diff --git a/libraries/libldap/abandon.c b/libraries/libldap/abandon.c
index 6923133bde842b13d081a709cc4a84b6728f35f2..39ecfe157efdca25ff9ced6a4862d3be2ea47c46 100644
--- a/libraries/libldap/abandon.c
+++ b/libraries/libldap/abandon.c
@@ -9,6 +9,11 @@
* abandon.c
*/
+/*
+ * An abandon request looks like this:
+ * AbandonRequest ::= MessageID
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -90,11 +95,6 @@ do_abandon(
Sockbuf *sb;
LDAPRequest *lr;
- /*
- * An abandon request looks like this:
- * AbandonRequest ::= MessageID
- */
-
Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid, 0 );
diff --git a/libraries/libldap/add.c b/libraries/libldap/add.c
index 4732249382c37162862dd6632cb1411fbf1768a2..56ce242e485a48504b7a706dfbc8a4f49a7fb56c 100644
--- a/libraries/libldap/add.c
+++ b/libraries/libldap/add.c
@@ -9,6 +9,17 @@
* add.c
*/
+/*
+ * An add request looks like this:
+ * AddRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * attrs SEQUENCE OF SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * }
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -84,17 +95,6 @@ ldap_add_ext( LDAP *ld, LDAP_CONST char *dn, LDAPMod **attrs,
BerElement *ber;
int i, rc;
- /*
- * An add request looks like this:
- * AddRequest ::= SEQUENCE {
- * entry DistinguishedName,
- * attrs SEQUENCE OF SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * }
- * }
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_add\n", 0, 0, 0 );
/* create a message to send */
diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c
index 8fe3b358b35b0615981d6c019c088322cc8568a2..9fc07d4c4002caf92fd282da4262a69e42a6ac7d 100644
--- a/libraries/libldap/bind.c
+++ b/libraries/libldap/bind.c
@@ -9,6 +9,27 @@
* bind.c
*/
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef HAVE_KERBEROS
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -38,22 +59,6 @@
int
ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
{
- /*
- * The bind request looks like this:
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName, -- who
- * authentication CHOICE {
- * simple [0] OCTET STRING -- passwd
-#ifdef HAVE_KERBEROS
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
- * }
- * }
- * all wrapped up in an LDAPMessage sequence.
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
switch ( authmethod ) {
@@ -68,6 +73,10 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
return( ldap_kerberos_bind2( ld, dn ) );
#endif
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
default:
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( -1 );
@@ -112,6 +121,10 @@ ldap_bind_s(
return( ldap_kerberos_bind2_s( ld, dn ) );
#endif
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
default:
return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
}
diff --git a/libraries/libldap/compare.c b/libraries/libldap/compare.c
index 489905b9703270097c505c523351b369563b5069..072def5471bed8245b17c072f6912dbc0d365fec 100644
--- a/libraries/libldap/compare.c
+++ b/libraries/libldap/compare.c
@@ -9,6 +9,16 @@
* compare.c
*/
+/* The compare request looks like this:
+ * CompareRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * ava SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue
+ * }
+ * }
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -42,17 +52,6 @@ ldap_compare_ext(
{
BerElement *ber;
- /* The compare request looks like this:
- * CompareRequest ::= SEQUENCE {
- * entry DistinguishedName,
- * ava SEQUENCE {
- * type AttributeType,
- * value AttributeValue
- * }
- * }
- * and must be wrapped in an LDAPMessage.
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_compare\n", 0, 0, 0 );
/* create a message to send */
@@ -160,4 +159,4 @@ ldap_compare_s(
bvalue.bv_len = (value == NULL) ? 0 : strlen( value );
return ldap_compare_ext_s( ld, dn, attr, &bvalue, NULL, NULL );
-}
\ No newline at end of file
+}
diff --git a/libraries/libldap/controls.c b/libraries/libldap/controls.c
index 8afc2477e9aa7c05cede8174c482d6e20ef59edb..13a0b13a09776b81515ee6b1191dc3e5b06279c1 100644
--- a/libraries/libldap/controls.c
+++ b/libraries/libldap/controls.c
@@ -2,8 +2,16 @@
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
-/*
- * LDAP controls
+
+/* LDAPv3 Controls (RFC2251)
+ *
+ * Controls ::= SEQUENCE OF Control
+ *
+ * Control ::= SEQUENCE {
+ * controlType LDAPOID,
+ * criticality BOOLEAN DEFAULT FALSE,
+ * controlValue OCTET STRING OPTIONAL
+ * }
*/
#include "portable.h"
diff --git a/libraries/libldap/delete.c b/libraries/libldap/delete.c
index 71070d239435688c90eb5cae0e2dbc789aca3772..b132dde3b228c1db84097a096957fc5ed168812a 100644
--- a/libraries/libldap/delete.c
+++ b/libraries/libldap/delete.c
@@ -9,6 +9,11 @@
* delete.c
*/
+/*
+ * A delete request looks like this:
+ * DelRequet ::= DistinguishedName,
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -41,11 +46,6 @@ ldap_delete_ext(
{
BerElement *ber;
- /*
- * A delete request looks like this:
- * DelRequet ::= DistinguishedName,
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_delete\n", 0, 0, 0 );
/* create a message to send */
diff --git a/libraries/libldap/extended.c b/libraries/libldap/extended.c
index 3bfeb895635a1da776536c5b9bccb9c2709b4af3..1fe4f8e3dc9329654e710685cd16bc878008852b 100644
--- a/libraries/libldap/extended.c
+++ b/libraries/libldap/extended.c
@@ -3,6 +3,22 @@
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
+/*
+ * LDAPv3 Extended Operation Request
+ * ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+ * requestName [0] LDAPOID,
+ * requestValue [1] OCTET STRING OPTIONAL
+ * }
+ *
+ * LDAPv3 Extended Operation Response
+ * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * responseName [10] LDAPOID OPTIONAL,
+ * response [11] OCTET STRING OPTIONAL
+ * }
+ *
+ */
+
#include "portable.h"
#include <stdio.h>
diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c
index 47d49e42987d459d7c08b687f499f65f72034e5a..47ab77f939cc1cb120baaf496ff45e45495b7300 100644
--- a/libraries/libldap/kbind.c
+++ b/libraries/libldap/kbind.c
@@ -9,6 +9,27 @@
* kbind.c
*/
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef HAVE_KERBEROS
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
#include "portable.h"
#ifdef HAVE_KERBEROS
@@ -44,19 +65,6 @@ ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
int str_translation_on;
#endif /* STR_TRANSLATION */
- /*
- * The bind request looks like this:
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName,
- * authentication CHOICE {
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
- * }
- * }
- * all wrapped up in an LDAPMessage sequence.
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
if ( dn == NULL )
diff --git a/libraries/libldap/modrdn.c b/libraries/libldap/modrdn.c
index 8debf4997170827880801f59869401b74093769b..f9b435aa05b2fdd805c47a969801423bc88394e8 100644
--- a/libraries/libldap/modrdn.c
+++ b/libraries/libldap/modrdn.c
@@ -8,7 +8,6 @@
*
* modrdn.c
*/
-
/*
* Support for MODIFYDN REQUEST V3 (newSuperior) by:
*
@@ -19,7 +18,16 @@
* Redistribution and use in source and binary forms are permitted
* without restriction or fee of any kind as long as this notice
* is preserved.
- *
+ */
+
+/*
+ * A modify rdn request looks like this:
+ * ModifyRDNRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * newrdn RelativeDistinguishedName,
+ * deleteoldrdn BOOLEAN
+ * newSuperior [0] DistinguishedName [v3 only]
+ * }
*/
#include "portable.h"
@@ -56,16 +64,6 @@ ldap_rename(
LDAPControl **cctrls,
int *msgidp )
{
- /*
- * A modify rdn request looks like this:
- * ModifyRDNRequest ::= SEQUENCE {
- * entry DistinguishedName,
- * newrdn RelativeDistinguishedName,
- * deleteoldrdn BOOLEAN
- * newSuperior [0] DistinguishedName [v3 only]
- * }
- */
-
BerElement *ber;
int rc;
diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
index 5af8c9243a1c9094126e3363c67e645c02c66947..aeab1b3042a5877f0e77fd44c169592c3b5c4347 100644
--- a/libraries/libldap/result.c
+++ b/libraries/libldap/result.c
@@ -9,6 +9,18 @@
* result.c - wait for an ldap result
*/
+/*
+ * LDAPv3 (RFC2251)
+ * LDAPResult ::= SEQUENCE {
+ * resultCode ENUMERATED { ... },
+ * matchedDN LDAPDN,
+ * errorMessage LDAPString,
+ * referral Referral OPTIONAL
+ * }
+ * Referral ::= SEQUENCE OF LDAPURL (one or more)
+ * LDAPURL ::= LDAPString (limited to URL chars)
+ */
+
#include "portable.h"
#include <stdio.h>
diff --git a/libraries/libldap/sbind.c b/libraries/libldap/sbind.c
index 63a4d8acfcd5e71945802e52b156714d664a0004..6d194a8657a0c783bdb9d9480e4506df78ef6003 100644
--- a/libraries/libldap/sbind.c
+++ b/libraries/libldap/sbind.c
@@ -9,6 +9,27 @@
* sbind.c
*/
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+#ifdef HAVE_KERBEROS
+ * krbv42ldap [1] OCTET STRING
+ * krbv42dsa [2] OCTET STRING
+#endif
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ */
+
#include "portable.h"
#include <stdio.h>
@@ -35,18 +56,6 @@ ldap_simple_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )
{
BerElement *ber;
- /*
- * The bind request looks like this:
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName, -- who
- * authentication CHOICE {
- * simple [0] OCTET STRING -- passwd
- * }
- * }
- * all wrapped up in an LDAPMessage sequence.
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
if ( dn == NULL )
diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
index 61e8c3073356d9ca8d63281a6e2f22f27c1a4071..d6e7584e1870c51dc7d2965332df3a847cbf63c1 100644
--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@@ -383,8 +383,9 @@ put_filter( BerElement *ber, char *str )
* substrings [4] SubstringFilter,
* greaterOrEqual [5] AttributeValueAssertion,
* lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,,
- * approxMatch [8] AttributeValueAssertion
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
* }
*
* SubstringFilter ::= SEQUENCE {
@@ -395,6 +396,13 @@ put_filter( BerElement *ber, char *str )
* final [2] IA5String
* }
* }
+ *
+ * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE }
+ *
* Note: tags in a choice are always explicit
*/
diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c
index 676d599385ac7f58881c075ee8f4cc4883391d32..b5011978d0589a43db62914274e9517b005cc38c 100644
--- a/libraries/libldap/unbind.c
+++ b/libraries/libldap/unbind.c
@@ -9,6 +9,13 @@
* unbind.c
*/
+/* An Unbind Request looks like this:
+ *
+ * UnbindRequest ::= NULL
+ *
+ * and has no response.
+ */
+
#include "portable.h"
#include <stdio.h>