Merge branch 'OPENLDAP_REL_ENG_2_4' of ssh://git-master.openldap.org/~git/git/openldap into OPENLDAP_REL_ENG_2_4

Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

track a CSN per SID in the log->sl_mincsn

Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

Should SLAP_AUTH_DN be #defined in release now?

ITS#6975

Rich Megginson authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.

Hallvard Furuseth authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

Handle interrupted write() again.  Fix warnings/types.  #ifdef LDAP_DEBUG.

Pierangelo Masarati authored 14 years ago and Quanah Gibson-Mount committed 13 years ago

allow to specify a per-database list of attributes that need to be always collected, even if not explicitly requested by clients (addresses ITS#6513)