entries having ascending entry IDs. Always start from the beginning of
the candidate list. (This should be fine in the general case as well,
since the subtree index will also have refined the candidates.)

Clarify cut-n-past in quickstart.

generate dependencies. setenv MKDEP to this file before running configure.

Should eliminate individual checks for pthread_yield, sched_yield,
and pthread_detach, but they're left in for now as a redundant check.

Based, in part, from ITS#1502 submission from John Morrissey.

Copyright 2001, John Morrissey (jwm at horde dot net), All rights reserved.
This is free software; you can redistribute and use it under the same terms
as OpenLDAP itself.

if needed. Same check for snprintf.

#if'd out by default, but it works fine. Kept both for easy comparison.

processing a search entry. Avoids O(n^2) ldap_get_values() behavior.

least for current callers, may need to pass it the
permission level)

Also fixed dependencies for dynamic backends and tools.

Just not for local/my cert.

LDAP's kludged builtin substrings rules.

Clean up syntax error reporting.

internally and we don't want to get in the way.

 * The original code performs ( n ) normalizations
 * and ( n * ( n - 1 ) / 2 ) matches, which hide
 * the same number of normalizations.  The new code
 * performs the same number of normalizations ( n )
 * and ( n * ( n - 1 ) / 2 ) mem compares, far less
 * expensive than an entire match, if a match is
 * equivalent to a normalization and a mem compare ...
 *
 * This is far more memory expensive than the previous,
 * but it can heavily improve performances when big
 * chunks of data are added (typical example is a group
 * with thousands of DN-syntax members; on my system:
 * for members of 5-RDN DNs,

 members         orig            bvmatch (dirty) new
 1000            0m38.456s       0m0.553s        0m0.608s
 2000            2m33.341s       0m0.851s        0m1.003s

 * Moreover, 100 groups with 10000 members each were
 * added in 37m27.933s (an analogous LDIF file was
 * loaded into Active Directory in 38m28.682s, BTW).
 *
 * Maybe we could switch to the new algorithm when
 * the number of values overcomes a given threshold?
 */