Add checks to ensure arguments are consistent (v2 vs v3).

clients/tools/ldapdelete.c

@@ -135,6 +135,22 @@ main( int argc, char **argv )
 	}
     }
 
+	if( authmethod != LDAP_AUTH_SIMPLE ) {
+		if( version == LDAP_VERSION3 ) {
+			fprintf(stderr, "Kerberos requires LDAPv2\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION2;
+	}
+
+	if( manageDSAit ) {
+		if( version == LDAP_VERSION2 ) {
+			fprintf(stderr, "manage DSA control requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
+	}
+
     if ( fp == NULL ) {
 	if ( optind >= argc ) {
 	    fp = stdin;
@@ -168,15 +184,15 @@ main( int argc, char **argv )
 	/* don't chase referrals */
 	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
 
-	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
-
 	if (version != -1 &&
 		ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
 	{
 		fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
 	}
 
+	if (want_bindpw)
+		passwd = getpass("Enter LDAP Password: ");
+
     if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
 	ldap_perror( ld, "ldap_bind" );
 	return( EXIT_FAILURE );
@@ -268,7 +284,7 @@ static int deletechildren( LDAP *ld,
     /*
      * Do a one level search at dn for children.  For each, delete its children.
      */
-    if ( ldap_search_s( ld, dn, LDAP_SCOPE_ONELEVEL, "objectclass=*", NULL, 0, &res ) == -1 )
+    if ( ldap_search_s( ld, dn, LDAP_SCOPE_ONELEVEL, "(objectclass=*)", NULL, 0, &res ) == -1 )
     {
         ldap_perror( ld, "ldap_search" );
 		ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );

clients/tools/ldapmodify.c

@@ -218,6 +218,22 @@ main( int argc, char **argv )
     if ( argc != optind )
 	usage( prog );
 
+	if( authmethod != LDAP_AUTH_SIMPLE ) {
+		if( version == LDAP_VERSION3 ) {
+			fprintf(stderr, "Kerberos requires LDAPv2\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION2;
+	}
+
+	if( manageDSAit ) {
+		if( version == LDAP_VERSION2 ) {
+			fprintf(stderr, "manage DSA control requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
+	}
+
     if ( infile != NULL ) {
 	if (( fp = fopen( infile, "r" )) == NULL ) {
 	    perror( infile );
@@ -255,15 +271,15 @@ main( int argc, char **argv )
 	/* don't chase referrals */
 	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
 
-	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
-
 	if (version != -1 &&
 		ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
 	{
 		fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION to %d\n", version );
 	}
 
+	if (want_bindpw)
+		passwd = getpass("Enter LDAP Password: ");
+
 	if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
 	    ldap_perror( ld, "ldap_bind" );
 	    return( EXIT_FAILURE );

clients/tools/ldapmodrdn.c

@@ -148,6 +148,22 @@ main(int argc, char **argv)
 	}
     }
 
+	if( authmethod != LDAP_AUTH_SIMPLE ) {
+		if( version == LDAP_VERSION3 ) {
+			fprintf(stderr, "Kerberos requires LDAPv2\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION2;
+	}
+
+	if( manageDSAit ) {
+		if( version == LDAP_VERSION2 ) {
+			fprintf(stderr, "manage DSA control requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
+	}
+
     if (newSuperior != NULL) {
 		if (version == LDAP_VERSION2) {
 			fprintf( stderr,
@@ -214,15 +230,15 @@ main(int argc, char **argv)
 	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
 
 
-	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
-
 	if (version != -1 &&
 		ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
 	{
 		fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
 	}
 
+	if (want_bindpw)
+		passwd = getpass("Enter LDAP Password: ");
+
     if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
 	ldap_perror( ld, "ldap_bind" );
 	return( EXIT_FAILURE );

clients/tools/ldapsearch.c

@@ -273,6 +273,22 @@ main( int argc, char **argv )
 	}
 	}
 
+	if( authmethod != LDAP_AUTH_SIMPLE ) {
+		if( version == LDAP_VERSION3 ) {
+			fprintf(stderr, "Kerberos requires LDAPv2\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION2;
+	}
+
+	if( manageDSAit ) {
+		if( version == LDAP_VERSION2 ) {
+			fprintf(stderr, "manage DSA control requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
+	}
+
 	if ( argc - optind < 1 ) {
 		usage( argv[ 0 ] );
 	}