts of AVL function pointers. 2002-12-14 22:25:52 +00:00
Hallvard Furuseth
486eaa69b6 Rename "lang(uage)" to "tag(s)". (Cleanup after attribute options patch.) 2002-12-13 19:15:20 +00:00
Hallvard Furuseth
54728f367e Implement user-defined tagging attribute options and ranges 2002-12-12 13:56:05 +00:00
Pierangelo Masarati
1b70e16448 SLAPI - Netscape plugin API for slapd - based on patch contributed by Steve Omrani <somrani@us.ibm.com> as ITS#2073 2002-12-07 17:19:29 +00:00
Kurt Zeilenga
da76c1951e First-cut proxy authorization support. 2002-12-03 06:11:32 +00:00
Pierangelo Masarati
76bf91f553 remove #ifdef SLAP_FILTER_HASSUBORDINATES 2002-11-10 19:48:36 +00:00
Jong Hyuk Choi
3a9229a3e9 Use of slap_schema.si_ad_entryUUID in bdb_psearch() 2002-10-28 23:57:54 +00:00
Pierangelo Masarati
f07cabad0f need to move #define here; on by default 2002-10-26 16:32:11 +00:00
Pierangelo Masarati
7b3f889ec1 fix hasSubordinate filtering; now it can be safely turned on 2002-10-26 16:18:31 +00:00
Jong Hyuk Choi
15c5943edd Addition of servers/slapd/lcup.c and servers/slapd/back-bdb/lcup.c for persistent search 2002-10-25 17:57:03 +00:00
Jong Hyuk Choi
8074294f1d LCUP persistent search code drop 2002-10-25 17:51:30 +00:00
Pierangelo Masarati
956f1d16aa listener: 
- use bervals for url and sockname
- pass connection_init() the listener struct pointer instead of each value
- don't copy them in the Connection struct 'cause they're not going to change
- define macros for legacy usage of c_listener_url and c_sockname
 2002-10-24 10:03:52 +00:00
Kurt Zeilenga
acc32b9d9e Basic framework for DIT Content Rules (not yet enforced) 2002-10-09 07:11:50 +00:00
Kurt Zeilenga
f5e6d1db41 #unifdef -DSCHEMA_DN 2002-09-29 04:30:38 +00:00
Pierangelo Masarati
8758a30bf2 #undef SLAP_X_FILTER_HASSUBORDINATES while I fix the entry lock problem ... 2002-09-10 10:10:11 +00:00
Pierangelo Masarati
d3ca441ae8 /* 
* The original code performs ( n ) normalizations
 * and ( n * ( n - 1 ) / 2 ) matches, which hide
 * the same number of normalizations.  The new code
 * performs the same number of normalizations ( n )
 * and ( n * ( n - 1 ) / 2 ) mem compares, far less
 * expensive than an entire match, if a match is
 * equivalent to a normalization and a mem compare ...
 *
 * This is far more memory expensive than the previous,
 * but it can heavily improve performances when big
 * chunks of data are added (typical example is a group
 * with thousands of DN-syntax members; on my system:
 * for members of 5-RDN DNs,

 members         orig            bvmatch (dirty) new
 1000            0m38.456s       0m0.553s        0m0.608s
 2000            2m33.341s       0m0.851s        0m1.003s

 * Moreover, 100 groups with 10000 members each were
 * added in 37m27.933s (an analogous LDIF file was
 * loaded into Active Directory in 38m28.682s, BTW).
 *
 * Maybe we could switch to the new algorithm when
 * the number of values overcomes a given threshold?
 */
 2002-09-02 19:41:03 +00:00
Kurt Zeilenga
af183089b8 unifdef -DSLAP_X_MRA_MATCH_DNATTRS 2002-09-01 00:33:20 +00:00
Kurt Zeilenga
c6052ac8b0 Add mr_usable_with_at() routine. Use both in generation 
of rule uses, but also in test_filter_mra()
 2002-08-31 21:23:45 +00:00
Pierangelo Masarati
e2ec62f09f add matchingRuleUse to schema; use a berval instead of _oidlen in syntax and matching rule 2002-08-31 10:45:22 +00:00
Pierangelo Masarati
7e2317c842 add server side controls to back-ldap and back-meta 2002-08-29 14:39:31 +00:00
Pierangelo Masarati
fbc11bd16a - added the capability to filter based on hasSubordinate attribute 
to back-bdb, back-ldbm and back-sql (the latter with limitations);
- added handling of ":dn" attributes to extended rfc2254 filters
  and to matched value filter
- altered the behavior of get_mra() when a matching rule is given:
  now it checks whether it is compatible with the attribute syntax
  and, in case it is, the given mr is used.  In case of no type,
  the check is delayed when filtering
 2002-08-29 10:55:48 +00:00
Kurt Zeilenga
1086ffb438 Round one of subclass indexing for objectClass and structualObjectClasss. 
add soc_cname to ObjectClass structure
 2002-08-29 01:12:59 +00:00
Kurt Zeilenga
23efa07a99 use ldap_charray_*() instead of charray_*() 2002-08-24 00:55:24 +00:00
Pierangelo Masarati
a038ef68e6 added attr_merge/value_add functions that dela with single attribute; bervals for '*', '+' and '1.1' made available 2002-08-23 08:49:19 +00:00
Howard Chu
505a141c75 Use search callbacks in slap_sasl_checkpass and slap_auxprop_lookup, 
use ACL_AUTH for acl checks.
 2002-08-20 05:32:54 +00:00
Howard Chu
e5091f5926 Updated register_syntax, register_matching_rule for more convenient 
calling from other modules
 2002-08-17 01:29:18 +00:00
Pierangelo Masarati
b95ab4ac64 add function slap_modrdn2mods that prepares modifications list for delete/add old/new rdn values 2002-08-16 16:35:16 +00:00
Kurt Zeilenga
1c75a7f25c Fix inverted bvmatch logic in modrdn 2002-08-12 08:45:20 +00:00
Howard Chu
07ebdca237 ITS#1893, use "schemadn" to configure subschemasubentry DN. (diff was 
inaccessible, this is original code, not contributed.)
 2002-08-10 03:10:52 +00:00
Howard Chu
554311a4c8 Fix cargv leak in recursive read_config() 2002-08-07 08:22:43 +00:00
Kurt Zeilenga
eb581e43e7 Fix for: 
SASL regex segmentation faults with group based acls (ITS#1978)
based, in part, by patch submitted by Simon Wilkinson <simon@sxw.org.uk>.
 2002-07-28 07:27:55 +00:00
Howard Chu
5a01db28e3 Moved slap_strcopy, slap_strncopy to lutil_strcopy, lutil_strncopy 2002-07-27 00:24:02 +00:00
Kurt Zeilenga
0a2a381d07 Fix for "no structuralObjectClass" when lastmod is off (ITS#1904) 2002-06-25 01:04:54 +00:00
Howard Chu
07a34489c6 Added saslAuthzTo and saslAuthzFrom to system schema. 
Added sasl-authz-policy config keyword to control proxy authorization.
Moved sasl-related config processing to sasl.c:slap_sasl_config().
Moved other global defs used only in saslauthz.c into saslauthz.c.
 2002-06-14 08:10:14 +00:00
Kurt Zeilenga
1410b3e7d9 An almost complete slap_sasl_setpass() 2002-06-12 00:13:29 +00:00
Kurt Zeilenga
19eca33ca3 Gentile HUP shutdown from Hallvard 2002-06-03 16:47:43 +00:00
Kurt Zeilenga
5c5b5455fb VLV updates 2002-06-03 16:45:09 +00:00
Kurt Zeilenga
bdad40c696 Disallow addition of system schema via config files. 2002-05-30 05:23:37 +00:00
Howard Chu
6f47e13147 Cyrus 2 support now requires Cyrus 2.1.3. Adds support for in-directory 
SASL secrets. (Only works with plaintext userpassword tho.)
 2002-05-07 23:08:23 +00:00
Kurt Zeilenga
8c152396b9 Matched Values implementation (ITS#1776) based upon submission 
form Mikhail Sahalaev <M.Sahalayev@pgr.salford.ac.uk>.
Further work needed:
	add testxxx-matchedvalues
	rework ldapsearch(1) portion of patch to generalize use of options
---
Copyright 2001, Mikhail Sahalaev, All rights reserved.
This software is not subject to any license of University Of
Salford.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.
 2002-05-02 18:56:56 +00:00
Kurt Zeilenga
af02eee0d5 Reworking backend_check_restrictions for extensions 
Should resolve ITS#1781.
 2002-05-01 01:04:57 +00:00
Howard Chu
0f966d2fdb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result 
in dn parameter and return a result code.

Changed dnX509peerNormalize as above. Added debug message on failure to
retrieve client DN.
 2002-04-30 13:52:49 +00:00
Howard Chu
8a5423ea8d deleted sasl_external_x509dn_convert; X509 DNs are always converted to 
normalized LDAP DNs now.

Changed dnDCEnormalize to dnX509normalize, added dnX509peerNormalize,
based on new ldap_X509dn2bv() etc.
 2002-04-18 12:26:36 +00:00
Howard Chu
1bbd51da77 ITS#1712, rewritten dn_openssl2ldap(). Added dnDCEnormalize(), used by 
dn_openssl2ldap() and sasl_external_x509dn_convert. Fixed realm handling
for foreign Kerberos realms embedded in usernames.
 2002-04-16 08:46:25 +00:00
Pierangelo Masarati
c22f10f4ca don't count operations per request if back-monitor is not built 2002-04-08 19:13:13 +00:00
Pierangelo Masarati
51e33154b3 count initiated/completed operations divided per request 2002-04-08 18:41:15 +00:00
Pierangelo Masarati
f4dba925ff add a switch that enables/disables reverse lookups if configured with rlookups 2002-04-03 15:40:49 +00:00