Commit 0daad137 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Merge remote-tracking branch 'origin/master' into OPENLDAP_REL_ENG_2_5

parents ec6e95ff f926e667
Pipeline #414 passed with stage
in 32 minutes and 26 seconds
......@@ -2072,12 +2072,13 @@ print_paged_results( LDAP *ld, LDAPControl *ctrl )
return 1;
} else {
/* FIXME: check buffer overflow */
char buf[ BUFSIZ ], *ptr = buf;
int plen;
if ( estimate > 0 ) {
ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
"estimate=%d", estimate );
plen = sprintf( buf, "estimate=%d cookie=", estimate );
} else {
plen = sprintf( buf, "cookie=" );
}
if ( pr_cookie.bv_len > 0 ) {
......@@ -2085,29 +2086,26 @@ print_paged_results( LDAP *ld, LDAPControl *ctrl )
bv.bv_len = LUTIL_BASE64_ENCODE_LEN(
pr_cookie.bv_len ) + 1;
bv.bv_val = ber_memalloc( bv.bv_len + 1 );
ptr = ber_memalloc( bv.bv_len + 1 + plen );
bv.bv_val = ptr + plen;
strcpy( ptr, buf );
bv.bv_len = lutil_b64_ntop(
(unsigned char *) pr_cookie.bv_val,
pr_cookie.bv_len,
bv.bv_val, bv.bv_len );
ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
"%scookie=%s", ptr == buf ? "" : " ",
bv.bv_val );
ber_memfree( bv.bv_val );
pr_morePagedResults = 1;
} else {
ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
"%scookie=", ptr == buf ? "" : " " );
plen += bv.bv_len;
}
tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
ldif ? "pagedresults: " : "pagedresults",
buf, ptr - buf );
ptr, plen );
if ( ptr != buf )
ber_memfree( ptr );
}
return 0;
......
......@@ -1328,8 +1328,7 @@ Use
.B unlimited
to specify no limits.
The second format allows a fine grain setting of the size limits.
Extra args can be added in the same value or as additional values.
See
Extra args can be added in the same value. See
.BR olcLimits
for an explanation of the different flags.
.TP
......@@ -1352,8 +1351,7 @@ Use
.B unlimited
to specify no limits.
The second format allows a fine grain setting of the time limits.
Extra args can be added in the same value or as additional values.
See
Extra args can be added in the same value. See
.BR olcLimits
for an explanation of the different flags.
......
......@@ -49,10 +49,10 @@ of the proxy lined up with that of the proxied server.
.LP
Note: When looping back to the same instance of
.BR slapd (8),
each connection requires a new thread; as a consequence,
each connection requires a new thread; as a consequence, the
.BR slapd (8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, one may consider using
\fBthreads\fP parameter may need some tuning. In those cases,
one may consider using
.BR slapd\-relay (5)
instead, which performs the relayed operation
internally and thus reuses the same connection.
......@@ -144,10 +144,6 @@ The
.B idassert\-bind
feature, instead, in some cases can be crafted to implement that behavior,
which is \fIintrinsically unsafe and should be used with extreme care\fP.
This directive obsoletes
.BR acl\-authcDN ,
and
.BR acl\-passwd .
The TLS settings default to the same as the main slapd TLS settings,
except for
......@@ -393,14 +389,6 @@ The identity associated to this directive is also used for privileged
operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
is not. See \fBacl\-bind\fP for details.
This directive obsoletes
.BR idassert\-authcDN ,
.BR idassert\-passwd ,
.BR idassert\-mode ,
and
.BR idassert\-method .
.RE
.TP
.B idassert-passthru <authz-regexp>
if defined, selects what
......@@ -418,7 +406,6 @@ section related to
.BR authz\-policy ,
for details on the syntax of this field.
.TP
.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
......@@ -621,122 +608,6 @@ when set to
create a temporary connection whenever competing with other threads
for a shared one; otherwise, wait until the shared connection is available.
.SH BACKWARD COMPATIBILITY
The LDAP backend has been heavily reworked between releases 2.2 and 2.3,
and subsequently between 2.3 and 2.4.
As a side-effect, some of the traditional directives have been
deprecated and should be no longer used, as they might disappear
in future releases.
.TP
.B acl\-authcDN "<administrative DN for access control purposes>"
Formerly known as the
.BR binddn ,
it is the DN that is used to query the target server for acl checking;
it is supposed to have read access on the target server to attributes used
on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
.B idassert\-*
feature can be used (at own risk) for that purpose instead.
This directive is obsoleted by the
.B binddn
arg of
.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
.B acl\-passwd <password>
Formerly known as the
.BR bindpw ,
it is the password used with the above
.B acl\-authcDN
directive.
This directive is obsoleted by the
.B credentials
arg of
.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
.B idassert\-authcDN "<administrative DN for proxyAuthz purposes>"
DN which is used to propagate the client's identity to the target
by means of the proxyAuthz control when the client does not
belong to the DIT fragment that is being proxied by back-ldap.
This directive is obsoleted by the
.B binddn
arg of
.BR idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
.B idassert\-passwd <password>
Password used with the
.B idassert\-authcDN
above.
This directive is obsoleted by the
.B credentials
arg of
.B idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
.B idassert\-mode <mode> [<flags>]
defines what type of
.I identity assertion
is used.
This directive is obsoleted by the
.B mode
arg of
.BR idassert\-bind ,
and will be dismissed in the future.
.TP
.B idassert\-method <method> [<saslargs>]
This directive is obsoleted by the
.B bindmethod
arg of
.BR idassert\-bind ,
and will be dismissed in the future.
.TP
.B port <port>
this directive is no longer supported. Use the
.B uri
directive as described above.
.TP
.B server <hostname[:port]>
this directive is no longer supported. Use the
.B uri
directive as described above.
.TP
.B suffixmassage, map, rewrite*
These directives are no longer supported by back-ldap; their
functionality is now delegated to the
.B rwm
overlay. Essentially, add a statement
.B overlay rwm
first, and prefix all rewrite/map statements with
.B rwm\-
to obtain the original behavior.
See
.BR slapo\-rwm (5)
for details.
.\" However, to ease update from existing configurations, back-ldap still
.\" recognizes them and automatically instantiates the
.\" .B rwm
.\" overlay if available and not instantiated yet.
.\" This behavior may change in the future.
.SH ACCESS CONTROL
The
.B ldap
......
......@@ -49,10 +49,9 @@ of the proxy lined up with that of the proxied server.
.LP
Note: When looping back to the same instance of \fBslapd\fP(8),
each connection requires a new thread; as a consequence, \fBslapd\fP(8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, unless the multiple target feature
is required, one may consider using \fBslapd\-relay\fP(5) instead,
each connection requires a new thread; as a consequence, the \fBslapd\fP(8)
\fBthreads\fP parameter may need some tuning. In those cases, unless the
multiple target feature is required, one may consider using \fBslapd\-relay\fP(5) instead,
which performs the relayed operation internally and thus reuses
the same connection.
......
......@@ -39,7 +39,7 @@ They should appear after the
.B overlay
directive.
.TP
.B unique_uri <[strict ][ignore ]URI[URI...]...>
.B unique_uri <[strict ][ignore ][serialize ]URI[URI...]...>
Configure the base, attributes, scope, and filter for uniqueness
checking. Multiple URIs may be specified within a domain,
allowing complex selections of objects. Multiple
......@@ -50,9 +50,10 @@ attributes will create independent domains, each with their own
independent lists of URIs and ignore/strict settings.
Keywords
.B strict
.BR strict ,
.BR ignore ,
and
.B ignore
.B serialize
have to be enclosed in quotes (") together with the URI.
The LDAP URI syntax is a subset of
......@@ -119,6 +120,17 @@ mode extends the concept of uniqueness to include null values, such
that only one attribute within a subtree will be allowed to have a
null value. Strictness applies to all URIs within a uniqueness
domain, but some domains may be strict while others are not.
It is possible to enforce strict serialization of modifications by
prepending the keyword
.B serialize.
By default, no serialization is performed, so multiple modifications
occurring nearly simultaneously may see incomplete uniqueness results.
Using
.B serialize
will force individual write operations to fully complete before allowing
any others to proceed, to ensure that each operation's uniqueness checks
are consistent.
.LP
It is not possible to set both URIs and legacy slapo\-unique configuration
parameters simultaneously. In general, the legacy configuration options
......
......@@ -445,8 +445,12 @@ int ldap_pvt_gethostbyname_a(
*result=gethostbyname_r( name, resbuf, *buf, buflen, herrno_ptr );
r = (*result == NULL) ? -1 : 0;
#else
r = gethostbyname_r( name, resbuf, *buf,
buflen, result, herrno_ptr );
while((r = gethostbyname_r( name, resbuf, *buf, buflen, result, herrno_ptr )) == ERANGE) {
/* Increase the buffer */
buflen*=2;
if (safe_realloc(buf, buflen) == NULL)
return -1;
}
#endif
Debug2( LDAP_DEBUG_TRACE, "ldap_pvt_gethostbyname_a: host=%s, r=%d\n",
......
......@@ -86,8 +86,6 @@ enum {
/* Target attrs */
enum {
LDAP_BACK_CFG_URI = LDAP_BACK_CFG_LAST_BOTH,
LDAP_BACK_CFG_ACL_AUTHCDN,
LDAP_BACK_CFG_ACL_PASSWD,
LDAP_BACK_CFG_IDASSERT_AUTHZFROM,
LDAP_BACK_CFG_IDASSERT_BIND,
LDAP_BACK_CFG_SUFFIXM,
......@@ -115,32 +113,6 @@ static ConfigTable a_metacfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "acl-authcDN", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.2 "
"NAME 'olcDbACLAuthcDn' "
"DESC 'Remote ACL administrative identity' "
"OBSOLETE "
"SYNTAX OMsDN "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; aliases "acl-authcDN" */
{ "binddn", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
asyncmeta_back_cf_gen, NULL, NULL, NULL },
{ "acl-passwd", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.3 "
"NAME 'olcDbACLPasswd' "
"DESC 'Remote ACL administrative identity credentials' "
"OBSOLETE "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; aliases "acl-passwd" */
{ "bindpw", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
asyncmeta_back_cf_gen, NULL, NULL, NULL },
{ "idassert-bind", "args", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_BIND,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.7 "
......@@ -454,9 +426,7 @@ static ConfigOCs a_metaocs[] = {
"DESC 'Asyncmeta target configuration' "
"SUP olcConfig STRUCTURAL "
"MUST ( olcAsyncMetaSub $ olcDbURI ) "
"MAY ( olcDbACLAuthcDn "
"$ olcDbACLPasswd "
"$ olcDbIDAssertAuthzFrom "
"MAY ( olcDbIDAssertAuthzFrom "
"$ olcDbIDAssertBind "
"$ olcDbSuffixMassage "
"$ olcDbSubtreeExclude "
......@@ -1296,15 +1266,6 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
ber_bvarray_add( &c->rvalue_vals, &bv );
} break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
case LDAP_BACK_CFG_ACL_PASSWD:
/* FIXME no point here, there is no code implementing
* their features. Was this supposed to implement
* acl-bind like back-ldap?
*/
rc = 1;
break;
case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: {
BerVarray *bvp;
int i;
......@@ -2153,33 +2114,6 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
mc->mc_bind_timeout.tv_usec = c->value_ulong%1000000;
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
/* name to use for meta_back_group */
if ( strcasecmp( c->argv[ 0 ], "binddn" ) == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: "
"\"binddn\" statement is deprecated; "
"use \"acl-authcDN\" instead\n", c->log );
/* FIXME: some day we'll need to throw an error */
}
ber_memfree_x( c->value_dn.bv_val, NULL );
mt->mt_binddn = c->value_ndn;
BER_BVZERO( &c->value_dn );
BER_BVZERO( &c->value_ndn );
break;
case LDAP_BACK_CFG_ACL_PASSWD:
/* password to use for meta_back_group */
if ( strcasecmp( c->argv[ 0 ], "bindpw" ) == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s "
"\"bindpw\" statement is deprecated; "
"use \"acl-passwd\" instead\n", c->log );
/* FIXME: some day we'll need to throw an error */
}
ber_str2bv( c->argv[ 1 ], 0L, 1, &mt->mt_bindpw );
break;
case LDAP_BACK_CFG_REBIND:
/* save bind creds for referral rebinds? */
if ( c->argc == 1 || c->value_int ) {
......@@ -2469,8 +2403,6 @@ int
asyncmeta_back_init_cf( BackendInfo *bi )
{
int rc;
AttributeDescription *ad = NULL;
const char *text;
/* Make sure we don't exceed the bits reserved for userland */
config_check_userland( LDAP_BACK_CFG_LAST );
......@@ -2482,29 +2414,5 @@ asyncmeta_back_init_cf( BackendInfo *bi )
return rc;
}
/* setup olcDbAclPasswd and olcDbIDAssertPasswd
* to be base64-encoded when written in LDIF form;
* basically, we don't care if it fails */
rc = slap_str2ad( "olcDbACLPasswd", &ad, &text );
if ( rc ) {
Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
"warning, unable to get \"olcDbACLPasswd\" "
"attribute description: %d: %s\n", rc, text );
} else {
(void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
ad->ad_type->sat_oid );
}
ad = NULL;
rc = slap_str2ad( "olcDbIDAssertPasswd", &ad, &text );
if ( rc ) {
Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
"warning, unable to get \"olcDbIDAssertPasswd\" "
"attribute description: %d: %s\n", rc, text );
} else {
(void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
ad->ad_type->sat_oid );
}
return 0;
}
......@@ -43,16 +43,9 @@ static ConfigDriver ldap_pbind_cf_gen;
enum {
LDAP_BACK_CFG_URI = 1,
LDAP_BACK_CFG_TLS,
LDAP_BACK_CFG_ACL_AUTHCDN,
LDAP_BACK_CFG_ACL_PASSWD,
LDAP_BACK_CFG_ACL_METHOD,
LDAP_BACK_CFG_ACL_BIND,
LDAP_BACK_CFG_IDASSERT_MODE,
LDAP_BACK_CFG_IDASSERT_AUTHCDN,
LDAP_BACK_CFG_IDASSERT_PASSWD,
LDAP_BACK_CFG_IDASSERT_AUTHZFROM,
LDAP_BACK_CFG_IDASSERT_PASSTHRU,
LDAP_BACK_CFG_IDASSERT_METHOD,
LDAP_BACK_CFG_IDASSERT_BIND,
LDAP_BACK_CFG_REBIND,
LDAP_BACK_CFG_CHASE,
......@@ -73,7 +66,6 @@ enum {
LDAP_BACK_CFG_NOUNDEFFILTER,
LDAP_BACK_CFG_ONERR,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_OMIT_UNKNOWN_SCHEMA,
......@@ -100,37 +92,6 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "acl-authcDN", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
ldap_back_cf_gen, "( OLcfgDbAt:3.2 "
"NAME 'olcDbACLAuthcDn' "
"DESC 'Remote ACL administrative identity' "
"EQUALITY distinguishedNameMatch "
"OBSOLETE "
"SYNTAX OMsDN "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; aliases "acl-authcDN" */
{ "binddn", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_ACL_AUTHCDN,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "acl-passwd", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
ldap_back_cf_gen, "( OLcfgDbAt:3.3 "
"NAME 'olcDbACLPasswd' "
"DESC 'Remote ACL administrative identity credentials' "
"OBSOLETE "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; aliases "acl-passwd" */
{ "bindpw", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_PASSWD,
ldap_back_cf_gen, NULL, NULL, NULL },
/* deprecated, will be removed; aliases "acl-bind" */
{ "acl-method", "args", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_METHOD,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "acl-bind", "args", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_ACL_BIND,
ldap_back_cf_gen, "( OLcfgDbAt:3.4 "
......@@ -140,33 +101,6 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "idassert-authcDN", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN,
ldap_back_cf_gen, "( OLcfgDbAt:3.5 "
"NAME 'olcDbIDAssertAuthcDn' "
"DESC 'Remote Identity Assertion administrative identity' "
"EQUALITY distinguishedNameMatch "
"OBSOLETE "
"SYNTAX OMsDN "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; partially aliases "idassert-authcDN" */
{ "proxyauthzdn", "DN", 2, 2, 0,
ARG_DN|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHCDN,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "idassert-passwd", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD,
ldap_back_cf_gen, "( OLcfgDbAt:3.6 "
"NAME 'olcDbIDAssertPasswd' "
"DESC 'Remote Identity Assertion administrative identity credentials' "
"OBSOLETE "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
/* deprecated, will be removed; partially aliases "idassert-passwd" */
{ "proxyauthzpw", "cred", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_PASSWD,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "idassert-bind", "args", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_BIND,
ldap_back_cf_gen, "( OLcfgDbAt:3.7 "
......@@ -176,18 +110,6 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "idassert-method", "args", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_METHOD,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "idassert-mode", "mode>|u:<user>|[dn:]<DN", 2, 0, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_MODE,
ldap_back_cf_gen, "( OLcfgDbAt:3.8 "
"NAME 'olcDbIDAssertMode' "
"DESC 'Remote Identity Assertion mode' "
"OBSOLETE "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE)",
NULL, NULL },
{ "idassert-authzFrom", "authzRule", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDASSERT_AUTHZFROM,
ldap_back_cf_gen, "( OLcfgDbAt:3.9 "
......@@ -370,16 +292,6 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"X-ORDERED 'VALUES' )",
NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "map", "attribute|objectClass> [*|<local>] *|<remote", 3, 4, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "rewrite", "<arglist>", 2, 4, STRLENOF( "rewrite" ),
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
{ "omit-unknown-schema", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_OMIT_UNKNOWN_SCHEMA,
ldap_back_cf_gen, "( OLcfgDbAt:3.28 "
......@@ -409,13 +321,8 @@ static ConfigOCs ldapocs[] = {
"SUP olcDatabaseConfig "
"MAY ( olcDbURI "
"$ olcDbStartTLS "
"$ olcDbACLAuthcDn "
"$ olcDbACLPasswd "
"$ olcDbACLBind "
"$ olcDbIDAssertAuthcDn "
"$ olcDbIDAssertPasswd "
"$ olcDbIDAssertBind "
"$ olcDbIDAssertMode "
"$ olcDbIDAssertAuthzFrom "
"$ olcDbIDAssertPassThru "
"$ olcDbRebindAsUser "
......@@ -1068,13 +975,6 @@ ldap_back_cf_gen( ConfigArgs *c )
}
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
case LDAP_BACK_CFG_ACL_PASSWD:
case LDAP_BACK_CFG_ACL_METHOD:
/* handled by LDAP_BACK_CFG_ACL_BIND */
rc = 1;
break;
case LDAP_BACK_CFG_ACL_BIND: {
int i;
......@@ -1097,14 +997,6 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
}
case LDAP_BACK_CFG_IDASSERT_MODE:
case LDAP_BACK_CFG_IDASSERT_AUTHCDN:
case LDAP_BACK_CFG_IDASSERT_PASSWD:
case LDAP_BACK_CFG_IDASSERT_METHOD:
/* handled by LDAP_BACK_CFG_IDASSERT_BIND */
rc = 1;
break;
case LDAP_BACK_CFG_IDASSERT_AUTHZFROM:
case LDAP_BACK_CFG_IDASSERT_PASSTHRU: {
BerVarray *bvp;
......@@ -1502,25 +1394,10 @@ ldap_back_cf_gen( ConfigArgs *c )
rc = 1;