| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
openldap requires that the protocol version be explicitly set to 3
mozldap defaults to 3, but it doesn't hurt to set it again
|
|
|
|
|
|
|
|
|
| |
This commit fixes many compiler warnings, mostly for things like unused
variables, functions, goto labels.
One place was using csngen_free instead of csn_free. A couple of places
were using casts incorrectly, and several places needed some casts added.
Tested on: RHEL5 x86_64, Fedora 14 x86_64
Reviewed by: nkinder (Thanks!)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DS has some problems with the openldap versions of these functions:
1) They are deprecated - should use the str2[r]dn and [r]dn2str and the
bv versions of those functions instead
2) They escape utf-8 and other values in the strings - the mozldap functions
do not do this
3) They handle double quoted strings, but they remove the quotes - our
code expects the quotes to be left in place
Until we fix our DN handling, and get rid of the double quoted DNs, we just
use the mozldap versions of these functions.
|
|
|
|
|
|
|
| |
*out will never be NULL here, so we only need to check that src < *out as
the loop condition
when looking for a continuation line, make sure there are two characters
in *out to check
|
|
|
|
|
|
| |
when putting ldif data with the no wrap option, if we removed some
continuation lines, we have to move the output data pointer back since
the continuation line markers are removed in place
|
|
|
|
|
|
|
|
| |
mozldap accepts hostnames in the form host1[:port1] ... hostN[:portN]
in the ldap_init argument and in ldap urls/uris. DS code uses
ldap_initialize() which takes a list of uris in the form
ldap[s]://host1[:port1]/ ldap[s]://host2[:port2]/ ...
We have to convert the host:port list into a list of LDAP uris
|
|
|
|
|
|
|
| |
mozldap supports a non-standard URL extension which allows multiple host:port
combinations - openldap does not support this - fake out openldap by
converting spaces to %20 and all but the last colon to %3A before calling
ldap_url_parse, then unescape ludp->lud_host before returning
|
|
|
|
|
| |
The function ldif_sput already terminates the line with a newline character -
we do not need to add another one when unwrapping a wrapped line.
|
|
|
|
|
|
|
| |
Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname
|
|
|
|
|
|
| |
The logic looking for a missing suffix DN in a parsed URL was incorrect.
In addition, since passthru requires a suffix DN, pass the require_dn
flag.
|
|
|
|
|
|
| |
Since these functions are present in mozldap, just use them directly
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
| |
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
| |
even though AC_CHECK_LIB finds ldap_url_parse_ext, that function is not
part of the public api
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11796 DEADCODE Triaged Unassigned Bug Minor Ignore
slapi_ldap_init_ext() ds/ldap/servers/slapd/ldaputil.c
Comment:
ldapurl is guaranteed not NULL.
323 slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext",
324 "Could not parse given LDAP URL [%s] : error [%s]\n",
325 ldapurl ? ldapurl : "NULL",
326 slapi_urlparse_err2string(rc));
11797 DEADCODE Triaged Unassigned Bug Minor Ignore
slapi_ldap_bind() ds/ldap/servers/slapd/ldaputil.c
Comment:
It is guaranteed that mech has some value at the line 755.
755 slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
756 "Error: could not perform interactive bind for id "
757 "[%s] mech [%s]: error %d (%s)\n",
758 bindid ? bindid : "(anon)",
759 mech ? mech : "SIMPLE",
760 rc, ldap_err2string(rc));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=506206
Resolves: bug 506206
Bug Description: problems linking with -z defs
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Some platforms (debian) and some build checking tools
(rpmlint, others) link with -z defs to look for any undefined references at
link time. We had several of these in various directory server objects.
1) all of the plugins need to link against libslapd.la
2) most of the plugins need to link against ldapcsdk and nspr
3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform
dependent
4) various other link fixes
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=513308
Resolves: bug 513308
Bug Description: empty principal name used when using server to server sasl for db chaining
Reviewed by: nhosoi (Thanks!)
Fix Description: Change the logic to check if the username is a valid principal name. A valid principal name in this context will be a non-empty string that
does not contain the '=' character (which will be a bind DN in this context).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|