[Pkg-openldap-devel] r1224 - in openldap/vendor/openldap-release: . build clients/tools contrib/slapd-modules/autogroup contrib/slapd-modules/cloak contrib/slapd-modules/nops contrib/slapd-modules/nssov contrib/slapd-modules/nssov/nss-ldapd contrib/slapd-modules/nssov/nss-ldapd/nss contrib/slapd-modules/passwd contrib/slapd-modules/smbk5pwd doc/guide/admin doc/guide/images/src doc/man/man1 doc/man/man3 doc/man/man5 doc/man/man8 include include/ac libraries/liblber libraries/libldap libraries/libldap_r libraries/liblutil libraries/librewrite servers/slapd servers/slapd/back-bdb servers/slapd/back-ldap servers/slapd/back-meta servers/slapd/back-monitor servers/slapd/back-ndb servers/slapd/back-perl servers/slapd/back-relay servers/slapd/back-sql servers/slapd/overlays servers/slapd/slapi tests/data tests/progs tests/scripts
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Mon Jul 27 22:27:13 UTC 2009
Author: vorlon
Date: 2009-07-27 22:27:07 +0000 (Mon, 27 Jul 2009)
New Revision: 1224
Added:
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5
openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile
openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg
openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg
openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshonly.svg
openldap/vendor/openldap-release/doc/guide/images/src/n-way-multi-master.svg
openldap/vendor/openldap-release/doc/man/man1/ldapexop.1
openldap/vendor/openldap-release/doc/man/man8/slapschema.8
openldap/vendor/openldap-release/servers/slapd/slapschema.c
openldap/vendor/openldap-release/tests/data/memberof-refint.out
openldap/vendor/openldap-release/tests/data/monitor1.out
openldap/vendor/openldap-release/tests/data/monitor2.out
openldap/vendor/openldap-release/tests/data/monitor3.out
openldap/vendor/openldap-release/tests/data/monitor4.out
openldap/vendor/openldap-release/tests/scripts/test056-monitor
openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint
openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric
Modified:
openldap/vendor/openldap-release/CHANGES
openldap/vendor/openldap-release/README
openldap/vendor/openldap-release/build/lib.mk
openldap/vendor/openldap-release/build/man.mk
openldap/vendor/openldap-release/build/top.mk
openldap/vendor/openldap-release/build/version.var
openldap/vendor/openldap-release/clients/tools/common.c
openldap/vendor/openldap-release/clients/tools/ldapmodify.c
openldap/vendor/openldap-release/clients/tools/ldappasswd.c
openldap/vendor/openldap-release/clients/tools/ldapsearch.c
openldap/vendor/openldap-release/configure
openldap/vendor/openldap-release/configure.in
openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c
openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
openldap/vendor/openldap-release/doc/guide/admin/guide.html
openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
openldap/vendor/openldap-release/doc/man/man1/ldapurl.1
openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3
openldap/vendor/openldap-release/doc/man/man3/lber-types.3
openldap/vendor/openldap-release/doc/man/man3/ldap.3
openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3
openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3
openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3
openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3
openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3
openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3
openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
openldap/vendor/openldap-release/doc/man/man5/ldif.5
openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
openldap/vendor/openldap-release/doc/man/man5/slapd-config.5
openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5
openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
openldap/vendor/openldap-release/doc/man/man5/slapd-perl.5
openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5
openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5
openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5
openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5
openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5
openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5
openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
openldap/vendor/openldap-release/doc/man/man8/slapacl.8
openldap/vendor/openldap-release/doc/man/man8/slapadd.8
openldap/vendor/openldap-release/doc/man/man8/slapauth.8
openldap/vendor/openldap-release/doc/man/man8/slapcat.8
openldap/vendor/openldap-release/doc/man/man8/slapd.8
openldap/vendor/openldap-release/doc/man/man8/slapdn.8
openldap/vendor/openldap-release/doc/man/man8/slapindex.8
openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
openldap/vendor/openldap-release/doc/man/man8/slaptest.8
openldap/vendor/openldap-release/include/ac/dirent.h
openldap/vendor/openldap-release/include/lber.h
openldap/vendor/openldap-release/include/ldap.h
openldap/vendor/openldap-release/include/ldap_pvt_thread.h
openldap/vendor/openldap-release/include/portable.hin
openldap/vendor/openldap-release/libraries/liblber/io.c
openldap/vendor/openldap-release/libraries/liblber/memory.c
openldap/vendor/openldap-release/libraries/libldap/gssapi.c
openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
openldap/vendor/openldap-release/libraries/libldap/request.c
openldap/vendor/openldap-release/libraries/libldap/result.c
openldap/vendor/openldap-release/libraries/libldap/tls2.c
openldap/vendor/openldap-release/libraries/libldap/tls_g.c
openldap/vendor/openldap-release/libraries/libldap/tls_m.c
openldap/vendor/openldap-release/libraries/libldap/tls_o.c
openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
openldap/vendor/openldap-release/libraries/liblutil/ldif.c
openldap/vendor/openldap-release/libraries/liblutil/passfile.c
openldap/vendor/openldap-release/libraries/liblutil/passwd.c
openldap/vendor/openldap-release/libraries/liblutil/utils.c
openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
openldap/vendor/openldap-release/servers/slapd/Makefile.in
openldap/vendor/openldap-release/servers/slapd/abandon.c
openldap/vendor/openldap-release/servers/slapd/aclparse.c
openldap/vendor/openldap-release/servers/slapd/alock.c
openldap/vendor/openldap-release/servers/slapd/at.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp
openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
openldap/vendor/openldap-release/servers/slapd/backend.c
openldap/vendor/openldap-release/servers/slapd/backglue.c
openldap/vendor/openldap-release/servers/slapd/bconfig.c
openldap/vendor/openldap-release/servers/slapd/cancel.c
openldap/vendor/openldap-release/servers/slapd/config.c
openldap/vendor/openldap-release/servers/slapd/config.h
openldap/vendor/openldap-release/servers/slapd/connection.c
openldap/vendor/openldap-release/servers/slapd/controls.c
openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
openldap/vendor/openldap-release/servers/slapd/daemon.c
openldap/vendor/openldap-release/servers/slapd/dn.c
openldap/vendor/openldap-release/servers/slapd/entry.c
openldap/vendor/openldap-release/servers/slapd/filterentry.c
openldap/vendor/openldap-release/servers/slapd/ldapsync.c
openldap/vendor/openldap-release/servers/slapd/limits.c
openldap/vendor/openldap-release/servers/slapd/main.c
openldap/vendor/openldap-release/servers/slapd/modify.c
openldap/vendor/openldap-release/servers/slapd/module.c
openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
openldap/vendor/openldap-release/servers/slapd/overlays/dds.c
openldap/vendor/openldap-release/servers/slapd/overlays/deref.c
openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
openldap/vendor/openldap-release/servers/slapd/proto-slap.h
openldap/vendor/openldap-release/servers/slapd/result.c
openldap/vendor/openldap-release/servers/slapd/root_dse.c
openldap/vendor/openldap-release/servers/slapd/sasl.c
openldap/vendor/openldap-release/servers/slapd/schema_check.c
openldap/vendor/openldap-release/servers/slapd/schema_init.c
openldap/vendor/openldap-release/servers/slapd/schema_prep.c
openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
openldap/vendor/openldap-release/servers/slapd/slap.h
openldap/vendor/openldap-release/servers/slapd/slapadd.c
openldap/vendor/openldap-release/servers/slapd/slapcommon.c
openldap/vendor/openldap-release/servers/slapd/slapcommon.h
openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
openldap/vendor/openldap-release/servers/slapd/syncrepl.c
openldap/vendor/openldap-release/tests/data/ppolicy.ldif
openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
openldap/vendor/openldap-release/tests/progs/slapd-bind.c
openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
openldap/vendor/openldap-release/tests/progs/slapd-search.c
openldap/vendor/openldap-release/tests/scripts/all
openldap/vendor/openldap-release/tests/scripts/defines.sh
openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied
openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy
openldap/vendor/openldap-release/tests/scripts/test049-sync-config
openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster
openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
Log:
Load openldap_2.4.17.orig into vendor/openldap-release.
Modified: openldap/vendor/openldap-release/CHANGES
===================================================================
--- openldap/vendor/openldap-release/CHANGES 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/CHANGES 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,132 @@
OpenLDAP 2.4 Change Log
+OpenLDAP 2.4.17 Release (2009/07/13)
+ Fixed liblber to use ber_strnlen (ITS#6080)
+ Fixed libldap gnutls private key init (ITS#6053)
+ Fixed libldap openssl digest initialization (ITS#6192)
+ Fixed libldap tls NULL error messages (ITS#6079)
+ Fixed liblutil opendir/closedir on windows (ITS#6041)
+ Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666)
+ Added slapd sasl auxprop support (ITS#6147)
+ Added slapd schema checking tool (ITS#6150)
+ Added slapd writetimeout keyword (ITS#5836)
+ Fixed slapd abandon/cancel handling for some ops (ITS#6157)
+ Fixed slapd access setstyle to expand (ITS#6179)
+ Fixed slapd assert with closing connections (ITS#6111)
+ Fixed slapd bind race condition (ITS#6189)
+ Fixed slapd cancel behavior (ITS#6137)
+ Fixed slapd cert validation (ITS#6098)
+ Fixed slapd connection_destroy assert (ITS#6089)
+ Fixed slapd csn normalization (ITS#6195)
+ Fixed slapd errno handling (ITS#6037)
+ Fixed slapd global alloc handling (ITS#6054)
+ Fixed slapd hung writers (ITS#5836)
+ Fixed slapd ldapi issues (ITS#6056)
+ Fixed slapd moduleload with static backends and modules (ITS#6016)
+ Fixed slapd normalization of updated schema attributes (ITS#5540)
+ Fixed slapd olcLimits handling (ITS#6159)
+ Fixed slapd olcLogLevel with hex levels (ITS#6162)
+ Fixed slapd pagedresults stacked control with overlays (ITS#6056)
+ Fixed slapd password-hash incorrect limit on arg length (ITS#6139)
+ Fixed slapd readonly restrictions (ITS#6109)
+ Fixed slapd sending cancelled operations results (ITS#6103)
+ Fixed slapd slapi_entry_has_children (ITS#6132)
+ Fixed slapd sockets usage on windows (ITS#6039)
+ Fixed slapd some abandon and cancel race conditions (ITS#6104)
+ Fixed slapd tls context after changes (ITS#6135)
+ Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176)
+ Fixed slapd-bdb/hdb crashes during delete (ITS#6177)
+ Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196)
+ Fixed slapd-hdb freeing of already freed entries (ITS#6074)
+ Fixed slapd-hdb entryinfo cleanup (ITS#6088)
+ Fixed slapd-hdb dncache lockups (ITS#6095)
+ Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167)
+ Fixed slapd-relay to return failure on failure (ITS#5328)
+ Fixed slapd-sql with BACKSQL_ARBITRARY_KEY defined (ITS#6100)
+ Fixed slapo-collect collectinfo ordering (ITS#6076)
+ Fixed slapo-collect missing equality match rule (ITS#6075)
+ Fixed slapo-dds entry expiration (ITS#6169)
+ Fixed slapo-perl symbols (ITS#5658)
+ Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
+ Fixed slapo-ppolicy to return check modules error message (ITS#6082)
+ Fixed slapo-refint refint_repair handling (ITS#6056)
+ Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
+ Fixed slapo-rwm dn passing (ITS#6070)
+ Fixed slapo-rwm entry free (ITS#6058)
+ Fixed slapo-rwm entry release (ITS#6081)
+ Fixed slapo-translucent entry gathering (ITS#6156)
+ Fixed tools returning ldif errors (ITS#5892)
+ Fixed contrib/smbk5pwd use of private functions (ITS#5535)
+ Build Environment
+ Added test056-monitor (ITS#5540)
+ Added test057-memberof-refint (ITS#5395)
+ Fixed winsock detection for windows (ITS#6102, ITS#6078)
+ Removed GSSAPI configure option (ITS#6091,ITS#6092,ITS#6093,ITS#5369)
+ Documentation
+ admin24 relocate configuration examples (ITS#6183)
+ admin24 fixed example regex (ITS#6052)
+ admin24 removed temporary back-monitor note (ITS#6130)
+ admin24 slapd.conf to cn=config conversion process (ITS#6060)
+ man page consistency fixes (ITS#6023)
+ ldapcompare(1) note -e option (ITS#6107)
+ ldapdelete(1) note -e option (ITS#6107)
+ ldapmodify(1) note -e option (ITS#6107)
+ ldapmodrdn(1) note -e option (ITS#6107)
+ ldapsearch(1) output format description (ITS#6146)
+ ldapurl(1) note -e option (ITS#6107)
+ ldapwhoami(1) note -e option (ITS#6107)
+ ldap_result(3) Add RETURN VALUE heading (ITS#6180)
+ ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
+ slapd.access(5) Fix <setstyle> to use expand (ITS#6179)
+ slapd.conf(5) document default modulepath (ITS#5829)
+ slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
+ slapd-config(5) document default modulepath (ITS#5829)
+ slapd-config(5) pidfile/argsfile description fix (ITS#5975)
+ slapo-constraint(5) clarify URI example (ITS#6118)
+ slapo-unique(5) explicitly note rootdn requirement (ITS#6108)
+ slapadd(8) note it does indexing (ITS#6160)
+
+OpenLDAP 2.4.16 Release (2009/04/05)
+ Fixed libldap GnuTLS with x509v1 CA certs (ITS#5992)
+ Fixed libldap GnuTLS with CA chains (ITS#5991)
+ Fixed libldap GnuTLS TLSVerifyClient try (ITS#5981)
+ Fixed libldap segfault in checking cert/DN (ITS#5976)
+ Fixed libldap peer cert double free (ITS#5849)
+ Fixed libldap referral chasing (ITS#5980)
+ Fixed slapd backglue with empty DBs (ITS#5986)
+ Fixed slapd ctxcsn race condition (ITS#6001)
+ Fixed slapd debug message (ITS#6027)
+ Fixed slapd redundant module loading (ITS#6030)
+ Fixed slapd schema_init freed value (ITS#6036)
+ Fixed slapd syncrepl newCookie sync messages (ITS#5972)
+ Fixed slapd syncrepl hang during shutdown (ITS#6011)
+ Fixed slapd syncrepl too many MMR messages (ITS#6020)
+ Fixed slapd syncrepl skipped entries with MMR (ITS#5988)
+ Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
+ Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006)
+ Fixed slapd-bdb/hdb with NULL transactions (ITS#6012)
+ Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916)
+ Fixed slapd-ldap/meta with broken AD results (ITS#5977)
+ Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
+ Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
+ Fixed slapo-dynlist conversion to cn=config (ITS#6002)
+ Fixed slapo-syncprov newCookie sync messages (ITS#5972)
+ Fixed slapd-syncprov too many MMR messages (ITS#6020)
+ Fixed slapo-syncprov replica lockout (ITS#5985)
+ Fixed slapo-syncprov modtarget tracking (ITS#5999)
+ Fixed slapo-syncprov multiple CSN propagation (ITS#5973)
+ Fixed slapo-syncprov race condition (ITS#6045)
+ Fixed slapo-syncprov sending cookies without CSN (ITS#6024)
+ Fixed slapo-syncprov skipped entries with MMR (ITS#5988)
+ Fixed tools passphrase free (ITS#6014)
+ Build Environment
+ Cleaned up alloc/free functions for Windows (ITS#6005)
+ Fixed running of autosave files in testsuite (ITS#6026)
+ Documentation
+ admin24 clarified MMR URI requirements (ITS#5942,ITS#5987)
+ Added ldapexop(1) manual page (ITS#5982)
+ slapd-ldap/meta(5) added missing TLS options (ITS#5989)
+
OpenLDAP 2.4.15 Release (2009/02/24)
Fixed libldap alias dereferencing in C API again (ITS#5916)
Fixed libldap GnuTLS compilation (ITS#5955)
Modified: openldap/vendor/openldap-release/README
===================================================================
--- openldap/vendor/openldap-release/README 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/README 2009-07-27 22:27:07 UTC (rev 1224)
@@ -21,8 +21,7 @@
SLAPD:
BDB and HDB backends require Oracle Berkeley DB 4.4, 4.5,
4.6, or 4.7. It is highly recommended to apply the patches
- from Oracle for a given release. In addition, for BDB 4.7,
- it is advised to also use the supplied build/db.4.7.25.patch.
+ from Oracle for a given release.
CLIENTS/CONTRIB ware:
Depends on package. See per package README.
@@ -75,7 +74,7 @@
<http://www.openldap.org/its/> to be considered.
---
-$OpenLDAP: pkg/ldap/README,v 1.40.2.11 2009/02/18 00:54:29 hyc Exp $
+$OpenLDAP: pkg/ldap/README,v 1.40.2.12 2009/03/09 00:36:37 hyc Exp $
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Modified: openldap/vendor/openldap-release/build/lib.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/lib.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.4 2009/01/22 00:00:41 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.5 2009/04/28 00:17:09 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -40,9 +40,7 @@
clean-common: FORCE
$(RM) $(LIBRARY) ../$(LIBRARY) $(XLIBRARY) \
$(PROGRAMS) $(XPROGRAMS) $(XSRCS) $(XXSRCS) \
- *.o *.lo a.out *.exe core version.c .libs/* \
- ../`$(BASENAME) $(LIBRARY) .la`.so* \
- ../`$(BASENAME) $(LIBRARY) .la`*.dll
+ *.o *.lo a.out *.exe core version.c .libs/*
depend-common: FORCE
$(MKDEP) $(DEFS) $(DEFINES) $(SRCS) $(XXSRCS)
Modified: openldap/vendor/openldap-release/build/man.mk
===================================================================
--- openldap/vendor/openldap-release/build/man.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/man.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.5 2009/01/22 00:00:41 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.6 2009/06/27 18:46:30 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -31,6 +31,7 @@
-e 's%BINDIR%$(bindir)%' \
-e 's%LIBDIR%$(libdir)%' \
-e 's%LIBEXECDIR%$(libexecdir)%' \
+ -e 's%MODULEDIR%$(moduledir)%' \
-e 's%RELEASEDATE%$(RELEASEDATE)%' \
$(srcdir)/$$page \
| (cd $(srcdir); $(SOELIM) -) > $$page.$(TMP_SUFFIX); \
Modified: openldap/vendor/openldap-release/build/top.mk
===================================================================
--- openldap/vendor/openldap-release/build/top.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/top.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.9 2009/01/26 21:24:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.10 2009/07/06 19:22:52 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -187,10 +187,9 @@
KRB5_LIBS = @KRB5_LIBS@
KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
SASL_LIBS = @SASL_LIBS@
-GSSAPI_LIBS = @GSSAPI_LIBS@
TLS_LIBS = @TLS_LIBS@
AUTH_LIBS = @AUTH_LIBS@
-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
ICU_LIBS = @ICU_LIBS@
MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
Modified: openldap/vendor/openldap-release/build/version.var
===================================================================
--- openldap/vendor/openldap-release/build/version.var 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/version.var 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.50 2009/02/24 05:12:26 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.56 2009/07/13 17:30:01 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -15,9 +15,9 @@
ol_package=OpenLDAP
ol_major=2
ol_minor=4
-ol_patch=15
-ol_api_inc=20415
-ol_api_current=6
-ol_api_revision=1
-ol_api_age=4
-ol_release_date="2009/02/24"
+ol_patch=17
+ol_api_inc=20417
+ol_api_current=7
+ol_api_revision=0
+ol_api_age=5
+ol_release_date="2009/07/13"
Modified: openldap/vendor/openldap-release/clients/tools/common.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/common.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* common.c - common routines for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.19 2009/02/05 23:05:03 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.22 2009/05/01 20:00:34 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -255,9 +255,11 @@
ber_memfree( binddn );
}
+#if 0 /* not yet */
if ( passwd.bv_val != NULL ) {
ber_memfree( passwd.bv_val );
}
+#endif
}
void
@@ -623,7 +625,7 @@
} else if ( tool_is_oid( control ) ) {
LDAPControl *tmpctrls, ctrl;
- tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
+ tmpctrls = (LDAPControl *)ber_memrealloc( unknown_ctrls,
(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
if ( tmpctrls == NULL ) {
fprintf( stderr, "%s: no memory?\n", prog );
@@ -1169,7 +1171,7 @@
for ( i = 0; hosts[ i ] != NULL; i++ )
/* count'em */ ;
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
@@ -1203,7 +1205,7 @@
ber_memfree( domain );
} else {
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + 2 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + 2 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
@@ -1985,7 +1987,10 @@
}
*ptr++ = '=';
if ( k == -1 ) {
- k = lutil_b64_ntop( dv->vals[ j ].bv_val, dv->vals[ j ].bv_len, ptr, buf + len - ptr );
+ k = lutil_b64_ntop(
+ (unsigned char *) dv->vals[ j ].bv_val,
+ dv->vals[ j ].bv_len,
+ ptr, buf + len - ptr );
assert( k >= 0 );
ptr += k;
Modified: openldap/vendor/openldap-release/clients/tools/ldapmodify.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodify.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodify.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldapmodify.c - generic program to modify or add entries using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.10 2009/01/22 00:00:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.11 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -240,7 +240,7 @@
FILE *rejfp;
struct LDIFFP *ldiffp, ldifdummy = {0};
char *matched_msg, *error_msg;
- int rc, retval;
+ int rc, retval, ldifrc;
int len;
int i = 0;
int lineno, nextline = 0, lmax = 0;
@@ -326,8 +326,8 @@
rc = 0;
retval = 0;
lineno = 1;
- while (( rc == 0 || contoper ) && ldif_read_record( ldiffp, &nextline,
- &rbuf, &lmax ))
+ while (( rc == 0 || contoper ) && ( ldifrc = ldif_read_record( ldiffp, &nextline,
+ &rbuf, &lmax )) > 0 )
{
if ( rejfp ) {
len = strlen( rbuf );
@@ -369,6 +369,9 @@
}
ber_memfree( rbuf );
+ if ( ldifrc < 0 )
+ retval = LDAP_OTHER;
+
#ifdef LDAP_X_TXN
if( retval == 0 && txn ) {
rc = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, NULL );
Modified: openldap/vendor/openldap-release/clients/tools/ldappasswd.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldappasswd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldappasswd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldappasswd -- a tool for change LDAP passwords */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.7 2009/01/22 00:00:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.8 2009/03/09 23:16:47 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -379,7 +379,7 @@
perror( "ber_scanf" );
} else {
printf(_("New password: %s\n"), s);
- free( s );
+ ber_memfree( s );
}
ber_free( ber, 1 );
Modified: openldap/vendor/openldap-release/clients/tools/ldapsearch.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapsearch.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldapsearch.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldapsearch -- a tool for searching LDAP directories */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.18 2009/01/22 00:00:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.19 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -1024,8 +1024,8 @@
tool_server_controls( ld, c, i );
- ber_free( seber, 1 );
- ber_free( vrber, 1 );
+ if ( seber ) ber_free( seber, 1 );
+ if ( vrber ) ber_free( vrber, 1 );
/* step back to the original number of controls, so that
* those set while parsing args are preserved */
Modified: openldap/vendor/openldap-release/configure
===================================================================
--- openldap/vendor/openldap-release/configure 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/configure 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.21 2009/01/26 21:24:56 quanah Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61.
#
@@ -943,7 +943,6 @@
KRB4_LIBS
KRB5_LIBS
SASL_LIBS
-GSSAPI_LIBS
TLS_LIBS
MODULES_LIBS
SLAPI_LIBS
@@ -1621,7 +1620,6 @@
--with-subdir=DIR change default subdirectory used for installs
--with-cyrus-sasl with Cyrus SASL support [auto]
--with-fetch with fetch(3) URL support [auto]
- --with-gssapi with GSSAPI support [auto]
--with-threads with threads [auto]
--with-tls with TLS/SSL support auto|openssl|gnutls [auto]
--with-yielding-select with implicitly yielding select [auto]
@@ -2953,29 +2951,6 @@
fi
# end --with-fetch
-# OpenLDAP --with-gssapi
-
-# Check whether --with-gssapi was given.
-if test "${with_gssapi+set}" = set; then
- withval=$with_gssapi;
- ol_arg=invalid
- for ol_val in auto yes no ; do
- if test "$withval" = "$ol_val" ; then
- ol_arg="$ol_val"
- fi
- done
- if test "$ol_arg" = "invalid" ; then
- { { echo "$as_me:$LINENO: error: bad value $withval for --with-gssapi" >&5
-echo "$as_me: error: bad value $withval for --with-gssapi" >&2;}
- { (exit 1); exit 1; }; }
- fi
- ol_with_gssapi="$ol_arg"
-
-else
- ol_with_gssapi="auto"
-fi
-# end --with-gssapi
-
# OpenLDAP --with-threads
# Check whether --with-threads was given.
@@ -4514,7 +4489,6 @@
KRB4_LIBS=
KRB5_LIBS=
SASL_LIBS=
-GSSAPI_LIBS=
TLS_LIBS=
MODULES_LIBS=
SLAPI_LIBS=
@@ -6462,7 +6436,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 6465 "configure"' > conftest.$ac_ext
+ echo '#line 6439 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -8531,11 +8505,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8534: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8508: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8538: \$? = $ac_status" >&5
+ echo "$as_me:8512: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8793,11 +8767,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8796: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8770: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8800: \$? = $ac_status" >&5
+ echo "$as_me:8774: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8855,11 +8829,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8858: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8832: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8862: \$? = $ac_status" >&5
+ echo "$as_me:8836: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -11066,7 +11040,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 11069 "configure"
+#line 11043 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11164,7 +11138,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 11167 "configure"
+#line 11141 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -15338,7 +15312,7 @@
fi
-if test $ol_cv_msvc ; then
+if test $ol_cv_msvc = yes ; then
ol_cv_winsock=yes
fi
@@ -15351,7 +15325,7 @@
save_LIBS="$LIBS"
for curlib in none ws2_32 wsock32; do
- if test curlib != none ; then
+ if test $curlib != none ; then
LIBS="$save_LIBS -l$curlib"
fi
cat >conftest.$ac_ext <<_ACEOF
@@ -19171,638 +19145,7 @@
fi
fi
-ol_link_gssapi=no
-case $ol_with_gssapi in yes | auto)
-
- ol_header_gssapi=no
-
-for ac_header in gssapi/gssapi.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test $ac_cv_header_gssapi_gssapi_h = yes ; then
- ol_header_gssapi=yes
- else
-
-for ac_header in gssapi.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test $ac_cv_header_gssapi_h = yes ; then
- ol_header_gssapi=yes
- fi
-
- saveLIBS="$LIBS"
- LIBS="$LIBS $GSSAPI_LIBS"
-
-for ac_func in gss_oid_to_str
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
- LIBS="$saveLIBS"
- fi
-
- if test $ol_header_gssapi = yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi" >&5
-echo $ECHO_N "checking for gss_wrap in -lgssapi... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gssapi_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_gss_wrap" >&6; }
-if test $ac_cv_lib_gssapi_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"
-else
- ol_link_gssapi=no
-fi
-
- if test $ol_link_gssapi != yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi_krb5" >&5
-echo $ECHO_N "checking for gss_wrap in -lgssapi_krb5... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi_krb5 $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_krb5_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gssapi_krb5_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_wrap" >&6; }
-if test $ac_cv_lib_gssapi_krb5_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"
-else
- ol_link_gssapi=no
-fi
-
- fi
- if test $ol_link_gssapi != yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgss" >&5
-echo $ECHO_N "checking for gss_wrap in -lgss... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gss_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgss $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gss_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gss_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gss_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gss_gss_wrap" >&6; }
-if test $ac_cv_lib_gss_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"
-else
- ol_link_gssapi=no
-fi
-
- fi
- fi
-
- ;;
-esac
-
-WITH_GSSAPI=no
-if test $ol_link_gssapi = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GSSAPI 1
-_ACEOF
-
- WITH_GSSAPI=yes
-elif test $ol_with_gssapi = auto ; then
- { echo "$as_me:$LINENO: WARNING: Could not locate GSSAPI package" >&5
-echo "$as_me: WARNING: Could not locate GSSAPI package" >&2;}
- { echo "$as_me:$LINENO: WARNING: GSSAPI authentication not supported!" >&5
-echo "$as_me: WARNING: GSSAPI authentication not supported!" >&2;}
-elif test $ol_with_gssapi = yes ; then
- { { echo "$as_me:$LINENO: error: GSSAPI detection failed" >&5
-echo "$as_me: error: GSSAPI detection failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
if test $ol_with_tls = yes ; then
ol_with_tls=auto
fi
@@ -39299,7 +38642,6 @@
-
# Check whether --with-xxinstall was given.
if test "${with_xxinstall+set}" = set; then
withval=$with_xxinstall;
@@ -40149,7 +39491,6 @@
KRB4_LIBS!$KRB4_LIBS$ac_delim
KRB5_LIBS!$KRB5_LIBS$ac_delim
SASL_LIBS!$SASL_LIBS$ac_delim
-GSSAPI_LIBS!$GSSAPI_LIBS$ac_delim
TLS_LIBS!$TLS_LIBS$ac_delim
MODULES_LIBS!$MODULES_LIBS$ac_delim
SLAPI_LIBS!$SLAPI_LIBS$ac_delim
@@ -40165,7 +39506,7 @@
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 91; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
Modified: openldap/vendor/openldap-release/configure.in
===================================================================
--- openldap/vendor/openldap-release/configure.in 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/configure.in 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $
+dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp $
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
dnl Copyright 1998-2009 The OpenLDAP Foundation.
@@ -25,7 +25,7 @@
dnl Configure.in for OpenLDAP
AC_COPYRIGHT([[Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved.
Restrictions apply, see COPYRIGHT and LICENSE files.]])
-AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $])
+AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp $])
AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
AC_CONFIG_SRCDIR(build/version.sh)dnl
@@ -242,8 +242,6 @@
auto, [auto yes no] )
OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
auto, [auto yes no] )
-OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
- auto, [auto yes no] )
OL_ARG_WITH(threads,[ --with-threads with threads],
auto, [auto nt posix mach pth lwp yes no manual] )
OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls],
@@ -581,7 +579,6 @@
KRB4_LIBS=
KRB5_LIBS=
SASL_LIBS=
-GSSAPI_LIBS=
TLS_LIBS=
MODULES_LIBS=
SLAPI_LIBS=
@@ -879,7 +876,7 @@
AC_CHECK_LIB(V3, sigset)
fi
-if test $ol_cv_msvc ; then
+if test $ol_cv_msvc = yes ; then
ol_cv_winsock=yes
fi
@@ -890,7 +887,7 @@
AC_CACHE_CHECK([for winsock], [ol_cv_winsock],[
save_LIBS="$LIBS"
for curlib in none ws2_32 wsock32; do
- if test curlib != none ; then
+ if test $curlib != none ; then
LIBS="$save_LIBS -l$curlib"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <winsock.h>
@@ -1146,63 +1143,6 @@
fi
dnl ----------------------------------------------------------------
-dnl GSSAPI
-ol_link_gssapi=no
-
-case $ol_with_gssapi in yes | auto)
-
- ol_header_gssapi=no
- AC_CHECK_HEADERS(gssapi/gssapi.h)
- if test $ac_cv_header_gssapi_gssapi_h = yes ; then
- ol_header_gssapi=yes
- else
- AC_CHECK_HEADERS(gssapi.h)
- if test $ac_cv_header_gssapi_h = yes ; then
- ol_header_gssapi=yes
- fi
-
- dnl## not every gssapi has gss_oid_to_str()
- dnl## as it's not defined in the GSSAPI V2 API
- dnl## anymore
- saveLIBS="$LIBS"
- LIBS="$LIBS $GSSAPI_LIBS"
- AC_CHECK_FUNCS(gss_oid_to_str)
- LIBS="$saveLIBS"
- fi
-
- if test $ol_header_gssapi = yes ; then
- dnl## we check for gss_wrap
- dnl## as it's new to the GSSAPI V2 API
- AC_CHECK_LIB(gssapi, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
- [ol_link_gssapi=no])
- if test $ol_link_gssapi != yes ; then
- AC_CHECK_LIB(gssapi_krb5, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
- [ol_link_gssapi=no])
- fi
- if test $ol_link_gssapi != yes ; then
- AC_CHECK_LIB(gss, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
- [ol_link_gssapi=no])
- fi
- fi
-
- ;;
-esac
-
-WITH_GSSAPI=no
-if test $ol_link_gssapi = yes; then
- AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
- WITH_GSSAPI=yes
-elif test $ol_with_gssapi = auto ; then
- AC_MSG_WARN([Could not locate GSSAPI package])
- AC_MSG_WARN([GSSAPI authentication not supported!])
-elif test $ol_with_gssapi = yes ; then
- AC_MSG_ERROR([GSSAPI detection failed])
-fi
-
-dnl ----------------------------------------------------------------
dnl TLS/SSL
if test $ol_with_tls = yes ; then
@@ -3146,7 +3086,6 @@
AC_SUBST(KRB4_LIBS)
AC_SUBST(KRB5_LIBS)
AC_SUBST(SASL_LIBS)
-AC_SUBST(GSSAPI_LIBS)
AC_SUBST(TLS_LIBS)
AC_SUBST(MODULES_LIBS)
AC_SUBST(SLAPI_LIBS)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,12 +1,18 @@
-CPPFLAGS=-I../../../include -I../../../servers/slapd
-#LDFLAGS=-L/usr/local/openldap/lib
-#LDFLAGS=-L/home/mszulczynski/autogroup/openldap/lib/
-CC=gcc
+CPPFLAGS+=-I../../../include -I../../../servers/slapd
-all: autogroup.so
+all: autogroup.la
-autogroup.so: autogroup.c
- $(CC) -shared -fPIC $(CPPFLAGS) $(LDFLAGS) -Wall -o $@ $?
+autogroup.lo: autogroup.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+autogroup.la: autogroup.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $?
+
clean:
- rm autogroup.so
+ rm -f autogroup.lo autogroup.la
+
+install: autogroup.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp autogroup.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.1 2009/01/21 01:15:37 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.2 2009/03/17 16:42:59 quanah Exp $ */
/* cloak.c - Overlay to hide some attribute except if explicitely requested */
/*
* Copyright 2008 Emmanuel Dreyfus
@@ -269,8 +269,8 @@
sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
sc->sc_response = cloak_search_cb;
- sc->sc_cleanup = NULL;
- sc->sc_next = NULL;
+ sc->sc_cleanup = slap_freeself_cb;
+ sc->sc_next = op->o_callback;
sc->sc_private = ci;
op->o_callback = sc;
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/Makefile,v 1.1.2.3 2009/02/02 18:32:58 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/Makefile,v 1.1.2.4 2009/04/27 23:35:48 quanah Exp $
CPPFLAGS+=-I../../../include -I../../../servers/slapd
CPPFLAGS+=-DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
-LIBS=-lldap_r -llber -lcrypto
+LIBS=-L$(PREFIX)/lib -lldap_r -llber -lcrypto
all: nops.la
@@ -13,4 +13,11 @@
-rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
clean:
- rm nops.lo nops.la
+ rm -f nops.lo nops.la
+
+install: nops.la
+ mkdir -p $(PREFIX)/lib/openldap
+ mkdir -p $(PREFIX)/man/man5
+ $(LIBTOOL) --mode=install cp nops.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
+ cp nops.5 $(PREFIX)/man/man5
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/nops.c,v 1.1.2.1 2008/05/27 20:00:51 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/nops.c,v 1.1.2.3 2009/04/28 00:51:12 quanah Exp $ */
/* nops.c - Overlay to filter idempotent operations */
/*
* Copyright 2008 Emmanuel Dreyfus
@@ -47,7 +47,6 @@
}
}
- for (m = *mods; m; m = m->sml_next)
mod->sml_next = NULL;
slap_mods_free(mod, 1);
@@ -137,9 +136,13 @@
}
if ((m = op->orm_modlist) == NULL) {
+ slap_callback *cb = op->o_callback;
+
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
- send_ldap_error(op, rs, LDAP_SUCCESS, "");
- return(rs->sr_err);
+ op->o_callback = NULL;
+ send_ldap_error(op, rs, LDAP_SUCCESS, "");
+ op->o_callback = cb;
+
return (rs->sr_err);
}
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/Makefile,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/Makefile,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $
# Copyright 2008 Howard Chu, Symas Corp. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
XOBJS = tio.lo
OBJS = alias.lo ether.lo group.lo host.lo netgroup.lo network.lo \
- nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo
+ nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo pam.lo
.SUFFIXES: .c .o .lo
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-Copyright 2008 Howard Chu, Symas Corp. All rights reserved.
+Copyright 2008-2009 Howard Chu, Symas Corp. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
@@ -11,7 +11,8 @@
This directory contains a slapd overlay, nssov, that handles
NSS lookup requests through a local Unix Domain socket. It uses the
same IPC protocol as Arthur de Jong's nss-ldapd, and a complete
-copy of the nss-ldapd source is included here.
+copy of the nss-ldapd source is included here. It also handles
+PAM requests.
To use this code, you will need the client-side stub library from
nss-ldapd (which resides in nss-ldapd/nss). You will not need the
@@ -38,19 +39,19 @@
The overlay may be configured with Service Search Descriptors (SSDs)
for each NSS service that will be used. SSDs are configured using
- nssov-svc <service> <url>
+ nssov-ssd <service> <url>
where the <service> may be one of
- alias
- ether
+ aliases
+ ethers
group
- host
+ hosts
netgroup
- network
+ networks
passwd
- protocol
+ protocols
rpc
- service
+ services
shadow
and the <url> must be of the form
@@ -75,8 +76,51 @@
objectClass: olcOverlayConfig
objectClass: olcNssOvConfig
olcOverlay: {0}nssov
- olcNssSvc: passwd ldap:///ou=users,dc=example,dc=com??one
+ olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
olcNssMap: passwd uid accountName
which enables the passwd service, and uses the accountName attribute to
fetch what is usually retrieved from the uid attribute.
+
+PAM authentication, account management, session management, and password
+management are supported.
+
+Authentication is performed using Simple Binds. Since all operations occur
+inside the slapd overlay, "fake" connections are used and they are
+inherently secure. Two methods of mapping the PAM username to an LDAP DN
+are provided:
+ the mapping can be accomplished using slapd's authz-regexp facility. In
+this case, a DN of the form
+ cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+is fed into the regexp matcher. If a match is produced, the resulting DN
+is used.
+ otherwise, the NSS passwd map is invoked (which means it must already
+be configured).
+
+If no DN is found, the overlay returns PAM_USER_UNKNOWN. If the DN is
+found, and Password Policy is supported, then the Bind will use the
+Password Policy control and return expiration information to PAM.
+
+Account management also uses two methods. These methods depend on the
+ldapns.schema included with the nssov source.
+ The first is identical to the method used in PADL's pam_ldap module:
+host and authorizedService attributes may be looked up in the user's entry,
+and checked to determine access. Also a check may be performed to see if
+the user is a member of a particular group. This method is pretty
+inflexible and doesn't scale well to large networks of users, hosts,
+and services.
+ The second uses slapd's ACL engine to check if the user has "compare"
+privilege on an ipHost object whose name matches the current hostname, and
+whose authorizedService attribute matches the current service name. This
+method is preferred, since it allows authorization to be centralized in
+the ipHost entries instead of scattered across the entire user population.
+The ipHost entries must have an authorizedService attribute (e.g. by way
+of the authorizedServiceObject auxiliary class) to use this method.
+
+Session management: the overlay may optionally add a "logged in" attribute
+to a user's entry for successful logins, and delete the corresponding
+value upon logout. The attribute value is of the form
+ <generalizedTime> <host> <service> <tty> (<ruser at rhost>)
+
+Password management: the overlay will perform a PasswordModify exop
+in the server for the given user.
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* alias.c - mail alias lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/alias.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/alias.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -58,7 +58,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"alias entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"alias entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -98,7 +98,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_alias_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_alias_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_ALIAS_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -108,7 +108,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG,"nssov_alias_all()",0,0,0);,
+ Debug(LDAP_DEBUG,"nssov_alias_all()\n",0,0,0);,
NSLCD_ACTION_ALIAS_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ether.c - ethernet address lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ether.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ether.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -74,7 +74,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -92,7 +92,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[1].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -127,7 +127,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_ETHER_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -148,7 +148,7 @@
addr.ether_addr_octet[4],
addr.ether_addr_octet[5]);
cbp.addr.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_byether(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_byether(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_ETHER_BYETHER,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -159,7 +159,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_all()\n",0,0,0);,
NSLCD_ACTION_ETHER_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
/* group.c - group lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.2 2008/11/10 22:39:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.3 2009/06/03 20:46:54 quanah Exp $ */
/*
- * Copyright 2008 by Howard Chu, Symas Corp.
+ * Copyright 2008-2009 by Howard Chu, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -121,6 +121,10 @@
/* check other characters */
for (i=1;i<name->bv_len;i++)
{
+#ifndef STRICT_GROUPS
+ /* allow spaces too */
+ if (name->bv_val[i] == ' ') continue;
+#endif
if ( ! ( (name->bv_val[i]>='A' && name->bv_val[i] <= 'Z') ||
(name->bv_val[i]>='a' && name->bv_val[i] <= 'z') ||
(name->bv_val[i]>='0' && name->bv_val[i] <= '9') ||
@@ -145,7 +149,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -163,7 +167,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GID_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -225,7 +229,7 @@
{
if (!isvalidgroupname(&names[i]))
{
- Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains invalid group name: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains invalid group name: \"%s\"\n",
entry->e_name.bv_val,names[i].bv_val,0);
}
else
@@ -237,7 +241,7 @@
gid_t gid;
gid = strtol(gids[j].bv_val, &tmp, 0);
if ( *tmp ) {
- Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains non-numeric %s value: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains non-numeric %s value: \"%s\"\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val,
names[i].bv_val);
continue;
@@ -275,14 +279,14 @@
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
if (!isvalidgroupname(&cbp.name)) {
- Debug(LDAP_DEBUG_ANY,"nssov_group_byname(%s): invalid group name",cbp.name.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_group_byname(%s): invalid group name\n",cbp.name.bv_val,0,0);
return -1;
}
cbp.wantmembers = 1;
cbp.ni = ni;
BER_BVZERO(&cbp.gidnum);
BER_BVZERO(&cbp.user);,
- Debug(LDAP_DEBUG_TRACE,"nslcd_group_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nslcd_group_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYNAME,
nssov_filter_byname(cbp.mi,CN_KEY,&cbp.name,&filter)
)
@@ -300,7 +304,7 @@
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.user);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_bygid(%s)",cbp.gidnum.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_bygid(%s)\n",cbp.gidnum.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYGID,
nssov_filter_byid(cbp.mi,GID_KEY,&cbp.gidnum,&filter)
)
@@ -314,14 +318,14 @@
cbp.user.bv_len = tmpint32;
cbp.user.bv_val = cbp.buf;
if (!isvalidusername(&cbp.user)) {
- Debug(LDAP_DEBUG_ANY,"nssov_group_bymember(%s): invalid user name",cbp.user.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_group_bymember(%s): invalid user name\n",cbp.user.bv_val,0,0);
return -1;
}
cbp.wantmembers = 0;
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.gidnum);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_bymember(%s)",cbp.user.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_bymember(%s)\n",cbp.user.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYMEMBER,
mkfilter_group_bymember(&cbp,&filter)
)
@@ -334,7 +338,7 @@
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.gidnum);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_all()\n",0,0,0);,
NSLCD_ACTION_GROUP_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* host.c - host lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/host.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/host.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -82,7 +82,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -119,7 +119,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_HOST_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -137,12 +137,12 @@
/* translate the address to a string */
if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
{
- Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n",0,0,0);
return -1;
}
cbp.addr.bv_val = cbp.buf;
cbp.addr.bv_len = strlen(cbp.buf);,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_byaddr(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_byaddr(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_HOST_BYADDR,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -153,7 +153,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_all()\n",0,0,0);,
NSLCD_ACTION_HOST_ALL,
(filter=cbp.mi->mi_filter,0)
)
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,25 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ldapns.schema,v 1.2.2.2 2009/06/03 20:46:55 quanah Exp $
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+# LDAP Name Service Additional Schema
+# http://www.iana.org/assignments/gssapi-service-names
+
+#
+# Not part of the distribution: this is a workaround!
+#
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+ DESC 'IANA GSS-API authorized service name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+ DESC 'Auxiliary object class for adding authorizedService attribute'
+ SUP top
+ AUXILIARY
+ MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+ DESC 'Auxiliary object class for adding host attribute'
+ SUP top
+ AUXILIARY
+ MAY host )
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* netgroup.c - netgroup lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/netgroup.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/netgroup.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -91,7 +91,7 @@
/* we should have a bracket now */
if (triple[i]!='(')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): entry does not begin with '(' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): entry does not begin with '(' (entry skipped)\n",0,0,0);
return 0;
}
i++;
@@ -101,7 +101,7 @@
/* nothing else to do */ ;
if (triple[i]!=',')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n",0,0,0);
return 0;
}
hoste=i;
@@ -112,7 +112,7 @@
/* nothing else to do */ ;
if (triple[i]!=',')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n",0,0,0);
return 0;
}
usere=i;
@@ -123,7 +123,7 @@
/* nothing else to do */ ;
if (triple[i]!=')')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ')' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ')' (entry skipped)\n",0,0,0);
return 0;
}
domaine=i;
@@ -134,7 +134,7 @@
/* if anything is left in the string we have a problem */
if (triple[i]!='\0')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): string contains trailing data (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): string contains trailing data (entry skipped)\n",0,0,0);
return 0;
}
/* write strings */
@@ -191,7 +191,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));,
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
- Debug(LDAP_DEBUG_TRACE,"nssov_netgroup_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_netgroup_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_NETGROUP_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* network.c - network address lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -82,7 +82,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -119,7 +119,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_NETWORK_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -137,12 +137,12 @@
/* translate the address to a string */
if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
{
- Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n",0,0,0);
return -1;
}
cbp.addr.bv_val = cbp.buf;
cbp.addr.bv_len = strlen(cbp.buf);,
- Debug(LDAP_DEBUG_TRACE,"nslcd_network_byaddr(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nslcd_network_byaddr(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_NETWORK_BYADDR,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -153,7 +153,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_network_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_network_all()\n",0,0,0);,
NSLCD_ACTION_NETWORK_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -197,8 +197,29 @@
#define NSLCD_ACTION_SHADOW_BYNAME 2001
#define NSLCD_ACTION_SHADOW_ALL 2005
+#define NSLCD_ACTION_PAM_AUTHC 20001
+#define NSLCD_ACTION_PAM_AUTHZ 20002
+#define NSLCD_ACTION_PAM_SESS_O 20003
+#define NSLCD_ACTION_PAM_SESS_C 20004
+#define NSLCD_ACTION_PAM_PWMOD 20005
+
/* Request result codes. */
#define NSLCD_RESULT_END 3 /* key was not found */
#define NSLCD_RESULT_SUCCESS 0 /* everything ok */
+/* Partial list of PAM result codes. */
+#define NSLCD_PAM_SUCCESS 0 /* everything ok */
+#define NSLCD_PAM_PERM_DENIED 6 /* Permission denied */
+#define NSLCD_PAM_AUTH_ERR 7 /* Authc failure */
+#define NSLCD_PAM_CRED_INSUFFICIENT 8 /* Cannot access authc data */
+#define NSLCD_PAM_AUTHINFO_UNAVAIL 9 /* Cannot retrieve authc info */
+#define NSLCD_PAM_USER_UNKNOWN 10 /* User not known */
+#define NSLCD_PAM_MAXTRIES 11 /* Retry limit reached */
+#define NSLCD_PAM_NEW_AUTHTOK_REQD 12 /* Password expired */
+#define NSLCD_PAM_ACCT_EXPIRED 13 /* Account expired */
+#define NSLCD_PAM_SESSION_ERR 14 /* Cannot make/remove session record */
+#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
+#define NSLCD_PAM_IGNORE 25 /* Ignore module */
+#define NSLCD_PAM_ABORT 26 /* Fatal error */
+
#endif /* not _NSLCD_H */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am 2009-07-27 22:27:07 UTC (rev 1224)
@@ -33,10 +33,10 @@
../compat/attrs.h \
aliases.c ethers.c group.c hosts.c netgroup.c \
networks.c passwd.c protocols.c rpc.c services.c \
- shadow.c
+ shadow.c pam.c
nss_ldap_so_LDFLAGS = -shared -Wl,-soname,$(NSS_LDAP_NSS_VERSIONED) \
-Wl,--version-script,\$(srcdir)/exports.linux
-nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a
+nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a -lpam
EXTRA_DIST = exports.linux
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in 2009-07-27 22:27:07 UTC (rev 1224)
@@ -70,7 +70,7 @@
ethers.$(OBJEXT) group.$(OBJEXT) hosts.$(OBJEXT) \
netgroup.$(OBJEXT) networks.$(OBJEXT) passwd.$(OBJEXT) \
protocols.$(OBJEXT) rpc.$(OBJEXT) services.$(OBJEXT) \
- shadow.$(OBJEXT)
+ shadow.$(OBJEXT) pam.$(OBJEXT)
nss_ldap_so_OBJECTS = $(am_nss_ldap_so_OBJECTS)
nss_ldap_so_DEPENDENCIES = ../common/libtio.a
nss_ldap_so_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -206,12 +206,12 @@
../compat/attrs.h \
aliases.c ethers.c group.c hosts.c netgroup.c \
networks.c passwd.c protocols.c rpc.c services.c \
- shadow.c
+ shadow.c pam.c
nss_ldap_so_LDFLAGS = -shared -Wl,-soname,$(NSS_LDAP_NSS_VERSIONED) \
-Wl,--version-script,\$(srcdir)/exports.linux
-nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a
+nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a -lpam
EXTRA_DIST = exports.linux
all: all-am
@@ -266,6 +266,7 @@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/hosts.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/netgroup.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/networks.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/pam.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/passwd.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/protocols.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/rpc.Po at am__quote@
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux 2009-07-27 22:27:07 UTC (rev 1224)
@@ -78,6 +78,14 @@
_nss_ldap_getspent_r;
_nss_ldap_endspent;
+ # pam - pluggable auth
+ pam_sm_acct_mgmt;
+ pam_sm_authenticate;
+ pam_sm_chauthtok;
+ pam_sm_close_session;
+ pam_sm_open_session;
+ pam_sm_setcred;
+
# everything else should not be exported
local:
*;
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,720 @@
+/*
+ pam.c - pam module functions
+
+ Copyright (C) 2009 Howard Chu
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include "prototypes.h"
+#include "common.h"
+#include "compat/attrs.h"
+
+#ifndef HAVE_PAM_PAM_MODULES_H
+#include <security/pam_modules.h>
+#else
+#include <pam/pam_modules.h>
+#endif
+
+#define CONST_ARG const
+
+#define IGNORE_UNKNOWN 1
+#define IGNORE_UNAVAIL 2
+
+#define PLD_CTX "PAM_LDAPD_CTX"
+
+#define NSS2PAM_RC(rc,ignore,ok) \
+ switch(rc) { \
+ case NSS_STATUS_SUCCESS: \
+ rc = ok; break; \
+ case NSS_STATUS_UNAVAIL: \
+ rc = (ignore & IGNORE_UNAVAIL) ? PAM_IGNORE : PAM_AUTHINFO_UNAVAIL; \
+ break; \
+ case NSS_STATUS_NOTFOUND: \
+ rc = (ignore & IGNORE_UNKNOWN) ? PAM_IGNORE: PAM_USER_UNKNOWN; \
+ break; \
+ default: \
+ rc = PAM_SYSTEM_ERR; break; \
+ }
+
+typedef struct pld_ctx {
+ char *user;
+ char *dn;
+ char *tmpluser;
+ char *authzmsg;
+ char *oldpw;
+ int authok;
+ int authz;
+ int sessid;
+ char buf[1024];
+} pld_ctx;
+
+static int nslcd2pam_rc(int rc)
+{
+#define map(i) case NSLCD_##i : rc = i; break
+ switch(rc) {
+ map(PAM_SUCCESS);
+ map(PAM_PERM_DENIED);
+ map(PAM_AUTH_ERR);
+ map(PAM_CRED_INSUFFICIENT);
+ map(PAM_AUTHINFO_UNAVAIL);
+ map(PAM_USER_UNKNOWN);
+ map(PAM_MAXTRIES);
+ map(PAM_NEW_AUTHTOK_REQD);
+ map(PAM_ACCT_EXPIRED);
+ map(PAM_SESSION_ERR);
+ map(PAM_AUTHTOK_DISABLE_AGING);
+ map(PAM_IGNORE);
+ map(PAM_ABORT);
+ }
+ return rc;
+}
+
+static void pam_clr_ctx(
+ pld_ctx *ctx)
+{
+ if (ctx->user) {
+ free(ctx->user);
+ ctx->user = NULL;
+ }
+ if (ctx->oldpw) {
+ memset(ctx->oldpw,0,strlen(ctx->oldpw));
+ free(ctx->oldpw);
+ ctx->oldpw = NULL;
+ }
+ ctx->dn = NULL;
+ ctx->tmpluser = NULL;
+ ctx->authzmsg = NULL;
+ ctx->authok = 0;
+ ctx->authz = 0;
+}
+
+static void pam_del_ctx(
+ pam_handle_t *pamh, void *data, int err)
+{
+ pld_ctx *ctx = data;
+ pam_clr_ctx(ctx);
+ free(ctx);
+}
+
+static int pam_get_ctx(
+ pam_handle_t *pamh, const char *user, pld_ctx **pctx)
+{
+ pld_ctx *ctx = NULL;
+ int rc;
+
+ if (pam_get_data(pamh, PLD_CTX, (CONST_ARG void **)&ctx) == PAM_SUCCESS) {
+ if (ctx->user && strcmp(ctx->user, user)) {
+ pam_clr_ctx(ctx);
+ }
+ rc = PAM_SUCCESS;
+ }
+ if (!ctx) {
+ ctx = calloc(1, sizeof(*ctx));
+ if (!ctx)
+ return PAM_BUF_ERR;
+ rc = pam_set_data(pamh, PLD_CTX, ctx, pam_del_ctx);
+ if (rc != PAM_SUCCESS)
+ pam_del_ctx(pamh, ctx, 0);
+ }
+ if (rc == PAM_SUCCESS)
+ *pctx = ctx;
+ return rc;
+}
+
+static int pam_get_authtok(
+ pam_handle_t *pamh, int flags, char *prompt1, char *prompt2, char **pwd)
+{
+ int rc;
+ char *p;
+ struct pam_message msg[1], *pmsg[1];
+ struct pam_response *resp;
+ struct pam_conv *conv;
+
+ *pwd = NULL;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &conv);
+ if (rc == PAM_SUCCESS) {
+ pmsg[0] = &msg[0];
+ msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
+ msg[0].msg = prompt1;
+ resp = NULL;
+ rc = conv->conv (1,
+ (CONST_ARG struct pam_message **) pmsg,
+ &resp, conv->appdata_ptr);
+ } else {
+ return rc;
+ }
+
+ if (resp != NULL) {
+ if ((flags & PAM_DISALLOW_NULL_AUTHTOK) && resp[0].resp == NULL)
+ {
+ free (resp);
+ return PAM_AUTH_ERR;
+ }
+
+ p = resp[0].resp;
+ resp[0].resp = NULL;
+ free (resp);
+ } else {
+ return PAM_CONV_ERR;
+ }
+
+ if (prompt2) {
+ msg[0].msg = prompt2;
+ resp = NULL;
+ rc = conv->conv (1,
+ (CONST_ARG struct pam_message **) pmsg,
+ &resp, conv->appdata_ptr);
+ if (resp && resp[0].resp && !strcmp(resp[0].resp, p))
+ rc = PAM_SUCCESS;
+ else
+ rc = PAM_AUTHTOK_RECOVERY_ERR;
+ if (resp) {
+ if (resp[0].resp) {
+ (void) memset(resp[0].resp, 0, strlen(resp[0].resp));
+ free(resp[0].resp);
+ }
+ free(resp);
+ }
+ }
+
+ if (rc == PAM_SUCCESS)
+ *pwd = p;
+ else if (p) {
+ memset(p, 0, strlen(p));
+ free(p);
+ }
+
+ return rc;
+}
+
+static enum nss_status pam_read_authc(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf, *user;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,user);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authok);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authok = nslcd2pam_rc(ctx->authok);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_authc(
+ pld_ctx *ctx, const char *user, const char *svc,const char *pwd,int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_AUTHC,
+ WRITE_STRING(fp,user);
+ WRITE_STRING(fp,"" /* DN */);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,pwd),
+ pam_read_authc(fp,ctx,errnop));
+}
+
+#define USE_FIRST 1
+#define TRY_FIRST 2
+#define USE_TOKEN 4
+
+int pam_sm_authenticate(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int err, rc;
+ const char *username, *svc;
+ char *p = NULL;
+ int first_pass = 0, ignore_flags = 0;
+ int i;
+ pld_ctx *ctx;
+
+ for (i = 0; i < argc; i++) {
+ if (!strcmp (argv[i], "use_first_pass"))
+ first_pass |= USE_FIRST;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ first_pass |= TRY_FIRST;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "no_warn"))
+ ;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ for (i=0;i<2;i++) {
+ if (!first_pass) {
+ rc = pam_get_authtok(pamh, flags, i ? "LDAP Password: " :
+ "Password: ", NULL, &p);
+ i = 2;
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_AUTHTOK, p);
+ memset(p, 0, strlen(p));
+ free(p);
+ } else {
+ break;
+ }
+ }
+ rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
+ if (rc == PAM_SUCCESS) {
+ rc = pam_do_authc(ctx, username, svc, p, &err);
+ NSS2PAM_RC(rc, ignore_flags, ctx->authok);
+ }
+ if (rc == PAM_SUCCESS || (first_pass & USE_FIRST)) {
+ break;
+ }
+ first_pass = 0;
+ }
+
+ if (rc == PAM_SUCCESS) {
+ ctx->user = strdup(username);
+ if (ctx->authz == PAM_NEW_AUTHTOK_REQD)
+ ctx->oldpw = strdup(p);
+ }
+
+ return rc;
+}
+
+int pam_sm_setcred(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ return PAM_SUCCESS;
+}
+
+static int
+pam_warn(
+ struct pam_conv *aconv, const char *message, int style, int no_warn)
+{
+ struct pam_message msg, *pmsg;
+ struct pam_response *resp;
+
+ if (no_warn)
+ return PAM_SUCCESS;
+
+ pmsg = &msg;
+
+ msg.msg_style = style;
+ msg.msg = (char *) message;
+ resp = NULL;
+
+ return aconv->conv (1,
+ (CONST_ARG struct pam_message **) &pmsg,
+ &resp, aconv->appdata_ptr);
+}
+
+static enum nss_status pam_read_authz(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,ctx->tmpluser);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_authz(
+ pld_ctx *ctx, const char *svc, const char *ruser, const char *rhost,
+ const char *tty, int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ,
+ WRITE_STRING(fp,ctx->user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,ruser);
+ WRITE_STRING(fp,rhost);
+ WRITE_STRING(fp,tty),
+ pam_read_authz(fp,ctx,errnop));
+}
+
+int pam_sm_acct_mgmt(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, err;
+ const char *username, *svc, *ruser, *rhost, *tty;
+ int no_warn = 0, ignore_flags = 0;
+ int i;
+ struct pam_conv *appconv;
+ pld_ctx *ctx = NULL, ctx2;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "no_warn"))
+ no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ no_warn = 1;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_RHOST, (CONST_ARG void **) &rhost);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_TTY, (CONST_ARG void **) &tty);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ ctx2.dn = ctx->dn;
+ ctx2.user = ctx->user;
+ rc = pam_do_authz(&ctx2, svc, ruser, rhost, tty, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ if (rc != PAM_SUCCESS) {
+ if (rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP authorization failed", PAM_ERROR_MSG, no_warn);
+ } else {
+ if (ctx2.authzmsg && ctx2.authzmsg[0])
+ pam_warn(appconv, ctx2.authzmsg, PAM_TEXT_INFO, no_warn);
+ if (ctx2.authz == PAM_SUCCESS) {
+ rc = ctx->authz;
+ if (ctx->authzmsg && ctx->authzmsg[0])
+ pam_warn(appconv, ctx->authzmsg, PAM_TEXT_INFO, no_warn);
+ }
+ }
+ if ( rc == PAM_SUCCESS && ctx->tmpluser && ctx->tmpluser[0] ) {
+ rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser);
+ }
+ return rc;
+}
+
+static enum nss_status pam_read_sess(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ int tmpint32;
+ READ_INT32(fp,ctx->sessid);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_sess(
+ pam_handle_t *pamh,pld_ctx *ctx,int action,int *errnop)
+{
+ const char *svc = NULL, *tty = NULL, *rhost = NULL, *ruser = NULL;
+
+ pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ pam_get_item (pamh, PAM_TTY, (CONST_ARG void **) &tty);
+ pam_get_item (pamh, PAM_RHOST, (CONST_ARG void **) &rhost);
+ pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser);
+
+ {
+ NSS_BYGEN(action,
+ WRITE_STRING(fp,ctx->user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,tty);
+ WRITE_STRING(fp,rhost);
+ WRITE_STRING(fp,ruser);
+ WRITE_INT32(fp,ctx->sessid),
+ pam_read_sess(fp,ctx,errnop));
+ }
+}
+
+static int pam_sm_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv,
+ int action, int *no_warn)
+{
+ int rc, err;
+ const char *username;
+ int ignore_flags = 0;
+ int i, success = PAM_SUCCESS;
+ pld_ctx *ctx = NULL;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "no_warn"))
+ *no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ *no_warn = 1;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_do_sess(pamh, ctx, action, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ return rc;
+}
+
+int pam_sm_open_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, no_warn = 0;
+ struct pam_conv *appconv;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_O,&no_warn);
+ if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP open_session failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+int pam_sm_close_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, no_warn = 0;;
+ struct pam_conv *appconv;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_C,&no_warn);
+ if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP close_session failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+static enum nss_status pam_read_pwmod(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf, *user;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,user);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_pwmod(
+ pld_ctx *ctx, const char *user, const char *svc,
+ const char *oldpw, const char *newpw, int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_PWMOD,
+ WRITE_STRING(fp,user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,oldpw);
+ WRITE_STRING(fp,newpw),
+ pam_read_pwmod(fp,ctx,errnop));
+}
+
+int pam_sm_chauthtok(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, err;
+ const char *username, *p = NULL, *q = NULL, *svc;
+ int first_pass = 0, no_warn = 0, ignore_flags = 0;
+ int i, success = PAM_SUCCESS;
+ struct pam_conv *appconv;
+ pld_ctx *ctx = NULL;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ first_pass |= USE_FIRST;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ first_pass |= TRY_FIRST;
+ else if (!strcmp (argv[i], "use_authtok"))
+ first_pass |= USE_TOKEN;
+ else if (!strcmp (argv[i], "no_warn"))
+ no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ no_warn = 1;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (flags & PAM_PRELIM_CHECK) {
+ if (getuid()) {
+ if (!first_pass) {
+ rc = pam_get_authtok(pamh, flags, "(current) LDAP Password: ",
+ NULL, &p);
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_OLDAUTHTOK, p);
+ memset(p, 0, strlen(p));
+ free(p);
+ }
+ }
+ rc = pam_get_item(pamh, PAM_OLDAUTHTOK, &p);
+ if (rc) return rc;
+ } else {
+ rc = PAM_SUCCESS;
+ }
+ if (!ctx->dn) {
+ rc = pam_do_pwmod(ctx, username, svc, p, NULL, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ }
+ return rc;
+ }
+
+ rc = pam_get_item(pamh, PAM_OLDAUTHTOK, &p);
+ if (rc) return rc;
+
+ if (!p)
+ p = ctx->oldpw;
+
+ if (first_pass) {
+ rc = pam_get_item(pamh, PAM_AUTHTOK, &q);
+ if ((rc != PAM_SUCCESS || !q) && (first_pass & (USE_FIRST|USE_TOKEN))) {
+ if (rc == PAM_SUCCESS)
+ rc = PAM_AUTHTOK_RECOVERY_ERR;
+ return rc;
+ }
+ }
+ if (!q) {
+ rc = pam_get_authtok(pamh, flags, "Enter new LDAP Password: ",
+ "Retype new LDAP Password: ", &q);
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_AUTHTOK, q);
+ memset(q, 0, strlen(q));
+ free(q);
+ rc = pam_get_item(pamh, PAM_AUTHTOK, &q);
+ }
+ if (rc != PAM_SUCCESS)
+ return rc;
+ }
+ rc = pam_do_pwmod(ctx, username, svc, p, q, &err);
+ p = NULL; q = NULL;
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ if (rc == PAM_SUCCESS) {
+ rc = ctx->authz;
+ if (rc != PAM_SUCCESS)
+ pam_warn(appconv, ctx->authzmsg, PAM_ERROR_MSG, no_warn);
+ } else if (rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP pwmod failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+#ifdef PAM_STATIC
+struct pam_module _modstruct = {
+ "pam_ldapd",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+#endif /* PAM_STATIC */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
/* nssov.c - nss-ldap overlay for slapd */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.2 2008/11/10 22:40:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.4 2009/06/04 18:15:49 quanah Exp $ */
/*
- * Copyright 2008 by Howard Chu, Symas Corp.
+ * Copyright 2008-2009 by Howard Chu, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,6 +33,9 @@
#include <fcntl.h>
#include <sys/stat.h>
+AttributeDescription *nssov_pam_host_ad;
+AttributeDescription *nssov_pam_svc_ad;
+
/* buffer sizes for I/O */
#define READBUFFER_MINSIZE 32
#define READBUFFER_MAXSIZE 64
@@ -152,7 +155,7 @@
/* failure, log but write simple invalid address
(otherwise the address list is messed up) */
/* TODO: have error message in correct format */
- Debug(LDAP_DEBUG_ANY,"nssov: unparseable address: %s",addr->bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unparseable address: %s\n",addr->bv_val,0,0);
/* write an illegal address type */
WRITE_INT32(fp,-1);
/* write an empty address */
@@ -170,14 +173,14 @@
READ_INT32(fp,*af);
if ((*af!=AF_INET)&&(*af!=AF_INET6))
{
- Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d",*af,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d\n",*af,0,0);
return -1;
}
/* read address length */
READ_INT32(fp,len);
if ((len>*addrlen)||(len<=0))
{
- Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d",len,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d\n",len,0,0);
return -1;
}
*addrlen=len;
@@ -237,7 +240,7 @@
READ_TYPE(fp,tmpint32,int32_t);
if (tmpint32 != (int32_t)NSLCD_VERSION)
{
- Debug( LDAP_DEBUG_TRACE,"nssov: wrong nslcd version id (%d)",(int)tmpint32,0,0);
+ Debug( LDAP_DEBUG_TRACE,"nssov: wrong nslcd version id (%d)\n",(int)tmpint32,0,0);
return -1;
}
/* read the request type */
@@ -258,9 +261,9 @@
/* log connection */
if (lutil_getpeereid(sock,&uid,&gid))
- Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s",strerror(errno),0,0);
+ Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s\n",strerror(errno),0,0);
else
- Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d",
+ Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d\n",
(int)uid,(int)gid,0);
/* Should do authid mapping too */
@@ -322,6 +325,11 @@
case NSLCD_ACTION_SERVICE_ALL: (void)nssov_service_all(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nssov_shadow_byname(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nssov_shadow_all(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_AUTHC: (void)pam_authc(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_AUTHZ: (void)pam_authz(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_SESS_O: if (uid==0) (void)pam_sess_o(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_SESS_C: if (uid==0) (void)pam_sess_c(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_PWMOD: (void)pam_pwmod(ni,fp,op); break;
default:
Debug( LDAP_DEBUG_ANY,"nssov: invalid request id: %d",(int)action,0,0);
break;
@@ -380,6 +388,7 @@
}
connection_fake_init( &conn, &opbuf, ctx );
op=&opbuf.ob_op;
+ conn.c_ssf = conn.c_transport_ssf = local_ssf;
op->o_bd = ni->ni_db;
op->o_tag = LDAP_REQ_SEARCH;
@@ -388,23 +397,36 @@
}
static slap_verbmasks nss_svcs[] = {
- { BER_BVC("alias"), NM_alias },
- { BER_BVC("ether"), NM_ether },
+ { BER_BVC("aliases"), NM_alias },
+ { BER_BVC("ethers"), NM_ether },
{ BER_BVC("group"), NM_group },
- { BER_BVC("host"), NM_host },
+ { BER_BVC("hosts"), NM_host },
{ BER_BVC("netgroup"), NM_netgroup },
- { BER_BVC("network"), NM_network },
+ { BER_BVC("networks"), NM_network },
{ BER_BVC("passwd"), NM_passwd },
- { BER_BVC("protocol"), NM_protocol },
+ { BER_BVC("protocols"), NM_protocol },
{ BER_BVC("rpc"), NM_rpc },
- { BER_BVC("service"), NM_service },
+ { BER_BVC("services"), NM_service },
{ BER_BVC("shadow"), NM_shadow },
{ BER_BVNULL, 0 }
};
+static slap_verbmasks pam_opts[] = {
+ { BER_BVC("userhost"), NI_PAM_USERHOST },
+ { BER_BVC("userservice"), NI_PAM_USERSVC },
+ { BER_BVC("usergroup"), NI_PAM_USERGRP },
+ { BER_BVC("hostservice"), NI_PAM_HOSTSVC },
+ { BER_BVC("authz2dn"), NI_PAM_SASL2DN },
+ { BER_BVC("uid2dn"), NI_PAM_UID2DN },
+ { BER_BVNULL, 0 }
+};
+
enum {
NSS_SSD=1,
- NSS_MAP
+ NSS_MAP,
+ NSS_PAM,
+ NSS_PAMGROUP,
+ NSS_PAMSESS
};
static ConfigDriver nss_cf_gen;
@@ -420,6 +442,57 @@
"DESC 'Map <service> lookups of <orig> attr to <new> attr' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "nssov-pam", "options", 2, 0, 0, ARG_MAGIC|NSS_PAM,
+ nss_cf_gen, "(OLcfgCtAt:3.3 NAME 'olcNssPam' "
+ "DESC 'PAM authentication and authorization options' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "nssov-pam-defhost", "hostname", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+ (void *)offsetof(struct nssov_info, ni_pam_defhost),
+ "(OLcfgCtAt:3.4 NAME 'olcNssPamDefHost' "
+ "DESC 'Default hostname for service checks' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-group-dn", "DN", 2, 2, 0, ARG_MAGIC|ARG_DN|NSS_PAMGROUP,
+ nss_cf_gen, "(OLcfgCtAt:3.5 NAME 'olcNssPamGroupDN' "
+ "DESC 'DN of group in which membership is required' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-group-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+ (void *)offsetof(struct nssov_info, ni_pam_group_ad),
+ "(OLcfgCtAt:3.6 NAME 'olcNssPamGroupAD' "
+ "DESC 'Member attribute to use for group check' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-min-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+ (void *)offsetof(struct nssov_info, ni_pam_min_uid),
+ "(OLcfgCtAt:3.7 NAME 'olcNssPamMinUid' "
+ "DESC 'Minimum UID allowed to login' "
+ "EQUALITY integerMatch "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-max-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+ (void *)offsetof(struct nssov_info, ni_pam_max_uid),
+ "(OLcfgCtAt:3.8 NAME 'olcNssPamMaxUid' "
+ "DESC 'Maximum UID allowed to login' "
+ "EQUALITY integerMatch "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-template-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+ (void *)offsetof(struct nssov_info, ni_pam_template_ad),
+ "(OLcfgCtAt:3.9 NAME 'olcNssPamTemplateAD' "
+ "DESC 'Attribute to use for template login name' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-template", "name", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+ (void *)offsetof(struct nssov_info, ni_pam_template),
+ "(OLcfgCtAt:3.10 NAME 'olcNssPamTemplate' "
+ "DESC 'Default template login name' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|ARG_BERVAL|NSS_PAMSESS,
+ nss_cf_gen, "(OLcfgCtAt:3.11 NAME 'olcNssPamSession' "
+ "DESC 'Services for which sessions will be recorded' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL, NULL, 0,0,0, ARG_IGNORED }
};
@@ -428,7 +501,10 @@
"NAME 'olcNssOvConfig' "
"DESC 'NSS lookup configuration' "
"SUP olcOverlayConfig "
- "MAY ( olcNssSsd $ olcNssMap ) )",
+ "MAY ( olcNssSsd $ olcNssMap $ olcNssPam $ olcNssPamDefHost $ "
+ "olcNssPamGroupDN $ olcNssPamGroupAD $ "
+ "olcNssPamMinUid $ olcNssPamMaxUid $ olcNssPamSession $ "
+ "olcNssPamTemplateAD $ olcNssPamTemplate ) )",
Cft_Overlay, nsscfg },
{ NULL, 0, NULL }
};
@@ -440,6 +516,7 @@
nssov_info *ni = on->on_bi.bi_private;
nssov_mapinfo *mi;
int i, j, rc = 0;
+ slap_mask_t m;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch(c->type) {
@@ -495,9 +572,28 @@
}
}
break;
+ case NSS_PAM:
+ rc = mask_to_verbs( pam_opts, ni->ni_pam_opts, &c->rvalue_vals );
+ break;
+ case NSS_PAMGROUP:
+ if (!BER_BVISEMPTY( &ni->ni_pam_group_dn )) {
+ value_add_one( &c->rvalue_vals, &ni->ni_pam_group_dn );
+ value_add_one( &c->rvalue_nvals, &ni->ni_pam_group_dn );
+ } else {
+ rc = 1;
+ }
+ break;
+ case NSS_PAMSESS:
+ if (ni->ni_pam_sessions) {
+ ber_bvarray_dup_x( &c->rvalue_vals, ni->ni_pam_sessions, NULL );
+ } else {
+ rc = 1;
+ }
+ break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
+ /* FIXME */
return 1;
}
switch( c->type ) {
@@ -558,6 +654,44 @@
}
}
break;
+ case NSS_PAM:
+ m = ni->ni_pam_opts;
+ i = verbs_to_mask(c->argc, c->argv, pam_opts, &m);
+ if (i == 0) {
+ ni->ni_pam_opts = m;
+ if ((m & NI_PAM_USERHOST) && !nssov_pam_host_ad) {
+ const char *text;
+ i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ snprintf(c->cr_msg, sizeof(c->cr_msg),
+ "nssov: host attr unknown: %s", text);
+ Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg,0,0);
+ rc = 1;
+ break;
+ }
+ }
+ if ((m & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) && !nssov_pam_svc_ad) {
+ const char *text;
+ i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ snprintf(c->cr_msg, sizeof(c->cr_msg),
+ "nssov: authorizedService attr unknown: %s", text);
+ Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg,0,0);
+ rc = 1;
+ break;
+ }
+ }
+ } else {
+ rc = 1;
+ }
+ break;
+ case NSS_PAMGROUP:
+ ni->ni_pam_group_dn = c->value_ndn;
+ ch_free( c->value_dn.bv_val );
+ break;
+ case NSS_PAMSESS:
+ ber_bvarray_add( &ni->ni_pam_sessions, &c->value_bv );
+ break;
}
return rc;
}
@@ -570,9 +704,12 @@
slap_overinst *on = (slap_overinst *)be->bd_info;
nssov_info *ni;
nssov_mapinfo *mi;
- int i, j;
+ int rc;
- ni = ch_malloc( sizeof(nssov_info) );
+ rc = nssov_pam_init();
+ if (rc) return rc;
+
+ ni = ch_calloc( 1, sizeof(nssov_info) );
on->on_bi.bi_private = ni;
/* set up map keys */
@@ -589,6 +726,7 @@
nssov_shadow_init(ni);
ni->ni_db = be->bd_self;
+ ni->ni_pam_opts = NI_PAM_UID2DN;
return 0;
}
@@ -639,17 +777,47 @@
mi->mi_attrs[j].an_desc = NULL;
}
+ /* Find host and authorizedService definitions */
+ if ((ni->ni_pam_opts & NI_PAM_USERHOST) && !nssov_pam_host_ad)
+ {
+ const char *text;
+ i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,"nssov: host attr unknown: %s\n",
+ text, 0, 0 );
+ return -1;
+ }
+ }
+ if ((ni->ni_pam_opts & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) &&
+ !nssov_pam_svc_ad)
+ {
+ const char *text;
+ i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,"nssov: authorizedService attr unknown: %s\n",
+ text, 0, 0 );
+ return -1;
+ }
+ }
if ( slapMode & SLAP_SERVER_MODE ) {
+ /* make sure /var/run/nslcd exists */
+ if (mkdir(NSLCD_PATH, (mode_t) 0555)) {
+ Debug(LDAP_DEBUG_TRACE,"nssov: mkdir(%s) failed (ignored): %s\n",
+ NSLCD_PATH,strerror(errno),0);
+ } else {
+ Debug(LDAP_DEBUG_TRACE,"nssov: created %s\n",NSLCD_PATH,0,0);
+ }
+
/* create a socket */
if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )
{
- Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s",strerror(errno),0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s\n",strerror(errno),0,0);
return -1;
}
/* remove existing named socket */
if (unlink(NSLCD_SOCKET)<0)
{
- Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s",
+ Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s\n",
strerror(errno),0,0);
}
/* create socket address structure */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* nssov.h - NSS overlay header file */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.3 2009/01/22 00:00:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.4 2009/06/03 20:46:55 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -9,8 +9,12 @@
#ifndef NSSOV_H
#define NSSOV_H
+#ifndef NSLCD_PATH
+#define NSLCD_PATH "/var/run/nslcd"
+#endif
+
#ifndef NSLCD_SOCKET
-#define NSLCD_SOCKET "/var/run/nslcd/socket"
+#define NSLCD_SOCKET NSLCD_PATH "/socket"
#endif
#include <stdio.h>
@@ -64,8 +68,32 @@
int ni_socket;
Connection *ni_conn;
BackendDB *ni_db;
+
+ /* PAM authz support... */
+ slap_mask_t ni_pam_opts;
+ struct berval ni_pam_group_dn;
+ AttributeDescription *ni_pam_group_ad;
+ int ni_pam_min_uid;
+ int ni_pam_max_uid;
+ AttributeDescription *ni_pam_template_ad;
+ struct berval ni_pam_template;
+ struct berval ni_pam_defhost;
+ struct berval *ni_pam_sessions;
} nssov_info;
+#define NI_PAM_USERHOST 1 /* old style host checking */
+#define NI_PAM_USERSVC 2 /* old style service checking */
+#define NI_PAM_USERGRP 4 /* old style group checking */
+#define NI_PAM_HOSTSVC 8 /* new style authz checking */
+#define NI_PAM_SASL2DN 0x10 /* use sasl2dn */
+#define NI_PAM_UID2DN 0x20 /* use uid2dn */
+
+#define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
+#define NI_PAM_NEW NI_PAM_HOSTSVC
+
+extern AttributeDescription *nssov_pam_host_ad;
+extern AttributeDescription *nssov_pam_svc_ad;
+
/* Read the default configuration file. */
void nssov_cfg_init(nssov_info *ni,const char *fname);
@@ -139,11 +167,12 @@
/* checks to see if the specified string is a valid username */
int isvalidusername(struct berval *name);
-/* transforms the DN info a uid doing an LDAP lookup if needed */
+/* transforms the DN into a uid doing an LDAP lookup if needed */
int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid);
/* transforms the uid into a DN by doing an LDAP lookup */
int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn);
+int nssov_name2dn_cb(Operation *op, SlapReply *rs);
/* Escapes characters in a string for use in a search filter. */
int nssov_escape(struct berval *src,struct berval *dst);
@@ -163,6 +192,8 @@
void nssov_service_init(nssov_info *ni);
void nssov_shadow_init(nssov_info *ni);
+int nssov_pam_init(void);
+
/* these are the different functions that handle the database
specific actions, see nslcd.h for the action descriptions */
int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op);
@@ -195,6 +226,11 @@
int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op);
int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op);
int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op);
/* config initialization */
#define NSSOV_INIT(db) \
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,668 @@
+/* pam.c - pam processing routines */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/pam.c,v 1.13.2.2 2009/06/03 20:46:55 quanah Exp $ */
+/*
+ * Copyright 2009 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "nssov.h"
+#include "lutil.h"
+
+static int ppolicy_cid;
+static AttributeDescription *ad_loginStatus;
+
+const char *at_loginStatus =
+ "( 1.3.6.1.4.1.4745.1.20.1 "
+ "NAME ( 'loginStatus' ) "
+ "DESC 'Currently logged in sessions for a user' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "ORDERING caseIgnoreOrderingMatch "
+ "SYNTAX OMsDirectoryString "
+ "USAGE directoryOperation )";
+
+struct paminfo {
+ struct berval uid;
+ struct berval dn;
+ struct berval svc;
+ struct berval pwd;
+ int authz;
+ struct berval msg;
+};
+
+static int pam_bindcb(
+ Operation *op, SlapReply *rs)
+{
+ struct paminfo *pi = op->o_callback->sc_private;
+ LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
+ rs->sr_ctrls, NULL);
+ if (ctrl) {
+ LDAP *ld;
+ ber_int_t expire, grace;
+ LDAPPasswordPolicyError error;
+
+ ldap_create(&ld);
+ if (ld) {
+ int rc = ldap_parse_passwordpolicy_control(ld,ctrl,
+ &expire,&grace,&error);
+ if (rc == LDAP_SUCCESS) {
+ if (expire >= 0) {
+ char *unit = "seconds";
+ if (expire > 60) {
+ expire /= 60;
+ unit = "minutes";
+ }
+ if (expire > 60) {
+ expire /= 60;
+ unit = "hours";
+ }
+ if (expire > 24) {
+ expire /= 24;
+ unit = "days";
+ }
+#if 0 /* Who warns about expiration so far in advance? */
+ if (expire > 7) {
+ expire /= 7;
+ unit = "weeks";
+ }
+ if (expire > 4) {
+ expire /= 4;
+ unit = "months";
+ }
+ if (expire > 12) {
+ expire /= 12;
+ unit = "years";
+ }
+#endif
+ pi->msg.bv_len = sprintf(pi->msg.bv_val,
+ "\nWARNING: Password expires in %d %s\n", expire, unit);
+ } else if (grace > 0) {
+ pi->msg.bv_len = sprintf(pi->msg.bv_val,
+ "Password expired; %d grace logins remaining",
+ grace);
+ pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+ } else if (error != PP_noError) {
+ ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0,
+ &pi->msg);
+ switch (error) {
+ case PP_passwordExpired:
+ /* report this during authz */
+ rs->sr_err = LDAP_SUCCESS;
+ /* fallthru */
+ case PP_changeAfterReset:
+ pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+ }
+ }
+ }
+ ldap_ld_free(ld,0,NULL,NULL);
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+int pam_do_bind(nssov_info *ni,TFILE *fp,Operation *op,
+ struct paminfo *pi)
+{
+ int rc;
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ struct berval sdn;
+
+ pi->msg.bv_val = pi->pwd.bv_val;
+ pi->msg.bv_len = 0;
+ pi->authz = NSLCD_PAM_SUCCESS;
+ BER_BVZERO(&pi->dn);
+
+ if (!isvalidusername(&pi->uid)) {
+ Debug(LDAP_DEBUG_ANY,"nssov_pam_do_bind(%s): invalid user name\n",
+ pi->uid.bv_val,0,0);
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ if (ni->ni_pam_opts & NI_PAM_SASL2DN) {
+ int hlen = global_host_bv.bv_len;
+
+ /* cn=<service>+uid=<user>,cn=<host>,cn=pam,cn=auth */
+ sdn.bv_len = pi->uid.bv_len + pi->svc.bv_len + hlen +
+ STRLENOF( "cn=+uid=,cn=,cn=pam,cn=auth" );
+ sdn.bv_val = op->o_tmpalloc( sdn.bv_len + 1, op->o_tmpmemctx );
+ sprintf(sdn.bv_val, "cn=%s+uid=%s,cn=%s,cn=pam,cn=auth",
+ pi->svc.bv_val, pi->uid.bv_val, global_host_bv.bv_val);
+ slap_sasl2dn(op, &sdn, &pi->dn, 0);
+ op->o_tmpfree( sdn.bv_val, op->o_tmpmemctx );
+ }
+
+ /* If no luck, do a basic uid search */
+ if (BER_BVISEMPTY(&pi->dn) && (ni->ni_pam_opts & NI_PAM_UID2DN)) {
+ nssov_uid2dn(op, ni, &pi->uid, &pi->dn);
+ if (!BER_BVISEMPTY(&pi->dn)) {
+ sdn = pi->dn;
+ dnNormalize( 0, NULL, NULL, &sdn, &pi->dn, op->o_tmpmemctx );
+ }
+ }
+ BER_BVZERO(&sdn);
+ if (BER_BVISEMPTY(&pi->dn)) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ if (BER_BVISEMPTY(&pi->pwd)) {
+ rc = NSLCD_PAM_IGNORE;
+ goto finish;
+ }
+
+ /* Should only need to do this once at open time, but there's always
+ * the possibility that ppolicy will get loaded later.
+ */
+ if (!ppolicy_cid) {
+ rc = slap_find_control_id(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ &ppolicy_cid);
+ }
+ /* of course, 0 is a valid cid, but it won't be ppolicy... */
+ if (ppolicy_cid) {
+ op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL;
+ }
+ cb.sc_response = pam_bindcb;
+ cb.sc_private = pi;
+ op->o_callback = &cb;
+ op->o_dn.bv_val[0] = 0;
+ op->o_dn.bv_len = 0;
+ op->o_ndn.bv_val[0] = 0;
+ op->o_ndn.bv_len = 0;
+ op->o_tag = LDAP_REQ_BIND;
+ op->o_protocol = LDAP_VERSION3;
+ op->orb_method = LDAP_AUTH_SIMPLE;
+ op->orb_cred = pi->pwd;
+ op->o_req_dn = pi->dn;
+ op->o_req_ndn = pi->dn;
+ slap_op_time( &op->o_time, &op->o_tincr );
+ rc = op->o_bd->be_bind( op, &rs );
+ memset(pi->pwd.bv_val,0,pi->pwd.bv_len);
+ /* quirk: on successful bind, caller has to send result. we need
+ * to make sure callbacks run.
+ */
+ if (rc == LDAP_SUCCESS)
+ send_ldap_result(op, &rs);
+ switch(rs.sr_err) {
+ case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break;
+ case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break;
+ default: rc = NSLCD_PAM_AUTH_ERR; break;
+ }
+finish:
+ return rc;
+}
+
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ int32_t tmpint32;
+ int rc;
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ char dnc[1024];
+ char uidc[32];
+ char svcc[256];
+ char pwdc[256];
+ struct berval sdn, dn;
+ struct paminfo pi;
+
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ pi.uid.bv_val = uidc;
+ pi.uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ pi.dn.bv_val = dnc;
+ pi.dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ pi.svc.bv_val = svcc;
+ pi.svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,pwdc,sizeof(pwdc));
+ pi.pwd.bv_val = pwdc;
+ pi.pwd.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(%s)\n",pi.uid.bv_val,0,0);
+
+ rc = pam_do_bind(ni, fp, op, &pi);
+
+finish:
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&pi.uid);
+ WRITE_BERVAL(fp,&pi.dn);
+ WRITE_INT32(fp,rc);
+ WRITE_INT32(fp,pi.authz); /* authz */
+ WRITE_BERVAL(fp,&pi.msg); /* authzmsg */
+ return 0;
+}
+
+static struct berval grpmsg =
+ BER_BVC("Access denied by group check");
+static struct berval hostmsg =
+ BER_BVC("Access denied for this host");
+static struct berval svcmsg =
+ BER_BVC("Access denied for this service");
+static struct berval uidmsg =
+ BER_BVC("Access denied by UID check");
+
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ struct berval dn, uid, svc, ruser, rhost, tty;
+ struct berval authzmsg = BER_BVNULL;
+ int32_t tmpint32;
+ char dnc[1024];
+ char uidc[32];
+ char svcc[256];
+ char ruserc[32];
+ char rhostc[256];
+ char ttyc[256];
+ int rc = NSLCD_PAM_SUCCESS;
+ Entry *e = NULL;
+ Attribute *a;
+ SlapReply rs = {REP_RESULT};
+ slap_callback cb = {0};
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ uid.bv_val = uidc;
+ uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ dn.bv_val = dnc;
+ dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ svc.bv_val = svcc;
+ svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(ruserc));
+ ruser.bv_val = ruserc;
+ ruser.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(rhostc));
+ rhost.bv_val = rhostc;
+ rhost.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(ttyc));
+ tty.bv_val = ttyc;
+ tty.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(%s)\n",dn.bv_val,0,0);
+
+ /* We don't do authorization if they weren't authenticated by us */
+ if (BER_BVISEMPTY(&dn)) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ /* See if they have access to the host and service */
+ if ((ni->ni_pam_opts & NI_PAM_HOSTSVC) && nssov_pam_svc_ad) {
+ AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+ struct berval hostdn = BER_BVNULL;
+ struct berval odn = op->o_ndn;
+ op->o_dn = dn;
+ op->o_ndn = dn;
+ {
+ nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+ char fbuf[1024];
+ struct berval filter = {sizeof(fbuf),fbuf};
+ SlapReply rs2 = {REP_RESULT};
+
+ /* Lookup the host entry */
+ nssov_filter_byname(mi,0,&global_host_bv,&filter);
+ cb.sc_private = &hostdn;
+ cb.sc_response = nssov_name2dn_cb;
+ op->o_callback = &cb;
+ op->o_req_dn = mi->mi_base;
+ op->o_req_ndn = mi->mi_base;
+ op->ors_scope = mi->mi_scope;
+ op->ors_filterstr = filter;
+ op->ors_filter = str2filter_x(op, filter.bv_val);
+ op->ors_attrs = slap_anlist_no_attrs;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = 2;
+ rc = op->o_bd->be_search(op, &rs2);
+ filter_free_x(op, op->ors_filter, 1);
+
+ if (BER_BVISEMPTY(&hostdn) &&
+ !BER_BVISEMPTY(&ni->ni_pam_defhost)) {
+ filter.bv_len = sizeof(fbuf);
+ filter.bv_val = fbuf;
+ memset(&rs2, 0, sizeof(rs2));
+ rs2.sr_type = REP_RESULT;
+ nssov_filter_byname(mi,0,&ni->ni_pam_defhost,&filter);
+ op->ors_filterstr = filter;
+ op->ors_filter = str2filter_x(op, filter.bv_val);
+ rc = op->o_bd->be_search(op, &rs2);
+ filter_free_x(op, op->ors_filter, 1);
+ }
+
+ /* no host entry, no default host -> deny */
+ if (BER_BVISEMPTY(&hostdn)) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = hostmsg;
+ goto finish;
+ }
+ }
+
+ cb.sc_response = slap_null_cb;
+ cb.sc_private = NULL;
+ op->o_tag = LDAP_REQ_COMPARE;
+ op->o_req_dn = hostdn;
+ op->o_req_ndn = hostdn;
+ ava.aa_desc = nssov_pam_svc_ad;
+ ava.aa_value = svc;
+ op->orc_ava = &ava;
+ rc = op->o_bd->be_compare( op, &rs );
+ if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
+ authzmsg = svcmsg;
+ rc = NSLCD_PAM_PERM_DENIED;
+ goto finish;
+ }
+ op->o_dn = odn;
+ op->o_ndn = odn;
+ }
+
+ /* See if they're a member of the group */
+ if ((ni->ni_pam_opts & NI_PAM_USERGRP) &&
+ !BER_BVISEMPTY(&ni->ni_pam_group_dn) &&
+ ni->ni_pam_group_ad) {
+ AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+ op->o_callback = &cb;
+ cb.sc_response = slap_null_cb;
+ op->o_tag = LDAP_REQ_COMPARE;
+ op->o_req_dn = ni->ni_pam_group_dn;
+ op->o_req_ndn = ni->ni_pam_group_dn;
+ ava.aa_desc = ni->ni_pam_group_ad;
+ ava.aa_value = dn;
+ op->orc_ava = &ava;
+ rc = op->o_bd->be_compare( op, &rs );
+ if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
+ authzmsg = grpmsg;
+ rc = NSLCD_PAM_PERM_DENIED;
+ goto finish;
+ }
+ }
+
+ /* We need to check the user's entry for these bits */
+ if ((ni->ni_pam_opts & (NI_PAM_USERHOST|NI_PAM_USERSVC)) ||
+ ni->ni_pam_template_ad ||
+ ni->ni_pam_min_uid || ni->ni_pam_max_uid ) {
+ rc = be_entry_get_rw( op, &dn, NULL, NULL, 0, &e );
+ if (rc != LDAP_SUCCESS) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+ }
+ if ((ni->ni_pam_opts & NI_PAM_USERHOST) && nssov_pam_host_ad) {
+ a = attr_find(e->e_attrs, nssov_pam_host_ad);
+ if (!a || value_find_ex( nssov_pam_host_ad,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ a->a_vals, &global_host_bv, op->o_tmpmemctx )) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = hostmsg;
+ goto finish;
+ }
+ }
+ if ((ni->ni_pam_opts & NI_PAM_USERSVC) && nssov_pam_svc_ad) {
+ a = attr_find(e->e_attrs, nssov_pam_svc_ad);
+ if (!a || value_find_ex( nssov_pam_svc_ad,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ a->a_vals, &svc, op->o_tmpmemctx )) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = svcmsg;
+ goto finish;
+ }
+ }
+
+/* from passwd.c */
+#define UIDN_KEY 2
+
+ if (ni->ni_pam_min_uid || ni->ni_pam_max_uid) {
+ int id;
+ char *tmp;
+ nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+ a = attr_find(e->e_attrs, mi->mi_attrs[UIDN_KEY].an_desc);
+ if (!a) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ id = (int)strtol(a->a_vals[0].bv_val,&tmp,0);
+ if (a->a_vals[0].bv_val[0] == '\0' || *tmp != '\0') {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ if ((ni->ni_pam_min_uid && id < ni->ni_pam_min_uid) ||
+ (ni->ni_pam_max_uid && id > ni->ni_pam_max_uid)) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ }
+
+ if (ni->ni_pam_template_ad) {
+ a = attr_find(e->e_attrs, ni->ni_pam_template_ad);
+ if (a)
+ uid = a->a_vals[0];
+ else if (!BER_BVISEMPTY(&ni->ni_pam_template))
+ uid = ni->ni_pam_template;
+ }
+
+finish:
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&uid);
+ WRITE_BERVAL(fp,&dn);
+ WRITE_INT32(fp,rc);
+ WRITE_BERVAL(fp,&authzmsg);
+ if (e) {
+ be_entry_release_r(op, e);
+ }
+ return 0;
+}
+
+static int pam_sess(nssov_info *ni,TFILE *fp,Operation *op,int action)
+{
+ struct berval dn, uid, svc, tty, rhost, ruser;
+ int32_t tmpint32;
+ char dnc[1024];
+ char svcc[256];
+ char uidc[32];
+ char ttyc[32];
+ char rhostc[256];
+ char ruserc[32];
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
+ struct berval timestamp, bv[2], *nbv;
+ time_t stamp;
+ Modifications mod;
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ uid.bv_val = uidc;
+ uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ dn.bv_val = dnc;
+ dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ svc.bv_val = svcc;
+ svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,ttyc,sizeof(ttyc));
+ tty.bv_val = ttyc;
+ tty.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,rhostc,sizeof(rhostc));
+ rhost.bv_val = rhostc;
+ rhost.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,ruserc,sizeof(ruserc));
+ ruser.bv_val = ruserc;
+ ruser.bv_len = tmpint32;
+ READ_INT32(fp,stamp);
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(%s)\n",
+ action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', dn.bv_val,0);
+
+ if (!dn.bv_len || !ni->ni_pam_sessions) return 0;
+
+ {
+ int i, found=0;
+ for (i=0; !BER_BVISNULL(&ni->ni_pam_sessions[i]); i++) {
+ if (ni->ni_pam_sessions[i].bv_len != svc.bv_len)
+ continue;
+ if (!strcasecmp(ni->ni_pam_sessions[i].bv_val, svc.bv_val)) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) return 0;
+ }
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+ timestamp.bv_len = sizeof(timebuf);
+ timestamp.bv_val = timebuf;
+ if (action == NSLCD_ACTION_PAM_SESS_O )
+ stamp = op->o_time;
+ slap_timestamp( &stamp, ×tamp );
+ bv[0].bv_len = timestamp.bv_len + global_host_bv.bv_len + svc.bv_len +
+ tty.bv_len + ruser.bv_len + rhost.bv_len + STRLENOF(" (@)");
+ bv[0].bv_val = op->o_tmpalloc( bv[0].bv_len+1, op->o_tmpmemctx );
+ sprintf(bv[0].bv_val, "%s %s %s %s (%s@%s)",
+ timestamp.bv_val, global_host_bv.bv_val, svc.bv_val, tty.bv_val,
+ ruser.bv_val, rhost.bv_val);
+
+ mod.sml_numvals = 1;
+ mod.sml_values = bv;
+ BER_BVZERO(&bv[1]);
+ attr_normalize( ad_loginStatus, bv, &nbv, op->o_tmpmemctx );
+ mod.sml_nvalues = nbv;
+ mod.sml_desc = ad_loginStatus;
+ mod.sml_op = action == NSLCD_ACTION_PAM_SESS_O ? LDAP_MOD_ADD :
+ LDAP_MOD_DELETE;
+ mod.sml_flags = SLAP_MOD_INTERNAL;
+ mod.sml_next = NULL;
+
+ cb.sc_response = slap_null_cb;
+ op->o_callback = &cb;
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->orm_modlist = &mod;
+ op->orm_no_opattrs = 1;
+ op->o_req_dn = dn;
+ op->o_req_ndn = dn;
+ op->o_bd->be_modify( op, &rs );
+ if ( mod.sml_next ) {
+ slap_mods_free( mod.sml_next, 1 );
+ }
+ ber_bvarray_free_x( nbv, op->o_tmpmemctx );
+
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,action);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_INT32(fp,op->o_time);
+ return 0;
+}
+
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_O);
+}
+
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_C);
+}
+
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ struct berval npw;
+ int32_t tmpint32;
+ char dnc[1024];
+ char uidc[32];
+ char opwc[256];
+ char npwc[256];
+ char svcc[256];
+ struct paminfo pi;
+ int rc;
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ pi.uid.bv_val = uidc;
+ pi.uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ pi.dn.bv_val = dnc;
+ pi.dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ pi.svc.bv_val = svcc;
+ pi.svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,opwc,sizeof(opwc));
+ pi.pwd.bv_val = opwc;
+ pi.pwd.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,npwc,sizeof(npwc));
+ npw.bv_val = npwc;
+ npw.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(%s), %s\n",
+ pi.dn.bv_val,pi.uid.bv_val,0);
+
+ BER_BVZERO(&pi.msg);
+
+ /* This is a prelim check */
+ if (BER_BVISEMPTY(&pi.dn)) {
+ rc = pam_do_bind(ni,fp,op,&pi);
+ if (rc == NSLCD_PAM_IGNORE)
+ rc = NSLCD_PAM_SUCCESS;
+ } else {
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ struct berval bv;
+ SlapReply rs = {REP_RESULT};
+ slap_callback cb = {0};
+
+ ber_init_w_nullc(ber, LBER_USE_DER);
+ ber_printf(ber, "{");
+ if (!BER_BVISEMPTY(&pi.pwd))
+ ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
+ &pi.pwd);
+ if (!BER_BVISEMPTY(&npw))
+ ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+ &npw);
+ ber_printf(ber, "N}");
+ ber_flatten2(ber, &bv, 0);
+ op->o_tag = LDAP_REQ_EXTENDED;
+ op->ore_reqoid = slap_EXOP_MODIFY_PASSWD;
+ op->ore_reqdata = &bv;
+ op->o_dn = pi.dn;
+ op->o_ndn = pi.dn;
+ op->o_callback = &cb;
+ op->o_conn->c_authz_backend = op->o_bd;
+ cb.sc_response = slap_null_cb;
+ op->o_bd = frontendDB;
+ rc = op->o_bd->be_extended(op, &rs);
+ if (rs.sr_text)
+ ber_str2bv(rs.sr_text, 0, 0, &pi.msg);
+ if (rc == LDAP_SUCCESS)
+ rc = NSLCD_PAM_SUCCESS;
+ else
+ rc = NSLCD_PAM_PERM_DENIED;
+ }
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&pi.uid);
+ WRITE_BERVAL(fp,&pi.dn);
+ WRITE_INT32(fp,rc);
+ WRITE_BERVAL(fp,&pi.msg);
+ return 0;
+}
+
+int nssov_pam_init()
+{
+ int code = 0;
+ if (!ad_loginStatus)
+ code = register_at( at_loginStatus, &ad_loginStatus, 0 );
+ return code;
+}
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* passwd.c - password lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.3 2008/11/10 22:41:45 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.4 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -143,7 +143,7 @@
return 0;
}
-static int uid2dn_cb(Operation *op,SlapReply *rs)
+int nssov_name2dn_cb(Operation *op,SlapReply *rs)
{
if ( rs->sr_type == REP_SEARCH )
{
@@ -175,7 +175,7 @@
nssov_filter_byid(mi,UID_KEY,uid,&filter);
BER_BVZERO(dn);
cb.sc_private = dn;
- cb.sc_response = uid2dn_cb;
+ cb.sc_response = nssov_name2dn_cb;
op2 = *op;
op2.o_callback = &cb;
op2.o_req_dn = mi->mi_base;
@@ -188,7 +188,7 @@
op2.ors_slimit = SLAP_NO_LIMIT;
rc = op2.o_bd->be_search( &op2, &rs );
filter_free_x( op, op2.ors_filter, 1 );
- return rc == LDAP_SUCCESS;
+ return rc == LDAP_SUCCESS && !BER_BVISNULL(dn);
}
/* the maximum number of uidNumber attributes per entry */
@@ -223,7 +223,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -264,7 +264,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UIDN_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -280,19 +280,19 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GIDN_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
else if (a->a_numvals != 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
}
gid=(gid_t)strtol(a->a_vals[0].bv_val,&tmp,0);
if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -302,7 +302,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
if (!a || !a->a_numvals)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s or %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s or %s value\n",
entry->e_name.bv_val,
cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
@@ -310,7 +310,7 @@
}
else if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s or %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s or %s values\n",
entry->e_name.bv_val,
cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
@@ -320,7 +320,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[DIR_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val,0);
homedir=default_passwd_homeDirectory;
}
@@ -328,7 +328,7 @@
{
if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val,0);
}
homedir=a->a_vals[0];
@@ -345,7 +345,7 @@
{
if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[SHL_KEY].an_desc->ad_cname.bv_val,0);
}
shell=a->a_vals[0];
@@ -357,7 +357,7 @@
{
if (!isvalidusername(&names[i]))
{
- Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains invalid user name: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains invalid user name: \"%s\"\n",
entry->e_name.bv_val,names[i].bv_val,0);
}
else
@@ -368,7 +368,7 @@
uid_t uid;
uid = strtol(uids[j].bv_val, &tmp, 0);
if ( *tmp ) {
- Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains non-numeric %s value: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains non-numeric %s value: \"%s\"\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val,
names[i].bv_val);
continue;
@@ -398,11 +398,11 @@
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
if (!isvalidusername(&cbp.name)) {
- Debug(LDAP_DEBUG_ANY,"nssov_passwd_byname(%s): invalid user name",cbp.name.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_passwd_byname(%s): invalid user name\n",cbp.name.bv_val,0,0);
return -1;
}
BER_BVZERO(&cbp.id); ,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_PASSWD_BYNAME,
nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
)
@@ -417,7 +417,7 @@
cbp.id.bv_val = cbp.buf;
cbp.id.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",uid);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byuid(%s)",cbp.id.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byuid(%s)\n",cbp.id.bv_val,0,0);,
NSLCD_ACTION_PASSWD_BYUID,
nssov_filter_byid(cbp.mi,UIDN_KEY,&cbp.id,&filter)
)
@@ -428,7 +428,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.id);,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_all()\n",0,0,0);,
NSLCD_ACTION_PASSWD_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* protocol.c - network protocol lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/protocol.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/protocol.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -82,17 +82,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"protocol entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
proto=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -123,7 +123,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_PROTOCOL_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -138,7 +138,7 @@
cbp.numb.bv_val = cbp.buf;
cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",protocol);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_bynumber(%s)",cbp.numb.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_bynumber(%s)\n",cbp.numb.bv_val,0,0);,
NSLCD_ACTION_PROTOCOL_BYNUMBER,
nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
)
@@ -147,7 +147,7 @@
protocol,all,
struct berval filter;
/* no parameters to read */,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_all()\n",0,0,0);,
NSLCD_ACTION_PROTOCOL_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* rpc.c - rpc lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/rpc.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/rpc.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -62,7 +62,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -85,17 +85,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"rpc entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
number=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -126,7 +126,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_RPC_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -141,7 +141,7 @@
cbp.numb.bv_val = cbp.buf;
cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",number);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_bynumber(%d)",cbp.numb.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_bynumber(%s)\n",cbp.numb.bv_val,0,0);,
NSLCD_ACTION_RPC_BYNUMBER,
nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
)
@@ -150,7 +150,7 @@
rpc,all,
struct berval filter;
/* no parameters to read */,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_all()\n",0,0,0);,
NSLCD_ACTION_RPC_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* service.c - service lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/service.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/service.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -124,7 +124,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -147,17 +147,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"service entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"service entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
port=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"service entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -167,7 +167,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[2].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[2].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -215,7 +215,7 @@
READ_STRING_BUF2(fp,cbp.pbuf,sizeof(cbp.pbuf));
cbp.prot.bv_len = tmpint32;
cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_byname(%s,%s)",cbp.name.bv_val,cbp.prot.bv_val,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_byname(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val,0);,
NSLCD_ACTION_SERVICE_BYNAME,
mkfilter_service_byname(cbp.mi,&cbp.name,&cbp.prot,&filter)
)
@@ -232,7 +232,7 @@
READ_STRING_BUF2(fp,cbp.pbuf,sizeof(cbp.pbuf));
cbp.prot.bv_len = tmpint32;
cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_bynumber(%s,%s)",cbp.name.bv_val,cbp.prot.bv_val,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_bynumber(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val,0);,
NSLCD_ACTION_SERVICE_BYNUMBER,
mkfilter_service_bynumber(cbp.mi,&cbp.name,&cbp.prot,&filter)
)
@@ -242,7 +242,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.prot);,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_all()\n",0,0,0);,
NSLCD_ACTION_SERVICE_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* shadow.c - shadow account lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/shadow.c,v 1.1.2.1 2008/07/08 18:53:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/shadow.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -91,7 +91,7 @@
value=strtol(buffer,&tmp,0);
if ((buffer[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
attr->ad_cname.bv_val,0,0);
return 0;
}
@@ -102,7 +102,7 @@
value=strtol(date->bv_val,&tmp,0);
if ((date->bv_val[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
attr->ad_cname.bv_val,0,0);
return 0;
}
@@ -121,13 +121,13 @@
{ \
if (a->a_numvals > 1) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
} \
var=strtol(a->a_vals[0].bv_val,&tmp,0); \
if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0')) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains non-numeric %s value", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains non-numeric %s value\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
return 0; \
} \
@@ -141,7 +141,7 @@
{ \
if (a->a_numvals > 1) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
} \
var=to_date(&a->a_vals[0],cbp->mi->mi_attrs[key].an_desc); \
@@ -173,7 +173,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"shadow entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -239,7 +239,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));,
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
- Debug(LDAP_DEBUG_ANY,"nssov_shadow_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_ANY,"nssov_shadow_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_SHADOW_BYNAME,
nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
)
@@ -249,7 +249,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_ANY,"nssov_shadow_all()",0,0,0);,
+ Debug(LDAP_DEBUG_ANY,"nssov_shadow_all()\n",0,0,0);,
NSLCD_ACTION_SHADOW_ALL,
(filter=cbp.mi->mi_filter,0)
)
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5 (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,301 @@
+.TH SLAPO-NSSOV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/slapo-nssov.5,v 1.4.2.3 2009/06/04 18:15:49 quanah Exp $
+.SH NAME
+slapo-nssov \- NSS and PAM requests through a local Unix Domain socket
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B nssov
+overlay to
+.BR slapd (8)
+services NSS and PAM requests through a local Unix Domain socket.
+It uses the same IPC protocol as Arthur de Jong's nss-ldapd, and
+a complete copy of the nss-ldapd source is included along with the
+nssov source code.
+.LP
+Using a separate IPC protocol for NSS and PAM requests eliminates the
+libldap dependencies/clashes that the current pam_ldap/nss_ldap solutions
+all suffer from. Both the original nss-ldapd and this nssov solution
+are free from these library issues.
+.LP
+Unlike nss-ldapd, since this overlay executes inside slapd it allows for
+the possibility of sophisticated caching, without any of the weaknesses of
+nscd and other related caching solutions. E.g., a remote LDAP database can
+be accessed using back-ldap with proxy caching (see
+.BR slapd-ldap (5)
+and
+.BR slapo-pcache (5)
+) to leverage back-ldap's
+connection pooling as well as pcache's persistent caching, to provide
+high performance and a measure of support for disconnected operation.
+Alternatively, cache considerations can be completely eliminated by running
+a regular database with syncrepl to maintain synchronization with a remote
+LDAP database.
+.LP
+Another major benefit of nssov is that it allows all security policy to be
+administered centrally via LDAP, instead of having fragile rules scattered
+across multiple flat files. As such, there is no client-side configuration at
+all for the NSS/PAM stub libraries. (The stubs talk to the server via a Unix
+domain socket whose path is hardcoded to /var/run/nslcd/). As a side benefit,
+this can finally eliminate the perpetual confusion between OpenLDAP's
+ldap.conf file in ETCDIR/ldap.conf and the similarly named files typically
+used by pam_ldap and nss_ldap.
+.LP
+User authentication is performed by internal simple Binds. User authorization
+leverages the slapd ACL engine, which offers much more power and flexibility
+than the simple group/hostname checks in the old pam_ldap code.
+.LP
+To use this code, you will need the client-side stub library from
+nss-ldapd (which resides in nss-ldapd/nss). You will not need the
+nslcd daemon; this overlay replaces that part. You should already
+be familiar with the [RFC2307] and [RFC2307bis] schema to use this
+overlay. See the
+.B nss-ldapd/README
+for more information on the schema and which features are supported.
+.LP
+You will also need to include the nis.schema in your slapd configuration
+for RFC2307 support. If you wish to use RFC2307bis you will need a slightly
+different schema. You will also need the ldapns.schema for PAM authorization
+management.
+.LP
+You must select
+.B ldap
+in the appropriate services in
+.I /etc/nsswitch.conf
+in order for these NSS features to take effect. Likewise, you must
+enable
+.B pam_ldap
+for the authenticate, account, session, and password services in
+.I /etc/pam.conf
+or
+.I /etc/pam.d
+for these PAM features to take effect.
+
+.TP
+.B overlay nssov
+This directive adds the nssov overlay to the current backend.
+.TP
+.B nssov-ssd <service> <url>
+This directive configures a Service Search Descriptor (SSD) for each NSS
+service that will be used. The <service> may be one of
+.RS
+.nf
+ aliases
+ ethers
+ group
+ hosts
+ netgroup
+ networks
+ passwd
+ protocols
+ rpc
+ services
+ shadow
+.fi
+.RE
+and the <url> must be of the form
+.RS
+.TP
+.B ldap:///[<basedn>][??[<scope>][?<filter>]]
+.RE
+The
+.B <basedn>
+will default to the first suffix of the current database.
+The
+.B <scope>
+defaults to "subtree". The default
+.B <filter>
+depends on which service is being used.
+.TP
+.B nssov-map <service> <orig> <new>
+If the local database is actually a proxy to a foreign LDAP server, some
+mapping of schema may be needed. This directive allows some simple attribute
+substitutions to be performed. See the
+.B nss-ldapd/README
+for the original attribute names used in this code.
+.TP
+.B nssov-pam <option> [...]
+This directive determines a number of PAM behaviors. Multiple options may
+be used at once, and available levels are:
+.RS
+.RS
+.PD 0
+.TP
+.B userhost
+check host attribute in user entry for authorization
+.TP
+.B userservice
+check authorizedService attribute in user entry for authorization
+.TP
+.B usergroup
+check that user is a member of specific group for authorization
+.TP
+.B hostservice
+check authorizedService attribute in host entry for authorization
+.TP
+.B authz2dn
+use authz-regexp mapping to map uid to LDAP DN
+.TP
+.B uid2dn
+use NSS passwd SSD to map uid to LDAP DN
+.PD
+.RE
+
+Setting the
+.BR userhost ,
+.BR userservice ,
+and
+.B usergroup
+options duplicates the original pam_ldap authorization behavior.
+
+The recommended approach is to use
+.B hostservice
+instead. In this case, ipHost entries must be created for all hosts
+being managed, and they must also have the authorizedServiceObject
+class to allow authorizedService attributes to be used. Also the
+NSS host SSD must be configured so that ipHost entries can be found.
+Authorization is checked by performing an LDAP Compare operation
+looking for the PAM service name in the authorizedService attribute.
+.B slapd
+ACLs should be set to grant or deny
+.B Compare
+privilege to the appropriate users or groups as desired.
+
+If the
+.B authz2dn
+option is set then authz-regexp mappings will be used to map the
+PAM username to an LDAP DN. The authentication DN will be of the
+form
+.RS
+.B cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+.RE
+
+If no mapping is found for this authentication DN, then this
+mapping will be ignored.
+
+If the
+.B uid2dn
+option is set then the NSS passwd SSD will be used to map the
+PAM username to an LDAP DN. The passwd SSD must have already been
+configured for this mapping to succeed.
+
+If neither the authz2dn nor the uid2dn mapping succeeds, the module
+will return a PAM_USER_UNKNOWN failure code. If both options are set,
+the authz mapping is attempted first; if it succeeds the uid2dn mapping
+will be skipped.
+
+By default only the
+.B uid2dn
+option is set.
+.RE
+.TP
+.B nssov-pam-defhost <hostname>
+Specify a default hostname to check if an ipHost entry for the current
+hostname cannot be found. This setting is only relevant if the
+.B hostservice
+option has been set.
+.TP
+.B nssov-pam-group-dn <DN>
+Specify the DN of an LDAP group to check for authorization. The LDAP user
+must be a member of this group for the login to be allowed. There is no
+default value. This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-group-ad <attribute>
+Specify the attribute to use for group membership checks.
+There is no default value. This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-minuid <integer>
+Specify a minimum uid that is allowed to login. Users with a uidNumber
+lower than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-maxuid <integer>
+Specify a maximum uid that is allowed to login. Users with a uidNumber
+higher than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-template-ad <attribute>
+Specify an attribute to check in a user's entry for a template login name.
+The template login feature is used by FreeBSD's PAM framework. It can be
+viewed as a form of proxying, where a user can authenticate with one
+username/password pair, but is assigned the identity and credentials of
+the template user. This setting is disabled by default.
+.TP
+.B nssov-pam-template <name>
+Specify a default username to be used if no template attribute is found
+in the user's entry. The
+.B nssov-pam-template-ad
+directive must be configured for this setting to have any effect.
+.TP
+.B nssov-pam-session <service>
+Specify a PAM service name whose sessions will be recorded. For the
+configured services, logins will be recorded in the
+.B loginStatus
+operational attribute of the user's entry. The attribute's values are
+of the form
+.RS
+.RS
+.B <generalizedTime> <host> <service> <tty> (<ruser at rhost>)
+.RE
+.RE
+Upon logout the corresponding value will be deleted. This feature allows
+a single LDAP Search to be used to check which users are logged in across
+all the hosts of a network. The rootdn of the database is used to perform
+the updates of the loginStatus attribute, so a rootdn must already be
+configured for this feature to work. By default no services are configured.
+.LP
+The PAM functions support LDAP Password Policy as well. If the password
+policy overlay is in use (see
+.BR slapo-ppolicy (5)),
+policy
+information (e.g. password expiration, password quality, etc.)
+may be returned to the PAM client as a result of authentication,
+account management, and password modification requests.
+
+The overlay also supports dynamic configuration in cn=config. An example
+of the config entry is
+.LP
+.RS
+.nf
+ dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config
+ objectClass: olcOverlayConfig
+ objectClass: olcNssOvConfig
+ olcOverlay: {0}nssov
+ olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
+ olcNssMap: passwd uid accountName
+ olcNssPam: hostservice uid2dn
+ olcNssPamDefHost: defaulthost
+ olcNssPamMinUid: 500
+ olcNssPamMaxUid: 32000
+ olcNssPamSession: login
+ olcNssPamSession: sshd
+.fi
+.RE
+.LP
+which enables the passwd service, and uses the accountName attribute to
+fetch what is usually retrieved from the uid attribute. It also enables
+some PAM authorization controls, and specifies that the PAM
+.B login
+and
+.B sshd
+services should have their logins recorded.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapd\-ldap (5),
+.BR slapo\-pcache (5),
+.BR slapo\-ppolicy (5),
+.BR slapd (8).
+.SH AUTHOR
+Howard Chu, inspired by nss-ldapd by Arthur de Jong and pam_ldap by Luke Howard
Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,37 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/Makefile,v 1.2.2.2 2009/04/28 01:06:14 quanah Exp $
+CPPFLAGS+=-I../../../include -I../../../servers/slapd
+
+all: kerberos.la netscape.la radius.la
+
+kerberos.lo: kerberos.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -DHAVE_KRB5 -Wall -c $?
+
+kerberos.la: kerberos.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $? -lkrb5
+
+netscape.lo: netscape.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+
+netscape.la: netscape.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $?
+
+radius.lo: radius.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+
+radius.la: radius.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $? -lradius
+
+clean:
+ rm -f kerberos.lo kerberos.la
+ rm -f netscape.lo netscape.la
+ rm -f radius.lo radius.la
+
+install: kerberos.la netscape.la radius.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp kerberos.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp netscape.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp radius.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/Makefile,v 1.1 2004/04/02 11:06:38 hyc Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/Makefile,v 1.1.6.1 2009/04/27 23:36:57 quanah Exp $
# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -34,4 +34,12 @@
smbk5pwd.la: smbk5pwd.lo
$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
- -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
+ -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+
+clean:
+ rm -f smbk5pwd.lo smbk5pwd.la
+
+install: smbk5pwd.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp smbk5pwd.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.14 2009/01/26 21:05:10 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.15 2009/06/27 18:48:27 quanah Exp $ */
/*
* Copyright 2004-2005 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -421,6 +421,7 @@
krb5_error_code ret;
hdb_entry ent;
struct berval *keys;
+ size_t nkeys;
int kvno, i;
Attribute *a;
@@ -451,7 +452,9 @@
op->o_log_prefix, e->e_name.bv_val, 0 );
}
- ret = _kadm5_set_keys(kadm_context, &ent, qpw->rs_new.bv_val);
+ ret = hdb_generate_key_set_password(context, ent.principal,
+ qpw->rs_new.bv_val, &ent.keys.val, &nkeys);
+ ent.keys.len = nkeys;
hdb_seal_keys(context, db, &ent);
krb5_free_principal( context, ent.principal );
@@ -470,7 +473,7 @@
}
BER_BVZERO( &keys[i] );
- _kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
+ hdb_free_keys(context, ent.keys.len, ent.keys.val);
if ( i != ent.keys.len ) {
ber_bvarray_free( keys );
Modified: openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.5 2009/02/02 22:45:18 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.7 2009/06/27 17:55:38 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -365,93 +365,6 @@
!endif
-H3: Configuration File Example
-
-The following is an example configuration file, interspersed
-with explanatory text. It defines two databases to handle
-different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
-database instances. The line numbers shown are provided for
-reference only and are not included in the actual file. First, the
-global configuration section:
-
-E: 1. # example config file - global configuration section
-E: 2. include /usr/local/etc/schema/core.schema
-E: 3. referral ldap://root.openldap.org
-E: 4. access to * by * read
-
-Line 1 is a comment. Line 2 includes another config file
-which contains {{core}} schema definitions.
-The {{EX:referral}} directive on line 3
-means that queries not local to one of the databases defined
-below will be referred to the LDAP server running on the
-standard port (389) at the host {{EX:root.openldap.org}}.
-
-Line 4 is a global access control. It applies to all
-entries (after any applicable database-specific access
-controls).
-
-The next section of the configuration file defines a BDB
-backend that will handle queries for things in the
-"dc=example,dc=com" portion of the tree. The
-database is to be replicated to two slave slapds, one on
-truelies, the other on judgmentday. Indices are to be
-maintained for several attributes, and the {{EX:userPassword}}
-attribute is to be protected from unauthorized access.
-
-E: 5. # BDB definition for the example.com
-E: 6. database bdb
-E: 7. suffix "dc=example,dc=com"
-E: 8. directory /usr/local/var/openldap-data
-E: 9. rootdn "cn=Manager,dc=example,dc=com"
-E: 10. rootpw secret
-E: 11. # indexed attribute definitions
-E: 12. index uid pres,eq
-E: 13. index cn,sn,uid pres,eq,approx,sub
-E: 14. index objectClass eq
-E: 15. # database access control definitions
-E: 16. access to attrs=userPassword
-E: 17. by self write
-E: 18. by anonymous auth
-E: 19. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 20. by * none
-E: 21. access to *
-E: 22. by self write
-E: 23. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 24. by * read
-
-Line 5 is a comment. The start of the database definition is marked
-by the database keyword on line 6. Line 7 specifies the DN suffix
-for queries to pass to this database. Line 8 specifies the directory
-in which the database files will live.
-
-Lines 9 and 10 identify the database {{super-user}} entry and associated
-password. This entry is not subject to access control or size or
-time limit restrictions.
-
-Lines 12 through 14 indicate the indices to maintain for various
-attributes.
-
-Lines 16 through 24 specify access control for entries in this
-database. For all applicable entries, the {{EX:userPassword}} attribute is writable
-by the entry itself and by the "admin" entry. It may be used for
-authentication/authorization purposes, but is otherwise not readable.
-All other attributes are writable by the entry and the "admin"
-entry, but may be read by all users (authenticated or not).
-
-The next section of the example configuration file defines another
-BDB database. This one handles queries involving the
-{{EX:dc=example,dc=net}} subtree but is managed by the same entity
-as the first database. Note that without line 39, the read access
-would be allowed due to the global access rule at line 4.
-
-E: 33. # BDB definition for example.net
-E: 34. database bdb
-E: 35. suffix "dc=example,dc=net"
-E: 36. directory /usr/local/var/openldap-data-net
-E: 37. rootdn "cn=Manager,dc=example,dc=com"
-E: 38. index objectClass eq
-E: 39. access to * by users read
-
H2: Access Control via Dynamic Configuration
Access to slapd entries and attributes is controlled by the
@@ -861,136 +774,6 @@
!endif
-H3: Configuration Example
-
-The following is an example configuration, interspersed
-with explanatory text. It defines two databases to handle
-different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
-database instances. The line numbers shown are provided for
-reference only and are not included in the actual file. First, the
-global configuration section:
-
-E: 1. # example config file - global configuration entry
-E: 2. dn: cn=config
-E: 3. objectClass: olcGlobal
-E: 4. cn: config
-E: 5. olcReferral: ldap://root.openldap.org
-E: 6.
-
-Line 1 is a comment. Lines 2-4 identify this as the global
-configuration entry.
-The {{EX:olcReferral:}} directive on line 5
-means that queries not local to one of the databases defined
-below will be referred to the LDAP server running on the
-standard port (389) at the host {{EX:root.openldap.org}}.
-Line 6 is a blank line, indicating the end of this entry.
-
-E: 7. # internal schema
-E: 8. dn: cn=schema,cn=config
-E: 9. objectClass: olcSchemaConfig
-E: 10. cn: schema
-E: 11.
-
-Line 7 is a comment. Lines 8-10 identify this as the root of
-the schema subtree. The actual schema definitions in this entry
-are hardcoded into slapd so no additional attributes are specified here.
-Line 11 is a blank line, indicating the end of this entry.
-
-E: 12. # include the core schema
-E: 13. include: file:///usr/local/etc/openldap/schema/core.ldif
-E: 14.
-
-Line 12 is a comment. Line 13 is an LDIF include directive which
-accesses the {{core}} schema definitions in LDIF format. Line 14
-is a blank line.
-
-Next comes the database definitions. The first database is the
-special {{EX:frontend}} database whose settings are applied globally
-to all the other databases.
-
-E: 15. # global database parameters
-E: 16. dn: olcDatabase=frontend,cn=config
-E: 17. objectClass: olcDatabaseConfig
-E: 18. olcDatabase: frontend
-E: 19. olcAccess: to * by * read
-E: 20.
-
-Line 15 is a comment. Lines 16-18 identify this entry as the global
-database entry. Line 19 is a global access control. It applies to all
-entries (after any applicable database-specific access controls).
-
-The next entry defines a BDB backend that will handle queries for things
-in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
-for several attributes, and the {{EX:userPassword}} attribute is to be
-protected from unauthorized access.
-
-E: 21. # BDB definition for example.com
-E: 22. dn: olcDatabase=bdb,cn=config
-E: 23. objectClass: olcDatabaseConfig
-E: 24. objectClass: olcBdbConfig
-E: 25. olcDatabase: bdb
-E: 26. olcSuffix: "dc=example,dc=com"
-E: 27. olcDbDirectory: /usr/local/var/openldap-data
-E: 28. olcRootDN: "cn=Manager,dc=example,dc=com"
-E: 29. olcRootPW: secret
-E: 30. olcDbIndex: uid pres,eq
-E: 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
-E: 32. olcDbIndex: objectClass eq
-E: 33. olcAccess: to attrs=userPassword
-E: 34. by self write
-E: 35. by anonymous auth
-E: 36. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 37. by * none
-E: 38. olcAccess: to *
-E: 39. by self write
-E: 40. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 41. by * read
-E: 42.
-
-Line 21 is a comment. Lines 22-25 identify this entry as a BDB database
-configuration entry. Line 26 specifies the DN suffix
-for queries to pass to this database. Line 27 specifies the directory
-in which the database files will live.
-
-Lines 28 and 29 identify the database {{super-user}} entry and associated
-password. This entry is not subject to access control or size or
-time limit restrictions.
-
-Lines 30 through 32 indicate the indices to maintain for various
-attributes.
-
-Lines 33 through 41 specify access control for entries in this
-database. For all applicable entries, the {{EX:userPassword}} attribute is writable
-by the entry itself and by the "admin" entry. It may be used for
-authentication/authorization purposes, but is otherwise not readable.
-All other attributes are writable by the entry and the "admin"
-entry, but may be read by all users (authenticated or not).
-
-Line 42 is a blank line, indicating the end of this entry.
-
-The next section of the example configuration file defines another
-BDB database. This one handles queries involving the
-{{EX:dc=example,dc=net}} subtree but is managed by the same entity
-as the first database. Note that without line 52, the read access
-would be allowed due to the global access rule at line 19.
-
-E: 43. # BDB definition for example.net
-E: 44. dn: olcDatabase=bdb,cn=config
-E: 45. objectClass: olcDatabaseConfig
-E: 46. objectClass: olcBdbConfig
-E: 47. olcDatabase: bdb
-E: 48. olcSuffix: "dc=example,dc=net"
-E: 49. olcDbDirectory: /usr/local/var/openldap-data-net
-E: 50. olcRootDN: "cn=Manager,dc=example,dc=com"
-E: 51. olcDbIndex: objectClass eq
-E: 52. olcAccess: to * by users read
-
-
-H3: Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format
-
-Discuss slap* -f slapd.conf -F slapd.d/ (man slapd-config)
-
-
H2: Access Control Common Examples
H3: Basic ACLs
Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.6 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.7 2009/06/02 23:12:16 quanah Exp $
# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -10,26 +10,6 @@
The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should
of course still be followed prior to doing any of this.
-H2: Monitor Backend
-
-Note: This is a temporary requirement and is subject to change over the next 2.4.x beta release cycle
-
-A monitor ({{slapd-monitor(5)}}) now needs a {{rootdn}} entry. If you do not have
-one, {{slapd}} will fail to start up with an error message like so:
-
-> monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
-> filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)": unable to find entry
-> backend_startup_one: bi_db_open failed! (1)
-> slap_startup failed (test would succeed using the -u switch)
-
-Here is a complete {{database monitor}} example:
-
-
-> database monitor
-> rootdn cn=monitor
-> rootpw change_me
-
-
H2: {{B:cn=config}} olc* attributes
Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs
Added: openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.html 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.html 2009-07-27 22:27:07 UTC (rev 1224)
@@ -23,7 +23,7 @@
<DIV CLASS="title">
<H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">23 February 2009</ADDRESS>
+<ADDRESS CLASS="doc-modified">13 July 2009</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
@@ -100,8 +100,12 @@
<BR>
<A HREF="#Database-specific Directives">5.2.5. Database-specific Directives</A>
<BR>
-<A HREF="#BDB and HDB Database Directives">5.2.6. BDB and HDB Database Directives</A></UL></UL>
+<A HREF="#BDB and HDB Database Directives">5.2.6. BDB and HDB Database Directives</A></UL>
<BR>
+<A HREF="#Configuration Example">5.3. Configuration Example</A>
+<BR>
+<A HREF="#Converting old style {{slapd.conf}}(5) file to {{cn=config}} format">5.4. Converting old style <EM>slapd.conf</EM>(5) file to <EM>cn=config</EM> format</A></UL>
+<BR>
<A HREF="#The slapd Configuration File">6. The slapd Configuration File</A><UL>
<A HREF="#Configuration File Format">6.1. Configuration File Format</A>
<BR>
@@ -112,8 +116,10 @@
<BR>
<A HREF="#General Database Directives">6.2.3. General Database Directives</A>
<BR>
-<A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL></UL>
+<A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL>
<BR>
+<A HREF="#Configuration File Example">6.3. Configuration File Example</A></UL>
+<BR>
<A HREF="#Running slapd">7. Running slapd</A><UL>
<A HREF="#Command-Line Options">7.1. Command-Line Options</A>
<BR>
@@ -133,10 +139,8 @@
<BR>
<A HREF="#Access Control Evaluation">8.2.4. Access Control Evaluation</A>
<BR>
-<A HREF="#Access Control Examples">8.2.5. Access Control Examples</A>
+<A HREF="#Access Control Examples">8.2.5. Access Control Examples</A></UL>
<BR>
-<A HREF="#Configuration File Example">8.2.6. Configuration File Example</A></UL>
-<BR>
<A HREF="#Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A><UL>
<A HREF="#What to control access to">8.3.1. What to control access to</A>
<BR>
@@ -148,12 +152,8 @@
<BR>
<A HREF="#Access Control Examples">8.3.5. Access Control Examples</A>
<BR>
-<A HREF="#Access Control Ordering">8.3.6. Access Control Ordering</A>
+<A HREF="#Access Control Ordering">8.3.6. Access Control Ordering</A></UL>
<BR>
-<A HREF="#Configuration Example">8.3.7. Configuration Example</A>
-<BR>
-<A HREF="#Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></UL>
-<BR>
<A HREF="#Access Control Common Examples">8.4. Access Control Common Examples</A><UL>
<A HREF="#Basic ACLs">8.4.1. Basic ACLs</A>
<BR>
@@ -671,12 +671,10 @@
<A HREF="#back-ldbm">A.3.2. back-ldbm</A></UL></UL>
<BR>
<A HREF="#Upgrading from 2.3.x">B. Upgrading from 2.3.x</A><UL>
-<A HREF="#Monitor Backend">B.1. Monitor Backend</A>
+<A HREF="#{{B:cn=config}} olc* attributes">B.1. <B>cn=config</B> olc* attributes</A>
<BR>
-<A HREF="#{{B:cn=config}} olc* attributes">B.2. <B>cn=config</B> olc* attributes</A>
+<A HREF="#ACLs: searches require privileges on the search base">B.2. ACLs: searches require privileges on the search base</A></UL>
<BR>
-<A HREF="#ACLs: searches require privileges on the search base">B.3. ACLs: searches require privileges on the search base</A></UL>
-<BR>
<A HREF="#Common errors encountered when using OpenLDAP Software">C. Common errors encountered when using OpenLDAP Software</A><UL>
<A HREF="#Common causes of LDAP errors">C.1. Common causes of LDAP errors</A><UL>
<A HREF="#ldap_*: Can\'t contact LDAP server">C.1.1. ldap_*: Can't contact LDAP server</A>
@@ -1459,8 +1457,10 @@
<P></P>
<HR>
<H1><A NAME="Configuring slapd">5. Configuring slapd</A></H1>
-<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site. Unlike previous OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in <TERM>LDIF</TERM>. The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect. The old style <EM>slapd.conf</EM>(5) file is still supported, but must be converted to the new <EM>slapd-config</EM>(5) format to allow runtime changes to be saved. While the old style configuration uses a single file, normally installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>, the new style uses a slapd backend database to store the configuration. The configuration database normally resides in the <TT>/usr/local/etc/openldap/slapd.d</TT> directory. When converting from the slapd.conf format to slapd.d format, any include files will also be integrated into the resulting configuration database.</P>
-<P>An alternate configuration directory (or file) can be specified via a command-line option to <EM>slapd</EM>(8). This chapter describes the general format of the configuration system, followed by a detailed description of commonly used config settings.</P>
+<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site.</P>
+<P>Unlike previous OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in <TERM>LDIF</TERM>. The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect.</P>
+<P>The old style <EM>slapd.conf</EM>(5) file is still supported, but must be converted to the new <EM>slapd-config</EM>(5) format to allow runtime changes to be saved. While the old style configuration uses a single file, normally installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>, the new style uses a slapd backend database to store the configuration. The configuration database normally resides in the <TT>/usr/local/etc/openldap/slapd.d</TT> directory. An alternate configuration directory (or file) can be specified via a command-line option to <EM>slapd</EM>(8).</P>
+<P>This chapter briefly discusses converting to the new style configuration, then describes the general format of the configuration system, followed by a detailed description of commonly used config settings.</P>
<P><HR WIDTH="80%" ALIGN="Left">
<STRONG>Note: </STRONG>some of the backends and of the distributed overlays do not support runtime configuration yet. In those cases, the old style <EM>slapd.conf</EM>(5) file must be used.
<HR WIDTH="80%" ALIGN="Left"></P>
@@ -2174,6 +2174,93 @@
olcDbIDLcacheSize: 3000
olcDbIndex: objectClass eq
</PRE>
+<H2><A NAME="Configuration Example">5.3. Configuration Example</A></H2>
+<P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration entry
+ 2. dn: cn=config
+ 3. objectClass: olcGlobal
+ 4. cn: config
+ 5. olcReferral: ldap://root.openldap.org
+ 6.
+</PRE>
+<P>Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The <TT>olcReferral:</TT> directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>. Line 6 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 7. # internal schema
+ 8. dn: cn=schema,cn=config
+ 9. objectClass: olcSchemaConfig
+ 10. cn: schema
+ 11.
+</PRE>
+<P>Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 12. # include the core schema
+ 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+ 14.
+</PRE>
+<P>Line 12 is a comment. Line 13 is an LDIF include directive which accesses the <EM>core</EM> schema definitions in LDIF format. Line 14 is a blank line.</P>
+<P>Next comes the database definitions. The first database is the special <TT>frontend</TT> database whose settings are applied globally to all the other databases.</P>
+<PRE>
+ 15. # global database parameters
+ 16. dn: olcDatabase=frontend,cn=config
+ 17. objectClass: olcDatabaseConfig
+ 18. olcDatabase: frontend
+ 19. olcAccess: to * by * read
+ 20.
+</PRE>
+<P>Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next entry defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 21. # BDB definition for example.com
+ 22. dn: olcDatabase=bdb,cn=config
+ 23. objectClass: olcDatabaseConfig
+ 24. objectClass: olcBdbConfig
+ 25. olcDatabase: bdb
+ 26. olcSuffix: "dc=example,dc=com"
+ 27. olcDbDirectory: /usr/local/var/openldap-data
+ 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 29. olcRootPW: secret
+ 30. olcDbIndex: uid pres,eq
+ 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+ 32. olcDbIndex: objectClass eq
+ 33. olcAccess: to attrs=userPassword
+ 34. by self write
+ 35. by anonymous auth
+ 36. by dn.base="cn=Admin,dc=example,dc=com" write
+ 37. by * none
+ 38. olcAccess: to *
+ 39. by self write
+ 40. by dn.base="cn=Admin,dc=example,dc=com" write
+ 41. by * read
+ 42.
+</PRE>
+<P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry. Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
+<P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
+<P>Lines 33 through 41 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>Line 42 is a blank line, indicating the end of this entry.</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 52, the read access would be allowed due to the global access rule at line 19.</P>
+<PRE>
+ 43. # BDB definition for example.net
+ 44. dn: olcDatabase=bdb,cn=config
+ 45. objectClass: olcDatabaseConfig
+ 46. objectClass: olcBdbConfig
+ 47. olcDatabase: bdb
+ 48. olcSuffix: "dc=example,dc=net"
+ 49. olcDbDirectory: /usr/local/var/openldap-data-net
+ 50. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 51. olcDbIndex: objectClass eq
+ 52. olcAccess: to * by users read
+</PRE>
+<H2><A NAME="Converting old style {{slapd.conf}}(5) file to {{cn=config}} format">5.4. Converting old style <EM>slapd.conf</EM>(5) file to <EM>cn=config</EM> format</A></H2>
+<P>An existing <EM>slapd.conf</EM>(5) file can be converted to the new format using <EM>slaptest</EM>(8) or any of the slap tools:</P>
+<PRE>
+ slaptest -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d
+</PRE>
+<P>You can then discard the old <EM>slapd.conf</EM>(5) file. Make sure to launch <EM>slapd</EM>(8) with the <EM>-F</EM> option to specify the configuration directory.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>When converting from the slapd.conf format to slapd.d format, any included files will also be integrated into the resulting configuration database.
+<HR WIDTH="80%" ALIGN="Left"></P>
<P></P>
<HR>
<H1><A NAME="The slapd Configuration File">6. The slapd Configuration File</A></H1>
@@ -2686,6 +2773,53 @@
<PRE>
directory /usr/local/var/openldap-data
</PRE>
+<H2><A NAME="Configuration File Example">6.3. Configuration File Example</A></H2>
+<P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration section
+ 2. include /usr/local/etc/schema/core.schema
+ 3. referral ldap://root.openldap.org
+ 4. access to * by * read
+</PRE>
+<P>Line 1 is a comment. Line 2 includes another config file which contains <EM>core</EM> schema definitions. The <TT>referral</TT> directive on line 3 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>.</P>
+<P>Line 4 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next section of the configuration file defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. The database is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 5. # BDB definition for the example.com
+ 6. database bdb
+ 7. suffix "dc=example,dc=com"
+ 8. directory /usr/local/var/openldap-data
+ 9. rootdn "cn=Manager,dc=example,dc=com"
+ 10. rootpw secret
+ 11. # indexed attribute definitions
+ 12. index uid pres,eq
+ 13. index cn,sn,uid pres,eq,approx,sub
+ 14. index objectClass eq
+ 15. # database access control definitions
+ 16. access to attrs=userPassword
+ 17. by self write
+ 18. by anonymous auth
+ 19. by dn.base="cn=Admin,dc=example,dc=com" write
+ 20. by * none
+ 21. access to *
+ 22. by self write
+ 23. by dn.base="cn=Admin,dc=example,dc=com" write
+ 24. by * read
+</PRE>
+<P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
+<P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 12 through 14 indicate the indices to maintain for various attributes.</P>
+<P>Lines 16 through 24 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
+<PRE>
+ 33. # BDB definition for example.net
+ 34. database bdb
+ 35. suffix "dc=example,dc=net"
+ 36. directory /usr/local/var/openldap-data-net
+ 37. rootdn "cn=Manager,dc=example,dc=com"
+ 38. index objectClass eq
+ 39. access to * by users read
+</PRE>
<P></P>
<HR>
<H1><A NAME="Running slapd">7. Running slapd</A></H1>
@@ -3251,53 +3385,6 @@
by dnattr=member selfwrite
</PRE>
<P>The dnattr <TT><who></TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
-<H3><A NAME="Configuration File Example">8.2.6. Configuration File Example</A></H3>
-<P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
-<PRE>
- 1. # example config file - global configuration section
- 2. include /usr/local/etc/schema/core.schema
- 3. referral ldap://root.openldap.org
- 4. access to * by * read
-</PRE>
-<P>Line 1 is a comment. Line 2 includes another config file which contains <EM>core</EM> schema definitions. The <TT>referral</TT> directive on line 3 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>.</P>
-<P>Line 4 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
-<P>The next section of the configuration file defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. The database is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
-<PRE>
- 5. # BDB definition for the example.com
- 6. database bdb
- 7. suffix "dc=example,dc=com"
- 8. directory /usr/local/var/openldap-data
- 9. rootdn "cn=Manager,dc=example,dc=com"
- 10. rootpw secret
- 11. # indexed attribute definitions
- 12. index uid pres,eq
- 13. index cn,sn,uid pres,eq,approx,sub
- 14. index objectClass eq
- 15. # database access control definitions
- 16. access to attrs=userPassword
- 17. by self write
- 18. by anonymous auth
- 19. by dn.base="cn=Admin,dc=example,dc=com" write
- 20. by * none
- 21. access to *
- 22. by self write
- 23. by dn.base="cn=Admin,dc=example,dc=com" write
- 24. by * read
-</PRE>
-<P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
-<P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
-<P>Lines 12 through 14 indicate the indices to maintain for various attributes.</P>
-<P>Lines 16 through 24 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
-<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
-<PRE>
- 33. # BDB definition for example.net
- 34. database bdb
- 35. suffix "dc=example,dc=net"
- 36. directory /usr/local/var/openldap-data-net
- 37. rootdn "cn=Manager,dc=example,dc=com"
- 38. index objectClass eq
- 39. access to * by users read
-</PRE>
<H2><A NAME="Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A></H2>
<P>Access to slapd entries and attributes is controlled by the olcAccess attribute, whose values are a sequence of access directives. The general form of the olcAccess configuration is:</P>
<PRE>
@@ -3656,86 +3743,6 @@
by * read
</PRE>
<P>which is exactly what was intended.</P>
-<H3><A NAME="Configuration Example">8.3.7. Configuration Example</A></H3>
-<P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
-<PRE>
- 1. # example config file - global configuration entry
- 2. dn: cn=config
- 3. objectClass: olcGlobal
- 4. cn: config
- 5. olcReferral: ldap://root.openldap.org
- 6.
-</PRE>
-<P>Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The <TT>olcReferral:</TT> directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>. Line 6 is a blank line, indicating the end of this entry.</P>
-<PRE>
- 7. # internal schema
- 8. dn: cn=schema,cn=config
- 9. objectClass: olcSchemaConfig
- 10. cn: schema
- 11.
-</PRE>
-<P>Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.</P>
-<PRE>
- 12. # include the core schema
- 13. include: file:///usr/local/etc/openldap/schema/core.ldif
- 14.
-</PRE>
-<P>Line 12 is a comment. Line 13 is an LDIF include directive which accesses the <EM>core</EM> schema definitions in LDIF format. Line 14 is a blank line.</P>
-<P>Next comes the database definitions. The first database is the special <TT>frontend</TT> database whose settings are applied globally to all the other databases.</P>
-<PRE>
- 15. # global database parameters
- 16. dn: olcDatabase=frontend,cn=config
- 17. objectClass: olcDatabaseConfig
- 18. olcDatabase: frontend
- 19. olcAccess: to * by * read
- 20.
-</PRE>
-<P>Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
-<P>The next entry defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
-<PRE>
- 21. # BDB definition for example.com
- 22. dn: olcDatabase=bdb,cn=config
- 23. objectClass: olcDatabaseConfig
- 24. objectClass: olcBdbConfig
- 25. olcDatabase: bdb
- 26. olcSuffix: "dc=example,dc=com"
- 27. olcDbDirectory: /usr/local/var/openldap-data
- 28. olcRootDN: "cn=Manager,dc=example,dc=com"
- 29. olcRootPW: secret
- 30. olcDbIndex: uid pres,eq
- 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
- 32. olcDbIndex: objectClass eq
- 33. olcAccess: to attrs=userPassword
- 34. by self write
- 35. by anonymous auth
- 36. by dn.base="cn=Admin,dc=example,dc=com" write
- 37. by * none
- 38. olcAccess: to *
- 39. by self write
- 40. by dn.base="cn=Admin,dc=example,dc=com" write
- 41. by * read
- 42.
-</PRE>
-<P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry. Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
-<P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
-<P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
-<P>Lines 33 through 41 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
-<P>Line 42 is a blank line, indicating the end of this entry.</P>
-<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 52, the read access would be allowed due to the global access rule at line 19.</P>
-<PRE>
- 43. # BDB definition for example.net
- 44. dn: olcDatabase=bdb,cn=config
- 45. objectClass: olcDatabaseConfig
- 46. objectClass: olcBdbConfig
- 47. olcDatabase: bdb
- 48. olcSuffix: "dc=example,dc=net"
- 49. olcDbDirectory: /usr/local/var/openldap-data-net
- 50. olcRootDN: "cn=Manager,dc=example,dc=com"
- 51. olcDbIndex: objectClass eq
- 52. olcAccess: to * by users read
-</PRE>
-<H3><A NAME="Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></H3>
-<P>Discuss slap* -f slapd.conf -F slapd.d/ (man slapd-config)</P>
<H2><A NAME="Access Control Common Examples">8.4. Access Control Common Examples</A></H2>
<H3><A NAME="Basic ACLs">8.4.1. Basic ACLs</A></H3>
<P>Generally one should start with some basic ACLs such as:</P>
@@ -6788,7 +6795,7 @@
<P>An LDAP URL in a <TT>authzTo</TT> or <TT>authzFrom</TT> attribute will return a set of DNs. Each DN returned will be checked. Searches which return a large set can cause the authorization process to take an uncomfortably long time. Also, searches should be performed on attributes that have been indexed by slapd.</P>
<P>To help produce more sweeping rules for <TT>authzFrom</TT> and <TT>authzTo</TT>, the values of these attributes are allowed to be DNs with regular expression characters in them. This means a source rule like</P>
<PRE>
- authzTo: dn.regex=^uid=[^,]*,dc=example,dc=com$
+ authzTo: dn.regex:^uid=[^,]*,dc=example,dc=com$
</PRE>
<P>would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for <TT>(uid=*)</TT>.</P>
<P>Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression characters). Anything that does not begin with "<TT>ldap://</TT>" is taken as a DN. It is not permissible to enter another authorization identity of the form "<TT>u:<username></TT>" as an authorization rule.</P>
@@ -6920,7 +6927,7 @@
<H2><A NAME="Replication Technology">18.1. Replication Technology</A></H2>
<H3><A NAME="LDAP Sync Replication">18.1.1. LDAP Sync Replication</A></H3>
<P>The <TERM>LDAP Sync</TERM> Replication engine, <TERM>syncrepl</TERM> for short, is a consumer-side replication engine that enables the consumer <TERM>LDAP</TERM> server to maintain a shadow copy of a <TERM>DIT</TERM> fragment. A syncrepl engine resides at the consumer and executes as one of the <EM>slapd</EM>(8) threads. It creates and maintains a consumer replica by connecting to the replication provider to perform the initial DIT content load followed either by periodic content polling or by timely updates upon content changes.</P>
-<P>Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for short) as the replica synchronization protocol. LDAP Sync provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store. In pull-based replication the consumer periodically polls the provider for updates. In push-based replication the consumer listens for updates that are sent by the provider in realtime. Since the protocol does not require a history store, the provider does not need to maintain any log of updates it has received. (Note that the syncrepl engine is extensible and additional replication protocols may be supported in the future.)</P>
+<P>Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for short) as the replica synchronization protocol. LDAP Sync provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store. In pull-based replication the consumer periodically polls the provider for updates. In push-based replication the consumer listens for updates that are sent by the provider in realtime. Since the protocol does not require a history store, the provider does not need to maintain any log of updates it has received (Note that the syncrepl engine is extensible and additional replication protocols may be supported in the future.).</P>
<P>Syncrepl keeps track of the status of the replication content by maintaining and exchanging synchronization cookies. Because the syncrepl consumer and provider maintain their content status, the consumer can poll the provider content to perform incremental synchronization by asking for the entries required to make the consumer replica up-to-date with the provider content. Syncrepl also enables convenient management of replicas by maintaining replica status. The consumer replica can be constructed from a consumer-side or a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica up-to-date with the current provider content.</P>
<P>Syncrepl supports both pull-based and push-based synchronization. In its basic refreshOnly synchronization mode, the provider uses pull-based synchronization where the consumer servers need not be tracked and no history information is maintained. The information required for the provider to process periodic polling requests is contained in the synchronization cookie of the request itself. To optimize the pull-based synchronization, syncrepl utilizes the present phase of the LDAP Sync protocol as well as its delete phase, instead of falling back on frequent full reloads. To further optimize the pull-based synchronization, the provider can maintain a per-scope session log as a history store. In its refreshAndPersist mode of synchronization, the provider uses a push-based synchronization. The provider keeps track of the consumer servers that have requested a persistent search and sends them necessary updates as the provider replication content gets modified.</P>
<P>With syncrepl, a consumer server can create a replica without changing the provider's configurations and without restarting the provider server, if the consumer server has appropriate access privileges for the DIT fragment to be replicated. The consumer server can stop the replication also without the need for provider-side changes and restart.</P>
@@ -6941,12 +6948,12 @@
<P>As a further optimization, even in the case the synchronization search is not associated with any session log, no entries will be transmitted to the consumer server when there has been no update in the replication context.</P>
<P>The syncrepl engine, which is a consumer-side replication engine, can work with any backends. The LDAP Sync provider can be configured as an overlay on any backend, but works best with the <EM>back-bdb</EM> or <EM>back-hdb</EM> backend.</P>
<P>The LDAP Sync provider maintains a <TT>contextCSN</TT> for each database as the current synchronization state indicator of the provider content. It is the largest <TT>entryCSN</TT> in the provider context such that no transactions for an entry having smaller <TT>entryCSN</TT> value remains outstanding. The <TT>contextCSN</TT> could not just be set to the largest issued <TT>entryCSN</TT> because <TT>entryCSN</TT> is obtained before a transaction starts and transactions are not committed in the issue order.</P>
-<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the contextCSN to be written out more frequently if desired.</P>
+<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the <TT>contextCSN</TT> to be written out more frequently if desired.</P>
<P>Note that at startup time, if the provider is unable to read a <TT>contextCSN</TT> from the suffix entry, it will scan the entire database to determine the value, and this scan may take quite a long time on a large database. When a <TT>contextCSN</TT> value is read, the database will still be scanned for any <TT>entryCSN</TT> values greater than it, to make sure the <TT>contextCSN</TT> value truly reflects the greatest committed <TT>entryCSN</TT> in the database. On databases which support inequality indexing, setting an eq index on the <TT>entryCSN</TT> attribute and configuring <EM>contextCSN</EM> checkpoints will greatly speed up this scanning step.</P>
<P>If no <TT>contextCSN</TT> can be determined by reading and scanning the database, a new value will be generated. Also, if scanning the database yielded a greater <TT>entryCSN</TT> than was previously recorded in the suffix entry's <TT>contextCSN</TT> attribute, a checkpoint will be immediately written with the new value.</P>
<P>The consumer also stores its replica state, which is the provider's <TT>contextCSN</TT> received as a synchronization cookie, in the <TT>contextCSN</TT> attribute of the suffix entry. The replica state maintained by a consumer server is used as the synchronization state indicator when it performs subsequent incremental synchronization with the provider server. It is also used as a provider-side synchronization state indicator when it functions as a secondary provider server in a cascading replication configuration. Since the consumer and provider state information are maintained in the same location within their respective databases, any consumer can be promoted to a provider (and vice versa) without any special actions.</P>
<P>Because a general search filter can be used in the syncrepl specification, some entries in the context may be omitted from the synchronization content. The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless <EM>ManageDsaIT</EM> control is provided.</P>
-<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log.</P>
+<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log on the provider.</P>
<P>For configuration, please see the <A HREF="#Syncrepl">Syncrepl</A> section.</P>
<H2><A NAME="Deployment Alternatives">18.2. Deployment Alternatives</A></H2>
<P>While the LDAP Sync specification only defines a narrow scope for replication, the OpenLDAP implementation is extremely flexible and supports a variety of operating modes to handle other scenarios not explicitly addressed in the spec.</P>
@@ -7274,8 +7281,11 @@
olcOverlay: syncprov
</PRE>
<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>You must have all your servers set to the same time via <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>
+<STRONG>Note: </STRONG>All of your servers' clocks must be tightly synchronized using e.g. NTP <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>, atomic clock, or some other reliable time reference.
<HR WIDTH="80%" ALIGN="Left"></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>As stated in <EM>slapd-config</EM>(5), URLs specified in <EM>olcSyncRepl</EM> directives are the URLs of the servers from which to replicate. These must exactly match the URLs <EM>slapd</EM> listens on (<EM>-h</EM> in <A HREF="#Command-Line Options">Command-Line Options</A>). Otherwise slapd may attempt to replicate from itself, causing a loop.
+<HR WIDTH="80%" ALIGN="Left"></P>
<H3><A NAME="MirrorMode">18.3.4. MirrorMode</A></H3>
<P>MirrorMode configuration is actually very easy. If you have ever setup a normal slapd syncrepl provider, then the only change is the following two directives:</P>
<PRE>
@@ -8283,29 +8293,12 @@
<H1><A NAME="Upgrading from 2.3.x">B. Upgrading from 2.3.x</A></H1>
<P>The following sections attempt to document the steps you will need to take in order to upgrade from the latest 2.3.x OpenLDAP version.</P>
<P>The normal upgrade procedure, as discussed in the <A HREF="#Maintenance">Maintenance</A> section, should of course still be followed prior to doing any of this.</P>
-<H2><A NAME="Monitor Backend">B.1. Monitor Backend</A></H2>
-<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>This is a temporary requirement and is subject to change over the next 2.4.x beta release cycle
-<HR WIDTH="80%" ALIGN="Left"></P>
-<P>A monitor (<EM>slapd-monitor(5)</EM>) now needs a <EM>rootdn</EM> entry. If you do not have one, <EM>slapd</EM> will fail to start up with an error message like so:</P>
-<PRE>
- monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
- filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)": unable to find entry
- backend_startup_one: bi_db_open failed! (1)
- slap_startup failed (test would succeed using the -u switch)
-</PRE>
-<P>Here is a complete <EM>database monitor</EM> example:</P>
-<PRE>
- database monitor
- rootdn cn=monitor
- rootpw change_me
-</PRE>
-<H2><A NAME="{{B:cn=config}} olc* attributes">B.2. <B>cn=config</B> olc* attributes</A></H2>
+<H2><A NAME="{{B:cn=config}} olc* attributes">B.1. <B>cn=config</B> olc* attributes</A></H2>
<P>Quite a few <EM>olc*</EM> attributes have now become obsolete, if you see in your logs entries like below, just remove them from the relevant ldif file.</P>
<PRE>
olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored)
</PRE>
-<H2><A NAME="ACLs: searches require privileges on the search base">B.3. ACLs: searches require privileges on the search base</A></H2>
+<H2><A NAME="ACLs: searches require privileges on the search base">B.2. ACLs: searches require privileges on the search base</A></H2>
<P>Search operations now require "search" privileges on the "entry" pseudo-attribute of the search base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search bases.</P>
<P>For example, assuming you have the following ACL:</P>
<PRE>
Added: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/replication.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/replication.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.23 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.26 2009/04/28 00:57:46 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -49,9 +49,9 @@
polls the provider for updates. In push-based replication the consumer
listens for updates that are sent by the provider in realtime. Since the
protocol does not require a history store, the provider does not need to
-maintain any log of updates it has received. (Note
+maintain any log of updates it has received (Note
that the syncrepl engine is extensible and additional replication
-protocols may be supported in the future.)
+protocols may be supported in the future.).
Syncrepl keeps track of the status of the replication content by
maintaining and exchanging synchronization cookies. Because the
@@ -245,7 +245,7 @@
and uses the in-memory copy exclusively thereafter. By default,
changes to the {{EX:contextCSN}} as a result of database updates
will not be written to the database until the server is cleanly
-shut down. A checkpoint facility exists to cause the contextCSN to
+shut down. A checkpoint facility exists to cause the {{EX:contextCSN}} to
be written out more frequently if desired.
Note that at startup time, if the provider is unable to read a
@@ -291,7 +291,7 @@
from the replication scope even though the entry has not been deleted
on the provider. Logically the entry must be deleted on the consumer
but in {{refreshOnly}} mode the provider cannot detect and propagate
-this change without the use of the session log.
+this change without the use of the session log on the provider.
For configuration, please see the {{SECT:Syncrepl}} section.
@@ -839,8 +839,15 @@
> objectClass: olcSyncProvConfig
> olcOverlay: syncprov
-Note: You must have all your servers set to the same time via {{http://www.ntp.org/}}
+Note: All of your servers' clocks must be tightly synchronized using
+e.g. NTP {{http://www.ntp.org/}}, atomic clock, or some other reliable
+time reference.
+Note: As stated in {{slapd-config}}(5), URLs specified in {{olcSyncRepl}}
+directives are the URLs of the servers from which to replicate. These
+must exactly match the URLs {{slapd}} listens on ({{-h}} in {{SECT:Command-Line Options}}).
+Otherwise slapd may attempt to replicate from itself, causing a loop.
+
H3: MirrorMode
MirrorMode configuration is actually very easy. If you have ever setup a normal
Modified: openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.9 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.10 2009/04/29 01:27:12 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -652,7 +652,7 @@
be DNs with regular expression characters in them. This means a
source rule like
-> authzTo: dn.regex=^uid=[^,]*,dc=example,dc=com$
+> authzTo: dn.regex:^uid=[^,]*,dc=example,dc=com$
would allow that authenticated user to authorize to any DN that
matches the regular expression pattern given. This regular expression
Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,32 +1,34 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.18 2009/02/06 16:38:31 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.20 2009/06/27 17:55:39 quanah Exp $
# Copyright 2005-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Configuring slapd
Once the software has been built and installed, you are ready
-to configure {{slapd}}(8) for use at your site. Unlike previous
+to configure {{slapd}}(8) for use at your site.
+
+Unlike previous
OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later)
is fully LDAP-enabled and can be managed using the standard LDAP
operations with data in {{TERM:LDIF}}. The LDAP configuration engine
allows all of slapd's configuration options to be changed on the fly,
generally without requiring a server restart for the changes
-to take effect. The old style {{slapd.conf}}(5) file is still
+to take effect.
+
+The old style {{slapd.conf}}(5) file is still
supported, but must be converted to the new {{slapd-config}}(5) format
to allow runtime changes to be saved. While the old style
configuration uses a single file, normally installed as
{{F:/usr/local/etc/openldap/slapd.conf}}, the new style
uses a slapd backend database to store the configuration. The
configuration database normally resides in the
-{{F:/usr/local/etc/openldap/slapd.d}} directory. When
-converting from the slapd.conf format to slapd.d format, any
-include files will also be integrated into the resulting configuration
-database.
+{{F:/usr/local/etc/openldap/slapd.d}} directory. An alternate configuration
+directory (or file) can be specified via a command-line option to
+{{slapd}}(8).
-An alternate configuration directory (or file) can be specified via
-a command-line option to {{slapd}}(8). This chapter describes the
-general format of the configuration system, followed by a detailed
-description of commonly used config settings.
+This chapter briefly discusses converting to the new style configuration,
+then describes the general format of the configuration system, followed by
+a detailed description of commonly used config settings.
Note: some of the backends and of the distributed overlays
do not support runtime configuration yet. In those cases,
@@ -972,3 +974,143 @@
>olcDbConfig: set_flags DB_LOG_AUTOREMOVE
>olcDbIDLcacheSize: 3000
>olcDbIndex: objectClass eq
+
+
+H2: Configuration Example
+
+The following is an example configuration, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration entry
+E: 2. dn: cn=config
+E: 3. objectClass: olcGlobal
+E: 4. cn: config
+E: 5. olcReferral: ldap://root.openldap.org
+E: 6.
+
+Line 1 is a comment. Lines 2-4 identify this as the global
+configuration entry.
+The {{EX:olcReferral:}} directive on line 5
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+Line 6 is a blank line, indicating the end of this entry.
+
+E: 7. # internal schema
+E: 8. dn: cn=schema,cn=config
+E: 9. objectClass: olcSchemaConfig
+E: 10. cn: schema
+E: 11.
+
+Line 7 is a comment. Lines 8-10 identify this as the root of
+the schema subtree. The actual schema definitions in this entry
+are hardcoded into slapd so no additional attributes are specified here.
+Line 11 is a blank line, indicating the end of this entry.
+
+E: 12. # include the core schema
+E: 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+E: 14.
+
+Line 12 is a comment. Line 13 is an LDIF include directive which
+accesses the {{core}} schema definitions in LDIF format. Line 14
+is a blank line.
+
+Next comes the database definitions. The first database is the
+special {{EX:frontend}} database whose settings are applied globally
+to all the other databases.
+
+E: 15. # global database parameters
+E: 16. dn: olcDatabase=frontend,cn=config
+E: 17. objectClass: olcDatabaseConfig
+E: 18. olcDatabase: frontend
+E: 19. olcAccess: to * by * read
+E: 20.
+
+Line 15 is a comment. Lines 16-18 identify this entry as the global
+database entry. Line 19 is a global access control. It applies to all
+entries (after any applicable database-specific access controls).
+
+The next entry defines a BDB backend that will handle queries for things
+in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
+for several attributes, and the {{EX:userPassword}} attribute is to be
+protected from unauthorized access.
+
+E: 21. # BDB definition for example.com
+E: 22. dn: olcDatabase=bdb,cn=config
+E: 23. objectClass: olcDatabaseConfig
+E: 24. objectClass: olcBdbConfig
+E: 25. olcDatabase: bdb
+E: 26. olcSuffix: "dc=example,dc=com"
+E: 27. olcDbDirectory: /usr/local/var/openldap-data
+E: 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 29. olcRootPW: secret
+E: 30. olcDbIndex: uid pres,eq
+E: 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+E: 32. olcDbIndex: objectClass eq
+E: 33. olcAccess: to attrs=userPassword
+E: 34. by self write
+E: 35. by anonymous auth
+E: 36. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 37. by * none
+E: 38. olcAccess: to *
+E: 39. by self write
+E: 40. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 41. by * read
+E: 42.
+
+Line 21 is a comment. Lines 22-25 identify this entry as a BDB database
+configuration entry. Line 26 specifies the DN suffix
+for queries to pass to this database. Line 27 specifies the directory
+in which the database files will live.
+
+Lines 28 and 29 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 30 through 32 indicate the indices to maintain for various
+attributes.
+
+Lines 33 through 41 specify access control for entries in this
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+Line 42 is a blank line, indicating the end of this entry.
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 52, the read access
+would be allowed due to the global access rule at line 19.
+
+E: 43. # BDB definition for example.net
+E: 44. dn: olcDatabase=bdb,cn=config
+E: 45. objectClass: olcDatabaseConfig
+E: 46. objectClass: olcBdbConfig
+E: 47. olcDatabase: bdb
+E: 48. olcSuffix: "dc=example,dc=net"
+E: 49. olcDbDirectory: /usr/local/var/openldap-data-net
+E: 50. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 51. olcDbIndex: objectClass eq
+E: 52. olcAccess: to * by users read
+
+
+H2: Converting old style {{slapd.conf}}(5) file to {{cn=config}} format
+
+An existing {{slapd.conf}}(5) file can be converted to the new format using
+{{slaptest}}(8) or any of the slap tools:
+
+> slaptest -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d
+
+You can then discard the old {{slapd.conf}}(5) file. Make sure to launch
+{{slapd}}(8) with the {{-F}} option to specify the configuration directory.
+
+Note: When converting from the slapd.conf format to slapd.d format, any
+included files will also be integrated into the resulting configuration
+database.
Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.19 2009/02/06 16:38:31 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.20 2009/06/27 17:55:39 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -573,3 +573,91 @@
\Default:
> directory /usr/local/var/openldap-data
+
+
+H2: Configuration File Example
+
+The following is an example configuration file, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration section
+E: 2. include /usr/local/etc/schema/core.schema
+E: 3. referral ldap://root.openldap.org
+E: 4. access to * by * read
+
+Line 1 is a comment. Line 2 includes another config file
+which contains {{core}} schema definitions.
+The {{EX:referral}} directive on line 3
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+
+Line 4 is a global access control. It applies to all
+entries (after any applicable database-specific access
+controls).
+
+The next section of the configuration file defines a BDB
+backend that will handle queries for things in the
+"dc=example,dc=com" portion of the tree. The
+database is to be replicated to two slave slapds, one on
+truelies, the other on judgmentday. Indices are to be
+maintained for several attributes, and the {{EX:userPassword}}
+attribute is to be protected from unauthorized access.
+
+E: 5. # BDB definition for the example.com
+E: 6. database bdb
+E: 7. suffix "dc=example,dc=com"
+E: 8. directory /usr/local/var/openldap-data
+E: 9. rootdn "cn=Manager,dc=example,dc=com"
+E: 10. rootpw secret
+E: 11. # indexed attribute definitions
+E: 12. index uid pres,eq
+E: 13. index cn,sn,uid pres,eq,approx,sub
+E: 14. index objectClass eq
+E: 15. # database access control definitions
+E: 16. access to attrs=userPassword
+E: 17. by self write
+E: 18. by anonymous auth
+E: 19. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 20. by * none
+E: 21. access to *
+E: 22. by self write
+E: 23. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 24. by * read
+
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.
+
+Lines 9 and 10 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 12 through 14 indicate the indices to maintain for various
+attributes.
+
+Lines 16 through 24 specify access control for entries in this
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
+
+E: 33. # BDB definition for example.net
+E: 34. database bdb
+E: 35. suffix "dc=example,dc=net"
+E: 36. directory /usr/local/var/openldap-data-net
+E: 37. rootdn "cn=Manager,dc=example,dc=com"
+E: 38. index objectClass eq
+E: 39. access to * by users read
Added: openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,4856 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="delta-syncrepl.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/delta-syncrepl.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28240"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28224"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28226"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28228"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28230"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28214"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28216"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28218"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28220"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28208"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-125.9178,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28210"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28204"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.573,808.7592)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28206"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28200"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-116.9703,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28202"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28196"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.6254,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28198"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28192"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.4824,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28194"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28188"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.1375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28190"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28184"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.77797,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28186"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28180"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.43307,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28182"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28172"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28174"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28176"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28178"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28162"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28164"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28166"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28168"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28152"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28154"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28156"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28158"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28142"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28144"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28146"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28148"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28132"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28134"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28136"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28138"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28122"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28124"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28126"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28128"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28112"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28114"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28116"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28118"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28102"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28104"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28106"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28108"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28096"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.2375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28098"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28092"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-156.8927,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28094"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28088"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.29,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28090"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28084"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-147.9451,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28086"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28080"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-143.8021,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28082"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28076"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.4573,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28078"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28072"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.098,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28074"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28068"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.7531,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28070"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28060"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28062"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28064"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28066"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28050"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28052"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28054"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28056"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28040"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28042"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28044"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28046"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28030"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28032"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28034"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28036"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28020"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28022"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28024"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28026"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28010"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28012"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28014"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28016"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28000"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28002"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28004"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28006"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27990"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27992"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27994"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27996"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27984"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.2616,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27986"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27980"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-192.9168,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27982"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.3141,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27978"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-183.9692,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27968"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-179.8262,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27970"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.4813,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27960"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.122,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27962"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27956"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.7771,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27958"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27928"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27930"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27932"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27934"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27918"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27920"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27922"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27924"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27908"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27910"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27912"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27914"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27898"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27902"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27904"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27888"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27890"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27892"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27894"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27878"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27880"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27882"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27884"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27868"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27870"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27872"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27874"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27858"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27860"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27862"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27864"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27848"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27850"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27852"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27854"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27838"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27840"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27842"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27844"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27828"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27830"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27832"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27834"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27818"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27820"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27822"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27824"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27808"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27810"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27812"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27814"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27798"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27800"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27802"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27804"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27788"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27790"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27792"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27794"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27778"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27780"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27782"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27784"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27768"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27770"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27772"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27774"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27758"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27760"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27762"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27764"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27748"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27750"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27752"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27754"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27738"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27740"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27742"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27744"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27728"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27730"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27732"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27734"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27718"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27720"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27722"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27724"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27708"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27710"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27712"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27714"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27698"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27700"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27702"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27704"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28432"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-126.1386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28428"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.7938,817.6604)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28430"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28424"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-117.1911,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28420"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.8462,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28422"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.7032,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28418"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28412"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.3583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28414"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28408"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.99876,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28410"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.65386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28406"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28400"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.4583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28402"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28396"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-157.1135,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28398"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28392"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.5108,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28394"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28388"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-148.1659,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28390"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28384"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-144.0229,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28386"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28380"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.6781,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28382"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28376"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.3188,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28378"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28372"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.9739,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28374"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.4824,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28370"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28364"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-193.1376,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28366"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28360"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.5349,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28362"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28356"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-184.19,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28358"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28352"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-180.047,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28354"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28348"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.7021,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28350"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28344"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.3428,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28346"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28340"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.9979,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28342"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28438"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.25863,817.7848)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36281"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-149.897,802.9053)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36283"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36285"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36287"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36289"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36291"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36293"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36295"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36297"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36299"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36301"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36303"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36305"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36307"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36309"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36311"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36313"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36315"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36317"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36319"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36321"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36323"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36325"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36327"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36329"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36331"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5348,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36333"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7196,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36335"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.35,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36337"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.274,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36339"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.9043,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36341"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.0892,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36343"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-149.6637,784.9089)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient36345"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-7.912301,167.4787)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5296,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36349"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7144,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36351"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.3448,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.2688,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36355"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.8991,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36357"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.084,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36359"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-198.4916,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36361"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.046,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36363"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.2306,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36365"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-192.8611,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36367"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-195.6763,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36369"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-87.12747,420.4818)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36373"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36375"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-91.66274,388.2275)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36377"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-153.7879,864.7564)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35867"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-141.9847,635.4266)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35869"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35871"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35873"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35875"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35877"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35879"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35881"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35883"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35885"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35887"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35889"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35891"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35893"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35895"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35897"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35899"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35901"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35903"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35905"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35907"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35909"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35911"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35913"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35915"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35917"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35919"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35921"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35923"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35925"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35927"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35929"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35931"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35933"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35935"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35937"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35939"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35941"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35943"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35945"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35947"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35949"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35951"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35953"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35955"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35957"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35959"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35961"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35963"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35965"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6225,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35967"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.7312,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35969"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2856,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35971"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.4702,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35973"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.1007,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35975"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8073,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35977"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9159,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35979"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4377,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35981"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5465,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35983"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3617,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35985"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.992,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35987"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1769,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35989"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-141.7514,617.4302)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient35991"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(2.672454,0.374188)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35993"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6173,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35995"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.726,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35997"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2804,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35999"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.465,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36001"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.0955,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36003"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8021,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36005"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9107,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36007"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4325,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36009"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5413,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36011"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3565,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36013"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.9868,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36015"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1717,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36017"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.5793,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36019"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.1337,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36021"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.3183,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36023"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-184.9488,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36025"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.764,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36027"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-79.21517,253.0031)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36029"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36031"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36033"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-83.75044,220.7488)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36035"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36037"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36039"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-145.8756,697.2777)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient12151"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.20227,0,0,0.454077,6.691668,-148.3193)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12153"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,1.691668,-145.8193)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient14835"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12155"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,1.924904,-161.8157)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12157"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.350818,114.6621,-134.6472)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12159"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-59.65453)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12161"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-61.33423)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12163"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-63.01391)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12165"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.09869,-64.40064)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ </defs>
+ <sodipodi:namedview
+ bordercolor="#666666"
+ borderopacity="1.0"
+ id="base"
+ inkscape:current-layer="layer1"
+ inkscape:cx="391.40904"
+ inkscape:cy="253.29159"
+ inkscape:document-units="px"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:window-height="722"
+ inkscape:window-width="1014"
+ inkscape:window-x="0"
+ inkscape:window-y="25"
+ inkscape:zoom="1"
+ pagecolor="#ffffff"
+ width="1052.3622px"
+ height="744.09448px"
+ showgrid="false" />
+ <g
+ id="layer1"
+ inkscape:groupmode="layer"
+ inkscape:label="Layer 1">
+ <g
+ id="g12774"
+ transform="matrix(0.1881701,0,0,0.2844466,82.77219,152.33679)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12776"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12778"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12780"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot12890"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="translate(51.007531,-424.27533)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion12892"><rect
+ id="rect12894"
+ width="156.14285"
+ height="34"
+ x="194.28572"
+ y="475.52304"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara6968">Delta-syncrepl</flowPara></flowRoot> <flowRoot
+ xml:space="preserve"
+ id="flowRoot27609"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="translate(-33,210)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion27611"><rect
+ id="rect27613"
+ width="134.05586"
+ height="26.345188"
+ x="96.974648"
+ y="113.75929"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara27617">Master/Provider</flowPara></flowRoot> <flowRoot
+ xml:space="preserve"
+ id="flowRoot3120"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="matrix(1,0,0,1.2037203,-16.30957,-194.07388)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion3122"><rect
+ id="rect3124"
+ width="317.52289"
+ height="139.3987"
+ x="412.14224"
+ y="279.42432"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara4477">Delta-syncrepl is a changelog-based variant of syncrepl. It works by maintaining a changelog of a selectable depth on the provider. The replication consumer checks the changelog for the changes.</flowPara></flowRoot> <g
+ id="g7023"
+ transform="matrix(0.1267968,0,0,0.1710106,204.38313,147.27416)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path7025"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path7027"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path7029"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="253"
+ y="224.40942"
+ id="text7033"><tspan
+ sodipodi:role="line"
+ x="253"
+ y="224.40942"
+ id="tspan7037">cn=accesslog</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="239.40942"
+ id="tspan3575">database to hold</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="254.40942"
+ id="tspan4415">changes etc.</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="254.40942"
+ id="tspan4419" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="269.40942"
+ id="tspan4417" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="284.40942"
+ id="tspan3577" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="299.40942"
+ id="tspan3573" /></text>
+ <rect
+ style="fill:#0000ff;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;opacity:0"
+ id="rect3579"
+ width="297"
+ height="168"
+ x="48"
+ y="128.40942" />
+ <rect
+ style="opacity:0;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;fill:none"
+ id="rect4375"
+ width="305"
+ height="167"
+ x="55"
+ y="127.40942" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4379"
+ width="293"
+ height="167"
+ x="60"
+ y="123.40942" />
+ <rect
+ style="opacity:0;fill:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;fill-opacity:1"
+ id="rect4381"
+ width="275"
+ height="161"
+ x="76"
+ y="143.40942" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4383"
+ width="305"
+ height="172"
+ x="61"
+ y="127.40942" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="93.694336"
+ y="286.38306"
+ id="text4397"><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="301.38306"
+ id="tspan4401">main database</tspan><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="316.38306"
+ id="tspan4403" /><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="331.38306"
+ id="tspan4405" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="316"
+ y="236.40942"
+ id="text4409"><tspan
+ sodipodi:role="line"
+ id="tspan4411"
+ x="316"
+ y="236.40942"></tspan><tspan
+ sodipodi:role="line"
+ id="tspan4413" /></text>
+ <rect
+ style="fill:#9087ff;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;opacity:1;fill-opacity:0;stroke-miterlimit:4;stroke-dasharray:3,1;stroke-dashoffset:0"
+ id="rect4421"
+ width="313"
+ height="184"
+ x="64"
+ y="133.40942" />
+ <g
+ id="g4423"
+ transform="matrix(0.1267968,0,0,0.1710106,337.38313,350.27416)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path4425"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path4427"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path4429"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="276.03223"
+ y="437.88306"
+ id="text4431"><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="437.88306"
+ id="tspan4441"><tspan
+ style="font-weight:bold"
+ id="tspan5582">Consumer</tspan> which uses syncrepl and the </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="452.88306"
+ id="tspan4439">"syncdata=accesslog" setting.</tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="467.88306"
+ id="tspan4469">Switches back to normal syncrepl if gets </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="482.88306"
+ id="tspan4471">too far out of sync, then once caught up </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="497.88306"
+ id="tspan4473">goes back to delta.</tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="512.88306"
+ id="tspan4435" /><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="527.88306"
+ id="tspan4437" /></text>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.08729029px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 244.20659,325.76325 L 336.79341,392.05559"
+ id="path25655" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.48164538px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 168.40377,220.39252 L 208.59623,190.42632"
+ id="path5584" />
+ </g>
+</svg>
Added: openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,4853 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="ldap-sync-refreshandpersist.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/ldap-sync-refreshandpersist.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28240"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28224"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28226"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28228"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28230"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28214"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28216"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28218"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28220"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28208"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-125.9178,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28210"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28204"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.573,808.7592)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28206"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28200"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-116.9703,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28202"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28196"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.6254,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28198"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28192"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.4824,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28194"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28188"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.1375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28190"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28184"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.77797,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28186"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28180"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.43307,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28182"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28172"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28174"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28176"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28178"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28162"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28164"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28166"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28168"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28152"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28154"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28156"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28158"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28142"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28144"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28146"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28148"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28132"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28134"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28136"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28138"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28122"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28124"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28126"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28128"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28112"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28114"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28116"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28118"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28102"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28104"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28106"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28108"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28096"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.2375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28098"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28092"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-156.8927,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28094"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28088"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.29,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28090"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28084"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-147.9451,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28086"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28080"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-143.8021,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28082"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28076"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.4573,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28078"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28072"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.098,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28074"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28068"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.7531,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28070"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28060"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28062"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28064"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28066"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28050"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28052"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28054"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28056"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28040"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28042"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28044"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28046"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28030"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28032"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28034"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28036"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28020"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28022"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28024"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28026"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28010"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28012"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28014"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28016"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28000"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28002"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28004"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28006"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27990"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27992"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27994"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27996"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27984"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.2616,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27986"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27980"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-192.9168,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27982"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.3141,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27978"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-183.9692,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27968"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-179.8262,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27970"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.4813,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27960"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.122,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27962"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27956"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.7771,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27958"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27928"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27930"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27932"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27934"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27918"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27920"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27922"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27924"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27908"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27910"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27912"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27914"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27898"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27902"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27904"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27888"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27890"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27892"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27894"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27878"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27880"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27882"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27884"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27868"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27870"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27872"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27874"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27858"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27860"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27862"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27864"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27848"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27850"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27852"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27854"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27838"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27840"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27842"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27844"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27828"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27830"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27832"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27834"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27818"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27820"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27822"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27824"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27808"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27810"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27812"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27814"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27798"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27800"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27802"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27804"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27788"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27790"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27792"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27794"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27778"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27780"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27782"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27784"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27768"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27770"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27772"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27774"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27758"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27760"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27762"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27764"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27748"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27750"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27752"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27754"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27738"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27740"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27742"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27744"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27728"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27730"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27732"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27734"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27718"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27720"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27722"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27724"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27708"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27710"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27712"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27714"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27698"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27700"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27702"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27704"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28432"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-126.1386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28428"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.7938,817.6604)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28430"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28424"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-117.1911,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28420"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.8462,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28422"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.7032,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28418"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28412"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.3583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28414"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28408"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.99876,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28410"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.65386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28406"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28400"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.4583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28402"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28396"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-157.1135,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28398"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28392"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.5108,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28394"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28388"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-148.1659,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28390"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28384"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-144.0229,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28386"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28380"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.6781,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28382"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28376"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.3188,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28378"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28372"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.9739,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28374"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.4824,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28370"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28364"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-193.1376,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28366"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28360"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.5349,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28362"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28356"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-184.19,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28358"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28352"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-180.047,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28354"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28348"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.7021,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28350"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28344"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.3428,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28346"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28340"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.9979,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28342"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28438"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.25863,817.7848)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36281"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-149.897,802.9053)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36283"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36285"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36287"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36289"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36291"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36293"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36295"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36297"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36299"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36301"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36303"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36305"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36307"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36309"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36311"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36313"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36315"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36317"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36319"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36321"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36323"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36325"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36327"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36329"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36331"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5348,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36333"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7196,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36335"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.35,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36337"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.274,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36339"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.9043,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36341"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.0892,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36343"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-149.6637,784.9089)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient36345"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-7.912301,167.4787)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5296,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36349"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7144,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36351"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.3448,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.2688,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36355"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.8991,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36357"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.084,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36359"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-198.4916,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36361"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.046,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36363"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.2306,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36365"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-192.8611,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36367"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-195.6763,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36369"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-87.12747,420.4818)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36373"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36375"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-91.66274,388.2275)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36377"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-153.7879,864.7564)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35867"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-141.9847,635.4266)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35869"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35871"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35873"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35875"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35877"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35879"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35881"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35883"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35885"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35887"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35889"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35891"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35893"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35895"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35897"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35899"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35901"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35903"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35905"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35907"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35909"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35911"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35913"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35915"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35917"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35919"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35921"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35923"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35925"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35927"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35929"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35931"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35933"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35935"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35937"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35939"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35941"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35943"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35945"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35947"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35949"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35951"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35953"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35955"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35957"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35959"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35961"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35963"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35965"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6225,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35967"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.7312,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35969"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2856,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35971"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.4702,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35973"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.1007,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35975"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8073,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35977"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9159,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35979"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4377,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35981"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5465,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35983"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3617,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35985"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.992,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35987"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1769,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35989"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-141.7514,617.4302)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient35991"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(2.672454,0.374188)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35993"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6173,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35995"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.726,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35997"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2804,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35999"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.465,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36001"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.0955,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36003"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8021,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36005"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9107,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36007"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4325,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36009"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5413,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36011"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3565,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36013"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.9868,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36015"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1717,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36017"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.5793,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36019"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.1337,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36021"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.3183,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36023"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-184.9488,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36025"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.764,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36027"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-79.21517,253.0031)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36029"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36031"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36033"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-83.75044,220.7488)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36035"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36037"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36039"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-145.8756,697.2777)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient12151"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.20227,0,0,0.454077,6.691668,-148.3193)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12153"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,1.691668,-145.8193)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient14835"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12155"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,1.924904,-161.8157)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12157"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.350818,114.6621,-134.6472)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12159"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-59.65453)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12161"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-61.33423)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12163"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-63.01391)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12165"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.09869,-64.40064)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <inkscape:perspective
+ id="perspective3612"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ sodipodi:type="inkscape:persp3d" />
+ </defs>
+ <sodipodi:namedview
+ bordercolor="#666666"
+ borderopacity="1.0"
+ id="base"
+ inkscape:current-layer="layer1"
+ inkscape:cx="344.82324"
+ inkscape:cy="267.55258"
+ inkscape:document-units="px"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:window-height="768"
+ inkscape:window-width="1024"
+ inkscape:window-x="0"
+ inkscape:window-y="0"
+ inkscape:zoom="1"
+ pagecolor="#ffffff"
+ width="1052.3622px"
+ height="744.09448px"
+ showgrid="false" />
+ <g
+ id="layer1"
+ inkscape:groupmode="layer"
+ inkscape:label="Layer 1">
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot12890"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;font-family:Arial"
+ transform="translate(-51.99247,-442.27533)"><flowRegion
+ id="flowRegion12892"><rect
+ id="rect12894"
+ width="445.14282"
+ height="64"
+ x="194.28572"
+ y="475.52304"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara3577">LDAP Content Synchronization Operation </flowPara><flowPara
+ id="flowPara3581">- refreshAndPersist</flowPara></flowRoot> <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.0861342px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="M 238,143.49926 L 238,444.31958"
+ id="path3597"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.08133781px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="M 464,147.49407 L 464,443.32477"
+ id="path3601"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow1Lend)"
+ d="M 244,149.40942 L 459,176.40942"
+ id="path3630" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow1Lend)"
+ d="M 455,184.40942 L 243,237.40942"
+ id="path3632" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 239.5,343.79723 L 454.5,370.79723"
+ id="path5496" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="19"
+ y="149.40942"
+ id="text5502"><tspan
+ sodipodi:role="line"
+ x="19"
+ y="149.40942"
+ id="tspan5518"
+ style="font-weight:bold">1.<tspan
+ style="font-weight:normal"
+ id="tspan5753"> Same as refreshOnly request,</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="164.40942"
+ style="font-weight:normal"
+ id="tspan5755">but refreshAndPersist mode</tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="179.40942"
+ style="font-weight:normal"
+ id="tspan5757">set.</tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="194.40942"
+ style="font-weight:bold"
+ id="tspan5751" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="590"
+ y="113.40942"
+ id="text5506"><tspan
+ sodipodi:role="line"
+ id="tspan5508"
+ x="590"
+ y="113.40942">Server</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="92"
+ y="109.40942"
+ id="text5510"><tspan
+ sodipodi:role="line"
+ id="tspan5512"
+ x="92"
+ y="109.40942">Client</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="492"
+ y="155.40942"
+ id="text5520"><tspan
+ sodipodi:role="line"
+ x="492"
+ y="155.40942"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5528">2a.<tspan
+ style="font-weight:normal"
+ id="tspan5789"> Same as refreshOnly mode.</tspan></tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="491.2998"
+ y="175.21997"
+ id="text5530"><tspan
+ sodipodi:role="line"
+ x="491.2998"
+ y="175.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5569">2b.<tspan
+ style="font-weight:normal"
+ id="tspan5805"> This time, send a Sync Info</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="491.2998"
+ y="190.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5807">Message to client indicating refresh</tspan><tspan
+ sodipodi:role="line"
+ x="491.2998"
+ y="205.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5809">stage is done and then enters the </tspan><tspan
+ sodipodi:role="line"
+ x="491.2998"
+ y="220.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5811">persist stage</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="20.009766"
+ y="220.21997"
+ id="text5571"><tspan
+ sodipodi:role="line"
+ x="20.009766"
+ y="220.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5599">3. <tspan
+ style="font-weight:normal"
+ id="tspan5823">After receiving the message, </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="20.009766"
+ y="235.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5817">the client will construct a </tspan><tspan
+ sodipodi:role="line"
+ x="20.009766"
+ y="250.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5819">synchronized copy as described</tspan><tspan
+ sodipodi:role="line"
+ x="20.009766"
+ y="265.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5821">in the refreshOnly mode.</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="490.00977"
+ y="266.21997"
+ id="text5603"><tspan
+ sodipodi:role="line"
+ x="490.00977"
+ y="266.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5635">4.<tspan
+ style="font-weight:normal"
+ id="tspan5629"> Server can now send change </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="490.00977"
+ y="281.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5850">notifications based on original Sync</tspan><tspan
+ sodipodi:role="line"
+ x="490.00977"
+ y="296.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5852">Search Request</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="487.82422"
+ y="366.21997"
+ id="text5637"><tspan
+ sodipodi:role="line"
+ x="487.82422"
+ y="366.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5669">6.<tspan
+ style="font-weight:normal"
+ id="tspan5917"> Server may terminate Sync Operation.</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="487.82422"
+ y="381.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5919">If it doesn't provide a cookie, a full</tspan><tspan
+ sodipodi:role="line"
+ x="487.82422"
+ y="396.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5921">refresh is needed by client.</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="19.681641"
+ y="303.21997"
+ id="text5675"><tspan
+ sodipodi:role="line"
+ x="19.681641"
+ y="303.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5685">5a.<tspan
+ style="font-weight:normal"
+ id="tspan5712"> For returned entries the </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="19.681641"
+ y="318.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5854">SearchResultEntry will have the </tspan><tspan
+ sodipodi:role="line"
+ x="19.681641"
+ y="333.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5858">Sync State Control set to either;</tspan><tspan
+ sodipodi:role="line"
+ x="19.681641"
+ y="348.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5714">add, delete or modify</tspan></text>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 459,379.66689 L 247,432.66689"
+ id="path5691" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 244.5,244.79723 L 459.5,271.79723"
+ id="path5825" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 452,280.66689 L 240,333.66689"
+ id="path5831" />
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="18.818359"
+ y="369.21997"
+ id="text5869"><tspan
+ sodipodi:role="line"
+ x="18.818359"
+ y="369.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5895">5b.<tspan
+ style="font-weight:normal"
+ id="tspan5899"> Waits for server to send entries</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="18.818359"
+ y="384.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5901" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="17.103516"
+ y="437.88306"
+ id="text5923"><tspan
+ sodipodi:role="line"
+ x="17.103516"
+ y="437.88306"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5925">7.<tspan
+ style="font-weight:normal"
+ id="tspan5931"> Client refreshes if disconnects </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="17.103516"
+ y="452.88306"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5933">and provides last syncCookie if it</tspan><tspan
+ sodipodi:role="line"
+ x="17.103516"
+ y="467.88306"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5937">has one.</tspan><tspan
+ sodipodi:role="line"
+ x="17.103516"
+ y="482.88306"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5929" /></text>
+ </g>
+</svg>
Added: openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshonly.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshonly.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshonly.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,4814 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="ldap-sync-refreshonly.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/ldap-sync-refreshOnly.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28240"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28224"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28226"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28228"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28230"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28214"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28216"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28218"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28220"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28208"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-125.9178,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28210"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28204"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.573,808.7592)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28206"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28200"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-116.9703,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28202"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28196"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.6254,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28198"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28192"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.4824,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28194"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28188"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.1375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28190"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28184"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.77797,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28186"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28180"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.43307,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28182"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28172"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28174"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28176"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28178"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28162"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28164"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28166"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28168"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28152"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28154"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28156"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28158"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28142"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28144"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28146"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28148"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28132"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28134"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28136"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28138"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28122"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28124"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28126"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28128"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28112"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28114"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28116"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28118"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28102"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28104"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28106"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28108"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28096"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.2375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28098"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28092"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-156.8927,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28094"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28088"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.29,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28090"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28084"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-147.9451,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28086"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28080"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-143.8021,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28082"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28076"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.4573,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28078"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28072"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.098,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28074"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28068"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.7531,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28070"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28060"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28062"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28064"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28066"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28050"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28052"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28054"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28056"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28040"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28042"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28044"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28046"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28030"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28032"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28034"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28036"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28020"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28022"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28024"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28026"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28010"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28012"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28014"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28016"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28000"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28002"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28004"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28006"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27990"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27992"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27994"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27996"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27984"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.2616,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27986"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27980"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-192.9168,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27982"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.3141,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27978"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-183.9692,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27968"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-179.8262,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27970"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.4813,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27960"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.122,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27962"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27956"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.7771,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27958"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27928"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27930"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27932"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27934"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27918"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27920"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27922"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27924"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27908"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27910"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27912"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27914"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27898"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27902"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27904"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27888"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27890"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27892"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27894"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27878"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27880"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27882"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27884"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27868"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27870"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27872"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27874"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27858"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27860"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27862"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27864"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27848"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27850"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27852"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27854"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27838"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27840"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27842"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27844"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27828"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27830"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27832"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27834"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27818"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27820"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27822"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27824"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27808"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27810"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27812"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27814"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27798"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27800"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27802"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27804"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27788"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27790"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27792"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27794"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27778"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27780"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27782"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27784"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27768"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27770"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27772"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27774"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27758"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27760"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27762"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27764"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27748"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27750"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27752"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27754"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27738"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27740"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27742"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27744"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27728"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27730"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27732"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27734"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27718"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27720"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27722"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27724"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27708"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27710"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27712"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27714"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27698"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27700"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27702"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27704"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28432"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-126.1386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28428"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.7938,817.6604)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28430"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28424"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-117.1911,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28420"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.8462,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28422"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.7032,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28418"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28412"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.3583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28414"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28408"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.99876,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28410"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.65386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28406"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28400"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.4583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28402"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28396"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-157.1135,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28398"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28392"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.5108,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28394"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28388"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-148.1659,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28390"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28384"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-144.0229,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28386"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28380"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.6781,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28382"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28376"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.3188,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28378"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28372"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.9739,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28374"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.4824,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28370"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28364"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-193.1376,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28366"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28360"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.5349,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28362"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28356"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-184.19,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28358"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28352"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-180.047,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28354"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28348"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.7021,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28350"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28344"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.3428,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28346"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28340"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.9979,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28342"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28438"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.25863,817.7848)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36281"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-149.897,802.9053)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36283"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36285"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36287"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36289"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36291"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36293"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36295"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36297"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36299"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36301"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36303"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36305"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36307"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36309"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36311"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36313"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36315"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36317"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36319"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36321"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36323"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36325"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36327"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36329"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36331"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5348,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36333"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7196,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36335"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.35,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36337"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.274,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36339"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.9043,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36341"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.0892,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36343"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-149.6637,784.9089)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient36345"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-7.912301,167.4787)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5296,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36349"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7144,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36351"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.3448,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.2688,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36355"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.8991,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36357"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.084,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36359"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-198.4916,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36361"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.046,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36363"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.2306,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36365"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-192.8611,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36367"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-195.6763,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36369"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-87.12747,420.4818)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36373"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36375"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-91.66274,388.2275)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36377"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-153.7879,864.7564)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35867"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-141.9847,635.4266)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35869"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35871"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35873"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35875"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35877"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35879"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35881"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35883"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35885"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35887"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35889"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35891"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35893"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35895"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35897"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35899"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35901"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35903"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35905"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35907"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35909"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35911"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35913"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35915"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35917"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35919"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35921"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35923"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35925"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35927"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35929"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35931"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35933"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35935"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35937"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35939"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35941"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35943"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35945"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35947"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35949"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35951"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35953"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35955"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35957"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35959"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35961"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35963"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35965"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6225,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35967"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.7312,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35969"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2856,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35971"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.4702,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35973"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.1007,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35975"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8073,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35977"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9159,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35979"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4377,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35981"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5465,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35983"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3617,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35985"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.992,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35987"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1769,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35989"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-141.7514,617.4302)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient35991"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(2.672454,0.374188)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35993"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6173,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35995"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.726,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35997"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2804,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35999"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.465,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36001"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.0955,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36003"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8021,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36005"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9107,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36007"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4325,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36009"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5413,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36011"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3565,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36013"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.9868,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36015"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1717,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36017"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.5793,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36019"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.1337,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36021"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.3183,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36023"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-184.9488,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36025"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.764,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36027"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-79.21517,253.0031)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36029"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36031"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36033"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-83.75044,220.7488)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36035"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36037"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36039"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-145.8756,697.2777)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient12151"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.20227,0,0,0.454077,6.691668,-148.3193)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12153"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,1.691668,-145.8193)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient14835"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12155"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,1.924904,-161.8157)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12157"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.350818,114.6621,-134.6472)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12159"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-59.65453)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12161"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-61.33423)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12163"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-63.01391)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12165"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.09869,-64.40064)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <inkscape:perspective
+ id="perspective3612"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ sodipodi:type="inkscape:persp3d" />
+ </defs>
+ <sodipodi:namedview
+ bordercolor="#666666"
+ borderopacity="1.0"
+ id="base"
+ inkscape:current-layer="layer1"
+ inkscape:cx="344.82324"
+ inkscape:cy="227.55258"
+ inkscape:document-units="px"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:window-height="722"
+ inkscape:window-width="1014"
+ inkscape:window-x="0"
+ inkscape:window-y="25"
+ inkscape:zoom="1"
+ pagecolor="#ffffff"
+ width="1052.3622px"
+ height="744.09448px"
+ showgrid="false" />
+ <g
+ id="layer1"
+ inkscape:groupmode="layer"
+ inkscape:label="Layer 1">
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot12890"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;font-family:Arial"
+ transform="translate(-51.99247,-442.27533)"><flowRegion
+ id="flowRegion12892"><rect
+ id="rect12894"
+ width="445.14282"
+ height="64"
+ x="194.28572"
+ y="475.52304"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara3577">LDAP Content Synchronization Operation </flowPara><flowPara
+ id="flowPara3581">- refreshOnly </flowPara></flowRoot> <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="M 238,143.40942 L 238,398.40942"
+ id="path3597"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="M 464,147.40942 L 464,400.40942"
+ id="path3601"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow1Lend)"
+ d="M 244,149.40942 L 459,176.40942"
+ id="path3630" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow1Lend)"
+ d="M 455,184.40942 L 243,237.40942"
+ id="path3632" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 245.5,303.79723 L 460.5,330.79723"
+ id="path5496" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 453,201.66689 L 241,254.66689"
+ id="path5498" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 455,218.66689 L 243,271.66689"
+ id="path5500" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="19"
+ y="149.40942"
+ id="text5502"><tspan
+ sodipodi:role="line"
+ id="tspan5504"
+ x="19"
+ y="149.40942"><tspan
+ style="font-weight:bold"
+ id="tspan5540">1.</tspan> Initial client copy Sync</tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="164.40942"
+ id="tspan5514">request - search request</tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="179.40942"
+ id="tspan5516">with Sync Request Control</tspan><tspan
+ sodipodi:role="line"
+ x="19"
+ y="194.40942"
+ id="tspan5518">with mode set to 'resfreshOnly'</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="590"
+ y="113.40942"
+ id="text5506"><tspan
+ sodipodi:role="line"
+ id="tspan5508"
+ x="590"
+ y="113.40942">Server</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="92"
+ y="109.40942"
+ id="text5510"><tspan
+ sodipodi:role="line"
+ id="tspan5512"
+ x="92"
+ y="109.40942">Client</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="501"
+ y="154.40942"
+ id="text5520"><tspan
+ sodipodi:role="line"
+ id="tspan5522"
+ x="501"
+ y="154.40942"
+ style="font-size:12px"><tspan
+ style="font-weight:bold"
+ id="tspan5542">2a.</tspan> Returns content matching search </tspan><tspan
+ sodipodi:role="line"
+ x="501"
+ y="169.40942"
+ style="font-size:12px"
+ id="tspan5524">and with each entry provides a Sync</tspan><tspan
+ sodipodi:role="line"
+ x="501"
+ y="184.40942"
+ style="font-size:12px"
+ id="tspan5526">State Control which contains the </tspan><tspan
+ sodipodi:role="line"
+ x="501"
+ y="199.40942"
+ style="font-size:12px"
+ id="tspan5528">'entryUUID'</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="501.2998"
+ y="217.21997"
+ id="text5530"><tspan
+ sodipodi:role="line"
+ x="501.2998"
+ y="217.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5538">2b.<tspan
+ style="font-weight:normal"
+ id="tspan5561"> Follows with a SearchResultDone </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="501.2998"
+ y="232.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5563">with a 'Sync Done Control' which</tspan><tspan
+ sodipodi:role="line"
+ x="501.2998"
+ y="247.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5567">provides the syncCookie - this cookie</tspan><tspan
+ sodipodi:role="line"
+ x="501.2998"
+ y="262.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5569">represents the session state.</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="16.009766"
+ y="271.21997"
+ id="text5571"><tspan
+ sodipodi:role="line"
+ x="16.009766"
+ y="271.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5581">3. <tspan
+ style="font-weight:normal"
+ id="tspan5597">Polls for updates providing the </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="16.009766"
+ y="286.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5599"><tspan
+ style="font-weight:normal"
+ id="tspan5601">previously issued syncCookie </tspan></tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="498.00977"
+ y="330.21997"
+ id="text5603"><tspan
+ sodipodi:role="line"
+ x="498.00977"
+ y="330.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5613">4a.<tspan
+ style="font-weight:normal"
+ id="tspan5629"> Use present or delete phase?</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="498.00977"
+ y="345.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5631">Both can be used, present brings </tspan><tspan
+ sodipodi:role="line"
+ x="498.00977"
+ y="360.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5633">client copy up to a point where delete</tspan><tspan
+ sodipodi:role="line"
+ x="498.00977"
+ y="375.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5635">can begin.</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="498.82422"
+ y="398.21997"
+ id="text5637"><tspan
+ sodipodi:role="line"
+ x="498.82422"
+ y="398.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5647">4b.<tspan
+ style="font-weight:normal"
+ id="tspan5663"> Server uses syncCookie as an </tspan></tspan><tspan
+ sodipodi:role="line"
+ x="498.82422"
+ y="413.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5665">indicator of what client got before and</tspan><tspan
+ sodipodi:role="line"
+ x="498.82422"
+ y="428.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5667">then sends copies of entries that have</tspan><tspan
+ sodipodi:role="line"
+ x="498.82422"
+ y="443.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5669">changed. <tspan
+ style="font-weight:bold"
+ id="tspan5671">All<tspan
+ style="font-weight:normal"
+ id="tspan5673"> attributes are sent.</tspan></tspan></tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="11.681641"
+ y="422.21997"
+ id="text5675"><tspan
+ sodipodi:role="line"
+ x="11.681641"
+ y="422.21997"
+ style="font-size:12px;font-weight:bold"
+ id="tspan5685">5.<tspan
+ style="font-weight:normal"
+ id="tspan5712"> Repeat using syncCookie, i.e.</tspan></tspan><tspan
+ sodipodi:role="line"
+ x="11.681641"
+ y="437.21997"
+ style="font-size:12px;font-weight:normal"
+ id="tspan5714">go back to step 3.</tspan></text>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 458,339.66689 L 246,392.66689"
+ id="path5691" />
+ </g>
+</svg>
Added: openldap/vendor/openldap-release/doc/guide/images/src/n-way-multi-master.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/n-way-multi-master.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/n-way-multi-master.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,5293 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="n-way-multi-master.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/n-way-multi-master.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28240"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28224"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28226"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28228"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28230"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28214"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28216"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28218"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28220"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28208"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-125.9178,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28210"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28204"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.573,808.7592)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28206"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28200"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-116.9703,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28202"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28196"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.6254,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28198"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28192"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.4824,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28194"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28188"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.1375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28190"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28184"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.77797,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28186"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28180"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.43307,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28182"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28172"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28174"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28176"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28178"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28162"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28164"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28166"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28168"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28152"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28154"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28156"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28158"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28142"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28144"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28146"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28148"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28132"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28134"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28136"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28138"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28122"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28124"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28126"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28128"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28112"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28114"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28116"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28118"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28102"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28104"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28106"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28108"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28096"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.2375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28098"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28092"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-156.8927,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28094"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28088"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.29,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28090"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28084"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-147.9451,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28086"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28080"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-143.8021,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28082"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28076"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.4573,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28078"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28072"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.098,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28074"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28068"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.7531,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28070"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28060"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28062"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28064"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28066"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28050"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28052"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28054"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28056"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28040"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28042"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28044"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28046"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28030"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28032"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28034"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28036"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28020"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28022"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28024"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28026"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28010"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28012"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28014"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28016"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28000"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28002"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28004"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28006"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27990"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27992"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27994"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27996"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27984"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.2616,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27986"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27980"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-192.9168,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27982"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.3141,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27978"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-183.9692,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27968"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-179.8262,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27970"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.4813,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27960"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.122,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27962"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27956"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.7771,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27958"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27928"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27930"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27932"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27934"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27918"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27920"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27922"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27924"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27908"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27910"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27912"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27914"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27898"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27902"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27904"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27888"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27890"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27892"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27894"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27878"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27880"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27882"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27884"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27868"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27870"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27872"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27874"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27858"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27860"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27862"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27864"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27848"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27850"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27852"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27854"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27838"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27840"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27842"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27844"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27828"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27830"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27832"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27834"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27818"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27820"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27822"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27824"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27808"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27810"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27812"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27814"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27798"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27800"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27802"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27804"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27788"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27790"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27792"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27794"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27778"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27780"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27782"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27784"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27768"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27770"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27772"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27774"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27758"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27760"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27762"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27764"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27748"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27750"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27752"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27754"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27738"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27740"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27742"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27744"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27728"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27730"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27732"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27734"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27718"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27720"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27722"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27724"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27708"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27710"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27712"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27714"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27698"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27700"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27702"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27704"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28432"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-126.1386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28428"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.7938,817.6604)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28430"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28424"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-117.1911,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28420"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.8462,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28422"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.7032,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28418"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28412"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.3583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28414"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28408"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.99876,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28410"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.65386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28406"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28400"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.4583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28402"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28396"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-157.1135,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28398"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28392"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.5108,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28394"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28388"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-148.1659,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28390"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28384"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-144.0229,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28386"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28380"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.6781,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28382"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28376"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.3188,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28378"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28372"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.9739,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28374"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.4824,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28370"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28364"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-193.1376,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28366"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28360"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.5349,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28362"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28356"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-184.19,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28358"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28352"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-180.047,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28354"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28348"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.7021,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28350"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28344"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.3428,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28346"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28340"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.9979,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28342"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28438"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.25863,817.7848)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36281"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-149.897,802.9053)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36283"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36285"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36287"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36289"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36291"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36293"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36295"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36297"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36299"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36301"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36303"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36305"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36307"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36309"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36311"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36313"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36315"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36317"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36319"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36321"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36323"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36325"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36327"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36329"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36331"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5348,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36333"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7196,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36335"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.35,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36337"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.274,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36339"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.9043,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36341"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.0892,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36343"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-149.6637,784.9089)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient36345"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-7.912301,167.4787)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5296,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36349"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7144,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36351"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.3448,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.2688,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36355"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.8991,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36357"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.084,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36359"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-198.4916,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36361"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.046,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36363"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.2306,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36365"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-192.8611,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36367"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-195.6763,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36369"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-87.12747,420.4818)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36373"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36375"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-91.66274,388.2275)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36377"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-153.7879,864.7564)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35867"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-141.9847,635.4266)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35869"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35871"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35873"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35875"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35877"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35879"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35881"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35883"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35885"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35887"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35889"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35891"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35893"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35895"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35897"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35899"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35901"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35903"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35905"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35907"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35909"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35911"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35913"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35915"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35917"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35919"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35921"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35923"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35925"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35927"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35929"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35931"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35933"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35935"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35937"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35939"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35941"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35943"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35945"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35947"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35949"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35951"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35953"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35955"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35957"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35959"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35961"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35963"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35965"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6225,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35967"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.7312,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35969"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2856,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35971"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.4702,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35973"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.1007,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35975"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8073,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35977"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9159,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35979"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4377,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35981"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5465,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35983"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3617,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35985"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.992,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35987"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1769,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35989"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-141.7514,617.4302)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient35991"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(2.672454,0.374188)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35993"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6173,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35995"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.726,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35997"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2804,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35999"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.465,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36001"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.0955,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36003"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8021,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36005"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9107,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36007"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4325,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36009"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5413,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36011"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3565,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36013"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.9868,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36015"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1717,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36017"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.5793,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36019"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.1337,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36021"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.3183,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36023"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-184.9488,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36025"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.764,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36027"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-79.21517,253.0031)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36029"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36031"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36033"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-83.75044,220.7488)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36035"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36037"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36039"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-145.8756,697.2777)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient12151"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.20227,0,0,0.454077,6.691668,-148.3193)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12153"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,1.691668,-145.8193)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient14835"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12155"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,1.924904,-161.8157)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12157"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.350818,114.6621,-134.6472)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12159"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-59.65453)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12161"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-61.33423)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12163"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-63.01391)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12165"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.09869,-64.40064)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ </defs>
+ <sodipodi:namedview
+ bordercolor="#666666"
+ borderopacity="1.0"
+ id="base"
+ inkscape:current-layer="layer1"
+ inkscape:cx="391.40904"
+ inkscape:cy="255.22111"
+ inkscape:document-units="px"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:window-height="722"
+ inkscape:window-width="1014"
+ inkscape:window-x="3"
+ inkscape:window-y="67"
+ inkscape:zoom="1"
+ pagecolor="#ffffff"
+ width="1052.3622px"
+ height="744.09448px"
+ showgrid="false" />
+ <g
+ id="layer1"
+ inkscape:groupmode="layer"
+ inkscape:label="Layer 1">
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot12890"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="translate(51.007531,-424.27533)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion12892"><rect
+ id="rect12894"
+ width="215.14285"
+ height="33"
+ x="194.28572"
+ y="475.52304"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara6968">N-Way Multi-Master</flowPara></flowRoot> <text
+ xml:space="preserve"
+ style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="316"
+ y="236.40942"
+ id="text4409"><tspan
+ sodipodi:role="line"
+ id="tspan4411"
+ x="316"
+ y="236.40942" /><tspan
+ sodipodi:role="line"
+ id="tspan4413" /></text>
+ <rect
+ style="opacity:0;fill:#0000ff;fill-rule:evenodd;stroke:#000000;stroke-width:0.73218948;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:1.4643789, 0.73218945;stroke-dashoffset:0;stroke-opacity:1"
+ id="rect3579"
+ width="178.64662"
+ height="149.73311"
+ x="47.800755"
+ y="127.86576" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4375"
+ width="183.45866"
+ height="148.84184"
+ x="52.01128"
+ y="126.97449" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4379"
+ width="176.24062"
+ height="148.84184"
+ x="55.018799"
+ y="123.40941" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4381"
+ width="165.41354"
+ height="143.49423"
+ x="64.64286"
+ y="141.23479" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4383"
+ width="183.45866"
+ height="153.29819"
+ x="55.620304"
+ y="126.97449" />
+ <rect
+ style="fill:#9087ff;fill-opacity:0;fill-rule:evenodd;stroke:#000000;stroke-width:1.17423046;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:3.52269138, 1.17423046;stroke-dashoffset:0;stroke-opacity:1"
+ id="rect4421"
+ width="298.58423"
+ height="265.9512"
+ x="68.433456"
+ y="127.24354" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.73100412px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 137.22159,211.39967 L 192.3649,161.08802"
+ id="path5584" />
+ <g
+ id="g5590"
+ transform="matrix(0.113185,0,0,0.2535183,188.60055,106.3998)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path5592"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path5594"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path5596"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g5598"
+ transform="matrix(0.113185,0,0,0.2535183,289.84868,191.17904)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path5600"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path5602"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path5604"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.80629903px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 241.61342,161.08341 L 307.52195,212.29555"
+ id="path5626" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.64994711px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 244.26545,341.16464 L 294.25338,297.29009"
+ id="path5628" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.74283248px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 124.07011,296.83672 L 182.92991,345.50928"
+ id="path5630" />
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="151"
+ y="425.40942"
+ id="text12157"><tspan
+ sodipodi:role="line"
+ id="tspan12159"
+ x="151"
+ y="425.40942">Example of a</tspan><tspan
+ sodipodi:role="line"
+ x="151"
+ y="445.40942"
+ id="tspan12206">Normal topology</tspan></text>
+ <g
+ id="g12190"
+ transform="matrix(0.113185,0,0,0.2535183,185.77724,274.9451)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12192"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12194"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12196"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12198"
+ transform="matrix(0.113185,0,0,0.2535183,87.77724,183.9451)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12200"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12202"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12204"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <rect
+ style="opacity:0;fill:#0000ff;fill-rule:evenodd;stroke:#000000;stroke-width:0.73218948;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:1.4643789, 0.73218945;stroke-dashoffset:0;stroke-opacity:1"
+ id="rect12248"
+ width="178.64662"
+ height="149.73311"
+ x="377.28104"
+ y="127.20171" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect12250"
+ width="183.45866"
+ height="148.84184"
+ x="381.49155"
+ y="126.31043" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect12252"
+ width="176.24062"
+ height="148.84184"
+ x="384.49905"
+ y="122.74535" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect12254"
+ width="165.41354"
+ height="143.49423"
+ x="394.12314"
+ y="140.57074" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect12256"
+ width="183.45866"
+ height="153.29819"
+ x="385.10059"
+ y="126.31043" />
+ <rect
+ style="fill:#9087ff;fill-opacity:0;fill-rule:evenodd;stroke:#000000;stroke-width:1.17423046;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:3.52269138, 1.17423046;stroke-dashoffset:0;stroke-opacity:1"
+ id="rect12258"
+ width="298.58423"
+ height="265.9512"
+ x="397.91373"
+ y="126.57948" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.38716727px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 444.79535,175.44697 L 472.2382,147.08805"
+ id="path12260" />
+ <g
+ id="g12262"
+ transform="matrix(5.632813e-2,0,0,0.1428994,470.36482,116.26221)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12264"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z"
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12266"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12268"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12270"
+ transform="matrix(5.632813e-2,0,0,0.1428994,520.7524,164.04931)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12272"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12274"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12276"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.42704627px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 496.74743,147.08545 L 529.54775,175.95195"
+ id="path12278" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.34423643px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 498.06725,248.59096 L 522.94446,223.86041"
+ id="path12280" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.39343202px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 438.25033,223.60486 L 467.54275,251.03988"
+ id="path12282" />
+ <text
+ xml:space="preserve"
+ style="font-size:16px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="507.48026"
+ y="424.74536"
+ id="text12284"><tspan
+ sodipodi:role="line"
+ x="507.48026"
+ y="424.74536"
+ id="tspan12308">Example of a </tspan><tspan
+ sodipodi:role="line"
+ x="507.48026"
+ y="464.74536"
+ id="tspan2998">ComplexTopology</tspan></text>
+ <g
+ id="g12290"
+ transform="matrix(5.632813e-2,0,0,0.1428994,467.95976,208.26531)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12292"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12294"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12296"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12298"
+ transform="matrix(5.632813e-2,0,0,0.1428994,420.18866,159.97179)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12300"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12302"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12304"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12330"
+ transform="matrix(5.632813e-2,0,0,0.1428994,467.95454,296.20047)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12332"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12334"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12336"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12338"
+ transform="matrix(5.632813e-2,0,0,0.1428994,593.95454,222.20047)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12340"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12342"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12344"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12346"
+ transform="matrix(5.632813e-2,0,0,0.1428994,553.95454,299.20047)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12348"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12350"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12352"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <g
+ id="g12354"
+ transform="matrix(5.632813e-2,0,0,0.1428994,637.95454,302.20047)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12356"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12358"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12360"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.34423643px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 570.56139,304.7747 L 595.4386,280.04415"
+ id="path12362" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.39343202px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 621.35379,282.69191 L 650.64621,310.12693"
+ id="path12364" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.6021955px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 497.8011,335.40942 L 523.48612,335.40942 L 551.1989,335.40942"
+ id="path12376" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.6021955px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 584.3011,337.40942 L 609.98612,337.40942 L 637.6989,337.40942"
+ id="path13444" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.68973196px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 483,266.25429 L 483,289.66343 L 483,307.56455"
+ id="path13448" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="105"
+ y="253.40942"
+ id="text14516"><tspan
+ sodipodi:role="line"
+ id="tspan14518"
+ x="105"
+ y="253.40942">m1</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="206.34375"
+ y="177.78345"
+ id="text14520"><tspan
+ sodipodi:role="line"
+ x="206.34375"
+ y="177.78345"
+ id="tspan14564">m2</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="200.34375"
+ y="345.78345"
+ id="text14524"><tspan
+ sodipodi:role="line"
+ id="tspan14526"
+ x="200.34375"
+ y="345.78345">m4</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="309.34375"
+ y="263.78345"
+ id="text14528"><tspan
+ sodipodi:role="line"
+ id="tspan14530"
+ x="309.34375"
+ y="263.78345">m3</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="587.19482"
+ y="147.00529"
+ id="text14532"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14534"
+ x="587.19482"
+ y="147.00529">m1</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="657.88513"
+ y="116.04277"
+ id="text14536"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14538"
+ x="657.88513"
+ y="116.04277">m2</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="729.26178"
+ y="150.28368"
+ id="text14540"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14542"
+ x="729.26178"
+ y="150.28368">m3</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="655.13983"
+ y="182.339"
+ id="text14544"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14546"
+ x="655.13983"
+ y="182.339">m4</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="655.13983"
+ y="246.44963"
+ id="text14548"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14550"
+ x="655.13983"
+ y="246.44963">m5</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="773.18579"
+ y="249.36375"
+ id="text14552"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14554"
+ x="773.18579"
+ y="249.36375">m6</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="829.4635"
+ y="191.80989"
+ id="text14556"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14558"
+ x="829.4635"
+ y="191.80989">m7</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:9.74170971px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="887.11389"
+ y="250.09229"
+ id="text14560"
+ transform="scale(0.72853,1.3726271)"><tspan
+ sodipodi:role="line"
+ id="tspan14562"
+ x="887.11389"
+ y="250.09229">m8</tspan></text>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.09121561px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 214,208.45503 L 214,296.36381"
+ id="path4225" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.01945496px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 141.00973,247.40942 L 289.99027,247.40942"
+ id="path7153" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.67594701px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 448.33798,195.40942 L 481.20271,195.40942 L 516.66202,195.40942"
+ id="path8754" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.72011989px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 483,173.76948 L 483,199.42807 L 483,219.04936"
+ id="path8756" />
+ </g>
+</svg>
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.12.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.12.2.8 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -13,7 +13,7 @@
[\c
.BR \-z ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,10 +31,14 @@
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-O \ security-properties\fR]
+[\c
.BR \-I ]
[\c
.BR \-Q ]
@@ -49,10 +53,12 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-.IR DN \ <
-.BR attr:value \ |
-.BR attr::b64value \ >
+.BR \-Z [ Z ]]
+.IR DN
+{\c
+.BI attr: value
+|
+.BI attr:: b64value\fR}
.SH DESCRIPTION
.I ldapcompare
is a shell-accessible interface to the
@@ -66,14 +72,14 @@
followed by one colon, the assertion \fIvalue\fP should be provided
as a string. If followed by two colons, the base64 encoding of the
value is provided. The result code of the compare is provided as
-the exit code and, unless ran with -z, the program prints
+the exit code and, unless ran with \fB\-z\fP, the program prints
TRUE, FALSE, or UNDEFINED on standard output.
.LP
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the compare. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -82,7 +88,7 @@
Run in quiet mode, no output is written. You must check the return
status. Useful in shell scripts.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -97,7 +103,7 @@
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -120,7 +126,7 @@
The recommended portable way to store a cleartext password in a file
for use with this option is to use
.BR slappasswd (8)
-with \fI{CLEARTEXT}\fP as hash and the option \fI\-n\fP.
+with \fI{CLEARTEXT}\fP as hash and the option \fB\-n\fP.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -129,15 +135,45 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
@@ -160,20 +196,17 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLES
.nf
ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.42.2.7 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.42.2.9 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -13,7 +13,7 @@
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,11 +31,15 @@
[\c
.BI \-h \ ldaphost\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
.BI \-p \ ldapport\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BI \-U \ authcid\fR]
[\c
@@ -55,9 +59,9 @@
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
-.IR dn ]...
+.IR DN \ [ ... ]]
.SH DESCRIPTION
.I ldapdelete
is a shell-accessible interface to the
@@ -69,14 +73,14 @@
entries. If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted. Each \fIDN\fP should be provided
using the LDAPv3 string representation as defined in RFC 4514.
-If no \fIdn\fP arguments
+If no \fIDN\fP arguments
are provided, a list of DNs is read from standard input (or from
-\fIfile\fP if the -f flag is used).
+\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -87,7 +91,7 @@
will continue with deletions. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -106,7 +110,7 @@
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -126,15 +130,45 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
.B \-r
Do a recursive delete. If the DN specified isn't a leaf, its
children, and all their children are deleted down the tree. No
@@ -144,7 +178,7 @@
.BI \-z \ sizelimit
Use \fIsizelimit\fP when searching for children DN to delete,
to circumvent any server-side size limit. Only useful in conjunction
-with \-r.
+with \fB\-r\fP.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
@@ -168,20 +202,17 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
The following command:
.LP
Added: openldap/vendor/openldap-release/doc/man/man1/ldapexop.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapexop.1 (rev 0)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapexop.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,249 @@
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapexop.1,v 1.1.2.2 2009/06/03 01:41:51 quanah Exp $
+.\" This contribution is derived from OpenLDAP Software.
+.\" All of the modifications to OpenLDAP Software represented in this
+.\" contribution were developed by Peter Marschall <peter at adpm.de>.
+.\" I have not assigned rights and/or interest in this work to any party.
+.\"
+.\" Copyright 2009 Peter Marschall
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted only as authorized by the OpenLDAP Public License.
+.\"
+.\" A copy of this license is available in file LICENSE in the
+.\" top-level directory of the distribution or, alternatively, at
+.\" http://www.OpenLDAP.org/license.html.
+
+.TH LDAPEXOP 1
+
+.SH NAME
+ldapexop \- issue LDAP extended operations
+
+.SH SYNOPSIS
+ldapexop
+[\c
+.BI \-d \ level\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-h \ host\fR]
+[\c
+.BI \-H \ URI\fR]
+[\c
+.BR \-I ]
+[\c
+.BR \-n ]
+[\c
+.BR \-N ]
+[\c
+.BI \-O \ security-properties\fR]
+[\c
+.BI \-o \ opt\fR[\fP = optparam\fR]]
+[\c
+.BI \-p \ port\fR]
+[\c
+.BR \-Q ]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BR \-v ]
+[\c
+.BR \-V ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BR \-W ]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-y \ file\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z [ Z ]]
+{\c
+.I oid
+|
+.BI oid: data
+|
+.BI oid:: b64data
+|
+.B whoami
+|
+.BI cancel \ cancel-id
+|
+.BI refresh \ DN \ \fR[\fIttl\fR]}
+
+.SH DESCRIPTION
+ldapexop issues the LDAP extended operation specified by \fBoid\fP
+or one of the special keywords \fBwhoami\fP, \fBcancel\fP, or \fBrefresh\fP.
+
+Additional data for the extended operation can be passed to the server using
+\fIdata\fP or base-64 encoded as \fIb64data\fP in the case of \fBoid\fP,
+or using the additional parameters in the case of the specially named extended
+operations above.
+
+Please note that ldapexop behaves differently for the same extended operation
+when it was given as an OID or as a specialliy named operation:
+
+Calling ldapexop with the OID of the \fBwhoami\fP (RFC 4532) extended operation
+.nf
+
+ ldapexop [<options>] 1.3.6.1.4.1.4203.1.11.3
+
+.fi
+yields
+.nf
+
+ # extended operation response
+ data:: <base64 encoded response data>
+
+.fi
+while calling it with the keyword \fBwhoami\fP
+.nf
+
+ ldapexop [<options>] whoami
+
+.fi
+results in
+.nf
+
+ dn:<client's identity>
+
+.fi
+
+
+.SH OPTIONS
+.TP
+.BI \-d \ level
+Set the LDAP debugging level to \fIlevel\fP.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+Specify general extensions. \'!\' indicates criticality.
+.nf
+ [!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
+ [!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
+ [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
+ one of "chainingPreferred", "chainingRequired",
+ "referralsPreferred", "referralsRequired"
+ [!]manageDSAit (RFC 3296)
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
+ [!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
+ [!]relax
+ abandon, cancel, ignore (SIGINT sends abandon/cancel,
+ or ignores response; if critical, doesn't wait for SIGINT.
+ not really controls)
+.fi
+.TP
+.BI \-f \ file
+Read operations from \fIfile\fP.
+.TP
+.BI \-h \ host
+Specify the host on which the ldap server is running.
+Deprecated in favor of \fB\-H\fP.
+.TP
+.BI \-H \ URI
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.BI \-n
+Show what would be done but don't actually do it.
+Useful for debugging in conjunction with \fB\-v\fP.
+.TP
+.BI \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.BI \-o \ opt\fR[\fP = optparam\fR]
+Specify general options:
+.nf
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+.fi
+.TP
+.BI \-p \ port
+Specify the TCP port where the ldap server is listening.
+Deprecated in favor of \fB\-H\fP.
+.TP
+.BI \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.BI \-V
+Print version info and usage message.
+If\fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.BI dn: "<distinguished name>"
+or
+.BI u: <username>
+.TP
+.BI \-y \ file
+Use complete contents of \fIfile\fP as the password for
+simple authentication.
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication.
+Without this option, the program will choose the best mechanism the server knows.
+.TP
+.BR \-Z [ Z ]
+Issue StartTLS (Transport Layer Security) extended operation.
+Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
+
+.SH DIAGNOSTICS
+Exit status is zero if no errors occur.
+Errors result in a non-zero exit status and
+a diagnostic message being written to standard error.
+
+.SH "SEE ALSO"
+.BR ldap_extended_operation_s (3)
+
+.SH AUTHOR
+This manual page was written by Peter Marschall
+based on \fBldapexop\fP's usage message and a few tests
+with \fBldapexop\fP.
+Do not expect it to be complete or absolutely correct.
+
+.SH ACKNOWLEDGEMENTS
+.so ../Project
+
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.49.2.9 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.49.2.11 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -17,7 +17,7 @@
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,10 +35,14 @@
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-O \ security-properties\fR]
+[\c
.BR \-I ]
[\c
.BR \-Q ]
@@ -53,7 +57,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.LP
@@ -67,7 +71,7 @@
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -85,9 +89,9 @@
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -103,7 +107,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.SH DESCRIPTION
@@ -118,12 +122,12 @@
.B ldapadd
is implemented as a hard link to the ldapmodify tool. When invoked as
.B ldapadd
-the -a (add new entry) flag is turned on automatically.
+the \fB\-a\fP (add new entry) flag is turned on automatically.
.LP
.B ldapmodify
opens a connection to an LDAP server, binds, and modifies or adds entries.
The entry information is read from standard input or from \fIfile\fP through
-the use of the -f option.
+the use of the \fB\-f\fP option.
.SH OPTIONS
.TP
.B \-a
@@ -142,16 +146,16 @@
.BI \-S \ file
Add or change records which where skipped due to an error are written to \fIfile\fP
and the error message returned by the server is added as a comment. Most useful in
-conjunction with -c.
+conjunction with \fB\-c\fP.
.TP
.B \-n
Show what would be done, but don't actually modify entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -170,7 +174,7 @@
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -190,18 +194,48 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
@@ -221,22 +255,20 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH INPUT FORMAT
-The contents of \fIfile\fP (or standard input if no \-f flag is given on
+The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
the command line) must conform to the format defined in
.BR ldif (5)
(LDIF as defined in RFC 2849).
@@ -250,21 +282,21 @@
changetype: modify
replace: mail
mail: modme at example.com
- -
+ \-
add: title
title: Grand Poobah
- -
+ \-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
- -
+ \-
delete: description
- -
+ \-
.fi
.LP
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will replace the contents of the "Modify Me" entry's
@@ -296,7 +328,7 @@
the command:
.LP
.nf
- ldapadd -f /tmp/newentry
+ ldapadd \-f /tmp/newentry
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
@@ -315,7 +347,7 @@
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will remove Babs Jensen's entry.
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.38.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.38.2.8 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -17,7 +17,7 @@
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,10 +35,14 @@
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-O \ security-properties\fR]
+[\c
.BR \-I ]
[\c
.BR \-Q ]
@@ -53,7 +57,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
[\c
@@ -82,7 +86,7 @@
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -92,33 +96,33 @@
will continue with modifications. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
must be
compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.B \-f file
+.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
-.B \-D binddn
+.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
-.B \-w passwd
+.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
@@ -132,18 +136,48 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
@@ -163,28 +197,23 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
.LP
Otherwise, the contents of \fIfile\fP (or standard input if
-no
-.RI \- f
-flag is given) should consist of one or more entries.
+no \fB\-f\fP flag is given) should consist of one or more entries.
.LP
.nf
Distinguished Name (DN)
@@ -205,7 +234,7 @@
the command:
.LP
.nf
- ldapmodrdn -r -f /tmp/entrymods
+ ldapmodrdn \-r \-f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
Modified: openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.39.2.7 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.39.2.8 2009/06/03 01:41:51 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -39,7 +39,7 @@
[\c
.BI \-y \ passwdfile\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -55,7 +55,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.IR user ]
.SH DESCRIPTION
@@ -94,7 +94,7 @@
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
@@ -108,16 +108,15 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
-.BR \-v \ or
-.BR \-d )
+\fB\-v\fP or \fB\-d\fP)
.TP
.BI \-S
Prompt for new password.
@@ -165,7 +164,7 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.BI dn: <distinguished name>
+.BI dn: "<distinguished name>"
or
.BI u: <username>\fP.
.TP
@@ -173,10 +172,9 @@
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.BR \-ZZ ,
-the command will require the operation to be successful
+\fB\-ZZ\fP, the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_sasl_bind (3),
.BR ldap_extended_operation (3),
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.8 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.10 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -15,7 +15,7 @@
[\c
.BR \-v ]
[\c
-.BR \-t[t] ]
+.BR \-t [ t ]]
[\c
.BI \-T \ path\fR]
[\c
@@ -23,9 +23,9 @@
[\c
.BR \-A ]
[\c
-.BR \-L[L[L]] ]
+.BR \-L [ L [ L ]]]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-S \ attribute\fR]
[\c
@@ -51,21 +51,21 @@
[\c
.BI \-b \ searchbase\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
+.BR \-a \ { never \||\| always \||\| search \||\| find }]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-e \ [!]ext[=extparam]]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-l \ timelimit\fR]
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -79,7 +79,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.I filter
[\c
.IR attrs... ]
@@ -102,6 +102,9 @@
returned. If + is listed, all operational attributes are returned.
If no \fIattrs\fP are listed, all user attributes are returned. If only
1.1 is listed, no attributes will be returned.
+.LP
+The search results are displayed using an extended version of LDIF.
+Option \fI\-L\fP controls the format of the output.
.SH OPTIONS
.TP
.B \-n
@@ -120,19 +123,19 @@
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
-.B \-t[t]
-A single -t writes retrieved non-printable values to a set of temporary
+.BR \-t [ t ]
+A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
files. This is useful for dealing with values containing non-character
-data such as jpegPhoto or audio. A second -t writes all retrieved values to
+data such as jpegPhoto or audio. A second \fB\-t\fP writes all retrieved values to
files.
.TP
.BI \-T \ path
Write temporary files to directory specified by \fIpath\fP (default:
-/var/tmp/)
+\fB/var/tmp/\fP)
.TP
.BI \-F \ prefix
-URL prefix for temporary files. Default is file://\fIpath\fP/ where
-\fIpath\fP is /var/tmp/ or specified with -T.
+URL prefix for temporary files. Default is \fBfile://\fIpath\fP where
+\fIpath\fP is \fB/var/tmp/\fP or specified with \fB\-T\fP.
.TP
.B \-A
Retrieve attributes only (no values). This is useful when you just want to
@@ -142,12 +145,12 @@
.B \-L
Search results are display in LDAP Data Interchange Format detailed in
.BR ldif (5).
-A single -L restricts the output to LDIFv1.
-A second -L disables comments.
-A third -L disables printing of the LDIF version.
+A single \fB\-L\fP restricts the output to LDIFv1.
+ A second \fB\-L\fP disables comments.
+A third \fB\-L\fP disables printing of the LDIF version.
The default is to use an extended version of LDIF.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -159,8 +162,7 @@
.BR ldap_sort (3)
for more details. Note that
.B ldapsearch
-normally prints out entries as it receives them. The use of the
-.B \-S
+normally prints out entries as it receives them. The use of the \fB\-S\fP
option defeats this behavior, causing all entries to be retrieved,
then sorted, then printed.
.TP
@@ -178,17 +180,17 @@
Where it is desired that the search filter include a \fB%\fP character,
the character should be encoded as \fB\\25\fP (see RFC 4515).
If \fIfile\fP is a single
-\fI-\fP character, then the lines are read from standard input.
+\fB\-\fP character, then the lines are read from standard input.
.B ldapsearch
will exit when the first non-successful search result is returned,
-unless -c is used.
+unless \fB\-c\fP is used.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -213,50 +215,50 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
the default.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
.I children
scope requires LDAPv3 subordinate feature extension.
.TP
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
+.BR \-a \ { never \||\| always \||\| search \||\| find }
Specify how aliases dereferencing is done. Should be one of
-.IR never ,
-.IR always ,
-.IR search ,
+.BR never ,
+.BR always ,
+.BR search ,
or
-.I find
+.B find
to specify that aliases are never dereferenced, always dereferenced,
dereferenced when searching, or dereferenced only when locating the
base object for the search. The default is to never dereference aliases.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.B \-e \fI[!]ext[=extparam]\fP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
-.B \-E \fI[!]ext[=extparam]\fP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-Specify general extensions with -e and search extensions with -E.
-\'!\' indicates criticality.
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
General extensions:
.nf
@@ -275,7 +277,7 @@
[!]domainScope (domain scope)
[!]mv=<filter> (matched values filter)
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
- [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...] (server side sorting)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
@@ -329,20 +331,17 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH OUTPUT FORMAT
If one or more entries are found, each entry is written to standard
output in LDAP Data Interchange Format or
@@ -361,14 +360,14 @@
...
.fi
.LP
-If the -t option is used, the URI of a temporary file
-is used in place of the actual value. If the -A option
+If the \fB\-t\fP option is used, the URI of a temporary file
+is used in place of the actual value. If the \fB\-A\fP option
is given, only the "attributename" part is written.
.SH EXAMPLE
The following command:
.LP
.nf
- ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
+ ldapsearch \-LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
will perform a subtree search (using the default search base and
@@ -384,23 +383,23 @@
cn: John Smith
cn: John T. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 123-4567
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 123\-4567
dn: uid=sss,dc=example,dc=com
cn: Steve Smith
cn: Steve S. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 765-4321
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 765\-4321
.fi
.LP
The command:
.LP
.nf
- ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
+ ldapsearch \-LLL \-u \-t "(uid=xyz)" jpegPhoto audio
.fi
.LP
will perform a subtree search using the default search base for entries
@@ -413,14 +412,14 @@
.nf
dn: uid=xyz,dc=example,dc=com
ufn: xyz, example, com
- audio:< file:///tmp/ldapsearch-audio-a19924
- jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
+ audio:< file:///tmp/ldapsearch\-audio\-a19924
+ jpegPhoto:< file:///tmp/ldapsearch\-jpegPhoto\-a19924
.fi
.LP
This command:
.LP
.nf
- ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
+ ldapsearch \-LLL \-s one \-b "c=US" "(o=University*)" o description
.fi
.LP
will perform a one-level search at the c=US level for all entries
@@ -443,7 +442,7 @@
o: University of Colorado at Denver
o: UCD
o: CU/Denver
- o: CU-Denver
+ o: CU\-Denver
description: Institute for Higher Learning and Research
dn: o=University of Florida,c=US
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapurl.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapurl.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapurl.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPURL 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.2 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.4 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -11,8 +11,10 @@
[\c
.BI \-b \ searchbase\fR]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
.BI \-f \ filter\fR]
[\c
.BI \-H \ ldapuri\fR]
@@ -21,14 +23,14 @@
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
.BI \-S \ scheme\fR]
.SH DESCRIPTION
.I ldapurl
is a command that allows to either compose or decompose LDAP URIs.
.LP
-When invoked with the \fI-H\fP option,
+When invoked with the \fB\-H\fP option,
.B ldapurl
extracts the components of the \fIldapuri\fP option argument,
unescaping hex-escaped chars as required.
@@ -37,17 +39,17 @@
call.
Otherwise, it builds an LDAP URI based on the components
passed with the appropriate options, performing the inverse operation.
-Option \fI-H\fP is incompatible with options
-.IR \-a ,
-.IR \-b ,
-.IR \-E ,
-.IR \-f ,
-.IR \-H ,
-.IR \-h ,
-.IR \-p ,
-.IR \-S ,
+Option \fB\-H\fP is incompatible with options
+.BR \-a ,
+.BR \-b ,
+.BR \-E ,
+.BR \-f ,
+.BR \-H ,
+.BR \-h ,
+.BR \-p ,
+.BR \-S ,
and
-.IR \-s .
+.BR \-s .
.SH OPTIONS
.TP
.TP
@@ -57,9 +59,37 @@
.BI \-b \ searchbase
Set the \fIsearchbase\fP.
.TP
-.B \-E \fI[!]ext[=extparam]\fP
-Set URL extensions; \'!\' indicates criticality.
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
+.TP
.BI \-f \ filter
Set the URL filter. No particular check on conformity with RFC 4515
LDAP filters is performed, but the value is hex-escaped as required.
@@ -77,22 +107,22 @@
Set the URL scheme. Defaults for other fields, like \fIldapport\fP,
may depend on the value of \fIscheme\fP.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
-.I children
+.B children
scope requires LDAPv3 subordinate feature extension.
.SH OUTPUT FORMAT
-If the \fI-H\fP option is used, the \fIldapuri\fP supplied
+If the \fB\-H\fP option is used, the \fIldapuri\fP supplied
is exploded in its components, which are printed to standard output
in an LDIF-like form.
.LP
@@ -102,7 +132,7 @@
The following command:
.LP
.nf
- ldapuri -h ldap.example.com -b dc=example,dc=com -s sub -f (cn=Some One)
+ ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)"
.fi
.LP
returns
@@ -114,7 +144,7 @@
The command:
.LP
.nf
- ldapuri -H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
+ ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
.fi
.LP
returns
Modified: openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.10.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.10.2.8 2009/06/08 18:23:33 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -29,6 +29,10 @@
[\c
.BI \-p \ ldapport\fR]
[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
@@ -45,7 +49,7 @@
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.SH DESCRIPTION
.I ldapwhoami
implements the LDAP "Who Am I?" extended operation.
@@ -58,7 +62,7 @@
.B \-n
Show what would be done, but don't actually perform the whoami operation.
Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -73,7 +77,7 @@
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -93,18 +97,45 @@
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
-Specify the LDAP protocol version to use.
-.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+ [!]domainScope (domain scope)
+ [!]mv=<filter> (matched values filter)
+ [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
+ [!]subentries[=true|false] (subentries)
+ [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
+ rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+.fi
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
@@ -124,23 +155,20 @@
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
.nf
- ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
+ ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W
.fi
.SH "SEE ALSO"
.BR ldap.conf (5),
Modified: openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-decode.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-decode.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23.2.5 2009/01/22 00:00:48 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23.2.6 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-encode.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-encode.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21.2.6 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -266,14 +266,14 @@
rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
size, time, attrsonly, attrs );
- if( rc == -1 ) {
+ if( rc == \-1 ) {
/* error */
} else {
/* success */
}
.fi
.SH ERRORS
-If an error occurs during encoding, generally these routines return -1.
+If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-memory.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-memory.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14.2.5 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LBER_SOCKBUF 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-sockbuf.3,v 1.2.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-sockbuf.3,v 1.2.2.5 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -83,7 +83,7 @@
.B arg
must be a
.BR "ber_socket_t *" .
-The return value will be 1 if a valid descriptor was present, -1 otherwise.
+The return value will be 1 if a valid descriptor was present, \-1 otherwise.
.TP
.B LBER_SB_OPT_SET_FD
Sets the file descriptor of the
@@ -101,7 +101,7 @@
.BR Sockbuf .
.B arg
should be NULL to disable and non-NULL to enable the non-blocking state.
-The return value will be 1 for success, -1 otherwise.
+The return value will be 1 for success, \-1 otherwise.
.TP
.B LBER_SB_OPT_DRAIN
Flush (read and discard) all available input on the
Modified: openldap/vendor/openldap-release/doc/man/man3/lber-types.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-types.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-types.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19.2.5 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40.2.6 2009/06/03 01:41:52 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap \- OpenLDAP Lightweight Directory Access Protocol API
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -77,15 +77,15 @@
to select version 3. The library manual pages assume version 3
has been selected.
.SH INPUT and OUTPUT PARAMETERS
-All character string input/output is expected to be/is UTF\-8
+All character string input/output is expected to be/is UTF-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
-be passed to the LDAP routines should conform to RFC 4514 UTF\-8
+be passed to the LDAP routines should conform to RFC 4514 UTF-8
string representation.
.LP
Search filters to be passed to the search routines are to be
-constructed by hand and should conform to RFC 4515 UTF\-8
+constructed by hand and should conform to RFC 4515 UTF-8
string representation.
.LP
LDAP URLs to be passed to routines are expected to conform
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17.2.6 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_add.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_add.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17.2.6 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.20.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.20.2.7 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -267,7 +267,7 @@
.B ldap_unbind_ext_s()
allows the operations to specify controls.
.SH ERRORS
-Asynchronous routines will return -1 in case of error, setting the
+Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.16.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.16.2.6 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAP_CONTROLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_controls.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_controls.3,v 1.1.2.5 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -7,7 +7,7 @@
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.16.2.5 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -74,7 +74,7 @@
.BR ldap_perror (3)
and friends.
.B ldap_delete()
-returns -1 if something went wrong initiating the request. It returns the
+returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_error.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_error.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21.2.6 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.1.2.7 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.1.2.8 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21.2.6 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16.2.5 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11.2.5 2009/06/03 01:41:53 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28.2.6 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_GET_OPTION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_option.3,v 1.3.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_option.3,v 1.3.2.7 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -66,7 +66,7 @@
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
@@ -84,7 +84,7 @@
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_DEREF
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17.2.6 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_memory.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_memory.3,v 1.1.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14.2.6 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -68,7 +68,7 @@
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
-The asynchronous versions return -1 in case
+The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP. See
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_open.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_open.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.16.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.1.2.5 2009/06/03 01:41:54 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.1.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.1.2.6 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.1.2.5 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -54,7 +54,7 @@
.BR ldap_result(3).
.SH ERRORS
.B ldap_rename()
-returns -1 in case of error initiating the request, and
+returns \-1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter to
indicate the error.
.BR ldap_rename_s()
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_result.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_result.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20.2.7 2009/06/19 21:57:43 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -29,7 +29,7 @@
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
-etc.). Those routines all return -1 in case of error, and an
+etc.). Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session. It can be used to request the result
@@ -73,7 +73,7 @@
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
-.LP
+.SH RETURN VALUE
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation;
otherwise, the \fIresult\fP parameter is undefined. This
@@ -118,12 +118,12 @@
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
-returns -1 if something bad happens, and zero if the
+returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
-return -1 on error.
+return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15.2.6 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 2000-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_search.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_search.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.22.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.22.2.6 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15.2.6 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_SYNC 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sync.3,v 1.1.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sync.3,v 1.1.2.6 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -98,7 +98,7 @@
The desired timeout during polling with
.BR ldap_sync_poll (3).
A value of
-.BR -1
+.BR \-1
means that polling is blocking, so
.BR ldap_sync_poll (3)
will not return until a message is received; a value of
@@ -218,7 +218,7 @@
.BR ldap_parse_result (3).
The
.BR refreshDeletes
-argument is not relevant in this case; it should always be -1.
+argument is not relevant in this case; it should always be \-1.
.TP
.BI "void *" ls_private
A pointer to private data. The client may register here
@@ -291,7 +291,7 @@
.BR ls_timeout
to 0, or to set it to a finite, small value.
Otherwise, if the client's main purpose consists in waiting for
-responses, a timeout of -1 is most suitable, so that the function
+responses, a timeout of \-1 is most suitable, so that the function
only returns after some data has been received and handled.
.SH ERRORS
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_TLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_tls.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_tls.3,v 1.1.2.5 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_url.3 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_url.3 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,11 +1,11 @@
.TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18.2.7 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
Modified: openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.33.2.10 2009/01/26 21:32:04 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.33.2.12 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -40,7 +40,7 @@
For example, to define \fBBASE\fP via the environment, set the variable
\fBLDAPBASE\fP to the desired value.
.LP
-Some options are user\-only. Such options are ignored if present
+Some options are user-only. Such options are ignored if present
in the
.I ldap.conf
(or file specified by
@@ -127,7 +127,7 @@
.B BINDDN <dn>
Specifies the default bind DN to use when performing ldap operations.
The bind DN must be specified as a Distinguished Name in LDAP format.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B DEREF <when>
Specifies how alias dereferencing is done when performing a search. The
@@ -186,14 +186,17 @@
.\"Determines whether the library should implicitly restart connections (FIXME).
.TP
.B SIZELIMIT <integer>
-Specifies a size limit to use when performing searches. The
-number should be a non-negative integer. \fISIZELIMIT\fP of zero (0)
-specifies unlimited search size.
+Specifies a size limit (number of entries) to use when performing searches.
+The number should be a non-negative integer. \fISIZELIMIT\fP of zero (0)
+specifies a request for unlimited search size. Please note that the server
+may still apply any server-side limit on the amount of entries that can be
+returned by a search operation.
.TP
.B TIMELIMIT <integer>
-Specifies a time limit to use when performing searches. The
-number should be a non-negative integer. \fITIMELIMIT\fP of zero (0)
-specifies unlimited search time to be used.
+Specifies a time limit (in seconds) to use when performing searches.
+The number should be a non-negative integer. \fITIMELIMIT\fP of zero (0)
+specifies unlimited search time to be used. Please note that the server
+may still apply any server-side limit on the duration of a search operation.
.B VERSION {2|3}
Specifies what version of the LDAP protocol should be used.
.TP
@@ -208,19 +211,19 @@
.TP
.B SASL_MECH <mechanism>
Specifies the SASL mechanism to use.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_REALM <realm>
Specifies the SASL realm.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHCID <authcid>
Specifies the authentication identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHZID <authcid>
Specifies the proxy authorization identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_SECPROPS <properties>
Specifies Cyrus SASL security properties. The
@@ -309,7 +312,7 @@
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_KEY <filename>
Specifies the file that contains the private key that matches the certificate
@@ -317,7 +320,7 @@
.B TLS_CERT
file. Currently, the private key must not be protected with a password, so
it is of critical importance that the key file is protected carefully.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_CIPHER_SUITE <cipher-suite-spec>
Specifies acceptable cipher suite and preference order.
@@ -327,13 +330,13 @@
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B TLS_RANDFILE <filename>
Modified: openldap/vendor/openldap-release/doc/man/man5/ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldif.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/ldif.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
.TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.22.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.22.2.5 2009/06/03 01:41:55 quanah Exp $
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -136,7 +136,7 @@
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
Or, for a replace modification:
@@ -146,7 +146,7 @@
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to replace,
@@ -159,7 +159,7 @@
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to delete,
@@ -215,13 +215,13 @@
add: givenName
givenName: Barbara
givenName: babs
- -
+ \-
replace: description
description: the fabulous babs
- -
+ \-
delete: sn
sn: jensen
- -
+ \-
dn: cn=Babs Jensen,dc=example,dc=com
changetype: modrdn
@@ -270,7 +270,7 @@
.BR ldapmodify (1),
.BR slapadd (8),
.BR slapcat (8),
-.BR slapd-ldif (5),
+.BR slapd\-ldif (5),
.BR slapd.replog (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.31.2.9 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.31.2.11 2009/06/19 21:53:42 quanah Exp $
.SH NAME
-slapd-bdb, slapd-hdb \- Berkeley DB backends to slapd
+slapd\-bdb, slapd\-hdb \- Berkeley DB backends to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -83,7 +83,7 @@
.B cryptfile
may be configured.
.TP
-.BI dbconfig \ <Berkeley\-DB\-setting>
+.BI dbconfig \ <Berkeley-DB-setting>
Specify a configuration directive to be placed in the
.B DB_CONFIG
file of the database directory. The
@@ -123,7 +123,7 @@
underlying filesystem's block size (typically 4 or 8).
The maximum that BerkeleyDB supports is 64. This
setting usually should not need to be changed, but if BerkeleyDB's
-"db_stat -d" shows a large amount of overflow pages in use in a file,
+"db_stat \-d" shows a large amount of overflow pages in use in a file,
setting a larger size may increase performance at the expense of
data integrity. This setting only takes effect when a database is
being newly created. See the Berkeley DB reference guide for more details.
@@ -133,7 +133,7 @@
associated indexes live.
A separate directory must be specified for each database.
The default is
-.BR LOCALSTATEDIR/openldap-data .
+.BR LOCALSTATEDIR/openldap\-data .
.TP
.B dirtyread
Allow reads of modified but not yet committed data.
@@ -147,7 +147,10 @@
.BI dncachesize \ <integer>
Specify the maximum number of DNs in the in-memory DN cache. The
default is twice the \fBcachesize\fP. Ideally this cache should be
-large enough to contain the DNs of every entry in the database.
+large enough to contain the DNs of every entry in the database. If
+set to a smaller value than the \fBcachesize\fP it will be silently
+increased to equal the \fBcachesize\fP.
+
It should be noted that the \fBDN cache\fP is allowed to temporarily
grow beyond the configured size. It does this if many entries are
locked when it tries to do a purge, because that means they're
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-config.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-config.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-config.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-CONFIG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.13 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.18 2009/06/27 18:45:36 quanah Exp $
.SH NAME
-slapd-config \- configuration backend to slapd
+slapd\-config \- configuration backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.d
.SH DESCRIPTION
@@ -109,7 +109,7 @@
attribute values.
Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on configuring slapd.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -142,33 +142,32 @@
(subject to access controls, authorization and other administrative limits).
.TP
.B olcArgsFile: <filename>
-The ( absolute ) name of a file that will hold the
+The (absolute) name of a file that will hold the
.B slapd
-server's command line options
-if started without the debugging command line option.
+server's command line (program name and options).
.TP
.B olcAttributeOptions: <option-name>...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B olcAttributeOptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -437,7 +436,7 @@
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -451,7 +450,9 @@
.B olcIdleTimeout: <integer>
Specify the number of seconds to wait before forcibly closing
an idle client connection. A setting of 0 disables this
-feature. The default is 0.
+feature. The default is 0. You may also want to set the
+.B olcWriteTimeout
+option.
.TP
.B olcIndexIntLen: <integer>
Specify the key length for ordered integer indices. The most significant
@@ -600,7 +601,7 @@
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -629,11 +630,10 @@
provides 31 characters of salt.
.TP
.B olcPidFile: <filename>
-The ( absolute ) name of a file that will hold the
+The (absolute) name of a file that will hold the
.B slapd
-server's process ID ( see
-.BR getpid (2)
-) if started without the debugging command line option.
+server's process ID (see
+.BR getpid (2)).
.TP
.B olcPluginLogFile: <filename>
The ( absolute ) name of a file that will contain log
@@ -652,7 +652,7 @@
.B olcReverseLookup: TRUE | FALSE
Enable/disable client name unverified reverse lookup (default is
.BR FALSE
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B olcRootDSE: <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -663,10 +663,15 @@
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
+.B olcSaslAuxprops: <plugin> [...]
+Specify which auxprop plugins to use for authentication lookups. The
+default is empty, which just uses slapd's internal support. Usually
+no other auxprop plugins are needed.
+.TP
.B olcSaslHost: <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
@@ -750,11 +755,12 @@
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
The default is 1.
-.\"ucdata-path is obsolete / ignored...
-.\".TP
-.\".B ucdata-path <path>
-.\"Specify the path to the directory containing the Unicode character
-.\"tables. The default path is DATADIR/ucdata.
+.TP
+.B olcWriteTimeout: <integer>
+Specify the number of seconds to wait before forcibly closing
+a connection with an outstanding write. This allows recovery from
+various network hang conditions. A setting of 0 disables this
+feature. The default is 0.
.SH TLS OPTIONS
If
.B slapd
@@ -770,13 +776,13 @@
To check what ciphers a given spec selects in OpenSSL, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B olcTLSCACertificateFile: <filename>
@@ -887,7 +893,7 @@
.SH DYNAMIC MODULE OPTIONS
If
.B slapd
-is compiled with --enable-modules then the module-related entries will
+is compiled with \-\-enable\-modules then the module-related entries will
be available. These entries are named
.B cn=module{x},cn=config
and
@@ -907,6 +913,8 @@
.B olcModulePath: <pathspec>
Specify a list of directories to search for loadable modules. Typically
the path is colon-separated but this depends on the operating system.
+The default is MODULEDIR, which is where the standard OpenLDAP install
+will place its modules.
.SH SCHEMA OPTIONS
Schema definitions are created as entries in the
.B cn=schema,cn=config
@@ -1017,7 +1025,7 @@
engine generates the "{x}" index in the RDN automatically, so it
can be omitted when initially loading these entries.
-The special frontend database is always numbered "{-1}" and the config
+The special frontend database is always numbered "{\-1}" and the config
database is always numbered "{0}".
.SH GLOBAL DATABASE OPTIONS
@@ -1609,7 +1617,7 @@
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1714,7 +1722,7 @@
parameter. The default is off.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1749,7 +1757,7 @@
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1780,7 +1788,7 @@
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1840,7 +1848,7 @@
objectClass: olcGlobal
cn: config
olcPidFile: LOCALSTATEDIR/run/slapd.pid
-olcAttributeOptions: x-hidden lang-
+olcAttributeOptions: x\-hidden lang\-
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
@@ -1853,9 +1861,9 @@
objectClass: olcFrontendConfig
olcDatabase: frontend
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-olcAccess: to attrs=name;x-hidden by * =cs
+olcAccess: to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
olcAccess: to attrs=userPassword by * auth
# Read access to other attributes and entries.
@@ -1873,11 +1881,11 @@
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
-olcSuffix: "dc=our-domain,dc=com"
+olcSuffix: "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-olcDbDirectory: LOCALSTATEDIR/openldap-data
+olcDbDirectory: LOCALSTATEDIR/openldap\-data
# Indices to maintain
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
@@ -1889,7 +1897,7 @@
objectClass: olcLdapConfig
olcDatabase: ldap
olcSuffix: ""
-olcDbUri: ldap://ldap.some-server.com/
+olcDbUri: ldap://ldap.some\-server.com/
.fi
.RE
.LP
@@ -1898,7 +1906,7 @@
the configuration:
.RS
.nf
-slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif
+slapadd \-F ETCDIR/slapd.d \-n 0 \-l config.ldif
.fi
.RE
@@ -1910,7 +1918,7 @@
format using slapd or any of the slap tools:
.RS
.nf
-slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d
+slaptest \-f ETCDIR/slapd.conf \-F ETCDIR/slapd.d
.fi
.RE
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.11.2.5 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.11.2.6 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-dnssrv \- DNS SRV referral backend to slapd
+slapd\-dnssrv \- DNS SRV referral backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.41.2.12 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.41.2.14 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-ldap \- LDAP backend to slapd
+slapd\-ldap \- LDAP backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -28,7 +28,7 @@
For this purpose, the proxy binds to the remote server with some
administrative identity, and, if required, authorizes the asserted identity.
See the
-.IR idassert- *
+.IR idassert\- *
rules below.
The administrative identity of the proxy, on the remote server, must be
allowed to authorize by means of appropriate
@@ -53,7 +53,7 @@
.BR slapd (8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, one may consider using
-.BR slapd-relay (5)
+.BR slapd\-relay (5)
instead, which performs the relayed operation
internally and thus reuses the same connection.
@@ -94,7 +94,7 @@
argument, resulting in the underlying library automatically
call the first server of the list that responds, e.g.
-\fBuri "ldap://host/ ldap://backup-host/"\fP
+\fBuri "ldap://host/ ldap://backup\-host/"\fP
The URI list is space- or comma-separated.
Whenever the server that responds is not the first one in the list,
@@ -103,16 +103,18 @@
needs be created.
.HP
.hy 0
-.B acl-bind
+.B acl\-bind
.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.B [starttls=no|yes|critical]
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
+.B [tls_protocol_min=<version>]
.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
@@ -129,8 +131,8 @@
.BR simple
bind, with empty \fIbinddn\fP and \fIcredentials\fP,
which means that the related operations will be performed anonymously.
-If not set, and if \fBidassert-bind\fP is defined, this latter identity
-is used instead. See \fBidassert-bind\fP for details.
+If not set, and if \fBidassert\-bind\fP is defined, this latter identity
+is used instead. See \fBidassert\-bind\fP for details.
The connection between the proxy database and the remote server
associated to this identity is cached regardless of the lifespan
@@ -139,13 +141,13 @@
.B This identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-bind
+.B idassert\-bind
feature, instead, in some cases can be crafted to implement that behavior,
which is \fIintrinsically unsafe and should be used with extreme care\fP.
This directive obsoletes
-.BR acl-authcDN ,
+.BR acl\-authcDN ,
and
-.BR acl-passwd .
+.BR acl\-passwd .
The TLS settings default to the same as the main slapd TLS settings,
except for
@@ -154,7 +156,7 @@
.RE
.TP
-.B cancel {ABANDON|ignore|exop[-discover]}
+.B cancel {ABANDON|ignore|exop[\-discover]}
Defines how to handle operation cancellation.
By default,
.B abandon
@@ -164,9 +166,9 @@
no action is taken and any further response is ignored; this may result
in further response messages to be queued for that connection, so it is
recommended that long lasting connections are timed out either by
-.I idle-timeout
+.I idle\-timeout
or
-.IR conn-ttl ,
+.IR conn\-ttl ,
so that resources eventually get released.
If set to
.BR exop ,
@@ -178,24 +180,24 @@
operation waits for remote server response, so its use
may not be recommended.
If set to
-.BR exop-discover ,
+.BR exop\-discover ,
support of the
.I cancel
extended operation is detected by reading the remote server's root DSE.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -207,22 +209,24 @@
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
.B [authz={native|proxyauthz}] [mode=<mode>] [flags=<flags>]
+.B [starttls=no|yes|critical]
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
+.B [tls_protocol_min=<version>]
.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
@@ -237,7 +241,7 @@
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -306,7 +310,7 @@
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -337,7 +341,7 @@
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -352,13 +356,13 @@
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -367,31 +371,31 @@
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
This directive obsoletes
-.BR idassert-authcDN ,
-.BR idassert-passwd ,
-.BR idassert-mode ,
+.BR idassert\-authcDN ,
+.BR idassert\-passwd ,
+.BR idassert\-mode ,
and
-.BR idassert-method .
+.BR idassert\-method .
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
.TP
.B norefs <NO|yes>
@@ -448,11 +452,11 @@
attribute of the database entry in the configuration backend.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -468,7 +472,7 @@
Discards current cached connection when the client rebinds.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -506,13 +510,13 @@
Note: in some cases, this backend may issue binds prior
to other operations (e.g. to bind anonymously or with some prescribed
-identity according to the \fBidassert-bind\fP directive).
+identity according to the \fBidassert\-bind\fP directive).
In this case, the timeout of the operation that resulted in the bind
is used.
.HP
.hy 0
-.B tls {[try-]start|[try-]propagate|ldaps}
+.B tls {[try\-]start|[try\-]propagate|ldaps}
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
@@ -527,7 +531,7 @@
set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.
The TLS settings default to the same as the main slapd TLS settings,
@@ -537,7 +541,7 @@
.RE
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -551,7 +555,7 @@
in future releases.
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
Formerly known as the
.BR binddn ,
it is the DN that is used to query the target server for acl checking;
@@ -560,70 +564,70 @@
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-*
+.B idassert\-*
feature can be used (at own risk) for that purpose instead.
This directive is obsoleted by the
.B binddn
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Formerly known as the
.BR bindpw ,
it is the password used with the above
-.B acl-authcDN
+.B acl\-authcDN
directive.
This directive is obsoleted by the
.B credentials
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-authcDN "<administrative DN for proxyAuthz purposes>"
+.B idassert\-authcDN "<administrative DN for proxyAuthz purposes>"
DN which is used to propagate the client's identity to the target
by means of the proxyAuthz control when the client does not
belong to the DIT fragment that is being proxied by back-ldap.
This directive is obsoleted by the
.B binddn
arg of
-.BR idassert-bind
+.BR idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-passwd <password>
+.B idassert\-passwd <password>
Password used with the
-.B idassert-authcDN
+.B idassert\-authcDN
above.
This directive is obsoleted by the
.B crendentials
arg of
-.B idassert-bind
+.B idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-mode <mode> [<flags>]
+.B idassert\-mode <mode> [<flags>]
defines what type of
.I identity assertion
is used.
This directive is obsoleted by the
.B mode
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
-.B idassert-method <method> [<saslargs>]
+.B idassert\-method <method> [<saslargs>]
This directive is obsoleted by the
.B bindmethod
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
@@ -648,10 +652,10 @@
.B overlay rwm
first, and prefix all rewrite/map statements with
-.B rwm-
+.B rwm\-
to obtain the original behavior.
See
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details.
.\" However, to ease update from existing configurations, back-ldap still
.\" recognizes them and automatically instantiates the
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.14.2.4 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.14.2.5 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-ldbm \- Discontinued LDBM backend to slapd
+slapd\-ldbm \- Discontinued LDBM backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -14,7 +14,7 @@
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-bdb (5),
+.BR slapd\-bdb (5),
.BR slapd.backends (5).
.SH ACKNOWLEDGEMENTS
.so ../Project
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.3.2.5 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.3.2.6 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-ldif \- LDIF backend to slapd
+slapd\-ldif \- LDIF backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -2,13 +2,13 @@
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.46.2.14 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.46.2.16 2009/06/03 01:41:56 quanah Exp $
.\"
.\" Portions of this document should probably be moved to slapd-ldap(5)
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapd-meta \- metadirectory backend to slapd
+slapd\-meta \- metadirectory backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -52,13 +52,13 @@
each connection requires a new thread; as a consequence, \fBslapd\fP(8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, unless the multiple target feature
-is required, one may consider using \fBslapd-relay\fP(5) instead,
+is required, one may consider using \fBslapd\-relay\fP(5) instead,
which performs the relayed operation internally and thus reuses
the same connection.
.SH EXAMPLES
There are examples in various places in this document, as well as in the
-slapd/back-meta/data/ directory in the OpenLDAP source tree.
+slapd/back\-meta/data/ directory in the OpenLDAP source tree.
.SH CONFIGURATION
These
.B slapd.conf
@@ -96,12 +96,12 @@
They are:
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B default-target none
+.B default\-target none
This directive forces the backend to reject all those operations
that must resolve to a single target in case none or multiple
targets are selected.
@@ -113,14 +113,14 @@
specific target as default.
.TP
-.B dncache-ttl {DISABLED|forever|<ttl>}
+.B dncache\-ttl {DISABLED|forever|<ttl>}
This directive sets the time-to-live of the DN cache.
This caches the target that holds a given DN to speed up target
selection in case multiple targets would result from an uncached
search; forever means cache never expires; disabled means no DN
caching; otherwise a valid ( > 0 ) ttl is required, in the format
illustrated for the
-.B idle-timeout
+.B idle\-timeout
directive.
.TP
@@ -170,7 +170,7 @@
overridden by any per-target directive.
.TP
-.B pseudoroot-bind-defer {YES|no}
+.B pseudoroot\-bind\-defer {YES|no}
This directive, when set to
.BR yes ,
causes the authentication to the remote servers with the pseudo-root
@@ -196,11 +196,11 @@
it affects all targets with the same pattern.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -218,7 +218,7 @@
Discards current cached connection when the client rebinds.
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -271,54 +271,54 @@
.RE
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
DN which is used to query the target server for acl checking,
as in the LDAP backend; it is supposed to have read access
on the target server to attributes used on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Password used with the
.B
-acl-authcDN
+acl\-authcDN
above.
.TP
-.B bind-timeout <microseconds>
+.B bind\-timeout <microseconds>
This directive defines the timeout, in microseconds, used when polling
for response after an asynchronous bind connection. The initial call
to ldap_result(3) is performed with a trade-off timeout of 100000 us;
if that results in a timeout exceeded, subsequent calls use the value
provided with
-.BR bind-timeout .
+.BR bind\-timeout .
The default value is used also for subsequent calls if
-.B bind-timeout
+.B bind\-timeout
is not specified.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B default-target [<target>]
-The "default-target" directive can also be used during target specification.
+.B default\-target [<target>]
+The "default\-target" directive can also be used during target specification.
With no arguments it marks the current target as the default.
The optional number marks target <target> as the default one, starting
from 1.
Target <target> must be defined.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -330,22 +330,24 @@
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
.B [authz={native|proxyauthz}] [mode=<mode>] [flags=<flags>]
+.B [starttls=no|yes|critical]
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
+.B [tls_protocol_min=<version>]
.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
@@ -360,7 +362,7 @@
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -429,7 +431,7 @@
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -460,7 +462,7 @@
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -475,13 +477,13 @@
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -490,12 +492,12 @@
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
The value can be specified as
@@ -511,17 +513,17 @@
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend.
See
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -556,12 +558,12 @@
The rewrite options are described in the "REWRITING" section.
.TP
-.B subtree-exclude "<DN>"
+.B subtree\-exclude "<DN>"
This directive instructs back-meta to ignore the current target
for operations whose requestDN is subordinate to
.BR DN .
There may be multiple occurrences of the
-.B subtree-exclude
+.B subtree\-exclude
directive for each of the targets.
.TP
@@ -578,7 +580,7 @@
of the rewrite rules it implies.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -619,12 +621,12 @@
is destroyed, according to RFC4511.
.TP
-.B tls {[try-]start|[try-]propagate}
+.B tls {[try\-]start|[try\-]propagate}
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is highly deprecated.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -955,7 +957,7 @@
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -978,7 +980,7 @@
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -1197,7 +1199,7 @@
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH FILES
.TP
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.9.2.5 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.9.2.6 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-monitor \- Monitor backend to slapd
+slapd\-monitor \- Monitor backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -72,7 +72,7 @@
.LP
.RS
.nf
-configure --enable-monitor
+configure \-\-enable\-monitor
.fi
.RE
.TP
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-NDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.3 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.4 2009/06/03 01:41:56 quanah Exp $
.SH NAME
-slapd-ndb \- MySQL NDB backend to slapd
+slapd\-ndb \- MySQL NDB backend to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-null.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-null.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-NULL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2002-2009 The OpenLDAP Foundation. All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.10.2.5 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.10.2.6 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-null \- Null backend to slapd
+slapd\-null \- Null backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.11.2.4 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.11.2.5 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-passwd \- /etc/passwd backend to slapd
+slapd\-passwd \- /etc/passwd backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-perl.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-perl.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-perl.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD-PERL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-perl.5,v 1.7 2005/07/04 04:57:11 hallvard Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-perl.5,v 1.7.4.1 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-perl \- Perl backend to slapd
+slapd\-perl \- Perl backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -160,7 +160,7 @@
filter in the search request), rather than search results to be
returned directly to the client.
.SH EXAMPLE
-There is an example Perl module `SampleLDAP' in the slapd/back-perl/
+There is an example Perl module `SampleLDAP' in the slapd/back\-perl/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-relay.5,v 1.4.4.3 2009/01/30 20:14:10 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-relay.5,v 1.4.4.4 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-relay \- relay backend to slapd
+slapd\-relay \- relay backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -15,7 +15,7 @@
instance into a virtual naming context, with attributeType
and objectClass manipulation, if required.
It requires the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay.
.LP
This backend and the above mentioned overlay are experimental.
@@ -47,11 +47,11 @@
database does not automatically rewrite the naming context
of requests and responses.
For this purpose, the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay must be explicitly instantiated, and configured
as appropriate.
Usually, the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive suffices if only naming context rewriting is required.
.SH ACCESS RULES
@@ -61,7 +61,7 @@
frontend sees the operation as performed by the identity in the
real naming context.
Moreover, since
-.B back-relay
+.B back\-relay
bypasses the real database frontend operations by short-circuiting
operations through the internal backend API, the original database
access rules do not apply but in selected cases, i.e. when the
@@ -103,7 +103,7 @@
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
To implement a plain virtual naming context mapping
@@ -113,7 +113,7 @@
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
This is useful, for instance, to relay different databases that
@@ -129,21 +129,21 @@
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-rewriteEngine on
- rwm-rewriteContext default
- rwm-rewriteRule "dc=virtual,dc=naming,dc=context"
+ rwm\-rewriteEngine on
+ rwm\-rewriteContext default
+ rwm\-rewriteRule "dc=virtual,dc=naming,dc=context"
"dc=real,dc=naming,dc=context" ":@"
- rwm-rewriteContext searchFilter
- rwm-rewriteContext searchEntryDN
- rwm-rewriteContext searchAttrDN
- rwm-rewriteContext matchedDN
+ rwm\-rewriteContext searchFilter
+ rwm\-rewriteContext searchEntryDN
+ rwm\-rewriteContext searchAttrDN
+ rwm\-rewriteContext matchedDN
.fi
.LP
Note that the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay is instantiated, but the rewrite rules are written explicitly,
rather than automatically as with the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
statement, to map all the virtual to real naming context data flow,
but none of the real to virtual.
.LP
@@ -161,7 +161,7 @@
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
- rwm-suffixmassage "dc=example,dc=com"
+ rwm\-suffixmassage "dc=example,dc=com"
# skip ...
access to dn.subtree="o=Example,c=US"
by dn.exact="cn=Supervisor,dc=example,dc=com" write
@@ -203,5 +203,5 @@
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-rwm (5),
+.BR slapo\-rwm (5),
.BR slapd (8).
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.16.2.6 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.16.2.7 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-shell \- Shell backend to slapd
+slapd\-shell \- Shell backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -78,7 +78,7 @@
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
.fi
.TP
@@ -219,14 +219,14 @@
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example search script in the slapd/back-shell/ directory
+There is an example search script in the slapd/back\-shell/ directory
in the OpenLDAP source tree.
.SH LIMITATIONS
The shell backend does not support threaded environments.
When using the shell backend,
.BR slapd (8)
should be built
-.IR --without-threads .
+.IR \-\-without\-threads .
.SH FILES
.TP
ETCDIR/slapd.conf
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,16 +1,16 @@
.TH SLAPD-SOCK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2007-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sock.5,v 1.3.2.3 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sock.5,v 1.3.2.4 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-sock \- Socket backend to slapd
+slapd\-sock \- Socket backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Socket backend to
.BR slapd (8)
uses an external program to handle queries, similarly to
-.BR slapd-shell (5).
+.BR slapd\-shell (5).
However, in this case the external program listens on a Unix domain socket.
This makes it possible to have a pool of processes, which persist between
requests. This allows multithreaded operation and a higher level of
@@ -40,7 +40,7 @@
be sent and from which replies are received.
.SH PROTOCOL
The protocol is essentially the same as
-.BR slapd-shell (5)
+.BR slapd\-shell (5)
with the addition of a newline to terminate the command parameters. The
following commands are sent:
.RS
@@ -96,7 +96,7 @@
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
<blank line>
.fi
@@ -235,7 +235,7 @@
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example script in the slapd/back-sock/ directory
+There is an example script in the slapd/back\-sock/ directory
in the OpenLDAP source tree.
.SH FILES
.TP
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.26.4.2 2007/08/31 23:13:53 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.26.4.3 2009/06/03 01:41:57 quanah Exp $
.SH NAME
-slapd-sql \- SQL backend to slapd
+slapd\-sql \- SQL backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -23,7 +23,7 @@
used as such with several limitations.
You can take a look at
.B http://www.openldap.org/faq/index.cgi?file=378
-(OpenLDAP FAQ-O-Matic/General LDAP FAQ/Directories vs. conventional
+(OpenLDAP FAQ\-O\-Matic/General LDAP FAQ/Directories vs. conventional
databases) to find out more on this point.
.LP
The idea (detailed below) is to use some meta-information to translate
@@ -110,7 +110,7 @@
meta-information, adding and deleting entries to ldap_entries, etc.
All these and subtree_cond should have the given default values.
For the current value it is recommended to look at the sources,
-or in the log output when slapd starts with "-d 5" or greater.
+or in the log output when slapd starts with "\-d 5" or greater.
Note that the parameter number and order must not be changed.
.TP
@@ -340,7 +340,7 @@
.LP
Almost everything mentioned later is illustrated in examples located
in the
-.B servers/slapd/back-sql/rdbms_depend/
+.B servers/slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree, and contains scripts for
generating sample database for Oracle, MS SQL Server, mySQL and more
(including PostgreSQL and IBM db2).
@@ -672,10 +672,10 @@
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH EXAMPLES
-There are example SQL modules in the slapd/back-sql/rdbms_depend/
+There are example SQL modules in the slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.access.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.access.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.70.2.16 2009/02/02 22:45:18 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.70.2.18 2009/06/27 18:00:32 quanah Exp $
.SH NAME
slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
.SH SYNOPSIS
@@ -196,7 +196,7 @@
and/or
.BR re_format (7),
matching a normalized string representation of the entry's DN.
-The regex form of the pattern does not (yet) support UTF\-8.
+The regex form of the pattern does not (yet) support UTF-8.
.LP
The statement
.B filter=<ldapfilter>
@@ -310,7 +310,7 @@
<groupstyle>={exact|expand}
<peernamestyle>={<style>|ip|ipv6|path}
<domainstyle>={exact|regex|sub(tree)}
- <setstyle>={exact|regex}
+ <setstyle>={exact|expand}
<modifier>={expand}
<name>=aci <pattern>=<attrname>]
.fi
@@ -722,7 +722,7 @@
.LP
.nf
<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage
- <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+
+ <priv> ::= {=|+|\-}{0|d|x|c|s|r|{w|a|z}|m}+
.fi
.LP
The modifier
@@ -798,7 +798,7 @@
The
.B +
and
-.B -
+.B \-
signs add/remove access privileges to the existing ones.
The privileges are
.B m
@@ -927,7 +927,7 @@
the database (see the
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
manual page),
.B add (=a)
will be required on all of the attributes being added.
@@ -1067,12 +1067,12 @@
so it is fully honored by all backends; for all other operations
and for the discovery phase of the search operation,
full ACL semantics is only supported by the primary backends, i.e.
-.BR back-bdb (5),
+.BR back\-bdb (5),
and
-.BR back-hdb (5).
+.BR back\-hdb (5).
Some other backend, like
-.BR back-sql (5),
+.BR back\-sql (5),
may fully support them; others may only support a portion of the
described semantics, or even differ in some aspects.
The relevant details are described in the backend-specific man pages.
@@ -1155,7 +1155,7 @@
default slapd configuration file
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-* (5),
+.BR slapd\-* (5),
.BR slapacl (8),
.BR regex (7),
.BR re_format (7)
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD.BACKENDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.backends.5,v 1.3.2.5 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.backends.5,v 1.3.2.6 2009/06/03 01:41:58 quanah Exp $
.SH NAME
slapd.backends \- backends for slapd, the stand-alone LDAP daemon
.SH DESCRIPTION
@@ -16,7 +16,7 @@
Configuration options for each backend are documented separately in the
corresponding
-.BR slapd-<backend> (5)
+.BR slapd\-<backend> (5)
manual pages.
.TP
.B bdb
@@ -98,7 +98,7 @@
Its use requires the
.B rwm
overlay (see
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details) to rewrite the naming context of the request.
It is primarily intended to implement virtual views on databases
that actually store data.
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.239.2.27 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.239.2.32 2009/06/27 18:45:36 quanah Exp $
.SH NAME
slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
.SH SYNOPSIS
@@ -68,7 +68,7 @@
The specific configuration options available are discussed below in the
Global Configuration Options, General Backend Options, and General Database
Options. Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on the slapd configuration file.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -108,33 +108,32 @@
(subject to access controls, authorization and other administrative limits).
.TP
.B argsfile <filename>
-The ( absolute ) name of a file that will hold the
+The (absolute) name of a file that will hold the
.B slapd
-server's command line options
-if started without the debugging command line option.
+server's command line (program name and options).
.TP
.B attributeoptions [option-name]...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B attributeoptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -163,7 +162,7 @@
description.)
.RE
.TP
-.B authz-policy <policy>
+.B authz\-policy <policy>
Used to specify which rules to use for Proxy Authorization. Proxy
authorization allows a client to authenticate to the server using one
user's credentials, but specify a different identity to use for authorization
@@ -312,7 +311,7 @@
can impact security, users are strongly encouraged
to explicitly set the type of identity specification that is being used.
A subset of these rules can be used as third arg in the
-.B authz-regexp
+.B authz\-regexp
statement (see below); significantly, the
.IR URI ,
provided it results in exactly one entry,
@@ -321,7 +320,7 @@
forms.
.RE
.TP
-.B authz-regexp <match> <replace>
+.B authz\-regexp <match> <replace>
Used by the authentication framework to convert simple user names,
such as provided by SASL subsystem, or extracted from certificates
in case of cert-based SASL EXTERNAL, or provided within the RFC 4370
@@ -382,7 +381,7 @@
the authentication identity must have "auth" access in the subject.
Multiple
-.B authz-regexp
+.B authz\-regexp
options can be given in the configuration file to allow for multiple matching
and replacement patterns. The matching patterns are checked in the order they
appear in the file, stopping at the first successful match.
@@ -459,7 +458,7 @@
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -473,7 +472,9 @@
.B idletimeout <integer>
Specify the number of seconds to wait before forcibly closing
an idle client connection. A idletimeout of 0 disables this
-feature. The default is 0.
+feature. The default is 0. You may also want to set the
+.B writetimeout
+option.
.TP
.B include <filename>
Read additional configuration information from the given file before
@@ -521,7 +522,7 @@
.hy 0
.B ldapsyntax "(\ <oid>\
[DESC\ <description>]\
- [X-SUBST <substitute\-syntax>]\ )"
+ [X\-SUBST <substitute-syntax>]\ )"
.RS
Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
@@ -530,20 +531,20 @@
.B objectidentifier
description.)
The slapd parser also honors the
-.B X-SUBST
+.B X\-SUBST
extension (an OpenLDAP-specific extension), which allows to use the
.B ldapsyntax
statement to define a non-implemented syntax along with another syntax,
the extension value
-.IR substitute\-syntax ,
+.IR substitute-syntax ,
as its temporary replacement.
The
-.I substitute\-syntax
+.I substitute-syntax
must be defined.
This allows to define attribute types that make use of non-implemented syntaxes
using the correct syntax OID.
Unless
-.B X-SUBST
+.B X\-SUBST
is used, this configuration statement would result in an error,
since no handlers would be associated to the resulting syntax structure.
.RE
@@ -657,7 +658,7 @@
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -679,11 +680,13 @@
.B modulepath
option. This option and the
.B modulepath
-option are only usable if slapd was compiled with --enable-modules.
+option are only usable if slapd was compiled with \-\-enable\-modules.
.TP
.B modulepath <pathspec>
Specify a list of directories to search for loadable modules. Typically
the path is colon-separated but this depends on the operating system.
+The default is MODULEDIR, which is where the standard OpenLDAP install
+will place its modules.
.HP
.hy 0
.B objectclass "(\ <oid>\
@@ -709,7 +712,7 @@
name can also be used with a suffix of the form ":xx" in which case the
value "oid.xx" will be used.
.TP
-.B password-hash <hash> [<hash>...]
+.B password\-hash <hash> [<hash>...]
This option configures one or more hashes to be used in generation of user
passwords stored in the userPassword attribute during processing of
LDAP Password Modify Extended Operations (RFC 3062).
@@ -763,11 +766,10 @@
provides 31 characters of salt.
.TP
.B pidfile <filename>
-The ( absolute ) name of a file that will hold the
+The (absolute) name of a file that will hold the
.B slapd
-server's process ID ( see
-.BR getpid (2)
-) if started without the debugging command line option.
+server's process ID (see
+.BR getpid (2)).
.TP
.B referral <url>
Specify the referral to pass back when
@@ -798,10 +800,10 @@
set conditions within a particular database); it must occur first
in the list of conditions.
.TP
-.B reverse-lookup on | off
+.B reverse\-lookup on | off
Enable/disable client name unverified reverse lookup (default is
.BR off
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B rootDSE <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -812,17 +814,22 @@
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
-.B sasl-host <fqdn>
+.B sasl\-auxprops <plugin> [...]
+Specify which auxprop plugins to use for authentication lookups. The
+default is empty, which just uses slapd's internal support. Usually
+no other auxprop plugins are needed.
+.TP
+.B sasl\-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
-.B sasl-realm <realm>
+.B sasl\-realm <realm>
Specify SASL realm. Default is empty.
.TP
-.B sasl-secprops <properties>
+.B sasl\-secprops <properties>
Used to specify Cyrus SASL security properties.
The
.B none
@@ -873,7 +880,7 @@
.B security <factors>
Specify a set of security strength factors (separated by white space)
to require (see
-.BR sasl-secprops 's
+.BR sasl\-secprops 's
.B minssf
option for a description of security strength factors).
The directive may be specified globally and/or per-database.
@@ -973,7 +980,7 @@
.BR limits
for an explanation of the different flags.
.TP
-.B tool-threads <integer>
+.B tool\-threads <integer>
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
The default is 1.
@@ -982,6 +989,12 @@
.\".B ucdata-path <path>
.\"Specify the path to the directory containing the Unicode character
.\"tables. The default path is DATADIR/ucdata.
+.TP
+.B writetimeout <integer>
+Specify the number of seconds to wait before forcibly closing
+a connection with an outstanding write. This allows recovery from
+various network hang conditions. A writetimeout of 0 disables this
+feature. The default is 0.
.SH TLS OPTIONS
If
.B slapd
@@ -997,13 +1010,13 @@
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
@@ -1512,7 +1525,7 @@
(suffix) of the database.
This option accepts all RFC 2307 userPassword formats known to
the server (see
-.B password-hash
+.B password\-hash
description) as well as cleartext.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
@@ -1593,7 +1606,7 @@
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1710,7 +1723,7 @@
replication is used.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1746,7 +1759,7 @@
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1782,7 +1795,7 @@
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1822,10 +1835,10 @@
pidfile LOCALSTATEDIR/run/slapd.pid
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-attributeoptions x-hidden lang-
-access to attrs=name;x-hidden by * =cs
+attributeoptions x\-hidden lang\-
+access to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
access to attrs=userPassword by * auth
@@ -1833,11 +1846,11 @@
access to * by * read
database bdb
-suffix "dc=our-domain,dc=com"
+suffix "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap-data
+directory LOCALSTATEDIR/openldap\-data
# Indices to maintain
index objectClass eq
index cn,sn,mail pres,eq,approx,sub
@@ -1846,7 +1859,7 @@
# so handle remote lookups on their behalf.
database ldap
suffix ""
-uri ldap://ldap.some-server.com/
+uri ldap://ldap.some\-server.com/
lastmod off
.fi
.RE
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
.TH SLAPD.OVERLAYS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.overlays.5,v 1.4.2.4 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.overlays.5,v 1.4.2.5 2009/06/03 01:41:58 quanah Exp $
.SH NAME
slapd.overlays \- overlays for slapd, the stand-alone LDAP daemon
.SH DESCRIPTION
@@ -16,7 +16,7 @@
Configuration options for each overlay are documented separately in the
corresponding
-.BR slapo-<overlay> (5)
+.BR slapo\-<overlay> (5)
manual pages.
.TP
.B accesslog
@@ -61,9 +61,9 @@
Proxycache.
This overlay allows caching of LDAP search requests in a local database.
It is most often used with the
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
or
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
backends.
.TP
.B ppolicy
@@ -75,7 +75,7 @@
.B refint
Referential Integrity.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference
attributes.
.TP
@@ -99,7 +99,7 @@
.B translucent
Translucent Proxy.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy".
Content of entries retrieved from a remote LDAP server can be partially
overridden by the database.
@@ -107,7 +107,7 @@
.B unique
Attribute Uniqueness.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a subtree.
.TP
.B valsort
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -38,7 +38,7 @@
...
.fi
.LP
-If slapd is compiled with \fI--enable-slapi\fP, support for plugins
+If slapd is compiled with \fI\-\-enable\-slapi\fP, support for plugins
according to \fINetscape's Directory Server Plug-Ins\fP.
Version 4 of the API is currently implemented, with some extensions
from version 5.
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-ACCESSLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.9.2.7 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.9.2.8 2009/06/03 01:41:58 quanah Exp $
.SH NAME
-slapo-accesslog \- Access Logging overlay to slapd
+slapo\-accesslog \- Access Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -256,11 +256,11 @@
.RS
.PD 0
.TP
-attribute:<+|-|=|#> [ value]
+attribute:<+|\-|=|#> [ value]
.RE
.RE
.PD
-Where '+' indicates an Add of a value, '-' for Delete, '=' for Replace,
+Where '+' indicates an Add of a value, '\-' for Delete, '=' for Replace,
and '#' for Increment. In an Add operation, all of the reqMod values will
have the '+' designator.
.P
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.3.2.6 2009/01/22 00:00:50 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.3.2.7 2009/06/03 01:41:58 quanah Exp $
.SH NAME
-slapo-auditlog \- Audit Logging overlay to slapd
+slapo\-auditlog \- Audit Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.TP
@@ -57,4 +57,4 @@
default slapd configuration directory
.SH SEE ALSO
.BR slapd.conf (5),
-.BR slapd-config(5).
+.BR slapd\-config(5).
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.10.2.6 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.10.2.7 2009/06/03 01:41:58 quanah Exp $
.SH NAME
-slapo-chain \- chain overlay to slapd
+slapo\-chain \- chain overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -18,7 +18,7 @@
that identity can be asserted while chasing the referrals
by means of the \fIidentity assertion\fP feature of back-ldap
(see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details), which is essentially based on the
.B proxied authorization
control [RFC 4370].
@@ -39,7 +39,7 @@
related to the instances of the \fIldap\fP backend that may be implicitly
instantiated by the overlay may assume a special meaning when used
in conjunction with this overlay. They are described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
and they also need to be prefixed by
.BR chain\- .
.TP
@@ -47,21 +47,21 @@
This directive adds the chain overlay to the current backend.
The chain overlay may be used with any backend, but it is mainly
intended for use with local storage backends that may return referrals.
-It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP
+It is useless in conjunction with the \fIslapd\-ldap\fP and \fIslapd\-meta\fP
backends because they already exploit the libldap specific referral chase
feature.
[Note: this may change in the future, as the \fBldap\fP(5) and
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
.TP
-.B chain-cache-uri {FALSE|true}
+.B chain\-cache\-uri {FALSE|true}
This directive instructs the \fIchain\fP overlay to cache
connections to URIs parsed out of referrals that are not predefined,
to be reused for later chaining.
These URIs inherit the properties configured for the underlying
-\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+\fBslapd\-ldap\fP(5) before any occurrence of the \fBchain\-uri\fP
directive; basically, they are chained anonymously.
.TP
-.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
+.B chain\-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details)
with the desired resolve and continuation behaviors and criticality.
@@ -79,12 +79,12 @@
If the \fBcritical\fP flag affects the control criticality if provided.
[This control is experimental and its support may change in the future.]
.TP
-.B chain-max-depth <n>
+.B chain\-max\-depth <n>
In case a referral is returned during referral chasing, further chasing
occurs at most \fB<n>\fP levels deep. Set to \fB1\fP (the default)
to disable further referral chasing.
.TP
-.B chain-return-error {FALSE|true}
+.B chain\-return\-error {FALSE|true}
In case referral chasing fails, the real error is returned instead
of the original referral. In case multiple referral URIs are present,
only the first error is returned. This behavior may not be always
@@ -92,12 +92,12 @@
better resolved by the client (e.g. when caused by distributed
authentication issues).
.TP
-.B chain-uri <ldapuri>
+.B chain\-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.
-As opposed to what stated in \fBslapd-ldap\fP(5), only one URI
-can appear after this directive; all subsequent \fBslapd-ldap\fP(5)
-directives prefixed by \fBchain-\fP refer to this specific instance
+As opposed to what stated in \fBslapd\-ldap\fP(5), only one URI
+can appear after this directive; all subsequent \fBslapd\-ldap\fP(5)
+directives prefixed by \fBchain\-\fP refer to this specific instance
of a remote server.
.LP
@@ -107,17 +107,17 @@
.RS
.nf
overlay chain
-chain-rebind-as-user FALSE
+chain\-rebind\-as\-user FALSE
-chain-uri "ldap://ldap1.example.com"
-chain-rebind-as-user TRUE
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap1.example.com"
+chain\-rebind\-as\-user TRUE
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="self"
-chain-uri "ldap://ldap2.example.com"
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap2.example.com"
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="none"
@@ -126,14 +126,14 @@
.RE
.LP
Any valid directives for the ldap database may be used; see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details.
-Multiple occurrences of the \fBchain-uri\fP directive may appear,
+Multiple occurrences of the \fBchain\-uri\fP directive may appear,
to define multiple "trusted" URIs where operations with
\fIidentity assertion\fP are chained.
All URIs not listed in the configuration are chained anonymously.
-All \fBslapd-ldap\fP(5) directives appearing before the first
-occurrence of \fBchain-uri\fP are inherited by all URIs,
+All \fBslapd\-ldap\fP(5) directives appearing before the first
+occurrence of \fBchain\-uri\fP are inherited by all URIs,
unless specifically overridden inside each URI configuration.
.SH FILES
.TP
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-COLLECT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2003-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.3 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.4 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-collect \- Collective attributes overlay to slapd
+slapo\-collect \- Collective attributes overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -43,7 +43,7 @@
.BR slapd.conf (5),
.BR slapd\-config (5),
The
-.BR slapo-collect (5)
+.BR slapo\-collect (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -2,9 +2,9 @@
.\" Copyright 2005-2006 Hewlett-Packard Company
.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-constraint.5,v 1.2.2.15 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-constraint.5,v 1.2.2.17 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-constraint \- Attribute Constraint Overlay to slapd
+slapo\-constraint \- Attribute Constraint Overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -35,7 +35,7 @@
.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
Specifies the constraint which should apply to the comma-separated
attribute list named as the first parameter.
-Two types of constraint are currently supported -
+Five types of constraint are currently supported -
.BR regex ,
.BR size ,
.BR count ,
@@ -122,7 +122,11 @@
.B title
attribute of any
.B titleCatalog
-entries in the given scope.
+entries in the given scope. (Note that the
+"dc=catalog,dc=example,dc=com" subtree ought to reside
+in a separate database, otherwise the initial set of
+titleCatalog entries could not be populated while the
+constraint is in effect.)
Finally, it requires the values of the attribute
.B cn
to be constructed by pairing values of the attributes
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-DDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dds.5,v 1.1.2.8 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dds.5,v 1.1.2.9 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-dds \- Dynamic Directory Services overlay to slapd
+slapo\-dds \- Dynamic Directory Services overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -131,7 +131,7 @@
By default, no limit is set.
.TP
-.B dds-state {TRUE|false}
+.B dds\-state {TRUE|false}
Specifies if the Dynamic Directory Services feature is enabled or not.
By default it is; however, a proxy does not need to keep track of dynamic
objects itself, it only needs to inform the frontend that support for
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-DYNGROUP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dyngroup.5,v 1.2.2.4 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dyngroup.5,v 1.2.2.5 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-dyngroup \- Dynamic Group overlay to slapd
+slapo\-dyngroup \- Dynamic Group overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-DYNLIST 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.7.2.7 2009/01/30 20:08:05 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.7.2.8 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-dynlist \- Dynamic List overlay to slapd
+slapo\-dynlist \- Dynamic List overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -20,7 +20,7 @@
No recursion is allowed, to avoid potential infinite loops.
The resulting entry must comply with the LDAP data model, so constraints
are enforced.
-For example, if a \fISINGLE-VALUE\fP attribute is listed,
+For example, if a \fISINGLE\-VALUE\fP attribute is listed,
only the first value results in the final entry.
The above described behavior is disabled when the \fImanageDSAit\fP
control (RFC 3296) is used.
@@ -50,9 +50,9 @@
.B overlay
directive.
.TP
-.B dynlist-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
+.B dynlist\-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
The value
-.B group-oc
+.B group\-oc
is the name of the objectClass that triggers the dynamic expansion of the
data.
@@ -141,7 +141,7 @@
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL
+ dynlist\-attrset groupOfURLs memberURL
.fi
.LP
and that slapd loads dynlist.la, if compiled as a run-time module;
@@ -170,7 +170,7 @@
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL member
+ dynlist\-attrset groupOfURLs memberURL member
.fi
.LP
@@ -195,7 +195,7 @@
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-dynlist (5)
+.BR slapo\-dynlist (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-MEMBEROF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-memberof.5,v 1.1.2.5 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-memberof.5,v 1.1.2.6 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-memberof \- Reverse Group Membership overlay to slapd
+slapo\-memberof \- Reverse Group Membership overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -36,7 +36,7 @@
configuration options are defined for the memberofoverlay.
.TP
-.BI memberof-group-oc \ <group-oc>
+.BI memberof\-group\-oc \ <group-oc>
The value
.I <group-oc>
is the name of the objectClass that triggers the reverse group membership
@@ -44,7 +44,7 @@
It defaults to \fIgroupOfNames\fP.
.TP
-.BI memberof-member-ad \ <member-ad>
+.BI memberof\-member\-ad \ <member-ad>
The value
.I <member-ad>
is the name of the attribute that contains the names of the members
@@ -52,7 +52,7 @@
It defaults to \fImember\fP.
.TP
-.BI memberof-memberof-ad \ <memberof-ad>
+.BI memberof\-memberof\-ad \ <memberof-ad>
The value
.I <memberof-ad>
is the name of the attribute that contains the names of the groups
@@ -61,7 +61,7 @@
It defaults to \fImemberOf\fP.
.TP
-.BI memberof-dn \ <dn>
+.BI memberof\-dn \ <dn>
The value
.I <dn>
contains the DN that is used as \fImodifiersName\fP for internal
@@ -69,7 +69,7 @@
It defaults to the \fIrootdn\fP of the underlying database.
.TP
-.BI "memberof-dangling {" ignore ", " drop ", " error "}"
+.BI "memberof\-dangling {" ignore ", " drop ", " error "}"
This option determines the behavior of the overlay when, during
a modification, it encounters dangling references.
The default is
@@ -84,9 +84,9 @@
to fail.
.TP
-.BI memberof-dangling-error \ <error-code>
+.BI memberof\-dangling\-error \ <error-code>
If
-.BR memberof-dangling
+.BR memberof\-dangling
is set to
.IR error ,
this configuration parameter can be used to modify the response code
@@ -94,7 +94,7 @@
but other implementations are known to return "no such object" instead.
.TP
-.BI "memberof-refint {" true "|" FALSE "}"
+.BI "memberof\-refint {" true "|" FALSE "}"
This option determines whether the overlay will try to preserve
referential integrity or not.
If set to
@@ -116,7 +116,7 @@
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-memberof (5)
+.BR slapo\-memberof (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -2,9 +2,9 @@
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.14.2.9 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.14.2.10 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-pcache \- proxycache overlay to slapd
+slapo\-pcache \- proxycache overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -71,7 +71,7 @@
.TP
.B proxyattrset <index> <attrs...>
Used to associate a set of attributes <attrs..> with an <index>. Each attribute
-set is associated with an integer from 0 to <numattrsets>-1. These indices are
+set is associated with an integer from 0 to <numattrsets>\-1. These indices are
used by the \fBproxytemplate\fP directive to define cacheable templates.
A set of attributes cannot be empty. A set of attributes can contain the
special attributes "*" (all user attributes), "+" (all operational attributes)
@@ -121,7 +121,7 @@
Results hitting a sizelimit are not cached by default (<limitttl> set to 0).
.TP
-.B response-callback { head | tail }
+.B response\-callback { head | tail }
Specifies whether the response callback should be placed at the
.B tail
(the default) or at the
@@ -219,11 +219,11 @@
proxy caching be used in conjunction with the
.I identity assertion
feature of
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
(see the
-.B idassert-bind
+.B idassert\-bind
and the
-.B idassert-authz
+.B idassert\-authz
statements), so that remote server interrogation occurs with a vanilla identity
that has some relatively high
.B search
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.12.2.10 2009/01/30 20:13:42 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.12.2.12 2009/07/01 20:44:21 quanah Exp $
.SH NAME
-slapo-ppolicy \- Password Policy overlay to slapd
+slapo\-ppolicy \- Password Policy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -17,7 +17,7 @@
use of a backend database, changes to user password fields, etc.
.P
The overlay provides a variety of password control mechanisms. They
-include password aging--both minimum and maximum ages, password
+include password aging -- both minimum and maximum ages, password
reuse and duplication control, account time-outs, mandatory password
resets, acceptable password content, and even grace logins.
Different groups of users may be associated with different password
@@ -49,6 +49,17 @@
set on a given user's entry. If there is no specific policy for an entry
and no default is given, then no policies will be enforced.
.TP
+.B ppolicy_forward_updates
+Specify that policy state changes that result from Bind operations (such
+as recording failures, lockout, etc.) on a consumer should be forwarded
+to a master instead of being written directly into the consumer's local
+database. This setting is only useful on a replication consumer, and
+also requires the
+.B updateref
+setting and
+.B chain
+overlay to be appropriately configured.
+.TP
.B ppolicy_hash_cleartext
Specify that cleartext passwords present in Add and Modify requests should
be hashed before being stored in the database. This violates the X.500/LDAP
@@ -159,7 +170,7 @@
NAME 'pwdMinAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxAge
@@ -173,7 +184,7 @@
NAME 'pwdMaxAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdInHistory
@@ -196,7 +207,7 @@
NAME 'pwdInHistory'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckQuality
@@ -217,7 +228,7 @@
NAME 'pwdCheckQuality'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMinLength
@@ -245,7 +256,7 @@
NAME 'pwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdExpireWarning
@@ -261,7 +272,7 @@
NAME 'pwdExpireWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdGraceAuthnLimit
@@ -277,7 +288,7 @@
NAME 'pwdGraceAuthnLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockout
@@ -303,7 +314,7 @@
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockoutDuration
@@ -327,7 +338,7 @@
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxFailure
@@ -351,7 +362,7 @@
NAME 'pwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdFailureCountInterval
@@ -369,7 +380,7 @@
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMustChange
@@ -391,7 +402,7 @@
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdAllowUserChange
@@ -408,7 +419,7 @@
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdSafeModify
@@ -426,7 +437,7 @@
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckModule
@@ -473,7 +484,7 @@
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.P
Note:
@@ -546,8 +557,8 @@
this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -567,8 +578,8 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -588,8 +599,8 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -623,7 +634,7 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation )
.RE
@@ -677,7 +688,7 @@
DESC 'The history of user passwords'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
EQUALITY octetStringMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -701,7 +712,7 @@
DESC 'The timestamps of the grace login once the password has expired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -723,7 +734,7 @@
been reset'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE
+ SINGLE\-VALUE
USAGE directoryOperation)
.RE
@@ -733,7 +744,7 @@
.nf
database bdb
suffix dc=example,dc=com
-\...
+\|...
overlay ppolicy
ppolicy_default "cn=Standard,ou=Policies,dc=example,dc=com"
.fi
@@ -742,7 +753,8 @@
.SH SEE ALSO
.BR ldap (3),
.BR slapd.conf (5),
-.BR slapd\-config (5).
+.BR slapd\-config (5),
+.BR slapo\-chain (5).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.LP
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,14 +1,14 @@
.TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.5.2.7 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.5.2.8 2009/06/03 01:41:59 quanah Exp $
.SH NAME
-slapo-refint \- Referential Integrity overlay to slapd
+slapo\-refint \- Referential Integrity overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Referential Integrity overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference attributes.
.LP
Integrity is maintained by updating database records which contain the named
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -2,9 +2,9 @@
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.9.2.8 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.9.2.9 2009/06/03 01:42:00 quanah Exp $
.SH NAME
-slapo-retcode \- return code overlay to slapd
+slapo\-retcode \- return code overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -58,7 +58,7 @@
.hy 0
.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
.B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
-.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}-]disconnect[,...]]
+.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}\-]disconnect[,...]]
.RS
A dynamically generated entry, located below \fBretcode\-parent\fP.
The \fBerrCode\fP is the number of the response code;
@@ -79,9 +79,9 @@
of an RFC 4511 unsolicited response message; if \fBOID\fP
is not "0", an extended response is generated, with the optional
\fBdata\fP appended.
-If \fBflags\fP contains \fBdisconnect\fP, or \fBpre-disconnect\fP,
+If \fBflags\fP contains \fBdisconnect\fP, or \fBpre\-disconnect\fP,
.BR slapd (8)
-disconnects abruptly, without notice; \fBpost-disconnect\fP
+disconnects abruptly, without notice; \fBpost\-disconnect\fP
causes disconnection right after sending response as appropriate.
.RE
.TP
@@ -89,7 +89,7 @@
Enables exploitation of in-directory stored errAbsObject.
May result in a lot of unnecessary overhead.
.TP
-.B retcode\-sleep [-]<n>
+.B retcode\-sleep [\-]<n>
Defines a sleep time in seconds that is spent before actually handling
any operation.
If negative, a random time between 0 and the absolute value of the argument
@@ -119,7 +119,7 @@
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The operations that trigger the response code:
@@ -140,7 +140,7 @@
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The sleep time before the response is actually returned to the client:
@@ -150,7 +150,7 @@
DESC 'Time to wait before returning the error'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The matched DN returned to the client:
@@ -160,7 +160,7 @@
DESC 'Value to be returned as matched DN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The OID to be returned as extended response OID
@@ -172,7 +172,7 @@
DESC 'OID to be returned within unsolicited response'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The octet string to be returned as extended response data
@@ -182,7 +182,7 @@
NAME ( 'errUnsolicitedData' )
DESC 'Data to be returned within unsolicited response'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
If TRUE,
@@ -194,7 +194,7 @@
NAME ( 'errDisconnect' )
DESC 'Disconnect without notice'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The abstract class that triggers the overlay:
@@ -226,15 +226,15 @@
.RS
.nf
overlay retcode
-retcode-parent "ou=RetCodes,dc=example,dc=com"
+retcode\-parent "ou=RetCodes,dc=example,dc=com"
# retcode.conf is found in tests/data/ of the source tree
include ./retcode.conf
# Wait 10 seconds, then return success (0x00)
-retcode-item "cn=Success after 10 seconds" 0x00 sleeptime=10
+retcode\-item "cn=Success after 10 seconds" 0x00 sleeptime=10
# Wait 10 seconds, then return timelimitExceeded (0x03)
-retcode-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
+retcode\-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
.fi
.RE
.LP
@@ -249,7 +249,7 @@
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-retcode (5)
+.BR slapo\-retcode (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -2,13 +2,13 @@
.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.14.2.8 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.14.2.10 2009/06/03 01:42:00 quanah Exp $
.\"
.\" Portions of this document should probably be moved to slapd-ldap(5)
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapo-rwm \- rewrite/remap overlay to slapd
+slapo\-rwm \- rewrite/remap overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -19,9 +19,9 @@
performs basic DN/data rewrite and objectClass/attributeType mapping.
Its usage is mostly intended to provide virtual views of existing data
either remotely, in conjunction with the proxy backend described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
or locally, in conjunction with the relay backend described in
-.BR slapd-relay (5).
+.BR slapd\-relay (5).
.LP
This overlay is experimental.
.SH MAPPING
@@ -30,10 +30,10 @@
overlay is the capability to map objectClasses and attributeTypes
from the local set (or a subset of it) to a foreign set, and vice versa.
This is accomplished by means of the
-.B rwm-map
+.B rwm\-map
directive.
.TP
-.B rwm-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
+.B rwm\-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
Map attributeTypes and objectClasses from the foreign server to
different values on the local slapd.
The reason is that some attributes might not be part of the local
@@ -51,8 +51,8 @@
must be defined in the local schema; the foreign ones do not have to,
but users are encouraged to explicitly define the remote attributeTypes
and the objectClasses they intend to map. All in all, when remapping
-a remote server via back-ldap (\fBslapd-ldap\fP(5))
-or back-meta (\fBslapd-meta\fP(5))
+a remote server via back-ldap (\fBslapd\-ldap\fP(5))
+or back-meta (\fBslapd\-meta\fP(5))
their definition can be easily obtained by querying the \fIsubschemaSubentry\fP
of the remote server; the problem should not exist when remapping a local
database.
@@ -80,28 +80,41 @@
overlay is used together with e.g. the
.B pcache
overlay. This normalization can be enabled by means of the
-.B rwm-normalize-mapped-attrs
+.B rwm\-normalize\-mapped\-attrs
directive.
.TP
-.B rwm-normalize-mapped-attrs {yes|no}
+.B rwm\-normalize\-mapped\-attrs {yes|no}
Set this to "yes", if the
.B rwm
overlay should try to normalize the values of attributes that are mapped from
an attribute type that is unknown to the local server. The default value of
this setting is "no".
+.TP
+.B rwm-drop-unrequested-attrs {yes|no}
+Set this to "yes", if the
+.B rwm
+overlay should drop attributes that are not explicitly requested
+by a search operation.
+When this is set to "no", the
+.B rwm
+overlay will leave all attributes in place, so that subsequent modules
+can further manipulate them.
+In any case, unrequested attributes will be omitted from search results
+by the frontend, when the search entry response package is encoded.
+The default value of this setting is "yes".
.SH SUFFIX MASSAGING
A basic feature of the
.B rwm
overlay is the capability to perform suffix massaging between a virtual
and a real naming context by means of the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive.
This, in conjunction with proxy backends,
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5),
+.BR slapd\-meta (5),
or with the relay backend,
-.BR slapd-relay (5),
+.BR slapd\-relay (5),
allows to create virtual views of databases.
A distinguishing feature of this overlay is that, when instantiated
before any database, it can modify the DN of requests
@@ -111,7 +124,7 @@
or the subschemaSubentry DN (usually "cn=subschema"),
would prevent clients from reading the root DSE or the DSA's schema.
.TP
-.B rwm-suffixmassage "[<virtual naming context>]" "<real naming context>"
+.B rwm\-suffixmassage "[<virtual naming context>]" "<real naming context>"
Shortcut to implement naming context rewriting; the trailing part
of the DN is rewritten from the virtual to the real naming context
in the bindDN, searchDN, searchFilterAttrDN, compareDN, compareAttrDN,
@@ -122,14 +135,14 @@
and for the referralAttrDN and referralDN rewrite contexts.
If no \fI<virtual naming context>\fP is given, the first suffix of the
database is used; this requires the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive be defined \fIafter\fP the database
.B suffix
directive.
The
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive automatically sets the
-.B rwm-rewriteEngine
+.B rwm\-rewriteEngine
to
.BR ON .
.LP
@@ -170,7 +183,7 @@
flags; see "Action Flags" for details.
A default limit on the recursion level is set, and can be altered
by the
-.B rwm-rewriteMaxPasses
+.B rwm\-rewriteMaxPasses
directive, as detailed in the "Additional Configuration Syntax" section.
The substitution pattern allows map resolution of substrings.
A map is a generic object that maps a substitution pattern to a value.
@@ -337,7 +350,7 @@
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -363,7 +376,7 @@
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -381,20 +394,20 @@
.LP
.SH "Basic Configuration Syntax"
All rewrite/remap directives start with the prefix
-.BR rwm- ;
+.BR rwm\- ;
for backwards compatibility with the historical
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
builtin rewrite/remap capabilities, the prefix may be omitted,
but this practice is strongly discouraged.
.TP
-.B rwm-rewriteEngine { on | off }
+.B rwm\-rewriteEngine { on | off }
If `on', the requested rewriting is performed; if `off', no
rewriting takes place (an easy way to stop rewriting without
altering too much the configuration file).
.TP
-.B rwm-rewriteContext <context name> "[ alias <aliased context name> ]"
+.B rwm\-rewriteContext <context name> "[ alias <aliased context name> ]"
<Context name> is the name that identifies the context, i.e. the name
used by the application to refer to the set of rules it contains.
It is used also to reference sub contexts in string rewriting.
@@ -402,21 +415,21 @@
In this case the alias context contains no rule, and any reference to
it will result in accessing the aliased one.
.TP
-.B rwm-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
+.B rwm\-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
Determines how a string can be rewritten if a pattern is matched.
Examples are reported below.
.SH "Additional Configuration Syntax"
.TP
-.B rwm-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
+.B rwm\-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
Allows to define a map that transforms substring rewriting into
something else.
The map is referenced inside the substitution pattern of a rule.
.TP
-.B rwm-rewriteParam <param name> <param value>
+.B rwm\-rewriteParam <param name> <param value>
Sets a value with global scope, that can be dereferenced by the
command `${$paramName}'.
.TP
-.B rwm-rewriteMaxPasses <number of passes> [<number of passes per rule>]
+.B rwm\-rewriteMaxPasses <number of passes> [<number of passes per rule>]
Sets the maximum number of total rewriting passes that can be
performed in a single rewrite operation (to avoid loops).
A safe default is set to 100; note that reaching this limit is still
@@ -488,51 +501,51 @@
.SH "REWRITE CONFIGURATION EXAMPLES"
.nf
# set to `off' to disable rewriting
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# the rules the "suffixmassage" directive implies
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# all dataflow from client to server referring to DNs
-rwm-rewriteContext default
-rwm-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
# empty filter rule
-rwm-rewriteContext searchFilter
+rwm\-rewriteContext searchFilter
# all dataflow from server to client
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
-rwm-rewriteContext searchAttrDN alias searchEntryDN
-rwm-rewriteContext matchedDN alias searchEntryDN
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
+rwm\-rewriteContext searchAttrDN alias searchEntryDN
+rwm\-rewriteContext matchedDN alias searchEntryDN
# misc empty rules
-rwm-rewriteContext referralAttrDN
-rwm-rewriteContext referralDN
+rwm\-rewriteContext referralAttrDN
+rwm\-rewriteContext referralDN
# Everything defined here goes into the `default' context.
# This rule changes the naming context of anything sent
# to `dc=home,dc=net' to `dc=OpenLDAP, dc=org'
-rwm-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
"$1dc=OpenLDAP, dc=org" ":"
# since a pretty/normalized DN does not include spaces
# after rdn separators, e.g. `,', this rule suffices:
-rwm-rewriteRule "(.+,)?dc=home,dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,dc=net$"
"$1dc=OpenLDAP,dc=org" ":"
# Start a new context (ends input of the previous one).
# This rule adds blanks between DN parts if not present.
-rwm-rewriteContext addBlanks
-rwm-rewriteRule "(.*),([^ ].*)" "$1, $2"
+rwm\-rewriteContext addBlanks
+rwm\-rewriteRule "(.*),([^ ].*)" "$1, $2"
# This one eats blanks
-rwm-rewriteContext eatBlanks
-rwm-rewriteRule "(.*), (.*)" "$1,$2"
+rwm\-rewriteContext eatBlanks
+rwm\-rewriteRule "(.*), (.*)" "$1,$2"
# Here control goes back to the default rewrite
# context; rules are appended to the existing ones.
# anything that gets here is piped into rule `addBlanks'
-rwm-rewriteContext default
-rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule ".*" "${>addBlanks($0)}" ":"
.\" # Anything with `uid=username' is looked up in
.\" # /etc/passwd for gecos (I know it's nearly useless,
@@ -541,29 +554,29 @@
.\" # Note the `I' flag that leaves `uid=username' in place
.\" # if `username' does not have a valid account, and the
.\" # `:' that forces the rule to be processed exactly once.
-.\" rwm-rewriteContext uid2Gecos
-.\" rwm-rewriteRule "(.*)uid=([a-z0-9]+),(.+)"
+.\" rwm\-rewriteContext uid2Gecos
+.\" rwm\-rewriteRule "(.*)uid=([a\-z0\-9]+),(.+)"
.\" "$1cn=$2{xpasswd},$3" "I:"
.\"
.\" # Finally, in a bind, if one uses a `uid=username' DN,
.\" # it is rewritten in `cn=name surname' if possible.
-.\" rwm-rewriteContext bindDN
-.\" rwm-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
+.\" rwm\-rewriteContext bindDN
+.\" rwm\-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
.\"
# Rewrite the search base according to `default' rules.
-rwm-rewriteContext searchDN alias default
+rwm\-rewriteContext searchDN alias default
# Search results with OpenLDAP DN are rewritten back with
# `dc=home,dc=net' naming context, with spaces eaten.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
"${>eatBlanks($1)}dc=home,dc=net" ":"
# Bind with email instead of full DN: we first need
# an ldap map that turns attributes into a DN (the
# argument used when invoking the map is appended to
# the URI and acts as the filter portion)
-rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
+rwm\-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
# Then we need to detect DN made up of a single email,
# e.g. `mail=someone at example.com'; note that the rule
@@ -572,8 +585,8 @@
# to real naming contexts, we also need to rewrite
# regular DNs, because the definition of a bindDN
# rewrite context overrides the default definition.
-rwm-rewriteContext bindDN
-rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
# This is a rather sophisticated example. It massages a
# search filter in case who performs the search has
@@ -581,8 +594,8 @@
# track of the bind DN of the incoming request, which is
# stored in a variable called `binddn' with session scope,
# and left in place to allow regular binding:
-rwm-rewriteContext bindDN
-rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule ".+" "${&&binddn($0)}$0" ":"
# A search filter containing `uid=' is rewritten only
# if an appropriate DN is bound.
@@ -597,13 +610,13 @@
# module to authenticate users with both `uid' and
# `cn', but only if the request comes from a possible
# `cn=Web auth,ou=admin,dc=home,dc=net' user.
-rwm-rewriteContext searchFilter
-rwm-rewriteRule "(.*\e\e()uid=([a-z0-9_]+)(\e\e).*)"
+rwm\-rewriteContext searchFilter
+rwm\-rewriteRule "(.*\e\e()uid=([a\-z0\-9_]+)(\e\e).*)"
"${**binddn}<>${&prefix($1)}${&arg($2)}${&suffix($3)}"
":I"
-rwm-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
+rwm\-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
"${*prefix}|(uid=${*arg})(cn=${*arg})${*suffix}" ":@I"
-rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
+rwm\-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
# This example shows how to strip unwanted DN-valued
# attribute values from a search result; the first rule
@@ -611,9 +624,9 @@
# in case of match the rewriting exits successfully.
# The second rule matches everything else and causes
# the value to be rejected.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
-rwm-rewriteRule ".*" "" "#"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
+rwm\-rewriteRule ".*" "" "#"
.fi
.SH "MAPPING EXAMPLES"
The following directives map the object class `groupOfNames' to
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.9.2.7 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.9.2.8 2009/06/03 01:42:00 quanah Exp $
.SH NAME
-slapo-syncprov \- Sync Provider overlay to slapd
+slapo\-syncprov \- Sync Provider overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -31,7 +31,7 @@
.B overlay
directive.
.TP
-.B syncprov-checkpoint <ops> <minutes>
+.B syncprov\-checkpoint <ops> <minutes>
After a write operation has succeeded, write the contextCSN to the underlying
database if
.B <ops>
@@ -40,7 +40,7 @@
time have passed
since the last checkpoint. Checkpointing is disabled by default.
.TP
-.B syncprov-sessionlog <ops>
+.B syncprov\-sessionlog <ops>
Configures an in-memory session log for recording information about write
operations made on the database. The
.B <ops>
@@ -49,13 +49,13 @@
When using the session log, it is helpful to set an eq index on the
entryUUID attribute in the underlying database.
.TP
-.B syncprov-nopresent TRUE | FALSE
+.B syncprov\-nopresent TRUE | FALSE
Specify that the Present phase of refreshing should be skipped. This value
should only be set TRUE for a syncprov instance on top of a log database
(such as one managed by the accesslog overlay).
The default is FALSE.
.TP
-.B syncprov-reloadhint TRUE | FALSE
+.B syncprov\-reloadhint TRUE | FALSE
Specify that the overlay should honor the reloadHint flag in the Sync
Control. In OpenLDAP releases 2.3.11 and earlier the syncrepl consumer did
not properly set this flag, so the overlay must ignore it. This option
@@ -69,7 +69,7 @@
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-accesslog (5).
+.BR slapo\-accesslog (5).
OpenLDAP Administrator's Guide.
.SH ACKNOWLEDGEMENTS
.so ../Project
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,14 +1,14 @@
.TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.4.2.9 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.4.2.10 2009/06/03 01:42:00 quanah Exp $
.SH NAME
-slapo-translucent \- Translucent Proxy overlay to slapd
+slapo\-translucent \- Translucent Proxy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Translucent Proxy overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy". Entries retrieved from a remote LDAP
server may have some or all attributes overridden, or new attributes
added, by entries in the local database before being presented to the
@@ -33,8 +33,8 @@
.SH CONFIGURATION
The Translucent Proxy overlay uses a proxied database,
typically a (set of) remote LDAP server(s), which is configured with the options shown in
-.BR slapd-ldap (5),
-.BR slapd-meta (5)
+.BR slapd\-ldap (5),
+.BR slapd\-meta (5)
or similar.
These
.B slapd.conf
@@ -130,4 +130,4 @@
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,14 +1,14 @@
.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.6.2.5 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.6.2.7 2009/06/03 01:42:00 quanah Exp $
.SH NAME
-slapo-unique \- Attribute Uniqueness overlay to slapd
+slapo\-unique \- Attribute Uniqueness overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Attribute Uniqueness overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a
scope. This subtree defaults to all objects within the subtree of the
database for which the Uniqueness overlay is configured.
@@ -27,6 +27,10 @@
.B uid
attribute containing the same value. If any are found, the request is
rejected.
+.LP
+The search is performed using the rootdn of the database, to avoid issues
+with ACLs preventing the overlay from seeing all of the relevant data. As
+such, the database must have a rootdn configured.
.SH CONFIGURATION
These
.B slapd.conf
@@ -37,11 +41,13 @@
.TP
.B unique_uri <[strict ][ignore ]URI[URI...]...>
Configure the base, attributes, scope, and filter for uniqueness
-checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple
+checking. Multiple URIs may be specified within a domain,
+allowing complex selections of objects. Multiple
.B unique_uri
statements or
.B olcUniqueURI
-attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings.
+attributes will create independent domains, each with their own
+independent lists of URIs and ignore/strict settings.
The LDAP URI syntax is a subset of
.B RFC-4516,
@@ -51,7 +57,8 @@
The
.B base dn
-defaults to that of the back-end database. Specified base dns must be within the subtree of the back-end database.
+defaults to that of the back-end database.
+Specified base dns must be within the subtree of the back-end database.
If no
.B attributes
@@ -107,7 +114,9 @@
null value. Strictness applies to all URIs within a uniqueness
domain, but some domains may be strict while others are not.
.LP
-It is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously. In general, the legacy configuration options control pieces of a single unfiltered subtree domain.
+It is not possible to set both URIs and legacy slapo\-unique configuration
+parameters simultaneously. In general, the legacy configuration options
+control pieces of a single unfiltered subtree domain.
.TP
.B unique_base <basedn>
This legacy configuration parameter should be converted to the
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,9 +1,9 @@
.TH SLAPO-VALSORT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.4.2.5 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.4.2.6 2009/06/03 01:42:00 quanah Exp $
.SH NAME
-slapo-valsort \- Value Sorting overlay to slapd
+slapo\-valsort \- Value Sorting overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -29,7 +29,7 @@
.B overlay
directive.
.TP
-valsort-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
+valsort\-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
Configure a sorting method for the specified
.I attribute
in the subtree rooted at
@@ -37,11 +37,11 @@
The
.I sort-method
may be one of
-.BR alpha-ascend ,
-.BR alpha-descend ,
-.BR numeric-ascend ,
+.BR alpha\-ascend ,
+.BR alpha\-descend ,
+.BR numeric\-ascend ,
or
-.BR numeric-descend .
+.BR numeric\-descend .
If the special
.B weighted
method is specified, a secondary
@@ -60,7 +60,7 @@
suffix dc=example,dc=com
...
overlay valsort
- valsort-attr member ou=groups,dc=example,dc=com alpha-ascend
+ valsort\-attr member ou=groups,dc=example,dc=com alpha\-ascend
.fi
.SH FILES
Modified: openldap/vendor/openldap-release/doc/man/man8/slapacl.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapacl.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapacl.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,21 +1,32 @@
.TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapacl.8,v 1.8.2.10 2009/02/04 18:53:59 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapacl.8,v 1.8.2.11 2009/06/03 01:42:00 quanah Exp $
.SH NAME
slapacl \- Check access to a list of attributes.
.SH SYNOPSIS
.B SBINDIR/slapacl
-.B \-b DN
-.B [\-d level]
-.B [\-D authcDN | \-U authcID]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-u]
-.B [\-v]
-.B [\-X authzID | \-o authzDN=DN]
-.B [attr[/access][:value]] [...]
+.BI \-b \ DN
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-D \ authcDN\ \fR|
+.BI \-U \ authcID\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\ \fR|
+.BI "\-o \ authzDN=" DN\fR]
+[\c
+.IR attr [\fB/\fI access ][\fB:\fI value ]]\fR\ [...]
.LP
.SH DESCRIPTION
.LP
@@ -28,9 +39,9 @@
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B access/olcAccess
+.BR access / olcAccess
directives, and then parses the
.B attr
list given on the command-line; if none is given, access to the
@@ -39,39 +50,41 @@
.LP
.SH OPTIONS
.TP
-.BI \-b " DN"
+.BI \-b \ DN
specify the
-.B DN
+.I DN
which access is requested to; the corresponding entry is fetched
from the database, and thus it must exist.
-The DN is also used to determine what rules apply; thus, it must be
+The
+.I DN
+is also used to determine what rules apply; thus, it must be
in the naming context of a configured database. See also
.BR \-u .
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-D " authcDN"
+.BI \-D \ authcDN
specify a DN to be used as identity through the test session
when selecting appropriate
.B <by>
clauses in access lists.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -79,17 +92,17 @@
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.RS
@@ -118,26 +131,29 @@
.TP
.BI \-u
do not fetch the entry from the database.
-In this case, if the entry does not exist, a fake entry with the DN
+In this case, if the entry does not exist, a fake entry with the
+.I DN
given with the
.B \-b
option is used, with no attributes.
As a consequence, those rules that depend on the contents
of the target object will not behave as with the real object.
-The DN given with the
+The
+.I DN
+given with the
.B \-b
option is still used to select what rules apply; thus, it must be
in the naming context of a configured database.
See also
.BR \-b .
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
for details); mutually exclusive with
@@ -146,23 +162,23 @@
.B \-v
enable verbose mode.
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an authorization ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
-for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
+for details); mutually exclusive with \fB\-o\fP \fBauthzDN=\fIDN\fR.
.SH EXAMPLES
The command
.LP
.nf
.ft tt
- SBINDIR/slapacl -f ETCDIR/slapd.conf -v \\
- -U bjorn -b "o=University of Michigan,c=US" \\
+ SBINDIR/slapacl \-f ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-b "o=University of Michigan,c=US" \\
"o/read:University of Michigan"
.ft
@@ -178,8 +194,8 @@
level.
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
-.BR slaptest (8)
+.BR slapd (8),
+.BR slaptest (8),
.BR slapauth (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Modified: openldap/vendor/openldap-release/doc/man/man8/slapadd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapadd.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapadd.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,27 +1,43 @@
.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.34.2.11 2009/01/30 19:47:21 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.34.2.13 2009/06/08 18:01:09 quanah Exp $
.SH NAME
slapadd \- Add entries to a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapadd
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-j lineno]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-s]
-.B [\-S SID]
-.B [\-u]
-.B [\-v]
-.B [\-w]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-j \ lineno\fR]
+[\c
+.BI \-l \ ldif-file\fR]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-s ]
+[\c
+.BI \-S \ SID\fR]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BR \-w ]
.SH DESCRIPTION
.LP
.B Slapadd
@@ -34,7 +50,7 @@
the database.
Databases configured as
.B subordinate
-of this one are also updated, unless \fB-g\fP is specified.
+of this one are also updated, unless \fB\-g\fP is specified.
The LDIF input is read from standard input or the specified file.
All files eventually created by
@@ -51,11 +67,15 @@
.BR slapd (8)),
or change file ownership before running
.BR slapd (8).
+
+Note: slapadd will also perform the relevant indexing whilst adding the database if
+any are configured. For specfic details, please see
+.BR slapindex (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-add entries to. The \-b cannot be used in conjunction
+add entries to. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -63,69 +83,69 @@
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-j " lineno"
+.BI \-j \ lineno
Jump to the specified line number in the LDIF file before processing
any entries. This allows a load that was aborted due to errors in the
input LDIF to be resumed after the errors are corrected.
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Read LDIF from the specified file instead of standard input.
.TP
-.BI \-n " dbnum"
-Add entries to the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Add entries to the \fIdbnum\fR-th database listed in the
configuration file. The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
To populate the config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
use
.B \-n 0
as it is always the first database. It must physically exist
on the filesystem prior to this, however.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -135,15 +155,15 @@
Improves the load time but if any errors or interruptions occur the resulting
database will be unusable.
.TP
-.B -s
+.B \-s
disable schema checking. This option is intended to be used when loading
databases containing special objects, such as fractional objects on a
partial replica. Loading normal objects which do not conform to
schema may result in unexpected and ill behavior.
.TP
-.B \-S " SID"
+.BI \-S \ SID
Server ID to use in generated entryCSN. Also used for contextCSN
-if `\-w' is set as well. Defaults to 0.
+if \fB\-w\fP is set as well. Defaults to \fB0\fP.
.TP
.B \-u
enable dry-run (don't write to backend) mode.
@@ -175,13 +195,14 @@
.LP
.nf
.ft tt
- SBINDIR/slapadd -l ldif
+ SBINDIR/slapadd \-l ldif
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapcat (8),
+.BR slapindex (8),
.BR ldapadd (1),
.BR slapd (8)
.LP
Modified: openldap/vendor/openldap-release/doc/man/man8/slapauth.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapauth.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapauth.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,21 +1,30 @@
.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapauth.8,v 1.6.2.9 2009/01/30 19:34:31 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapauth.8,v 1.6.2.10 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slapauth \- Check a list of string-represented IDs for LDAP authc/authz
.SH SYNOPSIS
.B SBINDIR/slapauth
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-M mech]
-.B [\-o name[=value]]
-.B [\-R realm]
-.B [\-U authcID]
-.B [\-v]
-.B [\-X authzID]
-.B ID [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-M \ mech\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-U \ authcID\fR]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\fR]
+.IR ID \ [ ... ]
.LP
.SH DESCRIPTION
.LP
@@ -26,35 +35,35 @@
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B authz-policy/olcAuthzPolicy
+.BR authz\-policy / olcAuthzPolicy
and
-.B authz-regexp/olcAuthzRegexp
+.BR authz\-regexp / olcAuthzRegexp
directives, and then parses the
-.B ID
+.I ID
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -62,43 +71,43 @@
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-M " mech"
+.BI \-M \ mech
specify a mechanism.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-R " realm"
+.BI \-R \ realm
specify a realm.
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be used as
.I authcID
throughout the test session.
If present, and if no
-.B authzID
+.I authzID
is given, the IDs in the ID list are treated as
-.BR authzID .
+.IR authzID .
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an ID to be used as
.I authzID
throughout the test session.
If present, and if no
-.B authcID
+.I authcID
is given, the IDs in the ID list are treated as
-.BR authcID .
+.IR authcID .
If both
.I authcID
and
@@ -112,8 +121,8 @@
.LP
.nf
.ft tt
- SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \\
- -U bjorn -X u:bjensen
+ SBINDIR/slapauth \-f /ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-X u:bjensen
.ft
.fi
@@ -125,8 +134,8 @@
.LP
.nf
.ft tt
- authz-policy from
- authz-regexp "^uid=([^,]+).*,cn=auth$"
+ authz\-policy from
+ authz\-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
.ft
@@ -135,7 +144,7 @@
.BR slapd.conf (5).
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Modified: openldap/vendor/openldap-release/doc/man/man8/slapcat.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapcat.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapcat.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,24 +1,35 @@
.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.28.2.10 2009/01/30 19:47:21 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.28.2.11 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slapcat \- SLAPD database to LDIF utility
.SH SYNOPSIS
.B SBINDIR/slapcat
-.B [\-a filter]
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-s subtree-dn]
-.B [\-v]
-.B
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l ldif-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\fR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -32,7 +43,7 @@
the specified file.
Databases configured as
.B subordinate
-of this one are also output, unless \fB-g\fP is specified.
+of this one are also output, unless \fB\-g\fP is specified.
.LP
The entry records are presented in database order, not superior first
order. The entry records will include all (user and operational)
@@ -49,19 +60,19 @@
operational attributes.
.SH OPTIONS
.TP
-.BI \-a " filter"
+.BI \-a \ filter
Only dump entries matching the asserted filter.
For example
-slapcat -a \\
+slapcat \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will dump all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -69,24 +80,24 @@
.B \-c
Enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
Enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -98,13 +109,13 @@
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Write LDIF to specified file instead of standard output.
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -114,23 +125,23 @@
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-s " subtree-dn"
+.BI \-s \ subtree-dn
Only dump entries in the subtree specified by this DN.
-Implies `-b subtree-dn' if no
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
or
.B \-n
@@ -146,10 +157,10 @@
always safe to run
.B slapcat
with the
-.BR slapd-bdb (5),
-.BR slapd-hdb (5),
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
and
-.BR slapd-null (5)
+.BR slapd\-null (5)
backends.
.SH EXAMPLES
To make a text backup of your SLAPD database and put it in a file called
@@ -158,7 +169,7 @@
.LP
.nf
.ft tt
- SBINDIR/slapcat -l ldif
+ SBINDIR/slapcat \-l ldif
.ft
.fi
.SH "SEE ALSO"
Modified: openldap/vendor/openldap-release/doc/man/man8/slapd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapd.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapd.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,27 +1,45 @@
.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.64.2.10 2009/02/02 22:39:08 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.64.2.11 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
.B LIBEXECDIR/slapd
-.B [\-[4|6]]
-.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
-.B [\-d debug\-level]
-.B [\-f slapd\-config\-file]
-.B [\-F slapd\-config\-directory]
-.B [\-h URLs]
-.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
-.B [\-o option[=value]]
-.B [\-r directory]
-.B [\-u user] [\-g group]
-.B [\-c cookie]
+[\c
+.BR \-4 | \-6 ]
+[\c
+.BR \-T \ { acl \||\| a [ dd ]\||\| auth \||\| c [ at ]\||\|
+.BR d [ n ]\||\| i [ ndex ]\||\| p [ asswd ]\||\| s [ chema ]\||\| t [ est ]}]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd-config-file\fR]
+[\c
+.BI \-F \ slapd-config-directory\fR]
+[\c
+.BI \-h \ URLs\fR]
+[\c
+.BI \-n \ service-name\fR]
+[\c
+.BI \-s \ syslog-level\fR]
+[\c
+.BI \-l \ syslog-local-user\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-r \ directory\fR]
+[\c
+.BI \-u \ user\fR]
+[\c
+.BI \-g \ group\fR]
+[\c
+.BI \-c \ cookie\fR]
.SH DESCRIPTION
.LP
.B Slapd
is the stand-alone LDAP daemon. It listens for LDAP connections on
-any number of ports (default 389), responding
+any number of ports (default \fB389\fP), responding
to the LDAP operations it receives over these connections.
.B slapd
is typically invoked at boot time, usually out of
@@ -56,56 +74,66 @@
.B \-6
Listen on IPv6 addresses only.
.TP
-.B \-T {a|c|d|i|p|t|acl|auth}
-Run in Tool mode. The additional argument selects whether to run as
-slapadd, slapcat, slapdn, slapindex, slappasswd, or slaptest
-(slapacl and slapauth need the entire "\fIacl\fP" and "\fIauth\fP"
-option value to be spelled out, as "\fIa\fP" is reserved to
-.BR slapadd ).
+.BI \-T \ tool
+Run in Tool mode. The \fItool\fP argument selects whether to run as
+.IR slapadd ,
+.IR slapcat ,
+.IR slapdn ,
+.IR slapindex ,
+.IR slappasswd ,
+.IR slapschema ,
+or
+.I slaptest
+(\fIslapacl\fP and \fIslapauth\fP need the entire \fBacl\fP and \fBauth\fP
+option value to be spelled out, as \fBa\fP is reserved to
+.IR slapadd ).
This option should be the first option specified when it is used;
any remaining options will be interpreted by the corresponding
slap tool program, according to the respective man pages.
-Note that these tool programs will usually be symbolic links to slapd.
+Note that these tool programs will usually be symbolic links to
+.BR slapd .
This option is provided for situations where symbolic links
are not provided or not usable.
.TP
-.BI \-d " debug\-level"
+.BI \-d \ debug-level
Turn on debugging as defined by
-.IR debug\-level .
+.IR debug-level .
If this option is specified, even with a zero argument,
.B slapd
will not fork or disassociate from the invoking terminal. Some general
-operation and status messages are printed for any value of \fIdebug\-level\fP.
-\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
+operation and status messages are printed for any value of \fIdebug-level\fP.
+\fIdebug-level\fP is taken as a bit string, with each bit corresponding to a
different kind of debugging information. See <ldap_log.h> for details.
Comma-separated arrays of friendly names can be specified to select
debugging output of the corresponding debugging information.
All the names recognized by the \fIloglevel\fP directive
described in \fBslapd.conf\fP(5) are supported.
-If \fIdebug\-level\fP is \fB?\fP, a list of installed levels is printed,
+If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed,
and slapd exits.
Remember that if you turn on packet logging, packets containing bind passwords
will be output, so if you redirect the log to a logfile, that file should
be read-protected.
.TP
-.BI \-s " syslog\-level"
+.BI \-s \ syslog-level
This option tells
.B slapd
-at what level debugging statements should be logged to the
+at what debug-level debugging statements should be logged to the
.BR syslog (8)
facility.
-The value "syslog\-level" can be set to any value or combination
-allowed by the "-d" switch.
-Slapd logs all messages selected by "syslog\-level"
-at the syslog(3) severity level "DEBUG",
-on the unit specified with "-l".
+The value \fIsyslog-level\fP can be set to any value or combination
+allowed by the \fB\-d\fP switch.
+Slapd logs all messages selected by \fIsyslog-leveli\fP
+at the
+.BR syslog (3)
+severity debug-level \fBDEBUG\fP,
+on the unit specified with \fB\-l\fP.
.TP
-.BI \-n " service\-name"
+.BI \-n \ service-name
Specifies the service name for logging and other purposes. Defaults
to basename of argv[0], i.e.: "slapd".
.TP
-.BI \-l " syslog\-local\-user"
+.BI \-l \ syslog-local-user
Selects the local user of the
.BR syslog (8)
facility. Value can be
@@ -122,19 +150,19 @@
local users with the
.BR syslog (8)
facility.
-Logging to syslog(8) occurs at the "DEBUG" severity level.
+Logging to syslog(8) occurs at the "DEBUG" severity debug-level.
.TP
-.BI \-f " slapd\-config\-file"
+.BI \-f \ slapd-config-file
Specifies the slapd configuration file. The default is
.BR ETCDIR/slapd.conf .
.TP
-.BI \-F " slapd\-config\-directory"
+.BI \-F \ slapd-config-directory
Specifies the slapd configuration directory. The default is
.BR ETCDIR/slapd.d .
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slapd will attempt to read the
@@ -143,12 +171,12 @@
default config file is ignored. All of the slap tools that
use the config options observe this same behavior.
.TP
-.BI \-h " URLlist"
+.BI \-h \ URLlist
.B slapd
will by default serve
.B ldap:///
(LDAP over TCP on all interfaces on default LDAP port). That is,
-it will bind using INADDR_ANY and port 389.
+it will bind using INADDR_ANY and port \fB389\fP.
The
.B \-h
option may be used to specify LDAP (and other scheme) URLs to serve.
@@ -162,26 +190,26 @@
without a DN or other optional parameters (excepting as discussed below).
Support for the latter two schemes depends on selected configuration
options. Hosts may be specified by name or IPv4 and IPv6 address formats.
-Ports, if specified, must be numeric. The default ldap:// port is 389
-and the default ldaps:// port is 636.
+Ports, if specified, must be numeric. The default ldap:// port is \fB389\fP
+and the default ldaps:// port is \fB636\fP.
The listener permissions are indicated by
-"x-mod=-rwxrwxrwx", "x-mod=0777" or "x-mod=777", where any
-of the "rwx" can be "-" to suppress the related permission, while any
+"x\-mod=\-rwxrwxrwx", "x\-mod=0777" or "x\-mod=777", where any
+of the "rwx" can be "\-" to suppress the related permission, while any
of the "7" can be any legal octal digit, according to chmod(1).
-The listeners can take advantage of the "x-mod"
+The listeners can take advantage of the "x\-mod"
extension to apply rough limitations to operations, e.g. allow read operations
("r", which applies to search and compare), write operations ("w",
which applies to add, delete, modify and modrdn), and execute operations
("x", which means bind is required).
"User" permissions apply to authenticated users, while "other" apply
to anonymous users; "group" permissions are ignored.
-For example, "ldap:///????x-mod=-rw-------" means that read and write is only allowed
+For example, "ldap:///????x\-mod=\-rw\-\-\-\-\-\-\-" means that read and write is only allowed
for authenticated connections, and bind is required for all operations.
This feature is experimental, and requires to be manually enabled
at configure time.
.TP
-.BI \-r " directory"
+.BI \-r \ directory
Specifies a directory to become the root directory. slapd will
change the current working directory to this directory and
then
@@ -189,31 +217,31 @@
to this directory. This is done after opening listeners but before
reading any configuration file or initializing any backend. When
used as a security mechanism, it should be used in conjunction with
-.B -u
+.B \-u
and
-.B -g
+.B \-g
options.
.TP
-.BI \-u " user"
+.BI \-u \ user
.B slapd
will run slapd with the specified user name or id, and that user's
supplementary group access list as set with initgroups(3). The group ID
-is also changed to this user's gid, unless the -g option is used to
+is also changed to this user's gid, unless the \fB\-g\fP option is used to
override. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the user database in the change root environment.
Note that on some systems, running as a non-privileged user will prevent
passwd back-ends from accessing the encrypted passwords. Note also that
any shell back-ends will run as the specified non-privileged user.
.TP
-.BI \-g " group"
+.BI \-g \ group
.B slapd
will run with the specified group name or id. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the group database in the change root environment.
.TP
-.BI \-c " cookie"
+.BI \-c \ cookie
This option provides a cookie for the syncrepl replication consumer.
The cookie is a comma separated list of \fIname=value\fP pairs.
Currently supported syncrepl cookie fields are
@@ -226,7 +254,7 @@
and is used to find the syncrepl specification in
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
having the matching replication identifier in its definition. The
.B rid
must be provided in order for any other specified values to be used.
@@ -244,23 +272,21 @@
.B rid
part to force a full reload.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
This option provides a generic means to specify options without the need to reserve
a separate letter for them.
It supports the following options:
.RS
.TP
-slp={\fBon\fP|\fBoff\fP|\fIslp\-attrs\fP}
-When SLP support is compiled into slapd, disable it (
-.B off
-), enable it by registering at SLP DAs without specific SLP attributes (
-.B on
-), or with specific SLP attributes
-.I slp\-attrs
+.BR slp= { on \||\| off \||\| \fIslp-attrs\fP }
+When SLP support is compiled into slapd, disable it (\fBoff\fP),
+ enable it by registering at SLP DAs without specific SLP attributes (\fBon\fP),
+or with specific SLP attributes
+.I slp-attrs
that must be an SLP attribute list definition according to the SLP standard.
-For example, "-o slp=(tree=production),(server-type=OpenLDAP),(server-version=2.3.20)"
+For example, \fB"slp=(tree=production),(server-type=OpenLDAP),(server\-version=2.4.15)"\fP
registers at SLP DAs with the three SLP attributes tree, server-type and server-version
that have the values given above.
This allows to specifically query the SLP DAs for LDAP servers holding the
@@ -286,7 +312,7 @@
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+ LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
.ft
.fi
.LP
@@ -294,7 +320,7 @@
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -Tt
+ LIBEXECDIR/slapd \-Tt
.ft
.fi
.LP
@@ -310,6 +336,7 @@
.BR slapdn (8),
.BR slapindex (8),
.BR slappasswd (8),
+.BR slapschema (8),
.BR slaptest (8).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Modified: openldap/vendor/openldap-release/doc/man/man8/slapdn.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapdn.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapdn.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,18 +1,24 @@
.TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapdn.8,v 1.6.2.9 2009/01/30 19:34:31 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapdn.8,v 1.6.2.10 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slapdn \- Check a list of string-represented LDAP DNs based on schema syntax
.SH SYNOPSIS
.B SBINDIR/slapdn
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-N | \-P]
-.B [\-o name[=value]]
-.B [\-v]
-.B DN [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-N | \-P ]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-v ]
+.IR DN \ [...]
.LP
.SH DESCRIPTION
.LP
@@ -24,31 +30,31 @@
.BR slapd.conf (5).
It opens the
.BR slapd.conf (5)
-configuration file or the slapd-config (5) backend, reads in the schema definitions, and then
+configuration file or the slapd\-config (5) backend, reads in the schema definitions, and then
parses the
-.B DN
+.I DN
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -57,26 +63,26 @@
default config file is ignored.
.TP
.BI \-N
-only output a normalized form of the DN, suitable to be used
+only output a normalized form of the \fIDN\fP, suitable to be used
in a normalization tool; incompatible with
.BR \-P .
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
.BI \-P
-only output a prettified form of the DN, suitable to be used
+only output a prettified form of the \fIDN\fP, suitable to be used
in a check and beautification tool; incompatible with
.BR \-N .
.TP
@@ -89,12 +95,12 @@
.LP
.nf
.ft tt
- SBINDIR/slapdn -f /ETCDIR/slapd.conf -v DN
+ SBINDIR/slapdn \-f /ETCDIR/slapd.conf \-v DN
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Modified: openldap/vendor/openldap-release/doc/man/man8/slapindex.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapindex.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slapindex.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,23 +1,35 @@
.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.19.2.13 2009/01/30 19:47:21 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.19.2.14 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slapindex \- Reindex entries in a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapindex
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-t]
-.B [\-v]
-.B [attr] [...]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-t ]
+[\c
+.BR \-v ]
+[\c
+.IR attr [ ... ]]
.B
.LP
.SH DESCRIPTION
@@ -33,7 +45,7 @@
be regenerated.
Databases configured as
.B subordinate
-of this one are also re-indexed, unless \fB-g\fP is specified.
+of this one are also re-indexed, unless \fB\-g\fP is specified.
All files eventually created by
.BR slapindex
@@ -51,9 +63,9 @@
.BR slapd (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -61,24 +73,24 @@
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -90,10 +102,10 @@
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -103,17 +115,17 @@
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
Modified: openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slappasswd.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slappasswd.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,17 +1,23 @@
.TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.21.2.9 2009/01/30 20:08:06 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.21.2.10 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
-.B [\-v]
-.B [\-u]
-.B [\-g|\-s secret|\-T file]
-.B [\-h hash]
-.B [\-c salt-format]
-.B [\-n]
+[\c
+.BR \-v ]
+[\c
+.BR \-u ]
+[\c
+.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
+[\c
+.BI \-h \ hash\fR]
+[\c
+.BI \-c \ salt-format\fR]
+[\c
+.BR \-n ]
.B
.LP
.SH DESCRIPTION
@@ -23,7 +29,7 @@
.BR slapd.conf (5)
.I rootpw
configuration directive or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
.I olcRootPW
configuration directive.
.
@@ -37,7 +43,7 @@
versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
-.BI \-s " secret"
+.BI \-s \ secret
The secret to hash.
If this,
.B \-g
@@ -48,7 +54,7 @@
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
.TP
.BI \-g
Generate the secret.
@@ -61,7 +67,7 @@
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
If this is present,
.I {CLEARTEXT}
is used as scheme.
@@ -70,7 +76,7 @@
.B \-h
are mutually exclusive flags.
.TP
-.BI \-T " file"
+.BI \-T \ "file"
Hash the contents of the file.
If this,
.B \-g
@@ -83,16 +89,16 @@
.B \-T
and mutually exclusive flags.
.TP
-.BI \-h " scheme"
-If -h is specified, one of the following RFC 2307 schemes may
+.BI \-h \ "scheme"
+If \fB\-h\fP is specified, one of the following RFC 2307 schemes may
be specified:
-.IR {CRYPT} ,
-.IR {MD5} ,
-.IR {SMD5} ,
-.IR {SSHA} ", and"
-.IR {SHA} .
+.BR {CRYPT} ,
+.BR {MD5} ,
+.BR {SMD5} ,
+.BR {SSHA} ", and"
+.BR {SHA} .
The default is
-.IR {SSHA} .
+.BR {SSHA} .
Note that scheme names may need to be protected, due to
.B {
@@ -119,22 +125,31 @@
clear text.
Unless
.I {CLEARTEXT}
-is used, this flag is incompatible with
+is used, this flag is incompatible with option
.BR \-g .
.TP
-.BI \-c " crypt-salt-format"
+.BI \-c \ crypt-salt-format
Specify the format of the salt passed to
.BR crypt (3)
when generating {CRYPT} passwords.
This string needs to be in
.BR sprintf (3)
-format and may include one (and only one) %s conversion.
-This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./]. For example, '%.2s'
-provides a two character salt and '$1$%.8s' tells some
-versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt. The default is '%s', which
-provides 31 characters of salt.
+format and may include one (and only one)
+.B %s
+conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./]. For example,
+.RB ' %.2s '
+provides a two character salt and
+.RB ' $1$%.8s '
+tells some
+versions of
+.BR crypt (3)
+to use an MD5 algorithm and provides
+8 random characters of salt.
+The default is
+.RB ' %s ' ,
+which provides 31 characters of salt.
.TP
.BI \-n
Omit the trailing newline; useful to pipe the credentials
@@ -153,7 +168,7 @@
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
-should be in\-place before using LDAP simple bind.
+should be in-place before using LDAP simple bind.
.LP
The hashed password values should be protected as if they
were clear text passwords.
@@ -163,8 +178,8 @@
.BR slapd (8),
.BR slapd.conf (5),
.BR slapd\-config (5),
-.B RFC 2307
-.B RFC 4519
+.B RFC 2307\fP,
+.B RFC 4519\fP,
.B RFC 3112
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Added: openldap/vendor/openldap-release/doc/man/man8/slapschema.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapschema.8 (rev 0)
+++ openldap/vendor/openldap-release/doc/man/man8/slapschema.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,186 @@
+.TH SLAPSCHEMA 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapschema.8,v 1.1.2.3 2009/06/03 01:42:01 quanah Exp $
+.SH NAME
+slapschema \- SLAPD in-database schema checking utility
+.SH SYNOPSIS
+.B SBINDIR/slapschema
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l error-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\FR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
+.LP
+.SH DESCRIPTION
+.LP
+.B Slapschema
+is used to check schema compliance of the contents of a
+.BR slapd (8)
+database.
+It opens the given database determined by the database number or
+suffix and checks the compliance of its contents with the corresponding
+schema. Errors are written to standard output or the specified file.
+Databases configured as
+.B subordinate
+of this one are also output, unless \fB\-g\fP is specified.
+.LP
+Administrators may need to modify existing schema items, including
+adding new required attributes to objectClasses,
+removing existing required or allowed attributes from objectClasses,
+entirely removing objectClasses,
+or any other change that may result in making perfectly valid entries
+no longer compliant with the modified schema.
+The execution of the
+.B slapschema tool after modifying the schema can point out
+inconsistencies that would otherwise surface only when
+inconsistent entries need to be modified.
+
+.LP
+The entry records are checked in database order, not superior first
+order. The entry records will be checked considering all
+(user and operational) attributes stored in the database.
+Dynamically generated attributes (such as subschemaSubentry)
+will not be considered.
+.SH OPTIONS
+.TP
+.BI \-a \ filter
+Only check entries matching the asserted filter.
+For example
+
+slapschema \-a \\
+ "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
+
+will check all but the "ou=People,dc=example,dc=com" subtree
+of the "dc=example,dc=com" database.
+.TP
+.BI \-b \ suffix
+Use the specified \fIsuffix\fR to determine which database to
+check. The \fB\-b\fP cannot be used in conjunction
+with the
+.B \-n
+option.
+.TP
+.B \-c
+Enable continue (ignore errors) mode.
+.TP
+.BI \-d \ debug-level
+Enable debugging messages as defined by the specified
+.IR debug-level ;
+see
+.BR slapd (8)
+for details.
+.TP
+.BI \-f \ slapd.conf
+Specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F \ confdir
+specify a config directory.
+If both
+.B \-f
+and
+.B \-F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.B \-g
+disable subordinate gluing. Only the specified database will be
+processed, and not its glued subordinates (if any).
+.TP
+.BI \-l \ error-file
+Write errors to specified file instead of standard output.
+.TP
+.BI \-n \ dbnum
+Check the \fIdbnum\fR\-th database listed in the
+configuration file. The config database
+.BR slapd\-config (5),
+is always the first database, so use
+.B \-n 0
+
+The
+.B \-n
+cannot be used in conjunction with the
+.B \-b
+option.
+.TP
+.BI \-o \ option\fR[ = value\fR]
+Specify an
+.I option
+with a(n optional)
+.IR value .
+Possible generic options/values are:
+.LP
+.nf
+ syslog=<subsystems> (see `\-s' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
+
+.fi
+.TP
+.BI \-s \ subtree-dn
+Only check entries in the subtree specified by this DN.
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
+.B \-b
+nor
+.B \-n
+option is given.
+.TP
+.B \-v
+Enable verbose mode.
+.SH LIMITATIONS
+For some backend types, your
+.BR slapd (8)
+should not be running (at least, not in read-write
+mode) when you do this to ensure consistency of the database. It is
+always safe to run
+.B slapschema
+with the
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
+and
+.BR slapd\-null (5)
+backends.
+.SH EXAMPLES
+To check the schema compliance of your SLAPD database after modifications
+to the schema, and put any error in a file called
+.BR errors.ldif ,
+give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapcat \-l errors.ldif
+.ft
+.fi
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldif (5),
+.BR slapd (8)
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
Modified: openldap/vendor/openldap-release/doc/man/man8/slaptest.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slaptest.8 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/man/man8/slaptest.8 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,18 +1,25 @@
.TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slaptest.8,v 1.7.2.9 2009/01/30 19:34:31 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slaptest.8,v 1.7.2.10 2009/06/03 01:42:01 quanah Exp $
.SH NAME
slaptest \- Check the suitability of the OpenLDAP slapd.conf file
.SH SYNOPSIS
.B SBINDIR/slaptest
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-Q]
-.B [\-u]
-.B [\-v]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-Q ]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -23,49 +30,49 @@
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, and parses it according to the general and the backend-specific
rules, checking its sanity.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slaptest will attempt to read the
default config directory before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -73,8 +80,8 @@
Be extremely quiet: only the exit code indicates success (0) or not
(any other value).
.TP
-.BI \-u
-enable dryrun mode (i.e. don't fail if databases cannot be opened,
+.B \-u
+enable dry-run mode (i.e. don't fail if databases cannot be opened,
but config is fine).
.TP
.BI \-v
@@ -86,12 +93,12 @@
.LP
.nf
.ft tt
- SBINDIR/slaptest -f /ETCDIR/slapd.conf -v
+ SBINDIR/slaptest \-f /ETCDIR/slapd.conf \-v
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slapdn (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
Modified: openldap/vendor/openldap-release/include/ac/dirent.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/dirent.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/include/ac/dirent.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* Generic dirent.h */
-/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.14.2.5 2009/01/22 00:00:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.14.2.6 2009/04/29 01:48:30 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -34,6 +34,9 @@
int first;
char buf[MAX_PATH+1];
} DIR;
+DIR *opendir(const char *name);
+struct dirent *readdir(DIR *dir);
+int closedir(DIR *dir);
#else
# define dirent direct
# define NAMLEN(dirent) (dirent)->d_namlen
Modified: openldap/vendor/openldap-release/include/lber.h
===================================================================
--- openldap/vendor/openldap-release/include/lber.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/include/lber.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.99.2.5 2009/01/22 00:00:51 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.99.2.6 2009/05/01 19:28:57 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -629,6 +629,14 @@
ber_strdup LDAP_P((
LDAP_CONST char * ));
+LBER_F( ber_len_t )
+ber_strnlen LDAP_P((
+ LDAP_CONST char *s, ber_len_t len ));
+
+LBER_F( char * )
+ber_strndup LDAP_P((
+ LDAP_CONST char *s, ber_len_t l ));
+
LBER_F( struct berval * )
ber_bvreplace LDAP_P((
struct berval *dst, LDAP_CONST struct berval *src ));
Modified: openldap/vendor/openldap-release/include/ldap.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/include/ldap.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.19 2009/02/17 19:14:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.20 2009/03/05 20:20:47 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -282,6 +282,7 @@
#define LDAP_SYNC_ADD 1
#define LDAP_SYNC_MODIFY 2
#define LDAP_SYNC_DELETE 3
+#define LDAP_SYNC_NEW_COOKIE 4
/* Password policy Controls *//* work in progress */
Modified: openldap/vendor/openldap-release/include/ldap_pvt_thread.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt_thread.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/include/ldap_pvt_thread.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldap_pvt_thread.h - ldap threads header file */
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.51.2.12 2009/01/22 00:00:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.51.2.13 2009/06/11 21:53:23 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -216,6 +216,12 @@
void *arg ));
LDAP_F( int )
+ldap_pvt_thread_pool_retract LDAP_P((
+ ldap_pvt_thread_pool_t *pool,
+ ldap_pvt_thread_start_t *start,
+ void *arg ));
+
+LDAP_F( int )
ldap_pvt_thread_pool_maxthreads LDAP_P((
ldap_pvt_thread_pool_t *pool,
int max_threads ));
Modified: openldap/vendor/openldap-release/include/portable.hin
===================================================================
--- openldap/vendor/openldap-release/include/portable.hin 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/include/portable.hin 2009-07-27 22:27:07 UTC (rev 1224)
@@ -397,6 +397,9 @@
/* define if you have OpenSSL */
#undef HAVE_OPENSSL
+/* define if you have MozNSS */
+#undef HAVE_MOZNSS
+
/* Define to 1 if you have the <openssl/bn.h> header file. */
#undef HAVE_OPENSSL_BN_H
Modified: openldap/vendor/openldap-release/libraries/liblber/io.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/io.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblber/io.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* io.c - ber general i/o routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.111.2.9 2009/01/22 00:00:53 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.111.2.10 2009/03/17 16:21:28 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -244,7 +244,7 @@
"ber_flush2: %ld bytes to sd %ld%s\n",
towrite, (long) sb->sb_fd,
ber->ber_rwptr != ber->ber_buf ? " (re-flush)" : "" );
- ber_log_bprint( LDAP_DEBUG_PACKETS, sb->sb_debug,
+ ber_log_bprint( LDAP_DEBUG_BER, sb->sb_debug,
ber->ber_rwptr, towrite );
}
Modified: openldap/vendor/openldap-release/libraries/liblber/memory.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/memory.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblber/memory.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.64.2.5 2009/01/22 00:00:54 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.64.2.6 2009/05/01 19:28:57 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -651,6 +651,16 @@
return ber_strdup_x( s, NULL );
}
+ber_len_t
+ber_strnlen( LDAP_CONST char *s, ber_len_t len )
+{
+ ber_len_t l;
+
+ for ( l = 0; l < len && s[l] != '\0'; l++ ) ;
+
+ return l;
+}
+
char *
ber_strndup_x( LDAP_CONST char *s, ber_len_t l, void *ctx )
{
@@ -666,12 +676,8 @@
return NULL;
}
- len = strlen( s );
+ len = ber_strnlen( s, l );
- if ( len > l ) {
- len = l;
- }
-
if ( (p = ber_memalloc_x( len + 1, ctx )) == NULL ) {
ber_errno = LBER_ERROR_MEMORY;
return NULL;
Modified: openldap/vendor/openldap-release/libraries/libldap/gssapi.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/gssapi.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/gssapi.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/gssapi.c,v 1.1.2.3 2009/02/17 21:02:51 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/gssapi.c,v 1.1.2.4 2009/04/29 01:53:02 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -246,7 +246,6 @@
int conf_req_flag = 0;
int conf_state;
unsigned char *b;
- ber_len_t pkt_len;
wrapped.value = src->buf_base + 4;
wrapped.length = src->buf_end - 4;
@@ -288,7 +287,7 @@
{
ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
"sb_sasl_gssapi_decode: failed to grow the buffer to %lu bytes\n",
- pkt_len );
+ unwrapped.length );
return -1;
}
@@ -553,7 +552,7 @@
}
svc_principal = (char*) ldap_memalloc(svc_principal_size * sizeof(char));
- if ( ret < 0 ) {
+ if ( svc_principal == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
Modified: openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ldap-int.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/ldap-int.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldap-int.h - defines & prototypes internal to the LDAP library */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.168.2.14 2009/02/17 21:02:51 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.168.2.15 2009/05/01 19:39:03 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -75,6 +75,9 @@
#ifdef LDAP_DEBUG
+#define DebugTest( level ) \
+ ( ldap_debug & level )
+
#define Debug( level, fmt, arg1, arg2, arg3 ) \
do { if ( ldap_debug & level ) \
ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) ); \
@@ -85,6 +88,7 @@
#else
+#define DebugTest( level ) (0 == 1)
#define Debug( level, fmt, arg1, arg2, arg3 ) ((void)0)
#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 ) ((void)0)
Modified: openldap/vendor/openldap-release/libraries/libldap/request.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/request.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/request.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.14 2009/02/09 20:37:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.15 2009/03/05 19:07:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -635,8 +635,7 @@
if ( lsu_port == lcu_port
&& strcmp( lcu->lud_scheme, lsu->lud_scheme ) == 0
- && lcu->lud_host != NULL && *lcu->lud_host != '\0'
- && lsu->lud_host != NULL && *lsu->lud_host != '\0'
+ && lcu->lud_host != NULL && lsu->lud_host != NULL
&& strcasecmp( lsu->lud_host, lcu->lud_host ) == 0 )
{
found = 1;
Modified: openldap/vendor/openldap-release/libraries/libldap/result.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/result.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/result.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* result.c - wait for an ldap result */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.18 2009/02/17 21:02:51 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.19 2009/03/05 19:07:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -845,6 +845,10 @@
return( -1 ); /* fatal error */
}
lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
+ if ( lr->lr_res_matched ) {
+ LDAP_FREE( lr->lr_res_matched );
+ lr->lr_res_matched = NULL;
+ }
} else {
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
Modified: openldap/vendor/openldap-release/libraries/libldap/tls2.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls2.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/tls2.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* tls.c - Handle tls/ssl. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls2.c,v 1.4.2.6 2009/02/17 20:47:40 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls2.c,v 1.4.2.8 2009/05/01 19:39:03 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -434,11 +434,14 @@
if ( err < 0 )
{
- char buf[256];
if ( update_flags( sb, ssl, err )) return 1;
- Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
- tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 );
+ if ( DebugTest( LDAP_DEBUG_ANY ) ) {
+ char buf[256], *msg;
+ msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
+ Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
+ msg ? msg : "(unknown)", 0, 0 );
+ }
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
@@ -872,8 +875,9 @@
struct berval der_dn;
int rc;
- tls_imp->ti_session_my_dn( session, &der_dn );
- rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
+ rc = tls_imp->ti_session_my_dn( session, &der_dn );
+ if ( rc == LDAP_SUCCESS )
+ rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
return rc;
}
#endif /* HAVE_TLS */
Modified: openldap/vendor/openldap-release/libraries/libldap/tls_g.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_g.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_g.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* tls_g.c - Handle tls/ssl using GNUTLS. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_g.c,v 1.6.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_g.c,v 1.6.2.5 2009/04/29 01:25:43 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -35,6 +35,8 @@
#include <ac/unistd.h>
#include <ac/param.h>
#include <ac/dirent.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include "ldap-int.h"
#include "ldap-tls.h"
@@ -290,6 +292,31 @@
ber_memfree ( c );
}
+static int
+tlsg_getfile( const char *path, gnutls_datum_t *buf )
+{
+ int rc = -1, fd;
+ struct stat st;
+
+ fd = open( path, O_RDONLY );
+ if ( fd >= 0 && fstat( fd, &st ) == 0 ) {
+ buf->size = st.st_size;
+ buf->data = LDAP_MALLOC( st.st_size + 1 );
+ if ( buf->data ) {
+ rc = read( fd, buf->data, st.st_size );
+ close( fd );
+ if ( rc < st.st_size )
+ rc = -1;
+ else
+ rc = 0;
+ }
+ }
+ return rc;
+}
+
+/* This is the GnuTLS default */
+#define VERIFY_DEPTH 6
+
/*
* initialize a new TLS context
*/
@@ -322,12 +349,59 @@
}
if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) {
- rc = gnutls_certificate_set_x509_key_file(
- ctx->cred,
- lt->lt_certfile,
- lt->lt_keyfile,
+ gnutls_x509_privkey_t key;
+ gnutls_datum_t buf;
+ gnutls_x509_crt_t certs[VERIFY_DEPTH];
+ unsigned int max = VERIFY_DEPTH;
+
+ rc = gnutls_x509_privkey_init( &key );
+ if ( rc ) return -1;
+
+ /* OpenSSL builds the cert chain for us, but GnuTLS
+ * expects it to be present in the certfile. If it's
+ * not, we have to build it ourselves. So we have to
+ * do some special checks here...
+ */
+ rc = tlsg_getfile( lt->lt_keyfile, &buf );
+ if ( rc ) return -1;
+ rc = gnutls_x509_privkey_import( key, &buf,
GNUTLS_X509_FMT_PEM );
+ LDAP_FREE( buf.data );
+ if ( rc < 0 ) return rc;
+
+ rc = tlsg_getfile( lt->lt_certfile, &buf );
if ( rc ) return -1;
+ rc = gnutls_x509_crt_list_import( certs, &max, &buf,
+ GNUTLS_X509_FMT_PEM, 0 );
+ LDAP_FREE( buf.data );
+ if ( rc < 0 ) return rc;
+
+ /* If there's only one cert and it's not self-signed,
+ * then we have to build the cert chain.
+ */
+ if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
+ gnutls_x509_crt_t *cas;
+ unsigned int i, j, ncas;
+
+ gnutls_certificate_get_x509_cas( ctx->cred, &cas, &ncas );
+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
+ for ( j = 0; j<ncas; j++ ) {
+ if ( gnutls_x509_crt_check_issuer( certs[i-1], cas[j] )) {
+ certs[i] = cas[j];
+ max++;
+ /* If this CA is self-signed, we're done */
+ if ( gnutls_x509_crt_check_issuer( cas[j], cas[j] ))
+ j = ncas;
+ break;
+ }
+ }
+ /* only continue if we found a CA and it was not self-signed */
+ if ( j == ncas )
+ break;
+ }
+ }
+ rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ if ( rc ) return -1;
} else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) {
Debug( LDAP_DEBUG_ANY,
"TLS: only one of certfile and keyfile specified\n",
@@ -349,6 +423,13 @@
if ( rc < 0 ) return -1;
rc = 0;
}
+
+ /* FIXME: ITS#5992 - this should go be configurable,
+ * and V1 CA certs should be phased out ASAP.
+ */
+ gnutls_certificate_set_verify_flags( ctx->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
+
if ( is_server ) {
gnutls_dh_params_init(&ctx->dh_params);
gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
@@ -402,9 +483,18 @@
rc = gnutls_handshake( s->session );
if ( rc == 0 && s->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
- rc = tlsg_cert_verify( s );
- if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW )
+ const gnutls_datum_t *peer_cert_list;
+ unsigned int list_size;
+
+ peer_cert_list = gnutls_certificate_get_peers( s->session,
+ &list_size );
+ if ( !peer_cert_list && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_TRY )
rc = 0;
+ else {
+ rc = tlsg_cert_verify( s );
+ if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW )
+ rc = 0;
+ }
}
return rc;
}
@@ -483,7 +573,7 @@
if (!x) return LDAP_INVALID_CREDENTIALS;
- bv.bv_val = x->data;
+ bv.bv_val = (char *) x->data;
bv.bv_len = x->size;
tlsg_x509_cert_dn( &bv, der_dn, 1 );
@@ -496,7 +586,7 @@
tlsg_session *s = (tlsg_session *)session;
if ( !s->peer_der_dn.bv_val ) {
const gnutls_datum_t *peer_cert_list;
- int list_size;
+ unsigned int list_size;
struct berval bv;
peer_cert_list = gnutls_certificate_get_peers( s->session,
@@ -504,7 +594,7 @@
if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS;
bv.bv_len = peer_cert_list->size;
- bv.bv_val = peer_cert_list->data;
+ bv.bv_val = (char *) peer_cert_list->data;
tlsg_x509_cert_dn( &bv, &s->peer_der_dn, 1 );
}
@@ -525,13 +615,11 @@
tlsg_session *s = (tlsg_session *)session;
int i, ret;
const gnutls_datum_t *peer_cert_list;
- int list_size;
- struct berval bv;
+ unsigned int list_size;
char altname[NI_MAXHOST];
size_t altnamesize;
gnutls_x509_crt_t cert;
- gnutls_datum_t *x;
const char *name;
char *ptr;
char *domain = NULL;
@@ -540,9 +628,8 @@
#else
struct in_addr addr;
#endif
- int n, len1 = 0, len2 = 0;
+ int len1 = 0, len2 = 0;
int ntype = IS_DNS;
- time_t now = time(0);
if( ldap_int_hostname &&
( !name_in || !strcasecmp( name_in, "localhost" ) ) )
@@ -896,7 +983,6 @@
{
struct tls_data *p;
ber_slen_t ret;
- int err;
assert( sbiod != NULL );
assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
@@ -929,7 +1015,6 @@
{
struct tls_data *p;
ber_slen_t ret;
- int err;
assert( sbiod != NULL );
assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
@@ -965,6 +1050,7 @@
unsigned int status = 0;
int err;
time_t now = time(0);
+ time_t peertime;
err = gnutls_certificate_verify_peers2( ssl->session, &status );
if ( err < 0 ) {
@@ -977,12 +1063,24 @@
status, 0,0 );
return -1;
}
- if ( gnutls_certificate_expiration_time_peers( ssl->session ) < now ) {
+ peertime = gnutls_certificate_expiration_time_peers( ssl->session );
+ if ( peertime == (time_t) -1 ) {
+ Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n",
+ 0, 0, 0 );
+ return -1;
+ }
+ if ( peertime < now ) {
Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n",
0, 0, 0 );
return -1;
}
- if ( gnutls_certificate_activation_time_peers( ssl->session ) > now ) {
+ peertime = gnutls_certificate_activation_time_peers( ssl->session );
+ if ( peertime == (time_t) -1 ) {
+ Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n",
+ 0, 0, 0 );
+ return -1;
+ }
+ if ( peertime > now ) {
Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n",
0, 0, 0 );
return -1;
Modified: openldap/vendor/openldap-release/libraries/libldap/tls_m.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_m.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_m.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* tls_m.c - Handle tls/ssl using Mozilla NSS. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_m.c,v 1.3.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_m.c,v 1.3.2.4 2009/07/06 19:31:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -13,7 +13,8 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
-/* ACKNOWLEDGEMENTS: written by Howard Chu.
+/* ACKNOWLEDGEMENTS: Initial version written by Howard Chu.
+ * Additional support by Rich Megginson.
*/
#include "portable.h"
@@ -24,6 +25,10 @@
#include <stdio.h>
+#if defined( HAVE_FCNTL_H )
+#include <fcntl.h>
+#endif
+
#include <ac/stdlib.h>
#include <ac/errno.h>
#include <ac/socket.h>
@@ -41,13 +46,33 @@
#include <ldap_pvt_thread.h>
#endif
+#define READ_PASSWORD_FROM_STDIN
+#define READ_PASSWORD_FROM_FILE
+
+#ifdef READ_PASSWORD_FROM_STDIN
+#include <termios.h> /* for echo on/off */
+#endif
+
#include <nspr.h>
+#include <private/pprio.h>
#include <nss.h>
#include <ssl.h>
+#include <sslproto.h>
+#include <pk11pub.h>
+#include <secerr.h>
+#include <keyhi.h>
typedef struct tlsm_ctx {
PRFileDesc *tc_model;
int tc_refcnt;
+ PRBool tc_verify_cert;
+ CERTCertDBHandle *tc_certdb;
+ char *tc_certname;
+ char *tc_pin_file;
+ struct ldaptls *tc_config;
+ int tc_is_server;
+ int tc_require_cert;
+ PRCallOnceType tc_callonce;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_t tc_refmutex;
#endif
@@ -59,8 +84,13 @@
static const PRIOMethods tlsm_PR_methods;
-extern tls_impl ldap_int_tls_impl;
+static int tlsm_did_init;
+#define DEFAULT_TOKEN_NAME "default"
+
+/* forward declaration */
+static int tlsm_init( void );
+
#ifdef LDAP_R_COMPILE
static void
@@ -70,35 +100,1085 @@
#endif /* LDAP_R_COMPILE */
+static const char *
+tlsm_dump_cipher_info(PRFileDesc *fd)
+{
+ PRUint16 ii;
+
+ for (ii = 0; ii < SSL_NumImplementedCiphers; ++ii) {
+ PRInt32 cipher = (PRInt32)SSL_ImplementedCiphers[ii];
+ PRBool enabled = PR_FALSE;
+ PRInt32 policy = 0;
+ SSLCipherSuiteInfo info;
+
+ if (fd) {
+ SSL_CipherPrefGet(fd, cipher, &enabled);
+ } else {
+ SSL_CipherPrefGetDefault(cipher, &enabled);
+ }
+ SSL_CipherPolicyGet(cipher, &policy);
+ SSL_GetCipherSuiteInfo(cipher, &info, (PRUintn)sizeof(info));
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: cipher: %d - %s, enabled: %d, ",
+ info.cipherSuite, info.cipherSuiteName, enabled );
+ Debug( LDAP_DEBUG_TRACE,
+ "policy: %d\n", policy, 0, 0 );
+ }
+
+ return "";
+}
+
+/* Cipher definitions */
+typedef struct {
+ char *ossl_name; /* The OpenSSL cipher name */
+ int num; /* The cipher id */
+ int attr; /* cipher attributes: algorithms, etc */
+ int version; /* protocol version valid for this cipher */
+ int bits; /* bits of strength */
+ int alg_bits; /* bits of the algorithm */
+ int strength; /* LOW, MEDIUM, HIGH */
+ int enabled; /* Enabled by default? */
+} cipher_properties;
+
+/* cipher attributes */
+#define SSL_kRSA 0x00000001L
+#define SSL_aRSA 0x00000002L
+#define SSL_aDSS 0x00000004L
+#define SSL_DSS SSL_aDSS
+#define SSL_eNULL 0x00000008L
+#define SSL_DES 0x00000010L
+#define SSL_3DES 0x00000020L
+#define SSL_RC4 0x00000040L
+#define SSL_RC2 0x00000080L
+#define SSL_AES 0x00000100L
+#define SSL_MD5 0x00000200L
+#define SSL_SHA1 0x00000400L
+#define SSL_SHA SSL_SHA1
+#define SSL_RSA (SSL_kRSA|SSL_aRSA)
+
+/* cipher strength */
+#define SSL_NULL 0x00000001L
+#define SSL_EXPORT40 0x00000002L
+#define SSL_EXPORT56 0x00000004L
+#define SSL_LOW 0x00000008L
+#define SSL_MEDIUM 0x00000010L
+#define SSL_HIGH 0x00000020L
+
+#define SSL2 0x00000001L
+#define SSL3 0x00000002L
+/* OpenSSL treats SSL3 and TLSv1 the same */
+#define TLS1 SSL3
+
+/* Cipher translation */
+static cipher_properties ciphers_def[] = {
+ /* SSL 2 ciphers */
+ {"DES-CBC3-MD5", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5, SSL2, 168, 168, SSL_HIGH, SSL_ALLOWED},
+ {"RC2-CBC-MD5", SSL_EN_RC2_128_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
+ {"RC4-MD5", SSL_EN_RC4_128_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
+ {"DES-CBC-MD5", SSL_EN_DES_64_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5, SSL2, 56, 56, SSL_LOW, SSL_ALLOWED},
+ {"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
+ {"EXP-RC4-MD5", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
+
+ /* SSL3 ciphers */
+ {"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
+ {"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_NOT_ALLOWED},
+ {"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED},
+ {"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED},
+ {"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
+ {"EXP-RC2-CBC-MD5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL3, 0, 0, SSL_EXPORT40, SSL_ALLOWED},
+ {"NULL-MD5", SSL_RSA_WITH_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
+ {"NULL-SHA", SSL_RSA_WITH_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA1, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
+
+ /* TLSv1 ciphers */
+ {"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
+ {"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
+ {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_NOT_ALLOWED},
+ {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_NOT_ALLOWED},
+};
+
+#define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
+
+/* given err which is the current errno, calls PR_SetError with
+ the corresponding NSPR error code */
+static void
+tlsm_map_error(int err)
+{
+ PRErrorCode prError;
+
+ switch ( err ) {
+ case EACCES:
+ prError = PR_NO_ACCESS_RIGHTS_ERROR;
+ break;
+ case EADDRINUSE:
+ prError = PR_ADDRESS_IN_USE_ERROR;
+ break;
+ case EADDRNOTAVAIL:
+ prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
+ break;
+ case EAFNOSUPPORT:
+ prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+ break;
+ case EAGAIN:
+ prError = PR_WOULD_BLOCK_ERROR;
+ break;
+ /*
+ * On QNX and Neutrino, EALREADY is defined as EBUSY.
+ */
+#if EALREADY != EBUSY
+ case EALREADY:
+ prError = PR_ALREADY_INITIATED_ERROR;
+ break;
+#endif
+ case EBADF:
+ prError = PR_BAD_DESCRIPTOR_ERROR;
+ break;
+#ifdef EBADMSG
+ case EBADMSG:
+ prError = PR_IO_ERROR;
+ break;
+#endif
+ case EBUSY:
+ prError = PR_FILESYSTEM_MOUNTED_ERROR;
+ break;
+ case ECONNABORTED:
+ prError = PR_CONNECT_ABORTED_ERROR;
+ break;
+ case ECONNREFUSED:
+ prError = PR_CONNECT_REFUSED_ERROR;
+ break;
+ case ECONNRESET:
+ prError = PR_CONNECT_RESET_ERROR;
+ break;
+ case EDEADLK:
+ prError = PR_DEADLOCK_ERROR;
+ break;
+#ifdef EDIRCORRUPTED
+ case EDIRCORRUPTED:
+ prError = PR_DIRECTORY_CORRUPTED_ERROR;
+ break;
+#endif
+#ifdef EDQUOT
+ case EDQUOT:
+ prError = PR_NO_DEVICE_SPACE_ERROR;
+ break;
+#endif
+ case EEXIST:
+ prError = PR_FILE_EXISTS_ERROR;
+ break;
+ case EFAULT:
+ prError = PR_ACCESS_FAULT_ERROR;
+ break;
+ case EFBIG:
+ prError = PR_FILE_TOO_BIG_ERROR;
+ break;
+ case EHOSTUNREACH:
+ prError = PR_HOST_UNREACHABLE_ERROR;
+ break;
+ case EINPROGRESS:
+ prError = PR_IN_PROGRESS_ERROR;
+ break;
+ case EINTR:
+ prError = PR_PENDING_INTERRUPT_ERROR;
+ break;
+ case EINVAL:
+ prError = PR_INVALID_ARGUMENT_ERROR;
+ break;
+ case EIO:
+ prError = PR_IO_ERROR;
+ break;
+ case EISCONN:
+ prError = PR_IS_CONNECTED_ERROR;
+ break;
+ case EISDIR:
+ prError = PR_IS_DIRECTORY_ERROR;
+ break;
+ case ELOOP:
+ prError = PR_LOOP_ERROR;
+ break;
+ case EMFILE:
+ prError = PR_PROC_DESC_TABLE_FULL_ERROR;
+ break;
+ case EMLINK:
+ prError = PR_MAX_DIRECTORY_ENTRIES_ERROR;
+ break;
+ case EMSGSIZE:
+ prError = PR_INVALID_ARGUMENT_ERROR;
+ break;
+#ifdef EMULTIHOP
+ case EMULTIHOP:
+ prError = PR_REMOTE_FILE_ERROR;
+ break;
+#endif
+ case ENAMETOOLONG:
+ prError = PR_NAME_TOO_LONG_ERROR;
+ break;
+ case ENETUNREACH:
+ prError = PR_NETWORK_UNREACHABLE_ERROR;
+ break;
+ case ENFILE:
+ prError = PR_SYS_DESC_TABLE_FULL_ERROR;
+ break;
+ /*
+ * On SCO OpenServer 5, ENOBUFS is defined as ENOSR.
+ */
+#if defined(ENOBUFS) && (ENOBUFS != ENOSR)
+ case ENOBUFS:
+ prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+ break;
+#endif
+ case ENODEV:
+ prError = PR_FILE_NOT_FOUND_ERROR;
+ break;
+ case ENOENT:
+ prError = PR_FILE_NOT_FOUND_ERROR;
+ break;
+ case ENOLCK:
+ prError = PR_FILE_IS_LOCKED_ERROR;
+ break;
+#ifdef ENOLINK
+ case ENOLINK:
+ prError = PR_REMOTE_FILE_ERROR;
+ break;
+#endif
+ case ENOMEM:
+ prError = PR_OUT_OF_MEMORY_ERROR;
+ break;
+ case ENOPROTOOPT:
+ prError = PR_INVALID_ARGUMENT_ERROR;
+ break;
+ case ENOSPC:
+ prError = PR_NO_DEVICE_SPACE_ERROR;
+ break;
+#ifdef ENOSR
+ case ENOSR:
+ prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+ break;
+#endif
+ case ENOTCONN:
+ prError = PR_NOT_CONNECTED_ERROR;
+ break;
+ case ENOTDIR:
+ prError = PR_NOT_DIRECTORY_ERROR;
+ break;
+ case ENOTSOCK:
+ prError = PR_NOT_SOCKET_ERROR;
+ break;
+ case ENXIO:
+ prError = PR_FILE_NOT_FOUND_ERROR;
+ break;
+ case EOPNOTSUPP:
+ prError = PR_NOT_TCP_SOCKET_ERROR;
+ break;
+#ifdef EOVERFLOW
+ case EOVERFLOW:
+ prError = PR_BUFFER_OVERFLOW_ERROR;
+ break;
+#endif
+ case EPERM:
+ prError = PR_NO_ACCESS_RIGHTS_ERROR;
+ break;
+ case EPIPE:
+ prError = PR_CONNECT_RESET_ERROR;
+ break;
+#ifdef EPROTO
+ case EPROTO:
+ prError = PR_IO_ERROR;
+ break;
+#endif
+ case EPROTONOSUPPORT:
+ prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR;
+ break;
+ case EPROTOTYPE:
+ prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+ break;
+ case ERANGE:
+ prError = PR_INVALID_METHOD_ERROR;
+ break;
+ case EROFS:
+ prError = PR_READ_ONLY_FILESYSTEM_ERROR;
+ break;
+ case ESPIPE:
+ prError = PR_INVALID_METHOD_ERROR;
+ break;
+ case ETIMEDOUT:
+ prError = PR_IO_TIMEOUT_ERROR;
+ break;
+#if EWOULDBLOCK != EAGAIN
+ case EWOULDBLOCK:
+ prError = PR_WOULD_BLOCK_ERROR;
+ break;
+#endif
+ case EXDEV:
+ prError = PR_NOT_SAME_DEVICE_ERROR;
+ break;
+ default:
+ prError = PR_UNKNOWN_ERROR;
+ break;
+ }
+ PR_SetError( prError, err );
+}
+
/*
- * Initialize TLS subsystem. Should be called only once.
+ * cipher_list is an integer array with the following values:
+ * -1: never enable this cipher
+ * 0: cipher disabled
+ * 1: cipher enabled
*/
static int
-tlsm_init( void )
+nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
{
- PR_Init(0, 0, 0);
+ int i;
+ char *cipher;
+ char *ciphers;
+ char *ciphertip;
+ int action;
+ int rv;
- tlsm_layer_id = PR_GetUniqueIdentity("OpenLDAP");
+ /* All disabled to start */
+ for (i=0; i<ciphernum; i++)
+ cipher_list[i] = 0;
+ ciphertip = strdup(cipherstr);
+ cipher = ciphers = ciphertip;
+
+ while (ciphers && (strlen(ciphers))) {
+ while ((*cipher) && (isspace(*cipher)))
+ ++cipher;
+
+ action = 1;
+ switch(*cipher) {
+ case '+': /* Add something */
+ action = 1;
+ cipher++;
+ break;
+ case '-': /* Subtract something */
+ action = 0;
+ cipher++;
+ break;
+ case '!': /* Disable something */
+ action = -1;
+ cipher++;
+ break;
+ default:
+ /* do nothing */
+ break;
+ }
+
+ if ((ciphers = strchr(cipher, ':'))) {
+ *ciphers++ = '\0';
+ }
+
+ /* Do the easy one first */
+ if (!strcmp(cipher, "ALL")) {
+ for (i=0; i<ciphernum; i++) {
+ if (!(ciphers_def[i].attr & SSL_eNULL))
+ cipher_list[i] = action;
+ }
+ } else if (!strcmp(cipher, "COMPLEMENTOFALL")) {
+ for (i=0; i<ciphernum; i++) {
+ if ((ciphers_def[i].attr & SSL_eNULL))
+ cipher_list[i] = action;
+ }
+ } else if (!strcmp(cipher, "DEFAULT")) {
+ for (i=0; i<ciphernum; i++) {
+ cipher_list[i] = ciphers_def[i].enabled == SSL_ALLOWED ? 1 : 0;
+ }
+ } else {
+ int mask = 0;
+ int strength = 0;
+ int protocol = 0;
+ char *c;
+
+ c = cipher;
+ while (c && (strlen(c))) {
+
+ if ((c = strchr(cipher, '+'))) {
+ *c++ = '\0';
+ }
+
+ if (!strcmp(cipher, "RSA")) {
+ mask |= SSL_RSA;
+ } else if ((!strcmp(cipher, "NULL")) || (!strcmp(cipher, "eNULL"))) {
+ mask |= SSL_eNULL;
+ } else if (!strcmp(cipher, "AES")) {
+ mask |= SSL_AES;
+ } else if (!strcmp(cipher, "3DES")) {
+ mask |= SSL_3DES;
+ } else if (!strcmp(cipher, "DES")) {
+ mask |= SSL_DES;
+ } else if (!strcmp(cipher, "RC4")) {
+ mask |= SSL_RC4;
+ } else if (!strcmp(cipher, "RC2")) {
+ mask |= SSL_RC2;
+ } else if (!strcmp(cipher, "MD5")) {
+ mask |= SSL_MD5;
+ } else if ((!strcmp(cipher, "SHA")) || (!strcmp(cipher, "SHA1"))) {
+ mask |= SSL_SHA1;
+ } else if (!strcmp(cipher, "SSLv2")) {
+ protocol |= SSL2;
+ } else if (!strcmp(cipher, "SSLv3")) {
+ protocol |= SSL3;
+ } else if (!strcmp(cipher, "TLSv1")) {
+ protocol |= TLS1;
+ } else if (!strcmp(cipher, "HIGH")) {
+ strength |= SSL_HIGH;
+ } else if (!strcmp(cipher, "MEDIUM")) {
+ strength |= SSL_MEDIUM;
+ } else if (!strcmp(cipher, "LOW")) {
+ strength |= SSL_LOW;
+ } else if ((!strcmp(cipher, "EXPORT")) || (!strcmp(cipher, "EXP"))) {
+ strength |= SSL_EXPORT40|SSL_EXPORT56;
+ } else if (!strcmp(cipher, "EXPORT40")) {
+ strength |= SSL_EXPORT40;
+ } else if (!strcmp(cipher, "EXPORT56")) {
+ strength |= SSL_EXPORT56;
+ }
+
+ if (c)
+ cipher = c;
+
+ } /* while */
+
+ /* If we have a mask, apply it. If not then perhaps they provided
+ * a specific cipher to enable.
+ */
+ if (mask || strength || protocol) {
+ for (i=0; i<ciphernum; i++) {
+ if (((ciphers_def[i].attr & mask) ||
+ (ciphers_def[i].strength & strength) ||
+ (ciphers_def[i].version & protocol)) &&
+ (cipher_list[i] != -1)) {
+ /* Enable the NULL ciphers only if explicity
+ * requested */
+ if (ciphers_def[i].attr & SSL_eNULL) {
+ if (mask & SSL_eNULL)
+ cipher_list[i] = action;
+ } else
+ cipher_list[i] = action;
+ }
+ }
+ } else {
+ for (i=0; i<ciphernum; i++) {
+ if (!strcmp(ciphers_def[i].ossl_name, cipher) &&
+ cipher_list[1] != -1)
+ cipher_list[i] = action;
+ }
+ }
+ }
+
+ if (ciphers)
+ cipher = ciphers;
+ }
+
+ /* See if any ciphers were enabled */
+ rv = 0;
+ for (i=0; i<ciphernum; i++) {
+ if (cipher_list[i] == 1)
+ rv = 1;
+ }
+
+ free(ciphertip);
+
+ return rv;
+}
+
+static int
+tlsm_parse_ciphers(tlsm_ctx *ctx, const char *str)
+{
+ int cipher_state[ciphernum];
+ int rv, i;
+
+ if (!ctx)
+ return 0;
+
+ rv = nss_parse_ciphers(str, cipher_state);
+
+ if (rv) {
+ /* First disable everything */
+ for (i = 0; i < SSL_NumImplementedCiphers; i++)
+ SSL_CipherPrefSet(ctx->tc_model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
+
+ /* Now enable what was requested */
+ for (i=0; i<ciphernum; i++) {
+ SSLCipherSuiteInfo suite;
+ PRBool enabled;
+
+ if (SSL_GetCipherSuiteInfo(ciphers_def[i].num, &suite, sizeof suite)
+ == SECSuccess) {
+ enabled = cipher_state[i] < 0 ? 0 : cipher_state[i];
+ if (enabled == SSL_ALLOWED) {
+ if (PK11_IsFIPS() && !suite.isFIPS)
+ enabled = SSL_NOT_ALLOWED;
+ }
+ SSL_CipherPrefSet(ctx->tc_model, ciphers_def[i].num, enabled);
+ }
+ }
+ }
+
+ return rv == 1 ? 0 : -1;
+}
+
+static SECStatus
+tlsm_bad_cert_handler(void *arg, PRFileDesc *ssl)
+{
+ SECStatus success = SECSuccess;
+ PRErrorCode err;
+ tlsm_ctx *ctx = (tlsm_ctx *)arg;
+
+ if (!ssl || !ctx) {
+ return SECFailure;
+ }
+
+ err = PORT_GetError();
+
+ switch (err) {
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ if (ctx->tc_verify_cert) {
+ success = SECFailure;
+ }
+ break;
+ default:
+ success = SECFailure;
+ break;
+ }
+
+ return success;
+}
+
+static const char *
+tlsm_dump_security_status(PRFileDesc *fd)
+{
+ char * cp; /* bulk cipher name */
+ char * ip; /* cert issuer DN */
+ char * sp; /* cert subject DN */
+ int op; /* High, Low, Off */
+ int kp0; /* total key bits */
+ int kp1; /* secret key bits */
+ SSL3Statistics * ssl3stats = SSL_GetStatistics();
+
+ SSL_SecurityStatus( fd, &op, &cp, &kp0, &kp1, &ip, &sp );
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS certificate verification: subject: %s, issuer: %s, cipher: %s, ",
+ sp ? sp : "-unknown-", ip ? ip : "-unknown-", cp ? cp : "-unknown-" );
+ PR_Free(cp);
+ PR_Free(ip);
+ PR_Free(sp);
+ Debug( LDAP_DEBUG_TRACE,
+ "security level: %s, secret key bits: %d, total key bits: %d, ",
+ ((op == SSL_SECURITY_STATUS_ON_HIGH) ? "high" :
+ ((op == SSL_SECURITY_STATUS_ON_LOW) ? "low" : "off")),
+ kp1, kp0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "cache hits: %ld, cache misses: %ld, cache not reusable: %ld\n",
+ ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+ ssl3stats->hch_sid_cache_not_ok );
+
+ return "";
+}
+
+static SECStatus
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
+ PRBool checksig, PRBool isServer)
+{
+ SECStatus ret = SSL_AuthCertificate(arg, fd, checksig, isServer);
+
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS certificate verification: %s: %s,",
+ ret == SECSuccess ? "ok" : "bad",
+ tlsm_dump_security_status( fd ), 0 );
+
+ if ( ret != SECSuccess ) {
+ PRErrorCode errcode = PORT_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS certificate verification: Error, %d: %s\n",
+ errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ) ;
+ }
+
+ return ret;
+}
+
+static char *
+tlsm_dirname(const char *pathname)
+{
+ char *ret = NULL;
+ char *p = NULL;
+ char sep = PR_GetDirectorySeparator();
+
+ if (pathname && (p = PL_strrchr(pathname, sep)) && (p > pathname)) {
+ ret = PL_strndup(pathname, (p - pathname));
+ }
+
+ return ret;
+}
+
+/*
+ * This is the part of the init we defer until we get the
+ * actual security configuration information. This is
+ * only called once, protected by a PRCallOnce
+ * NOTE: This must be done before the first call to SSL_ImportFD,
+ * especially the setting of the policy
+ * NOTE: This must be called after fork()
+ */
+static int
+tlsm_deferred_init( void *arg )
+{
+ tlsm_ctx *ctx = (tlsm_ctx *)arg;
+ struct ldaptls *lt = ctx->tc_config;
+ char *securitydir = NULL;
+ int needfree = 0;
+ char *val;
+ PRErrorCode errcode;
+
+ /* NSS support for multi-init is coming */
+#ifndef NSS_MULTI_INIT
if ( !NSS_IsInitialized() ) {
- NSS_NoDB_Init("");
+#endif /* NSS_MULTI_INIT */
+ /*
+ MOZNSS_DIR will override everything else - you can
+ always set MOZNSS_DIR to force the use of this
+ directory
+ DEFAULT_MOZNSS_DIR will only be used if the code cannot
+ find a security dir to use based on the current
+ settings
+ */
+ if ( (val = PR_GetEnv( "MOZNSS_DIR" ) ) && (*val) ) {
+ securitydir = PL_strdup( val );
+ needfree = 1;
+ } else if ( lt->lt_cacertdir ) {
+ securitydir = lt->lt_cacertdir;
+ } else if ( lt->lt_cacertfile ) {
+ securitydir = tlsm_dirname( lt->lt_cacertfile );
+ needfree = 1;
+ } else if ( lt->lt_certfile ) {
+ securitydir = tlsm_dirname( lt->lt_certfile );
+ needfree = 1;
+ } else if ( lt->lt_keyfile ) {
+ securitydir = tlsm_dirname( lt->lt_keyfile );
+ needfree = 1;
+ } else if ( (val = PR_GetEnv( "DEFAULT_MOZNSS_DIR" ) ) && (*val) ) {
+ securitydir = PL_strdup( val );
+ needfree = 1;
+ } else {
+ securitydir = "/etc/pki/nssdb";
+ }
+ if ( NSS_Initialize( securitydir, "", "", SECMOD_DB, NSS_INIT_READONLY ) ) {
+ errcode = PORT_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not initialize moznss using security dir %s - error %d:%s.\n",
+ securitydir, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ if ( needfree ) {
+ PL_strfree( securitydir );
+ }
+ return -1;
+ }
+
+ if ( needfree ) {
+ PL_strfree( securitydir );
+ }
+
NSS_SetDomesticPolicy();
+ tlsm_did_init = 1; /* we did the init - we should also clean up */
+#ifndef NSS_MULTI_INIT
}
+#endif /* NSS_MULTI_INIT */
- /* No cipher suite handling for now */
-
return 0;
}
+#ifdef READ_PASSWORD_FROM_FILE
+static char *
+tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
+{
+ char *pwdstr = NULL;
+ char *contents = NULL;
+ char *lasts = NULL;
+ char *line = NULL;
+ char *candidate = NULL;
+ PRFileInfo file_info;
+ PRFileDesc *pwd_fileptr = PR_Open( ctx->tc_pin_file, PR_RDONLY, 00400 );
+
+ /* open the password file */
+ if ( !pwd_fileptr ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not open security pin file %s - error %d:%s.\n",
+ ctx->tc_pin_file, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ }
+
+ /* get the file size */
+ if ( PR_SUCCESS != PR_GetFileInfo( ctx->tc_pin_file, &file_info ) ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not get file info from pin file %s - error %d:%s.\n",
+ ctx->tc_pin_file, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ }
+
+ /* create a buffer to hold the file contents */
+ if ( !( contents = PR_MALLOC( file_info.size + 1 ) ) ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n",
+ ctx->tc_pin_file, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ }
+
+ /* read file into the buffer */
+ if( PR_Read( pwd_fileptr, contents, file_info.size ) <= 0 ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not read the file contents from pin file %s - error %d:%s.\n",
+ ctx->tc_pin_file, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ }
+
+ /* format is [tokenname:]password EOL [tokenname:]password EOL ... */
+ /* if you want to use a password containing a colon character, use
+ the special tokenname "default" */
+ for ( line = PL_strtok_r( contents, "\r\n", &lasts ); line;
+ line = PL_strtok_r( NULL, "\r\n", &lasts ) ) {
+ char *colon;
+
+ if ( !*line ) {
+ continue; /* skip blank lines */
+ }
+ colon = PL_strchr( line, ':' );
+ if ( colon ) {
+ if ( *(colon + 1) && token_name &&
+ !PL_strncmp( token_name, line, colon-line ) ) {
+ candidate = colon + 1; /* found a definite match */
+ break;
+ } else if ( !PL_strncmp( DEFAULT_TOKEN_NAME, line, colon-line ) ) {
+ candidate = colon + 1; /* found possible match */
+ }
+ } else { /* no token name */
+ candidate = line;
+ }
+ }
+done:
+ if ( pwd_fileptr ) {
+ PR_Close( pwd_fileptr );
+ }
+ if ( candidate ) {
+ pwdstr = PL_strdup( candidate );
+ }
+ PL_strfree( contents );
+
+ return pwdstr;
+}
+#endif /* READ_PASSWORD_FROM_FILE */
+
+#ifdef READ_PASSWORD_FROM_STDIN
/*
+ * Turn the echoing off on a tty.
+ */
+static void
+echoOff(int fd)
+{
+ if ( isatty( fd ) ) {
+ struct termios tio;
+ tcgetattr( fd, &tio );
+ tio.c_lflag &= ~ECHO;
+ tcsetattr( fd, TCSAFLUSH, &tio );
+ }
+}
+
+/*
+ * Turn the echoing on on a tty.
+ */
+static void
+echoOn(int fd)
+{
+ if ( isatty( fd ) ) {
+ struct termios tio;
+ tcgetattr( fd, &tio );
+ tio.c_lflag |= ECHO;
+ tcsetattr( fd, TCSAFLUSH, &tio );
+ tcsetattr( fd, TCSAFLUSH, &tio );
+ }
+}
+#endif /* READ_PASSWORD_FROM_STDIN */
+
+/*
+ * This does the actual work of reading the pin/password/pass phrase
+ */
+static char *
+tlsm_get_pin(PK11SlotInfo *slot, PRBool retry, tlsm_ctx *ctx)
+{
+ char *token_name = NULL;
+ char *pwdstr = NULL;
+
+ token_name = PK11_GetTokenName( slot );
+#ifdef READ_PASSWORD_FROM_FILE
+ /* Try to get the passwords from the password file if it exists.
+ * THIS IS UNSAFE and is provided for convenience only. Without this
+ * capability the server would have to be started in foreground mode
+ * if using an encrypted key.
+ */
+ if ( ctx->tc_pin_file ) {
+ pwdstr = tlsm_get_pin_from_file( token_name, ctx );
+ }
+#endif /* RETRIEVE_PASSWORD_FROM_FILE */
+#ifdef READ_PASSWORD_FROM_STDIN
+ if ( !pwdstr ) {
+ int infd = PR_FileDesc2NativeHandle( PR_STDIN );
+ int isTTY = isatty( infd );
+ unsigned char phrase[200];
+ /* Prompt for password */
+ if ( isTTY ) {
+ fprintf( stdout,
+ "Please enter pin, password, or pass phrase for security token '%s': ",
+ token_name ? token_name : DEFAULT_TOKEN_NAME );
+ echoOff( infd );
+ }
+ fgets( (char*)phrase, sizeof(phrase), stdin );
+ if ( isTTY ) {
+ fprintf( stdout, "\n" );
+ echoOn( infd );
+ }
+ /* stomp on newline */
+ phrase[strlen((char*)phrase)-1] = 0;
+
+ pwdstr = PL_strdup( (char*)phrase );
+ }
+
+#endif /* READ_PASSWORD_FROM_STDIN */
+ return pwdstr;
+}
+
+/*
+ * PKCS11 devices (including the internal softokn cert/key database)
+ * may be protected by a pin or password or even pass phrase
+ * MozNSS needs a way for the user to provide that
+ */
+static char *
+tlsm_pin_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+ tlsm_ctx *ctx = (tlsm_ctx *)arg;
+
+ return tlsm_get_pin( slot, retry, ctx );
+}
+
+static int
+tlsm_authenticate( tlsm_ctx *ctx, const char *certname, const char *pininfo )
+{
+ const char *colon = NULL;
+ char *token_name = NULL;
+ PK11SlotInfo *slot = NULL;
+ int rc = -1;
+
+ if ( !certname || !*certname ) {
+ return 0;
+ }
+
+ PK11_SetPasswordFunc( tlsm_pin_prompt );
+
+ if ( ( colon = PL_strchr( certname, ':' ) ) ) {
+ token_name = PL_strndup( certname, colon-certname );
+ }
+
+ if ( token_name ) {
+ slot = PK11_FindSlotByName( token_name );
+ } else {
+ slot = PK11_GetInternalKeySlot();
+ }
+
+ if ( !slot ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not find the slot for security token %s - error %d:%s.\n",
+ token_name ? token_name : DEFAULT_TOKEN_NAME, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ }
+
+ if ( pininfo ) {
+ PL_strfree( ctx->tc_pin_file );
+ ctx->tc_pin_file = PL_strdup( pininfo );
+ }
+
+ if ( PK11_NeedLogin( slot ) &&
+ ( SECSuccess != PK11_Authenticate( slot, PR_FALSE, ctx ) ) ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not authenticate to the security token %s - error %d:%s.\n",
+ token_name ? token_name : DEFAULT_TOKEN_NAME, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ goto done;
+ } else {
+ rc = 0; /* success */
+ }
+
+done:
+ PL_strfree( token_name );
+ if ( slot ) {
+ PK11_FreeSlot( slot );
+ }
+
+ return rc;
+}
+
+/*
+ * Find and verify the certificate.
+ * Either fd is given, in which case the cert will be taken from it via SSL_PeerCertificate
+ * or certname is given, and it will be searched for by name
+ */
+static int
+tlsm_find_and_verify_cert_key(tlsm_ctx *ctx, PRFileDesc *fd, const char *certname, int isServer, CERTCertificate **pRetCert, SECKEYPrivateKey **pRetKey)
+{
+ CERTCertificate *cert = NULL;
+ int rc = -1;
+ void *pin_arg = NULL;
+ SECKEYPrivateKey *key = NULL;
+
+ pin_arg = SSL_RevealPinArg( fd );
+ if ( certname ) {
+ cert = PK11_FindCertFromNickname( certname, pin_arg );
+ if ( !cert ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: the certificate %s could not be found in the database - error %d:%s\n",
+ certname, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ return -1;
+ }
+ } else {
+ /* we are verifying the peer cert
+ we also need to swap the isServer meaning */
+ cert = SSL_PeerCertificate( fd );
+ if ( !cert ) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not get the certificate from the peer connection - error %d:%s\n",
+ errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), NULL );
+ return -1;
+ }
+ isServer = !isServer; /* verify the peer's cert instead */
+ }
+
+ key = PK11_FindKeyByAnyCert( cert, pin_arg );
+ if (key) {
+ SECCertificateUsage certUsage;
+ PRBool checkSig = PR_TRUE;
+ SECStatus status;
+
+ if ( pRetKey ) {
+ *pRetKey = key; /* caller will deal with this */
+ } else {
+ SECKEY_DestroyPrivateKey( key );
+ }
+ if ( isServer ) {
+ certUsage = certificateUsageSSLServer;
+ } else {
+ certUsage = certificateUsageSSLClient;
+ }
+ if ( ctx->tc_verify_cert ) {
+ checkSig = PR_TRUE;
+ } else {
+ checkSig = PR_FALSE;
+ }
+ status = CERT_VerifyCertificateNow( ctx->tc_certdb, cert,
+ checkSig, certUsage,
+ pin_arg, NULL );
+ if (status != SECSuccess) {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: the certificate %s is not valid - error %d:%s\n",
+ certname, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ } else {
+ rc = 0; /* success */
+ }
+ } else {
+ PRErrorCode errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not find the private key for certificate %s - error %d:%s\n",
+ certname, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ }
+
+ if ( pRetCert ) {
+ *pRetCert = cert; /* caller will deal with this */
+ } else {
+ CERT_DestroyCertificate( cert );
+ }
+
+ return rc;
+}
+
+static int
+tlsm_get_client_auth_data( void *arg, PRFileDesc *fd,
+ CERTDistNames *caNames, CERTCertificate **pRetCert,
+ SECKEYPrivateKey **pRetKey )
+{
+ tlsm_ctx *ctx = (tlsm_ctx *)arg;
+ int rc;
+
+ /* don't need caNames - this function will call CERT_VerifyCertificateNow
+ which will verify the cert against the known CAs */
+ rc = tlsm_find_and_verify_cert_key( ctx, fd, ctx->tc_certname, 0, pRetCert, pRetKey );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to perform client certificate authentication for "
+ "certificate named %s\n", ctx->tc_certname, 0, 0 );
+ return SECFailure;
+ }
+
+ return SECSuccess;
+}
+
+/*
+ * ctx must have a tc_model that is valid
+ * certname is in the form [<tokenname>:]<certnickname>
+ * where <tokenname> is the name of the PKCS11 token
+ * and <certnickname> is the nickname of the cert/key in
+ * the database
+*/
+static int
+tlsm_clientauth_init( tlsm_ctx *ctx, const char *certname )
+{
+ SECStatus status = SECFailure;
+ int rc;
+
+ PL_strfree( ctx->tc_certname );
+ rc = tlsm_find_and_verify_cert_key( ctx, ctx->tc_model, certname, 0, NULL, NULL );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to set up client certificate authentication for "
+ "certificate named %s\n", certname, 0, 0 );
+ return -1;
+ }
+
+ ctx->tc_certname = PL_strdup( certname );
+
+ status = SSL_GetClientAuthDataHook( ctx->tc_model,
+ tlsm_get_client_auth_data,
+ (void *)ctx );
+
+ return ( status == SECSuccess ? 0 : -1 );
+}
+
+/*
* Tear down the TLS subsystem. Should only be called once.
*/
static void
tlsm_destroy( void )
{
- NSS_Shutdown();
+ /* Only if we did the actual initialization */
+ if ( tlsm_did_init ) {
+ tlsm_did_init = 0;
+ SSL_ShutdownServerSessionIDCache();
+ SSL_ClearSessionCache();
+ NSS_Shutdown();
+ }
+
PR_Cleanup();
}
@@ -109,23 +1189,20 @@
ctx = LDAP_MALLOC( sizeof (*ctx) );
if ( ctx ) {
- PRFileDesc *fd = PR_CreateIOLayerStub(tlsm_layer_id, &tlsm_PR_methods);
- if ( fd ) {
- ctx->tc_model = SSL_ImportFD( NULL, fd );
- if ( ctx->tc_model ) {
- ctx->tc_refcnt = 1;
+ ctx->tc_refcnt = 1;
#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
+ ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
#endif
- } else {
- PR_DELETE( fd );
- LDAP_FREE( ctx );
- ctx = NULL;
- }
- } else {
- LDAP_FREE( ctx );
- ctx = NULL;
- }
+ ctx->tc_config = &lo->ldo_tls_info; /* pointer into lo structure - must have global scope and must not go away before we can do real init */
+ ctx->tc_certdb = NULL;
+ ctx->tc_certname = NULL;
+ ctx->tc_pin_file = NULL;
+ ctx->tc_model = NULL;
+ memset(&ctx->tc_callonce, 0, sizeof(ctx->tc_callonce));
+ ctx->tc_require_cert = lo->ldo_tls_require_cert;
+ } else {
+ LDAP_FREE( ctx );
+ ctx = NULL;
}
return (tls_ctx *)ctx;
}
@@ -161,6 +1238,11 @@
if ( refcount )
return;
PR_Close( c->tc_model );
+ c->tc_certdb = NULL; /* if not the default, may have to clean up */
+ PL_strfree( c->tc_certname );
+ c->tc_certname = NULL;
+ PL_strfree( c->tc_pin_file );
+ c->tc_pin_file = NULL;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_destroy( &c->tc_refmutex );
#endif
@@ -173,71 +1255,289 @@
static int
tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
{
- tlsm_ctx *ctx = lo->ldo_tls_ctx;
- int rc;
+ tlsm_ctx *ctx = (tlsm_ctx *)lo->ldo_tls_ctx;
+ ctx->tc_is_server = is_server;
- SSL_OptionSet( ctx->tc_model, SSL_SECURITY, PR_TRUE );
- SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !is_server );
- SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_SERVER, is_server );
+ return 0;
+}
- /* See SECMOD_OpenUserDB() */
-#if 0
- if ( lo->ldo_tls_ciphersuite &&
- tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
+static int
+tlsm_deferred_ctx_init( void *arg )
+{
+ tlsm_ctx *ctx = (tlsm_ctx *)arg;
+ PRBool sslv2 = PR_FALSE;
+ PRBool sslv3 = PR_TRUE;
+ PRBool tlsv1 = PR_TRUE;
+ PRBool request_cert = PR_FALSE;
+ PRInt32 require_cert = PR_FALSE;
+ PRFileDesc *fd;
+ struct ldaptls *lt;
+
+ if ( tlsm_deferred_init( ctx ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could perform TLS system initialization.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ ctx->tc_certdb = CERT_GetDefaultCertDB(); /* replace with multi-init db call */
+
+ fd = PR_CreateIOLayerStub( tlsm_layer_id, &tlsm_PR_methods );
+ if ( fd ) {
+ ctx->tc_model = SSL_ImportFD( NULL, fd );
+ }
+
+ if ( !ctx->tc_model ) {
+ PRErrorCode err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could perform TLS socket I/O layer initialization - error %d:%s.\n",
+ err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
+
+ if ( fd ) {
+ PR_Close( fd );
+ }
+ return -1;
+ }
+
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_SECURITY, PR_TRUE ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set secure mode on.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ lt = ctx->tc_config;
+
+ /* default is sslv3 and tlsv1 */
+ if ( lt->lt_protocol_min ) {
+ if ( lt->lt_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 ) {
+ sslv3 = PR_FALSE;
+ } else if ( lt->lt_protocol_min <= LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) {
+ sslv2 = PR_TRUE;
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: warning: minimum TLS protocol level set to "
+ "include SSLv2 - SSLv2 is insecure - do not use\n", 0, 0, 0 );
+ }
+ }
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL2, sslv2 ) ) {
Debug( LDAP_DEBUG_ANY,
- "TLS: could not set cipher list %s.\n",
- lo->ldo_tls_ciphersuite, 0, 0 );
+ "TLS: could not set SSLv2 mode on.\n",
+ 0, 0, 0 );
return -1;
+ }
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_SSL3, sslv3 ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set SSLv3 mode on.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_ENABLE_TLS, tlsv1 ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set TLSv1 mode on.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !ctx->tc_is_server ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set handshake as client.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_SERVER, ctx->tc_is_server ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set handshake as server.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ if ( lt->lt_ciphersuite &&
+ tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set cipher list %s.\n",
+ lt->lt_ciphersuite, 0, 0 );
+ return -1;
}
- if (lo->ldo_tls_cacertdir != NULL) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: warning: cacertdir not implemented for gnutls\n",
- NULL, NULL, NULL );
+ if ( ctx->tc_require_cert ) {
+ request_cert = PR_TRUE;
+ require_cert = SSL_REQUIRE_NO_ERROR;
+ if ( ctx->tc_require_cert == LDAP_OPT_X_TLS_DEMAND ||
+ ctx->tc_require_cert == LDAP_OPT_X_TLS_HARD ) {
+ require_cert = SSL_REQUIRE_ALWAYS;
+ }
+ ctx->tc_verify_cert = PR_TRUE;
+ } else {
+ ctx->tc_verify_cert = PR_FALSE;
}
- if (lo->ldo_tls_cacertfile != NULL) {
- rc = gnutls_certificate_set_x509_trust_file(
- ctx->cred,
- lt->lt_cacertfile,
- GNUTLS_X509_FMT_PEM );
- if ( rc < 0 ) return -1;
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUEST_CERTIFICATE, request_cert ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set request certificate mode.\n",
+ 0, 0, 0 );
+ return -1;
}
+
+ if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_REQUIRE_CERTIFICATE, require_cert ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set require certificate mode.\n",
+ 0, 0, 0 );
+ return -1;
+ }
- if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) {
- rc = gnutls_certificate_set_x509_key_file(
- ctx->cred,
- lt->lt_certfile,
- lt->lt_keyfile,
- GNUTLS_X509_FMT_PEM );
- if ( rc ) return -1;
- } else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) {
+ /* Set up callbacks for use by clients */
+ if ( !ctx->tc_is_server ) {
+ if ( SSL_OptionSet( ctx->tc_model, SSL_NO_CACHE, PR_TRUE ) != SECSuccess ) {
+ PRErrorCode err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not set nocache option for moznss - error %d:%s\n",
+ err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
+ return -1;
+ }
+
+ if ( SSL_BadCertHook( ctx->tc_model, tlsm_bad_cert_handler, ctx ) != SECSuccess ) {
+ PRErrorCode err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not set bad cert handler for moznss - error %d:%s\n",
+ err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
+ return -1;
+ }
+
+ /* we don't currently support import of cert/key pair - assume the certfile
+ is really the name of a cert/key in the database in the form of
+ tokenname:certname - also assume since this is specified, the caller
+ wants to attempt client cert auth */
+ if ( lt->lt_certfile ) {
+ if ( tlsm_authenticate( ctx, lt->lt_certfile, lt->lt_keyfile ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to authenticate to the security device for certificate %s\n",
+ lt->lt_certfile, 0, 0 );
+ return -1;
+ }
+ if ( tlsm_clientauth_init( ctx, lt->lt_certfile ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to set up client certificate authentication using %s\n",
+ lt->lt_certfile, 0, 0 );
+ return -1;
+ }
+ }
+ } else { /* set up secure server */
+ SSLKEAType certKEA;
+ CERTCertificate *serverCert;
+ SECKEYPrivateKey *serverKey;
+ SECStatus status;
+
+ /* must have a certificate for the server to use */
+ if ( !lt->lt_certfile ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: no server certificate: must specify a certificate for the server to use\n",
+ 0, 0, 0 );
+ return -1;
+ }
+
+ /* authenticate to the server's token - this will do nothing
+ if the key/cert db is not password protected */
+ if ( tlsm_authenticate( ctx, lt->lt_certfile, lt->lt_keyfile ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to authenticate to the security device for certificate %s\n",
+ lt->lt_certfile, 0, 0 );
+ return -1;
+ }
+
+ /* get the server's key and cert */
+ if ( tlsm_find_and_verify_cert_key( ctx, ctx->tc_model, lt->lt_certfile, ctx->tc_is_server,
+ &serverCert, &serverKey ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to find and verify server's cert and key for certificate %s\n",
+ lt->lt_certfile, 0, 0 );
+ return -1;
+ }
+
+ certKEA = NSS_FindCertKEAType( serverCert );
+ /* configure the socket to be a secure server socket */
+ status = SSL_ConfigSecureServer( ctx->tc_model, serverCert, serverKey, certKEA );
+ /* SSL_ConfigSecureServer copies these */
+ CERT_DestroyCertificate( serverCert );
+ SECKEY_DestroyPrivateKey( serverKey );
+
+ if ( SECSuccess != status ) {
+ PRErrorCode err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: unable to configure secure server using certificate %s - error %d:%s\n",
+ lt->lt_certfile, err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) );
+ return -1;
+ }
+ }
+
+ /* Callback for authenticating certificate */
+ if ( SSL_AuthCertificateHook( ctx->tc_model, tlsm_auth_cert_handler,
+ ctx->tc_certdb ) != SECSuccess ) {
+ PRErrorCode err = PR_GetError();
Debug( LDAP_DEBUG_ANY,
- "TLS: only one of certfile and keyfile specified\n",
- NULL, NULL, NULL );
+ "TLS: error: could not set auth cert handler for moznss - error %d:%s\n",
+ err, PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ), NULL );
return -1;
}
- if ( lo->ldo_tls_dhfile ) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: warning: ignoring dhfile\n",
- NULL, NULL, NULL );
+ return 0;
+}
+
+struct tls_data {
+ tlsm_session *session;
+ Sockbuf_IO_Desc *sbiod;
+ /* there seems to be no portable way to determine if the
+ sockbuf sd has been set to nonblocking mode - the
+ call to ber_pvt_socket_set_nonblock() takes place
+ before the tls socket is set up, so we cannot
+ intercept that call either.
+ On systems where fcntl is available, we can just
+ F_GETFL and test for O_NONBLOCK. On other systems,
+ we will just see if the IO op returns EAGAIN or EWOULDBLOCK,
+ and just set this flag */
+ PRBool nonblock;
+};
+
+static int
+tlsm_is_io_ready( PRFileDesc *fd, PRInt16 in_flags, PRInt16 *out_flags )
+{
+ struct tls_data *p;
+ PRFileDesc *pollfd = NULL;
+ PRFileDesc *myfd;
+ PRPollDesc polldesc;
+ int rc;
+
+ myfd = PR_GetIdentitiesLayer( fd, tlsm_layer_id );
+
+ if ( !myfd ) {
+ return 0;
}
- if ( lo->ldo_tls_crlfile ) {
- rc = gnutls_certificate_set_x509_crl_file(
- ctx->cred,
- lt->lt_crlfile,
- GNUTLS_X509_FMT_PEM );
- if ( rc < 0 ) return -1;
- rc = 0;
+ p = (struct tls_data *)myfd->secret;
+
+ if ( p == NULL || p->sbiod == NULL ) {
+ return 0;
}
- if ( is_server ) {
- gnutls_dh_params_init(&ctx->dh_params);
- gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
+
+ /* wrap the sockbuf fd with a NSPR FD created especially
+ for use with polling, and only with polling */
+ pollfd = PR_CreateSocketPollFd( p->sbiod->sbiod_sb->sb_fd );
+ polldesc.fd = pollfd;
+ polldesc.in_flags = in_flags;
+ polldesc.out_flags = 0;
+
+ /* do the poll - no waiting, no blocking */
+ rc = PR_Poll( &polldesc, 1, PR_INTERVAL_NO_WAIT );
+
+ /* unwrap the socket */
+ PR_DestroySocketPollFd( pollfd );
+
+ /* rc will be either 1 if IO is ready, 0 if IO is not
+ ready, or -1 if there was some error (and the caller
+ should use PR_GetError() to figure out what */
+ if (out_flags) {
+ *out_flags = polldesc.out_flags;
}
-#endif
- return 0;
+ return rc;
}
static tls_session *
@@ -246,8 +1546,19 @@
tlsm_ctx *c = (tlsm_ctx *)ctx;
tlsm_session *session;
PRFileDesc *fd;
+ PRStatus status;
- fd = PR_CreateIOLayerStub(tlsm_layer_id, &tlsm_PR_methods);
+ c->tc_is_server = is_server;
+ status = PR_CallOnceWithArg( &c->tc_callonce, tlsm_deferred_ctx_init, c );
+ if ( PR_SUCCESS != status ) {
+ PRErrorCode err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not initialize moznss security context - error %d:%s\n",
+ err, PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT), NULL );
+ return NULL;
+ }
+
+ fd = PR_CreateIOLayerStub( tlsm_layer_id, &tlsm_PR_methods );
if ( !fd ) {
return NULL;
}
@@ -258,7 +1569,10 @@
return NULL;
}
- SSL_ResetHandshake( session, is_server );
+ if ( is_server ) {
+ /* 0 means use the defaults here */
+ SSL_ConfigServerSessionIDCache( 0, 0, 0, NULL );
+ }
return (tls_session *)session;
}
@@ -267,8 +1581,79 @@
tlsm_session_accept( tls_session *session )
{
tlsm_session *s = (tlsm_session *)session;
+ int rc;
+ PRErrorCode err;
+ int waitcounter = 0;
- return SSL_ForceHandshake( s );
+ rc = SSL_ResetHandshake( s, PR_TRUE /* server */ );
+ if (rc) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: accept - reset handshake failure %d - error %d:%s\n",
+ rc, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ }
+
+ do {
+ PRInt32 filesReady;
+ PRInt16 in_flags;
+ PRInt16 out_flags;
+
+ errno = 0;
+ rc = SSL_ForceHandshake( s );
+ if (rc == SECSuccess) {
+ rc = 0;
+ break; /* done */
+ }
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: accept - force handshake failure %d - error %d waitcounter %d\n",
+ errno, err, waitcounter );
+ if ( errno == EAGAIN || errno == EWOULDBLOCK ) {
+ waitcounter++;
+ in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
+ out_flags = 0;
+ errno = 0;
+ filesReady = tlsm_is_io_ready( s, in_flags, &out_flags );
+ if ( filesReady < 0 ) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: accept - error waiting for socket to be ready: %d - error %d:%s\n",
+ errno, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ rc = -1;
+ break; /* hard error */
+ } else if ( out_flags & PR_POLL_NVAL ) {
+ PR_SetError(PR_BAD_DESCRIPTOR_ERROR, 0);
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: accept failure - invalid socket\n",
+ NULL, NULL, NULL );
+ rc = -1;
+ break;
+ } else if ( out_flags & PR_POLL_EXCEPT ) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: accept - error waiting for socket to be ready: %d - error %d:%s\n",
+ errno, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ rc = -1;
+ break; /* hard error */
+ }
+ } else { /* hard error */
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: accept - force handshake failure: %d - error %d:%s\n",
+ errno, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ rc = -1;
+ break; /* hard error */
+ }
+ } while (rc == SECFailure);
+
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: accept completed after %d waits\n", waitcounter, NULL, NULL );
+
+ return rc;
}
static int
@@ -276,10 +1661,37 @@
{
tlsm_session *s = (tlsm_session *)session;
int rc;
+ PRErrorCode err;
/* By default, NSS checks the cert hostname for us */
+ rc = SSL_ResetHandshake( s, PR_FALSE /* server */ );
+ if (rc) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: connect - reset handshake failure %d - error %d:%s\n",
+ rc, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ }
+
rc = SSL_SetURL( s, ld->ld_options.ldo_defludp->lud_host );
- return SSL_ForceHandshake( s );
+ if (rc) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: connect - seturl failure %d - error %d:%s\n",
+ rc, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ }
+
+ rc = SSL_ForceHandshake( s );
+ if (rc) {
+ err = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: connect - force handshake failure %d - error %d:%s\n",
+ rc, err,
+ err ? PR_ErrorToString( err, PR_LANGUAGE_I_DEFAULT ) : "unknown" );
+ }
+
+ return rc;
}
static int
@@ -342,172 +1754,11 @@
return 0;
}
-/* what kind of hostname were we given? */
-#define IS_DNS 0
-#define IS_IP4 1
-#define IS_IP6 2
-
static int
tlsm_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
{
/* NSS already does a hostname check */
-#if 0
- int i, ret;
- const gnutls_datum_t *peer_cert_list;
- int list_size;
- struct berval bv;
- char altname[NI_MAXHOST];
- size_t altnamesize;
-
- gnutls_x509_crt_t cert;
- gnutls_datum_t *x;
- const char *name;
- char *ptr;
- char *domain = NULL;
-#ifdef LDAP_PF_INET6
- struct in6_addr addr;
-#else
- struct in_addr addr;
-#endif
- int n, len1 = 0, len2 = 0;
- int ntype = IS_DNS;
- time_t now = time(0);
-
- if( ldap_int_hostname &&
- ( !name_in || !strcasecmp( name_in, "localhost" ) ) )
- {
- name = ldap_int_hostname;
- } else {
- name = name_in;
- }
-
- peer_cert_list = gnutls_certificate_get_peers( session->session,
- &list_size );
- if ( !peer_cert_list ) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: unable to get peer certificate.\n",
- 0, 0, 0 );
- /* If this was a fatal condition, things would have
- * aborted long before now.
- */
- return LDAP_SUCCESS;
- }
- ret = gnutls_x509_crt_init( &cert );
- if ( ret < 0 )
- return LDAP_LOCAL_ERROR;
- ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
- if ( ret ) {
- gnutls_x509_crt_deinit( cert );
- return LDAP_LOCAL_ERROR;
- }
-
-#ifdef LDAP_PF_INET6
- if (name[0] == '[' && strchr(name, ']')) {
- char *n2 = ldap_strdup(name+1);
- *strchr(n2, ']') = 0;
- if (inet_pton(AF_INET6, n2, &addr))
- ntype = IS_IP6;
- LDAP_FREE(n2);
- } else
-#endif
- if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
- if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
- }
-
- if (ntype == IS_DNS) {
- len1 = strlen(name);
- domain = strchr(name, '.');
- if (domain) {
- len2 = len1 - (domain-name);
- }
- }
-
- for ( i=0, ret=0; ret >= 0; i++ ) {
- altnamesize = sizeof(altname);
- ret = gnutls_x509_crt_get_subject_alt_name( cert, i,
- altname, &altnamesize, NULL );
- if ( ret < 0 ) break;
-
- /* ignore empty */
- if ( altnamesize == 0 ) continue;
-
- if ( ret == GNUTLS_SAN_DNSNAME ) {
- if (ntype != IS_DNS) continue;
-
- /* Is this an exact match? */
- if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
- break;
- }
-
- /* Is this a wildcard match? */
- if (domain && (altname[0] == '*') && (altname[1] == '.') &&
- (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
- {
- break;
- }
- } else if ( ret == GNUTLS_SAN_IPADDRESS ) {
- if (ntype == IS_DNS) continue;
-
-#ifdef LDAP_PF_INET6
- if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
- continue;
- } else
-#endif
- if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
- continue;
- }
- if (!memcmp(altname, &addr, altnamesize)) {
- break;
- }
- }
- }
- if ( ret >= 0 ) {
- ret = LDAP_SUCCESS;
- } else {
- altnamesize = sizeof(altname);
- ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
- 0, 0, altname, &altnamesize );
- if ( ret < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: unable to get common name from peer certificate.\n",
- 0, 0, 0 );
- ret = LDAP_CONNECT_ERROR;
- if ( ld->ld_error ) {
- LDAP_FREE( ld->ld_error );
- }
- ld->ld_error = LDAP_STRDUP(
- _("TLS: unable to get CN from peer certificate"));
-
- } else {
- ret = LDAP_LOCAL_ERROR;
- if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
- ret = LDAP_SUCCESS;
-
- } else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
- /* Is this a wildcard match? */
- if( domain &&
- (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
- ret = LDAP_SUCCESS;
- }
- }
- }
-
- if( ret == LDAP_LOCAL_ERROR ) {
- altname[altnamesize] = '\0';
- Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
- "common name in certificate (%s).\n",
- name, altname, 0 );
- ret = LDAP_CONNECT_ERROR;
- if ( ld->ld_error ) {
- LDAP_FREE( ld->ld_error );
- }
- ld->ld_error = LDAP_STRDUP(
- _("TLS: hostname does not match CN in peer certificate"));
- }
- }
- gnutls_x509_crt_deinit( cert );
- return ret;
-#endif
+ return LDAP_SUCCESS;
}
static int
@@ -525,16 +1776,41 @@
* TLS support for LBER Sockbufs
*/
-struct tls_data {
- tlsm_session *session;
- Sockbuf_IO_Desc *sbiod;
-};
+static PRStatus PR_CALLBACK
+tlsm_PR_Close(PRFileDesc *fd)
+{
+ int rc = PR_SUCCESS;
+ /* we don't need to actually close anything here, just
+ pop our io layer off the stack */
+ fd->secret = NULL; /* must have been freed before calling PR_Close */
+ if ( fd->lower ) {
+ fd = PR_PopIOLayer( fd, tlsm_layer_id );
+ /* if we are not the last layer, pass the close along */
+ if ( fd ) {
+ if ( fd->dtor ) {
+ fd->dtor( fd );
+ }
+ rc = fd->methods->close( fd );
+ }
+ } else {
+ /* we are the last layer - just call our dtor */
+ fd->dtor(fd);
+ }
+ return rc;
+}
+
static PRStatus PR_CALLBACK
-tlsm_PR_Close(PRFileDesc *fd)
+tlsm_PR_Shutdown(PRFileDesc *fd, PRShutdownHow how)
{
- return PR_SUCCESS;
+ int rc = PR_SUCCESS;
+
+ if ( fd->lower ) {
+ rc = PR_Shutdown( fd->lower, how );
+ }
+
+ return rc;
}
static int PR_CALLBACK
@@ -542,6 +1818,7 @@
PRIntervalTime timeout)
{
struct tls_data *p;
+ int rc;
if ( buf == NULL || len <= 0 ) return 0;
@@ -551,7 +1828,19 @@
return 0;
}
- return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+ rc = LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+ if (rc <= 0) {
+ tlsm_map_error( errno );
+ if ( errno == EAGAIN || errno == EWOULDBLOCK ) {
+ p->nonblock = PR_TRUE; /* fd is using non-blocking io */
+ } else if ( errno ) { /* real error */
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: tlsm_PR_Recv returned %d - error %d:%s\n",
+ rc, errno, STRERROR(errno) );
+ }
+ }
+
+ return rc;
}
static int PR_CALLBACK
@@ -559,6 +1848,7 @@
PRIntervalTime timeout)
{
struct tls_data *p;
+ int rc;
if ( buf == NULL || len <= 0 ) return 0;
@@ -568,7 +1858,19 @@
return 0;
}
- return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+ rc = LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+ if (rc <= 0) {
+ tlsm_map_error( errno );
+ if ( errno == EAGAIN || errno == EWOULDBLOCK ) {
+ p->nonblock = PR_TRUE;
+ } else if ( errno ) { /* real error */
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: error: tlsm_PR_Send returned %d - error %d:%s\n",
+ rc, errno, STRERROR(errno) );
+ }
+ }
+
+ return rc;
}
static int PR_CALLBACK
@@ -600,6 +1902,31 @@
}
static PRStatus PR_CALLBACK
+tlsm_PR_GetSocketOption(PRFileDesc *fd, PRSocketOptionData *data)
+{
+ struct tls_data *p;
+ p = (struct tls_data *)fd->secret;
+
+ if ( !data ) {
+ return PR_FAILURE;
+ }
+
+ /* only the nonblocking option is supported at this time
+ MozNSS SSL code needs it */
+ if ( data->option != PR_SockOpt_Nonblocking ) {
+ PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+ return PR_FAILURE;
+ }
+#ifdef HAVE_FCNTL
+ int flags = fcntl( p->sbiod->sbiod_sb->sb_fd, F_GETFL );
+ data->value.non_blocking = (flags & O_NONBLOCK) ? PR_TRUE : PR_FALSE;
+#else /* punt :P */
+ data->value.non_blocking = p->nonblock;
+#endif
+ return PR_SUCCESS;
+}
+
+static PRStatus PR_CALLBACK
tlsm_PR_prs_unimp()
{
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -654,7 +1981,7 @@
tlsm_PR_pfd_unimp, /* accept */
tlsm_PR_prs_unimp, /* bind */
tlsm_PR_prs_unimp, /* listen */
- (PRShutdownFN)tlsm_PR_Close, /* shutdown */
+ (PRShutdownFN)tlsm_PR_Shutdown, /* shutdown */
tlsm_PR_Recv, /* recv */
tlsm_PR_Send, /* send */
tlsm_PR_i32_unimp, /* recvfrom */
@@ -666,7 +1993,7 @@
tlsm_PR_GetPeerName, /* getpeername */
tlsm_PR_i32_unimp, /* getsockopt OBSOLETE */
tlsm_PR_i32_unimp, /* setsockopt OBSOLETE */
- tlsm_PR_i32_unimp, /* getsocketoption */
+ tlsm_PR_GetSocketOption, /* getsocketoption */
tlsm_PR_i32_unimp, /* setsocketoption */
tlsm_PR_i32_unimp, /* Send a (partial) file with header/trailer*/
(PRConnectcontinueFN)tlsm_PR_prs_unimp, /* connectcontinue */
@@ -676,7 +2003,21 @@
tlsm_PR_i32_unimp /* reserved for future use */
};
+/*
+ * Initialize TLS subsystem. Should be called only once.
+ */
static int
+tlsm_init( void )
+{
+ PR_Init(0, 0, 0);
+
+ tlsm_layer_id = PR_GetUniqueIdentity( "OpenLDAP" );
+
+ /* see deferred init */
+ return 0;
+}
+
+static int
tlsm_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
{
struct tls_data *p;
@@ -746,10 +2087,10 @@
return 1;
} else if ( opt == LBER_SB_OPT_DATA_READY ) {
- PRPollDesc pd = { p->session, PR_POLL_READ, 0 };
- if( PR_Poll( &pd, 1, 1 ) > 0 ) {
- return 1;
+ if ( tlsm_is_io_ready( p->session, PR_POLL_READ, NULL ) > 0 ) {
+ return 1;
}
+
}
return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
@@ -816,7 +2157,7 @@
tlsm_sb_close /* sbi_close */
};
-tls_impl ldap_int_moznss_impl = {
+tls_impl ldap_int_tls_impl = {
"MozNSS",
tlsm_init,
Modified: openldap/vendor/openldap-release/libraries/libldap/tls_o.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_o.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_o.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* tls_o.c - Handle tls/ssl using SSLeay or OpenSSL */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_o.c,v 1.5.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_o.c,v 1.5.2.4 2009/07/01 23:04:49 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -77,7 +77,7 @@
#ifdef LDAP_R_COMPILE
/*
- * provide mutexes for the SSLeay library.
+ * provide mutexes for the OpenSSL library.
*/
static ldap_pvt_thread_mutex_t tlso_mutexes[CRYPTO_NUM_LOCKS];
static ldap_pvt_thread_mutex_t tlso_dh_mutex;
@@ -162,7 +162,8 @@
#endif
SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
+ SSL_library_init();
+ OpenSSL_add_all_digests();
/* FIXME: mod_ssl does this */
X509V3_add_standard_extensions();
@@ -421,7 +422,7 @@
xn = X509_get_subject_name(x);
der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data;
- X509_free(x);
+ /* Don't X509_free, the session is still using it */
return 0;
}
Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* thr_stub.c - stubs for the threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.27.2.9 2009/01/22 00:00:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.27.2.10 2009/06/27 18:47:17 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -167,6 +167,14 @@
}
int
+ldap_pvt_thread_pool_retract (
+ ldap_pvt_thread_pool_t *pool,
+ ldap_pvt_thread_start_t *start_routine, void *arg )
+{
+ return(0);
+}
+
+int
ldap_pvt_thread_pool_maxthreads ( ldap_pvt_thread_pool_t *tpool, int max_threads )
{
return(0);
Modified: openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/tpool.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/libldap_r/tpool.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.52.2.15 2009/01/22 00:00:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.52.2.18 2009/06/27 17:53:02 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -234,42 +234,13 @@
LDAP_STAILQ_INSERT_TAIL(&ldap_int_thread_pool_list, pool, ltp_next);
ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
-#if 0
- /* THIS WILL NOT WORK on some systems. If the process
- * forks after starting a thread, there is no guarantee
- * that the thread will survive the fork. For example,
- * slapd forks in order to daemonize, and does so after
- * calling ldap_pvt_thread_pool_init. On some systems,
- * this initial thread does not run in the child process,
- * but ltp_open_count == 1, so two things happen:
- * 1) the first client connection fails, and 2) when
- * slapd is kill'ed, it never terminates since it waits
- * for all worker threads to exit. */
-
- /* start up one thread, just so there is one. no need to
- * lock the mutex right now, since no threads are running.
+ /* Start no threads just yet. That can break if the process forks
+ * later, as slapd does in order to daemonize. On at least POSIX,
+ * only the forking thread would survive in the child. Yet fork()
+ * can't unlock/clean up other threads' locks and data structures,
+ * unless pthread_atfork() handlers have been set up to do so.
*/
- pool->ltp_open_count++;
- SET_VARY_OPEN_COUNT(pool);
- ldap_pvt_thread_t thr;
- rc = ldap_pvt_thread_create( &thr, 1, ldap_int_thread_pool_wrapper, pool );
-
- if( rc != 0) {
- /* couldn't start one? then don't start any */
- ldap_pvt_thread_mutex_lock(&ldap_pvt_thread_pool_mutex);
- LDAP_STAILQ_REMOVE(ldap_int_thread_pool_list, pool,
- ldap_int_thread_pool_s, ltp_next);
- ldap_int_has_thread_pool = 0;
- ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
- ldap_pvt_thread_cond_destroy(&pool->ltp_pcond);
- ldap_pvt_thread_cond_destroy(&pool->ltp_cond);
- ldap_pvt_thread_mutex_destroy(&pool->ltp_mutex);
- LDAP_FREE(pool);
- return(-1);
- }
-#endif
-
*tpool = pool;
return(0);
}
@@ -373,6 +344,47 @@
return(-1);
}
+static void *
+no_task( void *ctx, void *arg )
+{
+ return NULL;
+}
+
+/* Cancel a pending task that was previously submitted.
+ * Return 1 if the task was successfully cancelled, 0 if
+ * not found, -1 for invalid parameters
+ */
+int
+ldap_pvt_thread_pool_retract (
+ ldap_pvt_thread_pool_t *tpool,
+ ldap_pvt_thread_start_t *start_routine, void *arg )
+{
+ struct ldap_int_thread_pool_s *pool;
+ ldap_int_thread_task_t *task;
+
+ if (tpool == NULL)
+ return(-1);
+
+ pool = *tpool;
+
+ if (pool == NULL)
+ return(-1);
+
+ ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
+ LDAP_STAILQ_FOREACH(task, &pool->ltp_pending_list, ltt_next.q)
+ if (task->ltt_start_routine == start_routine &&
+ task->ltt_arg == arg) {
+ /* Could LDAP_STAILQ_REMOVE the task, but that
+ * walks ltp_pending_list again to find it.
+ */
+ task->ltt_start_routine = no_task;
+ task->ltt_arg = NULL;
+ break;
+ }
+ ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
+ return task != NULL;
+}
+
/* Set max #threads. value <= 0 means max supported #threads (LDAP_MAXTHR) */
int
ldap_pvt_thread_pool_maxthreads(
@@ -626,49 +638,56 @@
ldap_pvt_thread_mutex_unlock(&ldap_pvt_thread_pool_mutex);
pool->ltp_starting--;
+ pool->ltp_active_count++;
for (;;) {
work_list = pool->ltp_work_list; /* help the compiler a bit */
task = LDAP_STAILQ_FIRST(work_list);
if (task == NULL) { /* paused or no pending tasks */
- if (pool->ltp_vary_open_count < 0) {
- /* not paused, and either finishing or too many
- * threads running (can happen if ltp_max_count
- * was reduced) so let this thread die.
- */
- break;
+ if (--(pool->ltp_active_count) < 2) {
+ /* Notify pool_pause it is the sole active thread. */
+ ldap_pvt_thread_cond_signal(&pool->ltp_pcond);
}
- /* we could check an idle timer here, and let the
- * thread die if it has been inactive for a while.
- * only die if there are other open threads (i.e.,
- * always have at least one thread open). the check
- * should be like this:
- * if (pool->ltp_open_count > 1 && pool->ltp_starting == 0)
- * check timer, wait if ltp_pause, leave thread (break;)
- *
- * Just use pthread_cond_timedwait if we want to
- * check idle time.
- */
+ do {
+ if (pool->ltp_vary_open_count < 0) {
+ /* Not paused, and either finishing or too many
+ * threads running (can happen if ltp_max_count
+ * was reduced). Let this thread die.
+ */
+ goto done;
+ }
- ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
- continue;
+ /* We could check an idle timer here, and let the
+ * thread die if it has been inactive for a while.
+ * Only die if there are other open threads (i.e.,
+ * always have at least one thread open).
+ * The check should be like this:
+ * if (pool->ltp_open_count>1 && pool->ltp_starting==0)
+ * check timer, wait if ltp_pause, leave thread;
+ *
+ * Just use pthread_cond_timedwait() if we want to
+ * check idle time.
+ */
+ ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
+
+ work_list = pool->ltp_work_list;
+ task = LDAP_STAILQ_FIRST(work_list);
+ } while (task == NULL);
+
+ pool->ltp_active_count++;
}
LDAP_STAILQ_REMOVE_HEAD(work_list, ltt_next.q);
pool->ltp_pending_count--;
- pool->ltp_active_count++;
ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
task->ltt_start_routine(&ctx, task->ltt_arg);
ldap_pvt_thread_mutex_lock(&pool->ltp_mutex);
LDAP_SLIST_INSERT_HEAD(&pool->ltp_free_list, task, ltt_next.l);
- pool->ltp_active_count--;
- /* let pool_pause know when it is the sole active thread */
- if (pool->ltp_active_count < 2)
- ldap_pvt_thread_cond_signal(&pool->ltp_pcond);
}
+ done:
assert(!pool->ltp_pause); /* thread_keys writable, ltp_open_count >= 0 */
Modified: openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* getpeereid.c */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.24.2.5 2009/01/22 00:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.24.2.6 2009/04/29 01:49:55 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -14,6 +14,10 @@
* <http://www.OpenLDAP.org/license.html>.
*/
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1 /* Needed for glibc struct ucred */
+#endif
+
#include "portable.h"
#ifndef HAVE_GETPEEREID
Modified: openldap/vendor/openldap-release/libraries/liblutil/ldif.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ldif.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblutil/ldif.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldif.c - routines for dealing with LDIF files */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.15.2.7 2009/01/22 00:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.15.2.8 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -780,7 +780,8 @@
#define LDIF_MAXLINE 4096
/*
- * ldif_read_record - read an ldif record. Return 1 for success, 0 for EOF.
+ * ldif_read_record - read an ldif record. Return 1 for success, 0 for EOF,
+ * -1 for error.
*/
int
ldif_read_record(
@@ -882,7 +883,7 @@
*/
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_read_record: include %s failed\n"), ptr );
- return 0;
+ return -1;
}
}
}
Modified: openldap/vendor/openldap-release/libraries/liblutil/passfile.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passfile.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblutil/passfile.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.8.2.4 2009/01/22 00:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.8.2.5 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -62,7 +62,7 @@
}
#endif /* HAVE_FSTAT */
- passwd->bv_val = (char *) malloc( passwd->bv_len + 1 );
+ passwd->bv_val = (char *) ber_memalloc( passwd->bv_len + 1 );
if( passwd->bv_val == NULL ) {
perror( filename );
return -1;
@@ -73,10 +73,10 @@
do {
if( nleft == 0 ) {
/* double the buffer size */
- char *p = (char *) realloc( passwd->bv_val,
+ char *p = (char *) ber_memrealloc( passwd->bv_val,
2 * passwd->bv_len + 1 );
if( p == NULL ) {
- free( passwd->bv_val );
+ ber_memfree( passwd->bv_val );
passwd->bv_val = NULL;
passwd->bv_len = 0;
return -1;
@@ -89,7 +89,7 @@
nr = fread( &passwd->bv_val[nread], 1, nleft, f );
if( nr < nleft && ferror( f ) ) {
- free( passwd->bv_val );
+ ber_memfree( passwd->bv_val );
passwd->bv_val = NULL;
passwd->bv_len = 0;
return -1;
Modified: openldap/vendor/openldap-release/libraries/liblutil/passwd.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passwd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblutil/passwd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.104.2.6 2009/01/22 00:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.104.2.8 2009/07/06 19:31:49 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -34,7 +34,25 @@
#include <ac/unistd.h>
#if defined(SLAPD_LMHASH)
+#if defined(HAVE_OPENSSL)
# include <openssl/des.h>
+
+
+typedef des_cblock des_key;
+typedef des_cblock des_data_block;
+typedef des_key_schedule des_context;
+#define des_failed(encrypted) 0
+#define des_finish(key, schedule)
+
+#elif defined(HAVE_MOZNSS)
+# include <pk11pub.h>
+typedef PK11SymKey *des_key;
+typedef unsigned char des_data_block[8];
+typedef PK11Context *des_context[1];
+#define DES_ENCRYPT CKA_ENCRYPT
+
+#endif
+
#endif /* SLAPD_LMHASH */
#include <ac/param.h>
@@ -632,6 +650,106 @@
}
#ifdef SLAPD_LMHASH
+
+#if defined(HAVE_OPENSSL)
+
+/*
+ * abstract away setting the parity.
+ */
+static void
+des_set_key_and_parity( des_key *key, unsigned char *keyData)
+{
+ memcpy(key, keyData, 8);
+ des_set_odd_parity( key );
+}
+
+
+#elif defined(HAVE_MOZNSS)
+
+/*
+ * implement MozNSS wrappers for the openSSL calls
+ */
+static void
+des_set_key_and_parity( des_key *key, unsigned char *keyData)
+{
+ SECItem keyDataItem;
+ PK11SlotInfo *slot;
+ *key = NULL;
+
+ keyDataItem.data = keyData;
+ keyDataItem.len = 8;
+
+ slot = PK11_GetBestSlot(CKM_DES_ECB, NULL);
+ if (slot == NULL) {
+ return;
+ }
+
+ /* NOTE: this will not work in FIPS mode. In order to make lmhash
+ * work in fips mode we need to define a LMHASH pbe mechanism and
+ * do the fulll key derivation inside the token */
+ *key = PK11_ImportSymKey(slot, CKM_DES_ECB, PK11_OriginGenerated,
+ CKA_ENCRYPT, &keyDataItem, NULL);
+}
+
+static void
+des_set_key_unchecked( des_key *key, des_context ctxt )
+{
+ ctxt[0] = NULL;
+
+ /* handle error conditions from previous call */
+ if (!*key) {
+ return;
+ }
+
+ ctxt[0] = PK11_CreateContextBySymKey(CKM_DES_ECB, CKA_ENCRYPT, *key, NULL);
+}
+
+static void
+des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted,
+ des_context ctxt, int op)
+{
+ SECStatus rv;
+ int size;
+
+ if (ctxt[0] == NULL) {
+ /* need to fail here... */
+ memset(encrypted, 0, sizeof(des_data_block));
+ return;
+ }
+ rv = PK11_CipherOp(ctxt[0], (unsigned char *)&encrypted[0],
+ &size, sizeof(des_data_block),
+ (unsigned char *)&plain[0], sizeof(des_data_block));
+ if (rv != SECSuccess) {
+ /* signal failure */
+ memset(encrypted, 0, sizeof(des_data_block));
+ return;
+ }
+ return;
+}
+
+static int
+des_failed(des_data_block *encrypted)
+{
+ static const des_data_block zero = { 0 };
+ return memcmp(encrypted, zero, sizeof(zero)) == 0;
+}
+
+static void
+des_finish(des_key *key, des_context ctxt)
+{
+ if (*key) {
+ PK11_FreeSymKey(*key);
+ *key = NULL;
+ }
+ if (ctxt[0]) {
+ PK11_Finalize(ctxt[0]);
+ PK11_DestroyContext(ctxt[0], PR_TRUE);
+ ctxt[0] = NULL;
+ }
+}
+
+#endif
+
/* pseudocode from RFC2433
* A.2 LmPasswordHash()
*
@@ -692,10 +810,10 @@
static void lmPasswd_to_key(
const char *lmPasswd,
- des_cblock *key)
+ des_key *key)
{
const unsigned char *lpw = (const unsigned char *) lmPasswd;
- unsigned char *k = (unsigned char *) key;
+ unsigned char k[8];
/* make room for parity bits */
k[0] = lpw[0];
@@ -707,7 +825,7 @@
k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6);
k[7] = ((lpw[6] & 0x7F) << 1);
- des_set_odd_parity( key );
+ des_set_key_and_parity( key, k );
}
static int chk_lanman(
@@ -718,10 +836,10 @@
{
ber_len_t i;
char UcasePassword[15];
- des_cblock key;
- des_key_schedule schedule;
- des_cblock StdText = "KGS!@#$%";
- des_cblock PasswordHash1, PasswordHash2;
+ des_key key;
+ des_context schedule;
+ des_data_block StdText = "KGS!@#$%";
+ des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33], storedPasswordHash[33];
for( i=0; i<cred->bv_len; i++) {
@@ -741,10 +859,19 @@
lmPasswd_to_key( UcasePassword, &key );
des_set_key_unchecked( &key, schedule );
des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
+
+ if (des_failed(&PasswordHash1)) {
+ return LUTIL_PASSWD_ERR;
+ }
lmPasswd_to_key( &UcasePassword[7], &key );
des_set_key_unchecked( &key, schedule );
des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
+ if (des_failed(&PasswordHash2)) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ des_finish( &key, schedule );
sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
@@ -1005,10 +1132,10 @@
ber_len_t i;
char UcasePassword[15];
- des_cblock key;
- des_key_schedule schedule;
- des_cblock StdText = "KGS!@#$%";
- des_cblock PasswordHash1, PasswordHash2;
+ des_key key;
+ des_context schedule;
+ des_data_block StdText = "KGS!@#$%";
+ des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33];
for( i=0; i<passwd->bv_len; i++) {
@@ -1107,7 +1234,7 @@
int lutil_salt_format(const char *format)
{
#ifdef SLAPD_CRYPT
- free( salt_format );
+ ber_memfree( salt_format );
salt_format = format != NULL ? ber_strdup( format ) : NULL;
#endif
Modified: openldap/vendor/openldap-release/libraries/liblutil/utils.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/utils.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/liblutil/utils.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.23 2009/01/22 00:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.24 2009/04/29 01:48:30 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -466,6 +466,40 @@
#endif
#ifdef _MSC_VER
+/* Equivalent of MS CRT's _dosmaperr().
+ * @param lastError[in] Result of GetLastError().
+ */
+static errno_t win2errno(DWORD lastError)
+{
+ const struct {
+ DWORD windows_code;
+ errno_t errno_code;
+ } WIN2ERRNO_TABLE[] = {
+ { ERROR_SUCCESS, 0 },
+ { ERROR_FILE_NOT_FOUND, ENOENT },
+ { ERROR_PATH_NOT_FOUND, ENOENT },
+ { ERROR_TOO_MANY_OPEN_FILES, EMFILE },
+ { ERROR_ACCESS_DENIED, EACCES },
+ { ERROR_INVALID_HANDLE, EBADF },
+ { ERROR_NOT_ENOUGH_MEMORY, ENOMEM },
+ { ERROR_LOCK_VIOLATION, EACCES },
+ { ERROR_FILE_EXISTS, EEXIST },
+ { ERROR_INVALID_PARAMETER, EINVAL },
+ { ERROR_FILENAME_EXCED_RANGE, ENAMETOOLONG },
+ };
+ const unsigned int WIN2ERRNO_TABLE_SIZE = sizeof(WIN2ERRNO_TABLE) /
+sizeof(WIN2ERRNO_TABLE[0]);
+ const errno_t DEFAULT_ERRNO_ERROR = -1;
+ unsigned int i;
+
+ for (i = 0; i < WIN2ERRNO_TABLE_SIZE; ++i) {
+ if (WIN2ERRNO_TABLE[i].windows_code == lastError) {
+ return WIN2ERRNO_TABLE[i].errno_code;
+ }
+ }
+ return DEFAULT_ERRNO_ERROR;
+}
+
struct dirent {
char *d_name;
};
@@ -483,8 +517,10 @@
HANDLE h;
WIN32_FIND_DATA data;
- if (len+3 >= sizeof(tmp))
+ if (len+3 >= sizeof(tmp)) {
+ errno = ENAMETOOLONG;
return NULL;
+ }
strcpy(tmp, path);
tmp[len++] = '\\';
@@ -492,9 +528,11 @@
tmp[len] = '\0';
h = FindFirstFile( tmp, &data );
-
- if ( h == INVALID_HANDLE_VALUE )
+
+ if ( h == INVALID_HANDLE_VALUE ) {
+ errno = win2errno( GetLastError());
return NULL;
+ }
d = ber_memalloc( sizeof(DIR) );
if ( !d )
@@ -518,7 +556,7 @@
}
return &dir->data;
}
-void closedir(DIR *dir)
+int closedir(DIR *dir)
{
FindClose(dir->dir);
ber_memfree(dir);
Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.20.2.4 2009/01/22 00:00:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.20.2.5 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -39,6 +39,13 @@
#include <rewrite.h>
+#define malloc(x) ber_memalloc(x)
+#define calloc(x,y) ber_memcalloc(x,y)
+#define realloc(x,y) ber_memrealloc(x,y)
+#define free(x) ber_memfree(x)
+#undef strdup
+#define strdup(x) ber_strdup(x)
+
/* Uncomment to use ldap pvt threads */
#define USE_REWRITE_LDAP_PVT_THREADS
#include <ldap_pvt_thread.h>
Modified: openldap/vendor/openldap-release/servers/slapd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/Makefile.in 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/Makefile.in 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
## Makefile.in for slapd
-# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.186.2.7 2009/01/22 00:00:59 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.186.2.8 2009/06/02 22:36:17 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -13,7 +13,7 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
-SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl
+SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl slapschema
PROGRAMS=slapd $(SLAPTOOLS)
XPROGRAMS=sslapd libbackends.a .backend liboverlays.a
XSRCS=version.c
@@ -38,7 +38,7 @@
backglue.c backover.c ctxcsn.c ldapsync.c frontend.c \
slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \
slappasswd.c slaptest.c slapauth.c slapacl.c component.c \
- aci.c alock.c txn.c \
+ aci.c alock.c txn.c slapschema.c \
$(@PLAT at _SRCS)
OBJS = main.o globals.o bconfig.o config.o daemon.o \
@@ -56,7 +56,7 @@
backglue.o backover.o ctxcsn.o ldapsync.o frontend.o \
slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \
slappasswd.o slaptest.o slapauth.o slapacl.o component.o \
- aci.o alock.o txn.o \
+ aci.o alock.o txn.o slapschema.o \
$(@PLAT at _OBJS)
LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
Modified: openldap/vendor/openldap-release/servers/slapd/abandon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/abandon.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/abandon.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* abandon.c - decode and handle an ldap abandon operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.52.2.5 2009/01/22 00:00:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.52.2.7 2009/06/04 23:19:18 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -36,6 +36,7 @@
{
ber_int_t id;
Operation *o;
+ const char *msg;
Debug( LDAP_DEBUG_TRACE, "%s do_abandon\n",
op->o_log_prefix, 0, 0 );
@@ -72,28 +73,21 @@
}
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- /*
- * find the operation being abandoned and set the o_abandon
- * flag. It's up to the backend to periodically check this
- * flag and abort the operation at a convenient time.
- */
+ /* Find the operation being abandoned. */
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
if ( o->o_msgid == id ) {
- o->o_abandon = 1;
break;
}
}
- if ( o ) {
- op->orn_msgid = id;
-
- op->o_bd = frontendDB;
- rs->sr_err = frontendDB->be_abandon( op, rs );
-
- } else {
+ if ( o == NULL ) {
+ msg = "not found";
+ /* The operation is not active. Just discard it if found. */
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
if ( o->o_msgid == id ) {
+ msg = "discarded";
+ /* FIXME: This traverses c_pending_ops yet again. */
LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops,
o, Operation, o_next );
LDAP_STAILQ_NEXT(o, o_next) = NULL;
@@ -102,13 +96,35 @@
break;
}
}
+
+ } else if ( o->o_tag == LDAP_REQ_BIND
+ || o->o_tag == LDAP_REQ_UNBIND
+ || o->o_tag == LDAP_REQ_ABANDON ) {
+ msg = "cannot be abandoned";
+
+#if 0 /* Would break o_abandon used as "suppress response" flag, ITS#6138 */
+ } else if ( o->o_abandon ) {
+ msg = "already being abandoned";
+#endif
+
+ } else {
+ msg = "found";
+ /* Set the o_abandon flag in the to-be-abandoned operation.
+ * The backend can periodically check this flag and abort the
+ * operation at a convenient time. However it should "send"
+ * the response anyway, with result code SLAPD_ABANDON.
+ * The functions in result.c will intercept the message.
+ */
+ o->o_abandon = 1;
+ op->orn_msgid = id;
+ op->o_bd = frontendDB;
+ rs->sr_err = frontendDB->be_abandon( op, rs );
}
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- Debug( LDAP_DEBUG_TRACE, "%s do_abandon: op=%ld %sfound\n",
- op->o_log_prefix,
- (long) id, o ? "" : "not " );
+ Debug( LDAP_DEBUG_TRACE, "%s do_abandon: op=%ld %s\n",
+ op->o_log_prefix, (long) id, msg );
return rs->sr_err;
}
Modified: openldap/vendor/openldap-release/servers/slapd/aclparse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/aclparse.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/aclparse.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* aclparse.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.198.2.9 2009/01/22 00:00:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.198.2.10 2009/06/27 18:00:32 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -851,16 +851,6 @@
}
}
- /* expand in <who> needs regex in <what> */
- if ( ( sty == ACL_STYLE_EXPAND || expand )
- && a->acl_dn_style != ACL_STYLE_REGEX )
- {
- Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: \"expand\" style "
- "or modifier used in conjunction with a non-regex <what> clause.\n",
- fname, lineno, 0 );
- goto fail;
- }
-
if ( strncasecmp( left, "real", STRLENOF( "real" ) ) == 0 ) {
is_realdn = 1;
bdn = &b->a_realdn;
Modified: openldap/vendor/openldap-release/servers/slapd/alock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/alock.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/alock.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* alock.c - access lock library */
-/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.5.2.10 2009/01/22 00:00:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.5.2.11 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2009 The OpenLDAP Foundation.
@@ -23,6 +23,7 @@
#if SLAPD_BDB || SLAPD_HDB
+#include <lber.h>
#include "alock.h"
#include "lutil.h"
@@ -238,8 +239,8 @@
slot_data->al_stamp = alock_read_iattr (slotbuf+16);
slot_data->al_pid = alock_read_iattr (slotbuf+24);
- if (slot_data->al_appname) free (slot_data->al_appname);
- slot_data->al_appname = calloc (1, ALOCK_MAX_APPNAME);
+ if (slot_data->al_appname) ber_memfree (slot_data->al_appname);
+ slot_data->al_appname = ber_memcalloc (1, ALOCK_MAX_APPNAME);
if (slot_data->al_appname == NULL) {
return -1;
}
@@ -306,7 +307,7 @@
(void) memset ((void *) &slot_data, 0, sizeof (alock_slot_t));
alock_read_slot (info, &slot_data);
- if (slot_data.al_appname != NULL) free (slot_data.al_appname);
+ if (slot_data.al_appname != NULL) ber_memfree (slot_data.al_appname);
slot_data.al_appname = NULL;
nosave = slot_data.al_lock & ALOCK_NOSAVE;
@@ -349,24 +350,24 @@
slot_data.al_lock = locktype;
slot_data.al_stamp = time(NULL);
slot_data.al_pid = getpid();
- slot_data.al_appname = calloc (1, ALOCK_MAX_APPNAME);
+ slot_data.al_appname = ber_memcalloc (1, ALOCK_MAX_APPNAME);
if (slot_data.al_appname == NULL) {
return ALOCK_UNSTABLE;
}
strncpy (slot_data.al_appname, appname, ALOCK_MAX_APPNAME-1);
slot_data.al_appname [ALOCK_MAX_APPNAME-1] = '\0';
- filename = calloc (1, strlen (envdir) + strlen ("/alock") + 1);
+ filename = ber_memcalloc (1, strlen (envdir) + strlen ("/alock") + 1);
if (filename == NULL ) {
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
ptr = lutil_strcopy(filename, envdir);
lutil_strcopy(ptr, "/alock");
info->al_fd = open (filename, O_CREAT|O_RDWR, 0666);
- free (filename);
+ ber_memfree (filename);
if (info->al_fd < 0) {
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
info->al_slot = 0;
@@ -374,14 +375,14 @@
res = alock_grab_lock (info->al_fd, 0);
if (res == -1) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
res = fstat (info->al_fd, &statbuf);
if (res == -1) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
@@ -410,7 +411,7 @@
} else if (res == ALOCK_UNIQUE
&& locktype == ALOCK_UNIQUE) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_BUSY;
} else if (res == ALOCK_DIRTY) {
@@ -418,7 +419,7 @@
} else if (res == -1) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
@@ -427,7 +428,7 @@
if (dirty_count && live_count) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
@@ -436,11 +437,11 @@
info->al_slot);
if (res == -1) {
close (info->al_fd);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
res = alock_write_slot (info, &slot_data);
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
if (res == -1) {
close (info->al_fd);
return ALOCK_UNSTABLE;
@@ -549,7 +550,7 @@
if (res == -1) {
close (info->al_fd);
if (slot_data.al_appname != NULL)
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
slot_data.al_lock = ALOCK_UNLOCKED;
@@ -559,11 +560,11 @@
if (res == -1) {
close (info->al_fd);
if (slot_data.al_appname != NULL)
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
if (slot_data.al_appname != NULL) {
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
slot_data.al_appname = NULL;
}
@@ -635,11 +636,11 @@
if (res == -1) {
close (info->al_fd);
if (slot_data.al_appname != NULL)
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
return ALOCK_UNSTABLE;
}
if (slot_data.al_appname != NULL) {
- free (slot_data.al_appname);
+ ber_memfree (slot_data.al_appname);
slot_data.al_appname = NULL;
}
Modified: openldap/vendor/openldap-release/servers/slapd/at.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/at.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/at.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* at.c - routines for dealing with attribute types */
-/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.84.2.9 2009/01/22 00:00:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.84.2.10 2009/03/17 17:11:57 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -1080,10 +1080,10 @@
freeit = 1;
} else {
- ldap_attributetype_free( at );
Debug( LDAP_DEBUG_ANY,
"register_at: AttributeType \"%s\": %s, %s\n",
def, scherr2str(code), err );
+ ldap_attributetype_free( at );
return code;
}
}
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* add.c - ldap BerkeleyDB back-end add routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.152.2.16 2009/02/05 19:35:54 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.152.2.17 2009/03/05 18:40:00 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -50,7 +50,7 @@
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0);
+ op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
@@ -93,7 +93,7 @@
ctrls[num_ctrls] = 0;
/* check entry's schema */
- rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
+ rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
@@ -119,7 +119,7 @@
goto return_results;
}
- subentry = is_entry_subentry( op->oq_add.rs_e );
+ subentry = is_entry_subentry( op->ora_e );
/* Get our reader TXN */
rs->sr_err = bdb_reader_get( op, bdb->bi_dbenv, &rtxn );
@@ -172,10 +172,10 @@
/*
* Get the parent dn and see if the corresponding entry exists.
*/
- if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
+ if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
- dnParent( &op->oq_add.rs_e->e_nname, &pdn );
+ dnParent( &op->ora_e->e_nname, &pdn );
}
/* get entry or parent */
@@ -209,7 +209,8 @@
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
- bdb_unlocked_cache_return_entry_r( bdb, p );
+ if ( p != (Entry *)&slap_entry_root )
+ bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent "
@@ -230,6 +231,10 @@
goto retry;
}
+ if ( p != (Entry *)&slap_entry_root )
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
+
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to parent\n",
0, 0, 0 );
@@ -240,6 +245,8 @@
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is subentry\n",
@@ -250,6 +257,8 @@
}
if ( is_entry_alias( p ) ) {
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is alias\n",
@@ -288,7 +297,7 @@
}
p = NULL;
- rs->sr_err = access_allowed( op, op->oq_add.rs_e,
+ rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
@@ -334,7 +343,7 @@
rs->sr_text = "internal error";
goto return_results;
}
- op->oq_add.rs_e->e_id = eid;
+ op->ora_e->e_id = eid;
}
/* nested transaction */
@@ -351,7 +360,7 @@
}
/* dn2id index */
- rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->oq_add.rs_e );
+ rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
@@ -371,7 +380,7 @@
}
/* attribute indexes */
- rs->sr_err = bdb_index_entry_add( op, lt2, op->oq_add.rs_e );
+ rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
@@ -388,7 +397,7 @@
}
/* id2entry index */
- rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->oq_add.rs_e );
+ rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
@@ -416,7 +425,7 @@
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
- if ( slap_read_controls( op, rs, op->oq_add.rs_e,
+ if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
@@ -475,7 +484,7 @@
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
- op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+ op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* attr.c - backend routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.36.2.8 2009/01/22 00:01:04 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.36.2.9 2009/07/06 19:13:32 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -319,15 +319,20 @@
if( rc ) {
if ( bdb->bi_flags & BDB_IS_OPEN ) {
AttrInfo *b = bdb_attr_mask( bdb, ad );
- /* If we were editing this attr, reset it */
- b->ai_indexmask &= ~BDB_INDEX_DELETING;
- /* If this is leftover from a previous add, commit it */
- if ( b->ai_newmask )
- b->ai_indexmask = b->ai_newmask;
- b->ai_newmask = a->ai_newmask;
- ch_free( a );
- rc = 0;
- continue;
+ /* If there is already an index defined for this attribute
+ * it must be replaced. Otherwise we end up with multiple
+ * olcIndex values for the same attribute */
+ if ( b->ai_indexmask & BDB_INDEX_DELETING ) {
+ /* If we were editing this attr, reset it */
+ b->ai_indexmask &= ~BDB_INDEX_DELETING;
+ /* If this is leftover from a previous add, commit it */
+ if ( b->ai_newmask )
+ b->ai_indexmask = b->ai_newmask;
+ b->ai_newmask = a->ai_newmask;
+ ch_free( a );
+ rc = 0;
+ continue;
+ }
}
if (c_reply) {
snprintf(c_reply->msg, sizeof(c_reply->msg),
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* back-bdb.h - bdb back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.141.2.19 2009/01/22 00:01:04 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.141.2.21 2009/05/08 16:37:41 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.120.2.20 2009/01/26 20:23:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.120.2.31 2009/06/19 21:55:57 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -38,6 +38,7 @@
#define SLAPD_UNUSED
#ifdef SLAPD_UNUSED
static void bdb_lru_print(Cache *cache);
+static void bdb_idtree_print(Cache *cache);
#endif
#endif
@@ -64,6 +65,7 @@
ei = cache->c_eifree;
cache->c_eifree = ei->bei_lrunext;
ei->bei_finders = 0;
+ ei->bei_lrunext = NULL;
}
ldap_pvt_thread_mutex_unlock( &cache->c_eifree_mutex );
}
@@ -81,10 +83,10 @@
bdb_cache_entryinfo_free( Cache *cache, EntryInfo *ei )
{
free( ei->bei_nrdn.bv_val );
- ei->bei_nrdn.bv_val = NULL;
+ BER_BVZERO( &ei->bei_nrdn );
#ifdef BDB_HIER
free( ei->bei_rdn.bv_val );
- ei->bei_rdn.bv_val = NULL;
+ BER_BVZERO( &ei->bei_rdn );
ei->bei_modrdns = 0;
ei->bei_ckids = 0;
ei->bei_dkids = 0;
@@ -93,10 +95,14 @@
ei->bei_kids = NULL;
ei->bei_lruprev = NULL;
+#if 0
ldap_pvt_thread_mutex_lock( &cache->c_eifree_mutex );
ei->bei_lrunext = cache->c_eifree;
cache->c_eifree = ei;
ldap_pvt_thread_mutex_unlock( &cache->c_eifree_mutex );
+#else
+ ch_free( ei );
+#endif
}
#define LRU_DEL( c, e ) do { \
@@ -333,8 +339,8 @@
ei2 = bdb_cache_entryinfo_new( &bdb->bi_cache );
+ bdb_cache_entryinfo_lock( ei->bei_parent );
ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
- bdb_cache_entryinfo_lock( ei->bei_parent );
ei2->bei_id = ei->bei_id;
ei2->bei_parent = ei->bei_parent;
@@ -371,13 +377,11 @@
bdb->bi_cache.c_leaves++;
rc = avl_insert( &ei->bei_parent->bei_kids, ei2, bdb_rdn_cmp,
avl_dup_error );
- if ( rc ) {
- /* This should never happen; entry cache is corrupt */
- bdb->bi_dbenv->log_flush( bdb->bi_dbenv, NULL );
- assert( !rc );
+#ifdef BDB_HIER
+ /* it's possible for hdb_cache_find_parent to beat us to it */
+ if ( !rc ) {
+ ei->bei_parent->bei_ckids++;
}
-#ifdef BDB_HIER
- ei->bei_parent->bei_ckids++;
#endif
}
@@ -442,6 +446,7 @@
ei.bei_nrdn.bv_len = ndn->bv_len -
(ei.bei_nrdn.bv_val - ndn->bv_val);
+ eip->bei_finders++;
bdb_cache_entryinfo_unlock( eip );
BDB_LOG_PRINTF( bdb->bi_dbenv, NULL, "slapd Reading %s",
@@ -451,6 +456,7 @@
rc = bdb_dn2id( op, &ei.bei_nrdn, &ei, txn, &lock );
if (rc) {
bdb_cache_entryinfo_lock( eip );
+ eip->bei_finders--;
bdb_cache_entry_db_unlock( bdb, &lock );
*res = eip;
return rc;
@@ -463,6 +469,7 @@
ei.bei_nrdn.bv_len = len;
rc = bdb_entryinfo_add_internal( bdb, &ei, &ei2 );
/* add_internal left eip and c_rwlock locked */
+ eip->bei_finders--;
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
bdb_cache_entry_db_unlock( bdb, &lock );
if ( rc ) {
@@ -479,8 +486,8 @@
*res = eip;
return DB_NOTFOUND;
}
+ bdb_cache_entryinfo_lock( ei2 );
bdb_cache_entryinfo_unlock( eip );
- bdb_cache_entryinfo_lock( ei2 );
eip = ei2;
@@ -514,7 +521,7 @@
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
EntryInfo ei, eip, *ei2 = NULL, *ein = NULL, *eir = NULL;
- int rc;
+ int rc, add;
ei.bei_id = id;
ei.bei_kids = NULL;
@@ -538,67 +545,92 @@
ein->bei_bdb = bdb;
#endif
ei.bei_ckids = 0;
+ add = 1;
/* This node is not fully connected yet */
ein->bei_state |= CACHE_ENTRY_NOT_LINKED;
+ /* If this is the first time, save this node
+ * to be returned later.
+ */
+ if ( eir == NULL ) {
+ eir = ein;
+ ein->bei_finders++;
+ }
+
+again:
/* Insert this node into the ID tree */
ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
if ( avl_insert( &bdb->bi_cache.c_idtree, (caddr_t)ein,
bdb_id_cmp, bdb_id_dup_err ) ) {
EntryInfo *eix = ein->bei_lrunext;
+ if ( bdb_cache_entryinfo_trylock( eix )) {
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_yield();
+ goto again;
+ }
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+
/* Someone else created this node just before us.
* Free our new copy and use the existing one.
*/
bdb_cache_entryinfo_free( &bdb->bi_cache, ein );
- ein = eix;
-
- /* Link in any kids we've already processed */
- if ( ei2 ) {
- bdb_cache_entryinfo_lock( ein );
- avl_insert( &ein->bei_kids, (caddr_t)ei2,
- bdb_rdn_cmp, avl_dup_error );
- ein->bei_ckids++;
- bdb_cache_entryinfo_unlock( ein );
+
+ /* if it was the node we were looking for, just return it */
+ if ( eir == ein ) {
+ *res = eix;
+ rc = 0;
+ break;
}
+
+ ein = ei2;
+ ei2 = eix;
+ add = 0;
+
+ /* otherwise, link up what we have and return */
+ goto gotparent;
}
- /* If this is the first time, save this node
- * to be returned later.
- */
- if ( eir == NULL ) eir = ein;
-
/* If there was a previous node, link it to this one */
if ( ei2 ) ei2->bei_parent = ein;
/* Look for this node's parent */
+par2:
if ( eip.bei_id ) {
ei2 = (EntryInfo *) avl_find( bdb->bi_cache.c_idtree,
(caddr_t) &eip, bdb_id_cmp );
} else {
ei2 = &bdb->bi_cache.c_dntree;
}
- bdb->bi_cache.c_eiused++;
+ if ( ei2 && bdb_cache_entryinfo_trylock( ei2 )) {
+ ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_yield();
+ ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ goto par2;
+ }
+ if ( add )
+ bdb->bi_cache.c_eiused++;
if ( ei2 && ( ei2->bei_kids || !ei2->bei_id ))
- bdb->bi_cache.c_leaves++;
+ bdb->bi_cache.c_leaves++;
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+gotparent:
/* Got the parent, link in and we're done. */
if ( ei2 ) {
bdb_cache_entryinfo_lock( eir );
- bdb_cache_entryinfo_lock( ei2 );
ein->bei_parent = ei2;
- avl_insert( &ei2->bei_kids, (caddr_t)ein, bdb_rdn_cmp,
- avl_dup_error);
- ei2->bei_ckids++;
+ if ( avl_insert( &ei2->bei_kids, (caddr_t)ein, bdb_rdn_cmp,
+ avl_dup_error) == 0 )
+ ei2->bei_ckids++;
/* Reset all the state info */
for (ein = eir; ein != ei2; ein=ein->bei_parent)
ein->bei_state &= ~CACHE_ENTRY_NOT_LINKED;
bdb_cache_entryinfo_unlock( ei2 );
+ eir->bei_finders--;
*res = eir;
break;
@@ -658,6 +690,10 @@
DB_LOCK lock, *lockp;
EntryInfo *elru, *elnext = NULL;
int count, islocked, eimax;
+ int efree = 0, eifree = 0, eicount, ecount;
+#ifdef LDAP_DEBUG
+ int iter;
+#endif
/* Wait for the mutex; we're the only one trying to purge. */
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
@@ -670,8 +706,19 @@
else
eimax = bdb->bi_cache.c_eimax;
- if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize &&
- bdb->bi_cache.c_leaves <= eimax ) {
+ efree = bdb->bi_cache.c_cursize - bdb->bi_cache.c_maxsize;
+ if ( efree < 1 )
+ efree = 0;
+ else
+ efree += bdb->bi_cache.c_minfree;
+
+ if ( bdb->bi_cache.c_leaves > eimax ) {
+ eifree = bdb->bi_cache.c_minfree * 10;
+ if ( eifree >= eimax )
+ eifree = eimax / 2;
+ }
+
+ if ( !efree && !eifree ) {
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
bdb->bi_cache.c_purging = 0;
return;
@@ -684,6 +731,11 @@
}
count = 0;
+ eicount = 0;
+ ecount = 0;
+#ifdef LDAP_DEBUG
+ iter = 0;
+#endif
/* Look for an unused entry to remove */
for ( elru = bdb->bi_cache.c_lruhead; elru; elru = elnext ) {
@@ -703,12 +755,18 @@
* or this node is being deleted, skip it.
*/
if (( elru->bei_state & ( CACHE_ENTRY_NOT_LINKED |
- CACHE_ENTRY_DELETED | CACHE_ENTRY_LOADING )) ||
+ CACHE_ENTRY_DELETED | CACHE_ENTRY_LOADING |
+ CACHE_ENTRY_ONELEVEL )) ||
elru->bei_finders > 0 ) {
bdb_cache_entryinfo_unlock( elru );
goto bottom;
}
+ if ( bdb_cache_entryinfo_trylock( elru->bei_parent )) {
+ bdb_cache_entryinfo_unlock( elru );
+ goto bottom;
+ }
+
/* entryinfo is locked */
islocked = 1;
@@ -720,8 +778,15 @@
/* Free entry for this node if it's present */
if ( elru->bei_e ) {
- if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
- count < bdb->bi_cache.c_minfree ) {
+ ecount++;
+
+ /* the cache may have gone over the limit while we
+ * weren't looking, so double check.
+ */
+ if ( !efree && ecount > bdb->bi_cache.c_maxsize )
+ efree = bdb->bi_cache.c_minfree;
+
+ if ( count < efree ) {
elru->bei_e->e_private = NULL;
#ifdef SLAP_ZONE_ALLOC
bdb_entry_return( bdb, elru->bei_e, elru->bei_zseq );
@@ -744,54 +809,44 @@
if ( elru->bei_kids ) {
/* Drop from list, we ignore it... */
LRU_DEL( &bdb->bi_cache, elru );
- } else if ( bdb->bi_cache.c_leaves > eimax ) {
+ } else if ( eicount < eifree ) {
/* Too many leaf nodes, free this one */
bdb_cache_delete_internal( &bdb->bi_cache, elru, 0 );
bdb_cache_delete_cleanup( &bdb->bi_cache, elru );
islocked = 0;
+ eicount++;
} /* Leave on list until we need to free it */
}
next:
- if ( islocked )
+ if ( islocked ) {
bdb_cache_entryinfo_unlock( elru );
+ bdb_cache_entryinfo_unlock( elru->bei_parent );
+ }
- if (( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize ||
- (unsigned) count >= bdb->bi_cache.c_minfree ) && bdb->bi_cache.c_leaves <= eimax ) {
- if ( count ) {
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
- bdb->bi_cache.c_cursize -= count;
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
- }
+ if ( count >= efree && eicount >= eifree )
break;
- }
bottom:
if ( elnext == bdb->bi_cache.c_lruhead )
break;
+#ifdef LDAP_DEBUG
+ iter++;
+#endif
}
+ if ( count || ecount > bdb->bi_cache.c_cursize ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
+ /* HACK: we seem to be losing track, fix up now */
+ if ( ecount > bdb->bi_cache.c_cursize )
+ bdb->bi_cache.c_cursize = ecount;
+ bdb->bi_cache.c_cursize -= count;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
+ }
bdb->bi_cache.c_lruhead = elnext;
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
bdb->bi_cache.c_purging = 0;
}
-EntryInfo *
-bdb_cache_find_info(
- struct bdb_info *bdb,
- ID id )
-{
- EntryInfo ei = { 0 },
- *ei2;
-
- ei.bei_id = id;
-
- ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
- ei2 = (EntryInfo *) avl_find( bdb->bi_cache.c_idtree,
- (caddr_t) &ei, bdb_id_cmp );
- ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
- return ei2;
-}
-
/*
* cache_find_id - find an entry in the cache, given id.
* The entry is locked for Read upon return. Call with flag ID_LOCKED if
@@ -825,11 +880,12 @@
if ( *eip ) {
/* If the lock attempt fails, the info is in use */
if ( bdb_cache_entryinfo_trylock( *eip )) {
+ int del = (*eip)->bei_state & CACHE_ENTRY_DELETED;
ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
/* If this node is being deleted, treat
* as if the delete has already finished
*/
- if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
+ if ( del ) {
return DB_NOTFOUND;
}
/* otherwise, wait for the info to free up */
@@ -886,6 +942,10 @@
} else {
(*eip)->bei_finders++;
(*eip)->bei_state |= CACHE_ENTRY_REFERENCED;
+ if ( flag & ID_NOENTRY ) {
+ bdb_cache_entryinfo_unlock( *eip );
+ return 0;
+ }
/* Make sure only one thread tries to load the entry */
load1:
#ifdef SLAP_ZONE_ALLOC
@@ -905,7 +965,9 @@
* loading it, i.e it is already cached or
* another thread is currently loading it.
*/
- (*eip)->bei_state &= ~CACHE_ENTRY_NOT_CACHED;
+ if ( (*eip)->bei_state & CACHE_ENTRY_NOT_CACHED ) {
+ (*eip)->bei_state &= ~CACHE_ENTRY_NOT_CACHED;
+ }
flag &= ~ID_NOCACHE;
}
@@ -917,6 +979,9 @@
if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
rc = DB_NOTFOUND;
bdb_cache_entry_db_unlock( bdb, lock );
+ bdb_cache_entryinfo_lock( *eip );
+ (*eip)->bei_finders--;
+ bdb_cache_entryinfo_unlock( *eip );
} else if ( rc == 0 ) {
if ( load ) {
if ( !ep) {
@@ -925,6 +990,8 @@
if ( rc == 0 ) {
ep->e_private = *eip;
#ifdef BDB_HIER
+ while ( (*eip)->bei_state & CACHE_ENTRY_NOT_LINKED )
+ ldap_pvt_thread_yield();
bdb_fix_dn( ep, 0 );
#endif
(*eip)->bei_e = ep;
@@ -975,12 +1042,12 @@
}
#endif
}
+ bdb_cache_entryinfo_lock( *eip );
+ (*eip)->bei_finders--;
+ if ( load )
+ (*eip)->bei_state ^= CACHE_ENTRY_LOADING;
+ bdb_cache_entryinfo_unlock( *eip );
}
- bdb_cache_entryinfo_lock( *eip );
- (*eip)->bei_finders--;
- if ( load )
- (*eip)->bei_state ^= CACHE_ENTRY_LOADING;
- bdb_cache_entryinfo_unlock( *eip );
}
}
if ( flag & ID_LOCKED ) {
@@ -997,18 +1064,20 @@
if ( rc == 0 ) {
int purge = 0;
- if ( load ) {
+ if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize ||
+ bdb->bi_cache.c_leaves > bdb->bi_cache.c_eimax ) {
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
- if ( !( flag & ID_NOCACHE )) {
- bdb->bi_cache.c_cursize++;
- if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
- !bdb->bi_cache.c_purging ) {
+ if ( !bdb->bi_cache.c_purging ) {
+ if ( load && !( flag & ID_NOCACHE )) {
+ bdb->bi_cache.c_cursize++;
+ if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize ) {
+ purge = 1;
+ bdb->bi_cache.c_purging = 1;
+ }
+ } else if ( bdb->bi_cache.c_leaves > bdb->bi_cache.c_eimax ) {
purge = 1;
bdb->bi_cache.c_purging = 1;
}
- } else if ( bdb->bi_cache.c_leaves > bdb->bi_cache.c_eimax && !bdb->bi_cache.c_purging ) {
- purge = 1;
- bdb->bi_cache.c_purging = 1;
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
}
@@ -1086,6 +1155,12 @@
if ( eip->bei_dkids ) eip->bei_dkids++;
#endif
+ if (eip->bei_parent) {
+ bdb_cache_entryinfo_lock( eip->bei_parent );
+ eip->bei_parent->bei_state &= ~CACHE_ENTRY_NO_GRANDKIDS;
+ bdb_cache_entryinfo_unlock( eip->bei_parent );
+ }
+
rc = bdb_entryinfo_add_internal( bdb, &ei, &new );
/* bdb_csn_commit can cause this when adding the database root entry */
if ( new->bei_e ) {
@@ -1100,9 +1175,6 @@
e->e_private = new;
new->bei_state |= CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
eip->bei_state &= ~CACHE_ENTRY_NO_KIDS;
- if (eip->bei_parent) {
- eip->bei_parent->bei_state &= ~CACHE_ENTRY_NO_GRANDKIDS;
- }
bdb_cache_entryinfo_unlock( eip );
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
@@ -1267,7 +1339,7 @@
DB_LOCK *lock )
{
EntryInfo *ei = BEI(e);
- int rc;
+ int rc, busy = 0;
assert( e->e_private != NULL );
@@ -1277,13 +1349,31 @@
/* Set this early, warn off any queriers */
ei->bei_state |= CACHE_ENTRY_DELETED;
+ if (( ei->bei_state & ( CACHE_ENTRY_NOT_LINKED |
+ CACHE_ENTRY_LOADING | CACHE_ENTRY_ONELEVEL )) ||
+ ei->bei_finders > 0 )
+ busy = 1;
+
bdb_cache_entryinfo_unlock( ei );
+ while ( busy ) {
+ ldap_pvt_thread_yield();
+ busy = 0;
+ bdb_cache_entryinfo_lock( ei );
+ if (( ei->bei_state & ( CACHE_ENTRY_NOT_LINKED |
+ CACHE_ENTRY_LOADING | CACHE_ENTRY_ONELEVEL )) ||
+ ei->bei_finders > 0 )
+ busy = 1;
+ bdb_cache_entryinfo_unlock( ei );
+ }
+
/* Get write lock on the data */
rc = bdb_cache_entry_db_relock( bdb, txn, ei, 1, 0, lock );
if ( rc ) {
+ bdb_cache_entryinfo_lock( ei );
/* couldn't lock, undo and give up */
ei->bei_state ^= CACHE_ENTRY_DELETED;
+ bdb_cache_entryinfo_unlock( ei );
return rc;
}
@@ -1293,7 +1383,10 @@
/* set lru mutex */
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
+ bdb_cache_entryinfo_lock( ei->bei_parent );
+ bdb_cache_entryinfo_lock( ei );
rc = bdb_cache_delete_internal( &bdb->bi_cache, e->e_private, 1 );
+ bdb_cache_entryinfo_unlock( ei );
/* free lru mutex */
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
@@ -1308,6 +1401,9 @@
{
/* Enter with ei locked */
+ /* already freed? */
+ if ( !ei->bei_parent ) return;
+
if ( ei->bei_e ) {
ei->bei_e->e_private = NULL;
#ifdef SLAP_ZONE_ALLOC
@@ -1318,8 +1414,8 @@
ei->bei_e = NULL;
}
+ bdb_cache_entryinfo_unlock( ei );
bdb_cache_entryinfo_free( cache, ei );
- bdb_cache_entryinfo_unlock( ei );
}
static int
@@ -1331,8 +1427,11 @@
int rc = 0; /* return code */
int decr_leaf = 0;
- /* Lock the parent's kids tree */
- bdb_cache_entryinfo_lock( e->bei_parent );
+ /* already freed? */
+ if ( !e->bei_parent ) {
+ assert(0);
+ return -1;
+ }
#ifdef BDB_HIER
e->bei_parent->bei_ckids--;
@@ -1343,12 +1442,11 @@
== NULL )
{
rc = -1;
+ assert(0);
}
if ( e->bei_parent->bei_kids )
decr_leaf = 1;
- bdb_cache_entryinfo_unlock( e->bei_parent );
-
ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
/* id tree */
if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp )) {
@@ -1357,8 +1455,10 @@
cache->c_leaves--;
} else {
rc = -1;
+ assert(0);
}
ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ bdb_cache_entryinfo_unlock( e->bei_parent );
if ( rc == 0 ){
/* lru */
@@ -1447,6 +1547,21 @@
break;
}
}
+
+static int
+bdb_entryinfo_print(void *data, void *arg)
+{
+ EntryInfo *e = data;
+ fprintf( stderr, "\t%p, %p id %ld rdn \"%s\"\n",
+ (void *) e, (void *) e->bei_e, e->bei_id, e->bei_nrdn.bv_val );
+ return 0;
+}
+
+static void
+bdb_idtree_print(Cache *cache)
+{
+ avl_apply( cache->c_idtree, bdb_entryinfo_print, NULL, -1, AVL_INORDER );
+}
#endif
#endif
@@ -1456,7 +1571,7 @@
/* DB_ENV *env = key; */
DB_TXN *txn = data;
- TXN_ABORT( txn );
+ if ( txn ) TXN_ABORT( txn );
}
/* free up any keys used by the main thread */
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* dn2id.c - routines to deal with the dn2id index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.16 2009/01/26 21:27:59 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.19 2009/06/19 21:55:57 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -529,8 +529,8 @@
}
}
BEI(e)->bei_modrdns = max;
- ptr[-1] = '\0';
- nptr[-1] = '\0';
+ if ( ptr > e->e_name.bv_val ) ptr[-1] = '\0';
+ if ( nptr > e->e_nname.bv_val ) nptr[-1] = '\0';
return 0;
}
@@ -1102,7 +1102,7 @@
cx->rc = cx->dbc->c_close( cx->dbc );
done_one:
bdb_cache_entryinfo_lock( cx->ei );
- cx->ei->bei_state ^= CACHE_ENTRY_ONELEVEL;
+ cx->ei->bei_state &= ~CACHE_ENTRY_ONELEVEL;
bdb_cache_entryinfo_unlock( cx->ei );
if ( cx->rc )
return cx->rc;
@@ -1151,15 +1151,23 @@
for ( cx->id = bdb_idl_first( save, &idcurs );
cx->id != NOID;
cx->id = bdb_idl_next( save, &idcurs )) {
- cx->ei = bdb_cache_find_info( cx->bdb, cx->id );
- if ( !cx->ei ||
- ( cx->ei->bei_state & CACHE_ENTRY_NO_KIDS ))
+ EntryInfo *ei2;
+ cx->ei = NULL;
+ if ( bdb_cache_find_id( cx->op, cx->txn, cx->id, &cx->ei,
+ ID_NOENTRY, NULL ))
continue;
-
- BDB_ID2DISK( cx->id, &cx->nid );
- hdb_dn2idl_internal( cx );
- if ( !BDB_IDL_IS_ZERO( cx->tmp ))
- nokids = 0;
+ if ( cx->ei ) {
+ ei2 = cx->ei;
+ if ( !( ei2->bei_state & CACHE_ENTRY_NO_KIDS )) {
+ BDB_ID2DISK( cx->id, &cx->nid );
+ hdb_dn2idl_internal( cx );
+ if ( !BDB_IDL_IS_ZERO( cx->tmp ))
+ nokids = 0;
+ }
+ bdb_cache_entryinfo_lock( ei2 );
+ ei2->bei_finders--;
+ bdb_cache_entryinfo_unlock( ei2 );
+ }
}
cx->depth--;
cx->op->o_tmpfree( save, cx->op->o_tmpmemctx );
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* init.c - initialize bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.247.2.19 2009/02/19 22:19:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.247.2.22 2009/06/19 21:53:42 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -223,6 +223,7 @@
"Run manual recovery if errors are encountered.\n",
be->be_suffix[0].bv_val, 0, 0 );
do_recover = 0;
+ do_alock_recover = 0;
quick = alockt;
}
@@ -373,6 +374,11 @@
bdb->bi_cache.c_eimax = bdb->bi_cache.c_maxsize * 2;
}
+ /* dncache must be >= entrycache */
+ if ( bdb->bi_cache.c_eimax < bdb->bi_cache.c_maxsize ) {
+ bdb->bi_cache.c_eimax = bdb->bi_cache.c_maxsize;
+ }
+
if ( bdb->bi_idl_cache_max_size ) {
bdb->bi_idl_tree = NULL;
bdb->bi_idl_cache_size = 0;
@@ -537,10 +543,23 @@
rc = bdb_id2entry( be, NULL, 0, &e );
}
if ( !e ) {
+ struct berval gluebv = BER_BVC("glue");
+ Operation op = {0};
+ Opheader ohdr = {0};
e = entry_alloc();
e->e_id = 0;
ber_dupbv( &e->e_name, (struct berval *)&slap_empty_bv );
ber_dupbv( &e->e_nname, (struct berval *)&slap_empty_bv );
+ attr_merge_one( e, slap_schema.si_ad_objectClass,
+ &gluebv, NULL );
+ attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+ &gluebv, NULL );
+ op.o_hdr = &ohdr;
+ op.o_bd = be;
+ op.ora_e = e;
+ op.o_dn = be->be_rootdn;
+ op.o_ndn = be->be_rootndn;
+ slap_add_opattrs( &op, NULL, NULL, 0, 0 );
}
e->e_ocflags = SLAP_OC_GLUE|SLAP_OC__END;
e->e_private = &bdb->bi_cache.c_dntree;
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* modify.c - bdb backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.156.2.16 2009/02/05 19:35:54 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.156.2.17 2009/03/09 19:35:16 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -363,7 +363,6 @@
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
Entry dummy = {0};
- int fakeroot = 0;
DB_LOCK lock;
@@ -487,19 +486,6 @@
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
- if ( BER_BVISEMPTY( &op->o_req_ndn )) {
- struct berval gluebv = BER_BVC("glue");
- e = ch_calloc( 1, sizeof(Entry));
- e->e_name.bv_val = ch_strdup( "" );
- ber_dupbv( &e->e_nname, &e->e_name );
- attr_merge_one( e, slap_schema.si_ad_objectClass,
- &gluebv, NULL );
- attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
- &gluebv, NULL );
- e->e_private = ei;
- fakeroot = 1;
- rs->sr_err = 0;
- }
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
@@ -511,9 +497,7 @@
}
}
- if ( !fakeroot ) {
- e = ei->bei_e;
- }
+ e = ei->bei_e;
/* acquire and lock entry */
/* FIXME: dn2entry() should return non-glue entry */
@@ -676,19 +660,11 @@
} else {
/* may have changed in bdb_modify_internal() */
e->e_ocflags = dummy.e_ocflags;
- if ( fakeroot ) {
- e->e_private = NULL;
- entry_free( e );
- e = NULL;
- attrs_free( dummy.e_attrs );
-
- } else {
- rc = bdb_cache_modify( bdb, e, dummy.e_attrs, ltid, &lock );
- switch( rc ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto retry;
- }
+ rc = bdb_cache_modify( bdb, e, dummy.e_attrs, ltid, &lock );
+ switch( rc ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
}
dummy.e_attrs = NULL;
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* operational.c - bdb backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.4 2009/01/22 00:01:05 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.5 2009/03/05 22:24:29 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -34,6 +34,10 @@
Entry *e,
int *hasSubordinates )
{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ struct bdb_op_info *opinfo;
+ OpExtra *oex;
+ DB_TXN *rtxn;
int rc;
assert( e != NULL );
@@ -47,12 +51,25 @@
return LDAP_OTHER;
}
+ /* Check for a txn in a parent op, otherwise use reader txn */
+ LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+ if ( oex->oe_key == bdb )
+ break;
+ }
+ opinfo = (struct bdb_op_info *) oex;
+ if ( opinfo && opinfo->boi_txn ) {
+ rtxn = opinfo->boi_txn;
+ } else {
+ rc = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
+ if ( rc ) return LDAP_OTHER;
+ }
+
retry:
/* FIXME: we can no longer assume the entry's e_private
* field is correctly populated; so we need to reacquire
* it with reader lock */
- rc = bdb_cache_children( op, NULL, e );
-
+ rc = bdb_cache_children( op, rtxn, e );
+
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.137.2.14 2009/01/22 00:01:05 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.137.2.15 2009/05/07 20:20:33 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -501,7 +501,6 @@
#define bdb_cache_delete BDB_SYMBOL(cache_delete)
#define bdb_cache_delete_cleanup BDB_SYMBOL(cache_delete_cleanup)
#define bdb_cache_find_id BDB_SYMBOL(cache_find_id)
-#define bdb_cache_find_info BDB_SYMBOL(cache_find_info)
#define bdb_cache_find_ndn BDB_SYMBOL(cache_find_ndn)
#define bdb_cache_find_parent BDB_SYMBOL(cache_find_parent)
#define bdb_cache_modify BDB_SYMBOL(cache_modify)
@@ -544,13 +543,10 @@
struct berval *ndn,
EntryInfo **res
);
-EntryInfo * bdb_cache_find_info(
- struct bdb_info *bdb,
- ID id
-);
#define ID_LOCKED 1
#define ID_NOCACHE 2
+#define ID_NOENTRY 4
int bdb_cache_find_id(
Operation *op,
DB_TXN *tid,
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* search.c - search operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.246.2.21 2009/01/22 00:01:05 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.246.2.25 2009/05/13 20:20:38 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2009 The OpenLDAP Foundation.
@@ -667,6 +667,7 @@
/* check for abandon */
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
+ send_ldap_result( op, rs );
goto done;
}
@@ -1274,7 +1275,7 @@
ID *lastid,
int tentries )
{
- LDAPControl ctrl, *ctrls[2];
+ LDAPControl *ctrls[2];
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
PagedResultsCookie respcookie;
@@ -1284,8 +1285,6 @@
"send_paged_response: lastid=0x%08lx nentries=%d\n",
lastid ? *lastid : 0, rs->sr_nentries, NULL );
- BER_BVZERO( &ctrl.ldctl_value );
- ctrls[0] = &ctrl;
ctrls[1] = NULL;
ber_init2( ber, NULL, LBER_USE_DER );
@@ -1308,6 +1307,7 @@
/* return size of 0 -- no estimate */
ber_printf( ber, "{iO}", 0, &cookie );
+ ctrls[0] = op->o_tmpalloc( sizeof(LDAPControl), op->o_tmpmemctx );
if ( ber_flatten2( ber, &ctrls[0]->ldctl_value, 0 ) == -1 ) {
goto done;
}
@@ -1315,10 +1315,9 @@
ctrls[0]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
ctrls[0]->ldctl_iscritical = 0;
- rs->sr_ctrls = ctrls;
+ slap_add_ctrls( op, rs, ctrls );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
- rs->sr_ctrls = NULL;
done:
(void) ber_free_buf( ber );
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* back-ldap.h - ldap backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.13 2009/01/22 00:01:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.14 2009/06/11 21:48:11 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -245,6 +245,9 @@
* to be checked for the presence of a certain item */
BerVarray li_bvuri;
ldap_pvt_thread_mutex_t li_uri_mutex;
+ /* hack because when TLS is used we need to lock and let
+ * the li_urllist_f function to know it's locked */
+ int li_uri_mutex_do_not_lock;
LDAP_REBIND_PROC *li_rebind_f;
LDAP_URLLIST_PROC *li_urllist_f;
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.21 2009/01/22 00:01:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.22 2009/06/11 21:48:11 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -691,8 +691,11 @@
}
ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ assert( li->li_uri_mutex_do_not_lock == 0 );
+ li->li_uri_mutex_do_not_lock = 1;
rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
+ li->li_uri_mutex_do_not_lock = 0;
ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
if ( rs->sr_err != LDAP_SUCCESS ) {
ldap_unbind_ext( ld, NULL, NULL );
@@ -1581,14 +1584,20 @@
*urllist = *url;
*url = NULL;
- ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ if ( !li->li_uri_mutex_do_not_lock ) {
+ ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
+ }
+
if ( li->li_uri ) {
ch_free( li->li_uri );
}
ldap_get_option( ld, LDAP_OPT_URI, (void *)&li->li_uri );
- ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+ if ( !li->li_uri_mutex_do_not_lock ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
+ }
+
return LDAP_SUCCESS;
}
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* search.c - ldap backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.201.2.19 2009/02/20 01:15:05 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.201.2.21 2009/03/06 07:14:56 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -47,7 +47,8 @@
static int
ldap_back_munge_filter(
Operation *op,
- struct berval *filter )
+ struct berval *filter,
+ int *freeit )
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
@@ -122,6 +123,7 @@
AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
op->ors_filterstr.bv_len + 1 );
+ *freeit = 1;
} else {
filter->bv_val = op->o_tmprealloc( filter->bv_val,
filter->bv_len + 1, op->o_tmpmemctx );
@@ -163,7 +165,7 @@
filter = BER_BVNULL;
int i;
char **attrs = NULL;
- int freetext = 0;
+ int freetext = 0, freefilter = 0;
int do_retry = 1, dont_retry = 0;
LDAPControl **ctrls = NULL;
char **references = NULL;
@@ -242,7 +244,7 @@
goto finish;
case LDAP_FILTER_ERROR:
- if (ldap_back_munge_filter( op, &filter ) > 0 ) {
+ if (ldap_back_munge_filter( op, &filter, &freefilter ) > 0 ) {
goto retry;
}
@@ -561,7 +563,7 @@
ldap_back_quarantine( op, rs );
}
- if ( filter.bv_val != op->ors_filterstr.bv_val ) {
+ if ( freefilter && filter.bv_val != op->ors_filterstr.bv_val ) {
op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
}
@@ -732,6 +734,10 @@
for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;
last = i;
+ /*
+ * check that each value is valid per syntax
+ * and pretty if appropriate
+ */
for ( i = 0; i<last; i++ ) {
struct berval pval;
int rc;
@@ -762,7 +768,9 @@
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
+ i--;
}
+
} else if ( pretty ) {
LBER_FREE( attr->a_vals[i].bv_val );
attr->a_vals[i] = pval;
@@ -782,10 +790,6 @@
for ( i = 0; i < last; i++ ) {
int rc;
- /*
- * check that each value is valid per syntax
- * and pretty if appropriate
- */
rc = attr->a_desc->ad_type->sat_equality->smr_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
attr->a_desc->ad_type->sat_syntax,
@@ -801,6 +805,7 @@
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
+ i--;
}
}
BER_BVZERO( &attr->a_nvals[i] );
@@ -814,6 +819,31 @@
}
attr->a_numvals = last;
+
+ /* Handle sorted vals, strip dups but keep the attr */
+ if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
+ while ( attr->a_numvals > 1 ) {
+ int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
+ if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
+ break;
+
+ /* Strip duplicate values */
+ if ( attr->a_nvals != attr->a_vals )
+ LBER_FREE( attr->a_nvals[i].bv_val );
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_numvals--;
+ if ( i < attr->a_numvals ) {
+ attr->a_vals[i] = attr->a_vals[attr->a_numvals];
+ if ( attr->a_nvals != attr->a_vals )
+ attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
+ }
+ BER_BVZERO(&attr->a_vals[attr->a_numvals]);
+ if ( attr->a_nvals != attr->a_vals )
+ BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
+ }
+ attr->a_flags |= SLAP_ATTR_SORTED_VALS;
+ }
+
*attrp = attr;
attrp = &attr->a_next;
@@ -899,8 +929,8 @@
/* TODO: timeout? */
rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
- attrp, 0, ctrls, NULL,
- NULL, LDAP_NO_LIMIT, op->ors_deref, &result );
+ attrp, LDAP_DEREF_NEVER, ctrls, NULL,
+ NULL, LDAP_NO_LIMIT, 0, &result );
if ( rc != LDAP_SUCCESS ) {
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/search.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/search.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.21 2009/02/20 01:15:05 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.22 2009/03/05 18:22:15 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -1801,6 +1801,7 @@
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
struct berval a, mapped;
int check_duplicate_attrs = 0;
+ int check_sorted_attrs = 0;
Entry ent = { 0 };
BerElement ber = *e->lm_ber;
Attribute *attr, **attrp;
@@ -1925,6 +1926,9 @@
}
}
+ if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL )
+ check_sorted_attrs = 1;
+
/* no subschemaSubentry */
if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
|| attr->a_desc == slap_schema.si_ad_entryDN )
@@ -2157,6 +2161,35 @@
}
}
+ /* Check for sorted attributes */
+ if ( check_sorted_attrs ) {
+ for ( attr = ent.e_attrs; attr; attr = attr->a_next ) {
+ if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
+ while ( attr->a_numvals > 1 ) {
+ int i;
+ int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
+ if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
+ break;
+
+ /* Strip duplicate values */
+ if ( attr->a_nvals != attr->a_vals )
+ LBER_FREE( attr->a_nvals[i].bv_val );
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_numvals--;
+ if ( i < attr->a_numvals ) {
+ attr->a_vals[i] = attr->a_vals[attr->a_numvals];
+ if ( attr->a_nvals != attr->a_vals )
+ attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
+ }
+ BER_BVZERO(&attr->a_vals[attr->a_numvals]);
+ if ( attr->a_nvals != attr->a_vals )
+ BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
+ }
+ attr->a_flags |= SLAP_ATTR_SORTED_VALS;
+ }
+ }
+ }
+
ldap_get_entry_controls( mc->mc_conns[target].msc_ld,
e, &rs->sr_ctrls );
rs->sr_entry = &ent;
Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* conn.c - deal with connection subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.72.2.8 2009/01/22 00:01:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.72.2.9 2009/04/27 22:50:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -94,7 +94,7 @@
} else {
BER_BVSTR( &bv, "0" );
}
- attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
@@ -133,7 +133,7 @@
}
BER_BVSTR( &bv, "-1" );
- attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
@@ -172,7 +172,7 @@
}
BER_BVSTR( &bv, "0" );
- attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, &bv );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
@@ -398,7 +398,7 @@
attr_merge_one( e, mi->mi_ad_monitorConnectionNumber, &bv, NULL );
bv.bv_len = snprintf( buf, sizeof( buf ), "%ld", (long) c->c_protocol );
- attr_merge_one( e, mi->mi_ad_monitorConnectionProtocol, &bv, NULL );
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionProtocol, &bv, NULL );
bv.bv_len = snprintf( buf, sizeof( buf ), "%ld", c->c_n_ops_received );
attr_merge_one( e, mi->mi_ad_monitorConnectionOpsReceived, &bv, NULL );
@@ -428,31 +428,31 @@
LDAP_STAILQ_EMPTY( &c->c_pending_ops ) ? "" : "p",
connection_state2str( c->c_conn_state ),
c->c_sasl_bind_in_progress ? "S" : "" );
- attr_merge_one( e, mi->mi_ad_monitorConnectionMask, &bv, NULL );
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionMask, &bv, NULL );
attr_merge_one( e, mi->mi_ad_monitorConnectionAuthzDN,
&c->c_dn, &c->c_ndn );
/* NOTE: client connections leave the c_peer_* fields NULL */
assert( !BER_BVISNULL( &c->c_listener_url ) );
- attr_merge_one( e, mi->mi_ad_monitorConnectionListener,
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionListener,
&c->c_listener_url, NULL );
- attr_merge_one( e, mi->mi_ad_monitorConnectionPeerDomain,
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionPeerDomain,
BER_BVISNULL( &c->c_peer_domain ) ? &bv_unknown : &c->c_peer_domain,
NULL );
- attr_merge_one( e, mi->mi_ad_monitorConnectionPeerAddress,
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionPeerAddress,
BER_BVISNULL( &c->c_peer_name ) ? &bv_unknown : &c->c_peer_name,
NULL );
assert( !BER_BVISNULL( &c->c_sock_name ) );
- attr_merge_one( e, mi->mi_ad_monitorConnectionLocalAddress,
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionLocalAddress,
&c->c_sock_name, NULL );
- attr_merge_one( e, mi->mi_ad_monitorConnectionStartTime, &bv2, NULL );
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionStartTime, &bv2, NULL );
- attr_merge_one( e, mi->mi_ad_monitorConnectionActivityTime, &bv3, NULL );
+ attr_merge_normalize_one( e, mi->mi_ad_monitorConnectionActivityTime, &bv3, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* database.c - deals with database subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.80.2.12 2009/01/22 00:01:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.80.2.13 2009/04/27 22:50:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -66,7 +66,7 @@
struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
- return attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
+ return attr_merge_one( e, mi->mi_ad_readOnly, tf, NULL );
}
static int
@@ -162,9 +162,9 @@
rdnval, 0, 0 );
} else {
attr_merge( e, slap_schema.si_ad_namingContexts,
- be->be_suffix, be->be_nsuffix );
+ be->be_suffix, NULL );
attr_merge( e_database, slap_schema.si_ad_namingContexts,
- be->be_suffix, be->be_nsuffix );
+ be->be_suffix, NULL );
}
}
@@ -301,7 +301,7 @@
} else {
attr_merge( e_overlay, slap_schema.si_ad_namingContexts,
- be->be_suffix, be->be_nsuffix );
+ be->be_suffix, NULL );
}
mp_overlay = monitor_entrypriv_create();
@@ -405,9 +405,15 @@
if ( a ) {
int j, k;
- for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
- for ( k = 0; !BER_BVISNULL( &be->be_nsuffix[ k ] ); k++ ) {
- if ( dn_match( &a->a_nvals[ j ], &be->be_nsuffix[ k ] ) ) {
+ /* FIXME: RFC 4512 defines namingContexts without an
+ * equality matching rule, making comparisons
+ * like this one tricky. We use a_vals and
+ * be_suffix instead for now.
+ */
+ for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
+ for ( k = 0; !BER_BVISNULL( &be->be_suffix[ k ] ); k++ ) {
+ if ( dn_match( &a->a_vals[ j ],
+ &be->be_suffix[ k ] ) ) {
rc = 0;
goto done;
}
Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* operation.c - deal with operation subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.46.2.5 2009/01/22 00:01:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.46.2.6 2009/04/27 22:50:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -86,8 +86,8 @@
return( -1 );
}
- attr_merge_one( e_op, mi->mi_ad_monitorOpInitiated, &bv_zero, &bv_zero );
- attr_merge_one( e_op, mi->mi_ad_monitorOpCompleted, &bv_zero, &bv_zero );
+ attr_merge_one( e_op, mi->mi_ad_monitorOpInitiated, &bv_zero, NULL );
+ attr_merge_one( e_op, mi->mi_ad_monitorOpCompleted, &bv_zero, NULL );
mp = ( monitor_entry_t * )e_op->e_private;
mp->mp_children = NULL;
Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* readw.c - deal with read waiters subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.36.2.5 2009/01/22 00:01:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.36.2.6 2009/04/27 22:50:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -104,7 +104,7 @@
ber_dupbv( &monitor_rww[ i ].nrdn, &nrdn );
BER_BVSTR( &bv, "0" );
- attr_merge_normalize_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* sent.c - deal with data sent subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.42.2.5 2009/01/22 00:01:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.42.2.6 2009/04/27 22:50:11 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -110,7 +110,7 @@
ber_dupbv( &monitor_sent[ i ].nrdn, &nrdn );
BER_BVSTR( &bv, "0" );
- attr_merge_normalize_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
+ attr_merge_one( e, mi->mi_ad_monitorCounter, &bv, NULL );
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* search.cpp - tools for slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/search.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/search.cpp,v 1.3.2.3 2009/06/12 18:36:51 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -634,6 +634,10 @@
}
scan = txn->getNdbIndexScanOperation( "PRIMARY", DN2ID_TABLE );
+ if ( !scan ) {
+ rs->sr_err = LDAP_OTHER;
+ goto leave;
+ }
scan->readTuples( NdbOperation::LM_CommittedRead );
rc = ndb_dn2bound( scan, &rdns );
Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/close.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/close.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.17.2.4 2009/01/22 00:01:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.17.2.5 2009/06/27 18:02:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -31,6 +31,9 @@
perl_destruct(PERL_INTERPRETER);
perl_free(PERL_INTERPRETER);
PERL_INTERPRETER = NULL;
+#ifdef PERL_SYS_TERM
+ PERL_SYS_TERM();
+#endif
ldap_pvt_thread_mutex_destroy( &perl_interpreter_mutex );
Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/init.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/init.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.44.2.5 2009/01/22 00:01:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.44.2.6 2009/06/27 18:02:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -37,6 +37,7 @@
)
{
char *embedding[] = { "", "-e", "0" };
+ int argc = 3;
bi->bi_open = NULL;
bi->bi_config = 0;
@@ -77,9 +78,15 @@
ldap_pvt_thread_mutex_init( &perl_interpreter_mutex );
+#ifdef PERL_SYS_INIT3
+ PERL_SYS_INIT3(&argc, &embedding, (char **)NULL);
+#endif
PERL_INTERPRETER = perl_alloc();
perl_construct(PERL_INTERPRETER);
- perl_parse(PERL_INTERPRETER, perl_back_xs_init, 3, embedding, (char **)NULL);
+#ifdef PERL_EXIT_DESTRUCT_END
+ PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
+#endif
+ perl_parse(PERL_INTERPRETER, perl_back_xs_init, argc, embedding, (char **)NULL);
perl_run(PERL_INTERPRETER);
return 0;
}
Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/op.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/op.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* op.c - relay backend operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/op.c,v 1.15.2.8 2009/02/13 02:57:29 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/op.c,v 1.15.2.9 2009/06/02 23:08:35 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2009 The OpenLDAP Foundation.
@@ -457,15 +457,14 @@
{
SlapReply rs = { 0 };
BackendDB *bd;
- int rc = 1;
+ int rc = LDAP_OTHER;
- bd = relay_back_select_backend( op, &rs,
- ( LDAP_SUCCESS | RB_ERR ) );
+ bd = relay_back_select_backend( op, &rs, LDAP_OTHER );
/* FIXME: this test only works if there are no overlays, so
* it is nearly useless; if made stricter, no nested back-relays
* can be instantiated... too bad. */
if ( bd == NULL || bd == op->o_bd ) {
- return 0;
+ return LDAP_OTHER;
}
if ( bd->be_has_subordinates ) {
@@ -477,7 +476,6 @@
}
return rc;
-
}
int
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/config.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/config.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.32.2.6 2009/01/22 00:01:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.32.2.7 2009/07/08 00:28:22 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -659,7 +659,7 @@
{
backsql_info *bi = (backsql_info *)be->be_private;
LDIFFP *fp;
- int rc = 0, lineno = 0, lmax = 0;
+ int rc = 0, lineno = 0, lmax = 0, ldifrc;
char *buf = NULL;
assert( fname != NULL );
@@ -685,7 +685,7 @@
bi->sql_baseObject->e_nname = be->be_nsuffix[0];
bi->sql_baseObject->e_attrs = NULL;
- while ( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ while (( ldifrc = ldif_read_record( fp, &lineno, &buf, &lmax )) > 0 ) {
Entry *e = str2entry( buf );
Attribute *a;
@@ -704,7 +704,7 @@
"dn=\"%s\" (line=%d)\n",
e->e_name.bv_val, lineno );
entry_free( e );
- rc = EXIT_FAILURE;
+ rc = LDAP_OTHER;
break;
}
@@ -729,6 +729,9 @@
}
}
+ if ( ldifrc < 0 )
+ rc = LDAP_OTHER;
+
if ( rc ) {
entry_free( bi->sql_baseObject );
bi->sql_baseObject = NULL;
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/init.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/init.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.73.2.5 2009/01/22 00:01:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.73.2.6 2009/06/02 22:28:46 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -41,7 +41,9 @@
#ifdef SLAP_CONTROL_X_TREE_DELETE
SLAP_CONTROL_X_TREE_DELETE,
#endif /* SLAP_CONTROL_X_TREE_DELETE */
+#ifndef BACKSQL_ARBITRARY_KEY
LDAP_CONTROL_PAGEDRESULTS,
+#endif /* ! BACKSQL_ARBITRARY_KEY */
NULL
};
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,3 +1,4 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/proto-sql.h,v 1.30.2.7 2009/06/02 22:31:40 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -183,7 +184,7 @@
* sql-wrap.h
*/
-RETCODE backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, char* query, int timeout );
+RETCODE backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, const char* query, int timeout );
#define backsql_BindParamStr( sth, par_ind, io, str, maxlen ) \
SQLBindParameter( (sth), (SQLUSMALLINT)(par_ind), \
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/search.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/search.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.117.2.10 2009/02/17 19:14:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.117.2.11 2009/06/02 22:28:46 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -48,6 +48,9 @@
and the other 26 for ldap_entries ID number. If your max(oc_map_id) is more
than 63, you will need to steal more bits from ldap_entries ID number and
put them into the OC ID part of the cookie. */
+
+/* NOTE: not supported when BACKSQL_ARBITRARY_KEY is defined */
+#ifndef BACKSQL_ARBITRARY_KEY
#define SQL_TO_PAGECOOKIE(id, oc) (((id) << 6 ) | ((oc) & 0x3F))
#define PAGECOOKIE_TO_SQL_ID(pc) ((pc) >> 6)
#define PAGECOOKIE_TO_SQL_OC(pc) ((pc) & 0x3F)
@@ -58,6 +61,7 @@
Operation *op,
SlapReply *rs,
ID *lastid );
+#endif /* ! BACKSQL_ARBITRARY_KEY */
static int
backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
@@ -1551,6 +1555,7 @@
assert( 0 );
}
+#ifndef BACKSQL_ARBITRARY_KEY
/* If paged results are in effect, ignore low ldap_entries.id numbers */
if ( get_pagedresults(bsi->bsi_op) > SLAP_CONTROL_IGNORED ) {
unsigned long lowid = 0;
@@ -1574,6 +1579,7 @@
lowidstring );
}
}
+#endif /* ! BACKSQL_ARBITRARY_KEY */
rc = backsql_process_filter( bsi, bsi->bsi_filter );
if ( rc > 0 ) {
@@ -1654,6 +1660,7 @@
return BACKSQL_AVL_STOP;
}
+#ifndef BACKSQL_ARBITRARY_KEY
/* If paged results have already completed this objectClass, skip it */
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
if ( oc->bom_id < PAGECOOKIE_TO_SQL_OC( ((PagedResultsState *)op->o_pagedresults_state)->ps_cookie ) )
@@ -1661,6 +1668,7 @@
return BACKSQL_AVL_CONTINUE;
}
}
+#endif /* ! BACKSQL_ARBITRARY_KEY */
if ( bsi->bsi_n_candidates == -1 ) {
Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
@@ -1988,7 +1996,9 @@
backsql_srch_info bsi = { 0 };
backsql_entryID *eid = NULL;
struct berval nbase = BER_BVNULL;
- unsigned long lastid = 0;
+#ifndef BACKSQL_ARBITRARY_KEY
+ ID lastid = 0;
+#endif /* ! BACKSQL_ARBITRARY_KEY */
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
"base=\"%s\", filter=\"%s\", scope=%d,",
@@ -2125,6 +2135,7 @@
( op->ors_limit->lms_s_unchecked == -1 ? -2 :
( op->ors_limit->lms_s_unchecked ) ) );
+#ifndef BACKSQL_ARBITRARY_KEY
/* If paged results are in effect, check the paging cookie */
if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
rs->sr_err = parse_paged_cookie( op, rs );
@@ -2133,6 +2144,7 @@
goto done;
}
}
+#endif /* ! BACKSQL_ARBITRARY_KEY */
switch ( bsi.bsi_scope ) {
case LDAP_SCOPE_BASE:
@@ -2409,6 +2421,7 @@
if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE )
{
+#ifndef BACKSQL_ARBITRARY_KEY
/* If paged results are in effect, see if the page limit was exceeded */
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size )
@@ -2419,6 +2432,7 @@
}
lastid = SQL_TO_PAGECOOKIE( eid->eid_id, eid->eid_oc_id );
}
+#endif /* ! BACKSQL_ARBITRARY_KEY */
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_entry = e;
@@ -2466,9 +2480,12 @@
send_results:;
if ( rs->sr_err != SLAPD_ABANDON ) {
+#ifndef BACKSQL_ARBITRARY_KEY
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
send_paged_response( op, rs, NULL );
- } else {
+ } else
+#endif /* ! BACKSQL_ARBITRARY_KEY */
+ {
send_ldap_result( op, rs );
}
}
@@ -2663,7 +2680,7 @@
return 0;
}
-
+#ifndef BACKSQL_ARBITRARY_KEY
/* This function is copied verbatim from back-bdb/search.c */
static int
parse_paged_cookie( Operation *op, SlapReply *rs )
@@ -2716,7 +2733,7 @@
send_paged_response(
Operation *op,
SlapReply *rs,
- unsigned long *lastid )
+ ID *lastid )
{
LDAPControl ctrl, *ctrls[2];
BerElementBuffer berbuf;
@@ -2767,3 +2784,4 @@
done:
(void) ber_free_buf( ber );
}
+#endif /* ! BACKSQL_ARBITRARY_KEY */
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.43.2.7 2009/01/22 00:01:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.43.2.8 2009/06/02 22:29:43 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -52,7 +52,7 @@
}
RETCODE
-backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, char *query, int timeout )
+backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, const char *query, int timeout )
{
RETCODE rc;
Modified: openldap/vendor/openldap-release/servers/slapd/backend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backend.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/backend.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* backend.c - routines for dealing with back-end databases */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.362.2.26 2009/01/30 19:00:12 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.362.2.27 2009/05/18 17:51:55 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -1296,7 +1296,8 @@
}
if( ( restrictops & opflag )
- || ( exopflag && ( restrictops & exopflag ) ) ) {
+ || ( exopflag && ( restrictops & exopflag ) )
+ || (( restrictops & SLAP_RESTRICT_READONLY ) && updateop )) {
if( ( restrictops & SLAP_RESTRICT_OP_MASK) == SLAP_RESTRICT_OP_READS ) {
rs->sr_text = "read operations restricted";
} else if ( restrictops & exopflag ) {
Modified: openldap/vendor/openldap-release/servers/slapd/backglue.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backglue.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/backglue.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.17 2009/02/11 00:49:55 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.19 2009/05/13 20:19:14 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2009 The OpenLDAP Foundation.
@@ -52,6 +52,8 @@
static int glueMode;
static BackendDB *glueBack;
+static BackendDB glueBackDone;
+#define GLUEBACK_DONE (&glueBackDone)
static slap_response glue_op_response;
@@ -533,18 +535,19 @@
break;
}
+
+ op->o_callback = cb.sc_next;
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
} else {
- op->o_callback = cb.sc_next;
rs->sr_err = gs.err;
rs->sr_matched = gs.matched;
rs->sr_ref = gs.refs;
- rs->sr_ctrls = gs.ctrls;
-
- send_ldap_result( op, rs );
}
+ rs->sr_ctrls = gs.ctrls;
+ send_ldap_result( op, rs );
+
op->o_bd = b0;
op->o_bd->bd_info = bi0;
if (gs.matched)
@@ -591,7 +594,7 @@
{
int rc = 0;
- if (glueBack) {
+ if (glueBack && glueBack != GLUEBACK_DONE) {
if (!glueBack->be_entry_close)
return 0;
rc = glueBack->be_entry_close (glueBack);
@@ -740,6 +743,7 @@
slap_overinst *on = glue_tool_inst( b0->bd_info );
glueinfo *gi = on->on_bi.bi_private;
int i;
+ ID rc;
/* If we're starting from scratch, start at the most general */
if (!glueBack) {
@@ -759,7 +763,26 @@
glueBack->be_entry_open (glueBack, glueMode) != 0)
return NOID;
- return glueBack->be_entry_first (glueBack);
+ rc = glueBack->be_entry_first (glueBack);
+ while ( rc == NOID ) {
+ if ( glueBack && glueBack->be_entry_close )
+ glueBack->be_entry_close (glueBack);
+ for (i=0; i<gi->gi_nodes; i++) {
+ if (gi->gi_n[i].gn_be == glueBack)
+ break;
+ }
+ if (i == 0) {
+ glueBack = GLUEBACK_DONE;
+ break;
+ } else {
+ glueBack = gi->gi_n[i-1].gn_be;
+ rc = glue_tool_entry_first (b0);
+ if ( glueBack == GLUEBACK_DONE ) {
+ break;
+ }
+ }
+ }
+ return rc;
}
static ID
@@ -786,11 +809,14 @@
break;
}
if (i == 0) {
- glueBack = NULL;
+ glueBack = GLUEBACK_DONE;
break;
} else {
glueBack = gi->gi_n[i-1].gn_be;
rc = glue_tool_entry_first (b0);
+ if ( glueBack == GLUEBACK_DONE ) {
+ break;
+ }
}
}
return rc;
Modified: openldap/vendor/openldap-release/servers/slapd/bconfig.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bconfig.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/bconfig.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* bconfig.c - the config backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.202.2.59 2009/02/13 03:16:59 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.202.2.68 2009/06/08 18:24:59 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2009 The OpenLDAP Foundation.
@@ -320,7 +320,7 @@
&config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
+ { "authz-regexp", "regexp> <DN", 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
&config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
@@ -455,7 +455,7 @@
{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
&config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
+ { "password-hash", "hash", 2, 0, 0, ARG_MAGIC,
&config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
@@ -530,6 +530,14 @@
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
&config_generic, NULL, NULL, NULL },
+ { "sasl-auxprops", NULL, 2, 0, 0,
+#ifdef HAVE_CYRUS_SASL
+ ARG_STRING|ARG_UNIQUE, &slap_sasl_auxprops,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:89 NAME 'olcSaslAuxprops' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "sasl-host", "host", 2, 2, 0,
#ifdef HAVE_CYRUS_SASL
ARG_STRING|ARG_UNIQUE, &sasl_host,
@@ -706,6 +714,9 @@
&config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
"EQUALITY caseIgnoreMatch "
"SUP labeledURI )", NULL, NULL },
+ { "writetimeout", "timeout", 2, 2, 0, ARG_INT,
+ &global_writetimeout, "( OLcfgGlAt:88 NAME 'olcWriteTimeout' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL }
};
@@ -757,14 +768,14 @@
"olcPluginLogFile $ olcReadOnly $ olcReferral $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
"olcRootDSE $ "
- "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
+ "olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
"olcSecurity $ olcServerID $ olcSizeLimit $ "
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
"olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
- "olcTLSCRLFile $ olcToolThreads $ "
+ "olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
{ "( OLcfgGlOc:2 "
@@ -893,8 +904,7 @@
if ( !c->rvalue_vals ) rc = 1;
break;
case CFG_RO:
- c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
- SLAP_RESTRICT_OP_WRITES;
+ c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_READONLY);
break;
case CFG_AZPOLICY:
c->value_string = ch_strdup( slap_sasl_getpolicy());
@@ -1378,6 +1388,36 @@
case CFG_LIMITS:
/* FIXME: there is no limits_free function */
+ if ( c->valx < 0 ) {
+ limits_destroy( c->be->be_limits );
+ c->be->be_limits = NULL;
+
+ } else {
+ int cnt, num = -1;
+
+ if ( c->be->be_limits ) {
+ for ( num = 0; c->be->be_limits[ num ]; num++ )
+ /* just count */ ;
+ }
+
+ if ( c->valx >= num ) {
+ return 1;
+ }
+
+ if ( num == 1 ) {
+ limits_destroy( c->be->be_limits );
+ c->be->be_limits = NULL;
+
+ } else {
+ limits_free_one( c->be->be_limits[ c->valx ] );
+
+ for ( cnt = c->valx; cnt < num; cnt++ ) {
+ c->be->be_limits[ cnt ] = c->be->be_limits[ cnt + 1 ];
+ }
+ }
+ }
+ break;
+
case CFG_ATOPT:
/* FIXME: there is no ad_option_free function */
case CFG_ROOTDSE:
@@ -1466,9 +1506,9 @@
case CFG_RO:
if(c->value_int)
- c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
+ c->be->be_restrictops |= SLAP_RESTRICT_READONLY;
else
- c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
+ c->be->be_restrictops &= ~SLAP_RESTRICT_READONLY;
break;
case CFG_AZPOLICY:
@@ -2887,7 +2927,7 @@
int level;
if ( isdigit((unsigned char)c->argv[i][0]) || c->argv[i][0] == '-' ) {
- if( lutil_atoi( &level, c->argv[i] ) != 0 ) {
+ if( lutil_atoix( &level, c->argv[i], 0 ) != 0 ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse level", c->argv[0] );
Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->cr_msg, c->argv[i]);
@@ -3191,6 +3231,27 @@
#ifdef HAVE_TLS
static int
+config_tls_cleanup(ConfigArgs *c) {
+ int rc = 0;
+
+ if ( slap_tls_ld ) {
+ int opt = 1;
+
+ ldap_pvt_tls_ctx_free( slap_tls_ctx );
+
+ /* Force new ctx to be created */
+ rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
+ if( rc == 0 ) {
+ /* The ctx's refcount is bumped up here */
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
+ /* This is a no-op if it's already loaded */
+ load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
+ }
+ }
+ return rc;
+}
+
+static int
config_tls_option(ConfigArgs *c) {
int flag;
LDAP *ld = slap_tls_ld;
@@ -3213,9 +3274,11 @@
if (c->op == SLAP_CONFIG_EMIT) {
return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
+ c->cleanup = config_tls_cleanup;
return ldap_pvt_tls_set_option( ld, flag, NULL );
}
ch_free(c->value_string);
+ c->cleanup = config_tls_cleanup;
return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
}
@@ -3237,9 +3300,11 @@
return slap_tls_get_config( slap_tls_ld, flag, &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
int i = 0;
+ c->cleanup = config_tls_cleanup;
return ldap_pvt_tls_set_option( slap_tls_ld, flag, &i );
}
ch_free( c->value_string );
+ c->cleanup = config_tls_cleanup;
if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
if ( lutil_atoi( &i, c->argv[1] ) != 0 ) {
Debug(LDAP_DEBUG_ANY, "%s: "
@@ -4718,6 +4783,10 @@
}
}
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto out;
+ }
ldap_pvt_thread_pool_pause( &connection_pool );
/* Strategy:
@@ -5158,8 +5227,13 @@
slap_mods_opattrs( op, &op->orm_modlist, 1 );
- if ( do_pause )
+ if ( do_pause ) {
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto out;
+ }
ldap_pvt_thread_pool_pause( &connection_pool );
+ }
/* Strategy:
* 1) perform the Modify on the cached Entry.
@@ -5323,6 +5397,10 @@
goto out;
}
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto out;
+ }
ldap_pvt_thread_pool_pause( &connection_pool );
if ( ce->ce_type == Cft_Schema ) {
@@ -5412,6 +5490,8 @@
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else if ( ce->ce_kids ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ } else if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
} else if ( ce->ce_type == Cft_Overlay ){
char *iptr;
int count, ixold;
Modified: openldap/vendor/openldap-release/servers/slapd/cancel.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/cancel.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/cancel.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* cancel.c - LDAP cancel extended operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.23.2.5 2009/01/22 00:01:00 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.23.2.9 2009/06/05 22:59:03 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -65,34 +65,66 @@
}
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
+ if ( op->o_abandon ) {
+ /* FIXME: Should instead reject the cancel/abandon of this op, but
+ * it seems unsafe to reset op->o_abandon once it is set. ITS#6138.
+ */
+ rc = LDAP_OPERATIONS_ERROR;
+ rs->sr_text = "tried to abandon or cancel this operation";
+ goto out;
+ }
+
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
if ( o->o_msgid == opid ) {
- LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, Operation, o_next );
- LDAP_STAILQ_NEXT(o, o_next) = NULL;
- op->o_conn->c_n_ops_pending--;
- slap_op_free( o, NULL );
- ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- return LDAP_SUCCESS;
+ /* TODO: We could instead remove the cancelled operation
+ * from c_pending_ops like Abandon does, and send its
+ * response here. Not if it is pending because of a
+ * congested connection though.
+ */
+ rc = LDAP_CANNOT_CANCEL;
+ rs->sr_text = "too busy for Cancel, try Abandon instead";
+ goto out;
}
}
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
if ( o->o_msgid == opid ) {
- o->o_abandon = 1;
break;
}
}
- ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ if ( o == NULL ) {
+ rc = LDAP_NO_SUCH_OPERATION;
+ rs->sr_text = "message ID not found";
- if ( o ) {
- if ( o->o_cancel != SLAP_CANCEL_NONE ) {
- rs->sr_text = "message ID already being cancelled";
- return LDAP_PROTOCOL_ERROR;
- }
+ } else if ( o->o_tag == LDAP_REQ_BIND
+ || o->o_tag == LDAP_REQ_UNBIND
+ || o->o_tag == LDAP_REQ_ABANDON ) {
+ rc = LDAP_CANNOT_CANCEL;
+ } else if ( o->o_cancel != SLAP_CANCEL_NONE ) {
+ rc = LDAP_OPERATIONS_ERROR;
+ rs->sr_text = "message ID already being cancelled";
+
+#if 0
+ } else if ( o->o_abandon ) {
+ /* TODO: Would this break something when
+ * o_abandon="suppress response"? (ITS#6138)
+ */
+ rc = LDAP_TOO_LATE;
+#endif
+
+ } else {
+ rc = LDAP_SUCCESS;
o->o_cancel = SLAP_CANCEL_REQ;
+ o->o_abandon = 1;
+ }
+ out:
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ if ( rc == LDAP_SUCCESS ) {
LDAP_STAILQ_FOREACH( op->o_bd, &backendDB, be_next ) {
if( !op->o_bd->be_cancel ) continue;
@@ -102,20 +134,22 @@
}
}
- while ( o->o_cancel == SLAP_CANCEL_REQ ) {
- ldap_pvt_thread_yield();
- }
+ do {
+ /* Fake a cond_wait with thread_yield, then
+ * verify the result properly mutex-protected.
+ */
+ while ( o->o_cancel == SLAP_CANCEL_REQ )
+ ldap_pvt_thread_yield();
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ rc = o->o_cancel;
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+ } while ( rc == SLAP_CANCEL_REQ );
- if ( o->o_cancel == SLAP_CANCEL_ACK ) {
+ if ( rc == SLAP_CANCEL_ACK ) {
rc = LDAP_SUCCESS;
- } else {
- rc = o->o_cancel;
}
o->o_cancel = SLAP_CANCEL_DONE;
- } else {
- rs->sr_text = "message ID not found";
- rc = LDAP_NO_SUCH_OPERATION;
}
return rc;
Modified: openldap/vendor/openldap-release/servers/slapd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/config.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* config.c - configuration file handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.441.2.20 2009/02/13 03:16:59 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.441.2.24 2009/06/02 23:41:32 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -62,7 +62,9 @@
slap_mask_t global_disallows = 0;
int global_gentlehup = 0;
int global_idletimeout = 0;
+int global_writetimeout = 0;
char *global_host = NULL;
+struct berval global_host_bv = BER_BVNULL;
char *global_realm = NULL;
char *sasl_host = NULL;
char **default_passwd_hash = NULL;
@@ -143,7 +145,7 @@
}
if(Conf->min_args && (c->argc < Conf->min_args)) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> missing <%s> argument",
- c->argv[0], Conf->what );
+ c->argv[0], Conf->what ? Conf->what : "" );
Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->cr_msg, 0 );
return(ARG_BAD_CONF);
}
@@ -214,6 +216,16 @@
ch_free( c->value_ndn.bv_val );
ch_free( c->value_dn.bv_val );
}
+ } else if(arg_type == ARG_ATDESC) {
+ const char *text = NULL;
+ c->value_ad = NULL;
+ rc = slap_str2ad( c->argv[1], &c->value_ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid AttributeDescription %d (%s)",
+ c->argv[0], rc, text );
+ Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0);
+ return(ARG_BAD_CONF);
+ }
} else { /* all numeric */
int j;
iarg = 0; larg = 0; barg = 0;
@@ -364,6 +376,9 @@
case ARG_BERVAL:
*(struct berval *)ptr = c->value_bv;
break;
+ case ARG_ATDESC:
+ *(AttributeDescription **)ptr = c->value_ad;
+ break;
}
return(0);
}
@@ -441,6 +456,8 @@
break;
case ARG_BERVAL:
ber_dupbv( &c->value_bv, (struct berval *)ptr ); break;
+ case ARG_ATDESC:
+ c->value_ad = *(AttributeDescription **)ptr; break;
}
}
if ( cf->arg_type & ARGS_TYPES) {
@@ -467,6 +484,13 @@
return 1;
}
break;
+ case ARG_ATDESC:
+ if ( c->value_ad ) {
+ bv = c->value_ad->ad_cname;
+ } else {
+ return 1;
+ }
+ break;
default:
bv.bv_val = NULL;
break;
Modified: openldap/vendor/openldap-release/servers/slapd/config.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/config.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* config.h - configuration abstraction structure */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.34.2.14 2009/02/13 03:16:59 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.34.2.15 2009/06/02 23:41:33 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -58,6 +58,7 @@
#define ARG_BERVAL 0x00006000
#define ARG_DN 0x00007000
#define ARG_UINT 0x00008000
+#define ARG_ATDESC 0x00009000
#define ARGS_SYNTAX 0xffff0000
#define ARG_IGNORED 0x00080000
@@ -140,6 +141,7 @@
struct berval vdn_dn;
struct berval vdn_ndn;
} v_dn;
+ AttributeDescription *v_ad;
} values;
/* return values for emit mode */
BerVarray rvalue_vals;
@@ -170,6 +172,7 @@
#define value_bv values.v_bv
#define value_dn values.v_dn.vdn_dn
#define value_ndn values.v_dn.vdn_ndn
+#define value_ad values.v_ad
int config_fp_parse_line(ConfigArgs *c);
Modified: openldap/vendor/openldap-release/servers/slapd/connection.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/connection.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/connection.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.358.2.24 2009/01/30 18:51:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.358.2.31 2009/06/28 19:41:27 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -53,18 +53,22 @@
static const char conn_lost_str[] = "connection lost";
/* structure state (protected by connections_mutex) */
-#define SLAP_C_UNINITIALIZED 0x00 /* MUST BE ZERO (0) */
-#define SLAP_C_UNUSED 0x01
-#define SLAP_C_USED 0x02
-#define SLAP_C_PENDING 0x03
+enum sc_struct_state {
+ SLAP_C_UNINITIALIZED = 0, /* MUST BE ZERO (0) */
+ SLAP_C_UNUSED,
+ SLAP_C_USED,
+ SLAP_C_PENDING
+};
/* connection state (protected by c_mutex ) */
-#define SLAP_C_INVALID 0x00 /* MUST BE ZERO (0) */
-#define SLAP_C_INACTIVE 0x01 /* zero threads */
-#define SLAP_C_ACTIVE 0x02 /* one or more threads */
-#define SLAP_C_BINDING 0x03 /* binding */
-#define SLAP_C_CLOSING 0x04 /* closing */
-#define SLAP_C_CLIENT 0x05 /* outbound client conn */
+enum sc_conn_state {
+ SLAP_C_INVALID = 0, /* MUST BE ZERO (0) */
+ SLAP_C_INACTIVE, /* zero threads */
+ SLAP_C_CLOSING, /* closing */
+ SLAP_C_ACTIVE, /* one or more threads */
+ SLAP_C_BINDING, /* binding */
+ SLAP_C_CLIENT /* outbound client conn */
+};
const char *
connection_state2str( int state )
@@ -72,9 +76,9 @@
switch( state ) {
case SLAP_C_INVALID: return "!";
case SLAP_C_INACTIVE: return "|";
+ case SLAP_C_CLOSING: return "C";
case SLAP_C_ACTIVE: return "";
case SLAP_C_BINDING: return "B";
- case SLAP_C_CLOSING: return "C";
case SLAP_C_CLIENT: return "L";
}
@@ -218,17 +222,23 @@
*/
int connections_timeout_idle(time_t now)
{
- int i = 0;
+ int i = 0, writers = 0;
int connindex;
Connection* c;
+ time_t old;
+ old = slapd_get_writetime();
+
for( c = connection_first( &connindex );
c != NULL;
c = connection_next( c, &connindex ) )
{
/* Don't timeout a slow-running request or a persistent
- * outbound connection */
- if( c->c_n_ops_executing || c->c_conn_state == SLAP_C_CLIENT ) {
+ * outbound connection. But if it has a writewaiter, see
+ * if the waiter has been there too long.
+ */
+ if(( c->c_n_ops_executing && !c->c_writewaiter)
+ || c->c_conn_state == SLAP_C_CLIENT ) {
continue;
}
@@ -237,9 +247,21 @@
connection_closing( c, "idletimeout" );
connection_close( c );
i++;
+ continue;
}
+ if ( c->c_writewaiter ) {
+ writers = 1;
+ if( difftime( c->c_activitytime+global_writetimeout, now) < 0 ) {
+ /* close it */
+ connection_closing( c, "writetimeout" );
+ connection_close( c );
+ i++;
+ }
+ }
}
connection_done( c );
+ if ( !writers )
+ slapd_clr_writetime( old );
return i;
}
@@ -677,19 +699,15 @@
}
}
-int connection_state_closing( Connection *c )
+int connection_valid( Connection *c )
{
/* c_mutex must be locked by caller */
- int state;
assert( c != NULL );
- assert( c->c_struct_state == SLAP_C_USED );
- state = c->c_conn_state;
-
- assert( state != SLAP_C_INVALID );
-
- return state == SLAP_C_CLOSING;
+ return c->c_struct_state == SLAP_C_USED &&
+ c->c_conn_state >= SLAP_C_ACTIVE &&
+ c->c_conn_state <= SLAP_C_CLIENT;
}
static void connection_abandon( Connection *c )
@@ -1003,7 +1021,7 @@
static void *
connection_operation( void *ctx, void *arg_v )
{
- int rc = LDAP_OTHER;
+ int rc = LDAP_OTHER, cancel;
Operation *op = arg_v;
SlapReply rs = {REP_RESULT};
ber_tag_t tag = op->o_tag;
@@ -1107,22 +1125,32 @@
INCR_OP_COMPLETED( opidx );
}
- if ( op->o_cancel == SLAP_CANCEL_REQ ) {
- if ( rc == SLAPD_ABANDON ) {
- op->o_cancel = SLAP_CANCEL_ACK;
- } else {
- op->o_cancel = LDAP_TOO_LATE;
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ if ( opidx == SLAP_OP_BIND && conn->c_conn_state == SLAP_C_BINDING )
+ conn->c_conn_state = SLAP_C_ACTIVE;
+
+ cancel = op->o_cancel;
+ if ( cancel != SLAP_CANCEL_NONE && cancel != SLAP_CANCEL_DONE ) {
+ if ( cancel == SLAP_CANCEL_REQ ) {
+ op->o_cancel = rc == SLAPD_ABANDON
+ ? SLAP_CANCEL_ACK : LDAP_TOO_LATE;
}
- }
- while ( op->o_cancel != SLAP_CANCEL_NONE &&
- op->o_cancel != SLAP_CANCEL_DONE )
- {
- ldap_pvt_thread_yield();
+ do {
+ /* Fake a cond_wait with thread_yield, then
+ * verify the result properly mutex-protected.
+ */
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ do {
+ ldap_pvt_thread_yield();
+ } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE
+ && cancel != SLAP_CANCEL_DONE );
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE
+ && cancel != SLAP_CANCEL_DONE );
}
- ldap_pvt_thread_mutex_lock( &conn->c_mutex );
-
ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
LDAP_STAILQ_REMOVE( &conn->c_ops, op, Operation, o_next);
@@ -1253,24 +1281,6 @@
return rc;
}
-void
-connection_hangup( ber_socket_t s )
-{
- Connection *c;
-
- c = connection_get( s );
- if ( c ) {
- if ( c->c_conn_state == SLAP_C_CLIENT ) {
- connection_return( c );
- connection_read_activate( s );
- } else {
- connection_closing( c, "connection lost" );
- connection_close( c );
- connection_return( c );
- }
- }
-}
-
static int
connection_read( ber_socket_t s, conn_readinfo *cri )
{
@@ -1527,6 +1537,9 @@
ctx = cri->ctx;
op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++, ctx );
+ Debug( LDAP_DEBUG_TRACE, "op tag 0x%lx, time %ld\n", tag,
+ (long) op->o_time, 0);
+
op->o_conn = conn;
/* clear state if the connection is being reused from inactive */
if ( conn->c_conn_state == SLAP_C_INACTIVE ) {
@@ -1712,8 +1725,6 @@
static int connection_bind_cb( Operation *op, SlapReply *rs )
{
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- if ( op->o_conn->c_conn_state == SLAP_C_BINDING )
- op->o_conn->c_conn_state = SLAP_C_ACTIVE;
op->o_conn->c_sasl_bind_in_progress =
( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
@@ -1966,6 +1977,8 @@
conn->c_send_ldap_result = slap_send_ldap_result;
conn->c_send_search_entry = slap_send_search_entry;
conn->c_send_search_reference = slap_send_search_reference;
+ conn->c_send_ldap_extended = slap_send_ldap_extended;
+ conn->c_send_ldap_intermediate = slap_send_ldap_intermediate;
conn->c_listener = (Listener *)&dummy_list;
conn->c_peer_domain = slap_empty_bv;
conn->c_peer_name = slap_empty_bv;
Modified: openldap/vendor/openldap-release/servers/slapd/controls.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/controls.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/controls.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.174.2.18 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.174.2.19 2009/04/29 01:55:17 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -539,6 +539,37 @@
op->o_tmpfree( ctrls, op->o_tmpmemctx );
}
+int slap_add_ctrls(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl **ctrls )
+{
+ int i = 0, j;
+ LDAPControl **ctrlsp;
+
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[ i ]; i++ ) ;
+ }
+
+ for ( j=0; ctrls[j]; j++ ) ;
+
+ ctrlsp = op->o_tmpalloc(( i+j+1 )*sizeof(LDAPControl *), op->o_tmpmemctx );
+ i = 0;
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[i]; i++ )
+ ctrlsp[i] = rs->sr_ctrls[i];
+ }
+ for ( j=0; ctrls[j]; j++)
+ ctrlsp[i++] = ctrls[j];
+ ctrlsp[i] = NULL;
+
+ if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED )
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = ctrlsp;
+ rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+ return i;
+}
+
int slap_parse_ctrl(
Operation *op,
SlapReply *rs,
Modified: openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ctxcsn.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/ctxcsn.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ctxcsn.c -- Context CSN Management Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.40.2.12 2009/02/17 00:06:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.40.2.14 2009/03/13 19:53:40 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -26,8 +26,6 @@
#include "slap.h"
#include "lutil_ldap.h"
-const struct berval slap_ldapsync_bv = BER_BVC("ldapsync");
-const struct berval slap_ldapsync_cn_bv = BER_BVC("cn=ldapsync");
int slap_serverID;
/* maxcsn->bv_val must point to a char buf[LDAP_LUTIL_CSNSTR_BUFSIZE] */
@@ -40,6 +38,7 @@
{
struct slap_csn_entry *csne, *committed_csne = NULL;
BackendDB *be = op->o_bd->bd_self;
+ int sid = -1;
if ( maxcsn ) {
assert( maxcsn->bv_val != NULL );
@@ -51,6 +50,10 @@
ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
+ if ( !BER_BVISEMPTY( &op->o_csn )) {
+ sid = slap_parse_csn_sid( &op->o_csn );
+ }
+
LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
csne->ce_state = SLAP_CSN_COMMIT;
@@ -60,8 +63,10 @@
}
LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
- if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
- if ( csne->ce_state == SLAP_CSN_PENDING ) break;
+ if ( sid != -1 && sid == csne->ce_sid ) {
+ if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
+ if ( csne->ce_state == SLAP_CSN_PENDING ) break;
+ }
}
if ( maxcsn ) {
@@ -128,46 +133,6 @@
return;
}
-static struct berval ocbva[] = {
- BER_BVC("top"),
- BER_BVC("subentry"),
- BER_BVC("syncProviderSubentry"),
- BER_BVNULL
-};
-
-Entry *
-slap_create_context_csn_entry(
- Backend *be,
- struct berval *context_csn )
-{
- Entry* e;
-
- struct berval bv;
-
- e = entry_alloc();
-
- attr_merge( e, slap_schema.si_ad_objectClass,
- ocbva, NULL );
- attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
- &ocbva[1], NULL );
- attr_merge_one( e, slap_schema.si_ad_cn,
- (struct berval *)&slap_ldapsync_bv, NULL );
-
- if ( context_csn ) {
- attr_merge_one( e, slap_schema.si_ad_contextCSN,
- context_csn, NULL );
- }
-
- BER_BVSTR( &bv, "{}" );
- attr_merge_one( e, slap_schema.si_ad_subtreeSpecification, &bv, NULL );
-
- build_new_dn( &e->e_name, &be->be_nsuffix[0],
- (struct berval *)&slap_ldapsync_cn_bv, NULL );
- ber_dupbv( &e->e_nname, &e->e_name );
-
- return e;
-}
-
void
slap_queue_csn(
Operation *op,
@@ -185,6 +150,7 @@
ber_dupbv( &pending->ce_csn, csn );
ber_bvreplace_x( &op->o_csn, &pending->ce_csn, op->o_tmpmemctx );
+ pending->ce_sid = slap_parse_csn_sid( csn );
pending->ce_connid = op->o_connid;
pending->ce_opid = op->o_opid;
pending->ce_state = SLAP_CSN_PENDING;
Modified: openldap/vendor/openldap-release/servers/slapd/daemon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/daemon.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/daemon.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.380.2.22 2009/02/13 02:35:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.380.2.30 2009/07/06 22:25:50 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -86,6 +86,8 @@
;
static int emfile;
+static time_t chk_writetime;
+
static volatile int waking;
#ifdef NO_THREADS
#define WAKE_LISTENER(w) do { \
@@ -537,6 +539,7 @@
slap_daemon.sd_flags = (char *)(slapd_ws_sockets + dtblsize); \
slap_daemon.sd_rflags = slap_daemon.sd_flags + dtblsize; \
memset( slapd_ws_sockets, -1, dtblsize * sizeof(SOCKET) ); \
+ memset( slap_daemon.sd_flags, 0, dtblsize ); \
slapd_ws_sockets[0] = wake_sds[0]; \
slapd_ws_sockets[1] = wake_sds[1]; \
wake_sds[0] = 0; \
@@ -684,16 +687,16 @@
for ( i = 0; slapd_srvurls[i] != NULL; i++ ) {
if ( strcmp( slapd_srvurls[i], "ldap:///" ) == 0 ) {
slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
- strlen( global_host ) +
+ global_host_bv.bv_len +
sizeof( LDAP_SRVTYPE_PREFIX ) );
strcpy( lutil_strcopy(slapd_srvurls[i],
- LDAP_SRVTYPE_PREFIX ), global_host );
+ LDAP_SRVTYPE_PREFIX ), global_host_bv.bv_val );
} else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0 ) {
slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
- strlen( global_host ) +
+ global_host_bv.bv_len +
sizeof( LDAPS_SRVTYPE_PREFIX ) );
strcpy( lutil_strcopy(slapd_srvurls[i],
- LDAPS_SRVTYPE_PREFIX ), global_host );
+ LDAPS_SRVTYPE_PREFIX ), global_host_bv.bv_val );
}
}
@@ -954,6 +957,9 @@
SLAP_SOCK_SET_WRITE( s );
slap_daemon.sd_nwriters++;
}
+ if (( wake & 2 ) && global_writetimeout && !chk_writetime ) {
+ chk_writetime = slap_get_time();
+ }
ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
WAKE_LISTENER(wake);
@@ -987,6 +993,25 @@
WAKE_LISTENER(wake);
}
+time_t
+slapd_get_writetime()
+{
+ time_t cur;
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+ cur = chk_writetime;
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+ return cur;
+}
+
+void
+slapd_clr_writetime( time_t old )
+{
+ ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+ if ( chk_writetime == old )
+ chk_writetime = 0;
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+}
+
static void
slapd_close( ber_socket_t s )
{
@@ -1453,7 +1478,7 @@
* create/unlink the socket; likely need exec perms to access
* the socket (ITS#4709) */
{
- mode_t old_umask;
+ mode_t old_umask = 0;
if ( (*sal)->sa_family == AF_LOCAL ) {
old_umask = umask( 0 );
@@ -1461,7 +1486,7 @@
#endif /* LDAP_PF_LOCAL */
rc = bind( s, *sal, addrlen );
#ifdef LDAP_PF_LOCAL
- if ( (*sal)->sa_family == AF_LOCAL ) {
+ if ( old_umask != 0 ) {
umask( old_umask );
}
}
@@ -1646,7 +1671,8 @@
{
connections_destroy();
#ifdef HAVE_WINSOCK
- if ( wake_sds[1] != INVALID_SOCKET && wake_sds[1] != wake_sds[0] )
+ if ( wake_sds[1] != INVALID_SOCKET &&
+ SLAP_FD2SOCK( wake_sds[1] ) != SLAP_FD2SOCK( wake_sds[0] ))
#endif /* HAVE_WINSOCK */
tcp_close( SLAP_FD2SOCK(wake_sds[1]) );
#ifdef HAVE_WINSOCK
@@ -2033,24 +2059,12 @@
{
int l;
time_t last_idle_check = 0;
- struct timeval idle;
int ebadf = 0;
#define SLAPD_IDLE_CHECK_LIMIT 4
if ( global_idletimeout > 0 ) {
last_idle_check = slap_get_time();
- /* Set the select timeout.
- * Don't just truncate, preserve the fractions of
- * seconds to prevent sleeping for zero time.
- */
- idle.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
- idle.tv_usec = global_idletimeout - \
- ( idle.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
- idle.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
- } else {
- idle.tv_sec = 0;
- idle.tv_usec = 0;
}
slapd_add( wake_sds[0], 0, NULL );
@@ -2155,14 +2169,34 @@
now = slap_get_time();
- if ( ( global_idletimeout > 0 ) &&
- difftime( last_idle_check +
- global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 )
- {
- connections_timeout_idle( now );
- last_idle_check = now;
+ if ( global_idletimeout > 0 || chk_writetime ) {
+ int check = 0;
+ /* Set the select timeout.
+ * Don't just truncate, preserve the fractions of
+ * seconds to prevent sleeping for zero time.
+ */
+ if ( chk_writetime ) {
+ tv.tv_sec = global_writetimeout;
+ tv.tv_usec = 0;
+ if ( difftime( chk_writetime, now ) < 0 )
+ check = 2;
+ } else {
+ tv.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
+ tv.tv_usec = global_idletimeout - \
+ ( tv.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
+ tv.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
+ if ( difftime( last_idle_check +
+ global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 )
+ check = 1;
+ }
+ if ( check ) {
+ connections_timeout_idle( now );
+ last_idle_check = now;
+ }
+ } else {
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
}
- tv = idle;
#ifdef SIGHUP
if ( slapd_gentle_shutdown ) {
@@ -2211,7 +2245,7 @@
nfds = SLAP_EVENT_MAX;
- if ( global_idletimeout && slap_daemon.sd_nactives ) at = 1;
+ if (( chk_writetime || global_idletimeout ) && slap_daemon.sd_nactives ) at = 1;
ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
@@ -2495,7 +2529,7 @@
#endif /* LDAP_DEBUG */
for ( i = 0; i < ns; i++ ) {
- int rc = 1, fd, w = 0;
+ int rc = 1, fd, w = 0, r = 0;
if ( SLAP_EVENT_IS_LISTENER( i ) ) {
rc = slap_listener_activate( SLAP_EVENT_LISTENER( i ) );
@@ -2535,24 +2569,25 @@
}
}
/* If event is a read */
- if ( SLAP_EVENT_IS_READ( i ) ) {
+ if ( SLAP_EVENT_IS_READ( i ))
+ r = 1;
+ if ( r || !w ) {
Debug( LDAP_DEBUG_CONNS,
"daemon: read active on %d\n",
fd, 0, 0 );
- SLAP_EVENT_CLR_READ( i );
- connection_read_activate( fd );
- } else if ( !w ) {
- Debug( LDAP_DEBUG_CONNS,
- "daemon: hangup on %d\n", fd, 0, 0 );
- if ( SLAP_SOCK_IS_ACTIVE( fd )) {
+ if ( r ) {
+ SLAP_EVENT_CLR_READ( i );
+ } else {
#ifdef HAVE_EPOLL
/* Don't keep reporting the hangup
*/
- SLAP_EPOLL_SOCK_SET( fd, EPOLLET );
+ if ( SLAP_SOCK_IS_ACTIVE( fd )) {
+ SLAP_EPOLL_SOCK_SET( fd, EPOLLET );
+ }
#endif
- connection_hangup( fd );
}
+ connection_read_activate( fd );
}
}
}
@@ -2727,6 +2762,8 @@
RETSIGTYPE
slap_sig_shutdown( int sig )
{
+ int save_errno = errno;
+
#if 0
Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: signal %d\n", sig, 0, 0);
#endif
@@ -2755,15 +2792,21 @@
/* reinstall self */
(void) SIGNAL_REINSTALL( sig, slap_sig_shutdown );
+
+ errno = save_errno;
}
RETSIGTYPE
slap_sig_wake( int sig )
{
+ int save_errno = errno;
+
WAKE_LISTENER(1);
/* reinstall self */
(void) SIGNAL_REINSTALL( sig, slap_sig_wake );
+
+ errno = save_errno;
}
Modified: openldap/vendor/openldap-release/servers/slapd/dn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/dn.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/dn.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* dn.c - routines for dealing with distinguished names */
-/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.11 2009/02/23 02:12:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.12 2009/04/28 00:52:05 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -220,10 +220,7 @@
/*
* AVA sorting inside a RDN
*
- * rule: sort attributeTypes in alphabetical order; in case of multiple
- * occurrences of the same attributeType, sort values in byte order
- * (use memcmp, which implies alphabetical order in case of IA5 value;
- * this should guarantee the repeatability of the operation).
+ * Rule: sort attributeTypes in alphabetical order.
*
* Note: the sorting can be slightly improved by sorting first
* by attribute type length, then by alphabetical order.
Modified: openldap/vendor/openldap-release/servers/slapd/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/entry.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/entry.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* entry.c - routines for dealing with entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.148.2.9 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.148.2.10 2009/05/01 19:37:13 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -732,6 +732,7 @@
Debug( LDAP_DEBUG_TRACE, "=> entry_encode(0x%08lx): %s\n",
(long) e->e_id, e->e_dn, 0 );
+
dnlen = e->e_name.bv_len;
ndnlen = e->e_nname.bv_len;
@@ -782,6 +783,10 @@
}
}
}
+
+ Debug( LDAP_DEBUG_TRACE, "<= entry_encode(0x%08lx): %s\n",
+ (long) e->e_id, e->e_dn, 0 );
+
return 0;
}
Modified: openldap/vendor/openldap-release/servers/slapd/filterentry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filterentry.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/filterentry.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* filterentry.c - apply a filter to an entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.104.2.6 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.104.2.7 2009/06/02 23:09:42 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -546,7 +546,7 @@
if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& op && op->o_bd && op->o_bd->be_has_subordinates )
{
- int hasSubordinates;
+ int hasSubordinates = 0;
struct berval hs;
if( type != LDAP_FILTER_EQUALITY &&
Modified: openldap/vendor/openldap-release/servers/slapd/ldapsync.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ldapsync.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/ldapsync.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldapsync.c -- LDAP Content Sync Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.32.2.8 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.32.2.11 2009/07/08 03:29:16 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -176,7 +176,7 @@
char *csn_str;
char *cval;
char *next, *end;
- AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
+ AttributeDescription *ad = slap_schema.si_ad_entryCSN;
if ( cookie == NULL )
return -1;
@@ -230,13 +230,11 @@
continue;
}
if ( !strncmp( next, "csn=", STRLENOF("csn=") )) {
- slap_syntax_validate_func *validate;
struct berval stamp;
next += STRLENOF("csn=");
while ( next < end ) {
csn_str = next;
- /* FIXME use csnValidate when it gets implemented */
csn_ptr = strchr( csn_str, '#' );
if ( !csn_ptr || csn_ptr > end )
break;
@@ -244,14 +242,6 @@
* want to parse the rid then. But we still iterate
* through the string to find the end.
*/
- if ( ad ) {
- stamp.bv_val = csn_str;
- stamp.bv_len = csn_ptr - csn_str;
- validate = ad->ad_type->sat_syntax->ssyn_validate;
- if ( validate( ad->ad_type->sat_syntax, &stamp )
- != LDAP_SUCCESS )
- break;
- }
cval = strchr( csn_ptr, ';' );
if ( !cval )
cval = strchr(csn_ptr, ',' );
@@ -261,7 +251,16 @@
stamp.bv_len = end - csn_str;
if ( ad ) {
struct berval bv;
- ber_dupbv_x( &bv, &stamp, memctx );
+ stamp.bv_val = csn_str;
+ if ( ad->ad_type->sat_syntax->ssyn_validate(
+ ad->ad_type->sat_syntax, &stamp ) != LDAP_SUCCESS )
+ break;
+ if ( ad->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ ad->ad_type->sat_syntax,
+ ad->ad_type->sat_equality,
+ &stamp, &bv, memctx ) != LDAP_SUCCESS )
+ break;
ber_bvarray_add_x( &cookie->ctxcsn, &bv, memctx );
cookie->numcsns++;
}
Modified: openldap/vendor/openldap-release/servers/slapd/limits.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/limits.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/limits.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* limits.c - routines to handle regex-based size and time limits */
-/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.73.2.10 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.73.2.11 2009/06/02 23:03:46 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -1325,6 +1325,19 @@
}
void
+limits_free_one(
+ struct slap_limits *lm )
+{
+ if ( ( lm->lm_flags & SLAP_LIMITS_MASK ) == SLAP_LIMITS_REGEX )
+ regfree( &lm->lm_regex );
+
+ if ( !BER_BVISNULL( &lm->lm_pat ) )
+ ch_free( lm->lm_pat.bv_val );
+
+ ch_free( lm );
+}
+
+void
limits_destroy(
struct slap_limits **lm )
{
@@ -1335,13 +1348,7 @@
}
for ( i = 0; lm[ i ]; i++ ) {
- if ( (lm[ i ]->lm_flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX )
- regfree( &lm[ i ]->lm_regex );
-
- if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) )
- ch_free( lm[ i ]->lm_pat.bv_val );
-
- ch_free( lm[ i ] );
+ limits_free_one( lm[ i ] );
}
ch_free( lm );
Modified: openldap/vendor/openldap-release/servers/slapd/main.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/main.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/main.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.239.2.16 2009/02/06 01:03:12 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.239.2.19 2009/06/02 23:39:54 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -65,7 +65,7 @@
typedef int (MainFunc) LDAP_P(( int argc, char *argv[] ));
extern MainFunc slapadd, slapcat, slapdn, slapindex, slappasswd,
- slaptest, slapauth, slapacl;
+ slaptest, slapauth, slapacl, slapschema;
static struct {
char *name;
@@ -76,6 +76,7 @@
{"slapdn", slapdn},
{"slapindex", slapindex},
{"slappasswd", slappasswd},
+ {"slapschema", slapschema},
{"slaptest", slaptest},
{"slapauth", slapauth},
{"slapacl", slapacl},
@@ -699,6 +700,7 @@
Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
global_host = ldap_pvt_get_fqdn( NULL );
+ ber_str2bv( global_host, 0, 0, &global_host_bv );
if( check == CHECK_NONE && slapd_daemon_init( urls ) != 0 ) {
rc = 1;
@@ -1056,13 +1058,12 @@
int save_errno = errno;
#ifdef WNOHANG
- errno = 0;
+ do
+ errno = 0;
#ifdef HAVE_WAITPID
- while ( waitpid( (pid_t)-1, NULL, WNOHANG ) > 0 || errno == EINTR )
- ; /* NULL */
+ while ( waitpid( (pid_t)-1, NULL, WNOHANG ) > 0 || errno == EINTR );
#else
- while ( wait3( NULL, WNOHANG, NULL ) > 0 || errno == EINTR )
- ; /* NULL */
+ while ( wait3( NULL, WNOHANG, NULL ) > 0 || errno == EINTR );
#endif
#else
(void) wait( NULL );
@@ -1072,4 +1073,3 @@
}
#endif /* LDAP_SIGCHLD */
-
Modified: openldap/vendor/openldap-release/servers/slapd/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modify.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/modify.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.276.2.11 2009/01/30 19:07:40 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.276.2.12 2009/03/05 18:16:29 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -808,7 +808,7 @@
}
}
done:
- if ( i >= 0 )
+ if ( match == 0 && i >= 0 )
*dup = ix[i];
/* For sorted attributes, put the values in index order */
Modified: openldap/vendor/openldap-release/servers/slapd/module.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/module.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/module.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.29.2.4 2009/01/22 00:01:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.29.2.6 2009/04/29 00:35:33 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -119,7 +119,7 @@
int module_load(const char* file_name, int argc, char *argv[])
{
- module_loaded_t *module = NULL;
+ module_loaded_t *module;
const char *error;
int rc;
MODULE_INIT_FN initialize;
@@ -129,6 +129,38 @@
#define file file_name
#endif
+ module = module_handle( file_name );
+ if ( module ) {
+ Debug( LDAP_DEBUG_ANY, "module_load: (%s) already loaded\n",
+ file_name, 0, 0 );
+ return -1;
+ }
+
+ /* If loading a backend, see if we already have it */
+ if ( !strncasecmp( file_name, "back_", 5 )) {
+ char *name = (char *)file_name + 5;
+ char *dot = strchr( name, '.');
+ if (dot) *dot = '\0';
+ rc = backend_info( name ) != NULL;
+ if (dot) *dot = '.';
+ if ( rc ) {
+ Debug( LDAP_DEBUG_CONFIG, "module_load: (%s) already present (static)\n",
+ file_name, 0, 0 );
+ return 0;
+ }
+ } else {
+ /* check for overlays too */
+ char *dot = strchr( file_name, '.' );
+ if ( dot ) *dot = '\0';
+ rc = overlay_find( file_name ) != NULL;
+ if ( dot ) *dot = '.';
+ if ( rc ) {
+ Debug( LDAP_DEBUG_CONFIG, "module_load: (%s) already present (static)\n",
+ file_name, 0, 0 );
+ return 0;
+ }
+ }
+
module = (module_loaded_t *)ch_calloc(1, sizeof(module_loaded_t) +
strlen(file_name));
if (module == NULL) {
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* accesslog.c - log operations for audit/history purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.37.2.22 2009/01/27 20:09:02 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.37.2.23 2009/03/05 18:26:47 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2009 The OpenLDAP Foundation.
@@ -1551,22 +1551,24 @@
i += a->a_numvals;
}
}
- vals = ch_malloc( (i + 1) * sizeof( struct berval ) );
- i = 0;
- for ( a=old->e_attrs; a; a=a->a_next ) {
- if ( a->a_vals && a->a_flags ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
- accesslog_val2val( a->a_desc, b, 0, &vals[i] );
+ if ( i ) {
+ vals = ch_malloc( (i + 1) * sizeof( struct berval ) );
+ i = 0;
+ for ( a=old->e_attrs; a; a=a->a_next ) {
+ if ( a->a_vals && a->a_flags ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
+ accesslog_val2val( a->a_desc, b, 0, &vals[i] );
+ }
}
}
+ vals[i].bv_val = NULL;
+ vals[i].bv_len = 0;
+ a = attr_alloc( ad_reqOld );
+ a->a_numvals = i;
+ a->a_vals = vals;
+ a->a_nvals = vals;
+ last_attr->a_next = a;
}
- vals[i].bv_val = NULL;
- vals[i].bv_len = 0;
- a = attr_alloc( ad_reqOld );
- a->a_numvals = i;
- a->a_vals = vals;
- a->a_nvals = vals;
- last_attr->a_next = a;
}
if ( logop == LOG_EN_MODIFY ) {
break;
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/collect.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/collect.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* collect.c - Demonstration of overlay code */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.5.2.8 2009/01/22 00:01:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.5.2.10 2009/06/19 21:51:22 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -49,6 +49,28 @@
AttributeDescription *ci_ad[1];
} collect_info;
+static int collect_cf( ConfigArgs *c );
+
+static ConfigTable collectcfg[] = {
+ { "collectinfo", "dn> <attribute", 3, 3, 0,
+ ARG_MAGIC, collect_cf,
+ "( OLcfgOvAt:19.1 NAME 'olcCollectInfo' "
+ "DESC 'DN of entry and attribute to distribute' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs collectocs[] = {
+ { "( OLcfgOvOc:19.1 "
+ "NAME 'olcCollectConfig' "
+ "DESC 'Collective Attribute configuration' "
+ "SUP olcOverlayConfig "
+ "MAY olcCollectInfo )",
+ Cft_Overlay, collectcfg },
+ { NULL, 0, NULL }
+};
+
/*
* inserts a collect_info into on->on_bi.bi_private taking into account
* order. this means longer dn's (i.e. more specific dn's) will be found
@@ -72,7 +94,7 @@
ci->ci_next = NULL;
}
found = 1;
- } else if (find->ci_dn.bv_len <= ci->ci_dn.bv_len) {
+ } else if (find->ci_dn.bv_len < ci->ci_dn.bv_len) {
/* insert into list here */
if (prev == NULL) {
/* entry is head of list */
@@ -151,7 +173,11 @@
collect_info **cip, *ci;
int i;
cip = (collect_info **)&on->on_bi.bi_private;
- for ( i=0; i <= c->valx; i++, cip = &ci->ci_next ) ci = *cip;
+ ci = *cip;
+ for ( i=0; i < c->valx; i++ ) {
+ cip = &ci->ci_next;
+ ci = *cip;
+ }
*cip = ci->ci_next;
ch_free( ci->ci_dn.bv_val );
ch_free( ci );
@@ -174,10 +200,6 @@
arg = strtok(NULL, ",");
}
- /* allocate config info with room for attribute array */
- ci = ch_malloc( sizeof( collect_info ) +
- sizeof( AttributeDescription * ) * count );
-
/* validate and normalize dn */
ber_str2bv( c->argv[1], 0, 0, &bv );
if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) {
@@ -188,6 +210,30 @@
return ARG_BAD_CONF;
}
+ /* check for duplicate DNs */
+ for ( ci = (collect_info *)on->on_bi.bi_private; ci;
+ ci = ci->ci_next ) {
+ /* If new DN is longest, there are no possible matches */
+ if ( dn.bv_len > ci->ci_dn.bv_len ) {
+ ci = NULL;
+ break;
+ }
+ if ( bvmatch( &dn, &ci->ci_dn )) {
+ break;
+ }
+ }
+ if ( ci ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s DN already configured: \"%s\"",
+ c->argv[0], c->argv[1] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->cr_msg, 0 );
+ return ARG_BAD_CONF;
+ }
+
+ /* allocate config info with room for attribute array */
+ ci = ch_malloc( sizeof( collect_info ) +
+ sizeof( AttributeDescription * ) * count );
+
/* load attribute description for attribute list */
arg = c->argv[2];
for( idx=0; idx<count; idx++) {
@@ -199,6 +245,7 @@
c->argv[0], arg);
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
+ ch_free( ci );
return ARG_BAD_CONF;
}
while(*arg!='\0') {
@@ -219,31 +266,34 @@
/* creates list of ci's ordered by dn length */
insert_ordered ( on, ci );
+ /* New ci wasn't simply appended to end, adjust its
+ * position in the config entry's a_vals
+ */
+ if ( c->ca_entry && ci->ci_next ) {
+ Attribute *a = attr_find( c->ca_entry->e_attrs,
+ collectcfg[0].ad );
+ if ( a ) {
+ struct berval bv, nbv;
+ collect_info *c2 = (collect_info *)on->on_bi.bi_private;
+ int i, j;
+ for ( i=0; c2 != ci; i++, c2 = c2->ci_next );
+ bv = a->a_vals[a->a_numvals-1];
+ nbv = a->a_nvals[a->a_numvals-1];
+ for ( j=a->a_numvals-1; j>i; j-- ) {
+ a->a_vals[j] = a->a_vals[j-1];
+ a->a_nvals[j] = a->a_nvals[j-1];
+ }
+ a->a_vals[j] = bv;
+ a->a_nvals[j] = nbv;
+ }
+ }
+
rc = 0;
}
}
return rc;
}
-static ConfigTable collectcfg[] = {
- { "collectinfo", "dn> <attribute", 3, 3, 0,
- ARG_MAGIC, collect_cf,
- "( OLcfgOvAt:19.1 NAME 'olcCollectInfo' "
- "DESC 'DN of entry and attribute to distribute' "
- "SYNTAX OMsDirectoryString )", NULL, NULL },
- { NULL, NULL, 0, 0, 0, ARG_IGNORED }
-};
-
-static ConfigOCs collectocs[] = {
- { "( OLcfgOvOc:19.1 "
- "NAME 'olcCollectConfig' "
- "DESC 'Collective Attribute configuration' "
- "SUP olcOverlayConfig "
- "MAY olcCollectInfo )",
- Cft_Overlay, collectcfg },
- { NULL, 0, NULL }
-};
-
static int
collect_destroy(
BackendDB *be,
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dds.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dds.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dds.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dds.c,v 1.7.2.11 2009/01/22 00:01:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dds.c,v 1.7.2.12 2009/06/11 18:21:52 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2009 The OpenLDAP Foundation.
@@ -243,10 +243,9 @@
de->de_ndn.bv_val, rs.sr_err );
break;
}
-
+
if ( de != NULL ) {
*dep = de->de_next;
- dep = &de->de_next;
op->o_tmpfree( de, op->o_tmpmemctx );
}
}
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/deref.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/deref.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/deref.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* deref.c - dereference overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/deref.c,v 1.7.2.3 2009/01/22 00:01:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/deref.c,v 1.7.2.4 2009/04/29 01:55:18 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -290,7 +290,7 @@
struct berval bv = BER_BVNULL;
int nDerefRes = 0, nDerefVals = 0, nAttrs = 0, nVals = 0;
struct berval ctrlval;
- LDAPControl *ctrl, **ctrlsp;
+ LDAPControl *ctrl, *ctrlsp[2];
AccessControlState acl_state = ACL_STATE_INIT;
static char dummy = '\0';
Entry *ebase;
@@ -471,26 +471,9 @@
ber_free_buf( ber );
- i = 0;
- if ( rs->sr_ctrls ) {
- for ( ; rs->sr_ctrls[ i ] != NULL; i++ )
- /* count'em */ ;
- }
- i += 2;
- ctrlsp = op->o_tmpcalloc( i, sizeof(LDAPControl *), op->o_tmpmemctx );
- i = 0;
- if ( rs->sr_ctrls != NULL ) {
- for ( ; rs->sr_ctrls[ i ] != NULL; i++ ) {
- ctrlsp[ i ] = rs->sr_ctrls[ i ];
- }
- }
- ctrlsp[ i++ ] = ctrl;
- ctrlsp[ i++ ] = NULL;
- if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
- op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
- }
- rs->sr_ctrls = ctrlsp;
- rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+ ctrlsp[0] = ctrl;
+ ctrlsp[1] = NULL;
+ slap_add_ctrls( op, rs, ctrlsp );
rc = SLAP_CB_CONTINUE;
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* dynlist.c - dynamic list overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.20.2.26 2009/02/17 19:14:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.20.2.27 2009/03/05 23:00:00 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -1262,8 +1262,8 @@
}
*ptr++ = ' ';
- ptr = lutil_strncopy( ptr, dli->dli_oc->soc_cname.bv_val,
- dli->dli_oc->soc_cname.bv_len );
+ ptr = lutil_strncopy( ptr, dli->dli_ad->ad_cname.bv_val,
+ dli->dli_ad->ad_cname.bv_len );
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
ptr[ 0 ] = ' ';
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.88.2.32 2009/02/19 00:28:24 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.88.2.34 2009/06/16 19:13:09 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -1175,6 +1175,8 @@
{
free(qc->q_uuid.bv_val);
filter_free(qc->filter);
+ ldap_pvt_thread_rdwr_destroy( &qc->rwlock );
+ memset(qc, 0, sizeof(*qc));
free(qc);
}
@@ -1264,6 +1266,7 @@
new_cached_query = find_filter( op, qbase->scopes[query->scope],
query->filter, first );
filter_free( query->filter );
+ query->filter = NULL;
}
Debug( pcache_debug, "TEMPLATE %p QUERIES++ %d\n",
(void *) templ, templ->no_of_queries, 0 );
@@ -2396,8 +2399,6 @@
op->o_tmpfree( tempstr.bv_val, op->o_tmpmemctx );
if (answerable) {
- /* Need to clear the callbacks of the original operation,
- * in case there are other overlays */
BackendDB *save_bd = op->o_bd;
slap_callback *save_cb = op->o_callback;
@@ -2410,7 +2411,12 @@
send_ldap_result( op, rs );
} else {
op->o_bd = &cm->db;
- op->o_callback = NULL;
+ if ( cm->response_cb == PCACHE_RESPONSE_CB_TAIL ) {
+ /* The cached entry was already processed by any
+ * other overlays, so don't let it get processed again.
+ */
+ op->o_callback = NULL;
+ }
i = cm->db.bd_info->bi_op_search( op, rs );
}
ldap_pvt_thread_rdwr_runlock(&answerable->rwlock);
@@ -2750,7 +2756,8 @@
/* FIXME: should not hardcode "olcDatabase" here */
bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ),
- "olcDatabase=%s", cm->db.bd_info->bi_type );
+ "olcDatabase=" SLAP_X_ORDERED_FMT "%s",
+ 0, cm->db.bd_info->bi_type );
if ( bv.bv_len >= sizeof( ca->cr_msg ) ) {
return -1;
}
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.20 2009/01/22 00:01:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.27 2009/07/01 21:01:41 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2009 The OpenLDAP Foundation.
@@ -50,6 +50,7 @@
struct berval def_policy; /* DN of default policy subentry */
int use_lockout; /* send AccountLocked result? */
int hash_passwords; /* transparently hash cleartext pwds */
+ int forward_updates; /* use frontend for policy state updates */
} pp_info;
/* Our per-connection info - note, it is not per-instance, it is
@@ -224,6 +225,12 @@
"( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
"DESC 'Hash passwords on add or modify' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "ppolicy_forward_updates", "on|off", 1, 2, 0,
+ ARG_ON_OFF|ARG_OFFSET,
+ (void *)offsetof(pp_info,forward_updates),
+ "( OLcfgOvAt:12.4 NAME 'olcPPolicyForwardUpdates' "
+ "DESC 'Allow policy state updates to be forwarded via updateref' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
(void *)offsetof(pp_info,use_lockout),
@@ -239,7 +246,7 @@
"DESC 'Password Policy configuration' "
"SUP olcOverlayConfig "
"MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
- "olcPPolicyUseLockout ) )",
+ "olcPPolicyUseLockout $ olcPPolicyForwardUpdates ) )",
Cft_Overlay, ppolicycfg },
{ NULL, 0, NULL }
};
@@ -317,6 +324,9 @@
assert(mod != NULL);
+ if ( !pp->pwdLockout )
+ return 0;
+
if ( (la = attr_find( e->e_attrs, ad_pwdAccountLockedTime )) != NULL ) {
BerVarray vals = la->a_nvals;
@@ -574,7 +584,7 @@
}
static int
-check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyError *err, Entry *e )
+check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyError *err, Entry *e, char **txt )
{
int rc = LDAP_SUCCESS, ok = LDAP_SUCCESS;
char *ptr = cred->bv_val;
@@ -582,7 +592,10 @@
assert( cred != NULL );
assert( pp != NULL );
+ assert( txt != NULL );
+ *txt = NULL;
+
if ((cred->bv_len == 0) || (pp->pwdMinLength > cred->bv_len)) {
rc = LDAP_CONSTRAINT_VIOLATION;
if ( err ) *err = PP_passwordTooShort;
@@ -633,6 +646,11 @@
pp->pwdCheckModule, err, 0 );
ok = LDAP_OTHER; /* internal error */
} else {
+ /* FIXME: the error message ought to be passed thru a
+ * struct berval, with preallocated buffer and size
+ * passed in. Module can still allocate a buffer for
+ * it if the provided one is too small.
+ */
int (*prog)( char *passwd, char **text, Entry *ent );
if ((prog = lt_dlsym( mod, "check_password" )) == NULL) {
@@ -643,16 +661,13 @@
pp->pwdCheckModule, err, 0 );
ok = LDAP_OTHER;
} else {
- char *txt = NULL;
-
ldap_pvt_thread_mutex_lock( &chk_syntax_mutex );
- ok = prog( cred->bv_val, &txt, e );
+ ok = prog( ptr, txt, e );
ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex );
if (ok != LDAP_SUCCESS) {
Debug(LDAP_DEBUG_ANY,
"check_password_quality: module error: (%s) %s.[%d]\n",
- pp->pwdCheckModule, txt ? txt : "", ok );
- free(txt);
+ pp->pwdCheckModule, *txt ? *txt : "", ok );
}
}
@@ -1115,17 +1130,36 @@
Operation op2 = *op;
SlapReply r2 = { REP_RESULT };
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+ pp_info *pi = on->on_bi.bi_private;
+ LDAPControl c, *ca[2];
- /* FIXME: Need to handle replication of some (but not all)
- * of the operational attributes...
- */
op2.o_tag = LDAP_REQ_MODIFY;
op2.o_callback = &cb;
op2.orm_modlist = mod;
op2.o_dn = op->o_bd->be_rootdn;
op2.o_ndn = op->o_bd->be_rootndn;
- op2.o_bd->bd_info = (BackendInfo *)on->on_info;
- rc = op->o_bd->be_modify( &op2, &r2 );
+
+ /* If this server is a shadow and forward_updates is true,
+ * use the frontend to perform this modify. That will trigger
+ * the update referral, which can then be forwarded by the
+ * chain overlay. Obviously the updateref and chain overlay
+ * must be configured appropriately for this to be useful.
+ */
+ if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates ) {
+ op2.o_bd = frontendDB;
+
+ /* Must use Relax control since these are no-user-mod */
+ op2.o_relax = SLAP_CONTROL_CRITICAL;
+ op2.o_ctrls = ca;
+ ca[0] = &c;
+ ca[1] = NULL;
+ BER_BVZERO( &c.ldctl_value );
+ c.ldctl_iscritical = 1;
+ c.ldctl_oid = LDAP_CONTROL_RELAX;
+ } else {
+ op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+ }
+ rc = op2.o_bd->be_modify( &op2, &r2 );
slap_mods_free( mod, 1 );
}
@@ -1305,12 +1339,13 @@
struct berval *bv = &(pa->a_vals[0]);
int rc, send_ctrl = 0;
LDAPPasswordPolicyError pErr = PP_noError;
+ char *txt;
/* Did we receive a password policy request control? */
if ( op->o_ctrlflag[ppolicy_cid] ) {
send_ctrl = 1;
}
- rc = check_password_quality( bv, &pp, &pErr, op->ora_e );
+ rc = check_password_quality( bv, &pp, &pErr, op->ora_e, &txt );
if (rc != LDAP_SUCCESS) {
LDAPControl **oldctrls = NULL;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -1319,7 +1354,10 @@
ctrl = create_passcontrol( op, -1, -1, pErr );
oldctrls = add_passcontrol( op, rs, ctrl );
}
- send_ldap_error( op, rs, rc, "Password fails quality checking policy" );
+ send_ldap_error( op, rs, rc, txt ? txt : "Password fails quality checking policy" );
+ if ( txt ) {
+ free( txt );
+ }
if ( send_ctrl ) {
ctrls_cleanup( op, rs, oldctrls );
}
@@ -1400,7 +1438,7 @@
Attribute *pa, *ha, at;
const char *txt;
pw_hist *tl = NULL, *p;
- int zapReset, send_ctrl = 0;
+ int zapReset, send_ctrl = 0, free_txt = 0;
Entry *e;
struct berval newpw = BER_BVNULL, oldpw = BER_BVNULL,
*bv, cr[2];
@@ -1725,8 +1763,6 @@
/*
* we have a password to check
*/
- const char *txt;
-
bv = oldpw.bv_val ? &oldpw : delmod->sml_values;
/* FIXME: no access checking? */
rc = slap_passwd_check( op, NULL, pa, bv, &txt );
@@ -1760,10 +1796,15 @@
bv = newpw.bv_val ? &newpw : &addmod->sml_values[0];
if (pp.pwdCheckQuality > 0) {
- rc = check_password_quality( bv, &pp, &pErr, e );
+ rc = check_password_quality( bv, &pp, &pErr, e, (char **)&txt );
if (rc != LDAP_SUCCESS) {
rs->sr_err = rc;
- rs->sr_text = "Password fails quality checking policy";
+ if ( txt ) {
+ rs->sr_text = txt;
+ free_txt = 1;
+ } else {
+ rs->sr_text = "Password fails quality checking policy";
+ }
goto return_results;
}
}
@@ -2016,6 +2057,10 @@
oldctrls = add_passcontrol( op, rs, ctrl );
}
send_ldap_result( op, rs );
+ if ( free_txt ) {
+ free( (char *)txt );
+ rs->sr_text = NULL;
+ }
if ( send_ctrl ) {
if ( is_pwdexop ) {
if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/refint.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/refint.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* refint.c - referential integrity module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.10 2009/01/22 00:01:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.12 2009/06/04 23:27:42 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2009 The OpenLDAP Foundation.
@@ -547,7 +547,7 @@
refint_data *id,
refint_q *rq )
{
- dependent_data *dp, *dp_next;
+ dependent_data *dp;
int rc;
op->o_callback->sc_response = refint_search_cb;
@@ -586,14 +586,12 @@
*
*/
- for ( dp = rq->attrs; dp; dp = dp_next ) {
+ for ( dp = rq->attrs; dp; dp = dp->next ) {
Operation op2 = *op;
SlapReply rs2 = { 0 };
refint_attrs *ra;
- Modifications *m, *first = NULL;
+ Modifications *m;
- dp_next = dp->next;
-
op2.o_tag = LDAP_REQ_MODIFY;
op2.orm_modlist = NULL;
op2.o_req_dn = dp->dn;
@@ -603,21 +601,18 @@
Debug( LDAP_DEBUG_TRACE,
"refint_repair: no backend for DN %s!\n",
dp->dn.bv_val, 0, 0 );
- return 0;
+ continue;
}
rs2.sr_type = REP_RESULT;
- for ( ra = dp->attrs; ra; ra = dp->attrs ) {
+ for ( ra = dp->attrs; ra; ra = ra->next ) {
size_t len;
- dp->attrs = ra->next;
/* Set our ModifiersName */
if ( SLAP_LASTMOD( op->o_bd ) ) {
m = op2.o_tmpalloc( sizeof(Modifications) +
4*sizeof(BerValue), op2.o_tmpmemctx );
m->sml_next = op2.orm_modlist;
- if ( !first )
- first = m;
op2.orm_modlist = m;
m->sml_op = LDAP_MOD_REPLACE;
m->sml_flags = SLAP_MOD_INTERNAL;
@@ -642,8 +637,6 @@
m = op2.o_tmpalloc( len, op2.o_tmpmemctx );
m->sml_next = op2.orm_modlist;
- if ( !first )
- first = m;
op2.orm_modlist = m;
m->sml_op = LDAP_MOD_ADD;
m->sml_flags = 0;
@@ -656,9 +649,6 @@
BER_BVZERO( &m->sml_nvalues[1] );
m->sml_numvals = 1;
if ( BER_BVISEMPTY( &rq->newdn ) ) {
- op2.o_tmpfree( ra, op2.o_tmpmemctx );
- ra = dp->attrs;
- dp->attrs = ra->next;
m->sml_values[0] = id->nothing;
m->sml_nvalues[0] = id->nnothing;
} else {
@@ -680,8 +670,6 @@
m = op2.o_tmpalloc( len, op2.o_tmpmemctx );
m->sml_next = op2.orm_modlist;
op2.orm_modlist = m;
- if ( !first )
- first = m;
m->sml_op = LDAP_MOD_DELETE;
m->sml_flags = 0;
m->sml_desc = ra->attr;
@@ -699,7 +687,6 @@
m->sml_nvalues = ra->old_nvals;
m->sml_numvals = ra->ra_numvals;
}
- op2.o_tmpfree( ra, op2.o_tmpmemctx );
}
op2.o_dn = op2.o_bd->be_rootdn;
@@ -713,17 +700,8 @@
while ( ( m = op2.orm_modlist ) ) {
op2.orm_modlist = m->sml_next;
- if ( m->sml_values && m->sml_values != (BerVarray)(m+1) ) {
- ber_bvarray_free_x( m->sml_values, op2.o_tmpmemctx );
- ber_bvarray_free_x( m->sml_nvalues, op2.o_tmpmemctx );
- }
op2.o_tmpfree( m, op2.o_tmpmemctx );
- if ( m == first ) break;
}
- slap_mods_free( op2.orm_modlist, 1 );
- op2.o_tmpfree( dp->ndn.bv_val, op2.o_tmpmemctx );
- op2.o_tmpfree( dp->dn.bv_val, op2.o_tmpmemctx );
- op2.o_tmpfree( dp, op2.o_tmpmemctx );
}
return 0;
@@ -776,6 +754,9 @@
}
for (;;) {
+ dependent_data *dp, *dp_next;
+ refint_attrs *ra, *ra_next;
+
/* Dequeue an op */
ldap_pvt_thread_mutex_lock( &id->qmutex );
rq = id->qhead;
@@ -829,6 +810,22 @@
}
}
+ for ( dp = rq->attrs; dp; dp = dp_next ) {
+ dp_next = dp->next;
+ for ( ra = dp->attrs; ra; ra = ra_next ) {
+ ra_next = ra->next;
+ ber_bvarray_free_x( ra->new_nvals, op->o_tmpmemctx );
+ ber_bvarray_free_x( ra->new_vals, op->o_tmpmemctx );
+ ber_bvarray_free_x( ra->old_nvals, op->o_tmpmemctx );
+ ber_bvarray_free_x( ra->old_vals, op->o_tmpmemctx );
+ op->o_tmpfree( ra, op->o_tmpmemctx );
+ }
+ op->o_tmpfree( dp->ndn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( dp->dn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( dp, op->o_tmpmemctx );
+ }
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+
if ( !BER_BVISNULL( &rq->newndn )) {
ch_free( rq->newndn.bv_val );
ch_free( rq->newdn.bv_val );
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.24 2009/02/20 00:14:30 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.28 2009/05/01 19:51:07 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -823,7 +823,7 @@
}
/* just free entry if (probably) ours */
- if ( e->e_private == NULL ) {
+ if ( e->e_private == NULL && BER_BVISNULL( &e->e_bv ) ) {
entry_free( e );
return LDAP_SUCCESS;
}
@@ -847,6 +847,7 @@
SlapReply rs = { REP_SEARCH };
rwm_op_state ros = { 0 };
+ struct berval mndn = BER_BVNULL;
if ( ((BackendInfo *)on->on_info->oi_orig)->bi_entry_get_rw == NULL ) {
return SLAP_CB_CONTINUE;
@@ -862,6 +863,8 @@
return LDAP_OTHER;
}
+ mndn = BER_BVISNULL( &ros.r_ndn ) ? *ndn : ros.r_ndn;
+
/* map attribute & objectClass */
if ( at != NULL ) {
}
@@ -874,8 +877,10 @@
op2.o_bd = &db;
op2.o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
op2.ors_attrs = slap_anlist_all_attributes;
- rc = op2.o_bd->bd_info->bi_entry_get_rw( &op2, &ros.r_ndn, oc, at, rw, ep );
+ rc = op2.o_bd->bd_info->bi_entry_get_rw( &op2, &mndn, oc, at, rw, ep );
if ( rc == LDAP_SUCCESS && *ep != NULL ) {
+ /* we assume be_entry_release() needs to be called */
+ rs.sr_flags = REP_ENTRY_MUSTRELEASE;
rs.sr_entry = *ep;
/* duplicate & release */
@@ -887,7 +892,7 @@
}
}
- if ( ros.r_ndn.bv_val != ndn->bv_val ) {
+ if ( !BER_BVISNULL( &ros.r_ndn) && ros.r_ndn.bv_val != ndn->bv_val ) {
op->o_tmpfree( ros.r_ndn.bv_val, op->o_tmpmemctx );
}
@@ -1197,7 +1202,8 @@
int last = -1;
Attribute *a;
- if ( op->ors_attrs != NULL &&
+ if ( ( rwmap->rwm_flags & RWM_F_DROP_UNREQUESTED_ATTRS ) &&
+ op->ors_attrs != NULL &&
!SLAP_USERATTRS( rs->sr_attr_flags ) &&
!ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
{
@@ -1829,6 +1835,7 @@
RWM_CF_MAP,
RWM_CF_T_F_SUPPORT,
RWM_CF_NORMALIZE_MAPPED,
+ RWM_CF_DROP_UNREQUESTED,
RWM_CF_LAST
};
@@ -1883,6 +1890,14 @@
"SINGLE-VALUE )",
NULL, NULL },
+ { "rwm-drop-unrequested-attrs", "true|false",
+ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|RWM_CF_DROP_UNREQUESTED, rwm_cf_gen,
+ "( OLcfgOvAt:16.5 NAME 'olcRwmDropUnrequested' "
+ "DESC 'Drop unrequested attributes' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
@@ -2051,6 +2066,10 @@
c->value_int = ( rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS );
break;
+ case RWM_CF_DROP_UNREQUESTED:
+ c->value_int = ( rwmap->rwm_flags & RWM_F_DROP_UNREQUESTED_ATTRS );
+ break;
+
default:
assert( 0 );
rc = 1;
@@ -2145,6 +2164,10 @@
rwmap->rwm_flags &= ~RWM_F_NORMALIZE_MAPPED_ATTRS;
break;
+ case RWM_CF_DROP_UNREQUESTED:
+ rwmap->rwm_flags &= ~RWM_F_DROP_UNREQUESTED_ATTRS;
+ break;
+
default:
return 1;
}
@@ -2325,6 +2348,14 @@
}
break;
+ case RWM_CF_DROP_UNREQUESTED:
+ if ( c->value_int ) {
+ rwmap->rwm_flags |= RWM_F_DROP_UNREQUESTED_ATTRS;
+ } else {
+ rwmap->rwm_flags &= ~RWM_F_DROP_UNREQUESTED_ATTRS;
+ }
+ break;
+
default:
assert( 0 );
return 1;
@@ -2344,9 +2375,11 @@
rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
+ /* default */
+ rwmap->rwm_flags = RWM_F_DROP_UNREQUESTED_ATTRS;
+
rc = rwm_info_init( &rwmap->rwm_rw );
-error_return:;
on->on_bi.bi_private = (void *)rwmap;
if ( rc ) {
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* rwm.h - dn rewrite/attribute mapping header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.15.2.5 2009/01/22 00:01:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.15.2.6 2009/05/01 19:18:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -81,6 +81,7 @@
#define RWM_F_NONE (0x0000U)
#define RWM_F_NORMALIZE_MAPPED_ATTRS (0x0001U)
+#define RWM_F_DROP_UNREQUESTED_ATTRS (0x0002U)
#define RWM_F_SUPPORT_T_F (0x4000U)
#define RWM_F_SUPPORT_T_F_DISCOVER (0x8000U)
#define RWM_F_SUPPORT_T_F_MASK (RWM_F_SUPPORT_T_F)
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.46 2009/02/23 02:15:32 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.58 2009/04/05 01:29:48 quanah Exp $ */
/* syncprov.c - syncrepl provider */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
@@ -71,12 +71,11 @@
#define PS_WROTE_BASE 0x04
#define PS_FIND_BASE 0x08
#define PS_FIX_FILTER 0x10
+#define PS_TASK_QUEUED 0x20
int s_inuse; /* reference count */
struct syncres *s_res;
struct syncres *s_restail;
- struct re_s *s_qtask; /* task for playing psearch responses */
-#define RUNQ_INTERVAL 36000 /* a long time */
ldap_pvt_thread_mutex_t s_mutex;
} syncops;
@@ -143,11 +142,14 @@
typedef struct opcookie {
slap_overinst *son;
syncmatches *smatches;
+ modtarget *smt;
struct berval sdn; /* DN of entry, for deletes */
struct berval sndn;
struct berval suuid; /* UUID of entry */
struct berval sctxcsn;
- int sreference; /* Is the entry a reference? */
+ short osid; /* sid of op csn */
+ short rsid; /* sid of relay */
+ short sreference; /* Is the entry a reference? */
} opcookie;
typedef struct fbase_cookie {
@@ -746,13 +748,6 @@
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
return;
}
- if ( so->s_qtask ) {
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- if ( ldap_pvt_runqueue_isrunning( &slapd_rq, so->s_qtask ) )
- ldap_pvt_runqueue_stoptask( &slapd_rq, so->s_qtask );
- ldap_pvt_runqueue_remove( &slapd_rq, so->s_qtask );
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
- }
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
if ( so->s_flags & PS_IS_DETACHED ) {
filter_free( so->s_op->ors_filter );
@@ -780,7 +775,7 @@
SlapReply rs = { REP_SEARCH };
LDAPControl *ctrls[2];
- struct berval cookie, csns[2];
+ struct berval cookie = BER_BVNULL, csns[2];
Entry e_uuid = {0};
Attribute a_uuid = {0};
@@ -788,18 +783,32 @@
return SLAPD_ABANDON;
ctrls[1] = NULL;
- csns[0] = opc->sctxcsn;
- BER_BVZERO( &csns[1] );
- slap_compose_sync_cookie( op, &cookie, csns, so->s_rid, so->s_sid );
+ if ( !BER_BVISNULL( &opc->sctxcsn )) {
+ csns[0] = opc->sctxcsn;
+ BER_BVZERO( &csns[1] );
+ slap_compose_sync_cookie( op, &cookie, csns, so->s_rid, slap_serverID ? slap_serverID : -1 );
+ }
- Debug( LDAP_DEBUG_SYNC, "syncprov_sendresp: cookie=%s\n", cookie.bv_val, 0, 0 );
+#ifdef LDAP_DEBUG
+ if ( !BER_BVISNULL( &cookie )) {
+ if ( so->s_sid > 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_sendresp: to=%03x, cookie=%s\n",
+ so->s_sid, cookie.bv_val , 0 );
+ } else {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_sendresp: cookie=%s\n",
+ cookie.bv_val, 0, 0 );
+ }
+ }
+#endif
e_uuid.e_attrs = &a_uuid;
a_uuid.a_desc = slap_schema.si_ad_entryUUID;
a_uuid.a_nvals = &opc->suuid;
rs.sr_err = syncprov_state_ctrl( op, &rs, &e_uuid,
mode, ctrls, 0, 1, &cookie );
- op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+ if ( !BER_BVISNULL( &cookie )) {
+ op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
+ }
rs.sr_ctrls = ctrls;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -851,11 +860,13 @@
return rs.sr_err;
}
+static void
+syncprov_qstart( syncops *so );
+
/* Play back queued responses */
static int
-syncprov_qplay( Operation *op, struct re_s *rtask )
+syncprov_qplay( Operation *op, syncops *so )
{
- syncops *so = rtask->arg;
slap_overinst *on = LDAP_SLIST_FIRST(&so->s_op->o_extra)->oe_key;
syncres *sr;
Entry *e;
@@ -864,7 +875,7 @@
opc.son = on;
- for (;;) {
+ do {
ldap_pvt_thread_mutex_lock( &so->s_mutex );
sr = so->s_res;
if ( sr )
@@ -876,62 +887,63 @@
break;
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
- opc.sdn = sr->s_dn;
- opc.sndn = sr->s_ndn;
- opc.suuid = sr->s_uuid;
- opc.sctxcsn = sr->s_csn;
- opc.sreference = sr->s_isreference;
- e = NULL;
+ if ( sr->s_mode == LDAP_SYNC_NEW_COOKIE ) {
+ SlapReply rs = { REP_INTERMEDIATE };
- if ( sr->s_mode != LDAP_SYNC_DELETE ) {
- rc = overlay_entry_get_ov( op, &opc.sndn, NULL, NULL, 0, &e, on );
- if ( rc ) {
- Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
- "error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
- ch_free( sr );
- rc = 0;
- continue;
+ rc = syncprov_sendinfo( op, &rs, LDAP_TAG_SYNC_NEW_COOKIE,
+ &sr->s_csn, 0, NULL, 0 );
+ } else {
+ opc.sdn = sr->s_dn;
+ opc.sndn = sr->s_ndn;
+ opc.suuid = sr->s_uuid;
+ opc.sctxcsn = sr->s_csn;
+ opc.sreference = sr->s_isreference;
+ e = NULL;
+
+ if ( sr->s_mode != LDAP_SYNC_DELETE ) {
+ rc = overlay_entry_get_ov( op, &opc.sndn, NULL, NULL, 0, &e, on );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
+ "error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
+ ch_free( sr );
+ rc = 0;
+ continue;
+ }
}
- }
- rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
+ rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
- if ( e ) {
- overlay_entry_release_ov( op, e, 0, on );
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
}
ch_free( sr );
- if ( rc ) {
- /* Exit loop with mutex held */
- ldap_pvt_thread_mutex_lock( &so->s_mutex );
- break;
- }
- }
+ /* Exit loop with mutex held */
+ ldap_pvt_thread_mutex_lock( &so->s_mutex );
- /* wait until we get explicitly scheduled again */
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
- if ( rc == 0 ) {
- ldap_pvt_runqueue_resched( &slapd_rq, rtask, 1 );
+ } while (0);
+
+ /* We now only send one change at a time, to prevent one
+ * psearch from hogging all the CPU. Resubmit this task if
+ * there are more responses queued and no errors occurred.
+ */
+
+ if ( rc == 0 && so->s_res ) {
+ syncprov_qstart( so );
} else {
- /* bail out on any error */
- ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+ so->s_flags ^= PS_TASK_QUEUED;
+ }
- /* Prevent duplicate remove */
- if ( so->s_qtask == rtask )
- so->s_qtask = NULL;
- }
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
return rc;
}
-/* runqueue task for playing back queued responses */
+/* task for playing back queued responses */
static void *
syncprov_qtask( void *ctx, void *arg )
{
- struct re_s *rtask = arg;
- syncops *so = rtask->arg;
+ syncops *so = arg;
OperationBuffer opbuf;
Operation *op;
BackendDB be;
@@ -956,22 +968,11 @@
LDAP_SLIST_FIRST(&op->o_extra) = NULL;
op->o_callback = NULL;
- rc = syncprov_qplay( op, rtask );
+ rc = syncprov_qplay( op, so );
/* decrement use count... */
syncprov_free_syncop( so );
-#if 0 /* FIXME: connection_close isn't exported from slapd.
- * should it be?
- */
- if ( rc ) {
- ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- if ( connection_state_closing( op->o_conn )) {
- connection_close( op->o_conn );
- }
- ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- }
-#endif
return NULL;
}
@@ -979,27 +980,10 @@
static void
syncprov_qstart( syncops *so )
{
- int wake=0;
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- if ( !so->s_qtask ) {
- so->s_qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL,
- syncprov_qtask, so, "syncprov_qtask",
- so->s_op->o_conn->c_peer_name.bv_val );
- ++so->s_inuse;
- wake = 1;
- } else {
- if (!ldap_pvt_runqueue_isrunning( &slapd_rq, so->s_qtask ) &&
- !so->s_qtask->next_sched.tv_sec ) {
- so->s_qtask->interval.tv_sec = 0;
- ldap_pvt_runqueue_resched( &slapd_rq, so->s_qtask, 0 );
- so->s_qtask->interval.tv_sec = RUNQ_INTERVAL;
- ++so->s_inuse;
- wake = 1;
- }
- }
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
- if ( wake )
- slap_wake_listener();
+ so->s_flags |= PS_TASK_QUEUED;
+ so->s_inuse++;
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ syncprov_qtask, so );
}
/* Queue a persistent search response */
@@ -1007,17 +991,20 @@
syncprov_qresp( opcookie *opc, syncops *so, int mode )
{
syncres *sr;
- int sid, srsize;
+ int srsize;
+ struct berval cookie = opc->sctxcsn;
- /* Don't send changes back to their originator */
- sid = slap_parse_csn_sid( &opc->sctxcsn );
- if ( sid >= 0 && sid == so->s_sid )
- return LDAP_SUCCESS;
+ if ( mode == LDAP_SYNC_NEW_COOKIE ) {
+ syncprov_info_t *si = opc->son->on_bi.bi_private;
+ slap_compose_sync_cookie( NULL, &cookie, si->si_ctxcsn,
+ so->s_rid, slap_serverID ? slap_serverID : -1);
+ }
+
srsize = sizeof(syncres) + opc->suuid.bv_len + 1 +
opc->sdn.bv_len + 1 + opc->sndn.bv_len + 1;
- if ( opc->sctxcsn.bv_len )
- srsize += opc->sctxcsn.bv_len + 1;
+ if ( cookie.bv_len )
+ srsize += cookie.bv_len + 1;
sr = ch_malloc( srsize );
sr->s_next = NULL;
sr->s_dn.bv_val = (char *)(sr + 1);
@@ -1031,14 +1018,18 @@
opc->sndn.bv_val ) + 1;
sr->s_uuid.bv_len = opc->suuid.bv_len;
AC_MEMCPY( sr->s_uuid.bv_val, opc->suuid.bv_val, opc->suuid.bv_len );
- if ( opc->sctxcsn.bv_len ) {
+ if ( cookie.bv_len ) {
sr->s_csn.bv_val = sr->s_uuid.bv_val + sr->s_uuid.bv_len + 1;
- strcpy( sr->s_csn.bv_val, opc->sctxcsn.bv_val );
+ strcpy( sr->s_csn.bv_val, cookie.bv_val );
} else {
sr->s_csn.bv_val = NULL;
}
- sr->s_csn.bv_len = opc->sctxcsn.bv_len;
+ sr->s_csn.bv_len = cookie.bv_len;
+ if ( mode == LDAP_SYNC_NEW_COOKIE && cookie.bv_val ) {
+ ch_free( cookie.bv_val );
+ }
+
ldap_pvt_thread_mutex_lock( &so->s_mutex );
if ( !so->s_res ) {
so->s_res = sr;
@@ -1052,7 +1043,7 @@
so->s_flags ^= PS_WROTE_BASE;
so->s_flags |= PS_FIND_BASE;
}
- if ( so->s_flags & PS_IS_DETACHED ) {
+ if (( so->s_flags & (PS_IS_DETACHED|PS_TASK_QUEUED)) == PS_IS_DETACHED ) {
syncprov_qstart( so );
}
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
@@ -1198,6 +1189,24 @@
if ( ss->s_op->o_abandon )
continue;
+ /* First time thru, check for possible skips */
+ if ( saveit || op->o_tag == LDAP_REQ_ADD ) {
+
+ /* Don't send ops back to the originator */
+ if ( opc->osid > 0 && opc->osid == ss->s_sid ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_matchops: skipping original sid %03x\n",
+ opc->osid, 0, 0 );
+ continue;
+ }
+
+ /* Don't send ops back to the messenger */
+ if ( opc->rsid > 0 && opc->rsid == ss->s_sid ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_matchops: skipping relayed sid %03x\n",
+ opc->rsid, 0, 0 );
+ continue;
+ }
+ }
+
/* validate base */
fc.fss = ss;
fc.fbase = 0;
@@ -1243,13 +1252,18 @@
oh = *op->o_hdr;
oh.oh_conn = ss->s_op->o_conn;
oh.oh_connid = ss->s_op->o_connid;
+ op2.o_bd = op->o_bd->bd_self;
op2.o_hdr = &oh;
op2.o_extra = op->o_extra;
+ op2.o_callback = NULL;
+ rc = test_filter( &op2, e, ss->s_op->ors_filter );
}
+ Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n",
+ ss->s_sid, fc.fscope, rc );
+
/* check if current o_req_dn is in scope and matches filter */
- if ( fc.fscope && test_filter( &op2, e, ss->s_op->ors_filter ) ==
- LDAP_COMPARE_TRUE ) {
+ if ( fc.fscope && rc == LDAP_COMPARE_TRUE ) {
if ( saveit ) {
sm = op->o_tmpalloc( sizeof(syncmatches), op->o_tmpmemctx );
sm->sm_next = opc->smatches;
@@ -1266,6 +1280,8 @@
} else if ( !saveit && found ) {
/* send DELETE */
syncprov_qresp( opc, ss, LDAP_SYNC_DELETE );
+ } else if ( !saveit ) {
+ syncprov_qresp( opc, ss, LDAP_SYNC_NEW_COOKIE );
}
if ( !saveit && found ) {
/* Decrement s_inuse, was incremented when called
@@ -1306,26 +1322,24 @@
}
/* Remove op from lock table */
- mtdummy.mt_op = op;
- ldap_pvt_thread_mutex_lock( &si->si_mods_mutex );
- mt = avl_find( si->si_mods, &mtdummy, sp_avl_cmp );
+ mt = opc->smt;
if ( mt ) {
modinst *mi = mt->mt_mods;
/* If there are more, promote the next one */
- ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
if ( mi->mi_next ) {
+ ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
mt->mt_mods = mi->mi_next;
mt->mt_op = mt->mt_mods->mi_op;
ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
} else {
+ ldap_pvt_thread_mutex_lock( &si->si_mods_mutex );
avl_delete( &si->si_mods, mt, sp_avl_cmp );
- ldap_pvt_thread_mutex_unlock( &mt->mt_mutex );
+ ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
ldap_pvt_thread_mutex_destroy( &mt->mt_mutex );
ch_free( mt );
}
}
- ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
if ( !BER_BVISNULL( &opc->suuid ))
op->o_tmpfree( opc->suuid.bv_val, op->o_tmpmemctx );
if ( !BER_BVISNULL( &opc->sndn ))
@@ -1603,7 +1617,7 @@
if ( delcsn[0].bv_len ) {
slap_compose_sync_cookie( op, &cookie, delcsn, srs->sr_state.rid,
- srs->sr_state.sid );
+ slap_serverID ? slap_serverID : -1 );
Debug( LDAP_DEBUG_SYNC, "syncprov_playlog: cookie=%s\n", cookie.bv_val, 0, 0 );
}
@@ -1637,6 +1651,57 @@
maxcsn.bv_val = cbuf;
maxcsn.bv_len = sizeof(cbuf);
ldap_pvt_thread_rdwr_wlock( &si->si_csn_rwlock );
+
+ if ( op->o_dont_replicate && op->o_tag == LDAP_REQ_MODIFY &&
+ op->orm_modlist->sml_op == LDAP_MOD_REPLACE &&
+ op->orm_modlist->sml_desc == slap_schema.si_ad_contextCSN ) {
+ /* Catch contextCSN updates from syncrepl. We have to look at
+ * all the attribute values, as there may be more than one csn
+ * that changed, and only one can be passed in the csn queue.
+ */
+ Modifications *mod = op->orm_modlist;
+ int i, j, sid;
+
+ for ( i=0; i<mod->sml_numvals; i++ ) {
+ sid = slap_parse_csn_sid( &mod->sml_values[i] );
+
+ for ( j=0; j<si->si_numcsns; j++ ) {
+ if ( sid == si->si_sids[j] ) {
+ if ( ber_bvcmp( &mod->sml_values[i], &si->si_ctxcsn[j] ) > 0 ) {
+ ber_bvreplace( &si->si_ctxcsn[j], &mod->sml_values[i] );
+ csn_changed = 1;
+ }
+ break;
+ }
+ }
+
+ if ( j == si->si_numcsns ) {
+ value_add_one( &si->si_ctxcsn, &mod->sml_values[i] );
+ si->si_numcsns++;
+ si->si_sids = ch_realloc( si->si_sids, si->si_numcsns *
+ sizeof(int));
+ si->si_sids[j] = sid;
+ csn_changed = 1;
+ }
+ }
+ ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
+
+ if ( csn_changed ) {
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ have_psearches = ( si->si_ops != NULL );
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+
+ if ( have_psearches ) {
+ for ( sm = opc->smatches; sm; sm=sm->sm_next ) {
+ if ( sm->sm_op->s_op->o_abandon )
+ continue;
+ syncprov_qresp( opc, sm->sm_op, LDAP_SYNC_NEW_COOKIE );
+ }
+ }
+ }
+ return SLAP_CB_CONTINUE;
+ }
+
slap_get_commit_csn( op, &maxcsn, &foundit );
if ( BER_BVISEMPTY( &maxcsn ) && SLAP_GLUE_SUBORDINATE( op->o_bd )) {
/* syncrepl queues the CSN values in the db where
@@ -1676,10 +1741,12 @@
sizeof(int));
si->si_sids[i] = sid;
}
+#if 0
} else if ( !foundit ) {
/* internal ops that aren't meant to be replicated */
ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
return SLAP_CB_CONTINUE;
+#endif
}
/* Don't do any processing for consumer contextCSN updates */
@@ -1690,18 +1757,24 @@
si->si_numops++;
if ( si->si_chkops || si->si_chktime ) {
- if ( si->si_chkops && si->si_numops >= si->si_chkops ) {
- do_check = 1;
- si->si_numops = 0;
- }
- if ( si->si_chktime &&
- (op->o_time - si->si_chklast >= si->si_chktime )) {
- if ( si->si_chklast ) {
+ /* Never checkpoint adding the context entry,
+ * it will deadlock
+ */
+ if ( op->o_tag != LDAP_REQ_ADD ||
+ !dn_match( &op->o_req_ndn, &op->o_bd->be_nsuffix[0] )) {
+ if ( si->si_chkops && si->si_numops >= si->si_chkops ) {
do_check = 1;
- si->si_chklast = op->o_time;
- } else {
- si->si_chklast = 1;
+ si->si_numops = 0;
}
+ if ( si->si_chktime &&
+ (op->o_time - si->si_chklast >= si->si_chktime )) {
+ if ( si->si_chklast ) {
+ do_check = 1;
+ si->si_chklast = op->o_time;
+ } else {
+ si->si_chklast = 1;
+ }
+ }
}
}
ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
@@ -1845,6 +1918,18 @@
cb->sc_next = op->o_callback;
op->o_callback = cb;
+ opc->osid = -1;
+ opc->rsid = -1;
+ if ( op->o_csn.bv_val ) {
+ opc->osid = slap_parse_csn_sid( &op->o_csn );
+ }
+ if ( op->o_controls ) {
+ struct sync_cookie *scook =
+ op->o_controls[slap_cids.sc_LDAPsync];
+ if ( scook )
+ opc->rsid = scook->sid;
+ }
+
/* If there are active persistent searches, lock this operation.
* See seqmod.c for the locking logic on its own.
*/
@@ -1872,6 +1957,9 @@
* Currently it's not an issue because there are
* no dynamic config deletes...
*/
+ if ( slapd_shutdown )
+ return SLAPD_ABANDON;
+
if ( !ldap_pvt_thread_pool_pausecheck( &connection_pool ))
ldap_pvt_thread_yield();
ldap_pvt_thread_mutex_lock( &mt->mt_mutex );
@@ -1899,6 +1987,7 @@
avl_insert( &si->si_mods, mt, sp_avl_cmp, avl_dup_error );
ldap_pvt_thread_mutex_unlock( &si->si_mods_mutex );
}
+ opc->smt = mt;
}
if (( have_psearches || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
@@ -2114,7 +2203,7 @@
/* If we're in delta-sync mode, always send a cookie */
if ( si->si_nopres && si->si_usehint && a ) {
struct berval cookie;
- slap_compose_sync_cookie( op, &cookie, a->a_nvals, srs->sr_state.rid, srs->sr_state.sid );
+ slap_compose_sync_cookie( op, &cookie, a->a_nvals, srs->sr_state.rid, slap_serverID ? slap_serverID : -1 );
rs->sr_err = syncprov_state_ctrl( op, rs, rs->sr_entry,
LDAP_SYNC_ADD, rs->sr_ctrls, 0, 1, &cookie );
} else {
@@ -2122,11 +2211,12 @@
LDAP_SYNC_ADD, rs->sr_ctrls, 0, 0, NULL );
}
} else if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS ) {
- struct berval cookie;
+ struct berval cookie = BER_BVNULL;
- if ( ss->ss_flags & SS_CHANGED ) {
+ if ( ( ss->ss_flags & SS_CHANGED ) &&
+ ss->ss_ctxcsn && !BER_BVISNULL( &ss->ss_ctxcsn[0] )) {
slap_compose_sync_cookie( op, &cookie, ss->ss_ctxcsn,
- srs->sr_state.rid, srs->sr_state.sid );
+ srs->sr_state.rid, slap_serverID ? slap_serverID : -1 );
Debug( LDAP_DEBUG_SYNC, "syncprov_search_response: cookie=%s\n", cookie.bv_val, 0, 0 );
}
@@ -2148,7 +2238,7 @@
LDAP_TAG_SYNC_REFRESH_PRESENT : LDAP_TAG_SYNC_REFRESH_DELETE,
( ss->ss_flags & SS_CHANGED ) ? &cookie : NULL,
1, NULL, 0 );
- if ( ss->ss_flags & SS_CHANGED )
+ if ( !BER_BVISNULL( &cookie ))
op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
/* Detach this Op from frontend control */
@@ -2302,13 +2392,32 @@
/* If nothing has changed, shortcut it */
if ( srs->sr_state.numcsns == numcsns ) {
- int i, j;
+ int i, j, newer;
for ( i=0; i<srs->sr_state.numcsns; i++ ) {
for ( j=0; j<numcsns; j++ ) {
if ( srs->sr_state.sids[i] != sids[j] )
continue;
- if ( !bvmatch( &srs->sr_state.ctxcsn[i], &ctxcsn[j] ))
+ newer = ber_bvcmp( &srs->sr_state.ctxcsn[i], &ctxcsn[j] );
+ /* If our state is newer, tell consumer about changes */
+ if ( newer < 0 )
changed = SS_CHANGED;
+ else if ( newer > 0 ) {
+ /* our state is older, tell consumer nothing */
+ if ( sop ) {
+ syncops **sp = &si->si_ops;
+
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ while ( *sp != sop )
+ sp = &(*sp)->s_next;
+ *sp = sop->s_next;
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ ch_free( sop );
+ }
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_ctrls = NULL;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
break;
}
if ( changed )
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* translucent.c - translucent proxy module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.13.2.26 2009/01/22 00:01:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.13.2.27 2009/06/08 19:27:05 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2009 The OpenLDAP Foundation.
@@ -1110,6 +1110,8 @@
op->o_callback = &cb;
if ( fr || !fl ) {
+ AttributeName *attrs = op->ors_attrs;
+ op->ors_attrs = NULL;
op->o_bd = &ov->db;
tc.step |= RMT_SIDE;
if ( fl ) {
@@ -1118,6 +1120,7 @@
filter2bv_x( op, fr, &op->ors_filterstr );
}
rc = ov->db.bd_info->bi_op_search(op, rs);
+ op->ors_attrs = attrs;
op->o_bd = tc.db;
if ( fl ) {
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
@@ -1133,6 +1136,8 @@
op->ors_filterstr = fbv;
op->ors_filter = tc.orig;
op->o_callback = cb.sc_next;
+ rs->sr_attrs = op->ors_attrs;
+
/* Send out anything remaining on the list and finish */
if ( tc.step & USE_LIST ) {
if ( tc.list ) {
Modified: openldap/vendor/openldap-release/servers/slapd/proto-slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/proto-slap.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/proto-slap.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.670.2.41 2009/02/17 19:14:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.670.2.49 2009/06/02 23:58:20 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -623,6 +623,10 @@
LDAP_SLAPD_F (void) slap_free_ctrls LDAP_P((
Operation *op,
LDAPControl **ctrls ));
+LDAP_SLAPD_F (int) slap_add_ctrls LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl **ctrls ));
LDAP_SLAPD_F (int) slap_parse_ctrl LDAP_P((
Operation *op,
SlapReply *rs,
@@ -754,8 +758,7 @@
LDAP_SLAPD_F (void) connection_closing LDAP_P((
Connection *c, const char *why ));
-LDAP_SLAPD_F (void) connection_hangup LDAP_P(( ber_socket_t fd ));
-LDAP_SLAPD_F (int) connection_state_closing LDAP_P(( Connection *c ));
+LDAP_SLAPD_F (int) connection_valid LDAP_P(( Connection *c ));
LDAP_SLAPD_F (const char *) connection_state2str LDAP_P(( int state ))
LDAP_GCCATTR((const));
@@ -811,13 +814,10 @@
*/
LDAP_SLAPD_V( int ) slap_serverID;
-LDAP_SLAPD_V( const struct berval ) slap_ldapsync_bv;
-LDAP_SLAPD_V( const struct berval ) slap_ldapsync_cn_bv;
LDAP_SLAPD_F (void) slap_get_commit_csn LDAP_P((
Operation *, struct berval *maxcsn, int *foundit ));
LDAP_SLAPD_F (void) slap_rewind_commit_csn LDAP_P(( Operation * ));
LDAP_SLAPD_F (void) slap_graduate_commit_csn LDAP_P(( Operation * ));
-LDAP_SLAPD_F (Entry *) slap_create_context_csn_entry LDAP_P(( Backend *, struct berval *));
LDAP_SLAPD_F (int) slap_get_csn LDAP_P(( Operation *, struct berval *, int ));
LDAP_SLAPD_F (void) slap_queue_csn LDAP_P(( Operation *, struct berval * ));
@@ -842,6 +842,8 @@
LDAP_SLAPD_F (void) slapd_clr_write LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (void) slapd_set_read LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (int) slapd_clr_read LDAP_P((ber_socket_t s, int wake));
+LDAP_SLAPD_F (void) slapd_clr_writetime LDAP_P((time_t old));
+LDAP_SLAPD_F (time_t) slapd_get_writetime LDAP_P((void));
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_abrupt_shutdown;
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_shutdown;
@@ -1143,6 +1145,8 @@
struct slap_limits_set *limit, int which, struct berval *bv, ber_len_t buflen ));
LDAP_SLAPD_F (int) limits_unparse LDAP_P((
struct slap_limits *limit, struct berval *bv, ber_len_t buflen ));
+LDAP_SLAPD_F (void) limits_free_one LDAP_P((
+ struct slap_limits *lm ));
LDAP_SLAPD_F (void) limits_destroy LDAP_P(( struct slap_limits **lm ));
/*
@@ -1930,9 +1934,12 @@
LDAP_SLAPD_V (int) global_gentlehup;
LDAP_SLAPD_V (int) global_idletimeout;
+LDAP_SLAPD_V (int) global_writetimeout;
LDAP_SLAPD_V (char *) global_host;
+LDAP_SLAPD_V (struct berval) global_host_bv;
LDAP_SLAPD_V (char *) global_realm;
LDAP_SLAPD_V (char *) sasl_host;
+LDAP_SLAPD_V (char *) slap_sasl_auxprops;
LDAP_SLAPD_V (char **) default_passwd_hash;
LDAP_SLAPD_V (int) lber_debug;
LDAP_SLAPD_V (int) ldap_syslog;
Modified: openldap/vendor/openldap-release/servers/slapd/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/result.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/result.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* result.c - routines to send ldap results, errors, and referrals */
-/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.289.2.22 2009/02/17 19:14:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.289.2.28 2009/07/01 17:01:58 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -133,45 +133,52 @@
}
static long send_ldap_ber(
- Connection *conn,
+ Operation *op,
BerElement *ber )
{
+ Connection *conn = op->o_conn;
ber_len_t bytes;
long ret = 0;
- int closing = 0;
ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
/* write only one pdu at a time - wait til it's our turn */
ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
- if ( connection_state_closing( conn )) {
+ if (( op->o_abandon && !op->o_cancel ) || !connection_valid( conn ) ||
+ conn->c_writers < 0 ) {
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
return 0;
}
- while ( conn->c_writers > 0 ) {
+
+ conn->c_writers++;
+
+ while ( conn->c_writers > 0 && conn->c_writing ) {
ldap_pvt_thread_cond_wait( &conn->c_write1_cv, &conn->c_write1_mutex );
}
+
/* connection was closed under us */
if ( conn->c_writers < 0 ) {
- closing = 1;
/* we're the last waiter, let the closer continue */
if ( conn->c_writers == -1 )
ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
- }
-
- conn->c_writers++;
-
- if ( closing ) {
+ conn->c_writers++;
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
return 0;
}
+ /* Our turn */
+ conn->c_writing = 1;
+
/* write the pdu */
while( 1 ) {
int err;
/* lock the connection */
if ( ldap_pvt_thread_mutex_trylock( &conn->c_mutex )) {
+ if ( !connection_valid(conn)) {
+ ret = 0;
+ break;
+ }
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
if ( conn->c_writers < 0 ) {
@@ -200,6 +207,7 @@
if ( err != EWOULDBLOCK && err != EAGAIN ) {
conn->c_writers--;
+ conn->c_writing = 0;
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
connection_closing( conn, "connection lost on write" );
@@ -210,7 +218,7 @@
/* wait for socket to be write-ready */
ldap_pvt_thread_mutex_lock( &conn->c_write2_mutex );
conn->c_writewaiter = 1;
- slapd_set_write( conn->c_sd, 1 );
+ slapd_set_write( conn->c_sd, 2 );
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
@@ -224,6 +232,7 @@
}
}
+ conn->c_writing = 0;
if ( conn->c_writers < 0 ) {
conn->c_writers++;
if ( !conn->c_writers )
@@ -414,7 +423,7 @@
int rc = LDAP_SUCCESS;
long bytes;
- if ( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) {
+ if (( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) && !op->o_cancel ) {
rc = SLAPD_ABANDON;
goto clean2;
}
@@ -436,9 +445,13 @@
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
}
+ rc = rs->sr_err;
+ if ( rc == SLAPD_ABANDON && op->o_cancel )
+ rc = LDAP_CANCELLED;
+
Debug( LDAP_DEBUG_TRACE,
"send_ldap_response: msgid=%d tag=%lu err=%d\n",
- rs->sr_msgid, rs->sr_tag, rs->sr_err );
+ rs->sr_msgid, rs->sr_tag, rc );
if( rs->sr_ref ) {
Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
@@ -451,7 +464,7 @@
op->o_protocol == LDAP_VERSION2 )
{
rc = ber_printf( ber, "t{ess" /*"}"*/,
- rs->sr_tag, rs->sr_err,
+ rs->sr_tag, rc,
rs->sr_matched == NULL ? "" : rs->sr_matched,
rs->sr_text == NULL ? "" : rs->sr_text );
} else
@@ -462,7 +475,7 @@
} else {
rc = ber_printf( ber, "{it{ess" /*"}}"*/,
- rs->sr_msgid, rs->sr_tag, rs->sr_err,
+ rs->sr_msgid, rs->sr_tag, rc,
rs->sr_matched == NULL ? "" : rs->sr_matched,
rs->sr_text == NULL ? "" : rs->sr_text );
}
@@ -532,7 +545,7 @@
}
/* send BER */
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0)
#endif
@@ -1243,7 +1256,7 @@
}
if ( op->o_res_ber == NULL ) {
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
ber_free_buf( ber );
if ( bytes < 0 ) {
@@ -1416,7 +1429,7 @@
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0) {
#endif
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
ber_free_buf( ber );
if ( bytes < 0 ) {
@@ -1664,4 +1677,3 @@
return flags;
}
-
Modified: openldap/vendor/openldap-release/servers/slapd/root_dse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/root_dse.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/root_dse.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* root_dse.c - Provides the Root DSA-Specific Entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.113.2.9 2009/01/22 00:01:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.113.2.11 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -277,8 +277,7 @@
}
for ( j = 0; be->be_suffix[j].bv_val != NULL; j++ ) {
if( attr_merge_one( e, ad_namingContexts,
- &be->be_suffix[j],
- &be->be_nsuffix[0] ) )
+ &be->be_suffix[j], NULL ) )
{
goto fail;
}
@@ -402,7 +401,7 @@
root_dse_read_file( const char *fname )
{
struct LDIFFP *fp;
- int rc = 0, lineno = 0, lmax = 0;
+ int rc = 0, lineno = 0, lmax = 0, ldifrc;
char *buf = NULL;
if ( (fp = ldif_open( fname, "r" )) == NULL ) {
@@ -422,7 +421,7 @@
}
usr_attr->e_attrs = NULL;
- while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ while(( ldifrc = ldif_read_record( fp, &lineno, &buf, &lmax )) > 0 ) {
Entry *e = str2entry( buf );
Attribute *a;
@@ -430,7 +429,7 @@
Debug( LDAP_DEBUG_ANY, "root_dse_read_file: "
"could not parse entry (file=\"%s\" line=%d)\n",
fname, lineno, 0 );
- rc = EXIT_FAILURE;
+ rc = LDAP_OTHER;
break;
}
@@ -441,7 +440,7 @@
"- dn=\"%s\" (file=\"%s\" line=%d)\n",
e->e_dn, fname, lineno );
entry_free( e );
- rc = EXIT_FAILURE;
+ rc = LDAP_OTHER;
break;
}
@@ -464,6 +463,9 @@
if (rc) break;
}
+ if ( ldifrc < 0 )
+ rc = LDAP_OTHER;
+
if (rc) {
entry_free( usr_attr );
usr_attr = NULL;
Modified: openldap/vendor/openldap-release/servers/slapd/sasl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sasl.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/sasl.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.239.2.16 2009/01/22 00:01:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.239.2.17 2009/06/02 22:09:53 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -63,8 +63,29 @@
static struct berval ext_bv = BER_BVC( "EXTERNAL" );
+char *slap_sasl_auxprops;
+
#ifdef HAVE_CYRUS_SASL
+/* Just use our internal auxprop by default */
+static int
+slap_sasl_getopt(
+ void *context,
+ const char *plugin_name,
+ const char *option,
+ const char **result,
+ unsigned *len)
+{
+ if ( strcmp( option, "auxprop_plugin" )) {
+ return SASL_FAIL;
+ }
+ if ( slap_sasl_auxprops )
+ *result = slap_sasl_auxprops;
+ else
+ *result = "slapd";
+ return SASL_OK;
+}
+
int
slap_sasl_log(
void *context,
@@ -1078,6 +1099,7 @@
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, &slap_sasl_log, NULL },
+ { SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
#endif
Modified: openldap/vendor/openldap-release/servers/slapd/schema_check.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_check.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/schema_check.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* schema_check.c - routines to enforce schema definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103.2.10 2009/02/22 20:56:29 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103.2.11 2009/05/06 19:06:16 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -797,7 +797,7 @@
if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&p,
LDAP_DN_FORMAT_LDAP ) )
{
- *text = "unrecongized attribute type(s) in RDN";
+ *text = "unrecognized attribute type(s) in RDN";
return LDAP_INVALID_DN_SYNTAX;
}
Modified: openldap/vendor/openldap-release/servers/slapd/schema_init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_init.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/schema_init.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* schema_init.c - init builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.31 2009/01/22 00:01:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.33 2009/05/08 00:27:00 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -156,8 +156,8 @@
enum {
SLAP_X509_OPT_C_VERSION = SLAP_X509_OPTION + 0,
- SLAP_X509_OPT_C_ISSUERUNIQUEID = SLAP_X509_OPTION + 1,
- SLAP_X509_OPT_C_SUBJECTUNIQUEID = SLAP_X509_OPTION + 2,
+ SLAP_X509_OPT_C_ISSUERUNIQUEID = LBER_CLASS_CONTEXT + 1,
+ SLAP_X509_OPT_C_SUBJECTUNIQUEID = LBER_CLASS_CONTEXT + 2,
SLAP_X509_OPT_C_EXTENSIONS = SLAP_X509_OPTION + 3
};
@@ -2814,6 +2814,7 @@
} else {
slap_sl_free( normalized->bv_val, ctx );
+ BER_BVZERO( normalized );
return LDAP_INVALID_SYNTAX;
}
Modified: openldap/vendor/openldap-release/servers/slapd/schema_prep.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_prep.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/schema_prep.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* schema_prep.c - load builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.169.2.12 2009/02/22 05:51:52 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.169.2.13 2009/04/27 22:50:10 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -684,6 +684,7 @@
"NAME 'monitorContext' "
"DESC 'monitor context' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "EQUALITY distinguishedNameMatch "
"SINGLE-VALUE NO-USER-MODIFICATION "
"USAGE dSAOperation )",
rootDseAttribute, SLAP_AT_HIDE,
@@ -694,6 +695,7 @@
"NAME 'configContext' "
"DESC 'config context' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "EQUALITY distinguishedNameMatch "
"SINGLE-VALUE NO-USER-MODIFICATION "
"USAGE dSAOperation )",
rootDseAttribute, SLAP_AT_HIDE,
Modified: openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sl_malloc.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/sl_malloc.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* sl_malloc.c - malloc routines using a per-thread slab */
-/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.39.2.7 2009/01/22 00:01:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.39.2.9 2009/04/29 01:22:17 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -195,7 +195,7 @@
if (size > (char *)sh->sh_end - (char *)sh->sh_base) {
void *newptr;
- newptr = realloc( sh->sh_base, size );
+ newptr = ch_realloc( sh->sh_base, size );
if ( newptr == NULL ) return NULL;
sh->sh_base = newptr;
}
@@ -267,11 +267,19 @@
int i, j;
#ifdef SLAP_NO_SL_MALLOC
- return ber_memalloc_x( size, NULL );
+ newptr = ber_memalloc_x( size, NULL );
+ if ( newptr ) return newptr;
+ assert( 0 );
+ exit( EXIT_FAILURE );
#endif
/* ber_set_option calls us like this */
- if (!ctx) return ber_memalloc_x(size, NULL);
+ if (!ctx) {
+ newptr = ber_memalloc_x( size, NULL );
+ if ( newptr ) return newptr;
+ assert( 0 );
+ exit( EXIT_FAILURE );
+ }
/* round up to doubleword boundary */
size += sizeof(ber_len_t) + pad;
@@ -375,7 +383,10 @@
return slap_sl_malloc(size, ctx);
#ifdef SLAP_NO_SL_MALLOC
- return ber_memrealloc_x( ptr, size, NULL );
+ newptr = ber_memrealloc_x( ptr, size, NULL );
+ if ( newptr ) return newptr;
+ assert( 0 );
+ exit( EXIT_FAILURE );
#endif
/* Not our memory? */
Modified: openldap/vendor/openldap-release/servers/slapd/slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slap.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/slap.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* slap.h - stand alone ldap server include file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.764.2.47 2009/02/10 17:03:11 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.764.2.49 2009/07/01 17:01:58 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -2371,6 +2371,7 @@
struct slap_csn_entry {
struct berval ce_csn;
+ int ce_sid;
unsigned long ce_opid;
unsigned long ce_connid;
#define SLAP_CSN_PENDING 1
@@ -2809,6 +2810,7 @@
BerElement *c_currentber; /* ber we're attempting to read */
int c_writers; /* number of writers waiting */
+ char c_writing; /* someone is writing */
char c_sasl_bind_in_progress; /* multi-op bind in progress */
char c_writewaiter; /* true if blocked on write */
Modified: openldap/vendor/openldap-release/servers/slapd/slapadd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapadd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/slapadd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.36.2.11 2009/02/05 20:11:00 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.36.2.13 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -64,7 +64,7 @@
int match;
int checkvals;
- int lineno, nextline;
+ int lineno, nextline, ldifrc;
int lmax;
int rc = EXIT_SUCCESS;
int manage = 0;
@@ -142,8 +142,10 @@
}
/* nextline is the line number of the end of the current entry */
- for( lineno=1; ldif_read_record( ldiffp, &nextline, &buf, &lmax );
- lineno=nextline+1 ) {
+ for( lineno=1; ( ldifrc = ldif_read_record( ldiffp, &nextline, &buf, &lmax )) > 0;
+ lineno=nextline+1 )
+ {
+ BackendDB *bd;
Entry *e;
if ( lineno < jumpline )
@@ -173,9 +175,28 @@
/* make sure the DN is not empty */
if( BER_BVISEMPTY( &e->e_nname ) &&
- !BER_BVISEMPTY( be->be_nsuffix )) {
- fprintf( stderr, "%s: empty dn=\"%s\" (line=%d)\n",
- progname, e->e_dn, lineno );
+ !BER_BVISEMPTY( be->be_nsuffix ))
+ {
+ fprintf( stderr, "%s: line %d: "
+ "cannot add entry with empty dn=\"%s\"",
+ progname, lineno, e->e_dn );
+ bd = select_backend( &e->e_nname, nosubordinates );
+ if ( bd ) {
+ BackendDB *bdtmp;
+ int dbidx = 0;
+ LDAP_STAILQ_FOREACH( bdtmp, &backendDB, be_next ) {
+ if ( bdtmp == bd ) break;
+ dbidx++;
+ }
+
+ assert( bdtmp != NULL );
+
+ fprintf( stderr, "; did you mean to use database #%d (%s)?",
+ dbidx,
+ bd->be_suffix[0].bv_val );
+
+ }
+ fprintf( stderr, "\n" );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
@@ -183,19 +204,32 @@
}
/* check backend */
- if( select_backend( &e->e_nname, nosubordinates )
- != be )
- {
+ bd = select_backend( &e->e_nname, nosubordinates );
+ if ( bd != be ) {
fprintf( stderr, "%s: line %d: "
- "database (%s) not configured to hold \"%s\"\n",
+ "database #%d (%s) not configured to hold \"%s\"",
progname, lineno,
- be ? be->be_suffix[0].bv_val : "<none>",
+ dbnum,
+ be->be_suffix[0].bv_val,
e->e_dn );
- fprintf( stderr, "%s: line %d: "
- "database (%s) not configured to hold \"%s\"\n",
- progname, lineno,
- be ? be->be_nsuffix[0].bv_val : "<none>",
- e->e_ndn );
+ if ( bd ) {
+ BackendDB *bdtmp;
+ int dbidx = 0;
+ LDAP_STAILQ_FOREACH( bdtmp, &backendDB, be_next ) {
+ if ( bdtmp == bd ) break;
+ dbidx++;
+ }
+
+ assert( bdtmp != NULL );
+
+ fprintf( stderr, "; did you mean to use database #%d (%s)?",
+ dbidx,
+ bd->be_suffix[0].bv_val );
+
+ } else {
+ fprintf( stderr, "; no database configured for that naming context" );
+ }
+ fprintf( stderr, "\n" );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
@@ -369,6 +403,9 @@
entry_free( e );
}
+ if ( ldifrc < 0 )
+ rc = EXIT_FAILURE;
+
bvtext.bv_len = textlen;
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* slapcommon.c - common routine for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.73.2.10 2009/02/06 01:03:12 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.73.2.16 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -80,7 +80,7 @@
case SLAPCAT:
options = " [-c]\n\t[-g] [-n databasenumber | -b suffix]"
- " [-l ldiffile] [-a filter]\n";
+ " [-l ldiffile] [-a filter] [-s subtree]\n";
break;
case SLAPDN:
@@ -94,6 +94,11 @@
case SLAPTEST:
options = " [-u]\n";
break;
+
+ case SLAPSCHEMA:
+ options = " [-c]\n\t[-g] [-n databasenumber | -b suffix]"
+ " [-l errorfile] [-a filter] [-s subtree]\n";
+ break;
}
if ( options != NULL ) {
@@ -218,15 +223,17 @@
char *subtree = NULL;
char *ldiffile = NULL;
char **debug_unknowns = NULL;
- int rc, i, dbnum;
+ int rc, i;
int mode = SLAP_TOOL_MODE;
int truncatemode = 0;
int use_glue = 1;
+ int writer;
#ifdef LDAP_DEBUG
/* tools default to "none", so that at least LDAP_DEBUG_ANY
* messages show up; use -d 0 to reset */
slap_debug = LDAP_DEBUG_NONE;
+ ldif_debug = slap_debug;
#endif
ldap_syslog = 0;
@@ -237,6 +244,7 @@
leakfile = stderr;
}
free( leakfilename );
+ leakfilename = NULL;
#endif
switch( tool ) {
@@ -254,6 +262,11 @@
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
break;
+ case SLAPSCHEMA:
+ options = "a:b:cd:f:F:gl:n:o:s:v";
+ mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
+ break;
+
case SLAPTEST:
options = "d:f:F:o:Quv";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
@@ -353,7 +366,7 @@
break;
case 'n': /* which config file db to index */
- if ( lutil_atoi( &dbnum, optarg ) ) {
+ if ( lutil_atoi( &dbnum, optarg ) || dbnum < 0 ) {
usage( tool, progname );
}
break;
@@ -395,7 +408,7 @@
case 's': /* dump subtree */
if ( tool == SLAPADD )
mode |= SLAP_TOOL_NO_SCHEMA_CHECK;
- else if ( tool == SLAPCAT )
+ else if ( tool == SLAPCAT || tool == SLAPSCHEMA )
subtree = ch_strdup( optarg );
break;
@@ -447,13 +460,26 @@
#endif
#ifdef HAVE_EBCDIC
free( logName );
+ logName = NULL;
#endif
}
#endif /* LDAP_DEBUG && LDAP_SYSLOG */
switch ( tool ) {
+ case SLAPCAT:
+ case SLAPSCHEMA:
+ writer = 1;
+ break;
+
+ default:
+ writer = 0;
+ break;
+ }
+
+ switch ( tool ) {
case SLAPADD:
case SLAPCAT:
+ case SLAPSCHEMA:
if ( ( argc != optind ) || (dbnum >= 0 && base.bv_val != NULL ) ) {
usage( tool, progname );
}
@@ -500,10 +526,10 @@
}
if ( ldiffile == NULL ) {
- dummy.fp = tool == SLAPCAT ? stdout : stdin;
+ dummy.fp = writer ? stdout : stdin;
ldiffp = &dummy;
- } else if ((ldiffp = ldif_open( ldiffile, tool == SLAPCAT ? "w" : "r" ))
+ } else if ((ldiffp = ldif_open( ldiffile, writer ? "w" : "r" ))
== NULL )
{
perror( ldiffile );
@@ -552,6 +578,7 @@
case SLAPADD:
case SLAPCAT:
case SLAPINDEX:
+ case SLAPSCHEMA:
if ( !nbackends ) {
fprintf( stderr, "No databases found "
"in config file\n" );
@@ -598,6 +625,9 @@
fprintf( stderr, "Invalid filter '%s'\n", filterstr );
exit( EXIT_FAILURE );
}
+
+ ch_free( filterstr );
+ filterstr = NULL;
}
if( subtree ) {
@@ -613,6 +643,7 @@
base = val;
} else {
free( subtree );
+ subtree = NULL;
}
}
@@ -628,6 +659,7 @@
be = select_backend( &nbase, 0 );
ber_memfree( nbase.bv_val );
+ BER_BVZERO( &nbase );
switch ( tool ) {
case SLAPACL:
@@ -649,6 +681,9 @@
nosubordinates = 1;
}
+ ch_free( base.bv_val );
+ BER_BVZERO( &base );
+
} else if ( dbnum == -1 ) {
/* no suffix and no dbnum specified, just default to
* the first available database
@@ -689,12 +724,12 @@
progname, dbnum, 0 );
}
- } else if ( dbnum < 0 || dbnum > (nbackends-1) ) {
+ } else if ( dbnum >= nbackends ) {
fprintf( stderr,
"Database number selected via -n is out of range\n"
"Must be in the range 0 to %d"
- " (number of configured databases)\n",
- nbackends-1 );
+ " (the number of configured databases)\n",
+ nbackends - 1 );
exit( EXIT_FAILURE );
} else {
@@ -705,17 +740,28 @@
}
startup:;
+ if ( be ) {
+ BackendDB *bdtmp;
+ dbnum = 0;
+ LDAP_STAILQ_FOREACH( bdtmp, &backendDB, be_next ) {
+ if ( bdtmp == be ) break;
+ dbnum++;
+ }
+ }
+
#ifdef CSRIMALLOC
mal_leaktrace(1);
#endif
if ( conffile != NULL ) {
ch_free( conffile );
+ conffile = NULL;
}
if ( ldiffile != NULL ) {
ch_free( ldiffile );
+ ldiffile = NULL;
}
/* slapdn doesn't specify a backend to startup */
@@ -770,6 +816,7 @@
if ( !BER_BVISNULL( &authcDN ) ) {
ch_free( authcDN.bv_val );
+ BER_BVZERO( &authcDN );
}
if ( ldiffp && ldiffp != &dummy ) {
Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* slapcommon.h - common definitions for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.14.2.6 2009/01/22 00:01:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.14.2.8 2009/06/02 22:36:18 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -26,6 +26,7 @@
SLAPDN, /* DN check w/ syntax tool */
SLAPINDEX, /* database index tool */
SLAPPASSWD, /* password generation tool */
+ SLAPSCHEMA, /* schema checking tool */
SLAPTEST, /* slapd.conf test tool */
SLAPAUTH, /* test authz-regexp and authc/authz stuff */
SLAPACL, /* test acl */
@@ -34,6 +35,7 @@
typedef struct tool_vars {
Backend *tv_be;
+ int tv_dbnum;
int tv_verbose;
int tv_quiet;
int tv_update_ctxcsn;
@@ -66,6 +68,7 @@
extern tool_vars tool_globals;
#define be tool_globals.tv_be
+#define dbnum tool_globals.tv_dbnum
#define verbose tool_globals.tv_verbose
#define quiet tool_globals.tv_quiet
#define jumpline tool_globals.tv_jumpline
Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.189.2.13 2009/02/05 19:35:55 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.189.2.14 2009/06/02 23:07:29 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2002-2009 The OpenLDAP Foundation.
@@ -475,21 +475,30 @@
slapi_entry_has_children( const Slapi_Entry *e )
{
Slapi_PBlock *pb;
- int hasSubordinates = 0;
+ Backend *be = select_backend( (struct berval *)&e->e_nname, 0 );
+ int rc, hasSubordinates = 0;
+ if ( be == NULL || be->be_has_subordinates == 0 ) {
+ return 0;
+ }
+
pb = slapi_pblock_new();
+ if ( pb == NULL ) {
+ return 0;
+ }
slapi_int_connection_init_pb( pb, LDAP_REQ_SEARCH );
- slapi_pblock_set( pb, SLAPI_TARGET_DN, slapi_entry_get_dn( (Entry *)e ) );
-
- pb->pb_op->o_bd = select_backend( (struct berval *)&e->e_nname, 0 );
- if ( pb->pb_op->o_bd != NULL ) {
- pb->pb_op->o_bd->be_has_subordinates( pb->pb_op, (Entry *)e, &hasSubordinates );
+ rc = slapi_pblock_set( pb, SLAPI_TARGET_DN, slapi_entry_get_dn(
+ (Entry *) e ));
+ if ( rc == LDAP_SUCCESS ) {
+ pb->pb_op->o_bd = be;
+ rc = be->be_has_subordinates( pb->pb_op, (Entry *) e,
+ &hasSubordinates );
}
slapi_pblock_destroy( pb );
- return ( hasSubordinates == LDAP_COMPARE_TRUE );
+ return ( rc == LDAP_SUCCESS && hasSubordinates == LDAP_COMPARE_TRUE );
}
/*
Added: openldap/vendor/openldap-release/servers/slapd/slapschema.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapschema.c (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/slapschema.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,142 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapschema.c,v 1.1.2.2 2009/06/02 22:36:18 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software. Code portions borrowed from slapcat.c;
+ * contributors are Kurt Zeilenga and Jong Hyuk Choi
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include "ac/stdlib.h"
+#include "ac/ctype.h"
+#include "ac/socket.h"
+#include "ac/string.h"
+
+#include "slapcommon.h"
+#include "ldif.h"
+
+static volatile sig_atomic_t gotsig;
+
+static RETSIGTYPE
+slapcat_sig( int sig )
+{
+ gotsig=1;
+}
+
+int
+slapschema( int argc, char **argv )
+{
+ ID id;
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapschema";
+ Connection conn = { 0 };
+ OperationBuffer opbuf;
+ Operation *op = NULL;
+
+ slap_tool_init( progname, SLAPCAT, argc, argv );
+
+#ifdef SIGPIPE
+ (void) SIGNAL( SIGPIPE, slapcat_sig );
+#endif
+#ifdef SIGHUP
+ (void) SIGNAL( SIGHUP, slapcat_sig );
+#endif
+ (void) SIGNAL( SIGINT, slapcat_sig );
+ (void) SIGNAL( SIGTERM, slapcat_sig );
+
+ if( !be->be_entry_open ||
+ !be->be_entry_close ||
+ !be->be_entry_first ||
+ !be->be_entry_next ||
+ !be->be_entry_get )
+ {
+ fprintf( stderr, "%s: database doesn't support necessary operations.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ if( be->be_entry_open( be, 0 ) != 0 ) {
+ fprintf( stderr, "%s: could not open database.\n",
+ progname );
+ exit( EXIT_FAILURE );
+ }
+
+ connection_fake_init( &conn, &opbuf, &conn );
+ op = &opbuf.ob_op;
+ op->o_tmpmemctx = NULL;
+ op->o_bd = be;
+
+ for ( id = be->be_entry_first( be );
+ id != NOID;
+ id = be->be_entry_next( be ) )
+ {
+ Entry* e;
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof(textbuf);
+ const char *text = NULL;
+
+ if ( gotsig )
+ break;
+
+ e = be->be_entry_get( be, id );
+ if ( e == NULL ) {
+ printf("# no data for entry id=%08lx\n\n", (long) id );
+ rc = EXIT_FAILURE;
+ if( continuemode ) continue;
+ break;
+ }
+
+ if( sub_ndn.bv_len && !dnIsSuffix( &e->e_nname, &sub_ndn ) ) {
+ be_entry_release_r( op, e );
+ continue;
+ }
+
+ if( filter != NULL ) {
+ int rc = test_filter( NULL, e, filter );
+ if( rc != LDAP_COMPARE_TRUE ) {
+ be_entry_release_r( op, e );
+ continue;
+ }
+ }
+
+ if( verbose ) {
+ printf( "# id=%08lx\n", (long) id );
+ }
+
+ rc = entry_schema_check( op, e, NULL, 0, 0, NULL,
+ &text, textbuf, textlen );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( ldiffp->fp, "# (%d) %s%s%s\n",
+ rc, ldap_err2string( rc ),
+ text ? ": " : "",
+ text ? text : "" );
+ fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val );
+ }
+
+ be_entry_release_r( op, e );
+ }
+
+ be->be_entry_close( be );
+
+ if ( slap_tool_destroy() )
+ rc = EXIT_FAILURE;
+
+ return rc;
+}
Modified: openldap/vendor/openldap-release/servers/slapd/syncrepl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syncrepl.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/servers/slapd/syncrepl.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.63 2009/02/17 21:17:20 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.80 2009/06/11 21:53:44 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2009 The OpenLDAP Foundation.
@@ -41,6 +41,7 @@
ldap_pvt_thread_mutex_t cs_mutex;
int cs_num;
int cs_age;
+ int cs_ref;
struct berval *cs_vals;
int *cs_sids;
} cookie_state;
@@ -863,6 +864,7 @@
}
}
}
+ op->o_controls[slap_cids.sc_LDAPsync] = &syncCookie;
}
}
rc = 0;
@@ -969,6 +971,7 @@
if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie, NULL );
+ op->o_controls[slap_cids.sc_LDAPsync] = &syncCookie;
}
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES )
@@ -1037,6 +1040,18 @@
"LDAP_RES_INTERMEDIATE",
"NEW_COOKIE" );
ber_scanf( ber, "tm", &tag, &cookie );
+ Debug( LDAP_DEBUG_SYNC,
+ "do_syncrep2: %s NEW_COOKIE: %s\n",
+ si->si_ridtxt,
+ cookie.bv_val, 0);
+ if ( !BER_BVISNULL( &cookie ) ) {
+ ch_free( syncCookie.octet_str.bv_val );
+ ber_dupbv( &syncCookie.octet_str, &cookie );
+ }
+ if (!BER_BVISNULL( &syncCookie.octet_str ) ) {
+ slap_parse_sync_cookie( &syncCookie, NULL );
+ op->o_controls[slap_cids.sc_LDAPsync] = &syncCookie;
+ }
break;
case LDAP_TAG_SYNC_REFRESH_DELETE:
case LDAP_TAG_SYNC_REFRESH_PRESENT:
@@ -1066,6 +1081,7 @@
if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie, NULL );
+ op->o_controls[slap_cids.sc_LDAPsync] = &syncCookie;
}
}
/* Defaults to TRUE */
@@ -1101,6 +1117,7 @@
if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie, NULL );
+ op->o_controls[slap_cids.sc_LDAPsync] = &syncCookie;
compare_csns( &syncCookie_req, &syncCookie, &m );
}
}
@@ -1149,6 +1166,7 @@
if ( match < 0 ) {
if ( si->si_refreshPresent == 1 &&
+ si_tag != LDAP_TAG_SYNC_NEW_COOKIE &&
syncCookie_req.numcsns == syncCookie.numcsns ) {
syncrepl_del_nonpresent( op, si, NULL,
&syncCookie, m );
@@ -1238,17 +1256,28 @@
int rc = LDAP_SUCCESS;
int dostop = 0;
ber_socket_t s;
- int i, defer = 1, fail = 0;
+ int i, defer = 1, fail = 0, freeinfo = 0;
Backend *be;
- Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl %s\n", si->si_ridtxt, 0, 0 );
-
if ( si == NULL )
return NULL;
+ if ( slapd_shutdown )
+ return NULL;
- /* There will never be more than one instance active */
- ldap_pvt_thread_mutex_lock( &si->si_mutex );
+ Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl %s\n", si->si_ridtxt, 0, 0 );
+ /* Don't get stuck here while a pause is initiated */
+ while ( ldap_pvt_thread_mutex_trylock( &si->si_mutex )) {
+ if ( slapd_shutdown )
+ return NULL;
+ if ( !ldap_pvt_thread_pool_pausecheck( &connection_pool ))
+ ldap_pvt_thread_yield();
+ }
+
+ if ( si->si_ctype < 1 ) {
+ goto deleted;
+ }
+
switch( abs( si->si_type ) ) {
case LDAP_SYNC_REFRESH_ONLY:
case LDAP_SYNC_REFRESH_AND_PERSIST:
@@ -1274,10 +1303,6 @@
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
- /* use global malloc for now */
- op->o_tmpmemctx = NULL;
- op->o_tmpmfuncs = &ch_mfuncs;
-
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
be = si->si_be;
@@ -1336,8 +1361,13 @@
goto reload;
}
+deleted:
/* We got deleted while running on cn=config */
- if ( !si->si_ctype ) {
+ if ( si->si_ctype < 1 ) {
+ if ( si->si_ctype == -1 ) {
+ si->si_ctype = 0;
+ freeinfo = 1;
+ }
if ( si->si_conn )
dostop = 1;
rc = -1;
@@ -1404,7 +1434,7 @@
break;
}
- if ( !si->si_ctype
+ if ( si->si_ctype < 1
|| !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
if ( si->si_re ) {
ldap_pvt_runqueue_remove( &slapd_rq, rtask );
@@ -1427,24 +1457,22 @@
if ( rc ) {
if ( fail == RETRYNUM_TAIL ) {
Debug( LDAP_DEBUG_ANY,
- "do_syncrepl: %s quitting\n",
- si->si_ridtxt, 0, 0 );
+ "do_syncrepl: %s rc %d quitting\n",
+ si->si_ridtxt, rc, 0 );
} else if ( fail > 0 ) {
Debug( LDAP_DEBUG_ANY,
- "do_syncrepl: %s retrying (%d retries left)\n",
- si->si_ridtxt, fail, 0 );
+ "do_syncrepl: %s rc %d retrying (%d retries left)\n",
+ si->si_ridtxt, rc, fail );
} else {
Debug( LDAP_DEBUG_ANY,
- "do_syncrepl: %s retrying\n",
- si->si_ridtxt, 0, 0 );
+ "do_syncrepl: %s rc %d retrying\n",
+ si->si_ridtxt, rc, 0 );
}
}
/* Do final delete cleanup */
- if ( !si->si_ctype ) {
- cookie_state *cs = si->si_cookieState;
- syncinfo_free( si, ( !be->be_syncinfo ||
- be->be_syncinfo->si_cookieState != cs ));
+ if ( freeinfo ) {
+ syncinfo_free( si, 0 );
}
return NULL;
}
@@ -1566,6 +1594,7 @@
prdn = BER_BVNULL, nrdn = BER_BVNULL,
psup = BER_BVNULL, nsup = BER_BVNULL;
int rc, deleteOldRdn = 0, freeReqDn = 0;
+ int do_graduate = 0;
if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: %s "
@@ -1598,7 +1627,16 @@
if ( !ber_bvstrcasecmp( &bv, &ls->ls_dn ) ) {
bdn = bvals[0];
- dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ rc = dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_message_to_op: %s "
+ "dn \"%s\" normalization failed (%d)",
+ si->si_ridtxt, bdn.bv_val, rc );
+ rc = -1;
+ ch_free( bvals );
+ goto done;
+ }
ber_dupbv( &op->o_req_dn, &dn );
ber_dupbv( &op->o_req_ndn, &ndn );
slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
@@ -1634,6 +1672,7 @@
&slap_schema.si_ad_entryCSN->ad_cname ) )
{
slap_queue_csn( op, bvals );
+ do_graduate = 1;
}
ch_free( bvals );
}
@@ -1678,6 +1717,7 @@
Debug( LDAP_DEBUG_SYNC,
"syncrepl_message_to_op: %s be_add %s (%d)\n",
si->si_ridtxt, op->o_req_dn.bv_val, rc );
+ do_graduate = 0;
}
if ( e == op->ora_e )
be_entry_release_w( op, op->ora_e );
@@ -1690,6 +1730,7 @@
"syncrepl_message_to_op: %s be_modify %s (%d)\n",
si->si_ridtxt, op->o_req_dn.bv_val, rc );
op->o_bd = si->si_be;
+ do_graduate = 0;
}
break;
case LDAP_REQ_MODRDN:
@@ -1733,16 +1774,19 @@
Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
"syncrepl_message_to_op: %s be_modrdn %s (%d)\n",
si->si_ridtxt, op->o_req_dn.bv_val, rc );
+ do_graduate = 0;
break;
case LDAP_REQ_DELETE:
rc = op->o_bd->be_delete( op, &rs );
Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
"syncrepl_message_to_op: %s be_delete %s (%d)\n",
si->si_ridtxt, op->o_req_dn.bv_val, rc );
+ do_graduate = 0;
break;
}
done:
- slap_graduate_commit_csn( op );
+ if ( do_graduate )
+ slap_graduate_commit_csn( op );
op->o_bd = si->si_be;
op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_csn );
@@ -1824,7 +1868,21 @@
return -1;
}
- dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ rc = dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ if ( rc != LDAP_SUCCESS ) {
+ /* One of the things that could happen is that the schema
+ * is not lined-up; this could result in unknown attributes.
+ * A value non conformant to the syntax should be unlikely,
+ * except when replicating between different versions
+ * of the software, or when syntax validation bugs are fixed
+ */
+ Debug( LDAP_DEBUG_ANY,
+ "syncrepl_message_to_entry: "
+ "%s dn \"%s\" normalization failed (%d)",
+ si->si_ridtxt, bdn.bv_val, rc );
+ return rc;
+ }
+
ber_dupbv( &op->o_req_dn, &dn );
ber_dupbv( &op->o_req_ndn, &ndn );
slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
@@ -2152,8 +2210,8 @@
rc = op->o_bd->be_add( op, &rs_add );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s be_add (%d)\n",
- si->si_ridtxt, rc, 0 );
+ "syncrepl_entry: %s be_add %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
switch ( rs_add.sr_err ) {
case LDAP_SUCCESS:
if ( op->ora_e == entry ) {
@@ -2215,10 +2273,11 @@
default:
Debug( LDAP_DEBUG_ANY,
- "syncrepl_entry: %s be_add failed (%d)\n",
- si->si_ridtxt, rs_add.sr_err, 0 );
+ "syncrepl_entry: %s be_add %s failed (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rs_add.sr_err );
break;
}
+ syncCSN = NULL;
op->o_bd = be;
goto done;
}
@@ -2309,6 +2368,12 @@
break;
}
}
+ if ( !mod->sml_numvals ) {
+ /* Drop this op */
+ *ml = mod->sml_next;
+ mod->sml_next = NULL;
+ slap_mods_free( mod, 1 );
+ }
break;
}
}
@@ -2348,7 +2413,7 @@
}
}
}
-
+
/* RDNs must be NUL-terminated for back-ldap */
noldp = op->orr_newrdn;
ber_dupbv_x( &op->orr_newrdn, &noldp, op->o_tmpmemctx );
@@ -2405,14 +2470,16 @@
slap_mods_free( op->orr_modlist, 1 );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s be_modrdn (%d)\n",
- si->si_ridtxt, rc, 0 );
+ "syncrepl_entry: %s be_modrdn %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
op->o_bd = be;
/* Renamed entries may still have other mods so just fallthru */
op->o_req_dn = entry->e_name;
op->o_req_ndn = entry->e_nname;
/* Use CSN on the modify */
- if ( syncCSN && !just_rename )
+ if ( just_rename )
+ syncCSN = NULL;
+ else if ( syncCSN )
slap_queue_csn( op, syncCSN );
}
if ( dni.mods ) {
@@ -2425,18 +2492,23 @@
slap_mods_free( op->orm_modlist, 1 );
op->orm_no_opattrs = 0;
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s be_modify (%d)\n",
- si->si_ridtxt, rc, 0 );
+ "syncrepl_entry: %s be_modify %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
if ( rs_modify.sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"syncrepl_entry: %s be_modify failed (%d)\n",
si->si_ridtxt, rs_modify.sr_err, 0 );
}
+ syncCSN = NULL;
op->o_bd = be;
} else if ( !dni.renamed ) {
Debug( LDAP_DEBUG_SYNC,
"syncrepl_entry: %s entry unchanged, ignored (%s)\n",
si->si_ridtxt, op->o_req_dn.bv_val, 0 );
+ if ( syncCSN ) {
+ slap_graduate_commit_csn( op );
+ syncCSN = NULL;
+ }
}
goto done;
case LDAP_SYNC_DELETE :
@@ -2447,8 +2519,8 @@
op->o_bd = si->si_wbe;
rc = op->o_bd->be_delete( op, &rs_delete );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s be_delete (%d)\n",
- si->si_ridtxt, rc, 0 );
+ "syncrepl_entry: %s be_delete %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
while ( rs_delete.sr_err == LDAP_SUCCESS
&& op->o_delete_glue_parent ) {
@@ -2465,6 +2537,7 @@
break;
}
}
+ syncCSN = NULL;
op->o_bd = be;
}
goto done;
@@ -3189,8 +3262,6 @@
*/
if ( !is_entry_glue( rs->sr_entry )) {
old = attr_find( rs->sr_entry->e_attrs,
- slap_schema.si_ad_objectClass );
- old = attr_find( rs->sr_entry->e_attrs,
slap_schema.si_ad_entryCSN );
new = attr_find( dni->new_entry->e_attrs,
slap_schema.si_ad_entryCSN );
@@ -3554,12 +3625,9 @@
{
syncinfo_t *si_next;
- if ( free_all && sie->si_cookieState ) {
- ch_free( sie->si_cookieState->cs_sids );
- ber_bvarray_free( sie->si_cookieState->cs_vals );
- ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_mutex );
- ch_free( sie->si_cookieState );
- }
+ Debug( LDAP_DEBUG_TRACE, "syncinfo_free: %s\n",
+ sie->si_ridtxt, 0, 0 );
+
do {
si_next = sie->si_next;
@@ -3571,20 +3639,21 @@
ldap_unbind_ext( sie->si_ld, NULL, NULL );
}
- /* re-fetch it, in case it was already removed */
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- sie->si_re = ldap_pvt_runqueue_find( &slapd_rq, do_syncrepl, sie );
if ( sie->si_re ) {
- if ( ldap_pvt_runqueue_isrunning( &slapd_rq, sie->si_re ) )
- ldap_pvt_runqueue_stoptask( &slapd_rq, sie->si_re );
- ldap_pvt_runqueue_remove( &slapd_rq, sie->si_re );
+ struct re_s *re = sie->si_re;
+ sie->si_re = NULL;
+
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )
+ ldap_pvt_runqueue_stoptask( &slapd_rq, re );
+ ldap_pvt_runqueue_remove( &slapd_rq, re );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
-
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
- ldap_pvt_thread_mutex_destroy( &sie->si_mutex );
-
+
+ ldap_pvt_thread_mutex_destroy( &sie->si_mutex );
+
bindconf_free( &sie->si_bindconf );
-
+
if ( sie->si_filterstr.bv_val ) {
ch_free( sie->si_filterstr.bv_val );
}
@@ -3660,6 +3729,13 @@
}
ch_free( npe );
}
+ sie->si_cookieState->cs_ref--;
+ if ( !sie->si_cookieState->cs_ref ) {
+ ch_free( sie->si_cookieState->cs_sids );
+ ber_bvarray_free( sie->si_cookieState->cs_vals );
+ ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_mutex );
+ ch_free( sie->si_cookieState );
+ }
ch_free( sie );
sie = si_next;
} while ( free_all && si_next );
@@ -4329,7 +4405,7 @@
si->si_cookieState = c->be->be_syncinfo->si_cookieState;
- // add new syncrepl to end of list (same order as when deleting)
+ /* add new syncrepl to end of list (same order as when deleting) */
for ( sip = c->be->be_syncinfo; sip->si_next; sip = sip->si_next );
sip->si_next = si;
} else {
@@ -4338,6 +4414,7 @@
c->be->be_syncinfo = si;
}
+ si->si_cookieState->cs_ref++;
si->si_next = NULL;
@@ -4536,13 +4613,11 @@
}
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
- cookie_state *cs = NULL;
int isrunning = 0;
if ( c->be->be_syncinfo ) {
syncinfo_t *si, **sip;
int i;
- cs = c->be->be_syncinfo->si_cookieState;
for ( sip = &c->be->be_syncinfo, i=0; *sip; i++ ) {
si = *sip;
if ( c->valx == -1 || i == c->valx ) {
@@ -4555,11 +4630,20 @@
if ( ldap_pvt_thread_mutex_trylock( &si->si_mutex )) {
isrunning = 1;
} else {
+ if ( si->si_conn ) {
+ /* If there's a persistent connection, it may
+ * already have a thread queued. We know it's
+ * not active, so it must be pending and we
+ * can simply cancel it now.
+ */
+ ldap_pvt_thread_pool_retract( &connection_pool,
+ si->si_re->routine, si->si_re );
+ }
ldap_pvt_thread_mutex_unlock( &si->si_mutex );
}
}
- if ( si->si_re && isrunning ) {
- si->si_ctype = 0;
+ if ( isrunning ) {
+ si->si_ctype = -1;
si->si_next = NULL;
} else {
syncinfo_free( si, 0 );
@@ -4573,12 +4657,6 @@
}
if ( !c->be->be_syncinfo ) {
SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_SHADOW_MASK;
- if ( cs && !isrunning ) {
- ch_free( cs->cs_sids );
- ber_bvarray_free( cs->cs_vals );
- ldap_pvt_thread_mutex_destroy( &cs->cs_mutex );
- ch_free( cs );
- }
}
return 0;
}
Added: openldap/vendor/openldap-release/tests/data/memberof-refint.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/memberof-refint.out (rev 0)
+++ openldap/vendor/openldap-release/tests/data/memberof-refint.out 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,125 @@
+# Search the entire database...
+dn: cn=Baby Herman,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
+
+dn: cn=Cartoonia,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,dc=example,dc=com
+member: cn=Baby Herman,ou=People,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: cn=Roger Rabbit,ou=People,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
+
+# Re-search the entire database...
+dn: cn=Baby Herman,ou=Toons,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
+
+dn: cn=Cartoonia,ou=Groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+member: cn=Baby Herman,ou=Toons,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
+
+dn: ou=Toons,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Toons
+
+# Re-search the entire database...
+dn: cn=Baby Herman,ou=Toons,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+memberOf: cn=Cartoonia,ou=Studios,dc=example,dc=com
+
+dn: cn=Cartoonia,ou=Studios,dc=example,dc=com
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+member: cn=Baby Herman,ou=Toons,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+memberOf: cn=Cartoonia,ou=Studios,dc=example,dc=com
+
+dn: ou=Studios,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Studios
+
+dn: ou=Toons,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Toons
+
+# Re-search the entire database...
+dn: cn=Cartoonia,ou=Studios,dc=example,dc=com
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: cn=Roger Rabbit,ou=Toons,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+memberOf: cn=Cartoonia,ou=Studios,dc=example,dc=com
+
+dn: ou=Studios,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Studios
+
+dn: ou=Toons,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Toons
+
Added: openldap/vendor/openldap-release/tests/data/monitor1.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/monitor1.out (rev 0)
+++ openldap/vendor/openldap-release/tests/data/monitor1.out 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,31 @@
+dn: cn=Connection 1,cn=Connections,cn=Monitor
+structuralObjectClass: monitorConnection
+monitorConnectionProtocol: 3
+monitorConnectionOpsReceived: 2
+monitorConnectionOpsExecuting: 1
+monitorConnectionOpsPending: 0
+monitorConnectionOpsCompleted: 1
+monitorConnectionGet: 2
+monitorConnectionRead: 2
+monitorConnectionWrite: 0
+monitorConnectionMask: rx
+monitorConnectionListener: ldap://localhost:9011/
+monitorConnectionLocalAddress: IP=127.0.0.1:9011
+entryDN: cn=Connection 1,cn=Connections,cn=Monitor
+
+dn: cn=Connections,cn=Monitor
+structuralObjectClass: monitorContainer
+entryDN: cn=Connections,cn=Monitor
+
+dn: cn=Current,cn=Connections,cn=Monitor
+structuralObjectClass: monitorCounterObject
+entryDN: cn=Current,cn=Connections,cn=Monitor
+
+dn: cn=Max File Descriptors,cn=Connections,cn=Monitor
+structuralObjectClass: monitorCounterObject
+entryDN: cn=Max File Descriptors,cn=Connections,cn=Monitor
+
+dn: cn=Total,cn=Connections,cn=Monitor
+structuralObjectClass: monitorCounterObject
+entryDN: cn=Total,cn=Connections,cn=Monitor
+
Added: openldap/vendor/openldap-release/tests/data/monitor2.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/monitor2.out (rev 0)
+++ openldap/vendor/openldap-release/tests/data/monitor2.out 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,40 @@
+dn: cn=Database 0,cn=Databases,cn=Monitor
+structuralObjectClass: monitoredObject
+monitorIsShadow: FALSE
+namingContexts: cn=config
+readOnly: FALSE
+entryDN: cn=Database 0,cn=Databases,cn=Monitor
+
+dn: cn=Database 1,cn=Databases,cn=Monitor
+structuralObjectClass: monitoredObject
+monitorIsShadow: FALSE
+namingContexts: o=OpenLDAP Project,l=Internet
+readOnly: FALSE
+olmBDBEntryCache: 0
+olmBDBDNCache: 0
+olmBDBIDLCache: 0
+entryDN: cn=Database 1,cn=Databases,cn=Monitor
+
+dn: cn=Database 2,cn=Databases,cn=Monitor
+structuralObjectClass: monitoredObject
+monitorIsShadow: FALSE
+monitorContext: cn=Monitor
+readOnly: FALSE
+entryDN: cn=Database 2,cn=Databases,cn=Monitor
+
+dn: cn=Databases,cn=Monitor
+structuralObjectClass: monitorContainer
+readOnly: FALSE
+namingContexts:
+namingContexts: cn=config
+namingContexts: o=OpenLDAP Project,l=Internet
+monitorContext: cn=Monitor
+entryDN: cn=Databases,cn=Monitor
+
+dn: cn=Frontend,cn=Databases,cn=Monitor
+structuralObjectClass: monitoredObject
+monitorIsShadow: FALSE
+namingContexts:
+readOnly: FALSE
+entryDN: cn=Frontend,cn=Databases,cn=Monitor
+
Added: openldap/vendor/openldap-release/tests/data/monitor3.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/monitor3.out (rev 0)
+++ openldap/vendor/openldap-release/tests/data/monitor3.out 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,15 @@
+dn: cn=Entries,cn=Statistics,cn=Monitor
+structuralObjectClass: monitorCounterObject
+monitorCounter: 12
+entryDN: cn=Entries,cn=Statistics,cn=Monitor
+
+dn: cn=PDU,cn=Statistics,cn=Monitor
+structuralObjectClass: monitorCounterObject
+monitorCounter: 18
+entryDN: cn=PDU,cn=Statistics,cn=Monitor
+
+dn: cn=Referrals,cn=Statistics,cn=Monitor
+structuralObjectClass: monitorCounterObject
+monitorCounter: 0
+entryDN: cn=Referrals,cn=Statistics,cn=Monitor
+
Added: openldap/vendor/openldap-release/tests/data/monitor4.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/monitor4.out (rev 0)
+++ openldap/vendor/openldap-release/tests/data/monitor4.out 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,66 @@
+dn: cn=Abandon,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Abandon,cn=Operations,cn=Monitor
+
+dn: cn=Add,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Add,cn=Operations,cn=Monitor
+
+dn: cn=Bind,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 5
+monitorOpCompleted: 5
+entryDN: cn=Bind,cn=Operations,cn=Monitor
+
+dn: cn=Compare,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Compare,cn=Operations,cn=Monitor
+
+dn: cn=Delete,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Delete,cn=Operations,cn=Monitor
+
+dn: cn=Extended,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Extended,cn=Operations,cn=Monitor
+
+dn: cn=Modify,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Modify,cn=Operations,cn=Monitor
+
+dn: cn=Modrdn,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 0
+monitorOpCompleted: 0
+entryDN: cn=Modrdn,cn=Operations,cn=Monitor
+
+dn: cn=Operations,cn=Monitor
+structuralObjectClass: monitorContainer
+monitorOpInitiated: 14
+monitorOpCompleted: 13
+entryDN: cn=Operations,cn=Monitor
+
+dn: cn=Search,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 5
+monitorOpCompleted: 4
+entryDN: cn=Search,cn=Operations,cn=Monitor
+
+dn: cn=Unbind,cn=Operations,cn=Monitor
+structuralObjectClass: monitorOperation
+monitorOpInitiated: 4
+monitorOpCompleted: 4
+entryDN: cn=Unbind,cn=Operations,cn=Monitor
+
Modified: openldap/vendor/openldap-release/tests/data/ppolicy.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/ppolicy.ldif 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/ppolicy.ldif 2009-07-27 22:27:07 UTC (rev 1224)
@@ -33,6 +33,7 @@
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: TRUE
+pwdLockout: TRUE
dn: uid=nd, ou=People, dc=example, dc=com
objectClass: top
Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# stand-alone slapd config -- for backglue testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl1.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl1.conf,v 1.9.2.7 2009/06/27 18:49:51 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -76,7 +76,7 @@
schemachecking=off
scope=sub
type=refreshAndPersist
- retry="3 3 300 5"
+ retry="3 10 300 5"
updateref @URI2@
#overlay syncprov
Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# stand-alone slapd config -- for backglue testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl2.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl2.conf,v 1.9.2.7 2009/06/27 18:49:51 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -59,7 +59,7 @@
schemachecking=off
scope=sub
type=refreshAndPersist
- retry="3 3 300 5"
+ retry="3 10 300 5"
updateref @URI1@
#overlay syncprov
Modified: openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.11.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.11.2.7 2009/07/01 21:01:41 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -19,8 +19,6 @@
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
include @SCHEMADIR@/ppolicy.schema
-pidfile @TESTDIR@/slapd.pid
-argsfile @TESTDIR@/slapd.args
#mod#modulepath ../servers/slapd/back- at BACKEND@/
#mod#moduleload back_ at BACKEND@.la
@@ -56,3 +54,6 @@
by * read
#monitor#database monitor
+
+database config
+include @TESTDIR@/configpw.conf
Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# slave slapd config -- for testing of SYNC replication with intermediate proxy
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-multiproxy.conf,v 1.2.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-multiproxy.conf,v 1.2.2.7 2009/03/05 22:19:39 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -78,7 +78,7 @@
schemachecking=off
scope=sub
type=refreshAndPersist
- retry="5 5 300 5"
+ retry="3 5 300 5"
database ldap
hidden on
@@ -102,7 +102,7 @@
schemachecking=off
scope=sub
type=refreshOnly
- interval=00:00:00:10
- retry="5 5 300 5"
+ interval=00:00:00:03
+ retry="3 5 300 5"
#monitor#database monitor
Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# slave slapd config -- for testing of SYNC replication with intermediate proxy
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist-ldap.conf,v 1.5.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist-ldap.conf,v 1.5.2.8 2009/03/11 03:09:08 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -69,7 +69,7 @@
schemachecking=off
scope=sub
type=refreshAndPersist
- retry="5 5 300 5"
+ retry="3 10 5 +"
overlay syncprov
Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.23.2.7 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.23.2.8 2009/03/05 22:19:39 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -68,7 +68,7 @@
schemachecking=off
scope=sub
type=refreshAndPersist
- retry="5 5 300 5"
+ retry="3 5 300 5"
updateref @URI1@
overlay syncprov
Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
# slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh1.conf,v 1.28.2.6 2009/01/22 00:01:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh1.conf,v 1.28.2.7 2009/03/05 22:19:39 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -58,7 +58,7 @@
schemachecking=off
scope=sub
type=refreshOnly
- interval=00:00:00:10
+ interval=00:00:00:03
updateref @URI1@
overlay syncprov
Modified: openldap/vendor/openldap-release/tests/progs/slapd-bind.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-bind.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/progs/slapd-bind.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.18.2.10 2009/02/10 17:13:05 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.18.2.11 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -591,7 +591,7 @@
if ( dns ) {
for ( i = 0; i < ndns; i++ ) {
- free( dns[i] );
+ ber_memfree( dns[i] );
}
free( dns );
}
@@ -599,7 +599,7 @@
if ( creds ) {
for ( i = 0; i < ndns; i++ ) {
if ( creds[i].bv_val != nullstr ) {
- free( creds[i].bv_val );
+ ber_memfree( creds[i].bv_val );
}
}
free( creds );
Modified: openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.22.2.7 2009/01/22 00:01:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.22.2.8 2009/03/05 20:30:03 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -183,7 +183,7 @@
int delay, int friendly, int chaserefs )
{
LDAP *ld = NULL;
- int i = 0, do_retry = maxretries;
+ int i, do_retry = maxretries;
char *DNs[2];
char *rdns[2];
int rc = LDAP_SUCCESS;
@@ -208,6 +208,8 @@
rdns[0] = strdup( DNs[1] );
DNs[1][i] = ',';
+ i = 0;
+
retry:;
ldap_initialize( &ld, uri );
if ( ld == NULL ) {
Modified: openldap/vendor/openldap-release/tests/progs/slapd-search.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-search.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/progs/slapd-search.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.41.2.10 2009/02/10 17:13:05 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.41.2.11 2009/07/01 17:09:44 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2009 The OpenLDAP Foundation.
@@ -71,6 +71,7 @@
"[-C] "
"[-F] "
"[-N] "
+ "[-S] "
"[-i <ignore>] "
"[-l <loops>] "
"[-L <outerloops>] "
@@ -82,6 +83,9 @@
exit( EXIT_FAILURE );
}
+/* Just send requests without reading responses */
+static int swamp;
+
int
main( int argc, char **argv )
{
@@ -111,7 +115,7 @@
/* by default, tolerate referrals and no such object */
tester_ignore_str2errlist( "REFERRAL,NO_SUCH_OBJECT" );
- while ( ( i = getopt( argc, argv, "Aa:b:CD:f:FH:h:i:l:L:Np:r:s:t:T:w:" ) ) != EOF )
+ while ( ( i = getopt( argc, argv, "Aa:b:CD:f:FH:h:i:l:L:Np:r:Ss:t:T:w:" ) ) != EOF )
{
switch ( i ) {
case 'A':
@@ -201,6 +205,10 @@
}
break;
+ case 'S':
+ swamp++;
+ break;
+
case 's':
scope = ldap_pvt_str2scope( optarg );
if ( scope == -1 ) {
@@ -435,6 +443,15 @@
for ( ; i < innerloop; i++ ) {
LDAPMessage *res = NULL;
+ if (swamp) {
+ int msgid;
+ rc = ldap_search_ext( ld, sbase, scope,
+ filter, NULL, noattrs, NULL, NULL,
+ NULL, LDAP_NO_LIMIT, &msgid );
+ if ( rc == LDAP_SUCCESS ) continue;
+ else break;
+ }
+
rc = ldap_search_ext_s( ld, sbase, scope,
filter, attrs, noattrs, NULL, NULL,
NULL, LDAP_NO_LIMIT, &res );
Modified: openldap/vendor/openldap-release/tests/scripts/all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/all 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/all 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.26.2.5 2009/01/22 00:01:18 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.26.2.7 2009/03/24 18:10:51 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -26,6 +26,14 @@
echo ">>>>> Executing all LDAP tests for $BACKEND"
for CMD in $SRCDIR/scripts/test*; do
+ case "$CMD" in
+ *~) continue;;
+ *.bak) continue;;
+ *.orig) continue;;
+ *.sav) continue;;
+ *) test -f "$CMD" || continue;;
+ esac
+
# remove cruft from prior test
if test $PRESERVE = yes ; then
/bin/rm -rf $TESTDIR/db.*
Modified: openldap/vendor/openldap-release/tests/scripts/defines.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/defines.sh 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/defines.sh 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.141.2.15 2009/01/22 00:01:18 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.141.2.22 2009/04/28 00:48:08 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -46,6 +46,8 @@
USE_SASL=${SLAPD_USE_SASL-no}
ACI=${AC_ACI_ENABLED-acino}
THREADS=${AC_THREADS-threadsno}
+SLEEP1=${SLEEP1-7}
+SLEEP2=${SLEEP2-15}
# dirs
PROGDIR=./progs
@@ -267,6 +269,11 @@
METAMANAGERDN="cn=Manager,$METABASEDN"
VALSORTDN="cn=Manager,o=valsort"
VALSORTBASEDN="o=valsort"
+MONITORDN="cn=Monitor"
+OPERATIONSMONITORDN="cn=Operations,$MONITORDN"
+CONNECTIONSMONITORDN="cn=Connections,$MONITORDN"
+DATABASESMONITORDN="cn=Databases,$MONITORDN"
+STATISTICSMONITORDN="cn=Statistics,$MONITORDN"
# generated outputs
SEARCHOUT=$TESTDIR/ldapsearch.out
@@ -279,6 +286,10 @@
VALSORTOUT1=$DATADIR/valsort1.out
VALSORTOUT2=$DATADIR/valsort2.out
VALSORTOUT3=$DATADIR/valsort3.out
+MONITOROUT1=$DATADIR/monitor1.out
+MONITOROUT2=$DATADIR/monitor2.out
+MONITOROUT3=$DATADIR/monitor3.out
+MONITOROUT4=$DATADIR/monitor4.out
SERVER1OUT=$TESTDIR/server1.out
SERVER1FLT=$TESTDIR/server1.flt
@@ -339,7 +350,6 @@
DYNLISTOUT=$DATADIR/dynlist.out
DDSOUT=$DATADIR/dds.out
MEMBEROFOUT=$DATADIR/memberof.out
+MEMBEROFREFINTOUT=$DATADIR/memberof-refint.out
SHTOOL="$SRCDIR/../build/shtool"
-# Just in case we linked the binaries dynamically
-LD_LIBRARY_PATH=$TESTWD/../libraries:${LD_LIBRARY_PATH} export LD_LIBRARY_PATH
Modified: openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.33.2.6 2009/01/28 19:22:51 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.33.2.8 2009/03/05 23:32:21 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -113,8 +113,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Using ldapmodify to modify producer directory..."
@@ -212,8 +212,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Performing modrdn alone on the producer..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
@@ -232,8 +232,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Performing modify alone on the producer..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
@@ -252,8 +252,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Try updating the consumer slapd..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
Modified: openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.38.2.8 2009/01/28 19:22:51 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.38.2.10 2009/03/05 23:32:21 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -13,7 +13,7 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
-if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" && test "$BACKEND" != "ldif"; then
echo "Test does not support $BACKEND"
exit 0
fi
@@ -118,8 +118,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping the provider, sleeping 10 seconds and restarting it..."
kill -HUP "$PID"
@@ -148,8 +148,8 @@
sleep 5
done
-echo "Waiting 15 seconds for consumer to reconnect..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for consumer to reconnect..."
+sleep $SLEEP1
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
@@ -269,8 +269,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping consumer to test recovery..."
kill -HUP $SLAVEPID
@@ -318,8 +318,8 @@
fi
KILLPIDS="$PID $SLAVEPID"
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
if test ! $BACKLDAP = "ldapno" ; then
echo "Try updating the consumer slapd..."
@@ -352,8 +352,8 @@
exit $RC
fi
- echo "Waiting 15 seconds for syncrepl to receive changes..."
- sleep 15
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
fi
OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
Modified: openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.19.2.7 2009/01/27 23:53:16 hyc Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.19.2.9 2009/03/05 23:32:21 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -237,8 +237,8 @@
exit $RC
fi
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+sleep $SLEEP2
echo "Using ldapmodify to modify master directory..."
@@ -341,8 +341,8 @@
exit $RC
fi
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+sleep $SLEEP2
echo "Performing modify alone on provider..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
@@ -361,8 +361,8 @@
exit $RC
fi
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+sleep $SLEEP2
echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Modified: openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test022-ppolicy 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test022-ppolicy 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.17.2.7 2009/01/22 00:01:19 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.17.2.8 2009/07/01 21:01:41 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -23,6 +23,9 @@
mkdir -p $TESTDIR $DBDIR1
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
echo "Starting slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
@@ -402,6 +405,151 @@
exit 1
fi
+if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then
+echo ""
+echo "Setting up policy state forwarding test..."
+
+mkdir $DBDIR2
+sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2
+echo "Starting slapd consumer on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Configuring syncprov on provider..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectclass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: {1}syncprov
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for provider database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Configuring syncrepl on consumer..."
+if [ "$BACKLDAP" = ldapmod ]; then
+ $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectclass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/back-ldap
+olcModuleLoad: back_ldap.la
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcChainConfig
+olcOverlay: {0}chain
+
+dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
+changetype: add
+objectClass: olcLDAPConfig
+objectClass: olcChainDatabase
+olcDBURI: $URI1
+olcDbIDAssertBind: bindmethod=simple
+ binddn="cn=manager,dc=example,dc=com"
+ credentials=secret
+ mode=self
+
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcSyncrepl
+olcSyncrepl: rid=1
+ provider=$URI1
+ binddn="cn=manager,dc=example,dc=com"
+ bindmethod=simple
+ credentials=secret
+ searchbase="dc=example,dc=com"
+ type=refreshAndPersist
+ retry="3 5 300 5"
+-
+add: olcUpdateref
+olcUpdateref: $URI1
+-
+
+dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcPPolicyForwardUpdates
+olcPPolicyForwardUpdates: TRUE
+-
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting for consumer to sync..."
+sleep $SLEEP1
+
+echo "Testing policy state forwarding..."
+$LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
+$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1
+COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l`
+if test $COUNT != 1 ; then
+ echo "Policy state forwarding failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+# End of chaining test
+
+fi
+
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
Modified: openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test033-glue-syncrepl,v 1.17.2.5 2009/01/22 00:01:19 kurt Exp $ */
+# $OpenLDAP: pkg/ldap/tests/scripts/test033-glue-syncrepl,v 1.17.2.6 2009/03/05 22:19:39 quanah Exp $ */
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -133,9 +133,8 @@
;;
esac
-SLEEP=15
-echo "Waiting $SLEEP seconds for shadow subtrees to sync..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for shadow subtrees to sync..."
+sleep $SLEEP1
echo "Filtering original ldif used to create database..."
. $LDIFFILTER < $GLUESYNCOUT > $LDIFFLT
Modified: openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.4 2009/01/22 00:01:20 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.5 2009/03/05 22:19:39 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -122,8 +122,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping the provider, sleeping 10 seconds and restarting it..."
kill -HUP "$PID"
@@ -242,8 +242,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping consumer to test recovery..."
kill -HUP $SLAVEPID
@@ -288,8 +288,8 @@
fi
KILLPIDS="$PID $SLAVEPID"
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
if test ! $BACKLDAP = "ldapno" ; then
echo "Try updating the consumer slapd..."
@@ -310,8 +310,8 @@
exit $RC
fi
- echo "Waiting 15 seconds for syncrepl to receive changes..."
- sleep 15
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
fi
echo "Using ldapsearch to read all the entries from the producer..."
Modified: openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test045-syncreplication-proxied,v 1.14.2.7 2009/01/22 00:01:20 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test045-syncreplication-proxied,v 1.14.2.9 2009/03/10 16:28:14 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -176,7 +176,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -188,7 +188,7 @@
sleep 1
for i in 1 2 3; do
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -203,9 +203,8 @@
break
fi
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
done
#echo "Using ldapsearch to read all the entries from the master..."
@@ -245,11 +244,10 @@
fi
CHECK=`expr $CHECK + 1`
-SLEEP=10
-echo "$CHECK > Stopping the provider, sleeping $SLEEP seconds and restarting it..."
+echo "$CHECK > Stopping the provider, sleeping $SLEEP2 seconds and restarting it..."
kill -HUP "$MASTERPID"
wait $MASTERPID
-sleep $SLEEP
+sleep $SLEEP2
echo "======================= RESTART =======================" >> $LOG1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
@@ -369,7 +367,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -379,12 +377,11 @@
# check slave contextCSN
for i in 1 2 3; do
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -477,7 +474,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -487,12 +484,11 @@
# check slave contextCSN
for i in 1 2 3 4 5; do
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -565,7 +561,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -578,7 +574,7 @@
for i in 1 2 3; do
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -593,9 +589,8 @@
break
fi
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
done
#echo "Using ldapsearch to read all the entries from the master..."
@@ -649,9 +644,8 @@
EOMODS
-SLEEP=10
-echo "Waiting $SLEEP seconds for syncrepl to retry..."
-sleep $SLEEP
+echo "Waiting $SLEEP2 seconds for syncrepl to retry..."
+sleep $SLEEP2
echo "Restarting consumer..."
echo "======================= RESTART =======================" >> $LOG2
@@ -665,7 +659,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -676,12 +670,11 @@
# check slave contextCSN
for i in 1 2 3 4 5; do
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -750,9 +743,8 @@
fi
KILLPIDS="$MASTERPID $SLAVEPID $PROXYPID"
- SLEEP=15
- echo " Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo " Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+ sleep $SLEEP2
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
@@ -807,7 +799,7 @@
# get master contextCSN
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at master ($RC)!"
@@ -819,7 +811,7 @@
sleep 1
for i in 1 2 3; do
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ -s base '(objectClass=*)' contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -834,9 +826,8 @@
break
fi
- SLEEP=5
- echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
- sleep $SLEEP
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
done
#echo "Using ldapsearch to read all the entries from the master..."
Modified: openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test048-syncrepl-multiproxy,v 1.1.2.9 2009/01/30 19:02:54 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test048-syncrepl-multiproxy,v 1.1.2.11 2009/07/01 23:05:29 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -159,9 +159,8 @@
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -223,11 +222,10 @@
fi
CHECK=`expr $CHECK + 1`
-SLEEP=10
-echo "$CHECK > Stopping the provider, sleeping $SLEEP seconds and restarting it..."
+echo "$CHECK > Stopping the provider, sleeping $SLEEP2 seconds and restarting it..."
kill -HUP "$MASTERPID"
wait $MASTERPID
-sleep $SLEEP
+sleep $SLEEP2
echo "======================= RESTART =======================" >> $LOG1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
@@ -345,9 +343,8 @@
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -457,9 +454,8 @@
fi
KILLPIDS="$MASTERPID $P1SLAVEPID $R1SLAVEPID"
-SLEEP=25
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+sleep $SLEEP2
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -539,9 +535,8 @@
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Modified: openldap/vendor/openldap-release/tests/scripts/test049-sync-config
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test049-sync-config 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test049-sync-config 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test049-sync-config,v 1.4.2.9 2009/02/10 12:29:01 hyc Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test049-sync-config,v 1.4.2.11 2009/03/05 23:32:21 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -37,7 +37,7 @@
fi
case "$SYNCMODE" in
ro)
- SYNCTYPE="type=refreshOnly interval=00:00:00:10"
+ SYNCTYPE="type=refreshOnly interval=00:00:00:03"
;;
rp)
SYNCTYPE="type=refreshAndPersist"
@@ -114,7 +114,7 @@
add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
+ retry="3 5 300 5" timeout=3
-
add: olcUpdateRef
olcUpdateRef: $URI1
@@ -171,15 +171,14 @@
add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
+ retry="3 5 300 5" timeout=3
-
add: olcUpdateRef
olcUpdateRef: $URI1
EOF
-SLEEP=10
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Using ldapsearch to check that syncrepl received config changes..."
RC=32
@@ -191,8 +190,8 @@
RC=0
break
fi
- echo "Waiting 5 seconds for syncrepl to receive changes..."
- sleep 5
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
done
if test $RC != 0 ; then
@@ -247,7 +246,7 @@
olcRootPW: $PASSWD
olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
- retry="5 5 300 5" timeout=3
+ retry="3 5 300 5" timeout=3
olcUpdateRef: $URI1
dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
@@ -291,9 +290,8 @@
exit $RC
fi
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Using ldapsearch to check that syncrepl received database changes..."
RC=32
@@ -305,8 +303,8 @@
RC=0
break
fi
- echo "Waiting 5 seconds for syncrepl to receive changes..."
- sleep 5
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
done
if test $RC != 0 ; then
@@ -324,8 +322,8 @@
credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
retry="3 5 300 5" timeout=3
EOF
-echo "Waiting 10 seconds for syncrepl to receive changes..."
-sleep 10
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Using ldapsearch to read config from the producer..."
$LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF \
Modified: openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test050-syncrepl-multimaster,v 1.3.2.13 2009/02/02 22:42:42 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test050-syncrepl-multimaster,v 1.3.2.16 2009/03/09 23:09:06 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -21,18 +21,17 @@
exit 0
fi
-PRODIR=$TESTDIR/pro
-CONDIR=$TESTDIR/con1
-CONDIR2=$TESTDIR/con2
-DBPRO=$PRODIR/db
-DBCON=$CONDIR/db
-DBCON2=$CONDIR2/db
-CFPRO=$PRODIR/slapd.d
-CFCON=$CONDIR/slapd.d
-CFCON2=$CONDIR2/slapd.d
+MMR=${MMR-4}
-mkdir -p $TESTDIR $PRODIR $CONDIR $CONDIR2 $DBPRO $DBCON $DBCON2 $CFPRO $CFCON $CFCON2
+if [ $MMR -gt 9 ]; then
+MMR=9
+fi
+XDIR=$TESTDIR/srv
+TMP=$TESTDIR/tmp
+
+mkdir -p $TESTDIR
+
$SLAPPASSWD -g -n >$CONFIGPWF
if test x"$SYNCMODE" = x ; then
@@ -40,7 +39,7 @@
fi
case "$SYNCMODE" in
ro)
- SYNCTYPE="type=refreshOnly interval=00:00:00:10"
+ SYNCTYPE="type=refreshOnly interval=00:00:00:03"
;;
rp)
SYNCTYPE="type=refreshAndPersist"
@@ -53,9 +52,7 @@
#
# Test replication of dynamic config:
-# - start producer
-# - start consumer1
-# - start consumer2
+# - start servers
# - configure over ldap
# - populate over ldap
# - configure syncrepl over ldap
@@ -63,35 +60,19 @@
#
echo "Initializing server configurations..."
-$SLAPADD -F $CFCON2 -n 0 <<EOF
-dn: cn=config
-objectClass: olcGlobal
-cn: config
-olcServerID: 3
+n=1
+while [ $n -le $MMR ]; do
-dn: olcDatabase={0}config,cn=config
-objectClass: olcDatabaseConfig
-olcDatabase: {0}config
-olcRootPW:< file://$CONFIGPWF
-EOF
+DBDIR=${XDIR}$n/db
+CFDIR=${XDIR}$n/slapd.d
-$SLAPADD -F $CFCON -n 0 <<EOF
-dn: cn=config
-objectClass: olcGlobal
-cn: config
-olcServerID: 2
+mkdir -p ${XDIR}$n $DBDIR $CFDIR
-dn: olcDatabase={0}config,cn=config
-objectClass: olcDatabaseConfig
-olcDatabase: {0}config
-olcRootPW:< file://$CONFIGPWF
-EOF
-
-$SLAPADD -F $CFPRO -n 0 <<EOF
+$SLAPADD -F $CFDIR -n 0 <<EOF
dn: cn=config
objectClass: olcGlobal
cn: config
-olcServerID: 1
+olcServerID: $n
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
@@ -99,8 +80,11 @@
olcRootPW:< file://$CONFIGPWF
EOF
-echo "Starting producer slapd on TCP/IP port $PORT1..."
-cd $PRODIR
+n=`expr $n + 1`
+done
+
+echo "Starting server 1 on TCP/IP port $PORT1..."
+cd ${XDIR}1
$SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
@@ -112,7 +96,7 @@
sleep 1
-echo "Using ldapsearch to check that producer slapd is running..."
+echo "Using ldapsearch to check that server 1 is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
@@ -130,21 +114,18 @@
exit $RC
fi
-echo "Inserting syncprov overlay on producer..."
+echo "Inserting syncprov overlay on server 1..."
+echo "" > $TMP
if [ "$SYNCPROV" = syncprovmod ]; then
- $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+cat <<EOF >> $TMP
dn: cn=module,cn=config
+changetype: add
objectClass: olcModuleList
cn: module
olcModulePath: ../../../servers/slapd/overlays
olcModuleLoad: syncprov.la
+
EOF
- RC=$?
- if test $RC != 0 ; then
- echo "ldapadd failed for moduleLoad ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
- fi
fi
#
# Note that we configure a timeout here; it's possible for both
@@ -154,14 +135,19 @@
# attempt and allow the modifies to complete.
#
read CONFIGPW < $CONFIGPWF
-$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
-dn: cn=config
-changetype: modify
-replace: olcServerID
-olcServerID: 1 $URI1
-olcServerID: 2 $URI2
-olcServerID: 3 $URI3
+echo "dn: cn=config" >> $TMP
+echo "changetype: modify" >> $TMP
+echo "replace: olcServerID" >> $TMP
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+echo "olcServerID: $n $URI" >> $TMP
+n=`expr $n + 1`
+done
+cat <<EOF >> $TMP
+
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
@@ -171,19 +157,21 @@
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
-olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
--
-add: olcMirrorMode
-olcMirrorMode: TRUE
EOF
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+echo "olcSyncRepl: rid=00$n provider=$URI binddn=\"cn=config\" bindmethod=simple" >> $TMP
+echo " credentials=$CONFIGPW searchbase=\"cn=config\" type=refreshAndPersist" >> $TMP
+echo " retry=\"3 10 300 5\" timeout=3" >> $TMP
+n=`expr $n + 1`
+done
+echo "-" >> $TMP
+echo "add: olcMirrorMode" >> $TMP
+echo "olcMirrorMode: TRUE" >> $TMP
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF < $TMP >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed for syncrepl config ($RC)!"
@@ -191,9 +179,14 @@
exit $RC
fi
-echo "Starting consumer1 slapd on TCP/IP port $PORT2..."
-cd $CONDIR
-$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+n=2
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+LOG=$TESTDIR/slapd.$n.log
+echo "Starting server $n on TCP/IP port $PORT..."
+cd ${XDIR}$n
+$SLAPD -F ./slapd.d -h $URI -d $LVL $TIMING > $LOG 2>&1 &
SLAVEPID=$!
if test $WAIT != 0 ; then
echo SLAVEPID $SLAVEPID
@@ -204,9 +197,9 @@
sleep 1
-echo "Using ldapsearch to check that consumer1 slapd is running..."
+echo "Using ldapsearch to check that server $n is running..."
for i in 0 1 2 3 4 5; do
- $LDAPSEARCH -s base -b "" -H $URI2 \
+ $LDAPSEARCH -s base -b "" -H $URI \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
@@ -222,76 +215,31 @@
exit $RC
fi
-echo "Configuring syncrepl on consumer1..."
-$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+echo "Configuring syncrepl on server $n..."
+cat <<EOF > $TMP
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
-olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
--
-add: olcMirrorMode
-olcMirrorMode: TRUE
EOF
-
-echo "Starting consumer2 slapd on TCP/IP port $PORT3..."
-cd $CONDIR2
-$SLAPD -F ./slapd.d -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
-SLAVE2PID=$!
-if test $WAIT != 0 ; then
- echo SLAVE2PID $SLAVE2PID
- read foo
-fi
-KILLPIDS="$KILLPIDS $SLAVE2PID"
-cd $TESTWD
-
-sleep 1
-
-echo "Using ldapsearch to check that consumer2 slapd is running..."
-for i in 0 1 2 3 4 5; do
- $LDAPSEARCH -s base -b "" -H $URI3 \
- 'objectclass=*' > /dev/null 2>&1
- RC=$?
- if test $RC = 0 ; then
- break
- fi
- echo "Waiting 5 seconds for slapd to start..."
- sleep 5
+j=1
+while [ $j -le $MMR ]; do
+P2=`expr $BASEPORT + $j`
+U2="ldap://${LOCALHOST}:$P2/"
+echo "olcSyncRepl: rid=00$j provider=$U2 binddn=\"cn=config\" bindmethod=simple" >> $TMP
+echo " credentials=$CONFIGPW searchbase=\"cn=config\" type=refreshAndPersist" >> $TMP
+echo " retry=\"3 10 300 5\" timeout=3" >> $TMP
+j=`expr $j + 1`
done
-
-if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
-fi
-
-echo "Configuring syncrepl on consumer2..."
-$LDAPMODIFY -D cn=config -H $URI3 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
-dn: olcDatabase={0}config,cn=config
-changetype: modify
-add: olcSyncRepl
-olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
- credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
- retry="5 5 300 5" timeout=3
+cat <<EOF >> $TMP
-
add: olcMirrorMode
olcMirrorMode: TRUE
EOF
+$LDAPMODIFY -D cn=config -H $URI -y $CONFIGPWF < $TMP >>$TESTOUT 2>&1
+n=`expr $n + 1`
+done
-echo "Adding schema and databases on producer..."
+echo "Adding schema and databases on server 1..."
$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
include: file://$ABS_SCHEMADIR/core.ldif
@@ -310,23 +258,19 @@
exit $RC
fi
+echo "" > $TMP
if [ "$BACKENDTYPE" = mod ]; then
- $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+cat <<EOF >> $TMP
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: ../../../servers/slapd/back-$BACKEND
olcModuleLoad: back_$BACKEND.la
+
EOF
- RC=$?
- if test $RC != 0 ; then
- echo "ldapadd failed for backend config ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
- fi
fi
-$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+cat <<EOF >> $TMP
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
@@ -335,23 +279,28 @@
olcDbDirectory: ./db
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
-olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
- credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple
- credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
- retry="5 5 300 5" timeout=3
-olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple
- credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
- retry="5 5 300 5" timeout=3
+EOF
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+
+echo "olcSyncRepl: rid=01$n provider=$URI binddn=\"$MANAGERDN\" bindmethod=simple" >> $TMP
+echo " credentials=$PASSWD searchbase=\"$BASEDN\" $SYNCTYPE" >> $TMP
+echo " retry=\"3 10 300 5\" timeout=3" >> $TMP
+n=`expr $n + 1`
+done
+
+cat <<EOF >> $TMP
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
-changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
EOF
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TMP >>$TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed for database config ($RC)!"
@@ -377,296 +326,336 @@
;;
esac
-echo "Using ldapadd to populate producer..."
+echo "Using ldapadd to populate server 1..."
$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
>> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapadd failed for producer database ($RC)!"
+ echo "ldapadd failed for server 1 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..."
+sleep $SLEEP2
-echo "Using ldapadd to populate consumer1..."
-$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \
- >> $TESTOUT 2>&1
-RC=$?
-if test $RC != 0 ; then
- echo "ldapadd failed for consumer1 database ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
-fi
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
-
-echo "Using ldapadd to populate consumer2..."
-$LDAPADD -D "$MANAGERDN" -H $URI3 -w $PASSWD \
- << EOMODS >> $TESTOUT 2>&1
-dn: cn=Consumer 2 Test,dc=example,dc=com
-changetype: add
-objectClass: device
-cn: Consumer 2 Test
-EOMODS
+echo "Using ldapsearch to read config from server $n..."
+$LDAPSEARCH -b cn=config -D cn=config -H $URI -y $CONFIGPWF \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
RC=$?
+
if test $RC != 0 ; then
- echo "ldapadd failed for consumer2 database ($RC)!"
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
-echo "Using ldapmodify to add to the producer entries that will be deleted..."
-$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
- >> $TESTOUT 2>&1 << EOADDS
-dn: cn=To be deleted by producer,dc=example,dc=com
-changetype: add
-objectClass: device
-# no distinguished values, will be added by DSA
+n=`expr $n + 1`
+done
-dn: cn=To be deleted by consumer1,dc=example,dc=com
-changetype: add
-objectClass: device
-# no distinguished values, will be added by DSA
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved configs from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
-dn: cn=To be deleted by consumer2,dc=example,dc=com
-changetype: add
-objectClass: device
-# no distinguished values, will be added by DSA
-
-dn: cn=To be deleted by producer,dc=example,dc=com
-changetype: delete
-EOADDS
-RC=$?
-if test $RC != 0 ; then
- echo "ldapmodify failed for producer database ($RC)!"
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n configs differ"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
+ exit 1
fi
+n=`expr $n + 1`
+done
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
-echo "Using ldapmodify to delete entries from consumer1..."
-$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
- >> $TESTOUT 2>&1 << EOADDS
-dn: cn=To be deleted by consumer1,dc=example,dc=com
-changetype: delete
-EOADDS
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
RC=$?
+
if test $RC != 0 ; then
- echo "ldapmodify failed for consumer1 database ($RC)!"
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
-echo "Using ldapmodify to delete entries from consumer2..."
-$LDAPMODIFY -D "$MANAGERDN" -H $URI3 -w $PASSWD \
- >> $TESTOUT 2>&1 << EOADDS
-dn: cn=To be deleted by consumer2,dc=example,dc=com
-changetype: delete
-EOADDS
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+n=`expr $n + 1`
+done
+
+echo "Using ldapadd to populate server 2..."
+$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \
+ >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapmodify failed for consumer2 database ($RC)!"
+ echo "ldapadd failed for server 2 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-SLEEP=20
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
-echo "Using ldapsearch to check that syncrepl received database changes..."
-RC=32
-for i in 0 1 2 3 4 5; do
- RESULT=`$LDAPSEARCH -H $URI2 \
- -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \
- '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
- if test "x$RESULT" = "xOK" ; then
- RC=0
- break
- fi
- echo "Waiting 5 seconds for syncrepl to receive changes..."
- sleep 5
-done
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
+RC=$?
+
if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
-echo "Using ldapsearch to check that syncrepl received database changes on consumer2..."
-RC=32
-for i in 0 1 2 3 4 5; do
- RESULT=`$LDAPSEARCH -H $URI3 \
- -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \
- '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
- if test "x$RESULT" = "xOK" ; then
- RC=0
- break
- fi
- echo "Waiting 5 seconds for syncrepl to receive changes..."
- sleep 5
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+n=`expr $n + 1`
done
+echo "Using ldapadd to populate server 3..."
+$LDAPADD -D "$MANAGERDN" -H $URI3 -w $PASSWD \
+ << EOMODS >> $TESTOUT 2>&1
+dn: cn=Server 3 Test,dc=example,dc=com
+changetype: add
+objectClass: device
+cn: Server 3 Test
+EOMODS
+RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
+ echo "ldapadd failed for server 3 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read config from the producer..."
-$LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF \
- 'objectclass=*' > $MASTEROUT 2>&1
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at producer ($RC)!"
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
-echo "Using ldapsearch to read config from consumer1..."
-$LDAPSEARCH -b cn=config -D cn=config -H $URI2 -y $CONFIGPWF \
- 'objectclass=*' > $SLAVEOUT 2>&1
-RC=$?
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
-if test $RC != 0 ; then
- echo "ldapsearch failed at consumer1 ($RC)!"
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
+ exit 1
fi
+n=`expr $n + 1`
+done
-echo "Using ldapsearch to read config from consumer2..."
-$LDAPSEARCH -b cn=config -D cn=config -H $URI3 -y $CONFIGPWF \
- 'objectclass=*' > $SLAVE2OUT 2>&1
-RC=$?
+echo "Using ldapmodify to add to server 1 entries that will be deleted..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by server 1,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+dn: cn=To be deleted by server 2,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+
+dn: cn=To be deleted by server 3,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+
+dn: cn=To be deleted by server 1,dc=example,dc=com
+changetype: delete
+EOADDS
+RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at consumer2 ($RC)!"
+ echo "ldapmodify failed for server 1 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Filtering producer results..."
-. $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering consumer1 results..."
-. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
-echo "Filtering consumer2 results..."
-. $LDIFFILTER < $SLAVE2OUT > $SLAVE2FLT
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
-echo "Comparing retrieved configs from producer and consumer1..."
-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
-if test $? != 0 ; then
- echo "test failed - producer and consumer1 configs differ"
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit 1
+ exit $RC
fi
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
-echo "Comparing retrieved configs from producer and consumer2..."
-$CMP $MASTERFLT $SLAVE2FLT > $CMPOUT
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
if test $? != 0 ; then
- echo "test failed - producer and consumer2 configs differ"
+ echo "test failed - server 1 and server $n databases differ"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
+n=`expr $n + 1`
+done
-echo "Using ldapsearch to read all the entries from the producer..."
-$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \
- 'objectclass=*' > $MASTEROUT 2>&1
+echo "Using ldapmodify to delete entries from server 2..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by server 2,dc=example,dc=com
+changetype: delete
+EOADDS
RC=$?
-
if test $RC != 0 ; then
- echo "ldapsearch failed at producer ($RC)!"
+ echo "ldapmodify failed for server 2 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read all the entries from consumer1..."
-$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \
- 'objectclass=*' > $SLAVEOUT 2>&1
-RC=$?
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+echo "Using ldapmodify to delete entries from server 3..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI3 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by server 3,dc=example,dc=com
+changetype: delete
+EOADDS
+RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at consumer1 ($RC)!"
+ echo "ldapmodify failed for server 3 database ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read all the entries from consumer2..."
-$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI3 -w $PASSWD \
- 'objectclass=*' > $SLAVE2OUT 2>&1
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at consumer2 ($RC)!"
+ echo "ldapsearch failed at server $n ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
+. $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
-# kill!
-# test $KILLSERVERS != no && kill -HUP $KILLPIDS
-kill -HUP $KILLPIDS
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
-echo "Filtering producer results..."
-. $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering consumer1 results..."
-. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
-echo "Filtering consumer2 results..."
-. $LDIFFILTER < $SLAVE2OUT > $SLAVE2FLT
-
-echo "Comparing retrieved entries from producer and consumer1..."
-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
-
if test $? != 0 ; then
- echo "test failed - producer and consumer1 databases differ"
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
+n=`expr $n + 1`
+done
-echo "Comparing retrieved entries from producer and consumer2..."
-$CMP $MASTERFLT $SLAVE2FLT > $CMPOUT
+# kill!
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+kill -HUP $KILLPIDS
-if test $? != 0 ; then
- echo "test failed - producer and consumer2 databases differ"
- exit 1
-fi
-
# kill!
# test $KILLSERVERS != no && wait
wait
echo "Restarting servers..."
-echo "Starting producer slapd on TCP/IP port $PORT1..."
-cd $PRODIR
-echo "======================= RESTART =======================" >> $LOG1
-$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+KILLPIDS=""
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldap://${LOCALHOST}:$PORT/"
+LOG=$TESTDIR/slapd.$n.log
+echo "Starting server $n on TCP/IP port $PORT..."
+cd ${XDIR}$n
+echo "======================= RESTART =======================" >> $LOG
+$SLAPD -F ./slapd.d -h $URI -d $LVL $TIMING >> $LOG 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
-KILLPIDS="$PID"
+KILLPIDS="$KILLPIDS $PID"
cd $TESTWD
-echo "Using ldapsearch to check that producer slapd is running..."
+echo "Using ldapsearch to check that server $n is running..."
for i in 0 1 2 3 4 5; do
- $LDAPSEARCH -s base -b "" -H $URI1 \
+ $LDAPSEARCH -s base -b "" -H $URI \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
@@ -681,75 +670,12 @@
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-#exit 0
-echo "Starting consumer1 slapd on TCP/IP port $PORT2..."
-cd $CONDIR
-echo "======================= RESTART =======================" >> $LOG2
-$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
-SLAVEPID=$!
-if test $WAIT != 0 ; then
- echo SLAVEPID $SLAVEPID
- read foo
-fi
-KILLPIDS="$KILLPIDS $SLAVEPID"
-cd $TESTWD
-
-sleep 1
-
-echo "Using ldapsearch to check that consumer1 slapd is running..."
-for i in 0 1 2 3 4 5; do
- $LDAPSEARCH -s base -b "" -H $URI2 \
- 'objectclass=*' > /dev/null 2>&1
- RC=$?
- if test $RC = 0 ; then
- break
- fi
- echo "Waiting 5 seconds for slapd to start..."
- sleep 5
+n=`expr $n + 1`
done
-if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
-fi
-
-echo "Starting consumer2 slapd on TCP/IP port $PORT3..."
-cd $CONDIR2
-echo "======================= RESTART =======================" >> $LOG3
-$SLAPD -F ./slapd.d -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 &
-SLAVE2PID=$!
-if test $WAIT != 0 ; then
- echo SLAVE2PID $SLAVE2PID
- read foo
-fi
-KILLPIDS="$KILLPIDS $SLAVE2PID"
-cd $TESTWD
-
-sleep 1
-
-echo "Using ldapsearch to check that consumer2 slapd is running..."
-for i in 0 1 2 3 4 5; do
- $LDAPSEARCH -s base -b "" -H $URI3 \
- 'objectclass=*' > /dev/null 2>&1
- RC=$?
- if test $RC = 0 ; then
- break
- fi
- echo "Waiting 5 seconds for slapd to start..."
- sleep 5
-done
-
-if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
- test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
-fi
-
# Insert modifications and more tests here.
-SLEEP=10
-echo "Waiting $SLEEP seconds for servers to resync..."
-sleep $SLEEP
+echo "Waiting $SLEEP1 seconds for servers to resync..."
+sleep $SLEEP1
test $KILLSERVERS != no && kill -HUP $KILLPIDS
Modified: openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test054-syncreplication-parallel-load,v 1.1.2.2 2009/01/22 00:01:20 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test054-syncreplication-parallel-load,v 1.1.2.3 2009/03/05 22:19:39 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -125,8 +125,8 @@
C2PID=$!
wait $C1PID $C2PID
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping the provider, sleeping 10 seconds and restarting it..."
kill -HUP "$PID"
@@ -261,8 +261,8 @@
exit $RC
fi
-echo "Waiting 15 seconds for syncrepl to receive changes..."
-sleep 15
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
echo "Stopping consumer to test recovery..."
kill -HUP $SLAVEPID
@@ -298,8 +298,8 @@
fi
KILLPIDS="$PID $SLAVEPID"
-echo "Waiting 25 seconds for syncrepl to receive changes..."
-sleep 25
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
if test ! $BACKLDAP = "ldapno" ; then
echo "Try updating the consumer slapd..."
@@ -332,8 +332,8 @@
exit $RC
fi
- echo "Waiting 15 seconds for syncrepl to receive changes..."
- sleep 15
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
fi
OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
Added: openldap/vendor/openldap-release/tests/scripts/test056-monitor
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test056-monitor (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/test056-monitor 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,173 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test056-monitor,v 1.2.2.3 2009/07/02 20:11:10 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2008 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Starting slapd on TCP/IP port $PORT..."
+. $CONFFILTER $BACKEND $MONITORDB < $SCHEMACONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+echo "Using ldapsearch to read connection monitor entries..."
+$LDAPSEARCH -S "" -b "$CONNECTIONSMONITORDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' \
+ structuralObjectClass entryDN \
+ monitorConnectionProtocol monitorConnectionOpsReceived \
+ monitorConnectionOpsExecuting monitorConnectionOpsPending \
+ monitorConnectionOpsCompleted monitorConnectionGet \
+ monitorConnectionRead monitorConnectionWrite \
+ monitorConnectionMask monitorConnectionAuthzDN \
+ monitorConnectionListener monitorConnectionLocalAddress \
+ > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Compare results, ignoring possible difference of IPv4/IPv6 localhost address
+localrewrite='s/=127\.0\.0\.1:/=LOCAL:/; s/=\[::1\]:/=LOCAL:/'
+echo "Filtering ldapsearch results..."
+sed -e "$localrewrite" < $SEARCHOUT | . $LDIFFILTER > $SEARCHFLT
+echo "Filtering expected data..."
+sed -e "$localrewrite" < $MONITOROUT1 | . $LDIFFILTER > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - connection monitor output is not correct"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to read database monitor entries..."
+$LDAPSEARCH -S "" -b "$DATABASESMONITORDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' \
+ structuralObjectClass entryDN namingContexts readOnly \
+ monitorIsShadow monitorContext \
+ olmBDBEntryCache olmBDBDNCache olmBDBIDLCache \
+ > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+
+TMPMONITOROUT2=$MONITOROUT2
+case $BACKEND in
+bdb|hdb)
+ ;;
+*)
+ TMPMONITOROUT2=$TESTDIR/monitor2.out
+ grep -v "olmBDB" $MONITOROUT2 > $TMPMONITOROUT2
+ ;;
+esac
+
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $TMPMONITOROUT2 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - database monitor output is not correct"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to read statistics monitor entries..."
+$LDAPSEARCH -S "" -b "$STATISTICSMONITORDN" -h $LOCALHOST -p $PORT1 \
+ '(|(cn=Entries)(cn=PDU)(cn=Referrals))' \
+ structuralObjectClass monitorCounter entryDN \
+ > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $MONITOROUT3 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - statistics monitor output is not correct"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to read operation monitor entries..."
+$LDAPSEARCH -S "" -b "$OPERATIONSMONITORDN" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' \
+ structuralObjectClass monitorOpInitiated monitorOpCompleted entryDN \
+ > $SEARCHOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $MONITOROUT4 > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - operations monitor output is not correct"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
+
Property changes on: openldap/vendor/openldap-release/tests/scripts/test056-monitor
___________________________________________________________________
Added: svn:executable
+ *
Added: openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,269 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test057-memberof-refint,v 1.3.2.3 2009/06/30 00:34:05 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## Portions Copyright 2008 Red Hat, Inc.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $MEMBEROF = memberofno; then
+ echo "Memberof overlay not available, test skipped"
+ exit 0
+fi
+
+if test "$BACKEND" != "hdb" ; then
+ echo "Test does not support $BACKEND"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $NAKEDCONF > $CONF1
+$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $TESTOUT
+
+if [ "$MEMBEROF" = memberofmod ]; then
+ echo "Inserting memberof overlay on producer..."
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../servers/slapd/overlays
+olcModuleLoad: memberof.la
+olcModuleLoad: refint.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+echo "Running ldapadd to build slapd config database..."
+$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
+ >> $TESTOUT 2>&1 <<EOF
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcSuffix: $BASEDN
+olcRootDN: cn=Manager,$BASEDN
+olcRootPW:: c2VjcmV0
+olcMonitoring: TRUE
+olcDbDirectory: $TESTDIR/db.1.a/
+olcDbCacheSize: 1000
+olcDbIndex: objectClass eq
+olcDbIndex: cn pres,eq,sub
+olcDbIndex: uid pres,eq,sub
+olcDbIndex: sn pres,eq,sub
+olcDbMode: 384
+
+# {0}memberof, {1}$BACKEND, config
+dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {0}memberof
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+# {1}refint, {1}$BACKEND, config
+dn: olcOverlay={1}refint,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+olcOverlay: {1}refint
+olcRefintAttribute: member
+olcRefintAttribute: memberOf
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running ldapadd to build slapd database..."
+$LDAPADD -h $LOCALHOST -p $PORT1 \
+ -D "cn=Manager,$BASEDN" -w secret \
+ >> $TESTOUT 2>&1 << EOF
+dn: $BASEDN
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=People,$BASEDN
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,$BASEDN
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=Roger Rabbit,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+
+dn: cn=Baby Herman,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,$BASEDN
+member: cn=Baby Herman,ou=People,$BASEDN
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Search the entire database..."
+echo "# Search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running ldapmodify to rename subtree..."
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
+ -D "cn=Manager,$BASEDN" -w secret \
+ >> $TESTOUT 2>&1 << EOF
+dn: ou=People,$BASEDN
+changetype: modrdn
+newrdn: ou=Toons
+deleteoldrdn:1
+newsuperior: $BASEDN
+EOF
+
+# refint runs in a background thread, so it most likely won't complete
+# before the modify returns. Give it some time to execute.
+sleep 1
+
+echo "Re-search the entire database..."
+echo "# Re-search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running ldapmodify to rename subtree..."
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
+ -D "cn=Manager,$BASEDN" -w secret \
+ >> $TESTOUT 2>&1 << EOF
+dn: ou=Groups,$BASEDN
+changetype: modrdn
+newrdn: ou=Studios
+deleteoldrdn:1
+newsuperior: $BASEDN
+EOF
+
+sleep 1
+
+echo "Re-search the entire database..."
+echo "# Re-search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running ldapdelete to remove a member..."
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
+ -D "cn=Manager,$BASEDN" -w secret \
+ >> $TESTOUT 2>&1 << EOF
+dn: cn=Baby Herman,ou=Toons,$BASEDN
+changetype: delete
+EOF
+
+sleep 1
+
+echo "Re-search the entire database..."
+echo "# Re-search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$MEMBEROFREFINTOUT
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
Property changes on: openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint
___________________________________________________________________
Added: svn:executable
+ *
Added: openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,2398 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test058-syncrepl-asymmetric,v 1.1.2.2 2009/04/28 00:50:29 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# This script tests a configuration scenario as described in these URLs:
+#
+# http://www.openldap.org/lists/openldap-devel/200806/msg00041.html
+# http://www.openldap.org/lists/openldap-devel/200806/msg00054.html
+#
+# Search for "TEST:" to find each major test this script performs.
+
+# The configuration here consist of 3 "sites", each with a "master" and
+# a "search" server. One of the sites is the "central", the other two
+# are called "site1" and "site2".
+
+# The following notations are used in variable names below to identify
+# these servers, the first number defines the $URL# and $PORT# variable
+# that server uses:
+#
+# 1: SMC_* Site Master Central
+# 2: SM1_* Site Master 1
+# 3: SM2_* Site Master 2
+# 4: SSC_* Search Site Central
+# 5: SS1_* Search Site 1
+# 6: SS2_* Search Site 2
+
+# The master servers all have a set of subordinate databases glued below
+# the same suffix database. Each of the masters are the master for at
+# least one of these subordinate databases, but there are never more
+# than one master for any single database. I.e, this is neither a
+# traditional single-master configuration, nor what most people think
+# of as multi-master, but more what can be called multiple masters.
+
+# The central master replicates to the two other masters, and receives
+# updates from them of the backends they are the master for. There is
+# no direct connection between the other two master servers. All of the
+# masters have the syncprov overlay configured on the glue database.
+
+# The search servers replicates from the master server at their site.
+# They all have a single database with the glue suffix, but their
+# database configuration doesn't matter much in this test. (This
+# database layout was originally created before gluing was introduced
+# in OpenLDAP, which is why the search servers doesn't use it).
+
+# The primary objective for gluing the backend databases is not to make
+# them look like one huge database but to create a common search suffix
+# for the clients. Searching is mostly done on the search servers, only
+# updates are done on the masters.
+
+# It varies which backends that are replicated to which server (hence
+# the name asymmetric in this test). Access control rules on the
+# masters are used to control what their consumers receives. The table
+# below gives an overview of which backend (the columns) that are
+# replicated to which server (the rows). A "M" defines the master for
+# the backend, a "S" is a slave, and "-" means it is not replicated
+# there. Oh, the table probably looks wrong without the 4-position
+# tab-stops OpenLDAP uses...
+
+# glue ou1 ou2 sm1ou1 sm1ou2 sm2ou1 sm2ou2
+# smc M M M S S S -
+# sm1 S S - M M - -
+# sm2 S S S S - M M
+# ssc S S - - S - -
+# ss1 S S - S S - -
+# ss2 S S S - - S S
+
+# On the central master syncrepl is configured on the subordinate
+# databases, as it varies which backends that exists on its providers.
+# Had it been used on the glue database then syncrepl would have removed
+# the backends replicated from site1 but not present on site2 when it
+# synchronizes with site2 (and vice versa).
+#
+# All the other servers uses syncrepl on the glue database, since
+# replicating more than one subordinate database from the same master
+# creates (as of the writing of this test script) race conditions that
+# causes the replication to fail, as the race tests at the end shows.
+
+# The databases controlled by syncrepl all have $UPDATEDN as their
+# RootDN, while the master servers has other RootDN values for the
+# backends they are the backend for them self. This violates the current
+# guidelines for gluing databases, which states that the same rootdn
+# should be used on all of them. Unfortunately, this cannot be done on
+# site masters 1 and 2. The backends they manage locally are either not
+# present on the central master, or when so they are not replicated back
+# to their source, which causes syncrepl to try to remove the content of
+# these backends when it synchronizes with the central master. The
+# differing rootdn values used on the backends controlled by syncrepl
+# and those managed locally prevents it from succeeding in this. As
+# noted above, moving syncrepl to the subordinate databases is currently
+# not an option since that creates race conditions.
+
+# The binddn values used in the syncrepl configurations are chosen to
+# make the configuration and access control rules easiest to set up. It
+# occasionally uses a DN that is also used as a RootDN. This is not a
+# good practice and should not be taken as an example for real
+# configurations!
+
+# This script will print the content of any invalid contextCSN values it
+# detects if the environment variable CSN_VERBOSE is non-empty. The
+# environment variable RACE_TESTS can be set to the number of race test
+# iterations the script should perform.
+
+case "$BACKEND" in
+bdb|hdb)
+ ;;
+*)
+ echo "This test does not support the $BACKEND backend"
+ exit 0;;
+esac
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+SMC_DIR=$TESTDIR/smc
+SM1_DIR=$TESTDIR/sm1
+SM2_DIR=$TESTDIR/sm2
+SS1_DIR=$TESTDIR/ss1
+SS2_DIR=$TESTDIR/ss2
+SSC_DIR=$TESTDIR/ssc
+
+mkdir -p $TESTDIR
+
+for dir in $SMC_DIR $SM1_DIR $SM2_DIR $SS1_DIR $SS2_DIR $SSC_DIR; do
+ mkdir -p $dir $dir/slapd.d $dir/db
+done
+
+mkdir -p $SMC_DIR/ou1 $SMC_DIR/sm1ou1 $SMC_DIR/sm1ou2
+mkdir -p $SMC_DIR/ou2 $SMC_DIR/sm2ou1
+mkdir -p $SM1_DIR/ou1 $SM1_DIR/sm1ou1 $SM1_DIR/sm1ou2
+mkdir -p $SM2_DIR/ou2 $SM2_DIR/sm1ou1 $SM2_DIR/sm2ou1 $SM2_DIR/sm2ou2
+
+cd $TESTDIR
+
+KILLPIDS=
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+
+ID=1
+
+if test $WAIT != 0 ; then
+ RETRY="1 60"
+else
+ RETRY="1 10"
+fi
+
+echo "Initializing master configurations..."
+for dir in $SMC_DIR $SM1_DIR $SM2_DIR; do
+ $SLAPADD -F $dir/slapd.d -n 0 <<EOF
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcServerID: $ID
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file://$CONFIGPWF
+
+EOF
+ ID=`expr $ID + 1`
+done
+
+echo "Initializing search configurations..."
+for dir in $SS1_DIR $SS2_DIR $SSC_DIR; do
+ $SLAPADD -F $dir/slapd.d -n 0 <<EOF
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file://$CONFIGPWF
+
+EOF
+done
+
+echo "Starting central master slapd on TCP/IP port $PORT1..."
+cd $SMC_DIR
+$SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+SMC_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SMC_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SMC_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that central master slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting site1 master slapd on TCP/IP port $PORT2..."
+cd $SM1_DIR
+$SLAPD -F slapd.d -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SM1_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SM1_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SM1_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site1 master is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting site2 master slapd on TCP/IP port $PORT3..."
+cd $SM2_DIR
+$SLAPD -F slapd.d -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
+SM2_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SM2_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SM2_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site2 master is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting central search slapd on TCP/IP port $PORT4..."
+cd $SSC_DIR
+$SLAPD -F slapd.d -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 &
+SSC_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SSC_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SSC_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that central search slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI4 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Starting site1 search slapd on TCP/IP port $PORT5..."
+cd $SS1_DIR
+$SLAPD -F slapd.d -h $URI5 -d $LVL $TIMING > $LOG5 2>&1 &
+SS1_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SS1_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SS1_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site1 search slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI5 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Starting site2 search slapd on TCP/IP port $PORT6..."
+cd $SS2_DIR
+$SLAPD -F slapd.d -h $URI6 -d $LVL $TIMING > $LOG6 2>&1 &
+SS2_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SS2_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SS2_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site2 search slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI6 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+for uri in $URI1 $URI2 $URI3 $URI4 $URI5 $URI6; do
+ echo "Adding schema on $uri..."
+ $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+include: file://$ABS_SCHEMADIR/core.ldif
+
+include: file://$ABS_SCHEMADIR/cosine.ldif
+
+include: file://$ABS_SCHEMADIR/inetorgperson.ldif
+
+include: file://$ABS_SCHEMADIR/openldap.ldif
+
+include: file://$ABS_SCHEMADIR/nis.ldif
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for schema config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ [ "$BACKENDTYPE" = mod ] || continue
+
+ echo "Adding backend module on $uri..."
+ $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/back-$BACKEND
+olcModuleLoad: back_$BACKEND.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for backend module ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+done
+
+echo "Adding database config on central master..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SMC_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $MANAGERDN
+olcRootPW: $PASSWD
+
+dn: olcOverlay={0}glue,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+olcOverlay: {0}glue
+
+dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: {1}syncprov
+olcSpCheckpoint: 3 1
+
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SMC_DIR/ou1
+olcSubordinate: TRUE
+olcSuffix: ou=ou1,$BASEDN
+olcRootDN: $MANAGERDN
+
+dn: olcDatabase={2}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {2}$BACKEND
+olcDbDirectory: $SMC_DIR/ou2
+olcSubordinate: TRUE
+olcSuffix: ou=ou2,$BASEDN
+olcRootDN: $MANAGERDN
+
+dn: olcDatabase={3}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {3}$BACKEND
+olcDbDirectory: $SMC_DIR/sm1ou1
+olcSubordinate: TRUE
+olcSuffix: ou=sm1ou1,$BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcDatabase={4}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {4}$BACKEND
+olcDbDirectory: $SMC_DIR/sm1ou2
+olcSubordinate: TRUE
+olcSuffix: ou=sm1ou2,$BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcDatabase={5}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {5}$BACKEND
+olcDbDirectory: $SMC_DIR/sm2ou1
+olcSubordinate: TRUE
+olcSuffix: ou=sm2ou1,$BASEDN
+olcRootDN: $UPDATEDN
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for central master database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding database config on site1 master..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SM1_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcOverlay={0}glue,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+olcOverlay: {0}glue
+
+dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: {1}syncprov
+
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SM1_DIR/ou1
+olcSubordinate: TRUE
+olcSuffix: ou=ou1,$BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcDatabase={2}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {2}$BACKEND
+olcDbDirectory: $SM1_DIR/sm1ou1
+olcSubordinate: TRUE
+olcSuffix: ou=sm1ou1,$BASEDN
+olcRootDN: ou=sm1ou1,$BASEDN
+olcRootPW: $PASSWD
+
+dn: olcDatabase={3}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {3}$BACKEND
+olcDbDirectory: $SM1_DIR/sm1ou2
+olcSubordinate: TRUE
+olcSuffix: ou=sm1ou2,$BASEDN
+olcRootDN: ou=sm1ou1,$BASEDN
+
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for site1 master database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding database config on site2 master..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI3 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI3 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SM2_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcOverlay={0}glue,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+olcOverlay: {0}glue
+
+dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: {1}syncprov
+olcSpCheckpoint: 1 1
+
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SM2_DIR/ou2
+olcSubordinate: TRUE
+olcSuffix: ou=ou2,$BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcDatabase={2}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {2}$BACKEND
+olcDbDirectory: $SM2_DIR/sm1ou1
+olcSubordinate: TRUE
+olcSuffix: ou=sm1ou1,$BASEDN
+olcRootDN: $UPDATEDN
+
+dn: olcDatabase={3}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {3}$BACKEND
+olcDbDirectory: $SM2_DIR/sm2ou1
+olcSubordinate: TRUE
+olcSuffix: ou=sm2ou1,$BASEDN
+olcRootDN: ou=sm2ou1,$BASEDN
+olcRootPW: $PASSWD
+
+dn: olcDatabase={4}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {4}$BACKEND
+olcDbDirectory: $SM2_DIR/sm2ou2
+olcSubordinate: TRUE
+olcSuffix: ou=sm2ou2,$BASEDN
+olcRootDN: ou=sm2ou1,$BASEDN
+
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for site2 master database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding access rules on central master..."
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+add: olcAccess
+olcAccess: to dn.exact=dc=example,dc=com
+ by * read
+olcAccess: to dn.subtree=ou=ou1,dc=example,dc=com
+ by * read
+olcAccess: to dn.subtree=ou=ou2,dc=example,dc=com
+ by dn.exact=ou=ou1,dc=example,dc=com none
+ by dn.exact=ou=ou2,dc=example,dc=com read
+ by dn.exact=dc=example,dc=com none
+ by * read
+olcAccess: to dn.subtree=ou=sm1ou1,dc=example,dc=com
+ by dn.exact=ou=ou1,dc=example,dc=com none
+ by dn.exact=ou=ou2,dc=example,dc=com read
+ by dn.exact=dc=example,dc=com none
+ by * read
+olcAccess: to dn.subtree=ou=sm1ou2,dc=example,dc=com
+ by dn.exact=ou=ou1,dc=example,dc=com none
+ by dn.exact=ou=ou2,dc=example,dc=com none
+ by dn.exact=dc=example,dc=com read
+ by * read
+olcAccess: to dn.subtree=ou=sm2ou1,dc=example,dc=com
+ by dn.exact=ou=ou1,dc=example,dc=com none
+ by dn.exact=ou=ou2,dc=example,dc=com none
+ by dn.exact=dc=example,dc=com none
+ by * read
+olcAccess: to * by * read
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for central master access config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding access rules on site1 master..."
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+add: olcAccess
+olcAccess: to dn.subtree=dc=example,dc=com
+ by * read
+olcAccess: to * by * read
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for site1 master access config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding access rules on site2 master..."
+$LDAPMODIFY -D cn=config -H $URI3 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+add: olcAccess
+olcAccess: to dn.exact=dc=example,dc=com
+ by * read
+olcAccess: to dn.subtree=ou=ou2,dc=example,dc=com
+ by * read
+olcAccess: to dn.subtree=ou=sm1ou1,dc=example,dc=com
+ by users none
+ by * read
+olcAccess: to dn.subtree=ou=sm2ou1,dc=example,dc=com
+ by * read
+olcAccess: to dn.subtree=ou=sm2ou2,dc=example,dc=com
+ by dn.exact=dc=example,dc=com read
+ by users none
+ by * read
+olcAccess: to * by * read
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for site2 master access config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding database config on central search..."
+$LDAPADD -D cn=config -H $URI4 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SSC_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $UPDATEDN
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for central search database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding database config on site1 search..."
+$LDAPADD -D cn=config -H $URI5 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SS1_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $UPDATEDN
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for site1 search database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding database config on site2 search..."
+$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcDbDirectory: $SS2_DIR/db
+olcSuffix: $BASEDN
+olcRootDN: $UPDATEDN
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for site2 search database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Populating central master..."
+$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: dcObject
+dc: example
+o: Example, Inc
+userPassword: $PASSWD
+
+dn: ou=ou1,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: ou1
+userPassword: $PASSWD
+
+dn: ou=ou2,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: ou2
+userPassword: $PASSWD
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed to populate central master entry ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding syncrepl on site1 master..."
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={4}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=1 provider=$URI1 searchbase="$BASEDN"
+ binddn="ou=ou1,$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on site1 master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding syncrepl on site2 master..."
+$LDAPMODIFY -D cn=config -H $URI3 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={5}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=1 provider=$URI1 searchbase="$BASEDN"
+ binddn="ou=ou2,$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on site2 master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check that site1 master received changes..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 \
+ -s base -b "ou=ou1,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that site2 master received changes..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI3 \
+ -s base -b "ou=ou1,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+sleep 1
+
+echo "Populating site1 master..."
+$LDAPADD -D "ou=sm1ou1,$BASEDN" -H $URI2 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm1ou1,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: sm1ou1
+
+dn: ou=sm1ou2,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: sm1ou2
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed to populate site1 master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+sleep 1
+
+echo "Populating site2 master..."
+$LDAPADD -D "ou=sm2ou1,$BASEDN" -H $URI3 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm2ou1,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: sm2ou1
+
+dn: ou=sm2ou2,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: sm2ou2
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed to populate site2 master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+ERRORS=0
+
+# TEST:
+# Stop site1 master when adding syncrepl to the central master. When
+# site1 master is started again both it and the central master will have
+# the same number of contextCSN values, but the ones on central master
+# will be the newest. The central master will not update its contextCSN
+# values unless the bug in ITS#5597 have been fixed.
+echo "Stopping site1 master..."
+kill -HUP "$SM1_PID"
+wait "$SM1_PID"
+KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SM1_PID / /"`;
+SM1_PID=
+
+echo "Adding syncrepl on central master..."
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={3}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=3 provider=$URI2 searchbase="ou=sm1ou1,$BASEDN"
+ binddn="ou=sm1ou1,$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+dn: olcDatabase={5}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=5 provider=$URI3 searchbase="ou=sm2ou1,$BASEDN"
+ binddn="ou=sm2ou1,$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on central master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+echo "Using ldapsearch to check that central master received site2 entries..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm2ou1,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if test -z "$SM1_PID" ; then
+ echo "Restarting site1 master slapd on TCP/IP port $PORT2..."
+ cd $SM1_DIR
+ $SLAPD -F slapd.d -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+ SM1_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SM1_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SM1_PID"
+ cd $TESTWD
+ sleep 1
+fi
+sleep 1
+echo "Using ldapsearch to check that site1 master is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that central master received site1 entries..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm1ou1,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Test done, now some more intialization...
+
+echo "Adding syncrepl consumer on central search..."
+$LDAPMODIFY -D cn=config -H $URI4 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=1 provider=$URI1 searchbase="$BASEDN"
+ binddn="$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on site1 search ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding syncrepl consumer on site1 search..."
+$LDAPMODIFY -D cn=config -H $URI5 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=1 provider=$URI2 searchbase="$BASEDN"
+ binddn="$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on site1 search ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding syncrepl consumer on site2 search..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=1 provider=$URI3 searchbase="$BASEDN"
+ binddn="$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on site2 search ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check that central search received changes..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that site1 search received changes..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI5 \
+ -s base -b "$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that site2 search received changes..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Create a script that will check the contextCSN values of all servers,
+# and restart them to re-synchronize if it finds any errors:
+cat > $TESTDIR/checkcsn.sh <<'EOF'
+#!/bin/sh
+
+CSN_ERRORS=0
+
+CSN1=`$LDAPSEARCH -H $URI1 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+CSN2=`$LDAPSEARCH -H $URI2 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+CSN3=`$LDAPSEARCH -H $URI3 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+CSN4=`$LDAPSEARCH -H $URI4 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+CSN5=`$LDAPSEARCH -H $URI5 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+CSN6=`$LDAPSEARCH -H $URI6 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+
+if test -z "$CSN1" ; then
+ echo "ERROR: contextCSN empty on central master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`
+fi
+nCSN=`echo "$CSN1" | wc -l`
+if test "$nCSN" -ne 3 ; then
+ echo "ERROR: Wrong contextCSN count on central master, should be 3"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`
+ if test -n "$CSN_VERBOSE"; then
+ echo "$CSN1"
+ fi
+fi
+if test -z "$CSN2" -o "$CSN1" != "$CSN2" ; then
+ echo "ERROR: contextCSN mismatch between central master and site1 master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on site1 master:"
+ echo "$CSN2"
+ fi
+fi
+if test -z "$CSN3" -o "$CSN1" != "$CSN3" ; then
+ echo "ERROR: contextCSN mismatch between central master and site2 master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on site2 master:"
+ echo "$CSN3"
+ fi
+fi
+if test -z "$CSN4" -o "$CSN1" != "$CSN4" ; then
+ echo "ERROR: contextCSN mismatch between central master and central search"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on central search:"
+ echo "$CSN4"
+ fi
+fi
+if test -z "$CSN5" -o "$CSN2" != "$CSN5" ; then
+ echo "ERROR: contextCSN mismatch between site1 master and site1 search"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on site1 master:"
+ echo "$CSN2"
+ echo "contextCSN on site1 search:"
+ echo "$CSN5"
+ fi
+fi
+if test -z "$CSN6" -o "$CSN3" != "$CSN6" ; then
+ echo "ERROR: contextCSN mismatch between site2 master and site2 search:"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on site2 master:"
+ echo "$CSN3"
+ echo "contextCSN on site2 search:"
+ echo "$CSN6"
+ fi
+fi
+
+if test $CSN_ERRORS != 0 ; then
+ echo "Stopping all servers to synchronize contextCSN..."
+ kill -HUP $KILLPIDS
+ for pid in $KILLPIDS ; do wait $pid ; done
+ KILLPIDS=
+
+ echo "Restarting site1 master slapd on TCP/IP port $PORT2..."
+ cd $SM1_DIR
+ $SLAPD -F slapd.d -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+ SM1_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SM1_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SM1_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site1 master is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Restarting site2 master slapd on TCP/IP port $PORT3..."
+ cd $SM2_DIR
+ $SLAPD -F slapd.d -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 &
+ SM2_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SM2_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SM2_PID "
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site2 master is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Restarting central master slapd on TCP/IP port $PORT1..."
+ cd $SMC_DIR
+ $SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+ SMC_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SMC_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SMC_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that central master slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Sleeping 5 seconds to allow contextCSN to synchronize..."
+ sleep 5
+
+ echo "Stopping site1 and site2 master..."
+ kill -HUP $SM1_PID $SM2_PID
+ for pid in $SM1_PID $SM2_PID ; do wait $pid ; done
+ KILLPIDS=" $SMC_PID"
+
+ echo "Restarting site1 master slapd on TCP/IP port $PORT2..."
+ cd $SM1_DIR
+ $SLAPD -F slapd.d -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
+ SM1_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SM1_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SM1_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site1 master is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Restarting site2 master slapd on TCP/IP port $PORT3..."
+ cd $SM2_DIR
+ $SLAPD -F slapd.d -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 &
+ SM2_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SM2_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SM2_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site2 master is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Sleeping 5 seconds to allow contextCSN to synchronize..."
+ sleep 5
+
+ echo "Restarting central search slapd on TCP/IP port $PORT4..."
+ cd $SSC_DIR
+ $SLAPD -F slapd.d -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 &
+ SSC_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SSC_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SSC_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that central search slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI4 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Restarting site1 search slapd on TCP/IP port $PORT5..."
+ cd $SS1_DIR
+ $SLAPD -F slapd.d -h $URI5 -d $LVL $TIMING >> $LOG5 2>&1 &
+ SS1_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SS1_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SS1_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site1 search slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI5 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Restarting site2 search slapd on TCP/IP port $PORT6..."
+ cd $SS2_DIR
+ $SLAPD -F slapd.d -h $URI6 -d $LVL $TIMING >> $LOG6 2>&1 &
+ SS2_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SS2_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SS2_PID"
+ cd $TESTWD
+ sleep 1
+ echo "Using ldapsearch to check that site2 search slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI6 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Sleeping 5 seconds to allow contextCSN to synchronize..."
+ sleep 5
+
+ echo "Checking contextCSN after restart..."
+ CSN1=`$LDAPSEARCH -H $URI1 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ CSN2=`$LDAPSEARCH -H $URI2 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ CSN3=`$LDAPSEARCH -H $URI3 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ CSN4=`$LDAPSEARCH -H $URI4 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ CSN5=`$LDAPSEARCH -H $URI5 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ CSN6=`$LDAPSEARCH -H $URI6 -b $BASEDN -s base contextCSN | grep contextCSN | sort`
+ if test -z "$CSN1" ; then
+ echo "ERROR: contextCSN empty on central master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`
+ fi
+
+ if test -z "$CSN2" -o "$CSN1" != "$CSN2" ; then
+ echo "ERROR: contextCSN mismatch between central master and site1 master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on site1 master:"
+ echo "$CSN2"
+ fi
+ fi
+ if test -z "$CSN3" -o "$CSN1" != "$CSN3" ; then
+ echo "ERROR: contextCSN mismatch between central master and site2 master"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on site2 master:"
+ echo "$CSN3"
+ fi
+ fi
+ if test -z "$CSN4" -o "$CSN1" != "$CSN4" ; then
+ echo "ERROR: contextCSN mismatch between central master and central search"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on central master:"
+ echo "$CSN1"
+ echo "contextCSN on central search:"
+ echo "$CSN4"
+ fi
+ fi
+ if test -z "$CSN5" -o "$CSN2" != "$CSN5" ; then
+ echo "ERROR: contextCSN mismatch between site1 master and site1 search"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on site1 master:"
+ echo "$CSN2"
+ echo "contextCSN on site1 search:"
+ echo "$CSN5"
+ fi
+ fi
+ if test -z "$CSN6" -o "$CSN3" != "$CSN6" ; then
+ echo "ERROR: contextCSN mismatch between site2 master and site2 search:"
+ CSN_ERRORS=`expr $CSN_ERRORS + 1`;
+ if test -n "$CSN_VERBOSE"; then
+ echo "contextCSN on site2 master:"
+ echo "$CSN3"
+ echo "contextCSN on site2 search:"
+ echo "$CSN6"
+ fi
+ fi
+fi
+
+ERRORS=`expr $ERRORS + $CSN_ERRORS`
+
+EOF
+
+chmod +x $TESTDIR/checkcsn.sh
+
+
+echo "Checking contextCSN after initial replication..."
+. $TESTDIR/checkcsn.sh
+
+MNUM=1
+
+# TEST:
+# Test that updates to the first backend on central master, which should
+# be replicated to all servers actually is so, and that the contextCSN is
+# updated everywhere:
+echo "Using ldapmodify to modify first backend on central master..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=ou1,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check replication to central search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check replication to site1 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI5 \
+ -s base -b "ou=ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check replication to site2 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "ou=ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Checking contextCSN after modify of first backend on central master..."
+. $TESTDIR/checkcsn.sh
+
+# TEST:
+# Test that updates to the second backend on central master is only
+# replicated to those search servers that should receive that backend.
+# The contextCSN should still be updated everywhere:
+MNUM=`expr $MNUM + 1`
+echo "Using ldapmodify to modify second backend on central master..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=ou2,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check replication to site2 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "ou=ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check no replication to site1 master..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 \
+ -s base -b "ou=ou2,$BASEDN" \
+ "(description=Modify$NMUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to site1 search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Using ldapsearch to check no replication to central search..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to central search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Checking contextCSN after modify of second backend on central master..."
+. $TESTDIR/checkcsn.sh
+
+# TEST:
+# Test that updates to the first backend on site1 master, which should be
+# replicated everywhere except to central and site2 search. The contextCSN
+# should be updated on all servers:
+MNUM=`expr $MNUM + 1`
+echo "Using ldapmodify to modify first backend on site1 master..."
+$LDAPMODIFY -D "ou=sm1ou1,$BASEDN" -H $URI2 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm1ou1,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check replication to site1 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI5 \
+ -s base -b "ou=sm1ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check replication to site2 master..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI3 \
+ -s base -b "ou=sm1ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check no replication to site2 search..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to central search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Using ldapsearch to check no replication to central search..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to central search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Checking contextCSN after modify of first backend on site1 master..."
+. $TESTDIR/checkcsn.sh
+
+
+# TEST:
+# Test updates to the second backend on site1 master, which should only be
+# replicated to site1 search. The contextCSN should be updated everywhere.
+MNUM=`expr $MNUM + 1`
+echo "Using ldapmodify to modify second backend on site1 master..."
+$LDAPMODIFY -D "ou=sm1ou1,$BASEDN" -H $URI2 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm1ou2,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+
+echo "Using ldapsearch to check replication to site1 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI5 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check no replication to central master..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ "(description=Modify$NMUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to site2 search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Checking contextCSN after modify of second backend on site1 master..."
+. $TESTDIR/checkcsn.sh
+
+
+# TEST:
+# Test updates to first backend on site2 master, which should be
+# replicated to the central servers, but not site1. The contextCSN
+# should be updated everywhere:
+MNUM=`expr $MNUM + 1`
+echo "Using ldapmodify to modify first backend on site2 master..."
+$LDAPMODIFY -D "ou=sm2ou1,$BASEDN" -H $URI3 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm2ou1,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check replication to central master..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm2ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check replication to site2 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "ou=sm2ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check no replication to site1 master..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 \
+ -s base -b "ou=sm2ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to site2 search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Using ldapsearch to check no replication to central search..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=sm2ou1,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to site2 search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Checking contextCSN after modify of first backend on site2 master..."
+. $TESTDIR/checkcsn.sh
+
+
+# TEST:
+# Test updates to the second backend on site2 master, which should only be
+# replicated to site2 search. As always, contextCSN should be updated
+# everywhere:
+MNUM=`expr $MNUM + 1`
+echo "Using ldapmodify to modify second backend on site2 master..."
+$LDAPMODIFY -D "ou=sm2ou1,$BASEDN" -H $URI3 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: ou=sm2ou2,dc=example,dc=com
+changetype: modify
+add: description
+description: Modify$MNUM
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check replication to site2 search..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "ou=sm2ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check no replication to central master..."
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=sm2ou2,$BASEDN" \
+ "(description=Modify$MNUM)" 2>&1 | awk '/^dn:/ {print "NOK"}'`
+ if test "x$RESULT" = "xNOK" ; then
+ echo "Change was replicated to central search!"
+ test $KILLSERVERS != no && KILL -HUP $KILLPIDS
+ exit 1
+ fi
+ sleep 1
+done
+
+echo "Checking contextCSN after modify of second backend on site2 master..."
+. $TESTDIR/checkcsn.sh
+
+# TEST:
+# Test that all contextCSN values are updated on the slaves when they
+# starts with an empty database. Start site2 master first, then site2
+# search and finally central master so that the site2 search's syncrepl
+# connection has been set up when site2 master receives the database:
+echo "Stopping central master and site2 servers to test start with emtpy db..."
+kill -HUP $SMC_PID $SM2_PID $SS2_PID
+for pid in $SMC_PID $SM2_PID $SS2_PID; do wait $pid ; done
+KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SMC_PID / /"`;
+KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SM2_PID / /"`;
+KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SS2_PID / /"`;
+SMC_PID=
+SM2_PID=
+SS2_PID=
+rm -rf $SM2_DIR/db/*
+rm -rf $SS2_DIR/db/*
+
+echo "Starting site2 master slapd on TCP/IP port $PORT3..."
+cd $SM2_DIR
+$SLAPD -F slapd.d -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 &
+SM2_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SM2_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SM2_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site2 master slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI3 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting site2 search slapd on TCP/IP port $PORT6..."
+cd $SS2_DIR
+$SLAPD -F slapd.d -h $URI6 -d $LVL $TIMING >> $LOG6 2>&1 &
+SS2_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SS2_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SS2_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that site2 search slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI6 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting central master slapd on TCP/IP port $PORT1..."
+cd $SMC_DIR
+$SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+SMC_PID=$!
+if test $WAIT != 0 ; then
+ echo PID $SMC_PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SMC_PID"
+cd $TESTWD
+sleep 1
+echo "Using ldapsearch to check that central master slapd is running..."
+for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that site2 master received base..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI3 \
+ -s base -b "$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to check that site2 search received base..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI6 \
+ -s base -b "$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Checking contextCSN after site2 servers repopulated..."
+. $TESTDIR/checkcsn.sh
+
+if test $ERRORS -ne 0; then
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ echo "Found $ERRORS errors"
+ exit $ERRORS
+fi
+
+# TEST:
+# Adding syncrepl of the second site1 master backend on central master
+# will not initialize the database unless the contextCSN attribute is
+# stored in the suffix of the database and not the suffix of the glue
+# database:
+echo "Adding syncrepl of second site1 master backend on central master..."
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={4}$BACKEND,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=4 provider=$URI2 searchbase="ou=sm1ou2,$BASEDN"
+ binddn="ou=sm1ou1,$BASEDN" bindmethod=simple credentials=$PASSWD
+ type=refreshAndPersist retry="$RETRY" timeout=1
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed to add syncrepl on central master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+sleep 1
+
+echo "Using ldapsearch to check that central master received second site1 backend..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ERROR: Second site1 backend not replicated to central master"
+ ERRORS=`expr $ERRORS + 1`
+
+ echo "Restarting central master slapd on TCP/IP port $PORT1..."
+ kill -HUP $SMC_PID
+ wait $SMC_PID
+ KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SMC_PID / /"`;
+
+ cd $SMC_DIR
+ $SLAPD -F slapd.d -h $URI1 -c rid=4,csn=0 -d $LVL $TIMING >> $LOG1 2>&1 &
+ SMC_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SMC_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SMC_PID"
+ cd $TESTWD
+ echo "Using ldapsearch to check that central master slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to check that central master received second site1 backend..."
+ RC=32
+ for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI1 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+echo "Using ldapsearch to check that central search received second site1 backend..."
+RC=32
+for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+done
+if test $RC != 0 ; then
+ echo "ERROR: Second site1 backend not replicated to central search"
+ ERRORS=`expr $ERRORS + 1`
+
+ echo "Restarting central search slapd on TCP/IP port $PORT4..."
+ kill -HUP $SSC_PID
+ wait $SSC_PID
+ KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SSC_PID / /"`;
+
+ cd $SSC_DIR
+ $SLAPD -F slapd.d -h $URI4 -c rid=1,csn=0 -d $LVL $TIMING >> $LOG4 2>&1 &
+ SSC_PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $SSC_PID
+ read foo
+ fi
+ KILLPIDS="$KILLPIDS $SSC_PID"
+ cd $TESTWD
+ echo "Using ldapsearch to check that central search slapd is running..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI4 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ echo "Waiting $i seconds for slapd to start..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Using ldapsearch to check that central search received second site1 backend..."
+ RC=32
+ for i in 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI4 \
+ -s base -b "ou=sm1ou2,$BASEDN" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting $i seconds for syncrepl to receive changes..."
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+
+# TEST:
+# Run race tests when more than one backend is replicated from the same
+# producer. This will usually fail long before 100 iterations unless
+# syncrepl stores the contextCSN in the suffix of its own database, and
+# that syncprov follows these rules before updating its own CSN when it
+# detects updates from syncrepl:
+# 1) A contextCSN value must have been stored in the suffix of all the
+# syncrepl configured databases within the glued syncprov database.
+# 2) Of all contextCSN values stored by syncrepl with the same SID,
+# syncprov must always select the one with the lowest csn value.
+test -z "$RACE_TESTS" && RACE_TESTS=10
+RACE_NUM=0
+RACE_ERROR=0
+
+SUB_DN=ou=sub,ou=sm1ou2,dc=example,dc=com
+
+while test $RACE_ERROR -eq 0 -a $RACE_NUM -lt $RACE_TESTS ; do
+ RACE_NUM=`expr $RACE_NUM + 1`
+ echo "Running $RACE_NUM of $RACE_TESTS syncrepl race tests..."
+
+ echo "Stopping central master..."
+ kill -HUP $SMC_PID
+ wait $SMC_PID
+ KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SMC_PID / /"`;
+
+ MNUM=`expr $MNUM + 1`
+ echo "Using ldapadd to add entry on site1 master..."
+ $LDAPADD -D "ou=sm1ou1,$BASEDN" -H $URI2 -w $PASSWD <<EOF >> $TESTOUT 2>&1
+dn: $SUB_DN
+objectClass: top
+objectClass: organizationalUnit
+ou: sub
+
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Starting central master again..."
+ cd $SMC_DIR
+ $SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+ SMC_PID=$!
+ KILLPIDS="$KILLPIDS $SMC_PID"
+ cd $TESTWD
+ echo "Using ldapsearch to check that central master received entry..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$SUB_DN" -H $URI1 > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ERROR: entry not replicated to central master!"
+ RACE_ERROR=1
+ break
+ fi
+
+ echo "Using ldapsearch to check that central search received entry..."
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$SUB_DN" -H $URI4 > /dev/null 2>&1
+ RC=$?
+ test $RC = 0 && break
+ sleep $i
+ done
+ if test $RC != 0 ; then
+ echo "ERROR: entry not replicated to central master!"
+ RACE_ERROR=1
+ break
+ fi
+
+ echo "Stopping central master..."
+ kill -HUP $SMC_PID
+ wait $SMC_PID
+ KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $SMC_PID / /"`;
+
+ echo "Using ldapdelete to delete entry on site1 master..."
+ $LDAPDELETE -D "ou=sm1ou1,$BASEDN" -H $URI2 -w $PASSWD "$SUB_DN"
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapdelete failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Starting central master again..."
+ cd $SMC_DIR
+ $SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+ SMC_PID=$!
+ KILLPIDS="$KILLPIDS $SMC_PID"
+ cd $TESTWD
+
+ echo "Using ldapsearch to check that entry was deleted on central master..."
+ RC=0
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$SUB_DN" -H $URI1 > /dev/null 2>&1
+ RC=$?
+ if test $RC != 0; then break; fi
+ sleep $i
+ done
+
+ if test $RC = 0; then
+ echo "ERROR: Entry not removed on central master!"
+ RACE_ERROR=1
+ break
+ fi
+
+ echo "Using ldapsearch to check that entry was deleted on central search..."
+ RC=0
+ for i in 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$SUB_DN" -H $URI4 > /dev/null 2>&1
+ RC=$?
+ if test $RC != 0; then break; fi
+ sleep $i
+ done
+
+ if test $RC = 0; then
+ echo "ERROR: Entry not removed on central search!"
+ RACE_ERROR=1
+ break
+ fi
+done
+
+if test $RACE_ERROR != 0; then
+ echo "Race error found after $RACE_NUM of $RACE_TESTS iterations"
+ ERRORS=`expr $ERRORS + $RACE_ERROR`
+else
+ echo "No race errors found after $RACE_TESTS iterations"
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $ERRORS -ne 0; then
+ echo "Found $ERRORS errors"
+ echo ">>>>>> Exiting with a false success status for now"
+ exit 0
+fi
+
+echo ">>>>> Test succeeded"
+
+exit 0
Property changes on: openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric
___________________________________________________________________
Added: svn:executable
+ *
More information about the Pkg-openldap-devel
mailing list