Commit 6e8f1b9b authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Sync with HEAD

parent a5cbf490
OpenLDAP 2.4 Change Log
OpenLDAP 2.4.0alpha Release
OpenLDAP 2.4.1alpha Engineering
Changes not tracked
......@@ -58,6 +58,11 @@ else
echo "No guide"
fi
if test -e $RELNAME/libraries/liblunicode/ucdata/uctable.h ; then
echo "touching uctable.h..."
touch $RELNAME/libraries/liblunicode/ucdata/uctable.h
fi
if test ! -e $RELNAME/build/version.sh ; then
echo "No build version"
OL_STRING="something"
......
......@@ -15,7 +15,7 @@
ol_package=OpenLDAP
ol_major=2
ol_minor=4
ol_patch=0alpha
ol_patch=X
ol_api_inc=20400
ol_api_current=0
ol_api_revision=0
......
......@@ -261,8 +261,10 @@ static int dodelete(
return rc;
}
if( verbose || code != LDAP_SUCCESS ||
(matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
if( code != LDAP_SUCCESS ) {
tool_perror( "ldap_delete", code, NULL, matcheddn, text, refs );
} else if ( verbose &&
((matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ))
{
printf( _("Delete Result: %s (%d)\n"),
ldap_err2string( code ), code );
......
......@@ -899,10 +899,17 @@ getNextPage:
}
if (ldif < 2 ) {
char *realbase = base;
if ( realbase == NULL ) {
ldap_get_option( ld, LDAP_OPT_DEFBASE, (void **)&realbase );
}
printf( "#\n" );
printf(_("# LDAPv%d\n"), protocol);
printf(_("# base <%s> with scope %s\n"),
base ? base : "",
printf(_("# base <%s>%s with scope %s\n"),
realbase ? realbase : "",
( realbase == NULL || realbase != base ) ? " (default)" : "",
((scope == LDAP_SCOPE_BASE) ? "baseObject"
: ((scope == LDAP_SCOPE_ONELEVEL) ? "oneLevel"
: ((scope == LDAP_SCOPE_SUBORDINATE) ? "children"
......@@ -943,6 +950,10 @@ getNextPage:
}
printf( _("\n#\n\n") );
if ( realbase && realbase != base ) {
ldap_memfree( realbase );
}
}
if ( infile == NULL ) {
......@@ -1512,12 +1523,27 @@ static int print_result(
if( text ) {
if( *text ) {
if( !ldif ) {
tool_write_ldif( LDIF_PUT_TEXT, "text",
text, strlen(text) );
} else {
fprintf( stderr, _("Additional information: %s\n"), text );
}
if( !ldif ) {
if ( err == LDAP_PARTIAL_RESULTS ) {
char *line;
for ( line = text; line != NULL; ) {
char *next = strchr( line, '\n' );
tool_write_ldif( LDIF_PUT_TEXT,
"text", line,
next ? next - line : strlen( line ) );
line = next ? next + 1 : NULL;
}
} else {
tool_write_ldif( LDIF_PUT_TEXT, "text",
text, strlen(text) );
}
} else {
fprintf( stderr, _("Additional information: %s\n"), text );
}
}
ber_memfree( text );
......
#! /bin/sh
# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.1 2006/04/11 16:07:14 kurt Exp .
# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.633 2006/04/29 08:09:31 hyc Exp .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
......@@ -465,7 +465,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
 
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar OPENLDAP_LIBRELEASE OPENLDAP_LIBVERSION OPENLDAP_RELEASE_DATE top_builddir ldap_subdir CC AR CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO ac_ct_AR RANLIB ac_ct_RANLIB DLLTOOL ac_ct_DLLTOOL AS ac_ct_AS OBJDUMP ac_ct_OBJDUMP CPP LIBTOOL PERLBIN OL_MKDEP OL_MKDEP_FLAGS LTSTATIC LIBOBJS LIBSRCS PLAT WITH_SASL WITH_TLS WITH_MODULES_ENABLED WITH_ACI_ENABLED BUILD_THREAD BUILD_LIBS_DYNAMIC BUILD_SLAPD BUILD_SLAPI SLAPD_SLAPI_DEPEND BUILD_BDB BUILD_DNSSRV BUILD_HDB BUILD_LDAP BUILD_META BUILD_MONITOR BUILD_NULL BUILD_PASSWD BUILD_RELAY BUILD_PERL BUILD_SHELL BUILD_SQL BUILD_ACCESSLOG BUILD_AUDITLOG BUILD_DDS BUILD_DENYOP BUILD_DYNGROUP BUILD_DYNLIST BUILD_LASTMOD BUILD_PPOLICY BUILD_PROXYCACHE BUILD_REFINT BUILD_RETCODE BUILD_RWM BUILD_SEQMOD BUILD_SYNCPROV BUILD_TRANSLUCENT BUILD_UNIQUE BUILD_VALSORT BUILD_SLURPD LDAP_LIBS SLAPD_LIBS SLURPD_LIBS BDB_LIBS LTHREAD_LIBS LUTIL_LIBS WRAP_LIBS SLAPD_MODULES_CPPFLAGS SLAPD_MODULES_LDFLAGS SLAPD_NO_STATIC SLAPD_STATIC_BACKENDS SLAPD_DYNAMIC_BACKENDS SLAPD_STATIC_OVERLAYS SLAPD_DYNAMIC_OVERLAYS PERL_CPPFLAGS SLAPD_PERL_LDFLAGS MOD_PERL_LDFLAGS KRB4_LIBS KRB5_LIBS SASL_LIBS TLS_LIBS MODULES_LIBS SLAPI_LIBS LIBSLAPI LIBSLAPITOOLS AUTH_LIBS ICU_LIBS SLAPD_SLP_LIBS SLAPD_GMP_LIBS SLAPD_SQL_LDFLAGS SLAPD_SQL_LIBS SLAPD_SQL_INCLUDES LTLIBOBJS'
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar OPENLDAP_LIBRELEASE OPENLDAP_LIBVERSION OPENLDAP_RELEASE_DATE top_builddir ldap_subdir CC AR CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO ac_ct_AR RANLIB ac_ct_RANLIB DLLTOOL ac_ct_DLLTOOL AS ac_ct_AS OBJDUMP ac_ct_OBJDUMP CPP LIBTOOL PERLBIN OL_MKDEP OL_MKDEP_FLAGS LTSTATIC LIBOBJS LIBSRCS PLAT WITH_SASL WITH_TLS WITH_MODULES_ENABLED WITH_ACI_ENABLED BUILD_THREAD BUILD_LIBS_DYNAMIC BUILD_SLAPD BUILD_SLAPI SLAPD_SLAPI_DEPEND BUILD_BDB BUILD_DNSSRV BUILD_HDB BUILD_LDAP BUILD_META BUILD_MONITOR BUILD_NULL BUILD_PASSWD BUILD_RELAY BUILD_PERL BUILD_SHELL BUILD_SQL BUILD_ACCESSLOG BUILD_AUDITLOG BUILD_CONSTRAINT BUILD_DDS BUILD_DENYOP BUILD_DYNGROUP BUILD_DYNLIST BUILD_LASTMOD BUILD_PPOLICY BUILD_PROXYCACHE BUILD_REFINT BUILD_RETCODE BUILD_RWM BUILD_SEQMOD BUILD_SYNCPROV BUILD_TRANSLUCENT BUILD_UNIQUE BUILD_VALSORT BUILD_SLURPD LDAP_LIBS SLAPD_LIBS SLURPD_LIBS BDB_LIBS LTHREAD_LIBS LUTIL_LIBS WRAP_LIBS SLAPD_MODULES_CPPFLAGS SLAPD_MODULES_LDFLAGS SLAPD_NO_STATIC SLAPD_STATIC_BACKENDS SLAPD_DYNAMIC_BACKENDS SLAPD_STATIC_OVERLAYS SLAPD_DYNAMIC_OVERLAYS PERL_CPPFLAGS SLAPD_PERL_LDFLAGS MOD_PERL_LDFLAGS KRB4_LIBS KRB5_LIBS SASL_LIBS TLS_LIBS MODULES_LIBS SLAPI_LIBS LIBSLAPI LIBSLAPITOOLS AUTH_LIBS ICU_LIBS SLAPD_SLP_LIBS SLAPD_GMP_LIBS SLAPD_SQL_LDFLAGS SLAPD_SQL_LIBS SLAPD_SQL_INCLUDES LTLIBOBJS'
ac_subst_files=''
 
# Initialize some variables set by options.
......@@ -1047,6 +1047,7 @@ SLAPD Overlay Options:
--enable-overlays enable all available overlays no|yes|mod
--enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
--enable-auditlog Audit Logging overlay no|yes|mod [no]
--enable-constraint Attribute Constraint overlay no|yes|mod [no]
--enable-dds Dynamic Directory Services overlay no|yes|mod [no]
--enable-denyop Deny Operation overlay no|yes|mod [no]
--enable-dyngroup Dynamic Group overlay no|yes|mod [no]
......@@ -3074,6 +3075,7 @@ fi;
 
Overlays="accesslog \
auditlog \
constraint \
dds \
denyop \
dyngroup \
......@@ -3165,6 +3167,30 @@ else
fi;
# end --enable-auditlog
 
# OpenLDAP --enable-constraint
# Check whether --enable-constraint or --disable-constraint was given.
if test "${enable_constraint+set}" = set; then
enableval="$enable_constraint"
ol_arg=invalid
for ol_val in no yes mod ; do
if test "$enableval" = "$ol_val" ; then
ol_arg="$ol_val"
fi
done
if test "$ol_arg" = "invalid" ; then
{ { echo "$as_me:$LINENO: error: bad value $enableval for --enable-constraint" >&5
echo "$as_me: error: bad value $enableval for --enable-constraint" >&2;}
{ (exit 1); exit 1; }; }
fi
ol_enable_constraint="$ol_arg"
else
ol_enable_constraint=${ol_enable_overlays:-no}
fi;
# end --enable-constraint
# OpenLDAP --enable-dds
 
# Check whether --enable-dds or --disable-dds was given.
......@@ -3794,6 +3820,7 @@ BUILD_SQL=no
 
BUILD_ACCESSLOG=no
BUILD_AUDITLOG=no
BUILD_CONSTRAINT=no
BUILD_DDS=no
BUILD_DENYOP=no
BUILD_DYNGROUP=no
......@@ -5635,7 +5662,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 5638 "configure"' > conftest.$ac_ext
echo '#line 5665 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
......@@ -7615,11 +7642,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7618: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7645: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7622: \$? = $ac_status" >&5
echo "$as_me:7649: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -7877,11 +7904,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7880: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7907: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7884: \$? = $ac_status" >&5
echo "$as_me:7911: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -7939,11 +7966,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7942: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7969: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:7946: \$? = $ac_status" >&5
echo "$as_me:7973: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
......@@ -10187,7 +10214,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 10190 "configure"
#line 10217 "configure"
#include "confdefs.h"
 
#if HAVE_DLFCN_H
......@@ -10285,7 +10312,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 10288 "configure"
#line 10315 "configure"
#include "confdefs.h"
 
#if HAVE_DLFCN_H
......@@ -40173,6 +40200,22 @@ _ACEOF
 
fi
 
if test "$ol_enable_constraint" != no ; then
BUILD_CONSTRAINT=$ol_enable_constraint
if test "$ol_enable_constraint" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS constraint.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS constraint.o"
fi
cat >>confdefs.h <<_ACEOF
#define SLAPD_OVER_CONSTRAINT $MFLAG
_ACEOF
fi
if test "$ol_enable_dds" != no ; then
BUILD_DDS=$ol_enable_dds
if test "$ol_enable_dds" = mod ; then
......@@ -40529,6 +40572,7 @@ fi
 
 
 
 
 
# Check whether --with-xxinstall or --without-xxinstall was given.
......@@ -41279,6 +41323,7 @@ s,@BUILD_SHELL@,$BUILD_SHELL,;t t
s,@BUILD_SQL@,$BUILD_SQL,;t t
s,@BUILD_ACCESSLOG@,$BUILD_ACCESSLOG,;t t
s,@BUILD_AUDITLOG@,$BUILD_AUDITLOG,;t t
s,@BUILD_CONSTRAINT@,$BUILD_CONSTRAINT,;t t
s,@BUILD_DDS@,$BUILD_DDS,;t t
s,@BUILD_DENYOP@,$BUILD_DENYOP,;t t
s,@BUILD_DYNGROUP@,$BUILD_DYNGROUP,;t t
......@@ -326,6 +326,7 @@ dnl ----------------------------------------------------------------
dnl SLAPD Overlay Options
Overlays="accesslog \
auditlog \
constraint \
dds \
denyop \
dyngroup \
......@@ -351,6 +352,8 @@ OL_ARG_ENABLE(accesslog,[ --enable-accesslog In-Directory Access Logging ov
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(auditlog,[ --enable-auditlog Audit Logging overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(constraint,[ --enable-constraint Attribute Constraint overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(dds,[ --enable-dds Dynamic Directory Services overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(denyop,[ --enable-denyop Deny Operation overlay],
......@@ -558,6 +561,7 @@ BUILD_SQL=no
BUILD_ACCESSLOG=no
BUILD_AUDITLOG=no
BUILD_CONSTRAINT=no
BUILD_DDS=no
BUILD_DENYOP=no
BUILD_DYNGROUP=no
......@@ -2741,6 +2745,18 @@ if test "$ol_enable_auditlog" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_AUDITLOG,$MFLAG,[define for Audit Logging overlay])
fi
if test "$ol_enable_constraint" != no ; then
BUILD_CONSTRAINT=$ol_enable_constraint
if test "$ol_enable_constraint" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS constraint.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS constraint.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_CONSTRAINT,$MFLAG,[define for Attribute Constraint overlay])
fi
if test "$ol_enable_dds" != no ; then
BUILD_DDS=$ol_enable_dds
if test "$ol_enable_dds" = mod ; then
......@@ -2982,6 +2998,7 @@ dnl backends
dnl overlays
AC_SUBST(BUILD_ACCESSLOG)
AC_SUBST(BUILD_AUDITLOG)
AC_SUBST(BUILD_CONSTRAINT)
AC_SUBST(BUILD_DDS)
AC_SUBST(BUILD_DENYOP)
AC_SUBST(BUILD_DYNGROUP)
......
......@@ -6,7 +6,7 @@ Public License.
This directory contains native slapd plugins for password mechanisms that
are not actively supported by the project. Currently this includes the
Kerberos and Netscape MTA-MD5 password mechanisms.
Kerberos, Netscape MTA-MD5 and RADIUS password mechanisms.
To use the Kerberos plugin, add:
......@@ -20,6 +20,15 @@ moduleload pw-netscape.so
to your slapd configuration file.
To use the RADIUS plugin, add:
moduleload pw-radius.so
to your slapd configuration file; optionally, the path to a configuration
file can be appended in the form
moduleload pw-radius.so config="/etc/radius.conf"
No Makefile is provided. Use a command line similar to:
gcc -shared -I../../../include -Wall -g -DHAVE_KRB5 -o pw-kerberos.so kerberos.c
......@@ -32,3 +41,10 @@ The corresponding command for the Netscape plugin would be:
gcc -shared -I../../../include -Wall -g -o pw-netscape.so netscape.c
The corresponding command for the RADIUS plugin would be:
gcc -shared -I../../../include -Wall -g -o pw-radius.so radius.c -lradius
(Actually, you might want to statically link the RADIUS client library
libradius.a into the module).
/* $OpenLDAP$ */
/*
* Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#include <stdio.h>
#include <lber.h>
#include <lber_pvt.h> /* BER_BVC definition */
#include "lutil.h"
#include <ac/string.h>
#include <ac/unistd.h>
#include <radlib.h>
static LUTIL_PASSWD_CHK_FUNC chk_radius;
static const struct berval scheme = BER_BVC("{RADIUS}");
static char *config_filename;
static int
chk_radius(
const struct berval *sc,
const struct berval *passwd,
const struct berval *cred,
const char **text )
{
unsigned int i;
int rc = LUTIL_PASSWD_ERR;
struct rad_handle *h = NULL;
for ( i = 0; i < cred->bv_len; i++ ) {
if ( cred->bv_val[ i ] == '\0' ) {
return LUTIL_PASSWD_ERR; /* NUL character in cred */
}
}
if ( cred->bv_val[ i ] != '\0' ) {
return LUTIL_PASSWD_ERR; /* cred must behave like a string */
}
for ( i = 0; i < passwd->bv_len; i++ ) {
if ( passwd->bv_val[ i ] == '\0' ) {
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if ( passwd->bv_val[ i ] != '\0' ) {
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
h = rad_auth_open();
if ( h == NULL ) {
return LUTIL_PASSWD_ERR;
}
if ( rad_config( h, config_filename ) != 0 ) {
goto done;
}
if ( rad_create_request( h, RAD_ACCESS_REQUEST ) ) {
goto done;
}
if ( rad_put_string( h, RAD_USER_NAME, passwd->bv_val ) != 0 ) {
goto done;
}
if ( rad_put_string( h, RAD_USER_PASSWORD, cred->bv_val ) != 0 ) {
goto done;
}
if ( rad_send_request( h ) == RAD_ACCESS_ACCEPT ) {
rc = LUTIL_PASSWD_OK;
}
done:;
rad_close( h );
return rc;
}
int
init_module( int argc, char *argv[] )
{
int i;
for ( i = 0; i < argc; i++ ) {
if ( strncasecmp( argv[ i ], "config=", STRLENOF( "config=" ) ) == 0 ) {
/* FIXME: what if multiple loads of same module?
* does it make sense (e.g. override an existing one)? */
if ( config_filename == NULL ) {
config_filename = ber_strdup( &argv[ i ][ STRLENOF( "config=" ) ] );
}
} else {
fprintf( stderr, "init_module(radius): unknown arg#%d=\"%s\".\n",
i, argv[ i ] );
return 1;
}
}
return lutil_passwd_add( (struct berval *)&scheme, chk_radius, NULL );
}
......@@ -433,7 +433,7 @@ databases.
This marks the beginning of a new {{TERM:BDB}} database instance.
H4: olcAccess: to <what> [ by <who> <accesslevel> <control> ]+
H4: olcAccess: to <what> [ by <who> [<accesslevel>] [<control>] ]+
This directive grants access (specified by <accesslevel>) to a
set of entries and/or attributes (specified by <what>) by one or
......@@ -1013,7 +1013,7 @@ The general form of the olcAccess configuration is:
> olcAccess: <access directive>
> <access directive> ::= to <what>
> [by <who> <access> <control>]+
> [by <who> [<access>] [<control>] ]+
> <what> ::= * |
> [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
> [filter=<ldapfilter>] [attrs=<attrlist>]
......
......@@ -87,7 +87,7 @@ database definition. Arguments that should be replaced
by actual text are shown in brackets {{EX:<>}}.
H4: access to <what> [ by <who> <accesslevel> <control> ]+
H4: access to <what> [ by <who> [<accesslevel>] [<control>] ]+
This directive grants access (specified by <accesslevel>) to a
set of entries and/or attributes (specified by <what>) by one or
......@@ -593,7 +593,7 @@ access configuration file directive. The general form of an
access line is:
> <access directive> ::= access to <what>
> [by <who> <access> <control>]+
> [by <who> [<access>] [<control>] ]+
> <what> ::= * |
> [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
> [filter=<ldapfilter>] [attrs=<attrlist>]
......
......@@ -83,10 +83,10 @@ LDAP server to use. Multiple URIs can be set in in a single
argument, resulting in the underlying library automatically
call the first server of the list that responds, e.g.
\fBuri "ldap://host/ ldap://backup-host"\fP
\fBuri "ldap://host/ ldap://backup-host/"\fP
The URI list is space- or comma-separated.
This statement is mandatory.
.\"This statement is mandatory.
.\".TP
.\".B server <hostport>
.\"Obsolete option; same as `uri ldap://<hostport>/'.
......@@ -121,6 +121,33 @@ and
.BR acl-passwd .
.RE
.TP
.B chase-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
\fBrebind-as-user\fP directive is used. The default is to chase referrals.
.TP
.B conn-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
.B idassert-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
The string
.B <authz-regexp>
follows the rules defined for the
.I authzFrom
attribute.
See
.BR slapd.conf (5),
section related to
.BR authz-policy ,
for details on the syntax of this field.
.HP
.hy 0
.B idassert-bind
......@@ -273,23 +300,25 @@ and
.RE
.TP
.B idassert-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
The string
.B <authz-regexp>
follows the rules defined for the
.I authzFrom
attribute.
See
.BR slapd.conf (5),
section related to
.BR authz-policy ,
for details on the syntax of this field.
.B idle-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
.B proxy-whoami {NO|yes}
.B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact
the remote server.
If set to 0 (the default), the proxy uses the same protocol version
used by the client, otherwise the requested protocol is used.
The proxy returns \fIunwillingToPerform\fP if an operation that is
incompatible with the requested protocol is attempted.
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
.TP
.B proxy\-whoami {NO|yes}
Turns on proxying of the WhoAmI extended operation. If this option is
given, back-ldap will replace slapd's original WhoAmI routine with its
own. On slapd sessions that were authenticated by back-ldap, the WhoAmI
......@@ -303,21 +332,6 @@ If this option is given, the client's bind credentials are remembered
for rebinds when chasing referrals. Useful when
\fBchase-referrals\fP is set to \fByes\fP, useless otherwise.
.TP
.B chase-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
\fBrebind-as-user\fP directive is used. The default is to chase referrals.
.TP
.B tls {[try-]start|[try-]propagate}
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
The \fBtry-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is highly deprecated.
.TP
.B t-f-support {NO|yes|discover}
enable if the remote server supports absolute filters
......@@ -342,14 +356,13 @@ the protocol does not provide any means to rollback the operation,
so the client will not know if the operation eventually succeeded or not.
.TP
.B idle-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
.B conn-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.B tls {[try-]start|[try-]propagate}
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.