From 03fcd92fe8e3d88a3f1cc7a0d84d683e07b705b6 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 20 Jan 1999 05:52:11 +0000
Subject: [PATCH] Merge in Normalized DN bug fixes and optimizations from
devel.
---
include/ldapconfig.h.edit | 12 ++--
servers/slapd/acl.c | 56 +++++++----------
servers/slapd/add.c | 10 +--
servers/slapd/back-ldbm/add.c | 19 ++----
servers/slapd/back-ldbm/bind.c | 15 +++--
servers/slapd/back-ldbm/cache.c | 9 +--
servers/slapd/back-ldbm/compare.c | 5 +-
servers/slapd/back-ldbm/delete.c | 11 ++--
servers/slapd/back-ldbm/group.c | 82 +++++++++++++------------
servers/slapd/back-ldbm/modify.c | 6 +-
servers/slapd/back-ldbm/modrdn.c | 56 +++++++++--------
servers/slapd/back-ldbm/search.c | 25 ++++----
servers/slapd/back-passwd/search.c | 2 +-
servers/slapd/back-shell/bind.c | 5 +-
servers/slapd/backend.c | 51 ++++++++++------
servers/slapd/bind.c | 84 +++++++++++++++++++-------
servers/slapd/compare.c | 22 ++++---
servers/slapd/config.c | 44 +++++++++-----
servers/slapd/daemon.c | 5 ++
servers/slapd/delete.c | 35 ++++++-----
servers/slapd/dn.c | 6 +-
servers/slapd/entry.c | 2 +-
servers/slapd/filterentry.c | 20 +++---
servers/slapd/main.c | 1 +
servers/slapd/modify.c | 47 +++++++-------
servers/slapd/modrdn.c | 34 ++++++-----
servers/slapd/monitor.c | 4 +-
servers/slapd/operation.c | 6 ++
servers/slapd/proto-slap.h | 32 ++++++----
servers/slapd/result.c | 16 +++--
servers/slapd/search.c | 9 +--
servers/slapd/slap.h | 20 +++---
servers/slapd/suffixalias.c | 41 ++++++++-----
servers/slapd/tools/ldbmtest.c | 2 +-
servers/slapd/tools/ldif2id2children.c | 2 +-
tests/data/modify.out.master | 24 ++++----
tests/data/search.out.master | 10 +--
tests/data/slapd-repl-slave.conf | 1 +
tests/data/test-ordered.ldif | 22 +++----
tests/data/test.ldif | 22 +++----
40 files changed, 494 insertions(+), 381 deletions(-)
diff --git a/include/ldapconfig.h.edit b/include/ldapconfig.h.edit
index ff3233768a..6d73cf991d 100644
--- a/include/ldapconfig.h.edit
+++ b/include/ldapconfig.h.edit
@@ -219,11 +219,15 @@ Please try again later.\r\n"
#define SLAPD_PIDEXT ".pid"
/* extension of the slapd args file */
#define SLAPD_ARGSEXT ".args"
- /* dn of the special "monitor" entry */
-#define SLAPD_MONITOR_DN "cn=monitor"
- /* dn of the special "config" entry */
-#define SLAPD_CONFIG_DN "cn=config"
/* minimum max ids that a single index entry can map to in ldbm */
#define SLAPD_LDBM_MIN_MAXIDS 4000
+/* the following DNs must be normalized and in uppercase! */
+ /* dn of the special "monitor" entry */
+#define SLAPD_MONITOR_DN "CN=MONITOR"
+ /* dn of the special "config" entry */
+#define SLAPD_CONFIG_DN "CN=CONFIG"
+ /* dn of the special "schema" entry */
+/* #define SLAPD_SCHEMA_DN "CN=SCHEMA" */
+
#endif /* _LDAP_CONFIG_H */
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index f8e567efeb..4488ff3557 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -16,7 +16,7 @@ static void string_expand(char *newbuf, int bufsiz, char *pattern,
/*
- * access_allowed - check whether dn is allowed the requested access
+ * access_allowed - check whether op->o_ndn is allowed the requested access
* to entry e, attribute attr, value val. if val is null, access to
* the whole attribute is assumed (all values). this routine finds
* the applicable acl and calls acl_access_allowed() to make the
@@ -34,7 +34,6 @@ access_allowed(
Entry *e,
char *attr,
struct berval *val,
- char *dn,
int access
)
{
@@ -50,7 +49,8 @@ access_allowed(
return( 0 );
}
- edn = dn_normalize_case( ch_strdup( e->e_dn ) );
+ edn = e->e_ndn;
+
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
@@ -62,13 +62,12 @@ access_allowed(
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
- free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
- a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
+ a = acl_get_applicable( be, op, e, attr, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
@@ -85,7 +84,6 @@ access_allowed(
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
- free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
@@ -105,24 +103,26 @@ acl_get_applicable(
Operation *op,
Entry *e,
char *attr,
- char *edn,
int nmatch,
regmatch_t *matches
)
{
int i, j;
struct acl *a;
+ char *edn;
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
- if ( be_isroot( be, op->o_dn ) ) {
+ if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_get: no acl applicable to database root\n", 0, 0,
0 );
return( NULL );
}
+ edn = e->e_ndn;
+
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
@@ -230,9 +230,9 @@ acl_access_allowed(
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
- op->o_dn ? op->o_dn : "" );
+ op->o_ndn ? op->o_ndn : "" );
- if ( be_isroot( be, op->o_dn ) ) {
+ if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
@@ -248,12 +248,13 @@ acl_access_allowed(
return( default_access >= access );
}
- odn = NULL;
- if ( op->o_dn != NULL ) {
- odn = dn_normalize_case( ch_strdup( op->o_dn ) );
+ odn = op->o_ndn;
+
+ if ( odn != NULL ) {
bv.bv_val = odn;
bv.bv_len = strlen( odn );
}
+
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
@@ -264,15 +265,14 @@ acl_access_allowed(
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
- op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
+ op->o_ndn != NULL && *(op->o_ndn) && e->e_dn != NULL )
{
- if ( strcasecmp( edn, op->o_dn ) == 0 ) {
+ if ( strcmp( edn, op->o_ndn ) == 0 ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
- if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
@@ -282,7 +282,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
- if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@@ -294,7 +293,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
- if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@@ -308,11 +306,10 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
- if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
- if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
+ if ( b->a_dnattr != NULL && op->o_ndn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
@@ -325,7 +322,6 @@ acl_access_allowed(
continue;
}
- if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
@@ -341,7 +337,6 @@ acl_access_allowed(
continue;
}
- if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
@@ -350,8 +345,8 @@ acl_access_allowed(
return( (b->a_access & ~ACL_SELF) >= access );
}
#ifdef SLAPD_ACLGROUPS
- if ( b->a_group != NULL && op->o_dn != NULL ) {
- char buf[512];
+ if ( b->a_group != NULL && op->o_ndn != NULL ) {
+ char buf[1024];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
@@ -359,6 +354,7 @@ acl_access_allowed(
*/
/* see if asker is listed in dnattr */
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
+ (void) dn_normalize_case(buf);
if (be_group(be, e, buf, odn,
b->a_objectclassvalue, b->a_groupattrname) == 0)
@@ -366,14 +362,12 @@ acl_access_allowed(
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
- if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif /* SLAPD_ACLGROUPS */
}
- if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
@@ -400,9 +394,7 @@ acl_check_mods(
{
int i;
struct acl *a;
- char *edn;
-
- edn = dn_normalize_case( ch_strdup( e->e_dn ) );
+ char *edn = e->e_ndn;
for ( ; mods != NULL; mods = mods->mod_next ) {
regmatch_t matches[MAXREMATCHES];
@@ -418,7 +410,7 @@ acl_check_mods(
continue;
}
- a = acl_get_applicable( be, op, e, mods->mod_type, edn,
+ a = acl_get_applicable( be, op, e, mods->mod_type,
MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
@@ -431,7 +423,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
- free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@@ -442,7 +433,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE, edn, matches) )
{
- free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
@@ -451,7 +441,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
- free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@@ -459,7 +448,6 @@ acl_check_mods(
}
}
- free(edn);
return( LDAP_SUCCESS );
}
diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index 823389b76b..2247a6b9c3 100644
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -58,7 +58,7 @@ do_add( Connection *conn, Operation *op )
entry_rdwr_init(e);
e->e_dn = dn;
- e->e_ndn = dn_normalize( ch_strdup( dn ) );
+ e->e_ndn = dn_normalize_case( ch_strdup( dn ) );
dn = NULL;
Debug( LDAP_DEBUG_ARGS, " do_add: ndn (%s)\n", e->e_ndn, 0, 0 );
@@ -117,11 +117,11 @@ do_add( Connection *conn, Operation *op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL ||
- strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
-
+ if ( be->be_update_ndn == NULL ||
+ strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
+ {
if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
- global_lastmod == ON)) && be->be_updatedn == NULL ) {
+ global_lastmod == ON)) && be->be_update_ndn == NULL ) {
add_created_attrs( op, e );
}
diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c
index 849289ca12..26dfd66154 100644
--- a/servers/slapd/back-ldbm/add.c
+++ b/servers/slapd/back-ldbm/add.c
@@ -20,12 +20,12 @@ ldbm_back_add(
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- char *dn = NULL, *pdn;
+ char *dn, *pdn;
Entry *p = NULL;
int rootlock = 0;
int rc = -1;
- dn = dn_normalize( ch_strdup( e->e_dn ) );
+ dn = e->e_ndn;
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", dn, 0, 0);
@@ -35,7 +35,6 @@ ldbm_back_add(
if ( ( dn2id( be, dn ) ) != NOID ) {
pthread_mutex_unlock(&li->li_add_mutex);
entry_free( e );
- free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
@@ -47,7 +46,6 @@ ldbm_back_add(
0, 0, 0 );
entry_free( e );
- free( dn );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "",
"" );
return( -1 );
@@ -75,7 +73,6 @@ ldbm_back_add(
}
entry_free( e );
- free( dn );
free( pdn );
return -1;
}
@@ -89,8 +86,8 @@ ldbm_back_add(
free( matched );
}
- if ( ! access_allowed( be, conn, op, p, "children", NULL,
- op->o_dn, ACL_WRITE ) )
+ if ( ! access_allowed( be, conn, op, p,
+ "children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@@ -101,13 +98,12 @@ ldbm_back_add(
cache_return_entry_w( &li->li_cache, p );
entry_free( e );
- free( dn );
return -1;
}
} else {
/* no parent, must be adding entry to root */
- if ( ! be_isroot( be, op->o_dn ) ) {
+ if ( ! be_isroot( be, op->o_ndn ) ) {
pthread_mutex_unlock(&li->li_add_mutex);
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n", 0,
0, 0 );
@@ -115,7 +111,6 @@ ldbm_back_add(
"", "" );
entry_free( e );
- free( dn );
return -1;
}
@@ -152,7 +147,6 @@ ldbm_back_add(
* because e hasn't been added to the cache yet
*/
entry_free( e );
- free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
@@ -209,9 +203,6 @@ ldbm_back_add(
rc = 0;
return_results:;
- if ( dn != NULL )
- free( dn );
-
cache_set_state( &li->li_cache, e, 0 );
if (p != NULL) {
diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index 23bb40491a..6b8a972a28 100644
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -64,7 +64,8 @@ ldbm_back_bind(
Operation *op,
char *dn,
int method,
- struct berval *cred
+ struct berval *cred,
+ char** edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@@ -79,6 +80,8 @@ ldbm_back_bind(
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
+ *edn = NULL;
+
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
@@ -91,6 +94,7 @@ ldbm_back_bind(
rc = 1;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
+ *edn = ch_strdup( be_root_dn( be ) );
rc = 0;
} else {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
@@ -102,6 +106,8 @@ ldbm_back_bind(
return( rc );
}
+ *edn = ch_strdup( e->e_dn );
+
/* check for deleted */
switch ( method ) {
@@ -114,6 +120,7 @@ ldbm_back_bind(
goto return_results;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
+ *edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@@ -121,6 +128,7 @@ ldbm_back_bind(
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
+ *edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@@ -130,14 +138,11 @@ ldbm_back_bind(
goto return_results;
}
-#ifdef SLAPD_CRYPT
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
-#else
- if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
-#endif
{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
+ *edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
diff --git a/servers/slapd/back-ldbm/cache.c b/servers/slapd/back-ldbm/cache.c
index f8664f5ebe..a9c31cc3eb 100644
--- a/servers/slapd/back-ldbm/cache.c
+++ b/servers/slapd/back-ldbm/cache.c
@@ -3,9 +3,10 @@
#include "portable.h"
#include <stdio.h>
-int strcasecmp( const char *, const char *);
+#include <ac/string.h>
#include <ac/socket.h>
+
#include "slap.h"
#include "back-ldbm.h"
@@ -35,8 +36,8 @@ cache_entry_cmp( Entry *e1, Entry *e2 )
static int
cache_entrydn_cmp( Entry *e1, Entry *e2 )
{
- /* compare their normalized dn's */
- return( strcasecmp( e1->e_ndn, e2->e_ndn ) );
+ /* compare their normalized UPPERCASED dn's */
+ return( strcmp( e1->e_ndn, e2->e_ndn ) );
}
static int
@@ -235,7 +236,7 @@ cache_find_entry_dn2id(
pthread_mutex_lock( &cache->c_mutex );
e.e_dn = dn;
- e.e_ndn = dn_normalize( ch_strdup( dn ) );
+ e.e_ndn = dn_normalize_case( ch_strdup( dn ) );
if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e,
cache_entrydn_cmp )) != NULL )
diff --git a/servers/slapd/back-ldbm/compare.c b/servers/slapd/back-ldbm/compare.c
index 29f654751c..fc6e171444 100644
--- a/servers/slapd/back-ldbm/compare.c
+++ b/servers/slapd/back-ldbm/compare.c
@@ -35,8 +35,9 @@ ldbm_back_compare(
}
/* check for deleted */
- if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
- op->o_dn, ACL_COMPARE ) ) {
+ if ( ! access_allowed( be, conn, op, e,
+ ava->ava_type, &ava->ava_value, ACL_COMPARE ) )
+ {
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
rc = 1;
goto return_results;
diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c
index 8511c14080..699e57ca96 100644
--- a/servers/slapd/back-ldbm/delete.c
+++ b/servers/slapd/back-ldbm/delete.c
@@ -54,8 +54,9 @@ ldbm_back_delete(
}
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
- if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
- ACL_WRITE ) ) {
+ if ( ! access_allowed( be, conn, op, e,
+ "entry", NULL, ACL_WRITE ) )
+ {
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: insufficient access %s\n",
dn, 0, 0);
@@ -80,8 +81,8 @@ ldbm_back_delete(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
- if ( ! access_allowed( be, conn, op, p, "children", NULL,
- op->o_dn, ACL_WRITE ) )
+ if ( ! access_allowed( be, conn, op, p,
+ "children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@@ -93,7 +94,7 @@ ldbm_back_delete(
} else {
/* no parent, must be root to delete */
- if( ! be_isroot( be, op->o_dn ) ) {
+ if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
diff --git a/servers/slapd/back-ldbm/group.c b/servers/slapd/back-ldbm/group.c
index 623aa2c95b..9087c8524c 100644
--- a/servers/slapd/back-ldbm/group.c
+++ b/servers/slapd/back-ldbm/group.c
@@ -13,67 +13,68 @@
#ifdef SLAPD_ACLGROUPS
-/* return 0 IFF edn is a value in member attribute
- * of entry with bdn AND that entry has an objectClass
+/* return 0 IFF op_dn is a value in member attribute
+ * of entry with gr_dn AND that entry has an objectClass
* value of groupOfNames
*/
int
ldbm_back_group(
- Backend *be,
+ Backend *be,
Entry *target,
- char *bdn,
- char *edn,
- char *objectclassValue,
- char *groupattrName
+ char *gr_ndn,
+ char *op_ndn,
+ char *objectclassValue,
+ char *groupattrName
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
- char *tdn, *xdn;
char *matched;
Attribute *objectClass;
Attribute *member;
int rc;
- Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
- Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
- Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: objectClass: %s attrName: %s\n",
- objectclassValue, groupattrName, 0 );
-
- tdn = dn_normalize_case( ch_strdup( target->e_dn ) );
- xdn = dn_normalize_case( ch_strdup( bdn ) );
- Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: tdn: %s\n", tdn, 0, 0 );
- if (strcmp(tdn, xdn) == 0) {
+ Debug( LDAP_DEBUG_TRACE,
+ "=> ldbm_back_group: gr dn: \"%s\"\n",
+ gr_ndn, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "=> ldbm_back_group: op dn: \"%s\"\n",
+ op_ndn, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "=> ldbm_back_group: objectClass: \"%s\" attrName: \"%s\"\n",
+ objectclassValue, groupattrName, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> ldbm_back_group: tr dn: \"%s\"\n",
+ target->e_ndn, 0, 0 );
+
+ if (strcmp(target->e_ndn, gr_ndn) == 0) {
/* we already have a LOCKED copy of the entry */
e = target;
Debug( LDAP_DEBUG_ARGS,
- "=> ldbm_back_group: target is bdn: %s\n",
- bdn, 0, 0 );
+ "=> ldbm_back_group: target is group: \"%s\"\n",
+ gr_ndn, 0, 0 );
} else {
- /* can we find bdn entry with reader lock */
- if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
+ /* can we find group entry with reader lock */
+ if ((e = dn2entry_r(be, gr_ndn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE,
- "=> ldbm_back_group: cannot find bdn: %s matched: %s\n",
- bdn, (matched ? matched : ""), 0 );
+ "=> ldbm_back_group: cannot find group: \"%s\" matched: \"%s\"\n",
+ gr_ndn, (matched ? matched : ""), 0 );
if (matched != NULL)
free(matched);
- free(tdn);
- free(xdn);
return( 1 );
}
- Debug( LDAP_DEBUG_ARGS,
- "=> ldbm_back_group: found bdn: %s\n",
- bdn, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS,
+ "=> ldbm_back_group: found group: \"%s\"\n",
+ gr_ndn, 0, 0 );
}
- free(tdn);
- free(xdn);
/* check for deleted */
/* find it's objectClass and member attribute values
* make sure this is a group entry
- * finally test if we can find edn in the member attribute value list *
+ * finally test if we can find op_dn in the member attribute value list *
*/
rc = 1;
@@ -92,8 +93,8 @@ ldbm_back_group(
bvObjectClass.bv_val = objectclassValue;
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
- bvMembers.bv_val = edn;
- bvMembers.bv_len = strlen( edn );
+ bvMembers.bv_val = op_ndn;
+ bvMembers.bv_len = strlen( op_ndn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE,
@@ -101,12 +102,14 @@ ldbm_back_group(
objectclassValue, 0, 0 );
}
else if (value_find(member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
- Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: %s\n",
- edn, bdn, groupattrName );
+ Debug( LDAP_DEBUG_ACL,
+ "<= ldbm_back_group: \"%s\" not in \"%s\": %s\n",
+ op_ndn, gr_ndn, groupattrName );
}
else {
- Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: %s\n",
- edn, bdn, groupattrName );
+ Debug( LDAP_DEBUG_ACL,
+ "<= ldbm_back_group: \"%s\" is in \"%s\": %s\n",
+ op_ndn, gr_ndn, groupattrName );
rc = 0;
}
}
@@ -115,8 +118,9 @@ ldbm_back_group(
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
}
- Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
- return(rc);
+
+ Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
+ return(rc);
}
#endif /* SLAPD_ACLGROUPS */
diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c
index 2f74c108f1..98ea6b76ed 100644
--- a/servers/slapd/back-ldbm/modify.c
+++ b/servers/slapd/back-ldbm/modify.c
@@ -53,15 +53,15 @@ ldbm_back_modify(
for ( mod = mods; mod != NULL; mod = mod->mod_next ) {
switch ( mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
- err = add_values( e, mod, op->o_dn );
+ err = add_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_DELETE:
- err = delete_values( e, mod, op->o_dn );
+ err = delete_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_REPLACE:
- err = replace_values( e, mod, op->o_dn );
+ err = replace_values( e, mod, op->o_ndn );
break;
}
diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index ea8b2c4fba..83c67468c4 100644
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -23,7 +23,8 @@ ldbm_back_modrdn(
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
char *matched = NULL;
- char *pdn = NULL, *newdn = NULL;
+ char *p_dn = NULL, *p_ndn = NULL;
+ char *new_dn = NULL, *new_ndn = NULL;
char sep[2];
Entry *e, *p = NULL;
int rootlock = 0;
@@ -40,8 +41,8 @@ ldbm_back_modrdn(
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
- if ( ! access_allowed( be, conn, op, e, "entry", NULL,
- op->o_dn, ACL_WRITE ) )
+ if ( ! access_allowed( be, conn, op, e,
+ "entry", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
@@ -51,9 +52,9 @@ ldbm_back_modrdn(
}
#endif
- if ( (pdn = dn_parent( be, dn )) != NULL ) {
+ if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL ) {
/* parent + rdn + separator(s) + null */
- if( (p = dn2entry_w( be, pdn, &matched )) == NULL) {
+ if( (p = dn2entry_w( be, p_ndn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
@@ -63,8 +64,8 @@ ldbm_back_modrdn(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
- if ( ! access_allowed( be, conn, op, p, "children", NULL,
- op->o_dn, ACL_WRITE ) )
+ if ( ! access_allowed( be, conn, op, p,
+ "children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@@ -74,29 +75,31 @@ ldbm_back_modrdn(
}
#endif
- newdn = (char *) ch_malloc( strlen( pdn ) + strlen( newrdn )
+ p_dn = dn_parent( be, e->e_dn );
+ new_dn = (char *) ch_malloc( strlen( p_dn ) + strlen( newrdn )
+ 3 );
- if ( dn_type( dn ) == DN_X500 ) {
- strcpy( newdn, newrdn );
- strcat( newdn, ", " );
- strcat( newdn, pdn );
+ if ( dn_type( e->e_dn ) == DN_X500 ) {
+ strcpy( new_dn, newrdn );
+ strcat( new_dn, ", " );
+ strcat( new_dn, p_dn );
} else {
char *s;
- strcpy( newdn, newrdn );
+ strcpy( new_dn, newrdn );
s = strchr( newrdn, '\0' );
s--;
if ( *s != '.' && *s != '@' ) {
if ( (s = strpbrk( dn, ".@" )) != NULL ) {
sep[0] = *s;
sep[1] = '\0';
- strcat( newdn, sep );
+ strcat( new_dn, sep );
}
}
- strcat( newdn, pdn );
+ strcat( new_dn, p_dn );
}
+
} else {
/* no parent, modrdn entry directly under root */
- if( ! be_isroot( be, op->o_dn ) ) {
+ if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
@@ -107,12 +110,12 @@ ldbm_back_modrdn(
pthread_mutex_lock(&li->li_root_mutex);
rootlock = 1;
- newdn = ch_strdup( newrdn );
+ new_dn = ch_strdup( newrdn );
}
- (void) dn_normalize( newdn );
+ new_ndn = dn_normalize_case( ch_strdup( new_dn ) );
- if ( (dn2id ( be, newdn ) ) != NOID ) {
+ if ( (dn2id ( be, new_ndn ) ) != NOID ) {
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
goto return_results;
}
@@ -126,20 +129,22 @@ ldbm_back_modrdn(
pthread_mutex_unlock( &op->o_abandonmutex );
/* add new one */
- if ( dn2id_add( be, newdn, e->e_id ) != 0 ) {
+ if ( dn2id_add( be, new_ndn, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
goto return_results;
}
/* delete old one */
- if ( dn2id_delete( be, dn ) != 0 ) {
+ if ( dn2id_delete( be, e->e_ndn ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
goto return_results;
}
(void) cache_delete_entry( &li->li_cache, e );
free( e->e_dn );
- e->e_dn = newdn;
+ free( e->e_ndn );
+ e->e_dn = new_dn;
+ e->e_ndn = new_ndn;
/* XXX
* At some point here we need to update the attribute values in
@@ -161,8 +166,11 @@ ldbm_back_modrdn(
rc = 0;
return_results:
- if( newdn != NULL ) free( newdn );
- if( pdn != NULL ) free( pdn );
+ if( new_dn != NULL ) free( new_dn );
+ if( new_ndn != NULL ) free( new_ndn );
+ if( p_dn != NULL ) free( p_dn );
+ if( p_ndn != NULL ) free( p_ndn );
+
if( matched != NULL ) free( matched );
if( p != NULL ) {
diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index e802ec47d1..6b6d62adab 100644
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -57,14 +57,14 @@ ldbm_back_search(
Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
- if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) {
+ if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
tlimit = -1; /* allow root to set no limit */
} else {
tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
be->be_timelimit : tlimit;
stoptime = op->o_time + tlimit;
}
- if ( slimit == 0 && be_isroot( be, op->o_dn ) ) {
+ if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
slimit = -1; /* allow root to set no limit */
} else {
slimit = (slimit > be->be_sizelimit || slimit < 1) ?
@@ -89,7 +89,7 @@ ldbm_back_search(
realBase = ch_strdup(base);
#endif
- (void) dn_normalize (realBase);
+ (void) dn_normalize_case( realBase );
Debug( LDAP_DEBUG_TRACE, "using base \"%s\"\n",
realBase, 0, 0 );
@@ -185,10 +185,10 @@ ldbm_back_search(
* this for subtree searches, and don't check the filter explicitly
* here since it's only a candidate anyway.
*/
- if ( e->e_dn != NULL &&
- strncasecmp( e->e_dn, "ref=", 4 ) == 0 &&
- (ref = attr_find( e->e_attrs, "ref" )) != NULL &&
- scope == LDAP_SCOPE_SUBTREE )
+ if ( scope == LDAP_SCOPE_SUBTREE &&
+ e->e_ndn != NULL &&
+ strncmp( e->e_ndn, "REF=", 4 ) == 0 &&
+ (ref = attr_find( e->e_attrs, "ref" )) != NULL )
{
int i, len;
@@ -219,15 +219,16 @@ ldbm_back_search(
scopeok = 1;
if ( scope == LDAP_SCOPE_ONELEVEL ) {
if ( (dn = dn_parent( be, e->e_dn )) != NULL ) {
- (void) dn_normalize( dn );
- scopeok = (dn == realBase) ? 1 : (! strcasecmp( dn, realBase ));
+ (void) dn_normalize_case( dn );
+ scopeok = (dn == realBase)
+ ? 1
+ : (strcmp( dn, realBase ) ? 0 : 1 );
+ free( dn );
} else {
scopeok = (realBase == NULL || *realBase == '\0');
}
- free( dn );
} else if ( scope == LDAP_SCOPE_SUBTREE ) {
- dn = ch_strdup( e->e_dn );
- (void) dn_normalize( dn );
+ dn = ch_strdup( e->e_ndn );
scopeok = dn_issuffix( dn, realBase );
free( dn );
}
diff --git a/servers/slapd/back-passwd/search.c b/servers/slapd/back-passwd/search.c
index a97206fe31..cbfc68fb4d 100644
--- a/servers/slapd/back-passwd/search.c
+++ b/servers/slapd/back-passwd/search.c
@@ -136,7 +136,7 @@ pw2entry( Backend *be, struct passwd *pw )
sprintf( buf, "%s@%s", pw->pw_name, be->be_suffix[0] );
e->e_dn = ch_strdup( buf );
- e->e_ndn = ch_strdup( buf );
+ e->e_ndn = dn_normalize_case( ch_strdup( buf ) );
val.bv_val = pw->pw_name;
val.bv_len = strlen( pw->pw_name );
diff --git a/servers/slapd/back-shell/bind.c b/servers/slapd/back-shell/bind.c
index ac1ab4e982..025cbe973c 100644
--- a/servers/slapd/back-shell/bind.c
+++ b/servers/slapd/back-shell/bind.c
@@ -17,13 +17,16 @@ shell_back_bind(
Operation *op,
char *dn,
int method,
- struct berval *cred
+ struct berval *cred,
+ char **edn
)
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
FILE *rfp, *wfp;
int rc;
+ *edn = NULL;
+
if ( si->si_bind == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"bind not implemented" );
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index ffae45af4f..f50a6e1c7b 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -134,7 +134,7 @@ select_backend( char * dn )
continue;
}
- if ( strcasecmp( backends[i].be_suffix[j],
+ if ( strcmp( backends[i].be_suffix[j],
dn + (dnlen - len) ) == 0 ) {
return( &backends[i] );
}
@@ -154,7 +154,7 @@ select_backend( char * dn )
continue;
}
- if ( strcasecmp( backends[i].be_suffixAlias[j],
+ if ( strcmp( backends[i].be_suffixAlias[j],
dn + (dnlen - len) ) == 0 ) {
return( &backends[i] );
}
@@ -187,7 +187,7 @@ be_issuffix(
int i;
for ( i = 0; be->be_suffix != NULL && be->be_suffix[i] != NULL; i++ ) {
- if ( strcasecmp( be->be_suffix[i], suffix ) == 0 ) {
+ if ( strcmp( be->be_suffix[i], suffix ) == 0 ) {
return( 1 );
}
}
@@ -196,22 +196,37 @@ be_issuffix(
}
int
-be_isroot( Backend *be, char *dn )
+be_isroot( Backend *be, char *ndn )
{
- if ( dn == NULL ) {
+ int rc;
+
+ if ( ndn == NULL || be->be_root_ndn == NULL ) {
return( 0 );
}
- return( be->be_rootdn ? strcasecmp( be->be_rootdn, dn ) == 0
- : 0 );
+ rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1;
+
+ return(rc);
+}
+
+char *
+be_root_dn( Backend *be )
+{
+ int rc;
+
+ if ( be->be_root_dn == NULL ) {
+ return( "" );
+ }
+
+ return be->be_root_dn;
}
int
-be_isroot_pw( Backend *be, char *dn, struct berval *cred )
+be_isroot_pw( Backend *be, char *ndn, struct berval *cred )
{
int result;
- if ( ! be_isroot( be, dn ) ) {
+ if ( ! be_isroot( be, ndn ) ) {
return( 0 );
}
@@ -219,7 +234,7 @@ be_isroot_pw( Backend *be, char *dn, struct berval *cred )
pthread_mutex_lock( &crypt_mutex );
#endif
- result = lutil_passwd( cred->bv_val, be->be_rootpw );
+ result = lutil_passwd( cred->bv_val, be->be_root_pw );
#ifdef SLAPD_CRYPT
pthread_mutex_unlock( &crypt_mutex );
@@ -260,17 +275,17 @@ be_unbind(
int
be_group(
Backend *be,
- Entry *e,
- char *bdn,
- char *edn,
+ Entry *target,
+ char *gr_ndn,
+ char *op_ndn,
char *objectclassValue,
char *groupattrName
)
{
- if (be->be_group)
- return(be->be_group(be, e, bdn, edn,
- objectclassValue, groupattrName));
- else
- return(1);
+ if (be->be_group)
+ return( be->be_group(be, target, gr_ndn, op_ndn,
+ objectclassValue, groupattrName) );
+ else
+ return(1);
}
#endif
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 9d4f01fddf..aed9559ffa 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -29,8 +29,8 @@ do_bind(
{
BerElement *ber = op->o_ber;
int version, method, len;
+ char *cdn, *ndn;
unsigned long rc;
- char *dn;
struct berval cred;
Backend *be;
@@ -65,14 +65,15 @@ do_bind(
if ( ber_peek_tag( &tber, &tlen ) == LBER_SEQUENCE ) {
Debug( LDAP_DEBUG_ANY, "version 3.0 detected\n", 0, 0, 0 );
conn->c_version = 30;
- rc = ber_scanf(ber, "{{iato}}", &version, &dn, &method, &cred);
+ rc = ber_scanf(ber, "{{iato}}", &version, &cdn, &method, &cred);
} else {
- rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
+ rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
}
}
#else
- rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
+ rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
#endif
+
if ( rc == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
@@ -96,14 +97,21 @@ do_bind(
}
}
#endif /* compat30 */
- dn_normalize( dn );
+
+ Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
+ version, cdn, method );
+
+ ndn = dn_normalize_case( ch_strdup( cdn ) );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d BIND dn=\"%s\" method=%d\n",
- conn->c_connid, op->o_opid, dn, method, 0 );
+ conn->c_connid, op->o_opid, ndn, method, 0 );
if ( version != LDAP_VERSION2 ) {
- if ( dn != NULL ) {
- free( dn );
+ if ( cdn != NULL ) {
+ free( cdn );
+ }
+ if ( ndn != NULL ) {
+ free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@@ -115,13 +123,13 @@ do_bind(
return;
}
- Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
- version, dn, method );
-
/* accept null binds */
- if ( dn == NULL || *dn == '\0' ) {
- if ( dn != NULL ) {
- free( dn );
+ if ( ndn == NULL || *ndn == '\0' ) {
+ if ( cdn != NULL ) {
+ free( cdn );
+ }
+ if ( ndn != NULL ) {
+ free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@@ -137,8 +145,9 @@ do_bind(
* if we don't hold it.
*/
- if ( (be = select_backend( dn )) == NULL ) {
- free( dn );
+ if ( (be = select_backend( ndn )) == NULL ) {
+ free( cdn );
+ free( ndn );
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}
@@ -155,27 +164,56 @@ do_bind(
return;
}
- /* alias suffix */
- dn = suffixAlias ( dn, op, be );
-
if ( be->be_bind != NULL ) {
- if ( (*be->be_bind)( be, conn, op, dn, method, &cred ) == 0 ) {
+ /* alias suffix */
+ char *edn;
+
+ ndn = suffixAlias( ndn, op, be );
+
+ if ( (*be->be_bind)( be, conn, op, ndn, method, &cred, &edn ) == 0 ) {
pthread_mutex_lock( &conn->c_dnmutex );
- if ( conn->c_dn != NULL ) {
+
+ if ( conn->c_cdn != NULL ) {
+ free( conn->c_cdn );
+ }
+
+ conn->c_cdn = cdn;
+ cdn = NULL;
+
+ if ( conn->c_cdn != NULL ) {
free( conn->c_dn );
}
- conn->c_dn = ch_strdup( dn );
+
+ if(edn != NULL) {
+ conn->c_dn = edn;
+ } else {
+ conn->c_dn = ndn;
+ ndn = NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "do_bind: bound \"%s\" to \"%s\"\n",
+ conn->c_cdn, conn->c_dn, method );
+
pthread_mutex_unlock( &conn->c_dnmutex );
/* send this here to avoid a race condition */
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
+
+ } else if (edn != NULL) {
+ free( edn );
}
+
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
- free( dn );
+ if( cdn != NULL ) {
+ free( cdn );
+ }
+ if( ndn != NULL ) {
+ free( ndn );
+ }
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}
diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 88a63e8b21..f6675d17ce 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -24,7 +24,7 @@ do_compare(
Operation *op
)
{
- char *dn;
+ char *ndn;
Ava ava;
int rc;
Backend *be;
@@ -43,28 +43,29 @@ do_compare(
* }
*/
- if ( ber_scanf( op->o_ber, "{a{ao}}", &dn, &ava.ava_type,
+ if ( ber_scanf( op->o_ber, "{a{ao}}", &ndn, &ava.ava_type,
&ava.ava_value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
- dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
- dn, ava.ava_type, ava.ava_value.bv_val );
+ ndn, ava.ava_type, ava.ava_value.bv_val );
+
+ ndn = dn_normalize_case( ndn );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d CMP dn=\"%s\" attr=\"%s\"\n",
- conn->c_connid, op->o_opid, dn, ava.ava_type, 0 );
+ conn->c_connid, op->o_opid, ndn, ava.ava_type, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (be = select_backend( dn )) == NULL ) {
- free( dn );
+ if ( (be = select_backend( ndn )) == NULL ) {
+ free( ndn );
ava_free( &ava, 0 );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@@ -72,13 +73,16 @@ do_compare(
return;
}
+ /* alias suffix if approp */
+ ndn = suffixAlias( ndn, op, be );
+
if ( be->be_compare != NULL ) {
- (*be->be_compare)( be, conn, op, dn, &ava );
+ (*be->be_compare)( be, conn, op, ndn, &ava );
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
- free( dn );
+ free( ndn );
ava_free( &ava, 0 );
}
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index d56881a836..77ea816731 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -34,7 +34,7 @@ void
read_config( char *fname, Backend **bep, FILE *pfp )
{
FILE *fp;
- char *line, *savefname, *dn;
+ char *line, *savefname;
int cargc, savelineno;
char *cargv[MAXARGS];
int lineno, i;
@@ -128,8 +128,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: suffix line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
- dn = ch_strdup( cargv[1] );
- (void) dn_normalize( dn );
+ char *dn = ch_strdup( cargv[1] );
+ (void) dn_normalize_case( dn );
charray_add( &be->be_suffix, dn );
}
@@ -155,13 +155,28 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: suffixAlias line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
- dn = ch_strdup( cargv[1] );
- (void) dn_normalize( dn );
- charray_add( &be->be_suffixAlias, dn );
+ char *alias, *aliased_dn;
- dn = ch_strdup( cargv[2] );
- (void) dn_normalize( dn );
- charray_add( &be->be_suffixAlias, dn );
+ alias = ch_strdup( cargv[1] );
+ (void) dn_normalize( alias );
+
+ aliased_dn = ch_strdup( cargv[2] );
+ (void) dn_normalize( aliased_dn );
+
+
+ if ( strcasecmp( alias, aliased_dn) ) {
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: suffixAlias %s is not different from aliased dn (ignored)\n",
+ fname, lineno, alias );
+ } else {
+ (void) dn_normalize_case( alias );
+ (void) dn_normalize_case( aliased_dn );
+ charray_add( &be->be_suffixAlias, alias );
+ charray_add( &be->be_suffixAlias, aliased_dn );
+ }
+
+ free(alias);
+ free(aliased_dn);
}
/* set max deref depth */
@@ -194,9 +209,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
- dn = ch_strdup( cargv[1] );
- (void) dn_normalize( dn );
- be->be_rootdn = dn;
+ be->be_root_dn = ch_strdup( cargv[1] );
+ be->be_root_ndn = dn_normalize_case( ch_strdup( cargv[1] ) );
}
/* set super-secret magic database password */
@@ -212,7 +226,7 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
- be->be_rootpw = ch_strdup( cargv[1] );
+ be->be_root_pw = ch_strdup( cargv[1] );
}
/* make this database read-only */
@@ -352,8 +366,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
- be->be_updatedn = ch_strdup( cargv[1] );
- (void) dn_normalize( be->be_updatedn );
+ be->be_update_ndn = ch_strdup( cargv[1] );
+ (void) dn_normalize_case( be->be_update_ndn );
}
/* replication log file to which changes are appended */
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 85954be7cb..738707165d 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -87,6 +87,7 @@ slapd_daemon(
for ( i = 0; i < dtblsize; i++ ) {
c[i].c_dn = NULL;
+ c[i].c_cdn = NULL;
c[i].c_addr = NULL;
c[i].c_domain = NULL;
c[i].c_ops = NULL;
@@ -344,6 +345,10 @@ slapd_daemon(
free( c[ns].c_dn );
c[ns].c_dn = NULL;
}
+ if ( c[ns].c_cdn != NULL ) {
+ free( c[ns].c_cdn );
+ c[ns].c_cdn = NULL;
+ }
pthread_mutex_unlock( &c[ns].c_dnmutex );
c[ns].c_starttime = currenttime;
c[ns].c_opsinitiated = 0;
diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c
index 41ec2e2a29..66f68d9d89 100644
--- a/servers/slapd/delete.c
+++ b/servers/slapd/delete.c
@@ -25,7 +25,7 @@ do_delete(
Operation *op
)
{
- char *dn, *odn;
+ char *ndn;
Backend *be;
Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@@ -36,46 +36,46 @@ do_delete(
* DelRequest := DistinguishedName
*/
- if ( ber_scanf( op->o_ber, "a", &dn ) == LBER_ERROR ) {
+ if ( ber_scanf( op->o_ber, "a", &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
- odn = ch_strdup( dn );
- dn_normalize( dn );
- Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", dn, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", ndn, 0, 0 );
- Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", dn, 0, 0 );
+ dn_normalize_case( ndn );
+
+ Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (be = select_backend( dn )) == NULL ) {
- free( dn );
- free( odn );
+ if ( (be = select_backend( ndn )) == NULL ) {
+ free( ndn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
- /* alias suffix if approp */
- dn = suffixAlias ( dn, op, be );
+ /* alias suffix if approp */
+ ndn = suffixAlias( ndn, op, be );
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
* 2) this backend is master for what it holds;
- * 3) it's a replica and the dn supplied is the updatedn.
+ * 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_delete != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
- op->o_dn ) == 0 ) {
- if ( (*be->be_delete)( be, conn, op, dn ) == 0 ) {
- replog( be, LDAP_REQ_DELETE, odn, NULL, 0 );
+ if ( be->be_update_ndn == NULL ||
+ strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
+ {
+ if ( (*be->be_delete)( be, conn, op, ndn ) == 0 ) {
+ replog( be, LDAP_REQ_DELETE, ndn, NULL, 0 );
}
} else {
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@@ -86,6 +86,5 @@ do_delete(
"Function not implemented" );
}
- free( dn );
- free( odn );
+ free( ndn );
}
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 495eca4b70..ec57f75ec7 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -11,10 +11,6 @@
#include "slap.h"
-#define DNSEPARATOR(c) (c == ',' || c == ';')
-#define SEPARATOR(c) (c == ',' || c == ';' || c == '+')
-#define SPACE(c) (c == ' ' || c == '\n')
-#define NEEDSESCAPE(c) (c == '\\' || c == '"')
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@@ -233,7 +229,7 @@ dn_issuffix(
return( 0 );
}
- return( strcasecmp( dn + dnlen - suffixlen, suffix ) == 0 );
+ return( strcmp( dn + dnlen - suffixlen, suffix ) == 0 );
}
/*
diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c
index 3977211ce7..b5f25d70d8 100644
--- a/servers/slapd/entry.c
+++ b/servers/slapd/entry.c
@@ -109,7 +109,7 @@ str2entry( char *s )
e->e_id, e->e_ndn, value );
free( e->e_ndn );
}
- e->e_ndn = dn_normalize( ch_strdup( value ) );
+ e->e_ndn = dn_normalize_case( ch_strdup( value ) );
continue;
}
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c
index 7d429f27c5..a6528b2877 100644
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -110,8 +110,9 @@ test_ava_filter(
int i, rc;
Attribute *a;
- if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
- &ava->ava_value, op->o_dn, ACL_SEARCH ) ) {
+ if ( be != NULL && ! access_allowed( be, conn, op, e,
+ ava->ava_type, &ava->ava_value, ACL_SEARCH ) )
+ {
return( -2 );
}
@@ -159,8 +160,9 @@ test_presence_filter(
char *type
)
{
- if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL,
- op->o_dn, ACL_SEARCH ) ) {
+ if ( be != NULL && ! access_allowed( be, conn, op, e,
+ type, NULL, ACL_SEARCH ) )
+ {
return( -2 );
}
@@ -180,8 +182,9 @@ test_approx_filter(
int i, rc, match;
Attribute *a;
- if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
- NULL, op->o_dn, ACL_SEARCH ) ) {
+ if ( be != NULL && ! access_allowed( be, conn, op, e,
+ ava->ava_type, NULL, ACL_SEARCH ) )
+ {
return( -2 );
}
@@ -316,8 +319,9 @@ test_substring_filter(
Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
- if ( be != NULL && ! access_allowed( be, conn, op, e, f->f_sub_type,
- NULL, op->o_dn, ACL_SEARCH ) ) {
+ if ( be != NULL && ! access_allowed( be, conn, op, e,
+ f->f_sub_type, NULL, ACL_SEARCH ) )
+ {
return( -2 );
}
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index b19e290f75..dd7ecf0027 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -222,6 +222,7 @@ main( int argc, char **argv )
struct hostent *hp;
c.c_dn = NULL;
+ c.c_cdn = NULL;
c.c_ops = NULL;
c.c_sb.sb_sd = 0;
c.c_sb.sb_options = 0;
diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index d3fb13a0a1..01e75b2f06 100644
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -30,7 +30,7 @@ do_modify(
Operation *op
)
{
- char *dn, *odn;
+ char *ndn;
char *last;
unsigned long tag, len;
LDAPMod *mods, *tmp;
@@ -58,15 +58,15 @@ do_modify(
* }
*/
- if ( ber_scanf( op->o_ber, "{a", &dn ) == LBER_ERROR ) {
+ if ( ber_scanf( op->o_ber, "{a" /*}*/, &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
- odn = ch_strdup( dn );
- dn_normalize( dn );
- Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", ndn, 0, 0 );
+
+ (void) dn_normalize_case( ndn );
/* collect modifications & save for later */
mods = NULL;
@@ -83,8 +83,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"decoding error" );
- free( dn );
- free( odn );
+ free( ndn );
free( *modtail );
*modtail = NULL;
modlist_free( mods );
@@ -97,8 +96,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"unrecognized modify operation" );
- free( dn );
- free( odn );
+ free( ndn );
modlist_free( mods );
return;
}
@@ -107,8 +105,7 @@ do_modify(
!= LDAP_MOD_DELETE ) {
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"no values given" );
- free( dn );
- free( odn );
+ free( ndn );
modlist_free( mods );
return;
}
@@ -128,42 +125,41 @@ do_modify(
#endif
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MOD dn=\"%s\"\n",
- conn->c_connid, op->o_opid, dn, 0, 0 );
+ conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (be = select_backend( dn )) == NULL ) {
- free( dn );
- free( odn );
+ if ( (be = select_backend( ndn )) == NULL ) {
+ free( ndn );
modlist_free( mods );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
- /* alias suffix if approp */
- dn = suffixAlias ( dn, op, be );
+ /* alias suffix if approp */
+ ndn = suffixAlias ( ndn, op, be );
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
* 2) this backend is master for what it holds;
- * 3) it's a replica and the dn supplied is the updatedn.
+ * 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modify != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL ||
- strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
-
+ if ( be->be_update_ndn == NULL ||
+ strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
+ {
if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED &&
- global_lastmod == ON ) ) && be->be_updatedn == NULL ) {
+ global_lastmod == ON ) ) && be->be_update_ndn == NULL ) {
add_lastmods( op, &mods );
}
- if ( (*be->be_modify)( be, conn, op, odn, mods ) == 0 ) {
- replog( be, LDAP_REQ_MODIFY, dn, mods, 0 );
+ if ( (*be->be_modify)( be, conn, op, ndn, mods ) == 0 ) {
+ replog( be, LDAP_REQ_MODIFY, ndn, mods, 0 );
}
/* send a referral */
@@ -176,8 +172,7 @@ do_modify(
"Function not implemented" );
}
- free( dn );
- free( odn );
+ free( ndn );
modlist_free( mods );
}
diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index 3a7e96704e..1a446db3bf 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -25,7 +25,7 @@ do_modrdn(
Operation *op
)
{
- char *dn, *odn, *newrdn;
+ char *ndn, *newrdn;
int deloldrdn;
Backend *be;
@@ -40,21 +40,21 @@ do_modrdn(
* }
*/
- if ( ber_scanf( op->o_ber, "{aab}", &dn, &newrdn, &deloldrdn )
+ if ( ber_scanf( op->o_ber, "{aab}", &ndn, &newrdn, &deloldrdn )
== LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
- odn = ch_strdup( dn );
- dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS,
- "do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", dn, newrdn,
+ "do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", ndn, newrdn,
deloldrdn );
+ dn_normalize_case( ndn );
+
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MODRDN dn=\"%s\"\n",
- conn->c_connid, op->o_opid, dn, 0, 0 );
+ conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
@@ -62,28 +62,31 @@ do_modrdn(
* if we don't hold it.
*/
- if ( (be = select_backend( dn )) == NULL ) {
- free( dn );
- free( odn );
+ if ( (be = select_backend( ndn )) == NULL ) {
+ free( ndn );
free( newrdn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
+ /* alias suffix if approp */
+ ndn = suffixAlias( ndn, op, be );
+
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
* 2) this backend is master for what it holds;
- * 3) it's a replica and the dn supplied is the updatedn.
+ * 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modrdn != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
- op->o_dn ) == 0 ) {
- if ( (*be->be_modrdn)( be, conn, op, dn, newrdn,
+ if ( be->be_update_ndn == NULL ||
+ strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
+ {
+ if ( (*be->be_modrdn)( be, conn, op, ndn, newrdn,
deloldrdn ) == 0 ) {
- replog( be, LDAP_REQ_MODRDN, odn, newrdn,
+ replog( be, LDAP_REQ_MODRDN, ndn, newrdn,
deloldrdn );
}
} else {
@@ -95,7 +98,6 @@ do_modrdn(
"Function not implemented" );
}
- free( dn );
- free( odn );
+ free( ndn );
free( newrdn );
}
diff --git a/servers/slapd/monitor.c b/servers/slapd/monitor.c
index 9efffc788e..f9514fd519 100644
--- a/servers/slapd/monitor.c
+++ b/servers/slapd/monitor.c
@@ -49,7 +49,7 @@ monitor_info( Connection *conn, Operation *op )
entry_rdwr_init(e);
e->e_attrs = NULL;
e->e_dn = ch_strdup( SLAPD_MONITOR_DN );
- e->e_ndn = NULL;
+ e->e_ndn = dn_normalize_case( ch_strdup(SLAPD_MONITOR_DN) );
val.bv_val = Versionstr;
if (( p = strchr( Versionstr, '\n' )) == NULL ) {
@@ -91,7 +91,7 @@ monitor_info( Connection *conn, Operation *op )
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %d : %d : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
- c[i].c_dn ? c[i].c_dn : "NULLDN",
+ c[i].c_cdn ? c[i].c_cdn : "NULLDN",
c[i].c_gettingber ? "r" : "",
c[i].c_writewaiter ? "w" : "" );
pthread_mutex_unlock( &c[i].c_dnmutex );
diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c
index 47d084d6b4..56085eeb73 100644
--- a/servers/slapd/operation.c
+++ b/servers/slapd/operation.c
@@ -18,6 +18,9 @@ slap_op_free( Operation *op )
if ( op->o_dn != NULL ) {
free( op->o_dn );
}
+ if ( op->o_ndn != NULL ) {
+ free( op->o_ndn );
+ }
/* pthread_mutex_destroy( &op->o_abandonmutex ); */
free( (char *) op );
}
@@ -45,7 +48,10 @@ slap_op_add(
(*tmp)->o_msgid = msgid;
(*tmp)->o_tag = tag;
(*tmp)->o_abandon = 0;
+
(*tmp)->o_dn = ch_strdup( dn != NULL ? dn : "" );
+ (*tmp)->o_ndn = dn_normalize_case( ch_strdup( (*tmp)->o_dn ) );
+
pthread_mutex_lock( ¤ttime_mutex );
(*tmp)->o_time = currenttime;
pthread_mutex_unlock( ¤ttime_mutex );
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 52129b74e1..aaa7b42a37 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -7,11 +7,14 @@
* acl.c
*/
-int access_allowed LDAP_P(( Backend *be, Connection *conn, Operation *op, Entry *e,
- char *attr, struct berval *val, char *dn, int access ));
+int access_allowed LDAP_P(( Backend *be, Connection *conn,
+ Operation *op, Entry *e,
+ char *attr, struct berval *val, int access ));
+
+struct acl * acl_get_applicable LDAP_P(( Backend *be,
+ Operation *op, Entry *e,
+ char *attr, int nmatches, regmatch_t *matches ));
-struct acl * acl_get_applicable LDAP_P(( Backend *be, Operation *op, Entry *e,
- char *attr, char *edn, int nmatches, regmatch_t *matches ));
int acl_access_allowed LDAP_P(( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access, char *edn,
regmatch_t *matches ));
@@ -55,8 +58,9 @@ void ava_free LDAP_P(( Ava *ava, int freeit ));
Backend * new_backend LDAP_P(( char *type ));
Backend * select_backend LDAP_P(( char * dn ));
int be_issuffix LDAP_P(( Backend *be, char *suffix ));
-int be_isroot LDAP_P(( Backend *be, char *dn ));
-int be_isroot_pw LDAP_P(( Backend *be, char *dn, struct berval *cred ));
+int be_isroot LDAP_P(( Backend *be, char *ndn ));
+int be_isroot_pw LDAP_P(( Backend *be, char *ndn, struct berval *cred ));
+char* be_root_dn LDAP_P(( Backend *be ));
void be_close LDAP_P(( void ));
/*
@@ -259,8 +263,9 @@ extern struct acl *global_acl;
extern struct objclass *global_oc;
extern time_t currenttime;
-extern int be_group LDAP_P((Backend *be, Entry *e,
- char *bdn, char *edn, char *objectclassValue, char *groupattrName));
+extern int be_group LDAP_P((Backend *be, Entry *target,
+ char *gr_ndn, char *op_ndn,
+ char *objectclassValue, char *groupattrName));
extern void init LDAP_P((void));
extern void be_unbind LDAP_P((Connection *conn, Operation *op));
extern void config_info LDAP_P((Connection *conn, Operation *op));
@@ -287,7 +292,9 @@ extern time_t starttime;
#endif
#ifdef SLAPD_LDBM
-extern int ldbm_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
+extern int ldbm_back_bind LDAP_P((Backend *be,
+ Connection *c, Operation *o,
+ char *dn, int method, struct berval *cred, char** edn ));
extern void ldbm_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int ldbm_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int ldbm_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));
@@ -300,7 +307,8 @@ extern void ldbm_back_config LDAP_P((Backend *be, char *fname, int lineno, int a
extern void ldbm_back_init LDAP_P((Backend *be));
extern void ldbm_back_close LDAP_P((Backend *be));
extern int ldbm_back_group LDAP_P((Backend *be, Entry *target,
- char *bdn, char *edn, char *objectclassValue, char *groupattrName ));
+ char *gr_ndn, char *op_ndn,
+ char *objectclassValue, char *groupattrName ));
#endif
#ifdef SLAPD_PASSWD
@@ -309,7 +317,9 @@ extern void passwd_back_config LDAP_P((Backend *be, char *fname, int lineno, int
#endif
#ifdef SLAPD_SHELL
-extern int shell_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
+extern int shell_back_bind LDAP_P((Backend *be,
+ Connection *c, Operation *o,
+ char *dn, int method, struct berval *cred, char** edn ));
extern void shell_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int shell_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int shell_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 04490d3b72..12e90a805b 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -193,14 +193,15 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
- if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
- ACL_READ ) ) {
+ if ( ! access_allowed( be, conn, op, e,
+ "entry", NULL, ACL_READ ) )
+ {
Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
0, 0, 0 );
return( 1 );
}
- edn = dn_normalize_case( ch_strdup( e->e_dn ) );
+ edn = e->e_ndn;
#ifdef LDAP_COMPAT30
if ( (ber = ber_alloc_t( conn->c_version == 30 ? 0 : LBER_USE_DER ))
@@ -251,12 +252,12 @@ send_search_entry(
a->a_type, 0, 0 );
acl = NULL;
} else {
- acl = acl_get_applicable( be, op, e, a->a_type, edn,
+ acl = acl_get_applicable( be, op, e, a->a_type,
MAXREMATCHES, matches );
}
- if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
- edn, matches ) )
+ if ( ! acl_access_allowed( acl, be, conn, e,
+ NULL, op, ACL_READ, edn, matches ) )
{
continue;
}
@@ -302,8 +303,6 @@ send_search_entry(
}
}
- free(edn);
-
#ifdef LDAP_COMPAT30
if ( conn->c_version == 30 ) {
rc = ber_printf( ber, "}}}}" );
@@ -382,7 +381,6 @@ send_search_entry(
return( rc );
error_return:;
- free(edn);
return( 1 );
}
diff --git a/servers/slapd/search.c b/servers/slapd/search.c
index a5cdd9c0af..2779fe0bdd 100644
--- a/servers/slapd/search.c
+++ b/servers/slapd/search.c
@@ -73,7 +73,8 @@ do_search(
"Unknown search scope" );
goto return_results;
}
- (void) dn_normalize( base );
+
+ (void) dn_normalize_case( base );
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit,
@@ -108,19 +109,19 @@ do_search(
#if defined( SLAPD_MONITOR_DN ) || defined( SLAPD_CONFIG_DN ) || defined( SLAPD_SCHEMA_DN )
if ( scope == LDAP_SCOPE_BASE ) {
#if defined( SLAPD_MONITOR_DN )
- if ( strcasecmp( base, SLAPD_MONITOR_DN ) == 0 ) {
+ if ( strcmp( base, SLAPD_MONITOR_DN ) == 0 ) {
monitor_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_CONFIG_DN )
- if ( strcasecmp( base, SLAPD_CONFIG_DN ) == 0 ) {
+ if ( strcmp( base, SLAPD_CONFIG_DN ) == 0 ) {
config_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_SCHEMA_DN )
- if ( strcasecmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
+ if ( strcmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
schema_info( conn, op );
goto return_results;
}
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index deb7787cb6..9a883c0b68 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -35,6 +35,11 @@
#define MAXREMATCHES 10
+#define DNSEPARATOR(c) ((c) == ',' || (c) == ';')
+#define SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+')
+#define SPACE(c) ((c) == ' ' || (c) == '\n')
+#define NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
+
LDAP_BEGIN_DECL
struct slap_op;
@@ -196,8 +201,9 @@ typedef struct backend Backend;
struct backend {
char **be_suffix; /* the DN suffixes of data in this backend */
char **be_suffixAlias; /* the DN suffix aliases of data in this backend */
- char *be_rootdn; /* the magic "root" dn for this db */
- char *be_rootpw; /* the magic "root" password for this db */
+ char *be_root_dn; /* the magic "root" dn for this db */
+ char *be_root_ndn; /* the magic "root" normalized dn for this db */
+ char *be_root_pw; /* the magic "root" password for this db */
int be_readonly; /* 1 => db is in "read only" mode */
int be_maxDerefDepth; /* limit for depth of an alias deref */
int be_sizelimit; /* size limit for this backend */
@@ -206,7 +212,7 @@ struct backend {
int be_dfltaccess; /* access given if no acl matches */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
- char *be_updatedn; /* allowed to make changes (in replicas) */
+ char *be_update_ndn; /* allowed to make changes (in replicas) */
int be_lastmod; /* keep track of lastmodified{by,time} */
char *be_type; /* type of database */
@@ -215,7 +221,7 @@ struct backend {
/* backend routines */
int (*be_bind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o,
- char *dn, int method, struct berval *cred ));
+ char *dn, int method, struct berval *cred, char** edn ));
void (*be_unbind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o ));
int (*be_search) LDAP_P((Backend *be,
@@ -263,8 +269,7 @@ typedef struct slap_op {
unsigned long o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
char *o_dn; /* dn bound when op was initiated */
- char *o_suffix; /* suffix if aliased */
- char *o_suffixAliased; /* pending suffix translation */
+ char *o_ndn; /* normalized dn bound when op was initiated */
int o_authtype; /* auth method used to bind dn */
/* values taken from ldap.h */
/* LDAP_AUTH_* */
@@ -289,7 +294,8 @@ typedef struct slap_op {
typedef struct slap_conn {
Sockbuf c_sb; /* ber connection stuff */
- char *c_dn; /* current DN bound to this conn */
+ char *c_cdn; /* DN provided by the client */
+ char *c_dn; /* DN bound to this conn */
pthread_mutex_t c_dnmutex; /* mutex for c_dn field */
int c_authtype; /* auth method used to bind c_dn */
#ifdef LDAP_COMPAT
diff --git a/servers/slapd/suffixalias.c b/servers/slapd/suffixalias.c
index 31a09838cb..7fff1f6170 100644
--- a/servers/slapd/suffixalias.c
+++ b/servers/slapd/suffixalias.c
@@ -1,4 +1,10 @@
/*
+ * Copyright 1999 The OpenLDAP Foundation, All Rights Reserved.
+ *
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file in the top level
+ * directory of this package.
+ */
+/* Portions
* Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
* All rights reserved.
*
@@ -18,7 +24,7 @@
#include "slap.h"
/*
- * given a dn (or root part), return an aliased dn if any of the
+ * given a normalized uppercased dn (or root part), return an aliased dn if any of the
* alias suffixes match
*/
char *suffixAlias (char *dn, Operation *op, Backend *be)
@@ -28,26 +34,31 @@ char *suffixAlias (char *dn, Operation *op, Backend *be)
if(dn == NULL) return NULL;
dnLength = strlen ( dn );
- op->o_suffix = NULL;
- op->o_suffixAliased = NULL;
for ( i = 0;
be->be_suffixAlias != NULL && be->be_suffixAlias[i] != NULL;
i += 2) {
int aliasLength = strlen (be->be_suffixAlias[i]);
- if (aliasLength > dnLength) {
- continue;
- }
+ int diff = dnLength - aliasLength;
+
+ if ( diff < 0 ) {
+ /* alias is longer than dn */
+ continue;
+ } else if ( diff > 0 ) {
+ if ( ! DNSEPARATOR(dn[diff-1]) ) {
+ /* boundary is not at a DN separator */
+ continue;
+ }
+ /* At a DN Separator */
+ /* XXX or an escaped separator... oh well */
+ }
- if (!strcasecmp(be->be_suffixAlias[i],
- dn + (dnLength - aliasLength))) {
+ if (!strcmp(be->be_suffixAlias[i], &dn[diff])) {
char *oldDN = dn;
- op->o_suffixAliased = ch_strdup ( be->be_suffixAlias[i] );
- dn = ch_malloc ( (dnLength - aliasLength) +
- strlen (be->be_suffixAlias[ i+1 ]) + 1);
- strncpy (dn, oldDN, dnLength - aliasLength);
- strcpy (dn + (dnLength - aliasLength), be->be_suffixAlias[ i+1 ]);
- op->o_suffix = ch_strdup (dn);
- Debug( LDAP_DEBUG_ARGS, "ALIAS: converted %s to %s", oldDN, dn, 0);
+ dn = ch_malloc( diff + strlen(be->be_suffixAlias[i+1]) + 1 );
+ strncpy( dn, oldDN, diff );
+ strcpy( &dn[diff], be->be_suffixAlias[i+1] );
+ Debug( LDAP_DEBUG_ARGS, "SuffixAlias: converted \"%s\" to \"%s\"",
+ oldDN, dn, 0);
free (oldDN);
break;
}
diff --git a/servers/slapd/tools/ldbmtest.c b/servers/slapd/tools/ldbmtest.c
index ba3fc163e9..598e4a11c4 100644
--- a/servers/slapd/tools/ldbmtest.c
+++ b/servers/slapd/tools/ldbmtest.c
@@ -289,7 +289,7 @@ main( int argc, char **argv )
} else {
buf[strlen( buf ) - 1] = '\0';
}
- (void) dn_normalize( buf );
+ (void) dn_normalize_case( buf );
if ( (tbe = select_backend( buf )) == NULL ) {
fprintf( stderr, "unknown suffix \"%s\"\n",
buf );
diff --git a/servers/slapd/tools/ldif2id2children.c b/servers/slapd/tools/ldif2id2children.c
index 7075bdbef7..448cd7346e 100644
--- a/servers/slapd/tools/ldif2id2children.c
+++ b/servers/slapd/tools/ldif2id2children.c
@@ -270,7 +270,7 @@ main( int argc, char **argv )
key );
free( dn );
if ( data.dptr == NULL ) {
- dn_normalize( val );
+ dn_normalize_case( val );
if ( ! be_issuffix( be,
val ) ) {
Debug( LDAP_DEBUG_PARSE, "no parent \"%s\" of \"%s\"\n", dn, val, 0 );
diff --git a/tests/data/modify.out.master b/tests/data/modify.out.master
index 7147534100..d652b8a997 100644
--- a/tests/data/modify.out.master
+++ b/tests/data/modify.out.master
@@ -7,7 +7,7 @@ cn: All Staff
joinable: FALSE
multilinedescription: Everyone in the sample data
objectclass: rfc822mailgroup
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US
member: cn=Manager, o=University of Michigan, c=US
@@ -67,7 +67,7 @@ drink: water
lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@@ -97,7 +97,7 @@ homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
telephonenumber: +1 313 555 0355
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
multilinedescription: The replaced multiLineDescription $ Blah Woof.
drink: Iced Tea
drink: Mad Dog 20/20
@@ -125,7 +125,7 @@ multilinedescription: Very tall
facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, o=Universit
@@ -150,7 +150,7 @@ facsimiletelephonenumber: +1 313 555 7557
telephonenumber: +1 313 555 8343
mail: gjensen@mailgw.umich.edu
homephone: +1 313 555 8844
-creatorsname: cn=Manager,o=University of Michigan,c=US
+creatorsname: cn=Manager, o=University of Michigan, c=US
dn: ou=Groups, o=University of Michigan, c=US
objectclass: top
@@ -186,7 +186,7 @@ member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of
member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of
Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
igan, c=US
@@ -214,7 +214,7 @@ pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
drink: Orange Juice
dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c
@@ -238,7 +238,7 @@ onvacation: FALSE
drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@@ -264,7 +264,7 @@ drink: Sam Adams
homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@@ -290,7 +290,7 @@ homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104
title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@@ -332,7 +332,7 @@ homephone: +1 313 555 0388
drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@@ -384,7 +384,7 @@ krbname: jdoe@umich.edu
nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700
diff --git a/tests/data/search.out.master b/tests/data/search.out.master
index 52619e9837..cdb982d7ad 100644
--- a/tests/data/search.out.master
+++ b/tests/data/search.out.master
@@ -27,7 +27,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@@ -56,7 +56,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@@ -132,7 +132,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@@ -160,7 +160,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US
@@ -310,7 +310,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
niversity of Michigan, c=US
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: ou=People, o=University of Michigan, c=US
diff --git a/tests/data/slapd-repl-slave.conf b/tests/data/slapd-repl-slave.conf
index ca81b76529..47c74aa3c5 100644
--- a/tests/data/slapd-repl-slave.conf
+++ b/tests/data/slapd-repl-slave.conf
@@ -18,3 +18,4 @@ updatedn "cn=Manager, o=University of Michigan, c=US"
index cn,sn,uid pres,eq,approx
index default none
lastmod on
+dbcachenowsync
diff --git a/tests/data/test-ordered.ldif b/tests/data/test-ordered.ldif
index c9f9325633..19d109685e 100644
--- a/tests/data/test-ordered.ldif
+++ b/tests/data/test-ordered.ldif
@@ -134,7 +134,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@@ -163,7 +163,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@@ -193,7 +193,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US
@@ -213,7 +213,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@@ -241,7 +241,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@@ -268,7 +268,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@@ -295,7 +295,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@@ -322,7 +322,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@@ -349,7 +349,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@@ -392,7 +392,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700
diff --git a/tests/data/test.ldif b/tests/data/test.ldif
index 272412de45..043c54e65b 100644
--- a/tests/data/test.ldif
+++ b/tests/data/test.ldif
@@ -88,7 +88,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@@ -117,7 +117,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@@ -147,7 +147,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: ou=Groups, o=University of Michigan, c=US
@@ -184,7 +184,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@@ -212,7 +212,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@@ -239,7 +239,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@@ -266,7 +266,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@@ -293,7 +293,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@@ -320,7 +320,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@@ -363,7 +363,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
-modifiersname: cn=Manager,o=University of Michigan,c=US
+modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700
--
GitLab