tatankato/openldap2
SHA256
1
0
Fork 0
forked from jengelh/openldap2
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=16

Browse Source
This commit is contained in:
OBS User unknown 2007-12-19 13:52:01 +00:00 committed by Git OBS Bridge
parent 650d5bb84d
commit dc736f58d9
15 changed files with 450 additions and 873 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

714
libldap-manpages.dif
View File

@ -1,714 +0,0 @@
Index: openldap-2.3.19/doc/man/man3/ldap.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap.3
+++ openldap-2.3.19/doc/man/man3/ldap.3
@@ -39,16 +39,21 @@ created using
and set the protocol version to 3 by calling
.BR ldap_set_option (3).
The underlying session is established first operation is
-issued. This would generally be a Start TLS or Bind operation.
+issued. This would generally be a Start TLS or Bind operation,
+or a Search operation to read attributes of the Root DSE.
A Start TLS operation is performed by calling
.BR ldap_start_tls_s (3).
A LDAP bind operation is performed by calling
.BR ldap_sasl_bind (3)
-or one of its friends. Subsequently, other operations are performed
+or one of its friends.
+A Search operation is performed by calling ldap_search_ext_s(3)
+or one of its friends.
+
+Subsequently, additional operations are performed
by calling one of the synchronous or asynchronous routines (e.g.,
-.BR ldap_search_ext_s (3)
+.BR ldap_compare_ext_s (3)
or
-.BR ldap_search_ext (3)
+.BR ldap_compare_ext (3)
followed by
.BR ldap_result (3)).
Results returned from these routines are interpreted by calling the
Index: openldap-2.3.19/doc/man/man3/ldap_bind.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3
+++ openldap-2.3.19/doc/man/man3/ldap_bind.3
@@ -1,9 +1,9 @@
.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.19 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
+ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -58,6 +58,18 @@ OpenLDAP LDAP (libldap, -lldap)
.\" .ft
.\" LDAP *ld;
.\" int (*rebindproc)();
+.LP
+.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
+.RS
+.BI LDAPControl *" cctrls "[]);"
+.RE
+.LP
+.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
+.RS
+.BI LDAPControl *" cctrls "[]);"
+.RE
+.LP
+.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params);"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
@@ -79,7 +91,6 @@ Both synchronous and asynchronous versio
call are provided. All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
-.LP
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
@@ -110,6 +121,41 @@ returns the message id of the request it
returns an LDAP error indication.
.SH SASL AUTHENTICATION
Description still under construction...
+.SH REBINDING
+.LP
+The
+.B ldap_set_rebind_proc
+function() sets the process to use for binding when an operation returns a
+referral. This function is used when an application needs to bind to another server
+in order to follow a referral or search continuation reference.
+.LP
+The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
+the arbitrary data like state information which the client might need to properly rebind.
+The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
+to use the rebind function. Use the
+.BR ldap_set_option
+function to set the value.
+.LP
+The rebind function has the following syntax.
+.B int rebind_function (LDAP *ld, const char *url,int request,ber_int_t msgid);
+.LP
+The \fIld\fP parameter must be used by the application when binding to the
+referred server if the application wants the libraries to follow the referral.
+.LP
+The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
+The LDAP application can use the
+.BR ldap_url_parse()
+.LP
+The \fIrequest\fP parameter specifies the request operation that generated the referral.
+function to parse the string into its components.
+.LP
+The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
+.LP
+The LDAP libraries set all the parameters when they call the rebind function. The application
+should not attempt to free either the ld or the url structures in the rebind function.
+.LP
+The application must supply to the rebind function the required authentication information such as,
+user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
@@ -154,16 +200,32 @@ both of these calls are synchronous in n
.\" If anything but LDAP_SUCCESS is returned by the first call to
.\" the rebindproc, then referral processing is stopped and that error code
.\" is returned for the original LDAP operation.
+.LP
+The
+.B ldap_unbind_ext()
+and
+.B ldap_unbind_ext_s()
+allows the operations to sepicify controls.
.SH ERRORS
Asynchronous routines will return -1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
for more information.
+.SH NOTES
+If an anonymous bind is sufficient for the application,the rebind process
+need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
+set to ON (default value) will automatically follow referrals using an anonymous bind.
+.LP
+If the application needs stronger authentication than an anonymous bind,
+you need to provide a rebind process for that authentication method.
+The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
+.BR ldap_set_option (3),
+.BR ldap_url_parse (3)
.B RFC 2222
(http://www.ietf.org),
.B Cyrus SASL
Index: openldap-2.3.19/doc/man/man3/ldap_bind.3.links
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3.links
+++ openldap-2.3.19/doc/man/man3/ldap_bind.3.links
@@ -7,3 +7,4 @@ ldap_unbind.3
ldap_unbind_ext.3
ldap_unbind_s.3
ldap_unbind_ext_s.3
+ldap_set_rebind_proc.3
Index: openldap-2.3.19/doc/man/man3/ldap_compare.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_compare.3
+++ openldap-2.3.19/doc/man/man3/ldap_compare.3
@@ -1,9 +1,9 @@
.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_compare, ldap_compare_s \- Perform an LDAP compare operation
+ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -22,6 +22,23 @@ int ldap_compare(ld, dn, attr, value)
.ft
LDAP *ld;
char *dn, *attr, *value;
+.LP
+.ft B
+int ldap_compare_ext(ld, dn, attr, bvalue, serverctrls, clientctrls, msgidp)
+.ft
+LDAP *ld;
+char *dn, *attr;
+const struct berval *bvalue;
+LDAPControl **serverctrls, **clientctrls;
+int *msgidp;
+.LP
+.ft B
+int ldap_compare_ext_s(ld, dn, attr, bvalue, serverctrls, clientctrls)
+.ft
+LDAP *ld;
+char *dn, *attr;
+const struct berval *bvalue;
+LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_compare_s()
@@ -40,6 +57,20 @@ asynchronously. It takes the same param
but returns the message id of the request it initiated. The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
+.LP
+The
+.B ldap_compare_ext()
+routine allows server and client controls to be
+specified to extend the compare request. This routine is asynchronous like
+ldap_compare(), but its return value is an LDAP error code. It stores the
+message id of the request in the integer pointed to by msgidp.
+.LP
+The
+.B ldap_compare_ext_s()
+routine is the synchronous version of
+.BR ldap_compare_ext().
+It also returns an LDAP error code indicating success
+or failure of the operation.
.SH ERRORS
.B ldap_compare_s()
returns an LDAP error code which can be interpreted
@@ -48,6 +79,12 @@ by calling one of
and friends. ldap_compare() returns
-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
+.LP
+.B ldap_compare_ext_s()
+and
+.B ldap_compare_ext()
+return some Non-zero value other than 0x05 or 0x06 in case of failure.
+0x05 corresponds to LDAP_COMPARE_FALSE and 0x06 corresponds to LDAP_COMPARE_TRUE.
.SH BUGS
There is no way to compare binary values, but there should be.
.SH SEE ALSO
Index: openldap-2.3.19/doc/man/man3/ldap_delete.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_delete.3
+++ openldap-2.3.19/doc/man/man3/ldap_delete.3
@@ -1,9 +1,9 @@
.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_delete, ldap_delete_s \- Perform an LDAP delete operation
+ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -22,22 +22,51 @@ int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
+.LP
+.ft B
+int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
+.ft
+LDAP *ld;
+char *dn;
+LDAPControl **serverctrls, **clientctrls;
+int *msgidp;
+.LP
+.ft B
+int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
+.ft
+LDAP *ld;
+char *dn;
+LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
-synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
+synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
-asynchronously. It takes the same parameters as
-.BR ldap_delete_s() ,
-but returns the message id of the request it initiated. The result of
+asynchronously. It takes the same parameters as
+.BR ldap_delete_s(),
+but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
+.LP
+The
+.B ldap_delete_ext()
+routine allows server and client controls to be
+specified to extend the delete request. This routine is asynchronous like
+ldap_delete(), but its return value is an LDAP error code. It stores the
+message id of the request in the integer pointed to by msgidp.
+.LP
+The
+.B ldap_delete_ext_s()
+routine is the synchronous version of
+.BR ldap_delete_ext().
+It also returns an LDAP error code indicating success
+or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
@@ -45,8 +74,14 @@ by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
-returns -1 if something went wrong initiating the request. It returns the
+returns -1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
+.LP
+.B ldap_delete_ext()
+and
+.B ldap_delete_ext_s()
+return some Non-zero value if
+something went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3
@@ -0,0 +1,64 @@
+.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_extended_operation( ld, requestoid, requestdata, sctrls[], cctrls[], msgidp );
+.ft
+LDAP *ld;
+const char *requestoid;
+const struct berval *requestdata;
+LDAPControl *sctrls[], *cctrls[];
+int *msgidp;
+.LP
+.ft B
+int ldap_extended_operation_s( ld, requestoid, requestdata, sctrls[], cctrls[], retoidp, retdatap );
+.ft
+LDAP *ld,
+const char *requestoid;
+const struct berval *requestdata;
+LDAPControl *sctrls[], *cctrls[];
+char **retoidp;
+struct berval **retdatap;
+.SH DESCRIPTION
+The
+.B ldap_extended_operation_s
+method is used to synchronously send an extended operation to the server.
+It takes \fIrequestoid\fP, which points to a dotted OID text string identifying
+the extended operation to perform. \fIrequestdata\fP is the data required for the
+operation, \fIseverctrls\fP is an array of LDAPControl structures to use with this
+extended operation,\fIclientctrls\fP is an array of LDAPControl structures that list
+the client controls to use with this extended operation .The input parameter
+\fIretoidp\fP points to a dotted-OID text string returned by the LDAP server.
+The memory used by the string should be freed with the ldap_memfree function.
+retdatap is an output parameter which points to a pointer to a berval structure
+that contains the returned data. If no data is returned, the server set this
+to NULL. The memory used by this structure should be freed with the ber_bvfree
+function.
+.LP
+The
+.B ldap_extended_operation
+works just like ldap_extended_operation_s, but the operation is asynchornous.
+It returns the message id of the request it initiated.
+The result of this operation can be obtained by calling
+.BR ldap_result(3).
+.SH NOTES
+The LDAP server must support the operation; otherwise an
+LDAP_NOT_SUPPORTED error is returned.
+.SH SEE ALSO
+.BR ldap_result (3),
+.BR ldap_parse_extended_result (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links
@@ -0,0 +1,2 @@
+ldap_extended_operation_s.3
+
Index: openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3
@@ -0,0 +1,44 @@
+.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_sort_control \- Decodes the information returned from a search operation
+that used a server-side sort control.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_sort_control(ld, ctrls, returnCode, attribute)
+.ft
+LDAP *ld;
+LDAPControl **ctrls;
+unsigned long *returnCode;
+char **attribute;
+.SH DESCRIPTION
+This function is used to parse the results returned in a search operation
+that uses a server-side sort control.
+.LP
+It takes a null terminated array of LDAPControl structures usually obtained
+by a call to the
+.BR ldap_parse_result
+function. A returncode which points to the sort control result code,and an array
+of LDAPControl structures that list the client controls to use with the search.
+The function also takes an out parameter \fIattribute\fP and if the sort operation
+fails, the server may return a string that indicates the first attribute in the
+sortKey list that caused the failure. If this parameter is NULL, no string is
+returned. If a string is returned, the memory should be freed by calling the
+ldap_memfree function.
+.SH NOTES
+.SH SEE ALSO
+.BR ldap_result (3),
+.BR ldap_controls_free (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3
@@ -0,0 +1,53 @@
+.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_vlv_control \- Decodes the information returned from a search operation that
+used a VLV (virtual list view) control.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep );
+.ft
+LDAP *ld;
+LDAPControl **ctrlp;
+unsigned long *target_posp, *list_countp;
+struct berval **contextp;
+int *errcodep;
+.SH DESCRIPTION
+The
+.B ldap_parse_vlv_control
+is used to decode the information returned from a search operation that used a
+VLV (virtual list view)control. It takes a null terminated array of LDAPControl
+structures, usually obtained by a call to the
+.BR ldap_parse_result function,
+a \fItarget_pos\fP which points to the list index of the target entry. If
+this parameter is NULL, the target position is not returned. The index returned
+is an approximation of the position of the target entry. It is
+not guaranteed to be exact. The parameter \fIlist_countp\fP points to
+the server's estimate of the size of the list. If this parameter is NULL, the
+size is not returned. \fIcontextp\fP is a pointer to the address of a berval
+structure that contains a server-generated context identifier if server returns
+one. If server does not return a context identifier, the server returns a NULL
+in this parameter. If this parameter is set to NULL, the context identifier is
+not returned. You should use this returned context in the next call to
+create a VLV control. When the berval structure is no longer needed, you should
+free the memory by calling the \fIber_bvfree function.e\fP
+\fIerrcodep\fP is an output paremeter, which points to the result code returned
+by the server. If this parameter is NULL, the result code is not returned.
+.LP
+See
+ldap.h for a list of possible return codes.
+.SH SEE ALSO
+.BR ldap_search (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_rename.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_rename.3
@@ -0,0 +1,69 @@
+.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_rename, ldap_rename_s \- Renames the specified entry.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp );
+.ft
+LDAP *ld;
+const char *dn, *newrdn, *newparent;
+int deleteoldrdn;
+LDAPControl *sctrls[], *cctrls[];
+int *msgidp);
+.LP
+.ft B
+int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] );
+.ft
+LDAP *ld;
+const char *dn, *newrdn, *newparent;
+int deleteoldrdn;
+LDAPControl *sctrls[], *cctrls[];
+.SH DESCRIPTION
+These routines are used to perform a LDAP rename operation.
+The function changes the leaf component of an entry's distinguished
+name and optionally moves the entry to a new parent container. The
+.B ldap_rename_s
+performs a rename operation synchronously.
+The method takes \fIdn\fP, which points to the distinguished name of
+the entry whose attribute is being compared, \fInewparent\fP,the distinguished
+name of the entry's new parent. If this parameter is NULL, only the RDN is changed.
+The root DN is specified by passing a zero length string, "".
+\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted.
+Zero indicates that the old RDN should be retained. If you choose this option,
+the attribute will contain both names (the old and the new).
+Non-zero indicates that the old RDN should be deleted.
+\fIserverctrls\fP points to an array of LDAPControl structures that list the
+client controls to use with this extended operation. Use NULL to specify
+no client controls. \fIclientctrls\fP points to an array of LDAPControl
+structures that list the client controls to use with the search.
+.LP
+.B ldap_rename
+works just like
+.B ldap_rename_s,
+but the operation is asynchornous. It returns the message id of the request
+it initiated. The result of this operation can be obtained by calling
+.BR ldap_result(3).
+.SH ERRORS
+.B ldap_rename()
+returns -1 in case of error initiating the request, and
+will set the \fIld_errno\fP field in the \fIld\fP parameter to
+indicate the error.
+.BR ldap_rename_s()
+returns the LDAP error code resulting from the rename operation.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_modify (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_rename.3.links
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_rename.3.links
@@ -0,0 +1,2 @@
+ldap_rename_s.3
+
Index: openldap-2.3.19/doc/man/man3/ldap_result.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_result.3
+++ openldap-2.3.19/doc/man/man3/ldap_result.3
@@ -72,7 +72,8 @@ all references, all extended partial res
result have been received.
.LP
Upon success, the type of the result received is returned and the
-\fIresult\fP parameter will contain the result of the operation. This
+\fIresult\fP parameter will contain the result of the operation;
+otherwise, the \fIresult\fP parameter is undefined. This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
Index: openldap-2.3.19/doc/man/man3/ldap_search.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_search.3
+++ openldap-2.3.19/doc/man/man3/ldap_search.3
@@ -1,9 +1,9 @@
.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.6 2007/01/02 21:43:45 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.21 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation
+ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -41,6 +41,35 @@ char *filter, *attrs[]
int attrsonly;
struct timeval *timeout;
LDAPMessage **res;
+.LP
+.ft B
+int ldap_search_ext(ld, base, scope, filter, attrs, attrsonly, serverctrls,
+.ft
+clientctrls, timeout, sizelimit, msgidp)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+LDAPControl **serverctrls, **clientctrls;
+struct timeval *timeout;
+int sizelimit, *msgidp;
+.LP
+.ft B
+int ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls,
+.ft
+clientctrls, timeout, sizelimit, res)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+LDAPControl **serverctrls, **clientctrls;
+struct timeval *timeout;
+int sizelimit;
+LDAPMessage **res;
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
.B ldap_search_s()
@@ -59,6 +88,7 @@ LDAP_SCOPE_ONELEVEL, to search the objec
or LDAP_SCOPE_SUBTREE, to search the object and all its descendants.
.LP
\fIFilter\fP is a string
+
representation of the filter to apply in the search. Simple filters
can be specified as \fI(attributetype=attributevalue)\fP. More complex
filters are specified using a prefix notation according to the following
@@ -99,8 +129,24 @@ To request no attributes, the type "1.1"
should be listed by itself.
.LP
\fIAttrsonly\fP should be set to 1 if
-only attribute types are wanted. It should be set to 0 if both
+only attribute types are wanted. It should be set to 0 if both
attributes types and attribute values are wanted.
+.LP
+.B ldap_search_ext()
+routine allows server and client controls to be specified to extend
+the search request. This routine is asynchronous like
+.BR ldap_search() ,
+but its return value is an LDAP error code. It stores the message id
+of the request in the integer pointed to
+by
+.IR msgidp .
+.LP
+The
+.B ldap_search_ext_s()
+routine is the synchronous version of
+.BR ldap_search_ext().
+It also returns an LDAP error code indicating success or failure
+of the operation.
.SH ERRORS
.B ldap_search_s()
and
@@ -111,15 +157,28 @@ See
for details.
.B ldap_search()
returns -1 in case of trouble.
+.LP
+.B ldap_search_s(),
+.B ldap_search_ext_s
+and
+.B ldap_search_st()
+will return the LDAP error code resulting from the search operation.
+See
+.BR ldap_error (3)
+for details.
+.B ldap_search()
+and
+.B ldap_search_ext
+returns -1 in case of trouble.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
-These routines may dynamically allocate memory. The caller is
+These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
-routines. Return values are contained in <ldap.h>.
+routines. Return values are contained in <ldap.h>.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),

3
openldap-2.3.39.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5aff2138b220a8935713a7bef7bedaaa3a5a4126023f2f2b639d27c9b2fe6c01
size 2954905

3
openldap-2.4.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e01ba11f8bf904b1c1507f52d18ccb83f8c3141cf1d5fec3eaac01833f32739
size 3283611

3
openldap-admin-guide.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dd03c8f47c7cd3bf9eb08c6b7245f3afa1eb3dbfeb0212235f129ec3d38a8fec
size 91075

40
openldap-ntlm.diff
View File

@ -27,26 +27,6 @@
+
LDAP_END_DECL
#endif /* _LDAP_H */
--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
@@ -20,7 +20,7 @@
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
@@ -29,7 +29,7 @@
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- /dev/null 2004-06-30 15:04:37.000000000 -0400
+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
@@ -0,0 +1,137 @@
@ -187,3 +167,23 @@
+
+ return( ld->ld_errno );
+}
--- libraries/libldap/Makefile.in 2007/02/21 16:33:57 1.1
+++ libraries/libldap/Makefile.in 2007/02/21 16:36:42
@@ -20,7 +20,7 @@
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
@@ -31,7 +31,7 @@
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \

4
openldap-rc.tgz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e9338b64501752c54ac1be438c424402fb9cb9386112da0c59802da192a0981
size 4903
oid sha256:84bacc3aed76e118b16d780980db56df1cc81dcb4644a429d34b7d7cb774bac4
size 4836

65
openldap2-client.changes
View File

@ -1,3 +1,68 @@
-------------------------------------------------------------------
Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de
- Update to Version 2.4.7. Most important changes:
* Added slapd ordered indexing of integer attributes (ITS#5239)
* Fixed slapd paged results control handling (ITS#5191)
* Fixed slapd sasl-host parsing (ITS#5209)
* Fixed slapd filter normalization (ITS#5212)
* Fixed slapd multiple suffix checking (ITS#5186)
* Fixed slapd paged results handling when using rootdn (ITS#5230)
* Fixed slapd syncrepl presentlist handling (ITS#5231)
* Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
* Fixed slapd 3-way Multi-Master Replication (ITS#5238)
* Fixed slapd hash collisions in index slots (ITS#5183)
* Fixed slapd replication of dSAOperation attributes (ITS#5268)
* Fixed slapadd contextCSN updating (ITS#5225)
* Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
* Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
* Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
* Fixed slapd-hdb caching on rename ops (ITS#5221)
* Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
* Fixed slapo-dds deleting from nonexistent db (ITS#5267)
* Fixed slapo-memberOf deleted values saving (ITS#5258)
* Fixed slapo-pcache op->o_abandon handling (ITS#5187)
* Fixed slapo-ppolicy single password check on modify (ITS#5146)
* Fixed slapo-ppolicy internal search (ITS#5235)
* Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
* Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
* Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
-------------------------------------------------------------------
Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de
- check for duplicates in getaddrinfo results and ignore them.
(Bug #288879)
-------------------------------------------------------------------
Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de
- The init-script removed directory access on /etc/openldap/slapd.d
(Bug #344091)
-------------------------------------------------------------------
Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de
- Update to Version 2.4.6. Initial 2.4 release for "general use".
New features:
* Usability/Manageability:
- More complete Documentation (manual pages and Admin Guide)
- dynamic configuration and monitoring improvments
* More functionality
- New overlays (dds, memberof, constraint)
- Multimaster syncrepl replication
* Performance improvments:
- Further optimized frontend
- Reduced locking contention in backend
- back-config support through new sysconfig option
"OPENLDAP_CONFIG_BACKEND"
- Install admin guide from the main tarball, to get rid of the
admin-guide tarball
- New sysconfig options:
* OPENLDAP_START_LDAP to allow to disable the ldap:// listener
* OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
listeners
-------------------------------------------------------------------
Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de

106
openldap2-client.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package openldap2-client (Version 2.3.39)
# spec file for package openldap2-client (Version 2.4.7)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -27,14 +27,13 @@ Conflicts: openldap-client
Summary: OpenLDAP2 Client Utilities
%endif
AutoReqProv: on
Version: 2.3.39
Release: 1
Version: 2.4.7
Release: 2
Source: openldap-%{version}.tar.bz2
Source1: openldap-rc.tgz
Source2: openldap-admin-guide.tar.bz2
Source3: addonschema.tar.gz
Source4: DB_CONFIG
Source5: sasl-slapd.conf
Source2: addonschema.tar.gz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
Patch: openldap2.dif
Patch1: secpatch.dif
Patch2: slapd_conf.dif
@ -43,8 +42,7 @@ Patch4: ldapi_url.dif
Patch5: openldap-ntlm.diff
Patch6: libldap-gethostbyname_r.dif
Patch7: pie-compile.dif
Patch8: libldap-manpages.dif
Patch9: slapd_chain_return_error.dif
Patch8: slapd_getaddrinfo_dupl.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -109,7 +107,7 @@ Authors:
The OpenLDAP Project <project@openldap.org>
%prep
%setup -q -n openldap-%{version} -a1 -a2 -a3
%setup -q -n openldap-%{version} -a1 -a2
%patch
%patch1
%patch2
@ -117,11 +115,8 @@ Authors:
%patch4
%patch5
%patch6
%if %suse_version > 920
%patch7
%endif
%patch8 -p1
%patch9 -p1
%build
%{?suse_update_config:%{suse_update_config -f build}}
@ -166,9 +161,6 @@ make depend
make %{?jobs:-j%jobs}
%check
rm tests/scripts/test022-ppolicy
rm tests/scripts/test036-meta-concurrency
rm tests/scripts/test039-glue-ldap-concurrency
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
@ -177,6 +169,7 @@ if [ -f /.buildenv ] ; then
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
rm -f tests/scripts/test022-ppolicy
make test
%endif
@ -185,15 +178,13 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/usr/sbin
make DESTDIR=$RPM_BUILD_ROOT install
install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd
ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/
install -m 644 apparmor/usr.lib.openldap.slapd $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
@ -201,10 +192,12 @@ chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
%endif
@ -226,28 +219,26 @@ cat >openldap2.filelist <<EOF
%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd
%config /etc/init.d/ldap
%config /etc/init.d/slurpd
/etc/sysconfig/SuSEfirewall2.d/services/openldap
/usr/sbin/rcldap
/usr/sbin/rcslurpd
/usr/sbin/slap*
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
/etc/openldap/schema
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
%config(noreplace) /var/lib/ldap/DB_CONFIG
%config(noreplace) /var/lib/ldap/DB_CONFIG.example
%attr(640, root, ldap) /etc/openldap/slapd.conf.default
%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /usr/lib/openldap/modules
/usr/lib/openldap/slapd
/usr/lib/openldap/slurpd
%dir %attr(0700, ldap, ldap) /var/lib/ldap
%dir %attr(0700, ldap, ldap) /var/run/slapd
/var/lib/slurpd
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-config.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
@ -256,7 +247,7 @@ cat >openldap2.filelist <<EOF
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%doc ANNOUNCEMENT COPYRIGHT INSTALL LICENSE README CHANGES
%doc doc/drafts doc/install doc/admin-guide
%doc doc/drafts doc/guide
EOF
#
cat > openldap2-client.filelist <<EOF
@ -266,6 +257,7 @@ cat > openldap2-client.filelist <<EOF
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
@ -322,14 +314,14 @@ if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD}
%{fillup_and_insserv -n -s openldap ldap START_LDAP}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%preun
%stop_on_removal ldap slurpd
%stop_on_removal ldap
%postun
%restart_on_update ldap slurpd
%restart_on_update ldap
%insserv_cleanup
%files -f openldap2.filelist
@ -352,7 +344,61 @@ fi
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%endif
%changelog
* Fri Dec 14 2007 - rhafer@suse.de
- Update to Version 2.4.7. Most important changes:
* Added slapd ordered indexing of integer attributes (ITS#5239)
* Fixed slapd paged results control handling (ITS#5191)
* Fixed slapd sasl-host parsing (ITS#5209)
* Fixed slapd filter normalization (ITS#5212)
* Fixed slapd multiple suffix checking (ITS#5186)
* Fixed slapd paged results handling when using rootdn (ITS#5230)
* Fixed slapd syncrepl presentlist handling (ITS#5231)
* Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
* Fixed slapd 3-way Multi-Master Replication (ITS#5238)
* Fixed slapd hash collisions in index slots (ITS#5183)
* Fixed slapd replication of dSAOperation attributes (ITS#5268)
* Fixed slapadd contextCSN updating (ITS#5225)
* Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
* Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
* Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
* Fixed slapd-hdb caching on rename ops (ITS#5221)
* Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
* Fixed slapo-dds deleting from nonexistent db (ITS#5267)
* Fixed slapo-memberOf deleted values saving (ITS#5258)
* Fixed slapo-pcache op->o_abandon handling (ITS#5187)
* Fixed slapo-ppolicy single password check on modify (ITS#5146)
* Fixed slapo-ppolicy internal search (ITS#5235)
* Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
* Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
* Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
* Thu Nov 29 2007 - rhafer@suse.de
- check for duplicates in getaddrinfo results and ignore them.
(Bug #288879)
* Tue Nov 27 2007 - rhafer@suse.de
- The init-script removed directory access on /etc/openldap/slapd.d
(Bug #344091)
* Mon Nov 26 2007 - rhafer@suse.de
- Update to Version 2.4.6. Initial 2.4 release for "general use".
New features:
* Usability/Manageability:
- More complete Documentation (manual pages and Admin Guide)
- dynamic configuration and monitoring improvments
* More functionality
- New overlays (dds, memberof, constraint)
- Multimaster syncrepl replication
* Performance improvments:
- Further optimized frontend
- Reduced locking contention in backend
- back-config support through new sysconfig option
"OPENLDAP_CONFIG_BACKEND"
- Install admin guide from the main tarball, to get rid of the
admin-guide tarball
- New sysconfig options:
* OPENLDAP_START_LDAP to allow to disable the ldap:// listener
* OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
listeners
* Mon Oct 29 2007 - rhafer@suse.de
- Update to Version 2.3.39. Most important changes:
* Fixed slapd database/overlay config conflict (ITS#4848)

65
openldap2.changes
View File

@ -1,3 +1,68 @@
-------------------------------------------------------------------
Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de
- Update to Version 2.4.7. Most important changes:
* Added slapd ordered indexing of integer attributes (ITS#5239)
* Fixed slapd paged results control handling (ITS#5191)
* Fixed slapd sasl-host parsing (ITS#5209)
* Fixed slapd filter normalization (ITS#5212)
* Fixed slapd multiple suffix checking (ITS#5186)
* Fixed slapd paged results handling when using rootdn (ITS#5230)
* Fixed slapd syncrepl presentlist handling (ITS#5231)
* Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
* Fixed slapd 3-way Multi-Master Replication (ITS#5238)
* Fixed slapd hash collisions in index slots (ITS#5183)
* Fixed slapd replication of dSAOperation attributes (ITS#5268)
* Fixed slapadd contextCSN updating (ITS#5225)
* Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
* Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
* Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
* Fixed slapd-hdb caching on rename ops (ITS#5221)
* Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
* Fixed slapo-dds deleting from nonexistent db (ITS#5267)
* Fixed slapo-memberOf deleted values saving (ITS#5258)
* Fixed slapo-pcache op->o_abandon handling (ITS#5187)
* Fixed slapo-ppolicy single password check on modify (ITS#5146)
* Fixed slapo-ppolicy internal search (ITS#5235)
* Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
* Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
* Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
-------------------------------------------------------------------
Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de
- check for duplicates in getaddrinfo results and ignore them.
(Bug #288879)
-------------------------------------------------------------------
Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de
- The init-script removed directory access on /etc/openldap/slapd.d
(Bug #344091)
-------------------------------------------------------------------
Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de
- Update to Version 2.4.6. Initial 2.4 release for "general use".
New features:
* Usability/Manageability:
- More complete Documentation (manual pages and Admin Guide)
- dynamic configuration and monitoring improvments
* More functionality
- New overlays (dds, memberof, constraint)
- Multimaster syncrepl replication
* Performance improvments:
- Further optimized frontend
- Reduced locking contention in backend
- back-config support through new sysconfig option
"OPENLDAP_CONFIG_BACKEND"
- Install admin guide from the main tarball, to get rid of the
admin-guide tarball
- New sysconfig options:
* OPENLDAP_START_LDAP to allow to disable the ldap:// listener
* OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
listeners
-------------------------------------------------------------------
Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de

38
openldap2.dif
View File

@ -1,6 +1,8 @@
--- build/top.mk
Index: build/top.mk
===================================================================
--- build/top.mk.orig
+++ build/top.mk
@@ -39,7 +39,7 @@
@@ -39,7 +39,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localstatedir = @localstatedir@
mandir = @mandir@
@ -9,7 +11,7 @@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@$(ldap_subdir)
@@ -58,7 +58,7 @@
@@ -58,7 +58,7 @@ INSTALL_PROGRAM = $(INSTALL)
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_SCRIPT = $(INSTALL)
@ -18,9 +20,11 @@
LINT = lint
5LINT = 5lint
--- configure.in
Index: configure.in
===================================================================
--- configure.in.orig
+++ configure.in
@@ -64,7 +64,9 @@
@@ -67,7 +67,9 @@ dnl Determine host platform
dnl we try not to use this for much
AC_CANONICAL_TARGET([])
@ -31,9 +35,11 @@
AC_SUBST(PACKAGE)dnl
AC_SUBST(VERSION)dnl
AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
--- servers/slapd/aclparse.c
Index: servers/slapd/aclparse.c
===================================================================
--- servers/slapd/aclparse.c.orig
+++ servers/slapd/aclparse.c
@@ -662,7 +662,7 @@
@@ -644,7 +644,7 @@ parse_acl(
if ( rc != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
@ -42,3 +48,21 @@
" attr \"%s\" normalization failed (%d: %s)",
fname, lineno,
a->acl_attrs[ 0 ].an_name.bv_val, rc, text );
Index: libraries/libldap/result.c
===================================================================
--- libraries/libldap/result.c.orig
+++ libraries/libldap/result.c
@@ -639,10 +639,12 @@ retry_ber:
if ( LDAP_IS_UDP(ld) && isv2 ) {
ber_scanf(ber, "x{");
}
-nextresp2:
#endif
}
+#ifdef LDAP_CONNECTIONLESS
+nextresp2:
+#endif
/* the message type */
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_ERROR ) {

106
openldap2.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package openldap2 (Version 2.3.39)
# spec file for package openldap2 (Version 2.4.7)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -27,14 +27,13 @@ Conflicts: openldap-client
Summary: The New OpenLDAP Server (LDAPv3)
%endif
AutoReqProv: on
Version: 2.3.39
Release: 1
Version: 2.4.7
Release: 2
Source: openldap-%{version}.tar.bz2
Source1: openldap-rc.tgz
Source2: openldap-admin-guide.tar.bz2
Source3: addonschema.tar.gz
Source4: DB_CONFIG
Source5: sasl-slapd.conf
Source2: addonschema.tar.gz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
Patch: openldap2.dif
Patch1: secpatch.dif
Patch2: slapd_conf.dif
@ -43,8 +42,7 @@ Patch4: ldapi_url.dif
Patch5: openldap-ntlm.diff
Patch6: libldap-gethostbyname_r.dif
Patch7: pie-compile.dif
Patch8: libldap-manpages.dif
Patch9: slapd_chain_return_error.dif
Patch8: slapd_getaddrinfo_dupl.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -112,7 +110,7 @@ Authors:
The OpenLDAP Project <project@openldap.org>
%prep
%setup -q -n openldap-%{version} -a1 -a2 -a3
%setup -q -n openldap-%{version} -a1 -a2
%patch
%patch1
%patch2
@ -120,11 +118,8 @@ Authors:
%patch4
%patch5
%patch6
%if %suse_version > 920
%patch7
%endif
%patch8 -p1
%patch9 -p1
%build
%{?suse_update_config:%{suse_update_config -f build}}
@ -169,9 +164,6 @@ make depend
make %{?jobs:-j%jobs}
%check
rm tests/scripts/test022-ppolicy
rm tests/scripts/test036-meta-concurrency
rm tests/scripts/test039-glue-ldap-concurrency
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
@ -180,6 +172,7 @@ if [ -f /.buildenv ] ; then
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
rm -f tests/scripts/test022-ppolicy
make test
%endif
@ -188,15 +181,13 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/usr/sbin
make DESTDIR=$RPM_BUILD_ROOT install
install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd
ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/
install -m 644 apparmor/usr.lib.openldap.slapd $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
@ -204,10 +195,12 @@ chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
%endif
@ -229,28 +222,26 @@ cat >openldap2.filelist <<EOF
%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd
%config /etc/init.d/ldap
%config /etc/init.d/slurpd
/etc/sysconfig/SuSEfirewall2.d/services/openldap
/usr/sbin/rcldap
/usr/sbin/rcslurpd
/usr/sbin/slap*
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
/etc/openldap/schema
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
%config(noreplace) /var/lib/ldap/DB_CONFIG
%config(noreplace) /var/lib/ldap/DB_CONFIG.example
%attr(640, root, ldap) /etc/openldap/slapd.conf.default
%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /usr/lib/openldap/modules
/usr/lib/openldap/slapd
/usr/lib/openldap/slurpd
%dir %attr(0700, ldap, ldap) /var/lib/ldap
%dir %attr(0700, ldap, ldap) /var/run/slapd
/var/lib/slurpd
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-config.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
@ -259,7 +250,7 @@ cat >openldap2.filelist <<EOF
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%doc ANNOUNCEMENT COPYRIGHT INSTALL LICENSE README CHANGES
%doc doc/drafts doc/install doc/admin-guide
%doc doc/drafts doc/guide
EOF
#
cat > openldap2-client.filelist <<EOF
@ -269,6 +260,7 @@ cat > openldap2-client.filelist <<EOF
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
@ -325,14 +317,14 @@ if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD}
%{fillup_and_insserv -n -s openldap ldap START_LDAP}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%preun
%stop_on_removal ldap slurpd
%stop_on_removal ldap
%postun
%restart_on_update ldap slurpd
%restart_on_update ldap
%insserv_cleanup
%files -f openldap2.filelist
@ -355,7 +347,61 @@ fi
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%endif
%changelog
* Fri Dec 14 2007 - rhafer@suse.de
- Update to Version 2.4.7. Most important changes:
* Added slapd ordered indexing of integer attributes (ITS#5239)
* Fixed slapd paged results control handling (ITS#5191)
* Fixed slapd sasl-host parsing (ITS#5209)
* Fixed slapd filter normalization (ITS#5212)
* Fixed slapd multiple suffix checking (ITS#5186)
* Fixed slapd paged results handling when using rootdn (ITS#5230)
* Fixed slapd syncrepl presentlist handling (ITS#5231)
* Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
* Fixed slapd 3-way Multi-Master Replication (ITS#5238)
* Fixed slapd hash collisions in index slots (ITS#5183)
* Fixed slapd replication of dSAOperation attributes (ITS#5268)
* Fixed slapadd contextCSN updating (ITS#5225)
* Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
* Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
* Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
* Fixed slapd-hdb caching on rename ops (ITS#5221)
* Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
* Fixed slapo-dds deleting from nonexistent db (ITS#5267)
* Fixed slapo-memberOf deleted values saving (ITS#5258)
* Fixed slapo-pcache op->o_abandon handling (ITS#5187)
* Fixed slapo-ppolicy single password check on modify (ITS#5146)
* Fixed slapo-ppolicy internal search (ITS#5235)
* Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
* Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
* Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
* Thu Nov 29 2007 - rhafer@suse.de
- check for duplicates in getaddrinfo results and ignore them.
(Bug #288879)
* Tue Nov 27 2007 - rhafer@suse.de
- The init-script removed directory access on /etc/openldap/slapd.d
(Bug #344091)
* Mon Nov 26 2007 - rhafer@suse.de
- Update to Version 2.4.6. Initial 2.4 release for "general use".
New features:
* Usability/Manageability:
- More complete Documentation (manual pages and Admin Guide)
- dynamic configuration and monitoring improvments
* More functionality
- New overlays (dds, memberof, constraint)
- Multimaster syncrepl replication
* Performance improvments:
- Further optimized frontend
- Reduced locking contention in backend
- back-config support through new sysconfig option
"OPENLDAP_CONFIG_BACKEND"
- Install admin guide from the main tarball, to get rid of the
admin-guide tarball
- New sysconfig options:
* OPENLDAP_START_LDAP to allow to disable the ldap:// listener
* OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
listeners
* Mon Oct 29 2007 - rhafer@suse.de
- Update to Version 2.3.39. Most important changes:
* Fixed slapd database/overlay config conflict (ITS#4848)

24
pie-compile.dif
View File

@ -48,18 +48,6 @@
XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS)
--- servers/slurpd/Makefile.in 2005/06/22 09:28:58 1.1
+++ servers/slurpd/Makefile.in 2005/06/22 10:05:30
@@ -38,6 +38,9 @@
all-local-srv: $(PROGRAMS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
# $(LTHREAD_LIBS) must be last!
XLIBS = $(SLURPD_L)
XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
--- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1
+++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22
@@ -37,6 +37,9 @@
@ -78,18 +66,6 @@
MOD_DEFS = $(@BUILD_HDB@_DEFS)
MOD_LIBS = $(LDBM_LIBS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- servers/slapd/back-ldbm/Makefile.in 2005/06/22 10:05:41 1.1
+++ servers/slapd/back-ldbm/Makefile.in 2005/06/22 11:30:52
@@ -36,6 +36,9 @@
MOD_DEFS = $(@BUILD_LDBM@_DEFS)
MOD_LIBS = $(LDBM_LIBS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+

19
slapd_chain_return_error.dif
View File

@ -1,19 +0,0 @@
Index: openldap-2.3.24/doc/man/man5/slapo-chain.5
===================================================================
--- openldap-2.3.24.orig/doc/man/man5/slapo-chain.5
+++ openldap-2.3.24/doc/man/man5/slapo-chain.5
@@ -79,6 +79,14 @@ These URIs inherit the properties config
\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
directive; in detail, they are essentially chained anonymously.
.TP
+.B chain-return-error {FALSE|true}
+In case referral chasing fails, the real error is returned instead
+of the original referral. In case multiple referral URIs are present,
+only the first error is returned. This behavior may not be always
+appropriate nor desirable, since failures in referral chasing might be
+better resolved by the client (e.g. when caused by distributed
+authentication issues).
+.TP
.B chain-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.

28
slapd_conf.dif
View File

@ -1,7 +1,5 @@
Index: servers/slapd/slapd.conf
===================================================================
--- servers/slapd/slapd.conf.orig
+++ servers/slapd/slapd.conf
--- servers/slapd/slapd.conf 2007/02/21 16:27:01 1.1
+++ servers/slapd/slapd.conf 2007/02/21 16:29:20
@@ -3,6 +3,10 @@
# This file should NOT be world readable.
#
@ -13,7 +11,7 @@ Index: servers/slapd/slapd.conf
# Define global ACLs to disable default read access.
@@ -10,16 +14,15 @@ include %SYSCONFDIR%/schema/core.schema
@@ -10,8 +14,8 @@
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
@ -23,20 +21,8 @@ Index: servers/slapd/slapd.conf
+argsfile %LOCALSTATEDIR%/slapd.args
# Load dynamic backend modules:
-# modulepath %MODULEDIR%
-# moduleload back_bdb.la
+modulepath %MODULEDIR%
# moduleload back_ldap.la
-# moduleload back_ldbm.la
-# moduleload back_passwd.la
-# moduleload back_shell.la
+# moduleload back_meta.la
+# moduleload back_monitor.la
+# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
@@ -28,20 +31,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# modulepath %MODULEDIR%
@@ -26,20 +30,30 @@
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
@ -81,7 +67,7 @@ Index: servers/slapd/slapd.conf
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
@@ -54,6 +67,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
@@ -52,6 +66,8 @@
database bdb
suffix "dc=my-domain,dc=com"
@ -90,7 +76,7 @@ Index: servers/slapd/slapd.conf
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
@@ -62,6 +77,6 @@ rootpw secret
@@ -60,6 +76,6 @@
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.

105
slapd_getaddrinfo_dupl.dif Normal file
View File

@ -0,0 +1,105 @@
Index: openldap-2.4.6/servers/slapd/daemon.c
===================================================================
--- openldap-2.4.6.orig/servers/slapd/daemon.c
+++ openldap-2.4.6/servers/slapd/daemon.c
@@ -983,7 +983,8 @@ slap_get_listener_addresses(
{
#ifdef HAVE_GETADDRINFO
struct addrinfo hints, *res, *sai;
- int n, err;
+ struct sockaddr **sap2;
+ int n, err, cmpres;
char serv[7];
memset( &hints, '\0', sizeof(hints) );
@@ -1009,43 +1010,63 @@ slap_get_listener_addresses(
*sap = NULL;
for ( sai=res; sai; sai=sai->ai_next ) {
+ cmpres=1;
+fprintf(stderr,"JO\n");
if( sai->ai_addr == NULL ) {
Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: "
"getaddrinfo ai_addr is NULL?\n", 0, 0, 0 );
freeaddrinfo(res);
goto errexit;
}
-
- switch (sai->ai_family) {
-# ifdef LDAP_PF_INET6
- case AF_INET6:
- *sap = ch_malloc(sizeof(struct sockaddr_in6));
- if (*sap == NULL) {
- freeaddrinfo(res);
- goto errexit;
+ /* check for duplicates */
+ for ( sap2 = *sal; sap && *sap2; sap2++ ){
+fprintf(stderr,"JOJO\n");
+ if ( sai->ai_family == (*sap2)->sa_family ) {
+ if (sai->ai_family == AF_INET6) {
+ cmpres = memcmp(sai->ai_addr, *sap2,
+ sizeof(struct sockaddr_in6));
+ } else if (sai->ai_family == AF_INET) {
+ cmpres = memcmp(sai->ai_addr, *sap2,
+ sizeof(struct sockaddr_in));
+ }
+ if (! cmpres ){
+ fprintf(stderr, "DUPLICATE\n");
+ break;
+ }
}
- *(struct sockaddr_in6 *)*sap =
- *((struct sockaddr_in6 *)sai->ai_addr);
- break;
+ }
+ if (cmpres){
+ switch (sai->ai_family) {
+# ifdef LDAP_PF_INET6
+ case AF_INET6:
+ *sap = ch_malloc(sizeof(struct sockaddr_in6));
+ if (*sap == NULL) {
+ freeaddrinfo(res);
+ goto errexit;
+ }
+ *(struct sockaddr_in6 *)*sap =
+ *((struct sockaddr_in6 *)sai->ai_addr);
+ break;
# endif /* LDAP_PF_INET6 */
- case AF_INET:
- *sap = ch_malloc(sizeof(struct sockaddr_in));
- if (*sap == NULL) {
- freeaddrinfo(res);
- goto errexit;
+ case AF_INET:
+ *sap = ch_malloc(sizeof(struct sockaddr_in));
+ if (*sap == NULL) {
+ freeaddrinfo(res);
+ goto errexit;
+ }
+ *(struct sockaddr_in *)*sap =
+ *((struct sockaddr_in *)sai->ai_addr);
+ break;
+ default:
+ *sap = NULL;
+ break;
}
- *(struct sockaddr_in *)*sap =
- *((struct sockaddr_in *)sai->ai_addr);
- break;
- default:
- *sap = NULL;
- break;
- }
- if (*sap != NULL) {
- (*sap)->sa_family = sai->ai_family;
- sap++;
- *sap = NULL;
+ if (*sap != NULL) {
+ (*sap)->sa_family = sai->ai_family;
+ sap++;
+ *sap = NULL;
+ }
}
}