ANNOUNCEMENT

+A N N O U N C E M E N T -- OpenLDAP 2.4
+
+    The OpenLDAP Project is pleased to announce the availability
+    of OpenLDAP Software 2.4, a suite of the Lightweight Directory
+    Access Protocol (v3) servers, clients, utilities, and
+    development tools.
+
+    This release contains the following major enhancements:
+
+        * Slapd(8) enhancements
+            - Syncrepl enhancements, including push-mode and
+              Multi-Master support
+            - Dynamic configuration enhancements, including
+              online schema editing and full access control
+            - Dynamic monitoring enhancements, including
+              cache usage information
+        * New overlays
+            - Attribute value constraints
+            - Dynamic Directory Services (RFC2589)
+            - Reverse Group Membership maintenance (memberof)
+        * Clients and tools
+            - Full support of request/response controls
+            - New ldapexop tool for arbitrary extend operations
+            - Support of DNS SRV records for default server
+        * Significant performance enhancements throughout
+            the client and server code base
+        * Multiple new features in libldap and liblber
+        * Expanded documentation
+            - Function-complete manual pages
+            - Numerous new examples in the Admin Guide
+
+    This release includes the following major components:
+
+        * slapd - a stand-alone LDAP directory server
+        * -lldap - a LDAP client library
+        * -llber - a lightweight BER/DER encoding/decoding library
+        * LDIF tools - data conversion tools for use with slapd
+        * LDAP tools - A collection of command line LDAP utilities
+        * Admin Guide, Manual Pages - associated documentation
+
+    In addition, there are some contributed components:
+
+        * LDAPC++ - a LDAP C++ SDK
+        * Various slapd modules and slapi plugins
+
+
+ACKNOWLEDGEMENTS
+
+    OpenLDAP Software is developed by the OpenLDAP Project.  The
+    Project consists of a team of volunteers who use the
+    Internet to coordinate their activities.  The Project is
+    an organized activity of the OpenLDAP Foundation.
+
+    OpenLDAP Software is derived from University of Michigan LDAP,
+    release 3.3.
+
+
+AVAILABILITY
+
+    This software is available under the OpenLDAP Public License,
+    an non-restrictive, "free", open-source license.  Download
+    information is available at:
+
+        http://www.OpenLDAP.org/software/download/
+
+
+SUPPORT
+
+    OpenLDAP Software is user supported:
+
+        http://www.openldap.org/support/
+
+    The OpenLDAP Administrator's Guide, which includes quick
+    start instructions, is available at:
+
+        http://www.openldap.org/doc/admin/
+
+    The project maintains a FAQ which you may find useful:
+
+        http://www.openldap.org/faq/
+
+    In addition, there are also a number of discussion lists
+    related to OpenLDAP Software.  A list of mailing lists is
+    available at:
+
+        http://www.OpenLDAP.org/lists/
+
+    To report bugs, please use project's Issue Tracking System:
+
+        http://www.openldap.org/its/
+
+    The OpenLDAP home page containing lots of interesting information
+    and online documentation is available at this URL:
+
+        http://www.OpenLDAP.org/
+
+
+SUPPORTED PLATFORMS
+
+    This release has been ported to many UNIX (and UNIX-like)
+    platforms including Darwin, FreeBSD, Linux, NetBSD, OpenBSD
+    and most commercial UNIX systems.  The release has also been
+    ported (in part or in whole) to other platforms including
+    Apple MacOS X, IBM zOS, and Microsoft Windows NT/2000/etc.
+
+---
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2008 The OpenLDAP Foundation, Redwood City,
+California, USA.  All Rights Reserved.  Permission to copy and
+distribute verbatim copies of this document is granted.

CHANGES

+OpenLDAP 2.4 Change Log
+
+OpenLDAP 2.4.9 Engineering
+	Fixed libldap to use unsigned port (ITS#5436)
+	Fixed libldap error message for missing close paren (ITS#5458)
+	Fixed libldap_r tpool pause checks (ITS#5364, #5407)
+	Fixed slapcat error checking (ITS#5387)
+	Fixed slapd abstract objectClass inheritance check (ITS#5474)
+	Fixed slapd add operations requiring naming attrs (ITS#5412)
+	Fixed slapd connection handling (ITS#5469)
+	Fixed slapd delta-syncrepl resync (ITS#5378)
+	Fixed slapd frontendDB backend selection (ITS#5419)
+	Fixed slapd pagedresults stale state (ITS#5409)
+	Fixed slapd pointer dereference (ITS#5388)
+	Fixed slapd null argument dereference (ITS#5435)
+	Fixed slapd REP_ENTRY flags (ITS#5340)
+	Fixed slapd sets attribute description parsing (ITS#5402)
+	Fixed slapd syncrepl hang on back-config (ITS#5407)
+	Fixed slapd syncrepl compare_csns crash (ITS#5413)
+	Fixed slapd syncrepl contextCSN update clash (ITS#5426)
+	Fixed slapd syncrepl/glue failure (ITS#5430)
+	Fixed slapd syncrepl crash on empty CSN (ITS#5432)
+	Fixed slapd syncrepl refreshAndPersist (ITS#5454)
+	Fixed slapd syncrepl modrdn processing (ITS#5397)
+	Fixed slapd syncrepl MMR partial refresh (ITS#5470)
+	Fixed slapd value list termination (ITS#5450)
+	Fixed slapd/slapo-accesslog rq mutex usage (ITS#5442)
+	Fixed slapd-bdb ID_NOCACHE handling (ITS#5439)
+	Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455)
+	Fixed slapd-bdb referral rewrite (ITS#5339)
+	Fixed slapd-config overlay stacking (ITS#5346)
+	Fixed slapd-config attribute publishing (ITS#5383)
+	Fixed slapd-ldap connection handler (ITS#5404)
+	Fixed slapd-ldif file name handling (ITS#5408)
+	Fixed slapd-meta connections on error (ITS#5440)
+	Fixed slapd-meta crash on search (ITS#5481)
+	Fixed slapo-accesslog null callback stack crash (ITS#5490)
+	Fixed slapo-auditlog unnecessary syscall (ITS#5441)
+	Fixed slapo-refint dnSubtreeMatch (ITS#5427)
+	Fixed slapo-refint global referential integrity (ITS#5428)
+	Fixed slapo-syncprov psearch on closed connection (ITS#5401)
+	Fixed slapo-syncprov psearch task delay (ITS#5405)
+	Fixed slapo-syncprov psearch filter identity (ITS#5418)
+	Fixed slapo-syncprov/glue contextCSN update (ITS#5433)
+	Fixed slapo-syncprov/glue search ops (ITS#5434)
+	Fixed slapo-syncprov null cookie (ITS#5437,#5444)
+	Fixed slapo-syncprov double-free (ITS#5445)
+	Build Environment
+		Fixed leave function naming for OSF1 (ITS#5411)
+	Documentation
+		Fixed slapd.access(5) authz-regexp documented behavior (ITS#5400)
+		Fixed slapd.meta(5) idassert-* documentation (ITS#5406)
+		admin24 delta-syncrepl documentation (ITS#5476)
+		admin24 set documentation (ITS#5278,ITS#5279,ITS#5281)
+		admin24 slapo-ppolicy documentation (ITS#5479)
+		admin24 syncrepl directives update (ITS#5425)
+
+OpenLDAP 2.4.8 Release (2008/02/19)
+	Fixed ldapmodify verbose logging (ITS#5247)
+	Fixed ldapdelete with sizelimit (ITS#5294)
+	Fixed ldapdelete with subentries control (ITS#5293)
+	Fixed ldapsearch exit code init (ITS#5317)
+	Fixed libldap extended decoding (ITS#5304)
+	Fixed libldap filter abort (ITS#5300)
+	Fixed libldap ldap_parse_sasl_bind_result (ITS#5263)
+	Fixed libldap result codes for open (ITS#5338)
+	Fixed libldap search timeout crash (ITS#5291)
+	Fixed libldap paged results crash (ITS#5315)
+	Fixed libldap cipher suite with GnuTLS (ITS#5341)
+	Fixed slapd support for 2.1 CSN (ITS#5348)
+	Fixed slapd include handling (ITS#5276)
+	Fixed slapd modrdn check for valid new DN (ITS#5344)
+	Fixed slapd multi-step SASL binds (ITS#5298)
+	Fixed slapd non-atomic signal variables (ITS#5248)
+	Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
+	Fixed slapd NULL printf (ITS#5264)	
+	Fixed slapd NULL set values (ITS#5286)
+	Fixed slapd segv with SASL/OTP (ITS#5259)
+	Fixed slapd timestamp race condition (ITS#5370)
+	Fixed slapd cn=config crash on delete (ITS#5343)
+	Fixed slapd cn=config global acls (ITS#5352)
+	Fixed slapd truncated cookie (ITS#5362)
+	Fixed slapd sasl with CLEARTEXT (ITS#5368)
+	Fixed slapd str2entry with no attrs (ITS#5308)
+	Fixed slapd TLSVerifyClient default (ITS#5360)
+	Fixed slapd HAVE_TLS dependency (ITS#5379)
+	Fixed slapd delta-syncrepl refresh mode (ITS#5376)
+	Fixed slapd ACL sets URI attrs (ITS#5384)
+	Fixed slapd invalid entryUUID filter (ITS#5386)
+	Fixed slapd-bdb idlcache on adds (ITS#5086)
+	Fixed slapd-bdb crash with modrdn (ITS#5358)
+	Fixed slapd-bdb segv with bdb4.6 (ITS#5322)
+	Fixed slapd-bdb modrdn to same dn (ITS#5319)
+	Fixed slapd-bdb MMR (ITS#5332)
+	Added slapd-bdb/slapd-hdb DB encryption (ITS#5359)
+	Fixed slapd-ldif delete (ITS#5265)
+	Fixed slapd-meta link to slapd-ldap (ITS#5355)
+	Fixed slapd-meta setting of sm_nvalues (ITS#5375)
+	Fixed slapd-monitor crash (ITS#5311)
+	Fixed slapd-relay compare (ITS#4937)
+	Added slapd-sock (ITS#4094)
+	Fixed slapo-accesslog cleanup on successful response (ITS#5374)
+	Added slapo-autogroup contrib module (ITS#5145)
+	Added slapo-constraint cross-attribute constraints (ITS#4987)
+	Fixed slapo-memberof objectClass inheritance (ITS#5299)
+	Added slapo-memberof global overlay support (ITS#5301)
+	Fixed slapo-memberof leak (ITS#5302)
+	Fixed slapo-ppolicy only password check with policy (ITS#5285)
+	Fixed slapo-ppolicy del/replace password without new one (ITS#5373)
+	Fixed slapo-syncprov hang on checkpoint (ITS#5261)
+	Added slapo-translucent local searching (ITS#5283)
+	Removed lint
+	Build Environment
+		Fixed libldap_r threaded library linking (ITS#4982)
+		Fixed libldap use of %n (ITS#5324)
+		Fixed test047 to skip if rwm is not available (ITS#5292)
+	Documentation
+		DB_CONFIG.example URL wrong in comments (ITS#5288)
+		Add cn=config example for auditlog (ITS#5245)
+		ldapmodify(1) clarification for RFC2849 (ITS#5312)
+
+OpenLDAP 2.4.7 Release (2007/12/14)
+	Added slapd ordered indexing of integer attributes (ITS#5239)
+	Fixed slapd paged results control handling (ITS#5191)
+	Fixed slapd sasl-host parsing (ITS#5209)
+	Fixed slapd filter normalization (ITS#5212)
+	Fixed slapd multiple suffix checking (ITS#5186)
+	Fixed slapd paged results handling when using rootdn (ITS#5230)
+	Fixed slapd syncrepl presentlist handling (ITS#5231)
+	Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
+	Fixed slapd 3-way Multi-Master Replication (ITS#5238)
+	Fixed slapd hash collisions in index slots (ITS#5183)
+	Fixed slapd replication of dSAOperation attributes (ITS#5268)
+	Fixed slapadd contextCSN updating (ITS#5225)
+	Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
+	Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
+	Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
+	Fixed slapd-hdb caching on rename ops (ITS#5221)
+	Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
+	Fixed slapo-dds deleting from nonexistent db (ITS#5267)
+	Fixed slapo-memberOf deleted values saving (ITS#5258)
+	Fixed slapo-pcache op->o_abandon handling (ITS#5187)
+	Fixed slapo-ppolicy single password check on modify (ITS#5146)
+	Fixed slapo-ppolicy internal search (ITS#5235)
+	Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
+	Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
+	Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
+	Updated contrib addpartial module (ITS#3593)
+	Build Environment
+		Fixed liblber socket library linking (ITS#5224)
+		Fixed Windows slapd.def rules (ITS#5215)
+	Documentation
+		Fixed grammar errors (ITS#5223)
+		Refint overlay doc contribution (ITS#5217)
+		Dynamic Lists doc contribution to the admin guide (ITS#5216)
+		Fixed ldappasswd(1) and ldapmodify(1) typos (ITS#5269)
+		Fixed domain factor typos (ITS#5237)
+		Fixed slapd.conf(5) maxderefdepth default value typo (ITS#5200)
+		Clarified slapd.conf(5) limits issues in syncrepl (ITS#5243)
+		Fixed slapd-config(5) maxderefdepth default value typo (ITS#5200)
+		Patches for minor typos in man pages (ITS#5228)
+		admin24/replication.sdf spelling (ITS#5270)
+
+
+OpenLDAP 2.4.6 Release (2007/10/31)
+	Initial release for "general use".

README

-OpenLDAP Devel README
-	This software was obtained from the development branch (HEAD) of
-	the OpenLDAP Software Repository.  This copy is likely already
-	not current, the development branch changes frequently.  These
-	changes include code implementing experimental features and
-	unproven bug fixes.  Please do NOT redistribute copies of the
-	development branch.
-
-	The OpenLDAP Developer's FAQ is available at:
-		<http://www.openldap.org/faq/index.cgi?file=4>
-
-	Client developers seeking a suitable development platform
-	should use "release" or "stable" versions.
-		<http://www.openldap.org/software/>
-
-Contributing
-	See <http://www.openldap.org/devel/contributing.html> for how to
-	contribute code or documentation to OpenLDAP.  Use the Issue Tracking
-	System <http://www.openldap.org/its/> to submit contributions.
-	While you are encouraged to coordinate and discuss the development
-	activities on the openldap-devel@openldap.org mailing list prior
-	to submission, it is noted that contributions must be submitted
-	using the Issue Tracking System to be considered.
+OpenLDAP 2.4 README
+    For a description of what this distribution contains, see the
+    ANNOUNCEMENT file in this directory.  For a description of
+    changes from previous releases, see the CHANGES file in this
+    directory.
+
+    This is 2.4 release, it includes significant changes from prior
+    releases.
+
+REQUIRED SOFTWARE
+    Building OpenLDAP Software requires a number of software packages
+    to be preinstalled.  Additional information regarding prerequisite
+    software can be found in the OpenLDAP Administrator's Guide.
+
+    Base system (libraries and tools):
+        Standard C compiler (required)
+        Cyrus SASL 2.1.21+ (recommended)
+        OpenSSL 0.9.7+ (recommended)
+        POSIX REGEX software (required)
+
+    SLAPD:
+        BDB and HDB backends require Oracle Berkeley DB 4.2, 4.4,
+        4.5, or 4.6.  It is highly recommended to apply the patches
+        from Oracle for a given release.
+
+    CLIENTS/CONTRIB ware:
+        Depends on package.  See per package README.
+
+
+MAKING AND INSTALLING THE DISTRIBUTION
+    Please see the INSTALL file for basic instructions.  More
+    detailed instructions can be found in the OpenLDAP Admnistrator's
+    Guide (see DOCUMENTATION section).
+
+
+DOCUMENTATION
+    The OpenLDAP Administrator's Guide is available in the
+    guide.html file in the doc/guide/admin directory.  The
+    guide and a number of other documents are available at
+    <http://www.openldap.org/doc/admin/guide.html>.
+
+    The distribution also includes manual pages for most programs
+    and library APIs.  See ldap(3) for details.
+
+    The OpenLDAP website is available and contains the latest LDAP
+    news, releases announcements, pointers to other LDAP resources,
+    etc..  It is located at <http://www.OpenLDAP.org/>.
+
+    The OpenLDAP Software FAQ is available at
+    <http://www.openldap.org/faq/>.
+
+
+SUPPORT / FEEDBACK / PROBLEM REPORTS / DISCUSSIONS
+    OpenLDAP Software is user supported.  If you have problems, please
+    review the OpenLDAP FAQ <http://www.openldap.org/faq/> and
+    archives of the OpenLDAP-software and OpenLDAP-bugs mailing lists
+    <http://www.openldap.org/lists/>.  If you cannot find the answer,
+    please enquire on the OpenLDAP-software list.
+
+    Issues, such as bug reports, should be reported using our our
+    Issue Tracking System <http://www.OpenLDAP.org/its/>.  Do not
+    use this system for software enquiries.  Please direct these
+    to an appropriate mailing list.
+
+
+CONTRIBUTING
+    See <http://www.openldap.org/devel/contributing.html> for
+    information regarding how to contribute code or documentation
+    to the OpenLDAP Project for inclusion in OpenLDAP Software.
+    While you are encouraged to coordinate and discuss the development
+    activities on the <openldap-devel@openldap.org> mailing list
+    prior to submission, it is noted that contributions must be
+    submitted using the Issue Tracking System
+    <http://www.openldap.org/its/> to be considered.
 
 ---
 $OpenLDAP$

build/version.var

@@ -14,10 +14,10 @@
 ## <http://www.OpenLDAP.org/license.html>.
 ol_package=OpenLDAP
 ol_major=2
-ol_minor=X
-ol_patch=X
-ol_api_inc=000000
-ol_api_current=0
-ol_api_revision=0
+ol_minor=4
+ol_patch=x
+ol_api_inc=20408
+ol_api_current=2
+ol_api_revision=4
 ol_api_age=0
-ol_release_date="0000/00/00"
+ol_release_date="2008/02/19"

configure

 #! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.660 2007/09/07 10:02:43 hyc Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.9 2008/02/11 23:26:37 kurt Exp .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #

contrib/ldapc++/src/LDAPModList.cpp

 // $OpenLDAP$
 /*
- * Copyright 2000-2007, OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 

contrib/ldapc++/src/LdifReader.cpp

-// $OpenLDAP$
 /*
  * Copyright 2008, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file

contrib/ldapc++/src/LdifReader.h

-// $OpenLDAP$
 /*
  * Copyright 2008, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file

contrib/slapd-modules/usn/README

-Copyright 2007 Howard Chu, Symas Corp. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted only as authorized by the OpenLDAP
-Public License.
-
-A copy of this license is available in the file LICENSE in the
-top-level directory of the distribution or, alternatively, at
-<http://www.OpenLDAP.org/license.html>.
-
-This directory contains a slapd overlay, usn, that extends slapd
-to maintain the usnCreated and usnChanged operational attributes
-normally used by Microsoft ActiveDirectory.
-
-To use the overlay, add:
-
-	moduleload <path to>usn.so
-	...
-
-	database bdb
-	...
-	overlay usn
-
-to your slapd configuration file. The schema definitions for the
-two USN attributes are hardcoded in this overlay.
-
-No Makefile is provided. Just compile with an invocation like
-	gcc -c -I ../../include/ -I ../../servers/slapd -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC usn.c
-	gcc -shared -o usn.so usn.o
-
-This overlay is only set up to be built as a dynamically loaded module.
-On most platforms, in order for the module to be usable, all of the 
-library dependencies must also be available as shared libraries.
-
-If you need to build the overlay statically, you will have to move it into the
-slapd/overlays directory and edit the Makefile and overlays.c to reference
-it. You will also have to define SLAPD_OVER_USN to SLAPD_MOD_STATIC,
-and add the relevant libraries to the main slapd link command.

contrib/slapd-modules/usn/usn.c

-/* usn.c - Maintain Microsoft-style Update Sequence Numbers */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2007-2008 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by Howard Chu for inclusion in
- * OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#ifdef SLAPD_OVER_USN
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/socket.h>
-
-#include "slap.h"
-#include "config.h"
-
-/* This overlay intercepts write operations and adds a Microsoft-style
- * USN to the target entry.
- */
-
-typedef struct usn_info {
-	int ui_current;
-	ldap_pvt_thread_mutex_t ui_mutex;
-} usn_info_t;
-
-static AttributeDescription *ad_usnCreated, *ad_usnChanged;
-
-static struct {
-	char *desc;
-	AttributeDescription **adp;
-} as[] = {
-	{ "( 1.2.840.113556.1.2.19 "
-	    "NAME 'uSNCreated' "
-	    "SYNTAX '1.2.840.113556.1.4.906' "
-		"SINGLE-VALUE "
-		"NO-USER-MODIFICATION )",
-		&ad_usnCreated },
-	{ "( 1.2.840.113556.1.2.120 "
-		"NAME 'uSNChanged' "
-		"SYNTAX '1.2.840.113556.1.4.906' "
-		"SINGLE-VALUE "
-		"NO-USER-MODIFICATION )",
-		&ad_usnChanged },
-	{ NULL }
-};
-
-static int
-usn_func( Operation *op, SlapReply *rs )
-{
-	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
-	usn_info_t		*ui = on->on_bi.bi_private;
-	int my_usn;
-	char intbuf[64];
-	struct berval bv[2];
-
-	ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
-	ui->ui_current++;
-	my_usn = ui->ui_current;
-	ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
-
-	BER_BVZERO(&bv[1]);
-	bv[0].bv_val = intbuf;
-	bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
-	switch(op->o_tag) {
-	case LDAP_REQ_ADD:
-		attr_merge( op->ora_e, ad_usnCreated, bv, NULL );
-		attr_merge( op->ora_e, ad_usnChanged, bv, NULL );
-		break;
-	case LDAP_REQ_DELETE:
-		/* Probably need to update root usnLastObjRem */
-		break;
-	default: {
-		/* Modify, ModDN */
-		Modifications *ml, *mod = ch_calloc( sizeof( Modifications ), 1 );
-		for ( ml = op->orm_modlist; ml && ml->sml_next; ml = ml->sml_next );
-		ml->sml_next = mod;
-		mod->sml_desc = ad_usnChanged;
-		mod->sml_numvals = 1;
-		value_add_one( &mod->sml_values, &bv[0] );
-		mod->sml_nvalues = NULL;
-		mod->sml_op = LDAP_MOD_REPLACE;
-		mod->sml_flags = 0;
-		mod->sml_next = NULL;
-		break;
-		}
-	}
-	return SLAP_CB_CONTINUE;
-}
-
-static int
-usn_operational(
-	Operation *op,
-	SlapReply *rs )
-{
-	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
-	usn_info_t		*ui = (usn_info_t *)on->on_bi.bi_private;
-
-	if ( rs->sr_entry &&
-		dn_match( &rs->sr_entry->e_nname, op->o_bd->be_nsuffix )) {
-
-		if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
-			ad_inlist( ad_usnChanged, rs->sr_attrs )) {
-			Attribute *a, **ap = NULL;
-			char intbuf[64];
-			struct berval bv;
-			int my_usn;
-
-			for ( a=rs->sr_entry->e_attrs; a; a=a->a_next ) {
-				if ( a->a_desc == ad_usnChanged )
-					break;
-			}
-
-			if ( !a ) {
-				for ( ap = &rs->sr_operational_attrs; *ap;
-					ap=&(*ap)->a_next );
-
-					a = attr_alloc( ad_usnChanged );
-					*ap = a;
-				}
-
-			if ( !ap ) {
-				if ( !rs->sr_flags & REP_ENTRY_MODIFIABLE ) {
-					rs->sr_entry = entry_dup( rs->sr_entry );
-					rs->sr_flags |=
-						REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
-					a = attr_find( rs->sr_entry->e_attrs,
-						ad_usnChanged );
-				}
-				ber_bvarray_free( a->a_vals );
-				a->a_vals = NULL;
-				a->a_numvals = 0;
-			}
-			ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
-			my_usn = ui->ui_current;
-			ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
-			bv.bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
-			bv.bv_val = intbuf;
-			attr_valadd( a, &bv, NULL, 1 );
-		}
-	}
-	return SLAP_CB_CONTINUE;
-}
-
-/* Read the old USN from the underlying DB. This code is
- * stolen from the syncprov overlay.
- */
-static int
-usn_db_open(
-	BackendDB *be,
-	ConfigReply *cr)
-{
-	slap_overinst   *on = (slap_overinst *) be->bd_info;
-	usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
-
-	Connection conn = { 0 };
-	OperationBuffer opbuf;
-	Operation *op;
-	Entry *e = NULL;
-	Attribute *a;
-	int rc;
-	void *thrctx = NULL;
-
-	thrctx = ldap_pvt_thread_pool_context();
-	connection_fake_init( &conn, &opbuf, thrctx );
-	op = &opbuf.ob_op;
-	op->o_bd = be;
-	op->o_dn = be->be_rootdn;
-	op->o_ndn = be->be_rootndn;
-
-	rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
-		slap_schema.si_ad_contextCSN, 0, &e, on );
-
-	if ( e ) {
-		a = attr_find( e->e_attrs, ad_usnChanged );
-		if ( a ) {
-			ui->ui_current = atoi( a->a_vals[0].bv_val );
-		}
-		overlay_entry_release_ov( op, e, 0, on );
-	}
-	return 0;
-}
-
-static int
-usn_db_init(
-	BackendDB *be,
-	ConfigReply *cr
-)
-{
-	slap_overinst	*on = (slap_overinst *)be->bd_info;
-	usn_info_t	*ui;
-
-	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
-		Debug( LDAP_DEBUG_ANY,
-			"usn must be instantiated within a database.\n",
-			0, 0, 0 );
-		return 1;
-	}
-
-	ui = ch_calloc(1, sizeof(usn_info_t));
-	ldap_pvt_thread_mutex_init( &ui->ui_mutex );
-	on->on_bi.bi_private = ui;
-	return 0;
-}
-
-static int
-usn_db_close(
-	BackendDB *be,
-	ConfigReply *cr
-)
-{
-	slap_overinst	*on = (slap_overinst *)be->bd_info;
-	usn_info_t	*ui = on->on_bi.bi_private;
-	Connection conn = {0};
-	OperationBuffer opbuf;
-	Operation *op;
-	SlapReply rs = {REP_RESULT};
-	void *thrctx;
-
-	Modifications mod;
-	SlapReply rsm = { 0 };
-	slap_callback cb = {0};
-	char intbuf[64];
-	struct berval bv[2];
-
-	thrctx = ldap_pvt_thread_pool_context();
-	connection_fake_init( &conn, &opbuf, thrctx );
-	op = &opbuf.ob_op;
-	op->o_bd = be;
-	BER_BVZERO( &bv[1] );
-	bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", ui->ui_current );
-	bv[0].bv_val = intbuf;
-	mod.sml_numvals = 1;
-	mod.sml_values = bv;
-	mod.sml_nvalues = NULL;
-	mod.sml_desc = ad_usnChanged;
-	mod.sml_op = LDAP_MOD_REPLACE;
-	mod.sml_flags = 0;
-	mod.sml_next = NULL;
-
-	cb.sc_response = slap_null_cb;
-	op->o_tag = LDAP_REQ_MODIFY;
-	op->o_callback = &cb;
-	op->orm_modlist = &mod;
-	op->orm_no_opattrs = 1;
-	op->o_dn = be->be_rootdn;
-	op->o_ndn = be->be_rootndn;
-	op->o_req_dn = op->o_bd->be_suffix[0];
-	op->o_req_ndn = op->o_bd->be_nsuffix[0];
-	op->o_bd->bd_info = on->on_info->oi_orig;
-	op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
-	op->o_no_schema_check = 1;
-	op->o_bd->be_modify( op, &rs );
-	if ( mod.sml_next != NULL ) {
-		slap_mods_free( mod.sml_next, 1 );
-	}
-	return 0;
-}
-
-static int
-usn_db_destroy(
-	BackendDB *be,
-	ConfigReply *cr
-)
-{
-	slap_overinst	*on = (slap_overinst *)be->bd_info;
-	usn_info_t	*ui = on->on_bi.bi_private;
-
-	ldap_pvt_thread_mutex_destroy( &ui->ui_mutex );
-	ch_free( ui );
-	on->on_bi.bi_private = NULL;
-	return 0;
-}
-
-/* This overlay is set up for dynamic loading via moduleload. For static
- * configuration, you'll need to arrange for the slap_overinst to be
- * initialized and registered by some other function inside slapd.
- */
-
-static slap_overinst usn;
-
-int
-usn_init( void )
-{
-	int i, code;
-
-	memset( &usn, 0, sizeof( slap_overinst ) );
-	usn.on_bi.bi_type = "usn";
-	usn.on_bi.bi_db_init = usn_db_init;
-	usn.on_bi.bi_db_destroy = usn_db_destroy;
-	usn.on_bi.bi_db_open = usn_db_open;
-	usn.on_bi.bi_db_close = usn_db_close;
-
-	usn.on_bi.bi_op_modify = usn_func;
-	usn.on_bi.bi_op_modrdn = usn_func;
-	usn.on_bi.bi_op_add = usn_func;
-	usn.on_bi.bi_op_delete = usn_func;
-	usn.on_bi.bi_operational = usn_operational;
-
-	for ( i = 0; as[i].desc; i++ ) {
-		code = register_at( as[i].desc, as[i].adp, 0 );
-		if ( code ) {
-			Debug( LDAP_DEBUG_ANY,
-				"usn_init: register_at #%d failed\n", i, 0, 0 );
-			return code;
-		}
-	}
-	return overlay_register( &usn );
-}
-
-#if SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC
-int
-init_module( int argc, char *argv[] )
-{
-	return usn_init();
-}
-#endif /* SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC */
-
-#endif /* defined(SLAPD_OVER_USN) */

doc/guide/admin/preface.sdf

@@ -9,7 +9,7 @@ P1: Preface
 # document's copyright
 P2[notoc] Copyright
 
-Copyright 1998-2008, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+Copyright 1998-2007, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
 
 Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
 

doc/guide/images/src/README.fonts

 # $OpenLDAP$
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # README.fonts 

servers/slapd/back-bdb/cache.c

@@ -1257,18 +1257,19 @@ bdb_cache_delete(
 
 	assert( e->e_private != NULL );
 
+	/* Lock the entry's info */
+	bdb_cache_entryinfo_lock( ei );
+
 	/* Set this early, warn off any queriers */
 	ei->bei_state |= CACHE_ENTRY_DELETED;
 
-	/* Lock the entry's info */
-	bdb_cache_entryinfo_lock( ei );
+	bdb_cache_entryinfo_unlock( ei );
 
 	/* Get write lock on the data */
 	rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
 	if ( rc ) {
 		/* couldn't lock, undo and give up */
 		ei->bei_state ^= CACHE_ENTRY_DELETED;
-		bdb_cache_entryinfo_unlock( ei );
 		return rc;
 	}
 
@@ -1283,8 +1284,6 @@ bdb_cache_delete(
 	/* free lru mutex */
 	ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
 
-	/* Leave entry info locked */
-
 	return( rc );
 }
 
@@ -1293,6 +1292,8 @@ bdb_cache_delete_cleanup(
 	Cache *cache,
 	EntryInfo *ei )
 {
+	bdb_cache_entryinfo_lock( ei );
+
 	if ( ei->bei_e ) {
 		ei->bei_e->e_private = NULL;
 #ifdef SLAP_ZONE_ALLOC

servers/slapd/overlays/accesslog.c

@@ -1348,7 +1348,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
 		old = li->li_old;
 		li->li_old = NULL;
 		/* Disarm mod_cleanup */
-		for ( cb = op->o_callback->sc_next; cb; cb = cb->sc_next ) {
+		for ( cb = op->o_callback; cb; cb = cb->sc_next ) {
 			if ( cb->sc_private == (void *)on ) {
 				cb->sc_private = NULL;
 				break;

servers/slapd/syncrepl.c

@@ -683,7 +683,7 @@ compare_csns( struct sync_cookie *sc1, struct sync_cookie *sc2, int *which )
 	}
 
 	for (i=0; i<sc1->numcsns; i++) {
-		for (j=0; i<sc2->numcsns; j++) {
+		for (j=0; j<sc2->numcsns; j++) {
 			if ( sc1->sids[i] != sc2->sids[j] )
 				continue;
 			value_match( &match, slap_schema.si_ad_entryCSN,

tests/progs/slapd-auth.c

-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2006-2008 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by Howard Chu for inclusion
- * in OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/stdlib.h>
-
-#include <ac/ctype.h>
-#include <ac/param.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/unistd.h>
-#include <ac/wait.h>
-#include <ac/time.h>
-#include <ac/signal.h>
-
-#include <ldap.h>
-#include <ldap_pvt_thread.h>
-#include <lutil.h>
-
-static int
-do_time( );
-
-/* This program is a simplified version of SLAMD's WeightedAuthRate jobclass.
- * It doesn't offer as much configurability, but it's a good starting point.
- * When run without the -R option it will behave as a Standard AuthRate job.
- * Eventually this will grow into a set of C-based load generators for the SLAMD
- * framework. This code is anywhere from 2 to 10 times more efficient than the
- * original Java code, allowing servers to be fully loaded without requiring
- * anywhere near as much load-generation hardware.
- */
-static void
-usage( char *name )
-{
-	fprintf( stderr, "usage: %s -H <uri> -b <baseDN> -w <passwd> -t <seconds> -r lo:hi\n\t"
-		"[-R %:lo:hi] [-f <filter-template>] [-n <threads>] [-D <bindDN>] [-i <seconds>]\n",
-			name );
-	exit( EXIT_FAILURE );
-}
-
-static char *filter = "(uid=user.%d)";
-
-static char hname[1024];
-static char *uri = "ldap:///";
-static char	*base;
-static char	*pass;
-static char *binder;
-
-static int tdur, r1per, r1lo, r1hi, r2per, r2lo, r2hi;
-static int threads = 1;
-
-static int interval = 30;
-
-static volatile int *r1binds, *r2binds;
-static int *r1old, *r2old;
-static volatile int finish;
-
-int
-main( int argc, char **argv )
-{
-	int		i;
-
-	while ( (i = getopt( argc, argv, "b:D:H:w:f:n:i:t:r:R:" )) != EOF ) {
-		switch( i ) {
-			case 'b':		/* base DN of a tree of user DNs */
-				base = strdup( optarg );
-				break;
-
-			case 'D':
-				binder = strdup( optarg );
-				break;
-
-			case 'H':		/* the server uri */
-				uri = strdup( optarg );
-				break;
-
-			case 'w':
-				pass = strdup( optarg );
-				break;
-
-			case 't':		/* the duration to run */
-				if ( lutil_atoi( &tdur, optarg ) != 0 ) {
-					usage( argv[0] );
-				}
-				break;
-
-			case 'i':		/* the time interval */
-				if ( lutil_atoi( &interval, optarg ) != 0 ) {
-					usage( argv[0] );
-				}
-				break;
-
-			case 'r':		/* the uid range */
-				if ( sscanf(optarg, "%d:%d", &r1lo, &r1hi) != 2 ) {
-					usage( argv[0] );
-				}
-				break;
-
-			case 'R':		/* percentage:2nd uid range */
-				if ( sscanf(optarg, "%d:%d:%d", &r2per, &r2lo, &r2hi) != 3 ) {
-					usage( argv[0] );
-				}
-				break;
-
-			case 'f':
-				filter = optarg;
-				break;
-
-			case 'n':
-				if ( lutil_atoi( &threads, optarg ) != 0 || threads < 1 ) {
-					usage( argv[0] );
-				}
-				break;
-				
-			default:
-				usage( argv[0] );
-				break;
-		}
-	}
-
-	if ( tdur == 0 || r1hi <= r1lo )
-		usage( argv[0] );
-
-	r1per = 100 - r2per;
-	if ( r1per < 1 )
-		usage( argv[0] );
-
-	r1binds = calloc( threads*4, sizeof( int ));
-	r2binds = r1binds + threads;
-	r1old = (int *)r2binds + threads;
-	r2old = r1old + threads;
-
-	do_time( );
-
-	exit( EXIT_SUCCESS );
-}
-
-static void *
-my_task( void *my_num )
-{
-	LDAP	*ld = NULL, *sld = NULL;
-	ber_int_t msgid;
-	LDAPMessage *res, *msg;
-	char *attrs[] = { "1.1", NULL };
-	int     rc = LDAP_SUCCESS;
-	int		tid = *(int *)my_num;
-
-	ldap_initialize( &ld, uri );
-	if ( ld == NULL ) {
-		perror( "ldap_initialize" );
-		return NULL;
-	}
-
-	{
-		int version = LDAP_VERSION3;
-		(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-			&version ); 
-	}
-	(void) ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
-
-	ldap_initialize( &sld, uri );
-	if ( sld == NULL ) {
-		perror( "ldap_initialize" );
-		return NULL;
-	}
-
-	{
-		int version = LDAP_VERSION3;
-		(void) ldap_set_option( sld, LDAP_OPT_PROTOCOL_VERSION,
-			&version ); 
-	}
-	(void) ldap_set_option( sld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
-	if ( binder ) {
-		rc = ldap_bind_s( sld, binder, pass, LDAP_AUTH_SIMPLE );
-		if ( rc != LDAP_SUCCESS ) {
-			ldap_perror( sld, "ldap_bind" );
-		}
-	}
-
-	r1binds[tid] = 0;
-
-	for (;;) {
-		char dn[BUFSIZ], *ptr, fstr[256];
-		int j, isr1;
-		
-		if ( finish )
-			break;
-
-		j = rand() % 100;
-		if ( j < r1per ) {
-			j = rand() % r1hi;
-			isr1 = 1;
-		} else {
-			j = rand() % (r2hi - r2lo + 1 );
-			j += r2lo;
-			isr1 = 0;
-		}
-		sprintf(fstr, filter, j);
-
-		rc = ldap_search_ext( sld, base, LDAP_SCOPE_SUB,
-			fstr, attrs, 0, NULL, NULL, 0, 0, &msgid );
-		if ( rc != LDAP_SUCCESS ) {
-			ldap_perror( sld, "ldap_search_ex" );
-			return NULL;
-		}
-
-		while (( rc=ldap_result( sld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res )) >0){
-			BerElement *ber;
-			struct berval bv;
-			char *ptr;
-			int done = 0;
-
-			for (msg = ldap_first_message( sld, res ); msg;
-				msg = ldap_next_message( sld, msg )) {
-				switch ( ldap_msgtype( msg )) {
-				case LDAP_RES_SEARCH_ENTRY:
-					rc = ldap_get_dn_ber( sld, msg, &ber, &bv );
-					strcpy(dn, bv.bv_val );
-					ber_free( ber, 0 );
-					break;
-				case LDAP_RES_SEARCH_RESULT:
-					done = 1;
-					break;
-				}
-				if ( done )
-					break;
-			}
-			ldap_msgfree( res );
-			if ( done ) break;
-		}
-
-		rc = ldap_bind_s( ld, dn, pass, LDAP_AUTH_SIMPLE );
-		if ( rc != LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_bind" );
-		}
-		if ( isr1 )
-			r1binds[tid]++;
-		else
-			r2binds[tid]++;
-	}
-
-	ldap_unbind( sld );
-	ldap_unbind( ld );
-
-	return NULL;
-}
-
-static int
-do_time( )
-{
-	struct timeval tv;
-	time_t now, prevt, start;
-
-	int r1new, r2new;
-	int dt, dr1, dr2, rr1, rr2;
-	int dr10, dr20;
-	int i;
-
-	gethostname(hname, sizeof(hname));
-	printf("%s(tid)\tdeltaT\tauth1\tauth2\trate1\trate2\tRate1+2\n", hname);
-	srand(getpid());
-
-	prevt = start = time(0L);
-
-	for ( i = 0; i<threads; i++ ) {
-		ldap_pvt_thread_t thr;
-		r1binds[i] = i;
-		ldap_pvt_thread_create( &thr, 1, my_task, (void *)&r1binds[i] );
-	}
-
-	for (;;) {
-		tv.tv_sec = interval;
-		tv.tv_usec = 0;
-
-		select(0, NULL, NULL, NULL, &tv);
-
-		now = time(0L);
-
-		dt = now - prevt;
-		prevt = now;
-
-		dr10 = 0;
-		dr20 = 0;
-
-		for ( i = 0; i < threads; i++ ) {
-			r1new = r1binds[i];
-			r2new = r2binds[i];
-
-			dr1 = r1new - r1old[i];
-			dr2 = r2new - r2old[i];
-			rr1 = dr1 / dt;
-			rr2 = dr2 / dt;
-
-			printf("%s(%d)\t%d\t%d\t%d\t%d\t%d\t%d\n",
-				hname, i, dt, dr1, dr2, rr1, rr2, rr1 + rr2);
-
-			dr10 += dr1;
-			dr20 += dr2;
-
-			r1old[i] = r1new;
-			r2old[i] = r2new;
-		}
-		if ( i > 1 ) {
-			rr1 = dr10 / dt;
-			rr2 = dr20 / dt;
-			
-			printf("%s(sum)\t%d\t%d\t%d\t%d\t%d\t%d\n",
-				hname, 0, dr10, dr20, rr1, rr2, rr1 + rr2);
-		}
-
-		if ( now - start >= tdur ) {
-			finish = 1;
-			break;
-		}
-	}
-	return 0;
-}