doc/guide/admin/preface.sdf

@@ -9,7 +9,7 @@ P1: Preface
 # document's copyright
 P2[notoc] Copyright
 
-Copyright 1998-2008, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+Copyright 1998-2007, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
 
 Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
 

doc/guide/images/src/README.fonts

 # $OpenLDAP$
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # README.fonts 

doc/man/man5/slapd-config.5

@@ -1585,6 +1585,8 @@ with the inner suffix must come first in the configuration file.
 .B [sizelimit=<limit>]
 .B [timelimit=<limit>]
 .B [schemachecking=on|off]
+.B [network-timeout=<seconds>]
+.B [timeout=<seconds>]
 .B [bindmethod=simple|sasl]
 .B [binddn=<dn>]
 .B [saslmech=<mech>]
@@ -1687,6 +1689,17 @@ consumer site by turning on the
 .B schemachecking
 parameter. The default is off.
 
+The
+.B network-timeout
+parameter sets how long the consumer will wait to establish a
+network connection to the provider. Once a connection is
+established, the
+.B timeout
+parameter determines how long the consumer will wait for the initial
+Bind request to complete. The defaults for these parameters come
+from 
+.BR ldap.conf (5).
+
 A
 .B bindmethod
 of 

doc/man/man5/slapd.conf.5

@@ -1397,67 +1397,6 @@ regular settings should be configured before any overlay settings.
 This option puts the database into "read-only" mode.  Any attempts to 
 modify the database will return an "unwilling to perform" error.  By
 default, readonly is off.
-.HP
-.hy 0
-.B replica uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port] 
-.B [starttls=yes|critical]
-.B [suffix=<suffix> [...]]
-.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
-.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
-.B [authcId=<authentication ID>] [authzId=<authorization ID>]
-.B [attrs[!]=<attr list>]
-.RS
-Specify a replication site for this database.  Refer to the "OpenLDAP 
-Administrator's Guide" for detailed information on setting up a replicated
-.B slapd
-directory service. Zero or more
-.B suffix
-instances can be used to select the subtrees that will be replicated
-(defaults to all the database). 
-.B host
-is deprecated in favor of the
-.B uri
-option.
-.B uri
-allows the replica LDAP server to be specified as an LDAP URI. 
-A
-.B bindmethod
-of
-.B simple
-requires the options
-.B binddn 
-and
-.B credentials  
-and should only be used when adequate security services 
-(e.g TLS or IPSEC) are in place. A
-.B bindmethod 
-of
-.B sasl 
-requires the option
-.B saslmech. 
-Specific security properties (as with the
-.B sasl-secprops
-keyword above) for a SASL bind can be set with the
-.B secprops
-option. A non-default SASL realm can be set with the
-.B realm
-option.
-If the 
-.B mechanism
-will use Kerberos, a kerberos instance should be given in 
-.B authcId.
-An
-.B attr list
-can be given after the 
-.B attrs
-keyword to allow the selective replication of the listed attributes only;
-if the optional 
-.B !
-mark is used, the list is considered exclusive, i.e. the listed attributes
-are not replicated.
-If an objectClass is listed, all the related attributes
-are (are not) replicated.
-.RE
 .TP
 .B restrict <oplist>
 Specify a whitespace separated list of operations that are restricted.
@@ -1583,6 +1522,8 @@ in order to work over all of the glued databases. E.g.
 .B [sizelimit=<limit>]
 .B [timelimit=<limit>]
 .B [schemachecking=on|off]
+.B [network-timeout=<seconds>]
+.B [timeout=<seconds>]
 .B [bindmethod=simple|sasl]
 .B [binddn=<dn>]
 .B [saslmech=<mech>]
@@ -1694,6 +1635,17 @@ and distinguished values must be present.
 As a consequence, schema checking should be \fBoff\fP when partial
 replication is used.
 
+The
+.B network-timeout
+parameter sets how long the consumer will wait to establish a
+network connection to the provider. Once a connection is
+established, the
+.B timeout
+parameter determines how long the consumer will wait for the initial
+Bind request to complete. The defaults for these parameters come
+from 
+.BR ldap.conf (5).
+
 A
 .B bindmethod
 of 

doc/man/man5/slapo-constraint.5

@@ -31,7 +31,9 @@ directive.
 Specifies the constraint which should apply to the attribute named as
 the first parameter.
 Two types of constraint are currently supported -
-.B regex
+.B regex ,
+.B size ,
+.B count ,
 and
 .BR uri .
 
@@ -45,6 +47,12 @@ type is an LDAP URI. The URI will be evaluated using an internal search.
 It must not include a hostname, and it must include a list of attributes
 to evaluate.
 
+The 
+.B size
+type can be used to enfore a limit on an attribute length, and the
+.B count
+type limits the count of an attribute.
+
 Any attempt to add or modify an attribute named as part of the
 constraint overlay specification which does not fit the 
 constraint listed will fail with a
@@ -54,6 +62,8 @@ LDAP_CONSTRAINT_VIOLATION error.
 .RS
 .nf
 overlay constraint
+constraint_attribute jpegPhoto size 131072
+constraint_attribute userPassword count 3
 constraint_attribute mail regex ^[:alnum:]+@mydomain.com$
 constraint_attribute title uri
   ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)

doc/man/man5/slapo-dynlist.5

@@ -50,7 +50,7 @@ occurrences, and it must appear after the
 .B overlay
 directive.
 .TP
-.B dynlist-attrset <group-oc> <URL-ad> [<member-ad>]
+.B dynlist-attrset <group-oc> <URL-ad> [[<mapped-ad>:]<member-ad> ...]
 The value 
 .B <group-oc> 
 is the name of the objectClass that triggers the dynamic expansion of the
@@ -82,6 +82,15 @@ of the URI were present in the
 entry as values of the
 .B <member-ad>
 attribute.
+
+Alternatively, 
+.B <mapped-ad>:<member-ad>
+can be used to remap attributes obtained through expansion. 
+.B <member-ad>
+attributes are not filled by expanded DN, but are remapped as
+.B <mapped-ad> 
+attributes. Multiple mapping statements can be used.
+
 .LP
 The dynlist overlay may be used with any backend, but it is mainly 
 intended for use with local storage backends.
@@ -173,3 +182,5 @@ overlay supports dynamic configuration via
 .SH ACKNOWLEDGEMENTS
 .P
 This module was written in 2004 by Pierangelo Masarati for SysNet s.n.c.
+.P
+Attribute remapping was contributed in 2008 by Emmanuel Dreyfus.

doc/man/man5/slapo-rwm.5

@@ -427,8 +427,8 @@ This limit is overridden by setting specific per-rule limits
 with the `M{n}' flag.
 
 .SH "MAPS"
-Currently, few maps are builtin and there are no provisions for developers
-to register new map types at runtime.
+Currently, few maps are builtin but additional map types may be
+registered at runtime.
 
 Supported maps are:
 .TP
@@ -470,6 +470,20 @@ The parameter
 can be 2 or 3 to indicate the protocol version that must be used.
 The default is 3.
 
+.TP
+.B slapd <URI>
+The
+.B slapd
+map expands a value by performing an internal LDAP search.
+Its configuration is based on a mandatory URI, which must begin with
+.B "ldap:///"
+(i.e., it must be an LDAP URI and it must not specify a host).
+As with the
+LDAP map, the
+.B attrs
+portion must contain exactly one attribute, and if
+a multi-valued attribute is used, only the first value is considered.
+
 .SH "REWRITE CONFIGURATION EXAMPLES"
 .nf
 # set to `off' to disable rewriting

libraries/libldap/os-ip.c

@@ -36,6 +36,9 @@
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
 
 #include "ldap-int.h"
 
@@ -110,6 +113,9 @@ ldap_int_socket(LDAP *ld, int family, int type )
 {
 	ber_socket_t s = socket(family, type, 0);
 	osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+	fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
 	return ( s );
 }
 

libraries/libldap/os-local.c

@@ -47,6 +47,9 @@
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
 
 #include "ldap-int.h"
 #include "ldap_defaults.h"
@@ -89,6 +92,9 @@ ldap_pvt_socket(LDAP *ld)
 {
 	ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
 	oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+	fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
 	return ( s );
 }
 

servers/slapd/acl.c

@@ -2049,11 +2049,11 @@ acl_set_cb_gather( Operation *op, SlapReply *rs )
 					bvalsp = a->a_nvals;
 				}
 			}
-		}
 
-		if ( bvalsp ) {
-			p->bvals = slap_set_join( p->cookie, p->bvals,
-					( '|' | SLAP_SET_RREF ), bvalsp );
+			if ( bvalsp ) {
+				p->bvals = slap_set_join( p->cookie, p->bvals,
+						( '|' | SLAP_SET_RREF ), bvalsp );
+			}
 		}
 
 	} else {
@@ -2200,6 +2200,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 	op2.ors_attrs = anlistp;
 	op2.ors_attrsonly = 0;
 	op2.o_private = cp->asc_op->o_private;
+	op2.o_extra = cp->asc_op->o_extra;
 
 	cb.sc_private = &p;
 

servers/slapd/back-bdb/add.c

@@ -93,7 +93,6 @@ txnReturn:
 
 	ctrls[num_ctrls] = 0;
 
-
 	/* check entry's schema */
 	rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
 		get_relax(op), 1, &rs->sr_text, textbuf, textlen );
@@ -130,7 +129,8 @@ retry:	/* transaction retry */
 		}
 		rs->sr_err = TXN_ABORT( ltid );
 		ltid = NULL;
-		op->o_private = NULL;
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+		opinfo.boi_oe.oe_key = NULL;
 		op->o_do_not_cache = opinfo.boi_acl_cache;
 		if( rs->sr_err != 0 ) {
 			rs->sr_err = LDAP_OTHER;
@@ -159,12 +159,12 @@ retry:	/* transaction retry */
 
 	locker = TXN_ID ( ltid );
 
-	opinfo.boi_bdb = op->o_bd;
+	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
 	opinfo.boi_acl_cache = op->o_do_not_cache;
-	op->o_private = &opinfo;
-	
+	LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
+
 	/*
 	 * Get the parent dn and see if the corresponding entry exists.
 	 */
@@ -439,7 +439,8 @@ retry:	/* transaction retry */
 	}
 
 	ltid = NULL;
-	op->o_private = NULL;
+	LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	opinfo.boi_oe.oe_key = NULL;
 
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -465,7 +466,9 @@ return_results:
 	if( ltid != NULL ) {
 		TXN_ABORT( ltid );
 	}
-	op->o_private = NULL;
+	if ( opinfo.boi_oe.oe_key ) {
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	}
 
 	if( success == LDAP_SUCCESS ) {
 		/* We own the entry now, and it can be purged at will

servers/slapd/back-bdb/back-bdb.h

@@ -267,7 +267,7 @@ struct bdb_lock_info {
 };
 
 struct bdb_op_info {
-	BackendDB*	boi_bdb;
+	OpExtra boi_oe;
 	DB_TXN*		boi_txn;
 	u_int32_t	boi_err;
 	int		boi_acl_cache;

servers/slapd/back-bdb/cache.c

@@ -925,7 +925,7 @@ load1:
 						if (( flag & ID_NOCACHE ) &&
 							( bdb_cache_entryinfo_trylock( *eip ) == 0 )) {
 							/* Set the cached state only if no other thread
-							 * found the info while we was loading the entry.
+							 * found the info while we were loading the entry.
 							 */
 							if ( (*eip)->bei_finders == 1 )
 								(*eip)->bei_state |= CACHE_ENTRY_NOT_CACHED;
@@ -1257,18 +1257,19 @@ bdb_cache_delete(
 
 	assert( e->e_private != NULL );
 
+	/* Lock the entry's info */
+	bdb_cache_entryinfo_lock( ei );
+
 	/* Set this early, warn off any queriers */
 	ei->bei_state |= CACHE_ENTRY_DELETED;
 
-	/* Lock the entry's info */
-	bdb_cache_entryinfo_lock( ei );
+	bdb_cache_entryinfo_unlock( ei );
 
 	/* Get write lock on the data */
 	rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
 	if ( rc ) {
 		/* couldn't lock, undo and give up */
 		ei->bei_state ^= CACHE_ENTRY_DELETED;
-		bdb_cache_entryinfo_unlock( ei );
 		return rc;
 	}
 
@@ -1283,8 +1284,6 @@ bdb_cache_delete(
 	/* free lru mutex */
 	ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
 
-	/* Leave entry info locked */
-
 	return( rc );
 }
 
@@ -1293,6 +1292,8 @@ bdb_cache_delete_cleanup(
 	Cache *cache,
 	EntryInfo *ei )
 {
+	/* Enter with ei locked */
+
 	if ( ei->bei_e ) {
 		ei->bei_e->e_private = NULL;
 #ifdef SLAP_ZONE_ALLOC

servers/slapd/back-bdb/delete.c

@@ -124,7 +124,8 @@ retry:	/* transaction retry */
 			0, 0, 0 );
 		rs->sr_err = TXN_ABORT( ltid );
 		ltid = NULL;
-		op->o_private = NULL;
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+		opinfo.boi_oe.oe_key = NULL;
 		op->o_do_not_cache = opinfo.boi_acl_cache;
 		if( rs->sr_err != 0 ) {
 			rs->sr_err = LDAP_OTHER;
@@ -155,11 +156,11 @@ retry:	/* transaction retry */
 
 	locker = TXN_ID ( ltid );
 
-	opinfo.boi_bdb = op->o_bd;
+	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
 	opinfo.boi_acl_cache = op->o_do_not_cache;
-	op->o_private = &opinfo;
+	LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
 
 	if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
 		dnParent( &op->o_req_ndn, &pdn );
@@ -536,7 +537,8 @@ retry:	/* transaction retry */
 		rs->sr_err = TXN_COMMIT( ltid, 0 );
 	}
 	ltid = NULL;
-	op->o_private = NULL;
+	LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	opinfo.boi_oe.oe_key = NULL;
 
 	BDB_LOG_PRINTF( bdb->bi_dbenv, NULL, "slapd Committed delete %s(%d)",
 		e->e_nname.bv_val, e->e_id );
@@ -572,6 +574,7 @@ return_results:
 	if( e != NULL ) {
 		if ( rs->sr_err == LDAP_SUCCESS ) {
 			/* Free the EntryInfo and the Entry */
+			bdb_cache_entryinfo_lock( BEI(e) );
 			bdb_cache_delete_cleanup( &bdb->bi_cache, BEI(e) );
 		} else {
 			bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
@@ -581,7 +584,9 @@ return_results:
 	if( ltid != NULL ) {
 		TXN_ABORT( ltid );
 	}
-	op->o_private = NULL;
+	if ( opinfo.boi_oe.oe_key ) {
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	}
 
 	send_ldap_result( op, rs );
 	slap_graduate_commit_csn( op );

servers/slapd/back-bdb/dn2id.c

@@ -1156,7 +1156,11 @@ gotit:
 				}
 				cx->depth--;
 				cx->op->o_tmpfree( save, cx->op->o_tmpmemctx );
-				if ( nokids ) ei->bei_state |= CACHE_ENTRY_NO_GRANDKIDS;
+				if ( nokids ) {
+					bdb_cache_entryinfo_lock( ei );
+					ei->bei_state |= CACHE_ENTRY_NO_GRANDKIDS;
+					bdb_cache_entryinfo_unlock( ei );
+				}
 			}
 			/* Make sure caller knows it had kids! */
 			cx->tmp[0]=1;

servers/slapd/back-bdb/id2entry.c

@@ -242,7 +242,8 @@ int bdb_entry_release(
 	int rw )
 {
 	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
-	struct bdb_op_info *boi = NULL;
+	struct bdb_op_info *boi;
+	OpExtra *oex;
  
 	/* slapMode : SLAP_SERVER_MODE, SLAP_TOOL_MODE,
 			SLAP_TRUNCATE_MODE, SLAP_UNDEFINED_MODE */
@@ -257,7 +258,10 @@ int bdb_entry_release(
 #endif
 		}
 		/* free entry and reader or writer lock */
-		boi = (struct bdb_op_info *)op->o_private;
+		LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+			if ( oex->oe_key == bdb ) break;
+		}
+		boi = (struct bdb_op_info *)oex;
 
 		/* lock is freed with txn */
 		if ( !boi || boi->boi_txn ) {
@@ -274,8 +278,8 @@ int bdb_entry_release(
 				}
 			}
 			if ( !boi->boi_locks ) {
+				LDAP_SLIST_REMOVE( &op->o_extra, &boi->boi_oe, OpExtra, oe_next );
 				op->o_tmpfree( boi, op->o_tmpmemctx );
-				op->o_private = NULL;
 			}
 		}
 	} else {
@@ -328,9 +332,14 @@ int bdb_entry_get(
 		"=> bdb_entry_get: oc: \"%s\", at: \"%s\"\n",
 		oc ? oc->soc_cname.bv_val : "(null)", at_name, 0);
 
-	if( op ) boi = (struct bdb_op_info *) op->o_private;
-	if( boi != NULL && op->o_bd->be_private == boi->boi_bdb->be_private ) {
-		txn = boi->boi_txn;
+	if( op ) {
+		OpExtra *oex;
+		LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+			if ( oex->oe_key == bdb ) break;
+		}
+		boi = (struct bdb_op_info *)oex;
+		if ( boi )
+			txn = boi->boi_txn;
 	}
 
 	if ( txn != NULL ) {
@@ -407,8 +416,8 @@ return_results:
 			if ( op ) {
 				if ( !boi ) {
 					boi = op->o_tmpcalloc(1,sizeof(struct bdb_op_info),op->o_tmpmemctx);
-					boi->boi_bdb = op->o_bd;
-					op->o_private = boi;
+					boi->boi_oe.oe_key = bdb;
+					LDAP_SLIST_INSERT_HEAD( &op->o_extra, &boi->boi_oe, oe_next );
 				}
 				if ( !boi->boi_txn ) {
 					struct bdb_lock_info *bli;

servers/slapd/back-bdb/modify.c

@@ -410,7 +410,8 @@ retry:	/* transaction retry */
 
 		rs->sr_err = TXN_ABORT( ltid );
 		ltid = NULL;
-		op->o_private = NULL;
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+		opinfo.boi_oe.oe_key = NULL;
 		op->o_do_not_cache = opinfo.boi_acl_cache;
 		if( rs->sr_err != 0 ) {
 			rs->sr_err = LDAP_OTHER;
@@ -439,11 +440,11 @@ retry:	/* transaction retry */
 
 	locker = TXN_ID ( ltid );
 
-	opinfo.boi_bdb = op->o_bd;
+	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
 	opinfo.boi_acl_cache = op->o_do_not_cache;
-	op->o_private = &opinfo;
+	LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
 
 	/* get entry or ancestor */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
@@ -666,7 +667,8 @@ retry:	/* transaction retry */
 		rs->sr_err = TXN_COMMIT( ltid, 0 );
 	}
 	ltid = NULL;
-	op->o_private = NULL;
+	LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	opinfo.boi_oe.oe_key = NULL;
 
 	if( rs->sr_err != 0 ) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -705,7 +707,9 @@ done:
 	if( ltid != NULL ) {
 		TXN_ABORT( ltid );
 	}
-	op->o_private = NULL;
+	if ( opinfo.boi_oe.oe_key ) {
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	}
 
 	if( e != NULL ) {
 		bdb_unlocked_cache_return_entry_w (&bdb->bi_cache, e);

servers/slapd/back-bdb/modrdn.c

@@ -134,7 +134,8 @@ retry:	/* transaction retry */
 
 		rs->sr_err = TXN_ABORT( ltid );
 		ltid = NULL;
-		op->o_private = NULL;
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+		opinfo.boi_oe.oe_key = NULL;
 		op->o_do_not_cache = opinfo.boi_acl_cache;
 		if( rs->sr_err != 0 ) {
 			rs->sr_err = LDAP_OTHER;
@@ -165,11 +166,11 @@ retry:	/* transaction retry */
 
 	locker = TXN_ID ( ltid );
 
-	opinfo.boi_bdb = op->o_bd;
+	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
 	opinfo.boi_acl_cache = op->o_do_not_cache;
-	op->o_private = &opinfo;
+	LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
 
 	/* get entry */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
@@ -764,7 +765,8 @@ retry:	/* transaction retry */
 	}
  
 	ltid = NULL;
-	op->o_private = NULL;
+	LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	opinfo.boi_oe.oe_key = NULL;
  
 	if( rs->sr_err != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -823,7 +825,9 @@ done:
 	if( ltid != NULL ) {
 		TXN_ABORT( ltid );
 	}
-	op->o_private = NULL;
+	if ( opinfo.boi_oe.oe_key ) {
+		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+	}
 
 	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
 		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );

servers/slapd/back-bdb/monitor.c

@@ -395,7 +395,7 @@ bdb_monitor_db_open( BackendDB *be )
 	{
 		struct berval	bv, nbv;
 		ber_len_t	pathlen = 0, len = 0;
-		char		path[ PATH_MAX ] = { '\0' };
+		char		path[ MAXPATHLEN ] = { '\0' };
 		char		*fname = bdb->bi_dbenv_home,
 				*ptr;
 

servers/slapd/back-bdb/search.c

@@ -322,11 +322,16 @@ bdb_search( Operation *op, SlapReply *rs )
 	DB_LOCK		lock;
 	struct	bdb_op_info	*opinfo = NULL;
 	DB_TXN			*ltid = NULL;
+	OpExtra *oex;
 
 	Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(bdb_search) "\n", 0, 0, 0);
 	attrs = op->oq_search.rs_attrs;
 
-	opinfo = (struct bdb_op_info *) op->o_private;
+	LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+		if ( oex->oe_key == bdb )
+			break;
+	}
+	opinfo = (struct bdb_op_info *) oex;
 
 	manageDSAit = get_manageDSAit( op );