Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • openldap/openldap
  • hyc/openldap
  • ryan/openldap
  • iboukris/openldap
  • ondra/openldap
  • sshanks-kx/openldap
  • blaggacao/openldap
  • pbrezina/openldap
  • quanah/openldap
  • dragos_h/openldap
  • lorenz/openldap
  • tsaarni/openldap
  • fei.ding/openldap
  • orent/openldap
  • arrowplum/openldap
  • barchiesi/openldap
  • jotik/openldap
  • hamano/openldap
  • ingovoss/openldap
  • henson/openldap
  • jlrine2/openldap
  • howeverAT/openldap
  • nivanova/openldap
  • orbea/openldap
  • rdubner/openldap
  • smckinney/openldap
  • jklowden/openldap
  • dpa-openldap/openldap
  • rouzier/openldap
  • orgads/openldap
  • ffontaine/openldap
  • jiaqingz/openldap
  • dcoutadeur/openldap
  • begeragus/openldap
  • pubellit/openldap
  • glandium/openldap
  • facboy/openldap
  • thesamesam/openldap
  • Johan/openldap
  • fkooman/openldap
  • gburd/openldap
  • h-homma/openldap
  • sgallagher/openldap
  • ahmed_zaki/openldap
  • gnoe/openldap
  • mid/openldap
  • clan/openldap
47 results
Show changes
Commits on Source (585)
Showing
with 1058 additions and 656 deletions
A N N O U N C E M E N T -- OpenLDAP 2.4
The OpenLDAP Project is pleased to announce the availability
of OpenLDAP Software 2.4, a suite of the Lightweight Directory
Access Protocol (v3) servers, clients, utilities, and
development tools.
This release contains the following major enhancements:
* Slapd(8) enhancements
- Syncrepl enhancements, including push-mode and
Multi-Master support
- Dynamic configuration enhancements, including
online schema editing and full access control
- Dynamic monitoring enhancements, including
cache usage information
* New overlays
- Attribute value constraints
- Dynamic Directory Services (RFC2589)
- Reverse Group Membership maintenance (memberof)
* Clients and tools
- Full support of request/response controls
- New ldapexop tool for arbitrary extend operations
- Support of DNS SRV records for default server
* Significant performance enhancements throughout
the client and server code base
* Multiple new features in libldap and liblber
* Expanded documentation
- Function-complete manual pages
- Numerous new examples in the Admin Guide
This release includes the following major components:
* slapd - a stand-alone LDAP directory server
* -lldap - a LDAP client library
* -llber - a lightweight BER/DER encoding/decoding library
* LDIF tools - data conversion tools for use with slapd
* LDAP tools - A collection of command line LDAP utilities
* Admin Guide, Manual Pages - associated documentation
In addition, there are some contributed components:
* LDAPC++ - a LDAP C++ SDK
* Various slapd modules and slapi plugins
ACKNOWLEDGEMENTS
OpenLDAP Software is developed by the OpenLDAP Project. The
Project consists of a team of volunteers who use the
Internet to coordinate their activities. The Project is
an organized activity of the OpenLDAP Foundation.
OpenLDAP Software is derived from University of Michigan LDAP,
release 3.3.
AVAILABILITY
This software is available under the OpenLDAP Public License,
an non-restrictive, "free", open-source license. Download
information is available at:
http://www.OpenLDAP.org/software/download/
SUPPORT
OpenLDAP Software is user supported:
http://www.openldap.org/support/
The OpenLDAP Administrator's Guide, which includes quick
start instructions, is available at:
http://www.openldap.org/doc/admin/
The project maintains a FAQ which you may find useful:
http://www.openldap.org/faq/
In addition, there are also a number of discussion lists
related to OpenLDAP Software. A list of mailing lists is
available at:
http://www.OpenLDAP.org/lists/
To report bugs, please use project's Issue Tracking System:
http://www.openldap.org/its/
The OpenLDAP home page containing lots of interesting information
and online documentation is available at this URL:
http://www.OpenLDAP.org/
SUPPORTED PLATFORMS
This release has been ported to many UNIX (and UNIX-like)
platforms including Darwin, FreeBSD, Linux, NetBSD, OpenBSD
and most commercial UNIX systems. The release has also been
ported (in part or in whole) to other platforms including
Apple MacOS X, IBM zOS, and Microsoft Windows NT/2000/etc.
---
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Copyright 1999-2008 The OpenLDAP Foundation, Redwood City,
California, USA. All Rights Reserved. Permission to copy and
distribute verbatim copies of this document is granted.
OpenLDAP 2.4 Change Log
OpenLDAP 2.4.10 Engineering
Fixed libldap file descriptor leak with SELinux (ITS#5507)
Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, ITS#5525)
Fixed libldap_r missing stubs (ITS#5519)
Fixed slapd missing termination of integerFilter keys (ITS#5503)
Fixed slapd multiple attrs in URI (ITS#5516)
Fixed slapd socket assert (ITS#5489)
Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531)
Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513)
Fixed slapd-meta quarantine crasher (ITS#5522)
Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493)
Fixed slapo-syncprov op2.o_extra reset (ITS#5501, #5506)
Fixed slapo-syncprov sending ops without queued CSNs (ITS#5465)
Fixed slapo-unique config structs (ITS#5526)
Documentation
Add search privileges documentation (ITS#5512)
OpenLDAP 2.4.9 Release (2008/05/07)
Fixed libldap to use unsigned port (ITS#5436)
Fixed libldap error message for missing close paren (ITS#5458)
Fixed libldap_r tpool pause checks (ITS#5364, #5407)
Fixed slapcat error checking (ITS#5387)
Fixed slapd abstract objectClass inheritance check (ITS#5474)
Fixed slapd add operations requiring naming attrs (ITS#5412)
Fixed slapd connection handling (ITS#5469)
Fixed slapd delta-syncrepl resync (ITS#5378)
Fixed slapd frontendDB backend selection (ITS#5419)
Fixed slapd pagedresults stale state (ITS#5409)
Fixed slapd pointer dereference (ITS#5388)
Fixed slapd null argument dereference (ITS#5435)
Fixed slapd REP_ENTRY flags (ITS#5340)
Fixed slapd sets attribute description parsing (ITS#5402)
Fixed slapd syncrepl hang on back-config (ITS#5407)
Fixed slapd syncrepl compare_csns crash (ITS#5413)
Fixed slapd syncrepl contextCSN update clash (ITS#5426)
Fixed slapd syncrepl/glue failure (ITS#5430)
Fixed slapd syncrepl crash on empty CSN (ITS#5432)
Fixed slapd syncrepl refreshAndPersist (ITS#5454)
Fixed slapd syncrepl modrdn processing (ITS#5397)
Fixed slapd syncrepl MMR partial refresh (ITS#5470)
Fixed slapd value list termination (ITS#5450)
Fixed slapd/slapo-accesslog rq mutex usage (ITS#5442)
Fixed slapd-bdb ID_NOCACHE handling (ITS#5439)
Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455)
Fixed slapd-bdb referral rewrite (ITS#5339)
Fixed slapd-config overlay stacking (ITS#5346)
Fixed slapd-config attribute publishing (ITS#5383)
Fixed slapd-ldap connection handler (ITS#5404)
Fixed slapd-ldif file name handling & multi-suffix/dir catch (ITS#5408)
Fixed slapd-meta connections on error (ITS#5440)
Fixed slapd-meta crash on search (ITS#5481)
Fixed slapo-accesslog null callback stack crash (ITS#5490)
Fixed slapo-auditlog unnecessary syscall (ITS#5441)
Added slapo-dynlist mapping to dynamic attrs generation (ITS#5466)
Fixed slapo-refint dnSubtreeMatch (ITS#5427)
Fixed slapo-refint global referential integrity (ITS#5428)
Fixed slapo-syncprov psearch on closed connection (ITS#5401)
Fixed slapo-syncprov psearch task delay (ITS#5405)
Fixed slapo-syncprov psearch filter identity (ITS#5418, #5486)
Fixed slapo-syncprov/glue contextCSN update (ITS#5433)
Fixed slapo-syncprov/glue search ops (ITS#5434)
Fixed slapo-syncprov null cookie (ITS#5437,#5444)
Fixed slapo-syncprov double-free (ITS#5445)
Fixed slapo-syncprov free syncop correctly (ITS#5484)
Fixed slapo-syncprov glue deadlock (ITS#5451)
Build Environment
Fixed leave function naming for OSF1 (ITS#5411)
Documentation
Fixed slapd.access(5) authz-regexp documented behavior (ITS#5400)
Fixed slapd.meta(5) idassert-* documentation (ITS#5406)
admin24 delta-syncrepl documentation (ITS#5476)
admin24 set documentation (ITS#5278,ITS#5279,ITS#5281)
admin24 slapo-ppolicy documentation (ITS#5479)
admin24 syncrepl directives update (ITS#5425)
OpenLDAP 2.4.8 Release (2008/02/19)
Fixed ldapmodify verbose logging (ITS#5247)
Fixed ldapdelete with sizelimit (ITS#5294)
Fixed ldapdelete with subentries control (ITS#5293)
Fixed ldapsearch exit code init (ITS#5317)
Fixed libldap extended decoding (ITS#5304)
Fixed libldap filter abort (ITS#5300)
Fixed libldap ldap_parse_sasl_bind_result (ITS#5263)
Fixed libldap result codes for open (ITS#5338)
Fixed libldap search timeout crash (ITS#5291)
Fixed libldap paged results crash (ITS#5315)
Fixed libldap cipher suite with GnuTLS (ITS#5341)
Fixed slapd support for 2.1 CSN (ITS#5348)
Fixed slapd include handling (ITS#5276)
Fixed slapd modrdn check for valid new DN (ITS#5344)
Fixed slapd multi-step SASL binds (ITS#5298)
Fixed slapd non-atomic signal variables (ITS#5248)
Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
Fixed slapd NULL printf (ITS#5264)
Fixed slapd NULL set values (ITS#5286)
Fixed slapd segv with SASL/OTP (ITS#5259)
Fixed slapd timestamp race condition (ITS#5370)
Fixed slapd cn=config crash on delete (ITS#5343)
Fixed slapd cn=config global acls (ITS#5352)
Fixed slapd truncated cookie (ITS#5362)
Fixed slapd sasl with CLEARTEXT (ITS#5368)
Fixed slapd str2entry with no attrs (ITS#5308)
Fixed slapd TLSVerifyClient default (ITS#5360)
Fixed slapd HAVE_TLS dependency (ITS#5379)
Fixed slapd delta-syncrepl refresh mode (ITS#5376)
Fixed slapd ACL sets URI attrs (ITS#5384)
Fixed slapd invalid entryUUID filter (ITS#5386)
Fixed slapd-bdb idlcache on adds (ITS#5086)
Fixed slapd-bdb crash with modrdn (ITS#5358)
Fixed slapd-bdb segv with bdb4.6 (ITS#5322)
Fixed slapd-bdb modrdn to same dn (ITS#5319)
Fixed slapd-bdb MMR (ITS#5332)
Added slapd-bdb/slapd-hdb DB encryption (ITS#5359)
Fixed slapd-ldif delete (ITS#5265)
Fixed slapd-meta link to slapd-ldap (ITS#5355)
Fixed slapd-meta setting of sm_nvalues (ITS#5375)
Fixed slapd-monitor crash (ITS#5311)
Fixed slapd-relay compare (ITS#4937)
Added slapd-sock (ITS#4094)
Fixed slapo-accesslog cleanup on successful response (ITS#5374)
Added slapo-autogroup contrib module (ITS#5145)
Added slapo-constraint cross-attribute constraints (ITS#4987)
Fixed slapo-memberof objectClass inheritance (ITS#5299)
Added slapo-memberof global overlay support (ITS#5301)
Fixed slapo-memberof leak (ITS#5302)
Fixed slapo-ppolicy only password check with policy (ITS#5285)
Fixed slapo-ppolicy del/replace password without new one (ITS#5373)
Fixed slapo-syncprov hang on checkpoint (ITS#5261)
Added slapo-translucent local searching (ITS#5283)
Removed lint
Build Environment
Fixed libldap_r threaded library linking (ITS#4982)
Fixed libldap use of %n (ITS#5324)
Fixed test047 to skip if rwm is not available (ITS#5292)
Documentation
DB_CONFIG.example URL wrong in comments (ITS#5288)
Add cn=config example for auditlog (ITS#5245)
ldapmodify(1) clarification for RFC2849 (ITS#5312)
OpenLDAP 2.4.7 Release (2007/12/14)
Added slapd ordered indexing of integer attributes (ITS#5239)
Fixed slapd paged results control handling (ITS#5191)
Fixed slapd sasl-host parsing (ITS#5209)
Fixed slapd filter normalization (ITS#5212)
Fixed slapd multiple suffix checking (ITS#5186)
Fixed slapd paged results handling when using rootdn (ITS#5230)
Fixed slapd syncrepl presentlist handling (ITS#5231)
Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
Fixed slapd 3-way Multi-Master Replication (ITS#5238)
Fixed slapd hash collisions in index slots (ITS#5183)
Fixed slapd replication of dSAOperation attributes (ITS#5268)
Fixed slapadd contextCSN updating (ITS#5225)
Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
Fixed slapd-hdb caching on rename ops (ITS#5221)
Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
Fixed slapo-dds deleting from nonexistent db (ITS#5267)
Fixed slapo-memberOf deleted values saving (ITS#5258)
Fixed slapo-pcache op->o_abandon handling (ITS#5187)
Fixed slapo-ppolicy single password check on modify (ITS#5146)
Fixed slapo-ppolicy internal search (ITS#5235)
Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
Updated contrib addpartial module (ITS#3593)
Build Environment
Fixed liblber socket library linking (ITS#5224)
Fixed Windows slapd.def rules (ITS#5215)
Documentation
Fixed grammar errors (ITS#5223)
Refint overlay doc contribution (ITS#5217)
Dynamic Lists doc contribution to the admin guide (ITS#5216)
Fixed ldappasswd(1) and ldapmodify(1) typos (ITS#5269)
Fixed domain factor typos (ITS#5237)
Fixed slapd.conf(5) maxderefdepth default value typo (ITS#5200)
Clarified slapd.conf(5) limits issues in syncrepl (ITS#5243)
Fixed slapd-config(5) maxderefdepth default value typo (ITS#5200)
Patches for minor typos in man pages (ITS#5228)
admin24/replication.sdf spelling (ITS#5270)
OpenLDAP 2.4.6 Release (2007/10/31)
Initial release for "general use".
OpenLDAP Devel README
This software was obtained from the development branch (HEAD) of
the OpenLDAP Software Repository. This copy is likely already
not current, the development branch changes frequently. These
changes include code implementing experimental features and
unproven bug fixes. Please do NOT redistribute copies of the
development branch.
The OpenLDAP Developer's FAQ is available at:
<http://www.openldap.org/faq/index.cgi?file=4>
Client developers seeking a suitable development platform
should use "release" or "stable" versions.
<http://www.openldap.org/software/>
Contributing
See <http://www.openldap.org/devel/contributing.html> for how to
contribute code or documentation to OpenLDAP. Use the Issue Tracking
System <http://www.openldap.org/its/> to submit contributions.
While you are encouraged to coordinate and discuss the development
activities on the openldap-devel@openldap.org mailing list prior
to submission, it is noted that contributions must be submitted
using the Issue Tracking System to be considered.
OpenLDAP 2.4 README
For a description of what this distribution contains, see the
ANNOUNCEMENT file in this directory. For a description of
changes from previous releases, see the CHANGES file in this
directory.
This is 2.4 release, it includes significant changes from prior
releases.
REQUIRED SOFTWARE
Building OpenLDAP Software requires a number of software packages
to be preinstalled. Additional information regarding prerequisite
software can be found in the OpenLDAP Administrator's Guide.
Base system (libraries and tools):
Standard C compiler (required)
Cyrus SASL 2.1.21+ (recommended)
OpenSSL 0.9.7+ (recommended)
POSIX REGEX software (required)
SLAPD:
BDB and HDB backends require Oracle Berkeley DB 4.2, 4.4,
4.5, or 4.6. It is highly recommended to apply the patches
from Oracle for a given release.
CLIENTS/CONTRIB ware:
Depends on package. See per package README.
MAKING AND INSTALLING THE DISTRIBUTION
Please see the INSTALL file for basic instructions. More
detailed instructions can be found in the OpenLDAP Admnistrator's
Guide (see DOCUMENTATION section).
DOCUMENTATION
The OpenLDAP Administrator's Guide is available in the
guide.html file in the doc/guide/admin directory. The
guide and a number of other documents are available at
<http://www.openldap.org/doc/admin/guide.html>.
The distribution also includes manual pages for most programs
and library APIs. See ldap(3) for details.
The OpenLDAP website is available and contains the latest LDAP
news, releases announcements, pointers to other LDAP resources,
etc.. It is located at <http://www.OpenLDAP.org/>.
The OpenLDAP Software FAQ is available at
<http://www.openldap.org/faq/>.
SUPPORT / FEEDBACK / PROBLEM REPORTS / DISCUSSIONS
OpenLDAP Software is user supported. If you have problems, please
review the OpenLDAP FAQ <http://www.openldap.org/faq/> and
archives of the OpenLDAP-software and OpenLDAP-bugs mailing lists
<http://www.openldap.org/lists/>. If you cannot find the answer,
please enquire on the OpenLDAP-software list.
Issues, such as bug reports, should be reported using our our
Issue Tracking System <http://www.OpenLDAP.org/its/>. Do not
use this system for software enquiries. Please direct these
to an appropriate mailing list.
CONTRIBUTING
See <http://www.openldap.org/devel/contributing.html> for
information regarding how to contribute code or documentation
to the OpenLDAP Project for inclusion in OpenLDAP Software.
While you are encouraged to coordinate and discuss the development
activities on the <openldap-devel@openldap.org> mailing list
prior to submission, it is noted that contributions must be
submitted using the Issue Tracking System
<http://www.openldap.org/its/> to be considered.
---
$OpenLDAP$
......
......@@ -14,10 +14,10 @@
## <http://www.OpenLDAP.org/license.html>.
ol_package=OpenLDAP
ol_major=2
ol_minor=X
ol_minor=4
ol_patch=X
ol_api_inc=000000
ol_api_current=0
ol_api_revision=0
ol_api_inc=20409
ol_api_current=2
ol_api_revision=5
ol_api_age=0
ol_release_date="0000/00/00"
ol_release_date="2008/05/07"
#! /bin/sh
# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.660 2007/09/07 10:02:43 hyc Exp .
# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.9 2008/02/11 23:26:37 kurt Exp .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
......@@ -19,17 +19,6 @@ LDAPAttrType::LDAPAttrType(){
usage = 0;
}
LDAPAttrType::LDAPAttrType (const LDAPAttrType &at){
DEBUG(LDAP_DEBUG_CONSTRUCT,
"LDAPAttrType::LDAPAttrType( )" << endl);
oid = at.oid;
desc = at.desc;
names = at.names;
single = at.single;
usage = at.usage;
}
LDAPAttrType::LDAPAttrType (string at_item) {
DEBUG(LDAP_DEBUG_CONSTRUCT,
......@@ -46,6 +35,11 @@ LDAPAttrType::LDAPAttrType (string at_item) {
this->setOid( a->at_oid );
this->setSingle( a->at_single_value );
this->setUsage( a->at_usage );
this->setSuperiorOid( a->at_sup_oid );
this->setEqualityOid( a->at_equality_oid );
this->setOrderingOid( a->at_ordering_oid );
this->setSubstringOid( a->at_substr_oid );
this->setSyntaxOid( a->at_syntax_oid );
}
// else? -> error
}
......@@ -58,17 +52,17 @@ void LDAPAttrType::setSingle (int at_single) {
single = (at_single == 1);
}
void LDAPAttrType::setNames (char **at_names) {
names = StringList (at_names);
void LDAPAttrType::setNames ( char **at_names ) {
names = StringList(at_names);
}
void LDAPAttrType::setDesc (char *at_desc) {
void LDAPAttrType::setDesc (const char *at_desc) {
desc = string ();
if (at_desc)
desc = at_desc;
}
void LDAPAttrType::setOid (char *at_oid) {
void LDAPAttrType::setOid (const char *at_oid) {
oid = string ();
if (at_oid)
oid = at_oid;
......@@ -78,23 +72,48 @@ void LDAPAttrType::setUsage (int at_usage) {
usage = at_usage;
}
bool LDAPAttrType::isSingle () {
return single;
void LDAPAttrType::setSuperiorOid( const char *oid ){
if ( oid )
superiorOid = oid;
}
void LDAPAttrType::setEqualityOid( const char *oid ){
if ( oid )
equalityOid = oid;
}
void LDAPAttrType::setOrderingOid( const char *oid ){
if ( oid )
orderingOid = oid;
}
void LDAPAttrType::setSubstringOid( const char *oid ){
if ( oid )
substringOid = oid;
}
void LDAPAttrType::setSyntaxOid( const char *oid ){
if ( oid )
syntaxOid = oid;
}
string LDAPAttrType::getOid () {
bool LDAPAttrType::isSingle() const {
return single;
}
string LDAPAttrType::getOid() const {
return oid;
}
string LDAPAttrType::getDesc () {
string LDAPAttrType::getDesc() const {
return desc;
}
StringList LDAPAttrType::getNames () {
StringList LDAPAttrType::getNames() const {
return names;
}
string LDAPAttrType::getName () {
string LDAPAttrType::getName() const {
if (names.empty())
return "";
......@@ -102,6 +121,28 @@ string LDAPAttrType::getName () {
return *(names.begin());
}
int LDAPAttrType::getUsage () {
int LDAPAttrType::getUsage() const {
return usage;
}
std::string LDAPAttrType::getSuperiorOid() const {
return superiorOid;
}
std::string LDAPAttrType::getEqualityOid() const {
return equalityOid;
}
std::string LDAPAttrType::getOrderingOid() const {
return orderingOid;
}
std::string LDAPAttrType::getSubstringOid() const {
return substringOid;
}
std::string LDAPAttrType::getSyntaxOid() const {
return syntaxOid;
}
......@@ -23,10 +23,11 @@ using namespace std;
class LDAPAttrType{
private :
StringList names;
string desc, oid;
std::string desc, oid, superiorOid, equalityOid;
std::string orderingOid, substringOid, syntaxOid;
bool single;
int usage;
public :
/**
......@@ -34,11 +35,6 @@ class LDAPAttrType{
*/
LDAPAttrType();
/**
* Copy constructor
*/
LDAPAttrType (const LDAPAttrType& oc);
/**
* Constructs new object and fills the data structure by parsing the
* argument.
......@@ -58,40 +54,50 @@ class LDAPAttrType{
/**
* Returns attribute description
*/
string getDesc ();
string getDesc() const;
/**
* Returns attribute oid
*/
string getOid ();
string getOid() const;
/**
* Returns attribute name (first one if there are more of them)
*/
string getName ();
string getName() const;
/**
* Returns all attribute names
*/
StringList getNames();
StringList getNames() const;
/**
* Returns true if attribute type allows only single value
*/
bool isSingle();
bool isSingle() const;
/**
* Return the 'usage' value:
* (0=userApplications, 1=directoryOperation, 2=distributedOperation,
* 3=dSAOperation)
*/
int getUsage ();
int getUsage () const;
std::string getSuperiorOid() const;
std::string getEqualityOid() const;
std::string getOrderingOid() const;
std::string getSubstringOid() const;
std::string getSyntaxOid() const;
void setNames (char **at_names);
void setDesc (char *at_desc);
void setOid (char *at_oid);
void setSingle (int at_single_value);
void setUsage (int at_usage );
void setNames( char **at_names);
void setDesc(const char *at_desc);
void setOid(const char *at_oid);
void setSingle(int at_single_value);
void setUsage(int at_usage );
void setSuperiorOid( const char *oid );
void setEqualityOid( const char *oid );
void setOrderingOid( const char *oid );
void setSubstringOid( const char *oid );
void setSyntaxOid( const char *oid );
};
#endif // LDAP_ATTRTYPE_H
// $OpenLDAP$
/*
* Copyright 2000-2007, OpenLDAP Foundation, All Rights Reserved.
* Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
......
......@@ -91,31 +91,31 @@ void LDAPObjClass::setOid (char *oc_oid) {
oid = oc_oid;
}
string LDAPObjClass::getOid () {
string LDAPObjClass::getOid() const {
return oid;
}
string LDAPObjClass::getDesc () {
string LDAPObjClass::getDesc() const {
return desc;
}
StringList LDAPObjClass::getNames () {
StringList LDAPObjClass::getNames() const {
return names;
}
StringList LDAPObjClass::getMust () {
StringList LDAPObjClass::getMust() const {
return must;
}
StringList LDAPObjClass::getMay () {
StringList LDAPObjClass::getMay() const {
return may;
}
StringList LDAPObjClass::getSup () {
StringList LDAPObjClass::getSup() const {
return sup;
}
string LDAPObjClass::getName () {
string LDAPObjClass::getName() const {
if (names.empty())
return "";
......@@ -123,7 +123,7 @@ string LDAPObjClass::getName () {
return *(names.begin());
}
int LDAPObjClass::getKind () {
int LDAPObjClass::getKind() const {
return kind;
}
......
......@@ -56,42 +56,42 @@ class LDAPObjClass{
/**
* Returns object class description
*/
string getDesc ();
string getDesc() const;
/**
* Returns object class oid
*/
string getOid ();
string getOid() const;
/**
* Returns object class name (first one if there are more of them)
*/
string getName ();
string getName() const;
/**
* Returns object class kind: 0=ABSTRACT, 1=STRUCTURAL, 2=AUXILIARY
*/
int getKind ();
int getKind() const;
/**
* Returns all object class names
*/
StringList getNames();
StringList getNames() const;
/**
* Returns list of required attributes
*/
StringList getMust();
StringList getMust() const;
/**
* Returns list of allowed (and not required) attributes
*/
StringList getMay();
StringList getMay() const;
/**
* Returns list of the OIDs of the superior ObjectClasses
*/
StringList getSup();
StringList getSup() const;
void setNames (char **oc_names);
void setMay (char **oc_may);
......
// $OpenLDAP$
/*
* Copyright 2008, OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
......
// $OpenLDAP$
/*
* Copyright 2008, OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
......
CPPFLAGS+=-I../../../include -I../../../servers/slapd
all: nops.so
nops.so: nops.c
$(CC) -shared $(CPPFLAGS) -Wall -o $@ $?
clean:
rm nops.so
/* $OpenLDAP$ */
/* nops.c - Overlay to filter idempotent operations */
/*
* Copyright 2008 Emmanuel Dreyfus
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#include "portable.h"
#ifdef SLAPD_OVER_NOPS
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "lutil.h"
#include "slap.h"
#include "config.h"
static ConfigDriver nops_cf_gen;
static int nops_cf_gen( ConfigArgs *c ) { return 0; }
static void
nops_rm_mod( Modifications **mods, Modifications *mod ) {
Modifications *next, *m;
next = mod->sml_next;
if (*mods == mod) {
*mods = next;
} else {
Modifications *m;
for (m = *mods; m; m = m->sml_next) {
if (m->sml_next == mod) {
m->sml_next = next;
break;
}
}
}
for (m = *mods; m; m = m->sml_next)
mod->sml_next = NULL;
slap_mods_free(mod, 1);
return;
}
static int
nops_modify( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
Backend *be = op->o_bd;
Entry *target_entry = NULL;
Modifications *m;
int rc;
if ((m = op->orm_modlist) == NULL) {
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
"nops() got null orm_modlist");
return(rs->sr_err);
}
op->o_bd = on->on_info->oi_origdb;
rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &target_entry);
op->o_bd = be;
if (rc != 0 || target_entry == NULL)
return 0;
/*
* For each attribute modification, check if the
* modification and the old entry are the same.
*/
while (m) {
int i, j;
int found;
Attribute *a;
BerVarray bm;
BerVarray bt;
Modifications *mc;
mc = m;
m = m->sml_next;
/* Check only replace sub-operations */
if ((mc->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)
continue;
/* If there is no values, skip */
if (((bm = mc->sml_values ) == NULL ) || (bm[0].bv_val == NULL))
continue;
/* If the attribute does not exist in old entry, skip */
if ((a = attr_find(target_entry->e_attrs, mc->sml_desc)) == NULL)
continue;
if ((bt = a->a_vals) == NULL)
continue;
/* For each value replaced, do we find it in old entry? */
found = 0;
for (i = 0; bm[i].bv_val; i++) {
for (j = 0; bt[j].bv_val; j++) {
if (bm[i].bv_len != bt[j].bv_len)
continue;
if (memcmp(bm[i].bv_val, bt[j].bv_val, bt[j].bv_len) != 0)
continue;
found++;
break;
}
}
/* Did we find as many values as we had in old entry? */
if (i != a->a_numvals || found != a->a_numvals)
continue;
/* This is a nop, remove it */
Debug(LDAP_DEBUG_TRACE, "removing nop on %s%s%s",
a->a_desc->ad_cname.bv_val, "", "");
nops_rm_mod(&op->orm_modlist, mc);
}
if (target_entry) {
op->o_bd = on->on_info->oi_origdb;
be_entry_release_r(op, target_entry);
op->o_bd = be;
}
if ((m = op->orm_modlist) == NULL) {
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
send_ldap_error(op, rs, LDAP_SUCCESS, "");
return(rs->sr_err);
return (rs->sr_err);
}
return SLAP_CB_CONTINUE;
}
static slap_overinst nops_ovl;
#if SLAPD_OVER_NOPS == SLAPD_MOD_DYNAMIC
static
#endif
int
nops_initialize( void ) {
nops_ovl.on_bi.bi_type = "nops";
nops_ovl.on_bi.bi_op_modify = nops_modify;
return overlay_register( &nops_ovl );
}
#if SLAPD_OVER_NOPS == SLAPD_MOD_DYNAMIC
int init_module(int argc, char *argv[]) {
return nops_initialize();
}
#endif
#endif /* defined(SLAPD_OVER_NOPS) */
.TH SLAPO-NOPS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2008 Emmanuel Dreyfus
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapo-nops \- Remove Null Operations Overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Some broken client tend to implement modifications as replace operations
where all attributes are replaced, most of the time by the same values
they had before. This can cause undesirable load on logs, ACL evaluation,
or replication trafic.
This overlay detects idempotent replace operations and filter them out.
.SH CONFIGURATION
This overlay had no specific configuration.
.SH EXAMPLES
.LP
.RS
.nf
overlay nops
.RE
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5).
.SH ACKNOWLEDGEMENTS
This module was written in 2008 by Emmanuel Dreyfus.
.so ../Project
......@@ -114,7 +114,7 @@ static const char hex[] = "0123456789abcdef";
/* From liblutil/passwd.c... */
static void lmPasswd_to_key(
const char *lmPasswd,
des_cblock *key)
DES_cblock *key)
{
const unsigned char *lpw = (const unsigned char *)lmPasswd;
unsigned char *k = (unsigned char *)key;
......@@ -162,10 +162,10 @@ static void lmhash(
)
{
char UcasePassword[15];
des_cblock key;
des_key_schedule schedule;
des_cblock StdText = "KGS!@#$%";
des_cblock hbuf[2];
DES_cblock key;
DES_key_schedule schedule;
DES_cblock StdText = "KGS!@#$%";
DES_cblock hbuf[2];
strncpy( UcasePassword, passwd->bv_val, 14 );
UcasePassword[14] = '\0';
......
Copyright 2007 Howard Chu, Symas Corp. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.
This directory contains a slapd overlay, usn, that extends slapd
to maintain the usnCreated and usnChanged operational attributes
normally used by Microsoft ActiveDirectory.
To use the overlay, add:
moduleload <path to>usn.so
...
database bdb
...
overlay usn
to your slapd configuration file. The schema definitions for the
two USN attributes are hardcoded in this overlay.
No Makefile is provided. Just compile with an invocation like
gcc -c -I ../../include/ -I ../../servers/slapd -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC usn.c
gcc -shared -o usn.so usn.o
This overlay is only set up to be built as a dynamically loaded module.
On most platforms, in order for the module to be usable, all of the
library dependencies must also be available as shared libraries.
If you need to build the overlay statically, you will have to move it into the
slapd/overlays directory and edit the Makefile and overlays.c to reference
it. You will also have to define SLAPD_OVER_USN to SLAPD_MOD_STATIC,
and add the relevant libraries to the main slapd link command.
/* usn.c - Maintain Microsoft-style Update Sequence Numbers */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2007-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Howard Chu for inclusion in
* OpenLDAP Software.
*/
#include "portable.h"
#ifdef SLAPD_OVER_USN
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "config.h"
/* This overlay intercepts write operations and adds a Microsoft-style
* USN to the target entry.
*/
typedef struct usn_info {
int ui_current;
ldap_pvt_thread_mutex_t ui_mutex;
} usn_info_t;
static AttributeDescription *ad_usnCreated, *ad_usnChanged;
static struct {
char *desc;
AttributeDescription **adp;
} as[] = {
{ "( 1.2.840.113556.1.2.19 "
"NAME 'uSNCreated' "
"SYNTAX '1.2.840.113556.1.4.906' "
"SINGLE-VALUE "
"NO-USER-MODIFICATION )",
&ad_usnCreated },
{ "( 1.2.840.113556.1.2.120 "
"NAME 'uSNChanged' "
"SYNTAX '1.2.840.113556.1.4.906' "
"SINGLE-VALUE "
"NO-USER-MODIFICATION )",
&ad_usnChanged },
{ NULL }
};
static int
usn_func( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
usn_info_t *ui = on->on_bi.bi_private;
int my_usn;
char intbuf[64];
struct berval bv[2];
ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
ui->ui_current++;
my_usn = ui->ui_current;
ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
BER_BVZERO(&bv[1]);
bv[0].bv_val = intbuf;
bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
switch(op->o_tag) {
case LDAP_REQ_ADD:
attr_merge( op->ora_e, ad_usnCreated, bv, NULL );
attr_merge( op->ora_e, ad_usnChanged, bv, NULL );
break;
case LDAP_REQ_DELETE:
/* Probably need to update root usnLastObjRem */
break;
default: {
/* Modify, ModDN */
Modifications *ml, *mod = ch_calloc( sizeof( Modifications ), 1 );
for ( ml = op->orm_modlist; ml && ml->sml_next; ml = ml->sml_next );
ml->sml_next = mod;
mod->sml_desc = ad_usnChanged;
mod->sml_numvals = 1;
value_add_one( &mod->sml_values, &bv[0] );
mod->sml_nvalues = NULL;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = 0;
mod->sml_next = NULL;
break;
}
}
return SLAP_CB_CONTINUE;
}
static int
usn_operational(
Operation *op,
SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
if ( rs->sr_entry &&
dn_match( &rs->sr_entry->e_nname, op->o_bd->be_nsuffix )) {
if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
ad_inlist( ad_usnChanged, rs->sr_attrs )) {
Attribute *a, **ap = NULL;
char intbuf[64];
struct berval bv;
int my_usn;
for ( a=rs->sr_entry->e_attrs; a; a=a->a_next ) {
if ( a->a_desc == ad_usnChanged )
break;
}
if ( !a ) {
for ( ap = &rs->sr_operational_attrs; *ap;
ap=&(*ap)->a_next );
a = attr_alloc( ad_usnChanged );
*ap = a;
}
if ( !ap ) {
if ( !rs->sr_flags & REP_ENTRY_MODIFIABLE ) {
rs->sr_entry = entry_dup( rs->sr_entry );
rs->sr_flags |=
REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
a = attr_find( rs->sr_entry->e_attrs,
ad_usnChanged );
}
ber_bvarray_free( a->a_vals );
a->a_vals = NULL;
a->a_numvals = 0;
}
ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
my_usn = ui->ui_current;
ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
bv.bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
bv.bv_val = intbuf;
attr_valadd( a, &bv, NULL, 1 );
}
}
return SLAP_CB_CONTINUE;
}
/* Read the old USN from the underlying DB. This code is
* stolen from the syncprov overlay.
*/
static int
usn_db_open(
BackendDB *be,
ConfigReply *cr)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
Entry *e = NULL;
Attribute *a;
int rc;
void *thrctx = NULL;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_bd = be;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
slap_schema.si_ad_contextCSN, 0, &e, on );
if ( e ) {
a = attr_find( e->e_attrs, ad_usnChanged );
if ( a ) {
ui->ui_current = atoi( a->a_vals[0].bv_val );
}
overlay_entry_release_ov( op, e, 0, on );
}
return 0;
}
static int
usn_db_init(
BackendDB *be,
ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
usn_info_t *ui;
if ( SLAP_ISGLOBALOVERLAY( be ) ) {
Debug( LDAP_DEBUG_ANY,
"usn must be instantiated within a database.\n",
0, 0, 0 );
return 1;
}
ui = ch_calloc(1, sizeof(usn_info_t));
ldap_pvt_thread_mutex_init( &ui->ui_mutex );
on->on_bi.bi_private = ui;
return 0;
}
static int
usn_db_close(
BackendDB *be,
ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
usn_info_t *ui = on->on_bi.bi_private;
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
SlapReply rs = {REP_RESULT};
void *thrctx;
Modifications mod;
SlapReply rsm = { 0 };
slap_callback cb = {0};
char intbuf[64];
struct berval bv[2];
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_bd = be;
BER_BVZERO( &bv[1] );
bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", ui->ui_current );
bv[0].bv_val = intbuf;
mod.sml_numvals = 1;
mod.sml_values = bv;
mod.sml_nvalues = NULL;
mod.sml_desc = ad_usnChanged;
mod.sml_op = LDAP_MOD_REPLACE;
mod.sml_flags = 0;
mod.sml_next = NULL;
cb.sc_response = slap_null_cb;
op->o_tag = LDAP_REQ_MODIFY;
op->o_callback = &cb;
op->orm_modlist = &mod;
op->orm_no_opattrs = 1;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->o_req_dn = op->o_bd->be_suffix[0];
op->o_req_ndn = op->o_bd->be_nsuffix[0];
op->o_bd->bd_info = on->on_info->oi_orig;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
op->o_no_schema_check = 1;
op->o_bd->be_modify( op, &rs );
if ( mod.sml_next != NULL ) {
slap_mods_free( mod.sml_next, 1 );
}
return 0;
}
static int
usn_db_destroy(
BackendDB *be,
ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
usn_info_t *ui = on->on_bi.bi_private;
ldap_pvt_thread_mutex_destroy( &ui->ui_mutex );
ch_free( ui );
on->on_bi.bi_private = NULL;
return 0;
}
/* This overlay is set up for dynamic loading via moduleload. For static
* configuration, you'll need to arrange for the slap_overinst to be
* initialized and registered by some other function inside slapd.
*/
static slap_overinst usn;
int
usn_init( void )
{
int i, code;
memset( &usn, 0, sizeof( slap_overinst ) );
usn.on_bi.bi_type = "usn";
usn.on_bi.bi_db_init = usn_db_init;
usn.on_bi.bi_db_destroy = usn_db_destroy;
usn.on_bi.bi_db_open = usn_db_open;
usn.on_bi.bi_db_close = usn_db_close;
usn.on_bi.bi_op_modify = usn_func;
usn.on_bi.bi_op_modrdn = usn_func;
usn.on_bi.bi_op_add = usn_func;
usn.on_bi.bi_op_delete = usn_func;
usn.on_bi.bi_operational = usn_operational;
for ( i = 0; as[i].desc; i++ ) {
code = register_at( as[i].desc, as[i].adp, 0 );
if ( code ) {
Debug( LDAP_DEBUG_ANY,
"usn_init: register_at #%d failed\n", i, 0, 0 );
return code;
}
}
return overlay_register( &usn );
}
#if SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC
int
init_module( int argc, char *argv[] )
{
return usn_init();
}
#endif /* SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC */
#endif /* defined(SLAPD_OVER_USN) */
......@@ -137,7 +137,9 @@ attribute name and also using a value selector:
There are two special {{pseudo}} attributes {{EX:entry}} and
{{EX:children}}. To read (and hence return) a target entry, the
subject must have {{EX:read}} access to the target's {{entry}}
attribute. To add or delete an entry, the subject must have
attribute. To perform a search, the subject must have
{{EX:search}} access to the search base's {{entry}} attribute.
To add or delete an entry, the subject must have
{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
have {{EX:write}} access to the entry's parent's {{EX:children}}
attribute. To rename an entry, the subject must have {{EX:write}}
......@@ -552,7 +554,9 @@ attribute name and also using a value selector:
There are two special {{pseudo}} attributes {{EX:entry}} and
{{EX:children}}. To read (and hence return) a target entry, the
subject must have {{EX:read}} access to the target's {{entry}}
attribute. To add or delete an entry, the subject must have
attribute. To perform a search, the subject must have
{{EX:search}} access to the search base's {{entry}} attribute.
To add or delete an entry, the subject must have
{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
have {{EX:write}} access to the entry's parent's {{EX:children}}
attribute. To rename an entry, the subject must have {{EX:write}}
......