[Pkg-openldap-devel] r1224 - in openldap/vendor/openldap-release: . build clients/tools contrib/slapd-modules/autogroup contrib/slapd-modules/cloak contrib/slapd-modules/nops contrib/slapd-modules/nssov contrib/slapd-modules/nssov/nss-ldapd contrib/slapd-modules/nssov/nss-ldapd/nss contrib/slapd-modules/passwd contrib/slapd-modules/smbk5pwd doc/guide/admin doc/guide/images/src doc/man/man1 doc/man/man3 doc/man/man5 doc/man/man8 include include/ac libraries/liblber libraries/libldap libraries/libldap_r libraries/liblutil libraries/librewrite servers/slapd servers/slapd/back-bdb servers/slapd/back-ldap servers/slapd/back-meta servers/slapd/back-monitor servers/slapd/back-ndb servers/slapd/back-perl servers/slapd/back-relay servers/slapd/back-sql servers/slapd/overlays servers/slapd/slapi tests/data tests/progs tests/scripts
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Mon Jul 27 22:27:13 UTC 2009
Author: vorlon
Date: 2009-07-27 22:27:07 +0000 (Mon, 27 Jul 2009)
New Revision: 1224
Added:
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5
openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile
openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg
openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg
openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshonly.svg
openldap/vendor/openldap-release/doc/guide/images/src/n-way-multi-master.svg
openldap/vendor/openldap-release/doc/man/man1/ldapexop.1
openldap/vendor/openldap-release/doc/man/man8/slapschema.8
openldap/vendor/openldap-release/servers/slapd/slapschema.c
openldap/vendor/openldap-release/tests/data/memberof-refint.out
openldap/vendor/openldap-release/tests/data/monitor1.out
openldap/vendor/openldap-release/tests/data/monitor2.out
openldap/vendor/openldap-release/tests/data/monitor3.out
openldap/vendor/openldap-release/tests/data/monitor4.out
openldap/vendor/openldap-release/tests/scripts/test056-monitor
openldap/vendor/openldap-release/tests/scripts/test057-memberof-refint
openldap/vendor/openldap-release/tests/scripts/test058-syncrepl-asymmetric
Modified:
openldap/vendor/openldap-release/CHANGES
openldap/vendor/openldap-release/README
openldap/vendor/openldap-release/build/lib.mk
openldap/vendor/openldap-release/build/man.mk
openldap/vendor/openldap-release/build/top.mk
openldap/vendor/openldap-release/build/version.var
openldap/vendor/openldap-release/clients/tools/common.c
openldap/vendor/openldap-release/clients/tools/ldapmodify.c
openldap/vendor/openldap-release/clients/tools/ldappasswd.c
openldap/vendor/openldap-release/clients/tools/ldapsearch.c
openldap/vendor/openldap-release/configure
openldap/vendor/openldap-release/configure.in
openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c
openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c
openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile
openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
openldap/vendor/openldap-release/doc/guide/admin/guide.html
openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
openldap/vendor/openldap-release/doc/man/man1/ldapurl.1
openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3
openldap/vendor/openldap-release/doc/man/man3/lber-types.3
openldap/vendor/openldap-release/doc/man/man3/ldap.3
openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3
openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3
openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3
openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3
openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3
openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3
openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3
openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3
openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
openldap/vendor/openldap-release/doc/man/man5/ldif.5
openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
openldap/vendor/openldap-release/doc/man/man5/slapd-config.5
openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5
openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
openldap/vendor/openldap-release/doc/man/man5/slapd-perl.5
openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5
openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5
openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5
openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5
openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5
openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5
openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5
openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
openldap/vendor/openldap-release/doc/man/man8/slapacl.8
openldap/vendor/openldap-release/doc/man/man8/slapadd.8
openldap/vendor/openldap-release/doc/man/man8/slapauth.8
openldap/vendor/openldap-release/doc/man/man8/slapcat.8
openldap/vendor/openldap-release/doc/man/man8/slapd.8
openldap/vendor/openldap-release/doc/man/man8/slapdn.8
openldap/vendor/openldap-release/doc/man/man8/slapindex.8
openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
openldap/vendor/openldap-release/doc/man/man8/slaptest.8
openldap/vendor/openldap-release/include/ac/dirent.h
openldap/vendor/openldap-release/include/lber.h
openldap/vendor/openldap-release/include/ldap.h
openldap/vendor/openldap-release/include/ldap_pvt_thread.h
openldap/vendor/openldap-release/include/portable.hin
openldap/vendor/openldap-release/libraries/liblber/io.c
openldap/vendor/openldap-release/libraries/liblber/memory.c
openldap/vendor/openldap-release/libraries/libldap/gssapi.c
openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
openldap/vendor/openldap-release/libraries/libldap/request.c
openldap/vendor/openldap-release/libraries/libldap/result.c
openldap/vendor/openldap-release/libraries/libldap/tls2.c
openldap/vendor/openldap-release/libraries/libldap/tls_g.c
openldap/vendor/openldap-release/libraries/libldap/tls_m.c
openldap/vendor/openldap-release/libraries/libldap/tls_o.c
openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
openldap/vendor/openldap-release/libraries/liblutil/ldif.c
openldap/vendor/openldap-release/libraries/liblutil/passfile.c
openldap/vendor/openldap-release/libraries/liblutil/passwd.c
openldap/vendor/openldap-release/libraries/liblutil/utils.c
openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
openldap/vendor/openldap-release/servers/slapd/Makefile.in
openldap/vendor/openldap-release/servers/slapd/abandon.c
openldap/vendor/openldap-release/servers/slapd/aclparse.c
openldap/vendor/openldap-release/servers/slapd/alock.c
openldap/vendor/openldap-release/servers/slapd/at.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp
openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
openldap/vendor/openldap-release/servers/slapd/backend.c
openldap/vendor/openldap-release/servers/slapd/backglue.c
openldap/vendor/openldap-release/servers/slapd/bconfig.c
openldap/vendor/openldap-release/servers/slapd/cancel.c
openldap/vendor/openldap-release/servers/slapd/config.c
openldap/vendor/openldap-release/servers/slapd/config.h
openldap/vendor/openldap-release/servers/slapd/connection.c
openldap/vendor/openldap-release/servers/slapd/controls.c
openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
openldap/vendor/openldap-release/servers/slapd/daemon.c
openldap/vendor/openldap-release/servers/slapd/dn.c
openldap/vendor/openldap-release/servers/slapd/entry.c
openldap/vendor/openldap-release/servers/slapd/filterentry.c
openldap/vendor/openldap-release/servers/slapd/ldapsync.c
openldap/vendor/openldap-release/servers/slapd/limits.c
openldap/vendor/openldap-release/servers/slapd/main.c
openldap/vendor/openldap-release/servers/slapd/modify.c
openldap/vendor/openldap-release/servers/slapd/module.c
openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
openldap/vendor/openldap-release/servers/slapd/overlays/dds.c
openldap/vendor/openldap-release/servers/slapd/overlays/deref.c
openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
openldap/vendor/openldap-release/servers/slapd/proto-slap.h
openldap/vendor/openldap-release/servers/slapd/result.c
openldap/vendor/openldap-release/servers/slapd/root_dse.c
openldap/vendor/openldap-release/servers/slapd/sasl.c
openldap/vendor/openldap-release/servers/slapd/schema_check.c
openldap/vendor/openldap-release/servers/slapd/schema_init.c
openldap/vendor/openldap-release/servers/slapd/schema_prep.c
openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
openldap/vendor/openldap-release/servers/slapd/slap.h
openldap/vendor/openldap-release/servers/slapd/slapadd.c
openldap/vendor/openldap-release/servers/slapd/slapcommon.c
openldap/vendor/openldap-release/servers/slapd/slapcommon.h
openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
openldap/vendor/openldap-release/servers/slapd/syncrepl.c
openldap/vendor/openldap-release/tests/data/ppolicy.ldif
openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
openldap/vendor/openldap-release/tests/progs/slapd-bind.c
openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
openldap/vendor/openldap-release/tests/progs/slapd-search.c
openldap/vendor/openldap-release/tests/scripts/all
openldap/vendor/openldap-release/tests/scripts/defines.sh
openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied
openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy
openldap/vendor/openldap-release/tests/scripts/test049-sync-config
openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster
openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
Log:
Load openldap_2.4.17.orig into vendor/openldap-release.
Modified: openldap/vendor/openldap-release/CHANGES
===================================================================
--- openldap/vendor/openldap-release/CHANGES 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/CHANGES 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,132 @@
OpenLDAP 2.4 Change Log
+OpenLDAP 2.4.17 Release (2009/07/13)
+ Fixed liblber to use ber_strnlen (ITS#6080)
+ Fixed libldap gnutls private key init (ITS#6053)
+ Fixed libldap openssl digest initialization (ITS#6192)
+ Fixed libldap tls NULL error messages (ITS#6079)
+ Fixed liblutil opendir/closedir on windows (ITS#6041)
+ Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666)
+ Added slapd sasl auxprop support (ITS#6147)
+ Added slapd schema checking tool (ITS#6150)
+ Added slapd writetimeout keyword (ITS#5836)
+ Fixed slapd abandon/cancel handling for some ops (ITS#6157)
+ Fixed slapd access setstyle to expand (ITS#6179)
+ Fixed slapd assert with closing connections (ITS#6111)
+ Fixed slapd bind race condition (ITS#6189)
+ Fixed slapd cancel behavior (ITS#6137)
+ Fixed slapd cert validation (ITS#6098)
+ Fixed slapd connection_destroy assert (ITS#6089)
+ Fixed slapd csn normalization (ITS#6195)
+ Fixed slapd errno handling (ITS#6037)
+ Fixed slapd global alloc handling (ITS#6054)
+ Fixed slapd hung writers (ITS#5836)
+ Fixed slapd ldapi issues (ITS#6056)
+ Fixed slapd moduleload with static backends and modules (ITS#6016)
+ Fixed slapd normalization of updated schema attributes (ITS#5540)
+ Fixed slapd olcLimits handling (ITS#6159)
+ Fixed slapd olcLogLevel with hex levels (ITS#6162)
+ Fixed slapd pagedresults stacked control with overlays (ITS#6056)
+ Fixed slapd password-hash incorrect limit on arg length (ITS#6139)
+ Fixed slapd readonly restrictions (ITS#6109)
+ Fixed slapd sending cancelled operations results (ITS#6103)
+ Fixed slapd slapi_entry_has_children (ITS#6132)
+ Fixed slapd sockets usage on windows (ITS#6039)
+ Fixed slapd some abandon and cancel race conditions (ITS#6104)
+ Fixed slapd tls context after changes (ITS#6135)
+ Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176)
+ Fixed slapd-bdb/hdb crashes during delete (ITS#6177)
+ Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196)
+ Fixed slapd-hdb freeing of already freed entries (ITS#6074)
+ Fixed slapd-hdb entryinfo cleanup (ITS#6088)
+ Fixed slapd-hdb dncache lockups (ITS#6095)
+ Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167)
+ Fixed slapd-relay to return failure on failure (ITS#5328)
+ Fixed slapd-sql with BACKSQL_ARBITRARY_KEY defined (ITS#6100)
+ Fixed slapo-collect collectinfo ordering (ITS#6076)
+ Fixed slapo-collect missing equality match rule (ITS#6075)
+ Fixed slapo-dds entry expiration (ITS#6169)
+ Fixed slapo-perl symbols (ITS#5658)
+ Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
+ Fixed slapo-ppolicy to return check modules error message (ITS#6082)
+ Fixed slapo-refint refint_repair handling (ITS#6056)
+ Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
+ Fixed slapo-rwm dn passing (ITS#6070)
+ Fixed slapo-rwm entry free (ITS#6058)
+ Fixed slapo-rwm entry release (ITS#6081)
+ Fixed slapo-translucent entry gathering (ITS#6156)
+ Fixed tools returning ldif errors (ITS#5892)
+ Fixed contrib/smbk5pwd use of private functions (ITS#5535)
+ Build Environment
+ Added test056-monitor (ITS#5540)
+ Added test057-memberof-refint (ITS#5395)
+ Fixed winsock detection for windows (ITS#6102, ITS#6078)
+ Removed GSSAPI configure option (ITS#6091,ITS#6092,ITS#6093,ITS#5369)
+ Documentation
+ admin24 relocate configuration examples (ITS#6183)
+ admin24 fixed example regex (ITS#6052)
+ admin24 removed temporary back-monitor note (ITS#6130)
+ admin24 slapd.conf to cn=config conversion process (ITS#6060)
+ man page consistency fixes (ITS#6023)
+ ldapcompare(1) note -e option (ITS#6107)
+ ldapdelete(1) note -e option (ITS#6107)
+ ldapmodify(1) note -e option (ITS#6107)
+ ldapmodrdn(1) note -e option (ITS#6107)
+ ldapsearch(1) output format description (ITS#6146)
+ ldapurl(1) note -e option (ITS#6107)
+ ldapwhoami(1) note -e option (ITS#6107)
+ ldap_result(3) Add RETURN VALUE heading (ITS#6180)
+ ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
+ slapd.access(5) Fix <setstyle> to use expand (ITS#6179)
+ slapd.conf(5) document default modulepath (ITS#5829)
+ slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
+ slapd-config(5) document default modulepath (ITS#5829)
+ slapd-config(5) pidfile/argsfile description fix (ITS#5975)
+ slapo-constraint(5) clarify URI example (ITS#6118)
+ slapo-unique(5) explicitly note rootdn requirement (ITS#6108)
+ slapadd(8) note it does indexing (ITS#6160)
+
+OpenLDAP 2.4.16 Release (2009/04/05)
+ Fixed libldap GnuTLS with x509v1 CA certs (ITS#5992)
+ Fixed libldap GnuTLS with CA chains (ITS#5991)
+ Fixed libldap GnuTLS TLSVerifyClient try (ITS#5981)
+ Fixed libldap segfault in checking cert/DN (ITS#5976)
+ Fixed libldap peer cert double free (ITS#5849)
+ Fixed libldap referral chasing (ITS#5980)
+ Fixed slapd backglue with empty DBs (ITS#5986)
+ Fixed slapd ctxcsn race condition (ITS#6001)
+ Fixed slapd debug message (ITS#6027)
+ Fixed slapd redundant module loading (ITS#6030)
+ Fixed slapd schema_init freed value (ITS#6036)
+ Fixed slapd syncrepl newCookie sync messages (ITS#5972)
+ Fixed slapd syncrepl hang during shutdown (ITS#6011)
+ Fixed slapd syncrepl too many MMR messages (ITS#6020)
+ Fixed slapd syncrepl skipped entries with MMR (ITS#5988)
+ Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
+ Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006)
+ Fixed slapd-bdb/hdb with NULL transactions (ITS#6012)
+ Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916)
+ Fixed slapd-ldap/meta with broken AD results (ITS#5977)
+ Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
+ Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
+ Fixed slapo-dynlist conversion to cn=config (ITS#6002)
+ Fixed slapo-syncprov newCookie sync messages (ITS#5972)
+ Fixed slapd-syncprov too many MMR messages (ITS#6020)
+ Fixed slapo-syncprov replica lockout (ITS#5985)
+ Fixed slapo-syncprov modtarget tracking (ITS#5999)
+ Fixed slapo-syncprov multiple CSN propagation (ITS#5973)
+ Fixed slapo-syncprov race condition (ITS#6045)
+ Fixed slapo-syncprov sending cookies without CSN (ITS#6024)
+ Fixed slapo-syncprov skipped entries with MMR (ITS#5988)
+ Fixed tools passphrase free (ITS#6014)
+ Build Environment
+ Cleaned up alloc/free functions for Windows (ITS#6005)
+ Fixed running of autosave files in testsuite (ITS#6026)
+ Documentation
+ admin24 clarified MMR URI requirements (ITS#5942,ITS#5987)
+ Added ldapexop(1) manual page (ITS#5982)
+ slapd-ldap/meta(5) added missing TLS options (ITS#5989)
+
OpenLDAP 2.4.15 Release (2009/02/24)
Fixed libldap alias dereferencing in C API again (ITS#5916)
Fixed libldap GnuTLS compilation (ITS#5955)
Modified: openldap/vendor/openldap-release/README
===================================================================
--- openldap/vendor/openldap-release/README 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/README 2009-07-27 22:27:07 UTC (rev 1224)
@@ -21,8 +21,7 @@
SLAPD:
BDB and HDB backends require Oracle Berkeley DB 4.4, 4.5,
4.6, or 4.7. It is highly recommended to apply the patches
- from Oracle for a given release. In addition, for BDB 4.7,
- it is advised to also use the supplied build/db.4.7.25.patch.
+ from Oracle for a given release.
CLIENTS/CONTRIB ware:
Depends on package. See per package README.
@@ -75,7 +74,7 @@
<http://www.openldap.org/its/> to be considered.
---
-$OpenLDAP: pkg/ldap/README,v 1.40.2.11 2009/02/18 00:54:29 hyc Exp $
+$OpenLDAP: pkg/ldap/README,v 1.40.2.12 2009/03/09 00:36:37 hyc Exp $
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Modified: openldap/vendor/openldap-release/build/lib.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/lib.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.4 2009/01/22 00:00:41 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.5 2009/04/28 00:17:09 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -40,9 +40,7 @@
clean-common: FORCE
$(RM) $(LIBRARY) ../$(LIBRARY) $(XLIBRARY) \
$(PROGRAMS) $(XPROGRAMS) $(XSRCS) $(XXSRCS) \
- *.o *.lo a.out *.exe core version.c .libs/* \
- ../`$(BASENAME) $(LIBRARY) .la`.so* \
- ../`$(BASENAME) $(LIBRARY) .la`*.dll
+ *.o *.lo a.out *.exe core version.c .libs/*
depend-common: FORCE
$(MKDEP) $(DEFS) $(DEFINES) $(SRCS) $(XXSRCS)
Modified: openldap/vendor/openldap-release/build/man.mk
===================================================================
--- openldap/vendor/openldap-release/build/man.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/man.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.5 2009/01/22 00:00:41 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.6 2009/06/27 18:46:30 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -31,6 +31,7 @@
-e 's%BINDIR%$(bindir)%' \
-e 's%LIBDIR%$(libdir)%' \
-e 's%LIBEXECDIR%$(libexecdir)%' \
+ -e 's%MODULEDIR%$(moduledir)%' \
-e 's%RELEASEDATE%$(RELEASEDATE)%' \
$(srcdir)/$$page \
| (cd $(srcdir); $(SOELIM) -) > $$page.$(TMP_SUFFIX); \
Modified: openldap/vendor/openldap-release/build/top.mk
===================================================================
--- openldap/vendor/openldap-release/build/top.mk 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/top.mk 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.9 2009/01/26 21:24:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.10 2009/07/06 19:22:52 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -187,10 +187,9 @@
KRB5_LIBS = @KRB5_LIBS@
KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
SASL_LIBS = @SASL_LIBS@
-GSSAPI_LIBS = @GSSAPI_LIBS@
TLS_LIBS = @TLS_LIBS@
AUTH_LIBS = @AUTH_LIBS@
-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
ICU_LIBS = @ICU_LIBS@
MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
Modified: openldap/vendor/openldap-release/build/version.var
===================================================================
--- openldap/vendor/openldap-release/build/version.var 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/build/version.var 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.50 2009/02/24 05:12:26 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.56 2009/07/13 17:30:01 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2009 The OpenLDAP Foundation.
@@ -15,9 +15,9 @@
ol_package=OpenLDAP
ol_major=2
ol_minor=4
-ol_patch=15
-ol_api_inc=20415
-ol_api_current=6
-ol_api_revision=1
-ol_api_age=4
-ol_release_date="2009/02/24"
+ol_patch=17
+ol_api_inc=20417
+ol_api_current=7
+ol_api_revision=0
+ol_api_age=5
+ol_release_date="2009/07/13"
Modified: openldap/vendor/openldap-release/clients/tools/common.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/common.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* common.c - common routines for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.19 2009/02/05 23:05:03 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.22 2009/05/01 20:00:34 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -255,9 +255,11 @@
ber_memfree( binddn );
}
+#if 0 /* not yet */
if ( passwd.bv_val != NULL ) {
ber_memfree( passwd.bv_val );
}
+#endif
}
void
@@ -623,7 +625,7 @@
} else if ( tool_is_oid( control ) ) {
LDAPControl *tmpctrls, ctrl;
- tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
+ tmpctrls = (LDAPControl *)ber_memrealloc( unknown_ctrls,
(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
if ( tmpctrls == NULL ) {
fprintf( stderr, "%s: no memory?\n", prog );
@@ -1169,7 +1171,7 @@
for ( i = 0; hosts[ i ] != NULL; i++ )
/* count'em */ ;
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
@@ -1203,7 +1205,7 @@
ber_memfree( domain );
} else {
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + 2 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + 2 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
@@ -1985,7 +1987,10 @@
}
*ptr++ = '=';
if ( k == -1 ) {
- k = lutil_b64_ntop( dv->vals[ j ].bv_val, dv->vals[ j ].bv_len, ptr, buf + len - ptr );
+ k = lutil_b64_ntop(
+ (unsigned char *) dv->vals[ j ].bv_val,
+ dv->vals[ j ].bv_len,
+ ptr, buf + len - ptr );
assert( k >= 0 );
ptr += k;
Modified: openldap/vendor/openldap-release/clients/tools/ldapmodify.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodify.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodify.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldapmodify.c - generic program to modify or add entries using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.10 2009/01/22 00:00:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.11 2009/07/08 00:28:21 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -240,7 +240,7 @@
FILE *rejfp;
struct LDIFFP *ldiffp, ldifdummy = {0};
char *matched_msg, *error_msg;
- int rc, retval;
+ int rc, retval, ldifrc;
int len;
int i = 0;
int lineno, nextline = 0, lmax = 0;
@@ -326,8 +326,8 @@
rc = 0;
retval = 0;
lineno = 1;
- while (( rc == 0 || contoper ) && ldif_read_record( ldiffp, &nextline,
- &rbuf, &lmax ))
+ while (( rc == 0 || contoper ) && ( ldifrc = ldif_read_record( ldiffp, &nextline,
+ &rbuf, &lmax )) > 0 )
{
if ( rejfp ) {
len = strlen( rbuf );
@@ -369,6 +369,9 @@
}
ber_memfree( rbuf );
+ if ( ldifrc < 0 )
+ retval = LDAP_OTHER;
+
#ifdef LDAP_X_TXN
if( retval == 0 && txn ) {
rc = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, NULL );
Modified: openldap/vendor/openldap-release/clients/tools/ldappasswd.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldappasswd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldappasswd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldappasswd -- a tool for change LDAP passwords */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.7 2009/01/22 00:00:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.8 2009/03/09 23:16:47 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -379,7 +379,7 @@
perror( "ber_scanf" );
} else {
printf(_("New password: %s\n"), s);
- free( s );
+ ber_memfree( s );
}
ber_free( ber, 1 );
Modified: openldap/vendor/openldap-release/clients/tools/ldapsearch.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapsearch.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/clients/tools/ldapsearch.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ldapsearch -- a tool for searching LDAP directories */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.18 2009/01/22 00:00:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.19 2009/03/09 23:16:48 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
@@ -1024,8 +1024,8 @@
tool_server_controls( ld, c, i );
- ber_free( seber, 1 );
- ber_free( vrber, 1 );
+ if ( seber ) ber_free( seber, 1 );
+ if ( vrber ) ber_free( vrber, 1 );
/* step back to the original number of controls, so that
* those set while parsing args are preserved */
Modified: openldap/vendor/openldap-release/configure
===================================================================
--- openldap/vendor/openldap-release/configure 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/configure 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.21 2009/01/26 21:24:56 quanah Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61.
#
@@ -943,7 +943,6 @@
KRB4_LIBS
KRB5_LIBS
SASL_LIBS
-GSSAPI_LIBS
TLS_LIBS
MODULES_LIBS
SLAPI_LIBS
@@ -1621,7 +1620,6 @@
--with-subdir=DIR change default subdirectory used for installs
--with-cyrus-sasl with Cyrus SASL support [auto]
--with-fetch with fetch(3) URL support [auto]
- --with-gssapi with GSSAPI support [auto]
--with-threads with threads [auto]
--with-tls with TLS/SSL support auto|openssl|gnutls [auto]
--with-yielding-select with implicitly yielding select [auto]
@@ -2953,29 +2951,6 @@
fi
# end --with-fetch
-# OpenLDAP --with-gssapi
-
-# Check whether --with-gssapi was given.
-if test "${with_gssapi+set}" = set; then
- withval=$with_gssapi;
- ol_arg=invalid
- for ol_val in auto yes no ; do
- if test "$withval" = "$ol_val" ; then
- ol_arg="$ol_val"
- fi
- done
- if test "$ol_arg" = "invalid" ; then
- { { echo "$as_me:$LINENO: error: bad value $withval for --with-gssapi" >&5
-echo "$as_me: error: bad value $withval for --with-gssapi" >&2;}
- { (exit 1); exit 1; }; }
- fi
- ol_with_gssapi="$ol_arg"
-
-else
- ol_with_gssapi="auto"
-fi
-# end --with-gssapi
-
# OpenLDAP --with-threads
# Check whether --with-threads was given.
@@ -4514,7 +4489,6 @@
KRB4_LIBS=
KRB5_LIBS=
SASL_LIBS=
-GSSAPI_LIBS=
TLS_LIBS=
MODULES_LIBS=
SLAPI_LIBS=
@@ -6462,7 +6436,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 6465 "configure"' > conftest.$ac_ext
+ echo '#line 6439 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -8531,11 +8505,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8534: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8508: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8538: \$? = $ac_status" >&5
+ echo "$as_me:8512: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8793,11 +8767,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8796: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8770: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8800: \$? = $ac_status" >&5
+ echo "$as_me:8774: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8855,11 +8829,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8858: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8832: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8862: \$? = $ac_status" >&5
+ echo "$as_me:8836: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -11066,7 +11040,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 11069 "configure"
+#line 11043 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11164,7 +11138,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 11167 "configure"
+#line 11141 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -15338,7 +15312,7 @@
fi
-if test $ol_cv_msvc ; then
+if test $ol_cv_msvc = yes ; then
ol_cv_winsock=yes
fi
@@ -15351,7 +15325,7 @@
save_LIBS="$LIBS"
for curlib in none ws2_32 wsock32; do
- if test curlib != none ; then
+ if test $curlib != none ; then
LIBS="$save_LIBS -l$curlib"
fi
cat >conftest.$ac_ext <<_ACEOF
@@ -19171,638 +19145,7 @@
fi
fi
-ol_link_gssapi=no
-case $ol_with_gssapi in yes | auto)
-
- ol_header_gssapi=no
-
-for ac_header in gssapi/gssapi.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test $ac_cv_header_gssapi_gssapi_h = yes ; then
- ol_header_gssapi=yes
- else
-
-for ac_header in gssapi.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test $ac_cv_header_gssapi_h = yes ; then
- ol_header_gssapi=yes
- fi
-
- saveLIBS="$LIBS"
- LIBS="$LIBS $GSSAPI_LIBS"
-
-for ac_func in gss_oid_to_str
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
- LIBS="$saveLIBS"
- fi
-
- if test $ol_header_gssapi = yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi" >&5
-echo $ECHO_N "checking for gss_wrap in -lgssapi... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gssapi_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_gss_wrap" >&6; }
-if test $ac_cv_lib_gssapi_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"
-else
- ol_link_gssapi=no
-fi
-
- if test $ol_link_gssapi != yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi_krb5" >&5
-echo $ECHO_N "checking for gss_wrap in -lgssapi_krb5... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi_krb5 $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_krb5_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gssapi_krb5_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_wrap" >&6; }
-if test $ac_cv_lib_gssapi_krb5_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"
-else
- ol_link_gssapi=no
-fi
-
- fi
- if test $ol_link_gssapi != yes ; then
- { echo "$as_me:$LINENO: checking for gss_wrap in -lgss" >&5
-echo $ECHO_N "checking for gss_wrap in -lgss... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gss_gss_wrap+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgss $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gss_wrap ();
-int
-main ()
-{
-return gss_wrap ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_gss_gss_wrap=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gss_gss_wrap=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gss_gss_wrap" >&5
-echo "${ECHO_T}$ac_cv_lib_gss_gss_wrap" >&6; }
-if test $ac_cv_lib_gss_gss_wrap = yes; then
- ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"
-else
- ol_link_gssapi=no
-fi
-
- fi
- fi
-
- ;;
-esac
-
-WITH_GSSAPI=no
-if test $ol_link_gssapi = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GSSAPI 1
-_ACEOF
-
- WITH_GSSAPI=yes
-elif test $ol_with_gssapi = auto ; then
- { echo "$as_me:$LINENO: WARNING: Could not locate GSSAPI package" >&5
-echo "$as_me: WARNING: Could not locate GSSAPI package" >&2;}
- { echo "$as_me:$LINENO: WARNING: GSSAPI authentication not supported!" >&5
-echo "$as_me: WARNING: GSSAPI authentication not supported!" >&2;}
-elif test $ol_with_gssapi = yes ; then
- { { echo "$as_me:$LINENO: error: GSSAPI detection failed" >&5
-echo "$as_me: error: GSSAPI detection failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
if test $ol_with_tls = yes ; then
ol_with_tls=auto
fi
@@ -39299,7 +38642,6 @@
-
# Check whether --with-xxinstall was given.
if test "${with_xxinstall+set}" = set; then
withval=$with_xxinstall;
@@ -40149,7 +39491,6 @@
KRB4_LIBS!$KRB4_LIBS$ac_delim
KRB5_LIBS!$KRB5_LIBS$ac_delim
SASL_LIBS!$SASL_LIBS$ac_delim
-GSSAPI_LIBS!$GSSAPI_LIBS$ac_delim
TLS_LIBS!$TLS_LIBS$ac_delim
MODULES_LIBS!$MODULES_LIBS$ac_delim
SLAPI_LIBS!$SLAPI_LIBS$ac_delim
@@ -40165,7 +39506,7 @@
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 91; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
Modified: openldap/vendor/openldap-release/configure.in
===================================================================
--- openldap/vendor/openldap-release/configure.in 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/configure.in 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $
+dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp $
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
dnl Copyright 1998-2009 The OpenLDAP Foundation.
@@ -25,7 +25,7 @@
dnl Configure.in for OpenLDAP
AC_COPYRIGHT([[Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved.
Restrictions apply, see COPYRIGHT and LICENSE files.]])
-AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $])
+AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.24 2009/07/06 19:22:51 quanah Exp $])
AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
AC_CONFIG_SRCDIR(build/version.sh)dnl
@@ -242,8 +242,6 @@
auto, [auto yes no] )
OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
auto, [auto yes no] )
-OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
- auto, [auto yes no] )
OL_ARG_WITH(threads,[ --with-threads with threads],
auto, [auto nt posix mach pth lwp yes no manual] )
OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls],
@@ -581,7 +579,6 @@
KRB4_LIBS=
KRB5_LIBS=
SASL_LIBS=
-GSSAPI_LIBS=
TLS_LIBS=
MODULES_LIBS=
SLAPI_LIBS=
@@ -879,7 +876,7 @@
AC_CHECK_LIB(V3, sigset)
fi
-if test $ol_cv_msvc ; then
+if test $ol_cv_msvc = yes ; then
ol_cv_winsock=yes
fi
@@ -890,7 +887,7 @@
AC_CACHE_CHECK([for winsock], [ol_cv_winsock],[
save_LIBS="$LIBS"
for curlib in none ws2_32 wsock32; do
- if test curlib != none ; then
+ if test $curlib != none ; then
LIBS="$save_LIBS -l$curlib"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <winsock.h>
@@ -1146,63 +1143,6 @@
fi
dnl ----------------------------------------------------------------
-dnl GSSAPI
-ol_link_gssapi=no
-
-case $ol_with_gssapi in yes | auto)
-
- ol_header_gssapi=no
- AC_CHECK_HEADERS(gssapi/gssapi.h)
- if test $ac_cv_header_gssapi_gssapi_h = yes ; then
- ol_header_gssapi=yes
- else
- AC_CHECK_HEADERS(gssapi.h)
- if test $ac_cv_header_gssapi_h = yes ; then
- ol_header_gssapi=yes
- fi
-
- dnl## not every gssapi has gss_oid_to_str()
- dnl## as it's not defined in the GSSAPI V2 API
- dnl## anymore
- saveLIBS="$LIBS"
- LIBS="$LIBS $GSSAPI_LIBS"
- AC_CHECK_FUNCS(gss_oid_to_str)
- LIBS="$saveLIBS"
- fi
-
- if test $ol_header_gssapi = yes ; then
- dnl## we check for gss_wrap
- dnl## as it's new to the GSSAPI V2 API
- AC_CHECK_LIB(gssapi, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
- [ol_link_gssapi=no])
- if test $ol_link_gssapi != yes ; then
- AC_CHECK_LIB(gssapi_krb5, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
- [ol_link_gssapi=no])
- fi
- if test $ol_link_gssapi != yes ; then
- AC_CHECK_LIB(gss, gss_wrap,
- [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
- [ol_link_gssapi=no])
- fi
- fi
-
- ;;
-esac
-
-WITH_GSSAPI=no
-if test $ol_link_gssapi = yes; then
- AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
- WITH_GSSAPI=yes
-elif test $ol_with_gssapi = auto ; then
- AC_MSG_WARN([Could not locate GSSAPI package])
- AC_MSG_WARN([GSSAPI authentication not supported!])
-elif test $ol_with_gssapi = yes ; then
- AC_MSG_ERROR([GSSAPI detection failed])
-fi
-
-dnl ----------------------------------------------------------------
dnl TLS/SSL
if test $ol_with_tls = yes ; then
@@ -3146,7 +3086,6 @@
AC_SUBST(KRB4_LIBS)
AC_SUBST(KRB5_LIBS)
AC_SUBST(SASL_LIBS)
-AC_SUBST(GSSAPI_LIBS)
AC_SUBST(TLS_LIBS)
AC_SUBST(MODULES_LIBS)
AC_SUBST(SLAPI_LIBS)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,12 +1,18 @@
-CPPFLAGS=-I../../../include -I../../../servers/slapd
-#LDFLAGS=-L/usr/local/openldap/lib
-#LDFLAGS=-L/home/mszulczynski/autogroup/openldap/lib/
-CC=gcc
+CPPFLAGS+=-I../../../include -I../../../servers/slapd
-all: autogroup.so
+all: autogroup.la
-autogroup.so: autogroup.c
- $(CC) -shared -fPIC $(CPPFLAGS) $(LDFLAGS) -Wall -o $@ $?
+autogroup.lo: autogroup.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+autogroup.la: autogroup.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $?
+
clean:
- rm autogroup.so
+ rm -f autogroup.lo autogroup.la
+
+install: autogroup.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp autogroup.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.1 2009/01/21 01:15:37 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.2 2009/03/17 16:42:59 quanah Exp $ */
/* cloak.c - Overlay to hide some attribute except if explicitely requested */
/*
* Copyright 2008 Emmanuel Dreyfus
@@ -269,8 +269,8 @@
sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
sc->sc_response = cloak_search_cb;
- sc->sc_cleanup = NULL;
- sc->sc_next = NULL;
+ sc->sc_cleanup = slap_freeself_cb;
+ sc->sc_next = op->o_callback;
sc->sc_private = ci;
op->o_callback = sc;
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/Makefile,v 1.1.2.3 2009/02/02 18:32:58 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/Makefile,v 1.1.2.4 2009/04/27 23:35:48 quanah Exp $
CPPFLAGS+=-I../../../include -I../../../servers/slapd
CPPFLAGS+=-DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
-LIBS=-lldap_r -llber -lcrypto
+LIBS=-L$(PREFIX)/lib -lldap_r -llber -lcrypto
all: nops.la
@@ -13,4 +13,11 @@
-rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
clean:
- rm nops.lo nops.la
+ rm -f nops.lo nops.la
+
+install: nops.la
+ mkdir -p $(PREFIX)/lib/openldap
+ mkdir -p $(PREFIX)/man/man5
+ $(LIBTOOL) --mode=install cp nops.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
+ cp nops.5 $(PREFIX)/man/man5
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nops/nops.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/nops.c,v 1.1.2.1 2008/05/27 20:00:51 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/nops.c,v 1.1.2.3 2009/04/28 00:51:12 quanah Exp $ */
/* nops.c - Overlay to filter idempotent operations */
/*
* Copyright 2008 Emmanuel Dreyfus
@@ -47,7 +47,6 @@
}
}
- for (m = *mods; m; m = m->sml_next)
mod->sml_next = NULL;
slap_mods_free(mod, 1);
@@ -137,9 +136,13 @@
}
if ((m = op->orm_modlist) == NULL) {
+ slap_callback *cb = op->o_callback;
+
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
- send_ldap_error(op, rs, LDAP_SUCCESS, "");
- return(rs->sr_err);
+ op->o_callback = NULL;
+ send_ldap_error(op, rs, LDAP_SUCCESS, "");
+ op->o_callback = cb;
+
return (rs->sr_err);
}
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/Makefile,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/Makefile,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $
# Copyright 2008 Howard Chu, Symas Corp. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
XOBJS = tio.lo
OBJS = alias.lo ether.lo group.lo host.lo netgroup.lo network.lo \
- nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo
+ nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo pam.lo
.SUFFIXES: .c .o .lo
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/README 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-Copyright 2008 Howard Chu, Symas Corp. All rights reserved.
+Copyright 2008-2009 Howard Chu, Symas Corp. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
@@ -11,7 +11,8 @@
This directory contains a slapd overlay, nssov, that handles
NSS lookup requests through a local Unix Domain socket. It uses the
same IPC protocol as Arthur de Jong's nss-ldapd, and a complete
-copy of the nss-ldapd source is included here.
+copy of the nss-ldapd source is included here. It also handles
+PAM requests.
To use this code, you will need the client-side stub library from
nss-ldapd (which resides in nss-ldapd/nss). You will not need the
@@ -38,19 +39,19 @@
The overlay may be configured with Service Search Descriptors (SSDs)
for each NSS service that will be used. SSDs are configured using
- nssov-svc <service> <url>
+ nssov-ssd <service> <url>
where the <service> may be one of
- alias
- ether
+ aliases
+ ethers
group
- host
+ hosts
netgroup
- network
+ networks
passwd
- protocol
+ protocols
rpc
- service
+ services
shadow
and the <url> must be of the form
@@ -75,8 +76,51 @@
objectClass: olcOverlayConfig
objectClass: olcNssOvConfig
olcOverlay: {0}nssov
- olcNssSvc: passwd ldap:///ou=users,dc=example,dc=com??one
+ olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
olcNssMap: passwd uid accountName
which enables the passwd service, and uses the accountName attribute to
fetch what is usually retrieved from the uid attribute.
+
+PAM authentication, account management, session management, and password
+management are supported.
+
+Authentication is performed using Simple Binds. Since all operations occur
+inside the slapd overlay, "fake" connections are used and they are
+inherently secure. Two methods of mapping the PAM username to an LDAP DN
+are provided:
+ the mapping can be accomplished using slapd's authz-regexp facility. In
+this case, a DN of the form
+ cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+is fed into the regexp matcher. If a match is produced, the resulting DN
+is used.
+ otherwise, the NSS passwd map is invoked (which means it must already
+be configured).
+
+If no DN is found, the overlay returns PAM_USER_UNKNOWN. If the DN is
+found, and Password Policy is supported, then the Bind will use the
+Password Policy control and return expiration information to PAM.
+
+Account management also uses two methods. These methods depend on the
+ldapns.schema included with the nssov source.
+ The first is identical to the method used in PADL's pam_ldap module:
+host and authorizedService attributes may be looked up in the user's entry,
+and checked to determine access. Also a check may be performed to see if
+the user is a member of a particular group. This method is pretty
+inflexible and doesn't scale well to large networks of users, hosts,
+and services.
+ The second uses slapd's ACL engine to check if the user has "compare"
+privilege on an ipHost object whose name matches the current hostname, and
+whose authorizedService attribute matches the current service name. This
+method is preferred, since it allows authorization to be centralized in
+the ipHost entries instead of scattered across the entire user population.
+The ipHost entries must have an authorizedService attribute (e.g. by way
+of the authorizedServiceObject auxiliary class) to use this method.
+
+Session management: the overlay may optionally add a "logged in" attribute
+to a user's entry for successful logins, and delete the corresponding
+value upon logout. The attribute value is of the form
+ <generalizedTime> <host> <service> <tty> (<ruser at rhost>)
+
+Password management: the overlay will perform a PasswordModify exop
+in the server for the given user.
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/alias.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* alias.c - mail alias lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/alias.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/alias.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -58,7 +58,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"alias entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"alias entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -98,7 +98,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_alias_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_alias_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_ALIAS_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -108,7 +108,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG,"nssov_alias_all()",0,0,0);,
+ Debug(LDAP_DEBUG,"nssov_alias_all()\n",0,0,0);,
NSLCD_ACTION_ALIAS_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ether.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* ether.c - ethernet address lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ether.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ether.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -74,7 +74,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -92,7 +92,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[1].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val,0 );
return 0;
}
@@ -127,7 +127,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_ETHER_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -148,7 +148,7 @@
addr.ether_addr_octet[4],
addr.ether_addr_octet[5]);
cbp.addr.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_byether(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_byether(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_ETHER_BYETHER,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -159,7 +159,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_ether_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_ether_all()\n",0,0,0);,
NSLCD_ACTION_ETHER_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
/* group.c - group lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.2 2008/11/10 22:39:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.3 2009/06/03 20:46:54 quanah Exp $ */
/*
- * Copyright 2008 by Howard Chu, Symas Corp.
+ * Copyright 2008-2009 by Howard Chu, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -121,6 +121,10 @@
/* check other characters */
for (i=1;i<name->bv_len;i++)
{
+#ifndef STRICT_GROUPS
+ /* allow spaces too */
+ if (name->bv_val[i] == ' ') continue;
+#endif
if ( ! ( (name->bv_val[i]>='A' && name->bv_val[i] <= 'Z') ||
(name->bv_val[i]>='a' && name->bv_val[i] <= 'z') ||
(name->bv_val[i]>='0' && name->bv_val[i] <= '9') ||
@@ -145,7 +149,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -163,7 +167,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GID_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -225,7 +229,7 @@
{
if (!isvalidgroupname(&names[i]))
{
- Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains invalid group name: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains invalid group name: \"%s\"\n",
entry->e_name.bv_val,names[i].bv_val,0);
}
else
@@ -237,7 +241,7 @@
gid_t gid;
gid = strtol(gids[j].bv_val, &tmp, 0);
if ( *tmp ) {
- Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains non-numeric %s value: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains non-numeric %s value: \"%s\"\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val,
names[i].bv_val);
continue;
@@ -275,14 +279,14 @@
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
if (!isvalidgroupname(&cbp.name)) {
- Debug(LDAP_DEBUG_ANY,"nssov_group_byname(%s): invalid group name",cbp.name.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_group_byname(%s): invalid group name\n",cbp.name.bv_val,0,0);
return -1;
}
cbp.wantmembers = 1;
cbp.ni = ni;
BER_BVZERO(&cbp.gidnum);
BER_BVZERO(&cbp.user);,
- Debug(LDAP_DEBUG_TRACE,"nslcd_group_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nslcd_group_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYNAME,
nssov_filter_byname(cbp.mi,CN_KEY,&cbp.name,&filter)
)
@@ -300,7 +304,7 @@
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.user);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_bygid(%s)",cbp.gidnum.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_bygid(%s)\n",cbp.gidnum.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYGID,
nssov_filter_byid(cbp.mi,GID_KEY,&cbp.gidnum,&filter)
)
@@ -314,14 +318,14 @@
cbp.user.bv_len = tmpint32;
cbp.user.bv_val = cbp.buf;
if (!isvalidusername(&cbp.user)) {
- Debug(LDAP_DEBUG_ANY,"nssov_group_bymember(%s): invalid user name",cbp.user.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_group_bymember(%s): invalid user name\n",cbp.user.bv_val,0,0);
return -1;
}
cbp.wantmembers = 0;
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.gidnum);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_bymember(%s)",cbp.user.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_bymember(%s)\n",cbp.user.bv_val,0,0);,
NSLCD_ACTION_GROUP_BYMEMBER,
mkfilter_group_bymember(&cbp,&filter)
)
@@ -334,7 +338,7 @@
cbp.ni = ni;
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.gidnum);,
- Debug(LDAP_DEBUG_TRACE,"nssov_group_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_group_all()\n",0,0,0);,
NSLCD_ACTION_GROUP_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/host.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* host.c - host lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/host.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/host.c,v 1.1.2.2 2009/06/03 20:46:54 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -82,7 +82,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -119,7 +119,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_HOST_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -137,12 +137,12 @@
/* translate the address to a string */
if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
{
- Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n",0,0,0);
return -1;
}
cbp.addr.bv_val = cbp.buf;
cbp.addr.bv_len = strlen(cbp.buf);,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_byaddr(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_byaddr(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_HOST_BYADDR,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -153,7 +153,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_host_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_host_all()\n",0,0,0);,
NSLCD_ACTION_HOST_ALL,
(filter=cbp.mi->mi_filter,0)
)
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/ldapns.schema 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,25 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/ldapns.schema,v 1.2.2.2 2009/06/03 20:46:55 quanah Exp $
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+# LDAP Name Service Additional Schema
+# http://www.iana.org/assignments/gssapi-service-names
+
+#
+# Not part of the distribution: this is a workaround!
+#
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+ DESC 'IANA GSS-API authorized service name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+ DESC 'Auxiliary object class for adding authorizedService attribute'
+ SUP top
+ AUXILIARY
+ MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+ DESC 'Auxiliary object class for adding host attribute'
+ SUP top
+ AUXILIARY
+ MAY host )
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/netgroup.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* netgroup.c - netgroup lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/netgroup.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/netgroup.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -91,7 +91,7 @@
/* we should have a bracket now */
if (triple[i]!='(')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): entry does not begin with '(' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): entry does not begin with '(' (entry skipped)\n",0,0,0);
return 0;
}
i++;
@@ -101,7 +101,7 @@
/* nothing else to do */ ;
if (triple[i]!=',')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n",0,0,0);
return 0;
}
hoste=i;
@@ -112,7 +112,7 @@
/* nothing else to do */ ;
if (triple[i]!=',')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n",0,0,0);
return 0;
}
usere=i;
@@ -123,7 +123,7 @@
/* nothing else to do */ ;
if (triple[i]!=')')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ')' (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ')' (entry skipped)\n",0,0,0);
return 0;
}
domaine=i;
@@ -134,7 +134,7 @@
/* if anything is left in the string we have a problem */
if (triple[i]!='\0')
{
- Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): string contains trailing data (entry skipped)",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): string contains trailing data (entry skipped)\n",0,0,0);
return 0;
}
/* write strings */
@@ -191,7 +191,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));,
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
- Debug(LDAP_DEBUG_TRACE,"nssov_netgroup_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_netgroup_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_NETGROUP_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/network.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* network.c - network address lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -82,7 +82,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -119,7 +119,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_NETWORK_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -137,12 +137,12 @@
/* translate the address to a string */
if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
{
- Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string",0,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n",0,0,0);
return -1;
}
cbp.addr.bv_val = cbp.buf;
cbp.addr.bv_len = strlen(cbp.buf);,
- Debug(LDAP_DEBUG_TRACE,"nslcd_network_byaddr(%s)",cbp.addr.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nslcd_network_byaddr(%s)\n",cbp.addr.bv_val,0,0);,
NSLCD_ACTION_NETWORK_BYADDR,
nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
)
@@ -153,7 +153,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.addr);,
- Debug(LDAP_DEBUG_TRACE,"nssov_network_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_network_all()\n",0,0,0);,
NSLCD_ACTION_NETWORK_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nslcd.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -197,8 +197,29 @@
#define NSLCD_ACTION_SHADOW_BYNAME 2001
#define NSLCD_ACTION_SHADOW_ALL 2005
+#define NSLCD_ACTION_PAM_AUTHC 20001
+#define NSLCD_ACTION_PAM_AUTHZ 20002
+#define NSLCD_ACTION_PAM_SESS_O 20003
+#define NSLCD_ACTION_PAM_SESS_C 20004
+#define NSLCD_ACTION_PAM_PWMOD 20005
+
/* Request result codes. */
#define NSLCD_RESULT_END 3 /* key was not found */
#define NSLCD_RESULT_SUCCESS 0 /* everything ok */
+/* Partial list of PAM result codes. */
+#define NSLCD_PAM_SUCCESS 0 /* everything ok */
+#define NSLCD_PAM_PERM_DENIED 6 /* Permission denied */
+#define NSLCD_PAM_AUTH_ERR 7 /* Authc failure */
+#define NSLCD_PAM_CRED_INSUFFICIENT 8 /* Cannot access authc data */
+#define NSLCD_PAM_AUTHINFO_UNAVAIL 9 /* Cannot retrieve authc info */
+#define NSLCD_PAM_USER_UNKNOWN 10 /* User not known */
+#define NSLCD_PAM_MAXTRIES 11 /* Retry limit reached */
+#define NSLCD_PAM_NEW_AUTHTOK_REQD 12 /* Password expired */
+#define NSLCD_PAM_ACCT_EXPIRED 13 /* Account expired */
+#define NSLCD_PAM_SESSION_ERR 14 /* Cannot make/remove session record */
+#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
+#define NSLCD_PAM_IGNORE 25 /* Ignore module */
+#define NSLCD_PAM_ABORT 26 /* Fatal error */
+
#endif /* not _NSLCD_H */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.am 2009-07-27 22:27:07 UTC (rev 1224)
@@ -33,10 +33,10 @@
../compat/attrs.h \
aliases.c ethers.c group.c hosts.c netgroup.c \
networks.c passwd.c protocols.c rpc.c services.c \
- shadow.c
+ shadow.c pam.c
nss_ldap_so_LDFLAGS = -shared -Wl,-soname,$(NSS_LDAP_NSS_VERSIONED) \
-Wl,--version-script,\$(srcdir)/exports.linux
-nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a
+nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a -lpam
EXTRA_DIST = exports.linux
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/Makefile.in 2009-07-27 22:27:07 UTC (rev 1224)
@@ -70,7 +70,7 @@
ethers.$(OBJEXT) group.$(OBJEXT) hosts.$(OBJEXT) \
netgroup.$(OBJEXT) networks.$(OBJEXT) passwd.$(OBJEXT) \
protocols.$(OBJEXT) rpc.$(OBJEXT) services.$(OBJEXT) \
- shadow.$(OBJEXT)
+ shadow.$(OBJEXT) pam.$(OBJEXT)
nss_ldap_so_OBJECTS = $(am_nss_ldap_so_OBJECTS)
nss_ldap_so_DEPENDENCIES = ../common/libtio.a
nss_ldap_so_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -206,12 +206,12 @@
../compat/attrs.h \
aliases.c ethers.c group.c hosts.c netgroup.c \
networks.c passwd.c protocols.c rpc.c services.c \
- shadow.c
+ shadow.c pam.c
nss_ldap_so_LDFLAGS = -shared -Wl,-soname,$(NSS_LDAP_NSS_VERSIONED) \
-Wl,--version-script,\$(srcdir)/exports.linux
-nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a
+nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a -lpam
EXTRA_DIST = exports.linux
all: all-am
@@ -266,6 +266,7 @@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/hosts.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/netgroup.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/networks.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/pam.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/passwd.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/protocols.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/rpc.Po at am__quote@
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/exports.linux 2009-07-27 22:27:07 UTC (rev 1224)
@@ -78,6 +78,14 @@
_nss_ldap_getspent_r;
_nss_ldap_endspent;
+ # pam - pluggable auth
+ pam_sm_acct_mgmt;
+ pam_sm_authenticate;
+ pam_sm_chauthtok;
+ pam_sm_close_session;
+ pam_sm_open_session;
+ pam_sm_setcred;
+
# everything else should not be exported
local:
*;
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,720 @@
+/*
+ pam.c - pam module functions
+
+ Copyright (C) 2009 Howard Chu
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include "prototypes.h"
+#include "common.h"
+#include "compat/attrs.h"
+
+#ifndef HAVE_PAM_PAM_MODULES_H
+#include <security/pam_modules.h>
+#else
+#include <pam/pam_modules.h>
+#endif
+
+#define CONST_ARG const
+
+#define IGNORE_UNKNOWN 1
+#define IGNORE_UNAVAIL 2
+
+#define PLD_CTX "PAM_LDAPD_CTX"
+
+#define NSS2PAM_RC(rc,ignore,ok) \
+ switch(rc) { \
+ case NSS_STATUS_SUCCESS: \
+ rc = ok; break; \
+ case NSS_STATUS_UNAVAIL: \
+ rc = (ignore & IGNORE_UNAVAIL) ? PAM_IGNORE : PAM_AUTHINFO_UNAVAIL; \
+ break; \
+ case NSS_STATUS_NOTFOUND: \
+ rc = (ignore & IGNORE_UNKNOWN) ? PAM_IGNORE: PAM_USER_UNKNOWN; \
+ break; \
+ default: \
+ rc = PAM_SYSTEM_ERR; break; \
+ }
+
+typedef struct pld_ctx {
+ char *user;
+ char *dn;
+ char *tmpluser;
+ char *authzmsg;
+ char *oldpw;
+ int authok;
+ int authz;
+ int sessid;
+ char buf[1024];
+} pld_ctx;
+
+static int nslcd2pam_rc(int rc)
+{
+#define map(i) case NSLCD_##i : rc = i; break
+ switch(rc) {
+ map(PAM_SUCCESS);
+ map(PAM_PERM_DENIED);
+ map(PAM_AUTH_ERR);
+ map(PAM_CRED_INSUFFICIENT);
+ map(PAM_AUTHINFO_UNAVAIL);
+ map(PAM_USER_UNKNOWN);
+ map(PAM_MAXTRIES);
+ map(PAM_NEW_AUTHTOK_REQD);
+ map(PAM_ACCT_EXPIRED);
+ map(PAM_SESSION_ERR);
+ map(PAM_AUTHTOK_DISABLE_AGING);
+ map(PAM_IGNORE);
+ map(PAM_ABORT);
+ }
+ return rc;
+}
+
+static void pam_clr_ctx(
+ pld_ctx *ctx)
+{
+ if (ctx->user) {
+ free(ctx->user);
+ ctx->user = NULL;
+ }
+ if (ctx->oldpw) {
+ memset(ctx->oldpw,0,strlen(ctx->oldpw));
+ free(ctx->oldpw);
+ ctx->oldpw = NULL;
+ }
+ ctx->dn = NULL;
+ ctx->tmpluser = NULL;
+ ctx->authzmsg = NULL;
+ ctx->authok = 0;
+ ctx->authz = 0;
+}
+
+static void pam_del_ctx(
+ pam_handle_t *pamh, void *data, int err)
+{
+ pld_ctx *ctx = data;
+ pam_clr_ctx(ctx);
+ free(ctx);
+}
+
+static int pam_get_ctx(
+ pam_handle_t *pamh, const char *user, pld_ctx **pctx)
+{
+ pld_ctx *ctx = NULL;
+ int rc;
+
+ if (pam_get_data(pamh, PLD_CTX, (CONST_ARG void **)&ctx) == PAM_SUCCESS) {
+ if (ctx->user && strcmp(ctx->user, user)) {
+ pam_clr_ctx(ctx);
+ }
+ rc = PAM_SUCCESS;
+ }
+ if (!ctx) {
+ ctx = calloc(1, sizeof(*ctx));
+ if (!ctx)
+ return PAM_BUF_ERR;
+ rc = pam_set_data(pamh, PLD_CTX, ctx, pam_del_ctx);
+ if (rc != PAM_SUCCESS)
+ pam_del_ctx(pamh, ctx, 0);
+ }
+ if (rc == PAM_SUCCESS)
+ *pctx = ctx;
+ return rc;
+}
+
+static int pam_get_authtok(
+ pam_handle_t *pamh, int flags, char *prompt1, char *prompt2, char **pwd)
+{
+ int rc;
+ char *p;
+ struct pam_message msg[1], *pmsg[1];
+ struct pam_response *resp;
+ struct pam_conv *conv;
+
+ *pwd = NULL;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &conv);
+ if (rc == PAM_SUCCESS) {
+ pmsg[0] = &msg[0];
+ msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
+ msg[0].msg = prompt1;
+ resp = NULL;
+ rc = conv->conv (1,
+ (CONST_ARG struct pam_message **) pmsg,
+ &resp, conv->appdata_ptr);
+ } else {
+ return rc;
+ }
+
+ if (resp != NULL) {
+ if ((flags & PAM_DISALLOW_NULL_AUTHTOK) && resp[0].resp == NULL)
+ {
+ free (resp);
+ return PAM_AUTH_ERR;
+ }
+
+ p = resp[0].resp;
+ resp[0].resp = NULL;
+ free (resp);
+ } else {
+ return PAM_CONV_ERR;
+ }
+
+ if (prompt2) {
+ msg[0].msg = prompt2;
+ resp = NULL;
+ rc = conv->conv (1,
+ (CONST_ARG struct pam_message **) pmsg,
+ &resp, conv->appdata_ptr);
+ if (resp && resp[0].resp && !strcmp(resp[0].resp, p))
+ rc = PAM_SUCCESS;
+ else
+ rc = PAM_AUTHTOK_RECOVERY_ERR;
+ if (resp) {
+ if (resp[0].resp) {
+ (void) memset(resp[0].resp, 0, strlen(resp[0].resp));
+ free(resp[0].resp);
+ }
+ free(resp);
+ }
+ }
+
+ if (rc == PAM_SUCCESS)
+ *pwd = p;
+ else if (p) {
+ memset(p, 0, strlen(p));
+ free(p);
+ }
+
+ return rc;
+}
+
+static enum nss_status pam_read_authc(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf, *user;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,user);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authok);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authok = nslcd2pam_rc(ctx->authok);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_authc(
+ pld_ctx *ctx, const char *user, const char *svc,const char *pwd,int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_AUTHC,
+ WRITE_STRING(fp,user);
+ WRITE_STRING(fp,"" /* DN */);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,pwd),
+ pam_read_authc(fp,ctx,errnop));
+}
+
+#define USE_FIRST 1
+#define TRY_FIRST 2
+#define USE_TOKEN 4
+
+int pam_sm_authenticate(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int err, rc;
+ const char *username, *svc;
+ char *p = NULL;
+ int first_pass = 0, ignore_flags = 0;
+ int i;
+ pld_ctx *ctx;
+
+ for (i = 0; i < argc; i++) {
+ if (!strcmp (argv[i], "use_first_pass"))
+ first_pass |= USE_FIRST;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ first_pass |= TRY_FIRST;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "no_warn"))
+ ;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ for (i=0;i<2;i++) {
+ if (!first_pass) {
+ rc = pam_get_authtok(pamh, flags, i ? "LDAP Password: " :
+ "Password: ", NULL, &p);
+ i = 2;
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_AUTHTOK, p);
+ memset(p, 0, strlen(p));
+ free(p);
+ } else {
+ break;
+ }
+ }
+ rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
+ if (rc == PAM_SUCCESS) {
+ rc = pam_do_authc(ctx, username, svc, p, &err);
+ NSS2PAM_RC(rc, ignore_flags, ctx->authok);
+ }
+ if (rc == PAM_SUCCESS || (first_pass & USE_FIRST)) {
+ break;
+ }
+ first_pass = 0;
+ }
+
+ if (rc == PAM_SUCCESS) {
+ ctx->user = strdup(username);
+ if (ctx->authz == PAM_NEW_AUTHTOK_REQD)
+ ctx->oldpw = strdup(p);
+ }
+
+ return rc;
+}
+
+int pam_sm_setcred(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ return PAM_SUCCESS;
+}
+
+static int
+pam_warn(
+ struct pam_conv *aconv, const char *message, int style, int no_warn)
+{
+ struct pam_message msg, *pmsg;
+ struct pam_response *resp;
+
+ if (no_warn)
+ return PAM_SUCCESS;
+
+ pmsg = &msg;
+
+ msg.msg_style = style;
+ msg.msg = (char *) message;
+ resp = NULL;
+
+ return aconv->conv (1,
+ (CONST_ARG struct pam_message **) &pmsg,
+ &resp, aconv->appdata_ptr);
+}
+
+static enum nss_status pam_read_authz(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,ctx->tmpluser);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_authz(
+ pld_ctx *ctx, const char *svc, const char *ruser, const char *rhost,
+ const char *tty, int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ,
+ WRITE_STRING(fp,ctx->user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,ruser);
+ WRITE_STRING(fp,rhost);
+ WRITE_STRING(fp,tty),
+ pam_read_authz(fp,ctx,errnop));
+}
+
+int pam_sm_acct_mgmt(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, err;
+ const char *username, *svc, *ruser, *rhost, *tty;
+ int no_warn = 0, ignore_flags = 0;
+ int i;
+ struct pam_conv *appconv;
+ pld_ctx *ctx = NULL, ctx2;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "no_warn"))
+ no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ no_warn = 1;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_RHOST, (CONST_ARG void **) &rhost);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_TTY, (CONST_ARG void **) &tty);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ ctx2.dn = ctx->dn;
+ ctx2.user = ctx->user;
+ rc = pam_do_authz(&ctx2, svc, ruser, rhost, tty, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ if (rc != PAM_SUCCESS) {
+ if (rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP authorization failed", PAM_ERROR_MSG, no_warn);
+ } else {
+ if (ctx2.authzmsg && ctx2.authzmsg[0])
+ pam_warn(appconv, ctx2.authzmsg, PAM_TEXT_INFO, no_warn);
+ if (ctx2.authz == PAM_SUCCESS) {
+ rc = ctx->authz;
+ if (ctx->authzmsg && ctx->authzmsg[0])
+ pam_warn(appconv, ctx->authzmsg, PAM_TEXT_INFO, no_warn);
+ }
+ }
+ if ( rc == PAM_SUCCESS && ctx->tmpluser && ctx->tmpluser[0] ) {
+ rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser);
+ }
+ return rc;
+}
+
+static enum nss_status pam_read_sess(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ int tmpint32;
+ READ_INT32(fp,ctx->sessid);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_sess(
+ pam_handle_t *pamh,pld_ctx *ctx,int action,int *errnop)
+{
+ const char *svc = NULL, *tty = NULL, *rhost = NULL, *ruser = NULL;
+
+ pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ pam_get_item (pamh, PAM_TTY, (CONST_ARG void **) &tty);
+ pam_get_item (pamh, PAM_RHOST, (CONST_ARG void **) &rhost);
+ pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser);
+
+ {
+ NSS_BYGEN(action,
+ WRITE_STRING(fp,ctx->user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,tty);
+ WRITE_STRING(fp,rhost);
+ WRITE_STRING(fp,ruser);
+ WRITE_INT32(fp,ctx->sessid),
+ pam_read_sess(fp,ctx,errnop));
+ }
+}
+
+static int pam_sm_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv,
+ int action, int *no_warn)
+{
+ int rc, err;
+ const char *username;
+ int ignore_flags = 0;
+ int i, success = PAM_SUCCESS;
+ pld_ctx *ctx = NULL;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ ;
+ else if (!strcmp (argv[i], "no_warn"))
+ *no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ *no_warn = 1;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_do_sess(pamh, ctx, action, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ return rc;
+}
+
+int pam_sm_open_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, no_warn = 0;
+ struct pam_conv *appconv;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_O,&no_warn);
+ if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP open_session failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+int pam_sm_close_session(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, no_warn = 0;;
+ struct pam_conv *appconv;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_C,&no_warn);
+ if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP close_session failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+static enum nss_status pam_read_pwmod(
+ TFILE *fp,pld_ctx *ctx,int *errnop)
+{
+ char *buffer = ctx->buf, *user;
+ size_t buflen = sizeof(ctx->buf);
+ size_t bufptr = 0;
+ int32_t tmpint32;
+
+ READ_STRING_BUF(fp,user);
+ READ_STRING_BUF(fp,ctx->dn);
+ READ_INT32(fp,ctx->authz);
+ READ_STRING_BUF(fp,ctx->authzmsg);
+ ctx->authz = nslcd2pam_rc(ctx->authz);
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status pam_do_pwmod(
+ pld_ctx *ctx, const char *user, const char *svc,
+ const char *oldpw, const char *newpw, int *errnop)
+{
+ NSS_BYGEN(NSLCD_ACTION_PAM_PWMOD,
+ WRITE_STRING(fp,user);
+ WRITE_STRING(fp,ctx->dn);
+ WRITE_STRING(fp,svc);
+ WRITE_STRING(fp,oldpw);
+ WRITE_STRING(fp,newpw),
+ pam_read_pwmod(fp,ctx,errnop));
+}
+
+int pam_sm_chauthtok(
+ pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int rc, err;
+ const char *username, *p = NULL, *q = NULL, *svc;
+ int first_pass = 0, no_warn = 0, ignore_flags = 0;
+ int i, success = PAM_SUCCESS;
+ struct pam_conv *appconv;
+ pld_ctx *ctx = NULL;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (!strcmp (argv[i], "use_first_pass"))
+ first_pass |= USE_FIRST;
+ else if (!strcmp (argv[i], "try_first_pass"))
+ first_pass |= TRY_FIRST;
+ else if (!strcmp (argv[i], "use_authtok"))
+ first_pass |= USE_TOKEN;
+ else if (!strcmp (argv[i], "no_warn"))
+ no_warn = 1;
+ else if (!strcmp (argv[i], "ignore_unknown_user"))
+ ignore_flags |= IGNORE_UNKNOWN;
+ else if (!strcmp (argv[i], "ignore_authinfo_unavail"))
+ ignore_flags |= IGNORE_UNAVAIL;
+ else if (!strcmp (argv[i], "debug"))
+ ;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+
+ if (flags & PAM_SILENT)
+ no_warn = 1;
+
+ rc = pam_get_item (pamh, PAM_CONV, (CONST_ARG void **) &appconv);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_user (pamh, (CONST_ARG char **) &username, NULL);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (username == NULL)
+ return PAM_USER_UNKNOWN;
+
+ rc = pam_get_ctx(pamh, username, &ctx);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_SERVICE, (CONST_ARG void **) &svc);
+ if (rc != PAM_SUCCESS)
+ return rc;
+
+ if (flags & PAM_PRELIM_CHECK) {
+ if (getuid()) {
+ if (!first_pass) {
+ rc = pam_get_authtok(pamh, flags, "(current) LDAP Password: ",
+ NULL, &p);
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_OLDAUTHTOK, p);
+ memset(p, 0, strlen(p));
+ free(p);
+ }
+ }
+ rc = pam_get_item(pamh, PAM_OLDAUTHTOK, &p);
+ if (rc) return rc;
+ } else {
+ rc = PAM_SUCCESS;
+ }
+ if (!ctx->dn) {
+ rc = pam_do_pwmod(ctx, username, svc, p, NULL, &err);
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ }
+ return rc;
+ }
+
+ rc = pam_get_item(pamh, PAM_OLDAUTHTOK, &p);
+ if (rc) return rc;
+
+ if (!p)
+ p = ctx->oldpw;
+
+ if (first_pass) {
+ rc = pam_get_item(pamh, PAM_AUTHTOK, &q);
+ if ((rc != PAM_SUCCESS || !q) && (first_pass & (USE_FIRST|USE_TOKEN))) {
+ if (rc == PAM_SUCCESS)
+ rc = PAM_AUTHTOK_RECOVERY_ERR;
+ return rc;
+ }
+ }
+ if (!q) {
+ rc = pam_get_authtok(pamh, flags, "Enter new LDAP Password: ",
+ "Retype new LDAP Password: ", &q);
+ if (rc == PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_AUTHTOK, q);
+ memset(q, 0, strlen(q));
+ free(q);
+ rc = pam_get_item(pamh, PAM_AUTHTOK, &q);
+ }
+ if (rc != PAM_SUCCESS)
+ return rc;
+ }
+ rc = pam_do_pwmod(ctx, username, svc, p, q, &err);
+ p = NULL; q = NULL;
+ NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
+ if (rc == PAM_SUCCESS) {
+ rc = ctx->authz;
+ if (rc != PAM_SUCCESS)
+ pam_warn(appconv, ctx->authzmsg, PAM_ERROR_MSG, no_warn);
+ } else if (rc != PAM_IGNORE)
+ pam_warn(appconv, "LDAP pwmod failed", PAM_ERROR_MSG, no_warn);
+ return rc;
+}
+
+#ifdef PAM_STATIC
+struct pam_module _modstruct = {
+ "pam_ldapd",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+#endif /* PAM_STATIC */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,7 +1,7 @@
/* nssov.c - nss-ldap overlay for slapd */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.2 2008/11/10 22:40:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.4 2009/06/04 18:15:49 quanah Exp $ */
/*
- * Copyright 2008 by Howard Chu, Symas Corp.
+ * Copyright 2008-2009 by Howard Chu, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,6 +33,9 @@
#include <fcntl.h>
#include <sys/stat.h>
+AttributeDescription *nssov_pam_host_ad;
+AttributeDescription *nssov_pam_svc_ad;
+
/* buffer sizes for I/O */
#define READBUFFER_MINSIZE 32
#define READBUFFER_MAXSIZE 64
@@ -152,7 +155,7 @@
/* failure, log but write simple invalid address
(otherwise the address list is messed up) */
/* TODO: have error message in correct format */
- Debug(LDAP_DEBUG_ANY,"nssov: unparseable address: %s",addr->bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: unparseable address: %s\n",addr->bv_val,0,0);
/* write an illegal address type */
WRITE_INT32(fp,-1);
/* write an empty address */
@@ -170,14 +173,14 @@
READ_INT32(fp,*af);
if ((*af!=AF_INET)&&(*af!=AF_INET6))
{
- Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d",*af,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d\n",*af,0,0);
return -1;
}
/* read address length */
READ_INT32(fp,len);
if ((len>*addrlen)||(len<=0))
{
- Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d",len,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d\n",len,0,0);
return -1;
}
*addrlen=len;
@@ -237,7 +240,7 @@
READ_TYPE(fp,tmpint32,int32_t);
if (tmpint32 != (int32_t)NSLCD_VERSION)
{
- Debug( LDAP_DEBUG_TRACE,"nssov: wrong nslcd version id (%d)",(int)tmpint32,0,0);
+ Debug( LDAP_DEBUG_TRACE,"nssov: wrong nslcd version id (%d)\n",(int)tmpint32,0,0);
return -1;
}
/* read the request type */
@@ -258,9 +261,9 @@
/* log connection */
if (lutil_getpeereid(sock,&uid,&gid))
- Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s",strerror(errno),0,0);
+ Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s\n",strerror(errno),0,0);
else
- Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d",
+ Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d\n",
(int)uid,(int)gid,0);
/* Should do authid mapping too */
@@ -322,6 +325,11 @@
case NSLCD_ACTION_SERVICE_ALL: (void)nssov_service_all(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nssov_shadow_byname(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nssov_shadow_all(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_AUTHC: (void)pam_authc(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_AUTHZ: (void)pam_authz(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_SESS_O: if (uid==0) (void)pam_sess_o(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_SESS_C: if (uid==0) (void)pam_sess_c(ni,fp,op); break;
+ case NSLCD_ACTION_PAM_PWMOD: (void)pam_pwmod(ni,fp,op); break;
default:
Debug( LDAP_DEBUG_ANY,"nssov: invalid request id: %d",(int)action,0,0);
break;
@@ -380,6 +388,7 @@
}
connection_fake_init( &conn, &opbuf, ctx );
op=&opbuf.ob_op;
+ conn.c_ssf = conn.c_transport_ssf = local_ssf;
op->o_bd = ni->ni_db;
op->o_tag = LDAP_REQ_SEARCH;
@@ -388,23 +397,36 @@
}
static slap_verbmasks nss_svcs[] = {
- { BER_BVC("alias"), NM_alias },
- { BER_BVC("ether"), NM_ether },
+ { BER_BVC("aliases"), NM_alias },
+ { BER_BVC("ethers"), NM_ether },
{ BER_BVC("group"), NM_group },
- { BER_BVC("host"), NM_host },
+ { BER_BVC("hosts"), NM_host },
{ BER_BVC("netgroup"), NM_netgroup },
- { BER_BVC("network"), NM_network },
+ { BER_BVC("networks"), NM_network },
{ BER_BVC("passwd"), NM_passwd },
- { BER_BVC("protocol"), NM_protocol },
+ { BER_BVC("protocols"), NM_protocol },
{ BER_BVC("rpc"), NM_rpc },
- { BER_BVC("service"), NM_service },
+ { BER_BVC("services"), NM_service },
{ BER_BVC("shadow"), NM_shadow },
{ BER_BVNULL, 0 }
};
+static slap_verbmasks pam_opts[] = {
+ { BER_BVC("userhost"), NI_PAM_USERHOST },
+ { BER_BVC("userservice"), NI_PAM_USERSVC },
+ { BER_BVC("usergroup"), NI_PAM_USERGRP },
+ { BER_BVC("hostservice"), NI_PAM_HOSTSVC },
+ { BER_BVC("authz2dn"), NI_PAM_SASL2DN },
+ { BER_BVC("uid2dn"), NI_PAM_UID2DN },
+ { BER_BVNULL, 0 }
+};
+
enum {
NSS_SSD=1,
- NSS_MAP
+ NSS_MAP,
+ NSS_PAM,
+ NSS_PAMGROUP,
+ NSS_PAMSESS
};
static ConfigDriver nss_cf_gen;
@@ -420,6 +442,57 @@
"DESC 'Map <service> lookups of <orig> attr to <new> attr' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "nssov-pam", "options", 2, 0, 0, ARG_MAGIC|NSS_PAM,
+ nss_cf_gen, "(OLcfgCtAt:3.3 NAME 'olcNssPam' "
+ "DESC 'PAM authentication and authorization options' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "nssov-pam-defhost", "hostname", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+ (void *)offsetof(struct nssov_info, ni_pam_defhost),
+ "(OLcfgCtAt:3.4 NAME 'olcNssPamDefHost' "
+ "DESC 'Default hostname for service checks' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-group-dn", "DN", 2, 2, 0, ARG_MAGIC|ARG_DN|NSS_PAMGROUP,
+ nss_cf_gen, "(OLcfgCtAt:3.5 NAME 'olcNssPamGroupDN' "
+ "DESC 'DN of group in which membership is required' "
+ "EQUALITY distinguishedNameMatch "
+ "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-group-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+ (void *)offsetof(struct nssov_info, ni_pam_group_ad),
+ "(OLcfgCtAt:3.6 NAME 'olcNssPamGroupAD' "
+ "DESC 'Member attribute to use for group check' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-min-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+ (void *)offsetof(struct nssov_info, ni_pam_min_uid),
+ "(OLcfgCtAt:3.7 NAME 'olcNssPamMinUid' "
+ "DESC 'Minimum UID allowed to login' "
+ "EQUALITY integerMatch "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-max-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+ (void *)offsetof(struct nssov_info, ni_pam_max_uid),
+ "(OLcfgCtAt:3.8 NAME 'olcNssPamMaxUid' "
+ "DESC 'Maximum UID allowed to login' "
+ "EQUALITY integerMatch "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-template-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+ (void *)offsetof(struct nssov_info, ni_pam_template_ad),
+ "(OLcfgCtAt:3.9 NAME 'olcNssPamTemplateAD' "
+ "DESC 'Attribute to use for template login name' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-template", "name", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+ (void *)offsetof(struct nssov_info, ni_pam_template),
+ "(OLcfgCtAt:3.10 NAME 'olcNssPamTemplate' "
+ "DESC 'Default template login name' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|ARG_BERVAL|NSS_PAMSESS,
+ nss_cf_gen, "(OLcfgCtAt:3.11 NAME 'olcNssPamSession' "
+ "DESC 'Services for which sessions will be recorded' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL, NULL, 0,0,0, ARG_IGNORED }
};
@@ -428,7 +501,10 @@
"NAME 'olcNssOvConfig' "
"DESC 'NSS lookup configuration' "
"SUP olcOverlayConfig "
- "MAY ( olcNssSsd $ olcNssMap ) )",
+ "MAY ( olcNssSsd $ olcNssMap $ olcNssPam $ olcNssPamDefHost $ "
+ "olcNssPamGroupDN $ olcNssPamGroupAD $ "
+ "olcNssPamMinUid $ olcNssPamMaxUid $ olcNssPamSession $ "
+ "olcNssPamTemplateAD $ olcNssPamTemplate ) )",
Cft_Overlay, nsscfg },
{ NULL, 0, NULL }
};
@@ -440,6 +516,7 @@
nssov_info *ni = on->on_bi.bi_private;
nssov_mapinfo *mi;
int i, j, rc = 0;
+ slap_mask_t m;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch(c->type) {
@@ -495,9 +572,28 @@
}
}
break;
+ case NSS_PAM:
+ rc = mask_to_verbs( pam_opts, ni->ni_pam_opts, &c->rvalue_vals );
+ break;
+ case NSS_PAMGROUP:
+ if (!BER_BVISEMPTY( &ni->ni_pam_group_dn )) {
+ value_add_one( &c->rvalue_vals, &ni->ni_pam_group_dn );
+ value_add_one( &c->rvalue_nvals, &ni->ni_pam_group_dn );
+ } else {
+ rc = 1;
+ }
+ break;
+ case NSS_PAMSESS:
+ if (ni->ni_pam_sessions) {
+ ber_bvarray_dup_x( &c->rvalue_vals, ni->ni_pam_sessions, NULL );
+ } else {
+ rc = 1;
+ }
+ break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
+ /* FIXME */
return 1;
}
switch( c->type ) {
@@ -558,6 +654,44 @@
}
}
break;
+ case NSS_PAM:
+ m = ni->ni_pam_opts;
+ i = verbs_to_mask(c->argc, c->argv, pam_opts, &m);
+ if (i == 0) {
+ ni->ni_pam_opts = m;
+ if ((m & NI_PAM_USERHOST) && !nssov_pam_host_ad) {
+ const char *text;
+ i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ snprintf(c->cr_msg, sizeof(c->cr_msg),
+ "nssov: host attr unknown: %s", text);
+ Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg,0,0);
+ rc = 1;
+ break;
+ }
+ }
+ if ((m & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) && !nssov_pam_svc_ad) {
+ const char *text;
+ i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ snprintf(c->cr_msg, sizeof(c->cr_msg),
+ "nssov: authorizedService attr unknown: %s", text);
+ Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg,0,0);
+ rc = 1;
+ break;
+ }
+ }
+ } else {
+ rc = 1;
+ }
+ break;
+ case NSS_PAMGROUP:
+ ni->ni_pam_group_dn = c->value_ndn;
+ ch_free( c->value_dn.bv_val );
+ break;
+ case NSS_PAMSESS:
+ ber_bvarray_add( &ni->ni_pam_sessions, &c->value_bv );
+ break;
}
return rc;
}
@@ -570,9 +704,12 @@
slap_overinst *on = (slap_overinst *)be->bd_info;
nssov_info *ni;
nssov_mapinfo *mi;
- int i, j;
+ int rc;
- ni = ch_malloc( sizeof(nssov_info) );
+ rc = nssov_pam_init();
+ if (rc) return rc;
+
+ ni = ch_calloc( 1, sizeof(nssov_info) );
on->on_bi.bi_private = ni;
/* set up map keys */
@@ -589,6 +726,7 @@
nssov_shadow_init(ni);
ni->ni_db = be->bd_self;
+ ni->ni_pam_opts = NI_PAM_UID2DN;
return 0;
}
@@ -639,17 +777,47 @@
mi->mi_attrs[j].an_desc = NULL;
}
+ /* Find host and authorizedService definitions */
+ if ((ni->ni_pam_opts & NI_PAM_USERHOST) && !nssov_pam_host_ad)
+ {
+ const char *text;
+ i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,"nssov: host attr unknown: %s\n",
+ text, 0, 0 );
+ return -1;
+ }
+ }
+ if ((ni->ni_pam_opts & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) &&
+ !nssov_pam_svc_ad)
+ {
+ const char *text;
+ i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+ if (i != LDAP_SUCCESS) {
+ Debug(LDAP_DEBUG_ANY,"nssov: authorizedService attr unknown: %s\n",
+ text, 0, 0 );
+ return -1;
+ }
+ }
if ( slapMode & SLAP_SERVER_MODE ) {
+ /* make sure /var/run/nslcd exists */
+ if (mkdir(NSLCD_PATH, (mode_t) 0555)) {
+ Debug(LDAP_DEBUG_TRACE,"nssov: mkdir(%s) failed (ignored): %s\n",
+ NSLCD_PATH,strerror(errno),0);
+ } else {
+ Debug(LDAP_DEBUG_TRACE,"nssov: created %s\n",NSLCD_PATH,0,0);
+ }
+
/* create a socket */
if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )
{
- Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s",strerror(errno),0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s\n",strerror(errno),0,0);
return -1;
}
/* remove existing named socket */
if (unlink(NSLCD_SOCKET)<0)
{
- Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s",
+ Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s\n",
strerror(errno),0,0);
}
/* create socket address structure */
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* nssov.h - NSS overlay header file */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.3 2009/01/22 00:00:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.4 2009/06/03 20:46:55 quanah Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2009 The OpenLDAP Foundation.
@@ -9,8 +9,12 @@
#ifndef NSSOV_H
#define NSSOV_H
+#ifndef NSLCD_PATH
+#define NSLCD_PATH "/var/run/nslcd"
+#endif
+
#ifndef NSLCD_SOCKET
-#define NSLCD_SOCKET "/var/run/nslcd/socket"
+#define NSLCD_SOCKET NSLCD_PATH "/socket"
#endif
#include <stdio.h>
@@ -64,8 +68,32 @@
int ni_socket;
Connection *ni_conn;
BackendDB *ni_db;
+
+ /* PAM authz support... */
+ slap_mask_t ni_pam_opts;
+ struct berval ni_pam_group_dn;
+ AttributeDescription *ni_pam_group_ad;
+ int ni_pam_min_uid;
+ int ni_pam_max_uid;
+ AttributeDescription *ni_pam_template_ad;
+ struct berval ni_pam_template;
+ struct berval ni_pam_defhost;
+ struct berval *ni_pam_sessions;
} nssov_info;
+#define NI_PAM_USERHOST 1 /* old style host checking */
+#define NI_PAM_USERSVC 2 /* old style service checking */
+#define NI_PAM_USERGRP 4 /* old style group checking */
+#define NI_PAM_HOSTSVC 8 /* new style authz checking */
+#define NI_PAM_SASL2DN 0x10 /* use sasl2dn */
+#define NI_PAM_UID2DN 0x20 /* use uid2dn */
+
+#define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
+#define NI_PAM_NEW NI_PAM_HOSTSVC
+
+extern AttributeDescription *nssov_pam_host_ad;
+extern AttributeDescription *nssov_pam_svc_ad;
+
/* Read the default configuration file. */
void nssov_cfg_init(nssov_info *ni,const char *fname);
@@ -139,11 +167,12 @@
/* checks to see if the specified string is a valid username */
int isvalidusername(struct berval *name);
-/* transforms the DN info a uid doing an LDAP lookup if needed */
+/* transforms the DN into a uid doing an LDAP lookup if needed */
int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid);
/* transforms the uid into a DN by doing an LDAP lookup */
int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn);
+int nssov_name2dn_cb(Operation *op, SlapReply *rs);
/* Escapes characters in a string for use in a search filter. */
int nssov_escape(struct berval *src,struct berval *dst);
@@ -163,6 +192,8 @@
void nssov_service_init(nssov_info *ni);
void nssov_shadow_init(nssov_info *ni);
+int nssov_pam_init(void);
+
/* these are the different functions that handle the database
specific actions, see nslcd.h for the action descriptions */
int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op);
@@ -195,6 +226,11 @@
int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op);
int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op);
int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op);
/* config initialization */
#define NSSOV_INIT(db) \
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/pam.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,668 @@
+/* pam.c - pam processing routines */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/pam.c,v 1.13.2.2 2009/06/03 20:46:55 quanah Exp $ */
+/*
+ * Copyright 2009 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "nssov.h"
+#include "lutil.h"
+
+static int ppolicy_cid;
+static AttributeDescription *ad_loginStatus;
+
+const char *at_loginStatus =
+ "( 1.3.6.1.4.1.4745.1.20.1 "
+ "NAME ( 'loginStatus' ) "
+ "DESC 'Currently logged in sessions for a user' "
+ "EQUALITY caseIgnoreMatch "
+ "SUBSTR caseIgnoreSubstringsMatch "
+ "ORDERING caseIgnoreOrderingMatch "
+ "SYNTAX OMsDirectoryString "
+ "USAGE directoryOperation )";
+
+struct paminfo {
+ struct berval uid;
+ struct berval dn;
+ struct berval svc;
+ struct berval pwd;
+ int authz;
+ struct berval msg;
+};
+
+static int pam_bindcb(
+ Operation *op, SlapReply *rs)
+{
+ struct paminfo *pi = op->o_callback->sc_private;
+ LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
+ rs->sr_ctrls, NULL);
+ if (ctrl) {
+ LDAP *ld;
+ ber_int_t expire, grace;
+ LDAPPasswordPolicyError error;
+
+ ldap_create(&ld);
+ if (ld) {
+ int rc = ldap_parse_passwordpolicy_control(ld,ctrl,
+ &expire,&grace,&error);
+ if (rc == LDAP_SUCCESS) {
+ if (expire >= 0) {
+ char *unit = "seconds";
+ if (expire > 60) {
+ expire /= 60;
+ unit = "minutes";
+ }
+ if (expire > 60) {
+ expire /= 60;
+ unit = "hours";
+ }
+ if (expire > 24) {
+ expire /= 24;
+ unit = "days";
+ }
+#if 0 /* Who warns about expiration so far in advance? */
+ if (expire > 7) {
+ expire /= 7;
+ unit = "weeks";
+ }
+ if (expire > 4) {
+ expire /= 4;
+ unit = "months";
+ }
+ if (expire > 12) {
+ expire /= 12;
+ unit = "years";
+ }
+#endif
+ pi->msg.bv_len = sprintf(pi->msg.bv_val,
+ "\nWARNING: Password expires in %d %s\n", expire, unit);
+ } else if (grace > 0) {
+ pi->msg.bv_len = sprintf(pi->msg.bv_val,
+ "Password expired; %d grace logins remaining",
+ grace);
+ pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+ } else if (error != PP_noError) {
+ ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0,
+ &pi->msg);
+ switch (error) {
+ case PP_passwordExpired:
+ /* report this during authz */
+ rs->sr_err = LDAP_SUCCESS;
+ /* fallthru */
+ case PP_changeAfterReset:
+ pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+ }
+ }
+ }
+ ldap_ld_free(ld,0,NULL,NULL);
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+int pam_do_bind(nssov_info *ni,TFILE *fp,Operation *op,
+ struct paminfo *pi)
+{
+ int rc;
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ struct berval sdn;
+
+ pi->msg.bv_val = pi->pwd.bv_val;
+ pi->msg.bv_len = 0;
+ pi->authz = NSLCD_PAM_SUCCESS;
+ BER_BVZERO(&pi->dn);
+
+ if (!isvalidusername(&pi->uid)) {
+ Debug(LDAP_DEBUG_ANY,"nssov_pam_do_bind(%s): invalid user name\n",
+ pi->uid.bv_val,0,0);
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ if (ni->ni_pam_opts & NI_PAM_SASL2DN) {
+ int hlen = global_host_bv.bv_len;
+
+ /* cn=<service>+uid=<user>,cn=<host>,cn=pam,cn=auth */
+ sdn.bv_len = pi->uid.bv_len + pi->svc.bv_len + hlen +
+ STRLENOF( "cn=+uid=,cn=,cn=pam,cn=auth" );
+ sdn.bv_val = op->o_tmpalloc( sdn.bv_len + 1, op->o_tmpmemctx );
+ sprintf(sdn.bv_val, "cn=%s+uid=%s,cn=%s,cn=pam,cn=auth",
+ pi->svc.bv_val, pi->uid.bv_val, global_host_bv.bv_val);
+ slap_sasl2dn(op, &sdn, &pi->dn, 0);
+ op->o_tmpfree( sdn.bv_val, op->o_tmpmemctx );
+ }
+
+ /* If no luck, do a basic uid search */
+ if (BER_BVISEMPTY(&pi->dn) && (ni->ni_pam_opts & NI_PAM_UID2DN)) {
+ nssov_uid2dn(op, ni, &pi->uid, &pi->dn);
+ if (!BER_BVISEMPTY(&pi->dn)) {
+ sdn = pi->dn;
+ dnNormalize( 0, NULL, NULL, &sdn, &pi->dn, op->o_tmpmemctx );
+ }
+ }
+ BER_BVZERO(&sdn);
+ if (BER_BVISEMPTY(&pi->dn)) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ if (BER_BVISEMPTY(&pi->pwd)) {
+ rc = NSLCD_PAM_IGNORE;
+ goto finish;
+ }
+
+ /* Should only need to do this once at open time, but there's always
+ * the possibility that ppolicy will get loaded later.
+ */
+ if (!ppolicy_cid) {
+ rc = slap_find_control_id(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ &ppolicy_cid);
+ }
+ /* of course, 0 is a valid cid, but it won't be ppolicy... */
+ if (ppolicy_cid) {
+ op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL;
+ }
+ cb.sc_response = pam_bindcb;
+ cb.sc_private = pi;
+ op->o_callback = &cb;
+ op->o_dn.bv_val[0] = 0;
+ op->o_dn.bv_len = 0;
+ op->o_ndn.bv_val[0] = 0;
+ op->o_ndn.bv_len = 0;
+ op->o_tag = LDAP_REQ_BIND;
+ op->o_protocol = LDAP_VERSION3;
+ op->orb_method = LDAP_AUTH_SIMPLE;
+ op->orb_cred = pi->pwd;
+ op->o_req_dn = pi->dn;
+ op->o_req_ndn = pi->dn;
+ slap_op_time( &op->o_time, &op->o_tincr );
+ rc = op->o_bd->be_bind( op, &rs );
+ memset(pi->pwd.bv_val,0,pi->pwd.bv_len);
+ /* quirk: on successful bind, caller has to send result. we need
+ * to make sure callbacks run.
+ */
+ if (rc == LDAP_SUCCESS)
+ send_ldap_result(op, &rs);
+ switch(rs.sr_err) {
+ case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break;
+ case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break;
+ default: rc = NSLCD_PAM_AUTH_ERR; break;
+ }
+finish:
+ return rc;
+}
+
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ int32_t tmpint32;
+ int rc;
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ char dnc[1024];
+ char uidc[32];
+ char svcc[256];
+ char pwdc[256];
+ struct berval sdn, dn;
+ struct paminfo pi;
+
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ pi.uid.bv_val = uidc;
+ pi.uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ pi.dn.bv_val = dnc;
+ pi.dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ pi.svc.bv_val = svcc;
+ pi.svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,pwdc,sizeof(pwdc));
+ pi.pwd.bv_val = pwdc;
+ pi.pwd.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(%s)\n",pi.uid.bv_val,0,0);
+
+ rc = pam_do_bind(ni, fp, op, &pi);
+
+finish:
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&pi.uid);
+ WRITE_BERVAL(fp,&pi.dn);
+ WRITE_INT32(fp,rc);
+ WRITE_INT32(fp,pi.authz); /* authz */
+ WRITE_BERVAL(fp,&pi.msg); /* authzmsg */
+ return 0;
+}
+
+static struct berval grpmsg =
+ BER_BVC("Access denied by group check");
+static struct berval hostmsg =
+ BER_BVC("Access denied for this host");
+static struct berval svcmsg =
+ BER_BVC("Access denied for this service");
+static struct berval uidmsg =
+ BER_BVC("Access denied by UID check");
+
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ struct berval dn, uid, svc, ruser, rhost, tty;
+ struct berval authzmsg = BER_BVNULL;
+ int32_t tmpint32;
+ char dnc[1024];
+ char uidc[32];
+ char svcc[256];
+ char ruserc[32];
+ char rhostc[256];
+ char ttyc[256];
+ int rc = NSLCD_PAM_SUCCESS;
+ Entry *e = NULL;
+ Attribute *a;
+ SlapReply rs = {REP_RESULT};
+ slap_callback cb = {0};
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ uid.bv_val = uidc;
+ uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ dn.bv_val = dnc;
+ dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ svc.bv_val = svcc;
+ svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(ruserc));
+ ruser.bv_val = ruserc;
+ ruser.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(rhostc));
+ rhost.bv_val = rhostc;
+ rhost.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(ttyc));
+ tty.bv_val = ttyc;
+ tty.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(%s)\n",dn.bv_val,0,0);
+
+ /* We don't do authorization if they weren't authenticated by us */
+ if (BER_BVISEMPTY(&dn)) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+
+ /* See if they have access to the host and service */
+ if ((ni->ni_pam_opts & NI_PAM_HOSTSVC) && nssov_pam_svc_ad) {
+ AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+ struct berval hostdn = BER_BVNULL;
+ struct berval odn = op->o_ndn;
+ op->o_dn = dn;
+ op->o_ndn = dn;
+ {
+ nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+ char fbuf[1024];
+ struct berval filter = {sizeof(fbuf),fbuf};
+ SlapReply rs2 = {REP_RESULT};
+
+ /* Lookup the host entry */
+ nssov_filter_byname(mi,0,&global_host_bv,&filter);
+ cb.sc_private = &hostdn;
+ cb.sc_response = nssov_name2dn_cb;
+ op->o_callback = &cb;
+ op->o_req_dn = mi->mi_base;
+ op->o_req_ndn = mi->mi_base;
+ op->ors_scope = mi->mi_scope;
+ op->ors_filterstr = filter;
+ op->ors_filter = str2filter_x(op, filter.bv_val);
+ op->ors_attrs = slap_anlist_no_attrs;
+ op->ors_tlimit = SLAP_NO_LIMIT;
+ op->ors_slimit = 2;
+ rc = op->o_bd->be_search(op, &rs2);
+ filter_free_x(op, op->ors_filter, 1);
+
+ if (BER_BVISEMPTY(&hostdn) &&
+ !BER_BVISEMPTY(&ni->ni_pam_defhost)) {
+ filter.bv_len = sizeof(fbuf);
+ filter.bv_val = fbuf;
+ memset(&rs2, 0, sizeof(rs2));
+ rs2.sr_type = REP_RESULT;
+ nssov_filter_byname(mi,0,&ni->ni_pam_defhost,&filter);
+ op->ors_filterstr = filter;
+ op->ors_filter = str2filter_x(op, filter.bv_val);
+ rc = op->o_bd->be_search(op, &rs2);
+ filter_free_x(op, op->ors_filter, 1);
+ }
+
+ /* no host entry, no default host -> deny */
+ if (BER_BVISEMPTY(&hostdn)) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = hostmsg;
+ goto finish;
+ }
+ }
+
+ cb.sc_response = slap_null_cb;
+ cb.sc_private = NULL;
+ op->o_tag = LDAP_REQ_COMPARE;
+ op->o_req_dn = hostdn;
+ op->o_req_ndn = hostdn;
+ ava.aa_desc = nssov_pam_svc_ad;
+ ava.aa_value = svc;
+ op->orc_ava = &ava;
+ rc = op->o_bd->be_compare( op, &rs );
+ if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
+ authzmsg = svcmsg;
+ rc = NSLCD_PAM_PERM_DENIED;
+ goto finish;
+ }
+ op->o_dn = odn;
+ op->o_ndn = odn;
+ }
+
+ /* See if they're a member of the group */
+ if ((ni->ni_pam_opts & NI_PAM_USERGRP) &&
+ !BER_BVISEMPTY(&ni->ni_pam_group_dn) &&
+ ni->ni_pam_group_ad) {
+ AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+ op->o_callback = &cb;
+ cb.sc_response = slap_null_cb;
+ op->o_tag = LDAP_REQ_COMPARE;
+ op->o_req_dn = ni->ni_pam_group_dn;
+ op->o_req_ndn = ni->ni_pam_group_dn;
+ ava.aa_desc = ni->ni_pam_group_ad;
+ ava.aa_value = dn;
+ op->orc_ava = &ava;
+ rc = op->o_bd->be_compare( op, &rs );
+ if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
+ authzmsg = grpmsg;
+ rc = NSLCD_PAM_PERM_DENIED;
+ goto finish;
+ }
+ }
+
+ /* We need to check the user's entry for these bits */
+ if ((ni->ni_pam_opts & (NI_PAM_USERHOST|NI_PAM_USERSVC)) ||
+ ni->ni_pam_template_ad ||
+ ni->ni_pam_min_uid || ni->ni_pam_max_uid ) {
+ rc = be_entry_get_rw( op, &dn, NULL, NULL, 0, &e );
+ if (rc != LDAP_SUCCESS) {
+ rc = NSLCD_PAM_USER_UNKNOWN;
+ goto finish;
+ }
+ }
+ if ((ni->ni_pam_opts & NI_PAM_USERHOST) && nssov_pam_host_ad) {
+ a = attr_find(e->e_attrs, nssov_pam_host_ad);
+ if (!a || value_find_ex( nssov_pam_host_ad,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ a->a_vals, &global_host_bv, op->o_tmpmemctx )) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = hostmsg;
+ goto finish;
+ }
+ }
+ if ((ni->ni_pam_opts & NI_PAM_USERSVC) && nssov_pam_svc_ad) {
+ a = attr_find(e->e_attrs, nssov_pam_svc_ad);
+ if (!a || value_find_ex( nssov_pam_svc_ad,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
+ a->a_vals, &svc, op->o_tmpmemctx )) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = svcmsg;
+ goto finish;
+ }
+ }
+
+/* from passwd.c */
+#define UIDN_KEY 2
+
+ if (ni->ni_pam_min_uid || ni->ni_pam_max_uid) {
+ int id;
+ char *tmp;
+ nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+ a = attr_find(e->e_attrs, mi->mi_attrs[UIDN_KEY].an_desc);
+ if (!a) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ id = (int)strtol(a->a_vals[0].bv_val,&tmp,0);
+ if (a->a_vals[0].bv_val[0] == '\0' || *tmp != '\0') {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ if ((ni->ni_pam_min_uid && id < ni->ni_pam_min_uid) ||
+ (ni->ni_pam_max_uid && id > ni->ni_pam_max_uid)) {
+ rc = NSLCD_PAM_PERM_DENIED;
+ authzmsg = uidmsg;
+ goto finish;
+ }
+ }
+
+ if (ni->ni_pam_template_ad) {
+ a = attr_find(e->e_attrs, ni->ni_pam_template_ad);
+ if (a)
+ uid = a->a_vals[0];
+ else if (!BER_BVISEMPTY(&ni->ni_pam_template))
+ uid = ni->ni_pam_template;
+ }
+
+finish:
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&uid);
+ WRITE_BERVAL(fp,&dn);
+ WRITE_INT32(fp,rc);
+ WRITE_BERVAL(fp,&authzmsg);
+ if (e) {
+ be_entry_release_r(op, e);
+ }
+ return 0;
+}
+
+static int pam_sess(nssov_info *ni,TFILE *fp,Operation *op,int action)
+{
+ struct berval dn, uid, svc, tty, rhost, ruser;
+ int32_t tmpint32;
+ char dnc[1024];
+ char svcc[256];
+ char uidc[32];
+ char ttyc[32];
+ char rhostc[256];
+ char ruserc[32];
+ slap_callback cb = {0};
+ SlapReply rs = {REP_RESULT};
+ char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
+ struct berval timestamp, bv[2], *nbv;
+ time_t stamp;
+ Modifications mod;
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ uid.bv_val = uidc;
+ uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ dn.bv_val = dnc;
+ dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ svc.bv_val = svcc;
+ svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,ttyc,sizeof(ttyc));
+ tty.bv_val = ttyc;
+ tty.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,rhostc,sizeof(rhostc));
+ rhost.bv_val = rhostc;
+ rhost.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,ruserc,sizeof(ruserc));
+ ruser.bv_val = ruserc;
+ ruser.bv_len = tmpint32;
+ READ_INT32(fp,stamp);
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(%s)\n",
+ action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', dn.bv_val,0);
+
+ if (!dn.bv_len || !ni->ni_pam_sessions) return 0;
+
+ {
+ int i, found=0;
+ for (i=0; !BER_BVISNULL(&ni->ni_pam_sessions[i]); i++) {
+ if (ni->ni_pam_sessions[i].bv_len != svc.bv_len)
+ continue;
+ if (!strcasecmp(ni->ni_pam_sessions[i].bv_val, svc.bv_val)) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) return 0;
+ }
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+ timestamp.bv_len = sizeof(timebuf);
+ timestamp.bv_val = timebuf;
+ if (action == NSLCD_ACTION_PAM_SESS_O )
+ stamp = op->o_time;
+ slap_timestamp( &stamp, ×tamp );
+ bv[0].bv_len = timestamp.bv_len + global_host_bv.bv_len + svc.bv_len +
+ tty.bv_len + ruser.bv_len + rhost.bv_len + STRLENOF(" (@)");
+ bv[0].bv_val = op->o_tmpalloc( bv[0].bv_len+1, op->o_tmpmemctx );
+ sprintf(bv[0].bv_val, "%s %s %s %s (%s@%s)",
+ timestamp.bv_val, global_host_bv.bv_val, svc.bv_val, tty.bv_val,
+ ruser.bv_val, rhost.bv_val);
+
+ mod.sml_numvals = 1;
+ mod.sml_values = bv;
+ BER_BVZERO(&bv[1]);
+ attr_normalize( ad_loginStatus, bv, &nbv, op->o_tmpmemctx );
+ mod.sml_nvalues = nbv;
+ mod.sml_desc = ad_loginStatus;
+ mod.sml_op = action == NSLCD_ACTION_PAM_SESS_O ? LDAP_MOD_ADD :
+ LDAP_MOD_DELETE;
+ mod.sml_flags = SLAP_MOD_INTERNAL;
+ mod.sml_next = NULL;
+
+ cb.sc_response = slap_null_cb;
+ op->o_callback = &cb;
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->orm_modlist = &mod;
+ op->orm_no_opattrs = 1;
+ op->o_req_dn = dn;
+ op->o_req_ndn = dn;
+ op->o_bd->be_modify( op, &rs );
+ if ( mod.sml_next ) {
+ slap_mods_free( mod.sml_next, 1 );
+ }
+ ber_bvarray_free_x( nbv, op->o_tmpmemctx );
+
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,action);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_INT32(fp,op->o_time);
+ return 0;
+}
+
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_O);
+}
+
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_C);
+}
+
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
+{
+ struct berval npw;
+ int32_t tmpint32;
+ char dnc[1024];
+ char uidc[32];
+ char opwc[256];
+ char npwc[256];
+ char svcc[256];
+ struct paminfo pi;
+ int rc;
+
+ READ_STRING_BUF2(fp,uidc,sizeof(uidc));
+ pi.uid.bv_val = uidc;
+ pi.uid.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,dnc,sizeof(dnc));
+ pi.dn.bv_val = dnc;
+ pi.dn.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,svcc,sizeof(svcc));
+ pi.svc.bv_val = svcc;
+ pi.svc.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,opwc,sizeof(opwc));
+ pi.pwd.bv_val = opwc;
+ pi.pwd.bv_len = tmpint32;
+ READ_STRING_BUF2(fp,npwc,sizeof(npwc));
+ npw.bv_val = npwc;
+ npw.bv_len = tmpint32;
+
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(%s), %s\n",
+ pi.dn.bv_val,pi.uid.bv_val,0);
+
+ BER_BVZERO(&pi.msg);
+
+ /* This is a prelim check */
+ if (BER_BVISEMPTY(&pi.dn)) {
+ rc = pam_do_bind(ni,fp,op,&pi);
+ if (rc == NSLCD_PAM_IGNORE)
+ rc = NSLCD_PAM_SUCCESS;
+ } else {
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ struct berval bv;
+ SlapReply rs = {REP_RESULT};
+ slap_callback cb = {0};
+
+ ber_init_w_nullc(ber, LBER_USE_DER);
+ ber_printf(ber, "{");
+ if (!BER_BVISEMPTY(&pi.pwd))
+ ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
+ &pi.pwd);
+ if (!BER_BVISEMPTY(&npw))
+ ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+ &npw);
+ ber_printf(ber, "N}");
+ ber_flatten2(ber, &bv, 0);
+ op->o_tag = LDAP_REQ_EXTENDED;
+ op->ore_reqoid = slap_EXOP_MODIFY_PASSWD;
+ op->ore_reqdata = &bv;
+ op->o_dn = pi.dn;
+ op->o_ndn = pi.dn;
+ op->o_callback = &cb;
+ op->o_conn->c_authz_backend = op->o_bd;
+ cb.sc_response = slap_null_cb;
+ op->o_bd = frontendDB;
+ rc = op->o_bd->be_extended(op, &rs);
+ if (rs.sr_text)
+ ber_str2bv(rs.sr_text, 0, 0, &pi.msg);
+ if (rc == LDAP_SUCCESS)
+ rc = NSLCD_PAM_SUCCESS;
+ else
+ rc = NSLCD_PAM_PERM_DENIED;
+ }
+ WRITE_INT32(fp,NSLCD_VERSION);
+ WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD);
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_BERVAL(fp,&pi.uid);
+ WRITE_BERVAL(fp,&pi.dn);
+ WRITE_INT32(fp,rc);
+ WRITE_BERVAL(fp,&pi.msg);
+ return 0;
+}
+
+int nssov_pam_init()
+{
+ int code = 0;
+ if (!ad_loginStatus)
+ code = register_at( at_loginStatus, &ad_loginStatus, 0 );
+ return code;
+}
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* passwd.c - password lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.3 2008/11/10 22:41:45 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.4 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -143,7 +143,7 @@
return 0;
}
-static int uid2dn_cb(Operation *op,SlapReply *rs)
+int nssov_name2dn_cb(Operation *op,SlapReply *rs)
{
if ( rs->sr_type == REP_SEARCH )
{
@@ -175,7 +175,7 @@
nssov_filter_byid(mi,UID_KEY,uid,&filter);
BER_BVZERO(dn);
cb.sc_private = dn;
- cb.sc_response = uid2dn_cb;
+ cb.sc_response = nssov_name2dn_cb;
op2 = *op;
op2.o_callback = &cb;
op2.o_req_dn = mi->mi_base;
@@ -188,7 +188,7 @@
op2.ors_slimit = SLAP_NO_LIMIT;
rc = op2.o_bd->be_search( &op2, &rs );
filter_free_x( op, op2.ors_filter, 1 );
- return rc == LDAP_SUCCESS;
+ return rc == LDAP_SUCCESS && !BER_BVISNULL(dn);
}
/* the maximum number of uidNumber attributes per entry */
@@ -223,7 +223,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -264,7 +264,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UIDN_KEY].an_desc);
if ( !a )
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -280,19 +280,19 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GIDN_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
else if (a->a_numvals != 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
}
gid=(gid_t)strtol(a->a_vals[0].bv_val,&tmp,0);
if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -302,7 +302,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
if (!a || !a->a_numvals)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s or %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s or %s value\n",
entry->e_name.bv_val,
cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
@@ -310,7 +310,7 @@
}
else if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s or %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s or %s values\n",
entry->e_name.bv_val,
cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
@@ -320,7 +320,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[DIR_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val,0);
homedir=default_passwd_homeDirectory;
}
@@ -328,7 +328,7 @@
{
if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val,0);
}
homedir=a->a_vals[0];
@@ -345,7 +345,7 @@
{
if (a->a_numvals > 1)
{
- Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[SHL_KEY].an_desc->ad_cname.bv_val,0);
}
shell=a->a_vals[0];
@@ -357,7 +357,7 @@
{
if (!isvalidusername(&names[i]))
{
- Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains invalid user name: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains invalid user name: \"%s\"\n",
entry->e_name.bv_val,names[i].bv_val,0);
}
else
@@ -368,7 +368,7 @@
uid_t uid;
uid = strtol(uids[j].bv_val, &tmp, 0);
if ( *tmp ) {
- Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains non-numeric %s value: \"%s\"",
+ Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains non-numeric %s value: \"%s\"\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val,
names[i].bv_val);
continue;
@@ -398,11 +398,11 @@
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
if (!isvalidusername(&cbp.name)) {
- Debug(LDAP_DEBUG_ANY,"nssov_passwd_byname(%s): invalid user name",cbp.name.bv_val,0,0);
+ Debug(LDAP_DEBUG_ANY,"nssov_passwd_byname(%s): invalid user name\n",cbp.name.bv_val,0,0);
return -1;
}
BER_BVZERO(&cbp.id); ,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_PASSWD_BYNAME,
nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
)
@@ -417,7 +417,7 @@
cbp.id.bv_val = cbp.buf;
cbp.id.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",uid);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byuid(%s)",cbp.id.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byuid(%s)\n",cbp.id.bv_val,0,0);,
NSLCD_ACTION_PASSWD_BYUID,
nssov_filter_byid(cbp.mi,UIDN_KEY,&cbp.id,&filter)
)
@@ -428,7 +428,7 @@
/* no parameters to read */
BER_BVZERO(&cbp.name);
BER_BVZERO(&cbp.id);,
- Debug(LDAP_DEBUG_TRACE,"nssov_passwd_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_passwd_all()\n",0,0,0);,
NSLCD_ACTION_PASSWD_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/protocol.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* protocol.c - network protocol lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/protocol.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/protocol.c,v 1.1.2.2 2009/06/03 20:46:55 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -59,7 +59,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -82,17 +82,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"protocol entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
proto=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"protocol entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"protocol entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -123,7 +123,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_PROTOCOL_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -138,7 +138,7 @@
cbp.numb.bv_val = cbp.buf;
cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",protocol);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_bynumber(%s)",cbp.numb.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_bynumber(%s)\n",cbp.numb.bv_val,0,0);,
NSLCD_ACTION_PROTOCOL_BYNUMBER,
nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
)
@@ -147,7 +147,7 @@
protocol,all,
struct berval filter;
/* no parameters to read */,
- Debug(LDAP_DEBUG_TRACE,"nssov_protocol_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_protocol_all()\n",0,0,0);,
NSLCD_ACTION_PROTOCOL_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/rpc.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* rpc.c - rpc lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/rpc.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/rpc.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -62,7 +62,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -85,17 +85,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"rpc entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
number=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"rpc entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"rpc entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -126,7 +126,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_RPC_BYNAME,
nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
)
@@ -141,7 +141,7 @@
cbp.numb.bv_val = cbp.buf;
cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",number);
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_bynumber(%d)",cbp.numb.bv_val,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_bynumber(%s)\n",cbp.numb.bv_val,0,0);,
NSLCD_ACTION_RPC_BYNUMBER,
nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
)
@@ -150,7 +150,7 @@
rpc,all,
struct berval filter;
/* no parameters to read */,
- Debug(LDAP_DEBUG_TRACE,"nssov_rpc_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_rpc_all()\n",0,0,0);,
NSLCD_ACTION_RPC_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/service.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* service.c - service lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/service.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/service.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -124,7 +124,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -147,17 +147,17 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
} else if ( a->a_numvals > 1 ) {
- Debug(LDAP_DEBUG_ANY,"service entry %s contains multiple %s values",
+ Debug(LDAP_DEBUG_ANY,"service entry %s contains multiple %s values\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
}
port=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
if (*tmp)
{
- Debug(LDAP_DEBUG_ANY,"service entry %s contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s contains non-numeric %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -167,7 +167,7 @@
a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[2].an_desc );
if ( !a || !a->a_vals )
{
- Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[2].an_desc->ad_cname.bv_val, 0 );
return 0;
}
@@ -215,7 +215,7 @@
READ_STRING_BUF2(fp,cbp.pbuf,sizeof(cbp.pbuf));
cbp.prot.bv_len = tmpint32;
cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_byname(%s,%s)",cbp.name.bv_val,cbp.prot.bv_val,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_byname(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val,0);,
NSLCD_ACTION_SERVICE_BYNAME,
mkfilter_service_byname(cbp.mi,&cbp.name,&cbp.prot,&filter)
)
@@ -232,7 +232,7 @@
READ_STRING_BUF2(fp,cbp.pbuf,sizeof(cbp.pbuf));
cbp.prot.bv_len = tmpint32;
cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_bynumber(%s,%s)",cbp.name.bv_val,cbp.prot.bv_val,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_bynumber(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val,0);,
NSLCD_ACTION_SERVICE_BYNUMBER,
mkfilter_service_bynumber(cbp.mi,&cbp.name,&cbp.prot,&filter)
)
@@ -242,7 +242,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.prot);,
- Debug(LDAP_DEBUG_TRACE,"nssov_service_all()",0,0,0);,
+ Debug(LDAP_DEBUG_TRACE,"nssov_service_all()\n",0,0,0);,
NSLCD_ACTION_SERVICE_ALL,
(filter=cbp.mi->mi_filter,0)
)
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/shadow.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* shadow.c - shadow account lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/shadow.c,v 1.1.2.1 2008/07/08 18:53:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/shadow.c,v 1.1.2.2 2009/06/03 20:46:56 quanah Exp $ */
/*
* Copyright 2008 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -91,7 +91,7 @@
value=strtol(buffer,&tmp,0);
if ((buffer[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
attr->ad_cname.bv_val,0,0);
return 0;
}
@@ -102,7 +102,7 @@
value=strtol(date->bv_val,&tmp,0);
if ((date->bv_val[0]=='\0')||(*tmp!='\0'))
{
- Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
attr->ad_cname.bv_val,0,0);
return 0;
}
@@ -121,13 +121,13 @@
{ \
if (a->a_numvals > 1) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
} \
var=strtol(a->a_vals[0].bv_val,&tmp,0); \
if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0')) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains non-numeric %s value", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains non-numeric %s value\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
return 0; \
} \
@@ -141,7 +141,7 @@
{ \
if (a->a_numvals > 1) \
{ \
- Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values", \
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val,0); \
} \
var=to_date(&a->a_vals[0],cbp->mi->mi_attrs[key].an_desc); \
@@ -173,7 +173,7 @@
a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
if (!a)
{
- Debug(LDAP_DEBUG_ANY,"shadow entry %s does not contain %s value",
+ Debug(LDAP_DEBUG_ANY,"shadow entry %s does not contain %s value\n",
entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val,0);
return 0;
}
@@ -239,7 +239,7 @@
READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));,
cbp.name.bv_len = tmpint32;
cbp.name.bv_val = cbp.buf;
- Debug(LDAP_DEBUG_ANY,"nssov_shadow_byname(%s)",cbp.name.bv_val,0,0);,
+ Debug(LDAP_DEBUG_ANY,"nssov_shadow_byname(%s)\n",cbp.name.bv_val,0,0);,
NSLCD_ACTION_SHADOW_BYNAME,
nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
)
@@ -249,7 +249,7 @@
struct berval filter;
/* no parameters to read */
BER_BVZERO(&cbp.name);,
- Debug(LDAP_DEBUG_ANY,"nssov_shadow_all()",0,0,0);,
+ Debug(LDAP_DEBUG_ANY,"nssov_shadow_all()\n",0,0,0);,
NSLCD_ACTION_SHADOW_ALL,
(filter=cbp.mi->mi_filter,0)
)
Added: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5 (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/slapo-nssov.5 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,301 @@
+.TH SLAPO-NSSOV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply. See the COPYRIGHT file.
+.\" $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/slapo-nssov.5,v 1.4.2.3 2009/06/04 18:15:49 quanah Exp $
+.SH NAME
+slapo-nssov \- NSS and PAM requests through a local Unix Domain socket
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B nssov
+overlay to
+.BR slapd (8)
+services NSS and PAM requests through a local Unix Domain socket.
+It uses the same IPC protocol as Arthur de Jong's nss-ldapd, and
+a complete copy of the nss-ldapd source is included along with the
+nssov source code.
+.LP
+Using a separate IPC protocol for NSS and PAM requests eliminates the
+libldap dependencies/clashes that the current pam_ldap/nss_ldap solutions
+all suffer from. Both the original nss-ldapd and this nssov solution
+are free from these library issues.
+.LP
+Unlike nss-ldapd, since this overlay executes inside slapd it allows for
+the possibility of sophisticated caching, without any of the weaknesses of
+nscd and other related caching solutions. E.g., a remote LDAP database can
+be accessed using back-ldap with proxy caching (see
+.BR slapd-ldap (5)
+and
+.BR slapo-pcache (5)
+) to leverage back-ldap's
+connection pooling as well as pcache's persistent caching, to provide
+high performance and a measure of support for disconnected operation.
+Alternatively, cache considerations can be completely eliminated by running
+a regular database with syncrepl to maintain synchronization with a remote
+LDAP database.
+.LP
+Another major benefit of nssov is that it allows all security policy to be
+administered centrally via LDAP, instead of having fragile rules scattered
+across multiple flat files. As such, there is no client-side configuration at
+all for the NSS/PAM stub libraries. (The stubs talk to the server via a Unix
+domain socket whose path is hardcoded to /var/run/nslcd/). As a side benefit,
+this can finally eliminate the perpetual confusion between OpenLDAP's
+ldap.conf file in ETCDIR/ldap.conf and the similarly named files typically
+used by pam_ldap and nss_ldap.
+.LP
+User authentication is performed by internal simple Binds. User authorization
+leverages the slapd ACL engine, which offers much more power and flexibility
+than the simple group/hostname checks in the old pam_ldap code.
+.LP
+To use this code, you will need the client-side stub library from
+nss-ldapd (which resides in nss-ldapd/nss). You will not need the
+nslcd daemon; this overlay replaces that part. You should already
+be familiar with the [RFC2307] and [RFC2307bis] schema to use this
+overlay. See the
+.B nss-ldapd/README
+for more information on the schema and which features are supported.
+.LP
+You will also need to include the nis.schema in your slapd configuration
+for RFC2307 support. If you wish to use RFC2307bis you will need a slightly
+different schema. You will also need the ldapns.schema for PAM authorization
+management.
+.LP
+You must select
+.B ldap
+in the appropriate services in
+.I /etc/nsswitch.conf
+in order for these NSS features to take effect. Likewise, you must
+enable
+.B pam_ldap
+for the authenticate, account, session, and password services in
+.I /etc/pam.conf
+or
+.I /etc/pam.d
+for these PAM features to take effect.
+
+.TP
+.B overlay nssov
+This directive adds the nssov overlay to the current backend.
+.TP
+.B nssov-ssd <service> <url>
+This directive configures a Service Search Descriptor (SSD) for each NSS
+service that will be used. The <service> may be one of
+.RS
+.nf
+ aliases
+ ethers
+ group
+ hosts
+ netgroup
+ networks
+ passwd
+ protocols
+ rpc
+ services
+ shadow
+.fi
+.RE
+and the <url> must be of the form
+.RS
+.TP
+.B ldap:///[<basedn>][??[<scope>][?<filter>]]
+.RE
+The
+.B <basedn>
+will default to the first suffix of the current database.
+The
+.B <scope>
+defaults to "subtree". The default
+.B <filter>
+depends on which service is being used.
+.TP
+.B nssov-map <service> <orig> <new>
+If the local database is actually a proxy to a foreign LDAP server, some
+mapping of schema may be needed. This directive allows some simple attribute
+substitutions to be performed. See the
+.B nss-ldapd/README
+for the original attribute names used in this code.
+.TP
+.B nssov-pam <option> [...]
+This directive determines a number of PAM behaviors. Multiple options may
+be used at once, and available levels are:
+.RS
+.RS
+.PD 0
+.TP
+.B userhost
+check host attribute in user entry for authorization
+.TP
+.B userservice
+check authorizedService attribute in user entry for authorization
+.TP
+.B usergroup
+check that user is a member of specific group for authorization
+.TP
+.B hostservice
+check authorizedService attribute in host entry for authorization
+.TP
+.B authz2dn
+use authz-regexp mapping to map uid to LDAP DN
+.TP
+.B uid2dn
+use NSS passwd SSD to map uid to LDAP DN
+.PD
+.RE
+
+Setting the
+.BR userhost ,
+.BR userservice ,
+and
+.B usergroup
+options duplicates the original pam_ldap authorization behavior.
+
+The recommended approach is to use
+.B hostservice
+instead. In this case, ipHost entries must be created for all hosts
+being managed, and they must also have the authorizedServiceObject
+class to allow authorizedService attributes to be used. Also the
+NSS host SSD must be configured so that ipHost entries can be found.
+Authorization is checked by performing an LDAP Compare operation
+looking for the PAM service name in the authorizedService attribute.
+.B slapd
+ACLs should be set to grant or deny
+.B Compare
+privilege to the appropriate users or groups as desired.
+
+If the
+.B authz2dn
+option is set then authz-regexp mappings will be used to map the
+PAM username to an LDAP DN. The authentication DN will be of the
+form
+.RS
+.B cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+.RE
+
+If no mapping is found for this authentication DN, then this
+mapping will be ignored.
+
+If the
+.B uid2dn
+option is set then the NSS passwd SSD will be used to map the
+PAM username to an LDAP DN. The passwd SSD must have already been
+configured for this mapping to succeed.
+
+If neither the authz2dn nor the uid2dn mapping succeeds, the module
+will return a PAM_USER_UNKNOWN failure code. If both options are set,
+the authz mapping is attempted first; if it succeeds the uid2dn mapping
+will be skipped.
+
+By default only the
+.B uid2dn
+option is set.
+.RE
+.TP
+.B nssov-pam-defhost <hostname>
+Specify a default hostname to check if an ipHost entry for the current
+hostname cannot be found. This setting is only relevant if the
+.B hostservice
+option has been set.
+.TP
+.B nssov-pam-group-dn <DN>
+Specify the DN of an LDAP group to check for authorization. The LDAP user
+must be a member of this group for the login to be allowed. There is no
+default value. This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-group-ad <attribute>
+Specify the attribute to use for group membership checks.
+There is no default value. This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-minuid <integer>
+Specify a minimum uid that is allowed to login. Users with a uidNumber
+lower than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-maxuid <integer>
+Specify a maximum uid that is allowed to login. Users with a uidNumber
+higher than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-template-ad <attribute>
+Specify an attribute to check in a user's entry for a template login name.
+The template login feature is used by FreeBSD's PAM framework. It can be
+viewed as a form of proxying, where a user can authenticate with one
+username/password pair, but is assigned the identity and credentials of
+the template user. This setting is disabled by default.
+.TP
+.B nssov-pam-template <name>
+Specify a default username to be used if no template attribute is found
+in the user's entry. The
+.B nssov-pam-template-ad
+directive must be configured for this setting to have any effect.
+.TP
+.B nssov-pam-session <service>
+Specify a PAM service name whose sessions will be recorded. For the
+configured services, logins will be recorded in the
+.B loginStatus
+operational attribute of the user's entry. The attribute's values are
+of the form
+.RS
+.RS
+.B <generalizedTime> <host> <service> <tty> (<ruser at rhost>)
+.RE
+.RE
+Upon logout the corresponding value will be deleted. This feature allows
+a single LDAP Search to be used to check which users are logged in across
+all the hosts of a network. The rootdn of the database is used to perform
+the updates of the loginStatus attribute, so a rootdn must already be
+configured for this feature to work. By default no services are configured.
+.LP
+The PAM functions support LDAP Password Policy as well. If the password
+policy overlay is in use (see
+.BR slapo-ppolicy (5)),
+policy
+information (e.g. password expiration, password quality, etc.)
+may be returned to the PAM client as a result of authentication,
+account management, and password modification requests.
+
+The overlay also supports dynamic configuration in cn=config. An example
+of the config entry is
+.LP
+.RS
+.nf
+ dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config
+ objectClass: olcOverlayConfig
+ objectClass: olcNssOvConfig
+ olcOverlay: {0}nssov
+ olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
+ olcNssMap: passwd uid accountName
+ olcNssPam: hostservice uid2dn
+ olcNssPamDefHost: defaulthost
+ olcNssPamMinUid: 500
+ olcNssPamMaxUid: 32000
+ olcNssPamSession: login
+ olcNssPamSession: sshd
+.fi
+.RE
+.LP
+which enables the passwd service, and uses the accountName attribute to
+fetch what is usually retrieved from the uid attribute. It also enables
+some PAM authorization controls, and specifies that the PAM
+.B login
+and
+.B sshd
+services should have their logins recorded.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapd\-ldap (5),
+.BR slapo\-pcache (5),
+.BR slapo\-ppolicy (5),
+.BR slapd (8).
+.SH AUTHOR
+Howard Chu, inspired by nss-ldapd by Arthur de Jong and pam_ldap by Luke Howard
Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,37 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/Makefile,v 1.2.2.2 2009/04/28 01:06:14 quanah Exp $
+CPPFLAGS+=-I../../../include -I../../../servers/slapd
+
+all: kerberos.la netscape.la radius.la
+
+kerberos.lo: kerberos.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -DHAVE_KRB5 -Wall -c $?
+
+kerberos.la: kerberos.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $? -lkrb5
+
+netscape.lo: netscape.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+
+netscape.la: netscape.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $?
+
+radius.lo: radius.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+
+radius.la: radius.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $? -lradius
+
+clean:
+ rm -f kerberos.lo kerberos.la
+ rm -f netscape.lo netscape.la
+ rm -f radius.lo radius.la
+
+install: kerberos.la netscape.la radius.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp kerberos.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp netscape.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp radius.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/Makefile 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/Makefile,v 1.1 2004/04/02 11:06:38 hyc Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/Makefile,v 1.1.6.1 2009/04/27 23:36:57 quanah Exp $
# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -34,4 +34,12 @@
smbk5pwd.la: smbk5pwd.lo
$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
- -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
+ -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+
+clean:
+ rm -f smbk5pwd.lo smbk5pwd.la
+
+install: smbk5pwd.la
+ mkdir -p $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp smbk5pwd.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --finish $(PREFIX)/lib
Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,5 +1,5 @@
/* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.14 2009/01/26 21:05:10 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.15 2009/06/27 18:48:27 quanah Exp $ */
/*
* Copyright 2004-2005 by Howard Chu, Symas Corp.
* All rights reserved.
@@ -421,6 +421,7 @@
krb5_error_code ret;
hdb_entry ent;
struct berval *keys;
+ size_t nkeys;
int kvno, i;
Attribute *a;
@@ -451,7 +452,9 @@
op->o_log_prefix, e->e_name.bv_val, 0 );
}
- ret = _kadm5_set_keys(kadm_context, &ent, qpw->rs_new.bv_val);
+ ret = hdb_generate_key_set_password(context, ent.principal,
+ qpw->rs_new.bv_val, &ent.keys.val, &nkeys);
+ ent.keys.len = nkeys;
hdb_seal_keys(context, db, &ent);
krb5_free_principal( context, ent.principal );
@@ -470,7 +473,7 @@
}
BER_BVZERO( &keys[i] );
- _kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
+ hdb_free_keys(context, ent.keys.len, ent.keys.val);
if ( i != ent.keys.len ) {
ber_bvarray_free( keys );
Modified: openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.5 2009/02/02 22:45:18 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.7 2009/06/27 17:55:38 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -365,93 +365,6 @@
!endif
-H3: Configuration File Example
-
-The following is an example configuration file, interspersed
-with explanatory text. It defines two databases to handle
-different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
-database instances. The line numbers shown are provided for
-reference only and are not included in the actual file. First, the
-global configuration section:
-
-E: 1. # example config file - global configuration section
-E: 2. include /usr/local/etc/schema/core.schema
-E: 3. referral ldap://root.openldap.org
-E: 4. access to * by * read
-
-Line 1 is a comment. Line 2 includes another config file
-which contains {{core}} schema definitions.
-The {{EX:referral}} directive on line 3
-means that queries not local to one of the databases defined
-below will be referred to the LDAP server running on the
-standard port (389) at the host {{EX:root.openldap.org}}.
-
-Line 4 is a global access control. It applies to all
-entries (after any applicable database-specific access
-controls).
-
-The next section of the configuration file defines a BDB
-backend that will handle queries for things in the
-"dc=example,dc=com" portion of the tree. The
-database is to be replicated to two slave slapds, one on
-truelies, the other on judgmentday. Indices are to be
-maintained for several attributes, and the {{EX:userPassword}}
-attribute is to be protected from unauthorized access.
-
-E: 5. # BDB definition for the example.com
-E: 6. database bdb
-E: 7. suffix "dc=example,dc=com"
-E: 8. directory /usr/local/var/openldap-data
-E: 9. rootdn "cn=Manager,dc=example,dc=com"
-E: 10. rootpw secret
-E: 11. # indexed attribute definitions
-E: 12. index uid pres,eq
-E: 13. index cn,sn,uid pres,eq,approx,sub
-E: 14. index objectClass eq
-E: 15. # database access control definitions
-E: 16. access to attrs=userPassword
-E: 17. by self write
-E: 18. by anonymous auth
-E: 19. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 20. by * none
-E: 21. access to *
-E: 22. by self write
-E: 23. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 24. by * read
-
-Line 5 is a comment. The start of the database definition is marked
-by the database keyword on line 6. Line 7 specifies the DN suffix
-for queries to pass to this database. Line 8 specifies the directory
-in which the database files will live.
-
-Lines 9 and 10 identify the database {{super-user}} entry and associated
-password. This entry is not subject to access control or size or
-time limit restrictions.
-
-Lines 12 through 14 indicate the indices to maintain for various
-attributes.
-
-Lines 16 through 24 specify access control for entries in this
-database. For all applicable entries, the {{EX:userPassword}} attribute is writable
-by the entry itself and by the "admin" entry. It may be used for
-authentication/authorization purposes, but is otherwise not readable.
-All other attributes are writable by the entry and the "admin"
-entry, but may be read by all users (authenticated or not).
-
-The next section of the example configuration file defines another
-BDB database. This one handles queries involving the
-{{EX:dc=example,dc=net}} subtree but is managed by the same entity
-as the first database. Note that without line 39, the read access
-would be allowed due to the global access rule at line 4.
-
-E: 33. # BDB definition for example.net
-E: 34. database bdb
-E: 35. suffix "dc=example,dc=net"
-E: 36. directory /usr/local/var/openldap-data-net
-E: 37. rootdn "cn=Manager,dc=example,dc=com"
-E: 38. index objectClass eq
-E: 39. access to * by users read
-
H2: Access Control via Dynamic Configuration
Access to slapd entries and attributes is controlled by the
@@ -861,136 +774,6 @@
!endif
-H3: Configuration Example
-
-The following is an example configuration, interspersed
-with explanatory text. It defines two databases to handle
-different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
-database instances. The line numbers shown are provided for
-reference only and are not included in the actual file. First, the
-global configuration section:
-
-E: 1. # example config file - global configuration entry
-E: 2. dn: cn=config
-E: 3. objectClass: olcGlobal
-E: 4. cn: config
-E: 5. olcReferral: ldap://root.openldap.org
-E: 6.
-
-Line 1 is a comment. Lines 2-4 identify this as the global
-configuration entry.
-The {{EX:olcReferral:}} directive on line 5
-means that queries not local to one of the databases defined
-below will be referred to the LDAP server running on the
-standard port (389) at the host {{EX:root.openldap.org}}.
-Line 6 is a blank line, indicating the end of this entry.
-
-E: 7. # internal schema
-E: 8. dn: cn=schema,cn=config
-E: 9. objectClass: olcSchemaConfig
-E: 10. cn: schema
-E: 11.
-
-Line 7 is a comment. Lines 8-10 identify this as the root of
-the schema subtree. The actual schema definitions in this entry
-are hardcoded into slapd so no additional attributes are specified here.
-Line 11 is a blank line, indicating the end of this entry.
-
-E: 12. # include the core schema
-E: 13. include: file:///usr/local/etc/openldap/schema/core.ldif
-E: 14.
-
-Line 12 is a comment. Line 13 is an LDIF include directive which
-accesses the {{core}} schema definitions in LDIF format. Line 14
-is a blank line.
-
-Next comes the database definitions. The first database is the
-special {{EX:frontend}} database whose settings are applied globally
-to all the other databases.
-
-E: 15. # global database parameters
-E: 16. dn: olcDatabase=frontend,cn=config
-E: 17. objectClass: olcDatabaseConfig
-E: 18. olcDatabase: frontend
-E: 19. olcAccess: to * by * read
-E: 20.
-
-Line 15 is a comment. Lines 16-18 identify this entry as the global
-database entry. Line 19 is a global access control. It applies to all
-entries (after any applicable database-specific access controls).
-
-The next entry defines a BDB backend that will handle queries for things
-in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
-for several attributes, and the {{EX:userPassword}} attribute is to be
-protected from unauthorized access.
-
-E: 21. # BDB definition for example.com
-E: 22. dn: olcDatabase=bdb,cn=config
-E: 23. objectClass: olcDatabaseConfig
-E: 24. objectClass: olcBdbConfig
-E: 25. olcDatabase: bdb
-E: 26. olcSuffix: "dc=example,dc=com"
-E: 27. olcDbDirectory: /usr/local/var/openldap-data
-E: 28. olcRootDN: "cn=Manager,dc=example,dc=com"
-E: 29. olcRootPW: secret
-E: 30. olcDbIndex: uid pres,eq
-E: 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
-E: 32. olcDbIndex: objectClass eq
-E: 33. olcAccess: to attrs=userPassword
-E: 34. by self write
-E: 35. by anonymous auth
-E: 36. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 37. by * none
-E: 38. olcAccess: to *
-E: 39. by self write
-E: 40. by dn.base="cn=Admin,dc=example,dc=com" write
-E: 41. by * read
-E: 42.
-
-Line 21 is a comment. Lines 22-25 identify this entry as a BDB database
-configuration entry. Line 26 specifies the DN suffix
-for queries to pass to this database. Line 27 specifies the directory
-in which the database files will live.
-
-Lines 28 and 29 identify the database {{super-user}} entry and associated
-password. This entry is not subject to access control or size or
-time limit restrictions.
-
-Lines 30 through 32 indicate the indices to maintain for various
-attributes.
-
-Lines 33 through 41 specify access control for entries in this
-database. For all applicable entries, the {{EX:userPassword}} attribute is writable
-by the entry itself and by the "admin" entry. It may be used for
-authentication/authorization purposes, but is otherwise not readable.
-All other attributes are writable by the entry and the "admin"
-entry, but may be read by all users (authenticated or not).
-
-Line 42 is a blank line, indicating the end of this entry.
-
-The next section of the example configuration file defines another
-BDB database. This one handles queries involving the
-{{EX:dc=example,dc=net}} subtree but is managed by the same entity
-as the first database. Note that without line 52, the read access
-would be allowed due to the global access rule at line 19.
-
-E: 43. # BDB definition for example.net
-E: 44. dn: olcDatabase=bdb,cn=config
-E: 45. objectClass: olcDatabaseConfig
-E: 46. objectClass: olcBdbConfig
-E: 47. olcDatabase: bdb
-E: 48. olcSuffix: "dc=example,dc=net"
-E: 49. olcDbDirectory: /usr/local/var/openldap-data-net
-E: 50. olcRootDN: "cn=Manager,dc=example,dc=com"
-E: 51. olcDbIndex: objectClass eq
-E: 52. olcAccess: to * by users read
-
-
-H3: Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format
-
-Discuss slap* -f slapd.conf -F slapd.d/ (man slapd-config)
-
-
H2: Access Control Common Examples
H3: Basic ACLs
Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.6 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.7 2009/06/02 23:12:16 quanah Exp $
# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -10,26 +10,6 @@
The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should
of course still be followed prior to doing any of this.
-H2: Monitor Backend
-
-Note: This is a temporary requirement and is subject to change over the next 2.4.x beta release cycle
-
-A monitor ({{slapd-monitor(5)}}) now needs a {{rootdn}} entry. If you do not have
-one, {{slapd}} will fail to start up with an error message like so:
-
-> monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
-> filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)": unable to find entry
-> backend_startup_one: bi_db_open failed! (1)
-> slap_startup failed (test would succeed using the -u switch)
-
-Here is a complete {{database monitor}} example:
-
-
-> database monitor
-> rootdn cn=monitor
-> rootpw change_me
-
-
H2: {{B:cn=config}} olc* attributes
Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs
Added: openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/delta-syncrepl.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.html 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.html 2009-07-27 22:27:07 UTC (rev 1224)
@@ -23,7 +23,7 @@
<DIV CLASS="title">
<H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">23 February 2009</ADDRESS>
+<ADDRESS CLASS="doc-modified">13 July 2009</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
@@ -100,8 +100,12 @@
<BR>
<A HREF="#Database-specific Directives">5.2.5. Database-specific Directives</A>
<BR>
-<A HREF="#BDB and HDB Database Directives">5.2.6. BDB and HDB Database Directives</A></UL></UL>
+<A HREF="#BDB and HDB Database Directives">5.2.6. BDB and HDB Database Directives</A></UL>
<BR>
+<A HREF="#Configuration Example">5.3. Configuration Example</A>
+<BR>
+<A HREF="#Converting old style {{slapd.conf}}(5) file to {{cn=config}} format">5.4. Converting old style <EM>slapd.conf</EM>(5) file to <EM>cn=config</EM> format</A></UL>
+<BR>
<A HREF="#The slapd Configuration File">6. The slapd Configuration File</A><UL>
<A HREF="#Configuration File Format">6.1. Configuration File Format</A>
<BR>
@@ -112,8 +116,10 @@
<BR>
<A HREF="#General Database Directives">6.2.3. General Database Directives</A>
<BR>
-<A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL></UL>
+<A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL>
<BR>
+<A HREF="#Configuration File Example">6.3. Configuration File Example</A></UL>
+<BR>
<A HREF="#Running slapd">7. Running slapd</A><UL>
<A HREF="#Command-Line Options">7.1. Command-Line Options</A>
<BR>
@@ -133,10 +139,8 @@
<BR>
<A HREF="#Access Control Evaluation">8.2.4. Access Control Evaluation</A>
<BR>
-<A HREF="#Access Control Examples">8.2.5. Access Control Examples</A>
+<A HREF="#Access Control Examples">8.2.5. Access Control Examples</A></UL>
<BR>
-<A HREF="#Configuration File Example">8.2.6. Configuration File Example</A></UL>
-<BR>
<A HREF="#Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A><UL>
<A HREF="#What to control access to">8.3.1. What to control access to</A>
<BR>
@@ -148,12 +152,8 @@
<BR>
<A HREF="#Access Control Examples">8.3.5. Access Control Examples</A>
<BR>
-<A HREF="#Access Control Ordering">8.3.6. Access Control Ordering</A>
+<A HREF="#Access Control Ordering">8.3.6. Access Control Ordering</A></UL>
<BR>
-<A HREF="#Configuration Example">8.3.7. Configuration Example</A>
-<BR>
-<A HREF="#Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></UL>
-<BR>
<A HREF="#Access Control Common Examples">8.4. Access Control Common Examples</A><UL>
<A HREF="#Basic ACLs">8.4.1. Basic ACLs</A>
<BR>
@@ -671,12 +671,10 @@
<A HREF="#back-ldbm">A.3.2. back-ldbm</A></UL></UL>
<BR>
<A HREF="#Upgrading from 2.3.x">B. Upgrading from 2.3.x</A><UL>
-<A HREF="#Monitor Backend">B.1. Monitor Backend</A>
+<A HREF="#{{B:cn=config}} olc* attributes">B.1. <B>cn=config</B> olc* attributes</A>
<BR>
-<A HREF="#{{B:cn=config}} olc* attributes">B.2. <B>cn=config</B> olc* attributes</A>
+<A HREF="#ACLs: searches require privileges on the search base">B.2. ACLs: searches require privileges on the search base</A></UL>
<BR>
-<A HREF="#ACLs: searches require privileges on the search base">B.3. ACLs: searches require privileges on the search base</A></UL>
-<BR>
<A HREF="#Common errors encountered when using OpenLDAP Software">C. Common errors encountered when using OpenLDAP Software</A><UL>
<A HREF="#Common causes of LDAP errors">C.1. Common causes of LDAP errors</A><UL>
<A HREF="#ldap_*: Can\'t contact LDAP server">C.1.1. ldap_*: Can't contact LDAP server</A>
@@ -1459,8 +1457,10 @@
<P></P>
<HR>
<H1><A NAME="Configuring slapd">5. Configuring slapd</A></H1>
-<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site. Unlike previous OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in <TERM>LDIF</TERM>. The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect. The old style <EM>slapd.conf</EM>(5) file is still supported, but must be converted to the new <EM>slapd-config</EM>(5) format to allow runtime changes to be saved. While the old style configuration uses a single file, normally installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>, the new style uses a slapd backend database to store the configuration. The configuration database normally resides in the <TT>/usr/local/etc/openldap/slapd.d</TT> directory. When converting from the slapd.conf format to slapd.d format, any include files will also be integrated into the resulting configuration database.</P>
-<P>An alternate configuration directory (or file) can be specified via a command-line option to <EM>slapd</EM>(8). This chapter describes the general format of the configuration system, followed by a detailed description of commonly used config settings.</P>
+<P>Once the software has been built and installed, you are ready to configure <EM>slapd</EM>(8) for use at your site.</P>
+<P>Unlike previous OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in <TERM>LDIF</TERM>. The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect.</P>
+<P>The old style <EM>slapd.conf</EM>(5) file is still supported, but must be converted to the new <EM>slapd-config</EM>(5) format to allow runtime changes to be saved. While the old style configuration uses a single file, normally installed as <TT>/usr/local/etc/openldap/slapd.conf</TT>, the new style uses a slapd backend database to store the configuration. The configuration database normally resides in the <TT>/usr/local/etc/openldap/slapd.d</TT> directory. An alternate configuration directory (or file) can be specified via a command-line option to <EM>slapd</EM>(8).</P>
+<P>This chapter briefly discusses converting to the new style configuration, then describes the general format of the configuration system, followed by a detailed description of commonly used config settings.</P>
<P><HR WIDTH="80%" ALIGN="Left">
<STRONG>Note: </STRONG>some of the backends and of the distributed overlays do not support runtime configuration yet. In those cases, the old style <EM>slapd.conf</EM>(5) file must be used.
<HR WIDTH="80%" ALIGN="Left"></P>
@@ -2174,6 +2174,93 @@
olcDbIDLcacheSize: 3000
olcDbIndex: objectClass eq
</PRE>
+<H2><A NAME="Configuration Example">5.3. Configuration Example</A></H2>
+<P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration entry
+ 2. dn: cn=config
+ 3. objectClass: olcGlobal
+ 4. cn: config
+ 5. olcReferral: ldap://root.openldap.org
+ 6.
+</PRE>
+<P>Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The <TT>olcReferral:</TT> directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>. Line 6 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 7. # internal schema
+ 8. dn: cn=schema,cn=config
+ 9. objectClass: olcSchemaConfig
+ 10. cn: schema
+ 11.
+</PRE>
+<P>Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.</P>
+<PRE>
+ 12. # include the core schema
+ 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+ 14.
+</PRE>
+<P>Line 12 is a comment. Line 13 is an LDIF include directive which accesses the <EM>core</EM> schema definitions in LDIF format. Line 14 is a blank line.</P>
+<P>Next comes the database definitions. The first database is the special <TT>frontend</TT> database whose settings are applied globally to all the other databases.</P>
+<PRE>
+ 15. # global database parameters
+ 16. dn: olcDatabase=frontend,cn=config
+ 17. objectClass: olcDatabaseConfig
+ 18. olcDatabase: frontend
+ 19. olcAccess: to * by * read
+ 20.
+</PRE>
+<P>Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next entry defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 21. # BDB definition for example.com
+ 22. dn: olcDatabase=bdb,cn=config
+ 23. objectClass: olcDatabaseConfig
+ 24. objectClass: olcBdbConfig
+ 25. olcDatabase: bdb
+ 26. olcSuffix: "dc=example,dc=com"
+ 27. olcDbDirectory: /usr/local/var/openldap-data
+ 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 29. olcRootPW: secret
+ 30. olcDbIndex: uid pres,eq
+ 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+ 32. olcDbIndex: objectClass eq
+ 33. olcAccess: to attrs=userPassword
+ 34. by self write
+ 35. by anonymous auth
+ 36. by dn.base="cn=Admin,dc=example,dc=com" write
+ 37. by * none
+ 38. olcAccess: to *
+ 39. by self write
+ 40. by dn.base="cn=Admin,dc=example,dc=com" write
+ 41. by * read
+ 42.
+</PRE>
+<P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry. Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
+<P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
+<P>Lines 33 through 41 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>Line 42 is a blank line, indicating the end of this entry.</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 52, the read access would be allowed due to the global access rule at line 19.</P>
+<PRE>
+ 43. # BDB definition for example.net
+ 44. dn: olcDatabase=bdb,cn=config
+ 45. objectClass: olcDatabaseConfig
+ 46. objectClass: olcBdbConfig
+ 47. olcDatabase: bdb
+ 48. olcSuffix: "dc=example,dc=net"
+ 49. olcDbDirectory: /usr/local/var/openldap-data-net
+ 50. olcRootDN: "cn=Manager,dc=example,dc=com"
+ 51. olcDbIndex: objectClass eq
+ 52. olcAccess: to * by users read
+</PRE>
+<H2><A NAME="Converting old style {{slapd.conf}}(5) file to {{cn=config}} format">5.4. Converting old style <EM>slapd.conf</EM>(5) file to <EM>cn=config</EM> format</A></H2>
+<P>An existing <EM>slapd.conf</EM>(5) file can be converted to the new format using <EM>slaptest</EM>(8) or any of the slap tools:</P>
+<PRE>
+ slaptest -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d
+</PRE>
+<P>You can then discard the old <EM>slapd.conf</EM>(5) file. Make sure to launch <EM>slapd</EM>(8) with the <EM>-F</EM> option to specify the configuration directory.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>When converting from the slapd.conf format to slapd.d format, any included files will also be integrated into the resulting configuration database.
+<HR WIDTH="80%" ALIGN="Left"></P>
<P></P>
<HR>
<H1><A NAME="The slapd Configuration File">6. The slapd Configuration File</A></H1>
@@ -2686,6 +2773,53 @@
<PRE>
directory /usr/local/var/openldap-data
</PRE>
+<H2><A NAME="Configuration File Example">6.3. Configuration File Example</A></H2>
+<P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
+<PRE>
+ 1. # example config file - global configuration section
+ 2. include /usr/local/etc/schema/core.schema
+ 3. referral ldap://root.openldap.org
+ 4. access to * by * read
+</PRE>
+<P>Line 1 is a comment. Line 2 includes another config file which contains <EM>core</EM> schema definitions. The <TT>referral</TT> directive on line 3 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>.</P>
+<P>Line 4 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
+<P>The next section of the configuration file defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. The database is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
+<PRE>
+ 5. # BDB definition for the example.com
+ 6. database bdb
+ 7. suffix "dc=example,dc=com"
+ 8. directory /usr/local/var/openldap-data
+ 9. rootdn "cn=Manager,dc=example,dc=com"
+ 10. rootpw secret
+ 11. # indexed attribute definitions
+ 12. index uid pres,eq
+ 13. index cn,sn,uid pres,eq,approx,sub
+ 14. index objectClass eq
+ 15. # database access control definitions
+ 16. access to attrs=userPassword
+ 17. by self write
+ 18. by anonymous auth
+ 19. by dn.base="cn=Admin,dc=example,dc=com" write
+ 20. by * none
+ 21. access to *
+ 22. by self write
+ 23. by dn.base="cn=Admin,dc=example,dc=com" write
+ 24. by * read
+</PRE>
+<P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
+<P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
+<P>Lines 12 through 14 indicate the indices to maintain for various attributes.</P>
+<P>Lines 16 through 24 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
+<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
+<PRE>
+ 33. # BDB definition for example.net
+ 34. database bdb
+ 35. suffix "dc=example,dc=net"
+ 36. directory /usr/local/var/openldap-data-net
+ 37. rootdn "cn=Manager,dc=example,dc=com"
+ 38. index objectClass eq
+ 39. access to * by users read
+</PRE>
<P></P>
<HR>
<H1><A NAME="Running slapd">7. Running slapd</A></H1>
@@ -3251,53 +3385,6 @@
by dnattr=member selfwrite
</PRE>
<P>The dnattr <TT><who></TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
-<H3><A NAME="Configuration File Example">8.2.6. Configuration File Example</A></H3>
-<P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
-<PRE>
- 1. # example config file - global configuration section
- 2. include /usr/local/etc/schema/core.schema
- 3. referral ldap://root.openldap.org
- 4. access to * by * read
-</PRE>
-<P>Line 1 is a comment. Line 2 includes another config file which contains <EM>core</EM> schema definitions. The <TT>referral</TT> directive on line 3 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>.</P>
-<P>Line 4 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
-<P>The next section of the configuration file defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. The database is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
-<PRE>
- 5. # BDB definition for the example.com
- 6. database bdb
- 7. suffix "dc=example,dc=com"
- 8. directory /usr/local/var/openldap-data
- 9. rootdn "cn=Manager,dc=example,dc=com"
- 10. rootpw secret
- 11. # indexed attribute definitions
- 12. index uid pres,eq
- 13. index cn,sn,uid pres,eq,approx,sub
- 14. index objectClass eq
- 15. # database access control definitions
- 16. access to attrs=userPassword
- 17. by self write
- 18. by anonymous auth
- 19. by dn.base="cn=Admin,dc=example,dc=com" write
- 20. by * none
- 21. access to *
- 22. by self write
- 23. by dn.base="cn=Admin,dc=example,dc=com" write
- 24. by * read
-</PRE>
-<P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
-<P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
-<P>Lines 12 through 14 indicate the indices to maintain for various attributes.</P>
-<P>Lines 16 through 24 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
-<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
-<PRE>
- 33. # BDB definition for example.net
- 34. database bdb
- 35. suffix "dc=example,dc=net"
- 36. directory /usr/local/var/openldap-data-net
- 37. rootdn "cn=Manager,dc=example,dc=com"
- 38. index objectClass eq
- 39. access to * by users read
-</PRE>
<H2><A NAME="Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A></H2>
<P>Access to slapd entries and attributes is controlled by the olcAccess attribute, whose values are a sequence of access directives. The general form of the olcAccess configuration is:</P>
<PRE>
@@ -3656,86 +3743,6 @@
by * read
</PRE>
<P>which is exactly what was intended.</P>
-<H3><A NAME="Configuration Example">8.3.7. Configuration Example</A></H3>
-<P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
-<PRE>
- 1. # example config file - global configuration entry
- 2. dn: cn=config
- 3. objectClass: olcGlobal
- 4. cn: config
- 5. olcReferral: ldap://root.openldap.org
- 6.
-</PRE>
-<P>Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The <TT>olcReferral:</TT> directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host <TT>root.openldap.org</TT>. Line 6 is a blank line, indicating the end of this entry.</P>
-<PRE>
- 7. # internal schema
- 8. dn: cn=schema,cn=config
- 9. objectClass: olcSchemaConfig
- 10. cn: schema
- 11.
-</PRE>
-<P>Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.</P>
-<PRE>
- 12. # include the core schema
- 13. include: file:///usr/local/etc/openldap/schema/core.ldif
- 14.
-</PRE>
-<P>Line 12 is a comment. Line 13 is an LDIF include directive which accesses the <EM>core</EM> schema definitions in LDIF format. Line 14 is a blank line.</P>
-<P>Next comes the database definitions. The first database is the special <TT>frontend</TT> database whose settings are applied globally to all the other databases.</P>
-<PRE>
- 15. # global database parameters
- 16. dn: olcDatabase=frontend,cn=config
- 17. objectClass: olcDatabaseConfig
- 18. olcDatabase: frontend
- 19. olcAccess: to * by * read
- 20.
-</PRE>
-<P>Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls).</P>
-<P>The next entry defines a BDB backend that will handle queries for things in the "dc=example,dc=com" portion of the tree. Indices are to be maintained for several attributes, and the <TT>userPassword</TT> attribute is to be protected from unauthorized access.</P>
-<PRE>
- 21. # BDB definition for example.com
- 22. dn: olcDatabase=bdb,cn=config
- 23. objectClass: olcDatabaseConfig
- 24. objectClass: olcBdbConfig
- 25. olcDatabase: bdb
- 26. olcSuffix: "dc=example,dc=com"
- 27. olcDbDirectory: /usr/local/var/openldap-data
- 28. olcRootDN: "cn=Manager,dc=example,dc=com"
- 29. olcRootPW: secret
- 30. olcDbIndex: uid pres,eq
- 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
- 32. olcDbIndex: objectClass eq
- 33. olcAccess: to attrs=userPassword
- 34. by self write
- 35. by anonymous auth
- 36. by dn.base="cn=Admin,dc=example,dc=com" write
- 37. by * none
- 38. olcAccess: to *
- 39. by self write
- 40. by dn.base="cn=Admin,dc=example,dc=com" write
- 41. by * read
- 42.
-</PRE>
-<P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry. Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
-<P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
-<P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
-<P>Lines 33 through 41 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).</P>
-<P>Line 42 is a blank line, indicating the end of this entry.</P>
-<P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database. Note that without line 52, the read access would be allowed due to the global access rule at line 19.</P>
-<PRE>
- 43. # BDB definition for example.net
- 44. dn: olcDatabase=bdb,cn=config
- 45. objectClass: olcDatabaseConfig
- 46. objectClass: olcBdbConfig
- 47. olcDatabase: bdb
- 48. olcSuffix: "dc=example,dc=net"
- 49. olcDbDirectory: /usr/local/var/openldap-data-net
- 50. olcRootDN: "cn=Manager,dc=example,dc=com"
- 51. olcDbIndex: objectClass eq
- 52. olcAccess: to * by users read
-</PRE>
-<H3><A NAME="Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></H3>
-<P>Discuss slap* -f slapd.conf -F slapd.d/ (man slapd-config)</P>
<H2><A NAME="Access Control Common Examples">8.4. Access Control Common Examples</A></H2>
<H3><A NAME="Basic ACLs">8.4.1. Basic ACLs</A></H3>
<P>Generally one should start with some basic ACLs such as:</P>
@@ -6788,7 +6795,7 @@
<P>An LDAP URL in a <TT>authzTo</TT> or <TT>authzFrom</TT> attribute will return a set of DNs. Each DN returned will be checked. Searches which return a large set can cause the authorization process to take an uncomfortably long time. Also, searches should be performed on attributes that have been indexed by slapd.</P>
<P>To help produce more sweeping rules for <TT>authzFrom</TT> and <TT>authzTo</TT>, the values of these attributes are allowed to be DNs with regular expression characters in them. This means a source rule like</P>
<PRE>
- authzTo: dn.regex=^uid=[^,]*,dc=example,dc=com$
+ authzTo: dn.regex:^uid=[^,]*,dc=example,dc=com$
</PRE>
<P>would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for <TT>(uid=*)</TT>.</P>
<P>Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression characters). Anything that does not begin with "<TT>ldap://</TT>" is taken as a DN. It is not permissible to enter another authorization identity of the form "<TT>u:<username></TT>" as an authorization rule.</P>
@@ -6920,7 +6927,7 @@
<H2><A NAME="Replication Technology">18.1. Replication Technology</A></H2>
<H3><A NAME="LDAP Sync Replication">18.1.1. LDAP Sync Replication</A></H3>
<P>The <TERM>LDAP Sync</TERM> Replication engine, <TERM>syncrepl</TERM> for short, is a consumer-side replication engine that enables the consumer <TERM>LDAP</TERM> server to maintain a shadow copy of a <TERM>DIT</TERM> fragment. A syncrepl engine resides at the consumer and executes as one of the <EM>slapd</EM>(8) threads. It creates and maintains a consumer replica by connecting to the replication provider to perform the initial DIT content load followed either by periodic content polling or by timely updates upon content changes.</P>
-<P>Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for short) as the replica synchronization protocol. LDAP Sync provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store. In pull-based replication the consumer periodically polls the provider for updates. In push-based replication the consumer listens for updates that are sent by the provider in realtime. Since the protocol does not require a history store, the provider does not need to maintain any log of updates it has received. (Note that the syncrepl engine is extensible and additional replication protocols may be supported in the future.)</P>
+<P>Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for short) as the replica synchronization protocol. LDAP Sync provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store. In pull-based replication the consumer periodically polls the provider for updates. In push-based replication the consumer listens for updates that are sent by the provider in realtime. Since the protocol does not require a history store, the provider does not need to maintain any log of updates it has received (Note that the syncrepl engine is extensible and additional replication protocols may be supported in the future.).</P>
<P>Syncrepl keeps track of the status of the replication content by maintaining and exchanging synchronization cookies. Because the syncrepl consumer and provider maintain their content status, the consumer can poll the provider content to perform incremental synchronization by asking for the entries required to make the consumer replica up-to-date with the provider content. Syncrepl also enables convenient management of replicas by maintaining replica status. The consumer replica can be constructed from a consumer-side or a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica up-to-date with the current provider content.</P>
<P>Syncrepl supports both pull-based and push-based synchronization. In its basic refreshOnly synchronization mode, the provider uses pull-based synchronization where the consumer servers need not be tracked and no history information is maintained. The information required for the provider to process periodic polling requests is contained in the synchronization cookie of the request itself. To optimize the pull-based synchronization, syncrepl utilizes the present phase of the LDAP Sync protocol as well as its delete phase, instead of falling back on frequent full reloads. To further optimize the pull-based synchronization, the provider can maintain a per-scope session log as a history store. In its refreshAndPersist mode of synchronization, the provider uses a push-based synchronization. The provider keeps track of the consumer servers that have requested a persistent search and sends them necessary updates as the provider replication content gets modified.</P>
<P>With syncrepl, a consumer server can create a replica without changing the provider's configurations and without restarting the provider server, if the consumer server has appropriate access privileges for the DIT fragment to be replicated. The consumer server can stop the replication also without the need for provider-side changes and restart.</P>
@@ -6941,12 +6948,12 @@
<P>As a further optimization, even in the case the synchronization search is not associated with any session log, no entries will be transmitted to the consumer server when there has been no update in the replication context.</P>
<P>The syncrepl engine, which is a consumer-side replication engine, can work with any backends. The LDAP Sync provider can be configured as an overlay on any backend, but works best with the <EM>back-bdb</EM> or <EM>back-hdb</EM> backend.</P>
<P>The LDAP Sync provider maintains a <TT>contextCSN</TT> for each database as the current synchronization state indicator of the provider content. It is the largest <TT>entryCSN</TT> in the provider context such that no transactions for an entry having smaller <TT>entryCSN</TT> value remains outstanding. The <TT>contextCSN</TT> could not just be set to the largest issued <TT>entryCSN</TT> because <TT>entryCSN</TT> is obtained before a transaction starts and transactions are not committed in the issue order.</P>
-<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the contextCSN to be written out more frequently if desired.</P>
+<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the <TT>contextCSN</TT> to be written out more frequently if desired.</P>
<P>Note that at startup time, if the provider is unable to read a <TT>contextCSN</TT> from the suffix entry, it will scan the entire database to determine the value, and this scan may take quite a long time on a large database. When a <TT>contextCSN</TT> value is read, the database will still be scanned for any <TT>entryCSN</TT> values greater than it, to make sure the <TT>contextCSN</TT> value truly reflects the greatest committed <TT>entryCSN</TT> in the database. On databases which support inequality indexing, setting an eq index on the <TT>entryCSN</TT> attribute and configuring <EM>contextCSN</EM> checkpoints will greatly speed up this scanning step.</P>
<P>If no <TT>contextCSN</TT> can be determined by reading and scanning the database, a new value will be generated. Also, if scanning the database yielded a greater <TT>entryCSN</TT> than was previously recorded in the suffix entry's <TT>contextCSN</TT> attribute, a checkpoint will be immediately written with the new value.</P>
<P>The consumer also stores its replica state, which is the provider's <TT>contextCSN</TT> received as a synchronization cookie, in the <TT>contextCSN</TT> attribute of the suffix entry. The replica state maintained by a consumer server is used as the synchronization state indicator when it performs subsequent incremental synchronization with the provider server. It is also used as a provider-side synchronization state indicator when it functions as a secondary provider server in a cascading replication configuration. Since the consumer and provider state information are maintained in the same location within their respective databases, any consumer can be promoted to a provider (and vice versa) without any special actions.</P>
<P>Because a general search filter can be used in the syncrepl specification, some entries in the context may be omitted from the synchronization content. The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless <EM>ManageDsaIT</EM> control is provided.</P>
-<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log.</P>
+<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log on the provider.</P>
<P>For configuration, please see the <A HREF="#Syncrepl">Syncrepl</A> section.</P>
<H2><A NAME="Deployment Alternatives">18.2. Deployment Alternatives</A></H2>
<P>While the LDAP Sync specification only defines a narrow scope for replication, the OpenLDAP implementation is extremely flexible and supports a variety of operating modes to handle other scenarios not explicitly addressed in the spec.</P>
@@ -7274,8 +7281,11 @@
olcOverlay: syncprov
</PRE>
<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>You must have all your servers set to the same time via <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>
+<STRONG>Note: </STRONG>All of your servers' clocks must be tightly synchronized using e.g. NTP <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>, atomic clock, or some other reliable time reference.
<HR WIDTH="80%" ALIGN="Left"></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>As stated in <EM>slapd-config</EM>(5), URLs specified in <EM>olcSyncRepl</EM> directives are the URLs of the servers from which to replicate. These must exactly match the URLs <EM>slapd</EM> listens on (<EM>-h</EM> in <A HREF="#Command-Line Options">Command-Line Options</A>). Otherwise slapd may attempt to replicate from itself, causing a loop.
+<HR WIDTH="80%" ALIGN="Left"></P>
<H3><A NAME="MirrorMode">18.3.4. MirrorMode</A></H3>
<P>MirrorMode configuration is actually very easy. If you have ever setup a normal slapd syncrepl provider, then the only change is the following two directives:</P>
<PRE>
@@ -8283,29 +8293,12 @@
<H1><A NAME="Upgrading from 2.3.x">B. Upgrading from 2.3.x</A></H1>
<P>The following sections attempt to document the steps you will need to take in order to upgrade from the latest 2.3.x OpenLDAP version.</P>
<P>The normal upgrade procedure, as discussed in the <A HREF="#Maintenance">Maintenance</A> section, should of course still be followed prior to doing any of this.</P>
-<H2><A NAME="Monitor Backend">B.1. Monitor Backend</A></H2>
-<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>This is a temporary requirement and is subject to change over the next 2.4.x beta release cycle
-<HR WIDTH="80%" ALIGN="Left"></P>
-<P>A monitor (<EM>slapd-monitor(5)</EM>) now needs a <EM>rootdn</EM> entry. If you do not have one, <EM>slapd</EM> will fail to start up with an error message like so:</P>
-<PRE>
- monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
- filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)": unable to find entry
- backend_startup_one: bi_db_open failed! (1)
- slap_startup failed (test would succeed using the -u switch)
-</PRE>
-<P>Here is a complete <EM>database monitor</EM> example:</P>
-<PRE>
- database monitor
- rootdn cn=monitor
- rootpw change_me
-</PRE>
-<H2><A NAME="{{B:cn=config}} olc* attributes">B.2. <B>cn=config</B> olc* attributes</A></H2>
+<H2><A NAME="{{B:cn=config}} olc* attributes">B.1. <B>cn=config</B> olc* attributes</A></H2>
<P>Quite a few <EM>olc*</EM> attributes have now become obsolete, if you see in your logs entries like below, just remove them from the relevant ldif file.</P>
<PRE>
olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored)
</PRE>
-<H2><A NAME="ACLs: searches require privileges on the search base">B.3. ACLs: searches require privileges on the search base</A></H2>
+<H2><A NAME="ACLs: searches require privileges on the search base">B.2. ACLs: searches require privileges on the search base</A></H2>
<P>Search operations now require "search" privileges on the "entry" pseudo-attribute of the search base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search bases.</P>
<P>For example, assuming you have the following ACL:</P>
<PRE>
Added: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshandpersist.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/ldap-sync-refreshonly.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
===================================================================
(Binary files differ)
Property changes on: openldap/vendor/openldap-release/doc/guide/admin/n-way-multi-master.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/replication.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/replication.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.23 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.26 2009/04/28 00:57:46 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -49,9 +49,9 @@
polls the provider for updates. In push-based replication the consumer
listens for updates that are sent by the provider in realtime. Since the
protocol does not require a history store, the provider does not need to
-maintain any log of updates it has received. (Note
+maintain any log of updates it has received (Note
that the syncrepl engine is extensible and additional replication
-protocols may be supported in the future.)
+protocols may be supported in the future.).
Syncrepl keeps track of the status of the replication content by
maintaining and exchanging synchronization cookies. Because the
@@ -245,7 +245,7 @@
and uses the in-memory copy exclusively thereafter. By default,
changes to the {{EX:contextCSN}} as a result of database updates
will not be written to the database until the server is cleanly
-shut down. A checkpoint facility exists to cause the contextCSN to
+shut down. A checkpoint facility exists to cause the {{EX:contextCSN}} to
be written out more frequently if desired.
Note that at startup time, if the provider is unable to read a
@@ -291,7 +291,7 @@
from the replication scope even though the entry has not been deleted
on the provider. Logically the entry must be deleted on the consumer
but in {{refreshOnly}} mode the provider cannot detect and propagate
-this change without the use of the session log.
+this change without the use of the session log on the provider.
For configuration, please see the {{SECT:Syncrepl}} section.
@@ -839,8 +839,15 @@
> objectClass: olcSyncProvConfig
> olcOverlay: syncprov
-Note: You must have all your servers set to the same time via {{http://www.ntp.org/}}
+Note: All of your servers' clocks must be tightly synchronized using
+e.g. NTP {{http://www.ntp.org/}}, atomic clock, or some other reliable
+time reference.
+Note: As stated in {{slapd-config}}(5), URLs specified in {{olcSyncRepl}}
+directives are the URLs of the servers from which to replicate. These
+must exactly match the URLs {{slapd}} listens on ({{-h}} in {{SECT:Command-Line Options}}).
+Otherwise slapd may attempt to replicate from itself, causing a loop.
+
H3: MirrorMode
MirrorMode configuration is actually very easy. If you have ever setup a normal
Modified: openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.9 2009/01/22 00:00:47 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.10 2009/04/29 01:27:12 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -652,7 +652,7 @@
be DNs with regular expression characters in them. This means a
source rule like
-> authzTo: dn.regex=^uid=[^,]*,dc=example,dc=com$
+> authzTo: dn.regex:^uid=[^,]*,dc=example,dc=com$
would allow that authenticated user to authorize to any DN that
matches the regular expression pattern given. This regular expression
Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,32 +1,34 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.18 2009/02/06 16:38:31 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.20 2009/06/27 17:55:39 quanah Exp $
# Copyright 2005-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Configuring slapd
Once the software has been built and installed, you are ready
-to configure {{slapd}}(8) for use at your site. Unlike previous
+to configure {{slapd}}(8) for use at your site.
+
+Unlike previous
OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later)
is fully LDAP-enabled and can be managed using the standard LDAP
operations with data in {{TERM:LDIF}}. The LDAP configuration engine
allows all of slapd's configuration options to be changed on the fly,
generally without requiring a server restart for the changes
-to take effect. The old style {{slapd.conf}}(5) file is still
+to take effect.
+
+The old style {{slapd.conf}}(5) file is still
supported, but must be converted to the new {{slapd-config}}(5) format
to allow runtime changes to be saved. While the old style
configuration uses a single file, normally installed as
{{F:/usr/local/etc/openldap/slapd.conf}}, the new style
uses a slapd backend database to store the configuration. The
configuration database normally resides in the
-{{F:/usr/local/etc/openldap/slapd.d}} directory. When
-converting from the slapd.conf format to slapd.d format, any
-include files will also be integrated into the resulting configuration
-database.
+{{F:/usr/local/etc/openldap/slapd.d}} directory. An alternate configuration
+directory (or file) can be specified via a command-line option to
+{{slapd}}(8).
-An alternate configuration directory (or file) can be specified via
-a command-line option to {{slapd}}(8). This chapter describes the
-general format of the configuration system, followed by a detailed
-description of commonly used config settings.
+This chapter briefly discusses converting to the new style configuration,
+then describes the general format of the configuration system, followed by
+a detailed description of commonly used config settings.
Note: some of the backends and of the distributed overlays
do not support runtime configuration yet. In those cases,
@@ -972,3 +974,143 @@
>olcDbConfig: set_flags DB_LOG_AUTOREMOVE
>olcDbIDLcacheSize: 3000
>olcDbIndex: objectClass eq
+
+
+H2: Configuration Example
+
+The following is an example configuration, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration entry
+E: 2. dn: cn=config
+E: 3. objectClass: olcGlobal
+E: 4. cn: config
+E: 5. olcReferral: ldap://root.openldap.org
+E: 6.
+
+Line 1 is a comment. Lines 2-4 identify this as the global
+configuration entry.
+The {{EX:olcReferral:}} directive on line 5
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+Line 6 is a blank line, indicating the end of this entry.
+
+E: 7. # internal schema
+E: 8. dn: cn=schema,cn=config
+E: 9. objectClass: olcSchemaConfig
+E: 10. cn: schema
+E: 11.
+
+Line 7 is a comment. Lines 8-10 identify this as the root of
+the schema subtree. The actual schema definitions in this entry
+are hardcoded into slapd so no additional attributes are specified here.
+Line 11 is a blank line, indicating the end of this entry.
+
+E: 12. # include the core schema
+E: 13. include: file:///usr/local/etc/openldap/schema/core.ldif
+E: 14.
+
+Line 12 is a comment. Line 13 is an LDIF include directive which
+accesses the {{core}} schema definitions in LDIF format. Line 14
+is a blank line.
+
+Next comes the database definitions. The first database is the
+special {{EX:frontend}} database whose settings are applied globally
+to all the other databases.
+
+E: 15. # global database parameters
+E: 16. dn: olcDatabase=frontend,cn=config
+E: 17. objectClass: olcDatabaseConfig
+E: 18. olcDatabase: frontend
+E: 19. olcAccess: to * by * read
+E: 20.
+
+Line 15 is a comment. Lines 16-18 identify this entry as the global
+database entry. Line 19 is a global access control. It applies to all
+entries (after any applicable database-specific access controls).
+
+The next entry defines a BDB backend that will handle queries for things
+in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
+for several attributes, and the {{EX:userPassword}} attribute is to be
+protected from unauthorized access.
+
+E: 21. # BDB definition for example.com
+E: 22. dn: olcDatabase=bdb,cn=config
+E: 23. objectClass: olcDatabaseConfig
+E: 24. objectClass: olcBdbConfig
+E: 25. olcDatabase: bdb
+E: 26. olcSuffix: "dc=example,dc=com"
+E: 27. olcDbDirectory: /usr/local/var/openldap-data
+E: 28. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 29. olcRootPW: secret
+E: 30. olcDbIndex: uid pres,eq
+E: 31. olcDbIndex: cn,sn,uid pres,eq,approx,sub
+E: 32. olcDbIndex: objectClass eq
+E: 33. olcAccess: to attrs=userPassword
+E: 34. by self write
+E: 35. by anonymous auth
+E: 36. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 37. by * none
+E: 38. olcAccess: to *
+E: 39. by self write
+E: 40. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 41. by * read
+E: 42.
+
+Line 21 is a comment. Lines 22-25 identify this entry as a BDB database
+configuration entry. Line 26 specifies the DN suffix
+for queries to pass to this database. Line 27 specifies the directory
+in which the database files will live.
+
+Lines 28 and 29 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 30 through 32 indicate the indices to maintain for various
+attributes.
+
+Lines 33 through 41 specify access control for entries in this
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+Line 42 is a blank line, indicating the end of this entry.
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 52, the read access
+would be allowed due to the global access rule at line 19.
+
+E: 43. # BDB definition for example.net
+E: 44. dn: olcDatabase=bdb,cn=config
+E: 45. objectClass: olcDatabaseConfig
+E: 46. objectClass: olcBdbConfig
+E: 47. olcDatabase: bdb
+E: 48. olcSuffix: "dc=example,dc=net"
+E: 49. olcDbDirectory: /usr/local/var/openldap-data-net
+E: 50. olcRootDN: "cn=Manager,dc=example,dc=com"
+E: 51. olcDbIndex: objectClass eq
+E: 52. olcAccess: to * by users read
+
+
+H2: Converting old style {{slapd.conf}}(5) file to {{cn=config}} format
+
+An existing {{slapd.conf}}(5) file can be converted to the new format using
+{{slaptest}}(8) or any of the slap tools:
+
+> slaptest -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d
+
+You can then discard the old {{slapd.conf}}(5) file. Make sure to launch
+{{slapd}}(8) with the {{-F}} option to specify the configuration directory.
+
+Note: When converting from the slapd.conf format to slapd.d format, any
+included files will also be integrated into the resulting configuration
+database.
Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf 2009-04-19 23:03:05 UTC (rev 1223)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf 2009-07-27 22:27:07 UTC (rev 1224)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.19 2009/02/06 16:38:31 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.20 2009/06/27 17:55:39 quanah Exp $
# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
@@ -573,3 +573,91 @@
\Default:
> directory /usr/local/var/openldap-data
+
+
+H2: Configuration File Example
+
+The following is an example configuration file, interspersed
+with explanatory text. It defines two databases to handle
+different parts of the {{TERM:X.500}} tree; both are {{TERM:BDB}}
+database instances. The line numbers shown are provided for
+reference only and are not included in the actual file. First, the
+global configuration section:
+
+E: 1. # example config file - global configuration section
+E: 2. include /usr/local/etc/schema/core.schema
+E: 3. referral ldap://root.openldap.org
+E: 4. access to * by * read
+
+Line 1 is a comment. Line 2 includes another config file
+which contains {{core}} schema definitions.
+The {{EX:referral}} directive on line 3
+means that queries not local to one of the databases defined
+below will be referred to the LDAP server running on the
+standard port (389) at the host {{EX:root.openldap.org}}.
+
+Line 4 is a global access control. It applies to all
+entries (after any applicable database-specific access
+controls).
+
+The next section of the configuration file defines a BDB
+backend that will handle queries for things in the
+"dc=example,dc=com" portion of the tree. The
+database is to be replicated to two slave slapds, one on
+truelies, the other on judgmentday. Indices are to be
+maintained for several attributes, and the {{EX:userPassword}}
+attribute is to be protected from unauthorized access.
+
+E: 5. # BDB definition for the example.com
+E: 6. database bdb
+E: 7. suffix "dc=example,dc=com"
+E: 8. directory /usr/local/var/openldap-data
+E: 9. rootdn "cn=Manager,dc=example,dc=com"
+E: 10. rootpw secret
+E: 11. # indexed attribute definitions
+E: 12. index uid pres,eq
+E: 13. index cn,sn,uid pres,eq,approx,sub
+E: 14. index objectClass eq
+E: 15. # database access control definitions
+E: 16. access to attrs=userPassword
+E: 17. by self write
+E: 18. by anonymous auth
+E: 19. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 20. by * none
+E: 21. access to *
+E: 22. by self write
+E: 23. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 24. by * read
+
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.
+
+Lines 9 and 10 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 12 through 14 indicate the indices to maintain for various
+attributes.
+
+Lines 16 through 24 specify access control for entries in this
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
+
+E: 33. # BDB definition for example.net
+E: 34. database bdb
+E: 35. suffix "dc=example,dc=net"
+E: 36. directory /usr/local/var/openldap-data-net
+E: 37. rootdn "cn=Manager,dc=example,dc=com"
+E: 38. index objectClass eq
+E: 39. access to * by users read
Added: openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/delta-syncrepl.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,4856 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="delta-syncrepl.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/delta-syncrepl.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28240"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28224"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28226"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28228"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28230"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28214"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28216"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28218"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28220"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28208"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-125.9178,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28210"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28204"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.573,808.7592)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28206"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28200"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-116.9703,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28202"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28196"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.6254,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28198"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28192"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.4824,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28194"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28188"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.1375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28190"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28184"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.77797,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28186"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28180"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.43307,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28182"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.0884,752.134)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28172"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28174"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28176"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28178"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28162"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28164"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28166"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28168"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28152"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28154"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28156"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28158"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28142"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28144"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28146"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28148"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28132"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28134"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28136"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28138"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28122"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28124"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28126"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28128"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28112"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28114"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28116"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28118"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28102"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28104"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28106"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28108"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28096"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.2375,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28098"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28092"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-156.8927,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28094"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28088"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.29,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28090"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28084"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-147.9451,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28086"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28080"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-143.8021,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28082"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28076"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.4573,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28078"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28072"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.098,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28074"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28068"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.7531,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28070"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28060"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28062"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28064"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28066"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28050"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28052"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28054"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28056"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28040"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28042"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28044"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28046"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28030"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28032"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28034"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28036"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28020"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28022"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28024"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28026"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28010"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28012"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28014"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28016"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28000"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28002"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28004"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28006"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27990"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27992"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27994"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27996"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27984"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.2616,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27986"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27980"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-192.9168,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27982"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.3141,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27978"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-183.9692,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27968"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-179.8262,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27970"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.4813,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27960"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.122,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27962"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient27956"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.7771,808.7593)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient27958"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.3469,752.134)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27928"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27930"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27932"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27934"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27918"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27920"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27922"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27924"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27908"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27910"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27912"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27914"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27898"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27902"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27904"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27888"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27890"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27892"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27894"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27878"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27880"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27882"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27884"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27868"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27870"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27872"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27874"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27858"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27860"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27862"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27864"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27848"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27850"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27852"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27854"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27838"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27840"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27842"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27844"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27828"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27830"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27832"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27834"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27818"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27820"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27822"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27824"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27808"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27810"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27812"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27814"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27798"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27800"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27802"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27804"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27788"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27790"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27792"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27794"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27778"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27780"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27782"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27784"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27768"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27770"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27772"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27774"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27758"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27760"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27762"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27764"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27748"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27750"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27752"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27754"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27738"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27740"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27742"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27744"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27728"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27730"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27732"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27734"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27718"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27720"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27722"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27724"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27708"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27710"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27712"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27714"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient27698"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27700"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient27702"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient27704"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28432"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-126.1386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="97.536598"
+ cy="113.726"
+ cx="97.536598" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28428"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-121.7938,817.6604)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28430"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="100.67591"
+ cy="113.726"
+ cx="100.67591" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28424"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-117.1911,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="104.00187"
+ cy="113.726"
+ cx="104.00187" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28420"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-112.8462,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28422"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="107.14119"
+ cy="113.726"
+ cx="107.14119" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-108.7032,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28418"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="110.13468"
+ cy="113.726"
+ cx="110.13468" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28412"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-104.3583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28414"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="113.27399"
+ cy="113.726"
+ cx="113.27399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28408"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-99.99876,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28410"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="116.42374"
+ cy="113.726"
+ cx="116.42374" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-95.65386,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28406"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-286.3092,761.0352)"
+ fy="113.726"
+ fx="119.56305"
+ cy="113.726"
+ cx="119.56305" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28400"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-161.4583,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28402"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="71.480988"
+ cy="113.726"
+ cx="71.480988" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28396"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-157.1135,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28398"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="74.620308"
+ cy="113.726"
+ cx="74.620308" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28392"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-152.5108,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28394"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="77.946259"
+ cy="113.726"
+ cx="77.946259" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28388"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-148.1659,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28390"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="81.085587"
+ cy="113.726"
+ cx="81.085587" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28384"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-144.0229,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28386"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="84.079071"
+ cy="113.726"
+ cx="84.079071" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28380"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-139.6781,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28382"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="87.218399"
+ cy="113.726"
+ cx="87.218399" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28376"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-135.3188,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28378"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="90.368126"
+ cy="113.726"
+ cx="90.368126" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28372"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-130.9739,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28374"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="93.507462"
+ cy="113.726"
+ cx="93.507462" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-197.4824,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28370"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="45.452175"
+ cy="113.726"
+ cx="45.452175" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28364"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-193.1376,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28366"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="48.591496"
+ cy="113.726"
+ cx="48.591496" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28360"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-188.5349,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28362"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="51.91745"
+ cy="113.726"
+ cx="51.91745" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28356"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-184.19,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28358"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="55.05677"
+ cy="113.726"
+ cx="55.05677" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28352"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-180.047,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28354"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="58.050255"
+ cy="113.726"
+ cx="58.050255" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28348"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-175.7021,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28350"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="61.189575"
+ cy="113.726"
+ cx="61.189575" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28344"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-171.3428,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28346"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="64.339317"
+ cy="113.726"
+ cx="64.339317" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28340"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-166.9979,817.6605)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="0.55242717"
+ id="radialGradient28342"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.384013,0,0,0.656868,-285.5677,761.0352)"
+ fy="113.726"
+ fx="67.478638"
+ cy="113.726"
+ cx="67.478638" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient28438"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.25863,817.7848)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36281"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-149.897,802.9053)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36283"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36285"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36287"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36289"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36291"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36293"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36295"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36297"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36299"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36301"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36303"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36305"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36307"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36309"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36311"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36313"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36315"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36317"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36319"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36321"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36323"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36325"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36327"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36329"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36331"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5348,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36333"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7196,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36335"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.35,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36337"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.274,879.6484)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36339"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.9043,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36341"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.0892,879.6483)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient36343"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-149.6637,784.9089)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient36345"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-7.912301,167.4787)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.5296,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36349"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-185.7144,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36351"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-189.3448,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-180.2688,881.7646)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36355"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-183.8991,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36357"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.084,881.7645)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36359"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-198.4916,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36361"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.046,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36363"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.2306,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36365"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-192.8611,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36367"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-195.6763,883.5145)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36369"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-87.12747,420.4818)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36373"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36375"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-91.66274,388.2275)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36377"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-153.7879,864.7564)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35867"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-141.9847,635.4266)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35869"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35871"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35873"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35875"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35877"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35879"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35881"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35883"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35885"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35887"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35889"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35891"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35893"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35895"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35897"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35899"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35901"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35903"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35905"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35907"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35909"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35911"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35913"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35915"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35917"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35919"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35921"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35923"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35925"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35927"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35929"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35931"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35933"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35935"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35937"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35939"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35941"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35943"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35945"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35947"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35949"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35951"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35953"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35955"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35957"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35959"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient35961"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient35963"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35965"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6225,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35967"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.7312,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35969"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2856,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35971"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.4702,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35973"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.1007,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35975"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8073,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35977"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9159,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35979"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4377,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35981"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5465,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35983"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3617,712.1697)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35985"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.992,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35987"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1769,712.1696)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient35989"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-141.7514,617.4302)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient35991"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(2.672454,0.374188)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35993"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.6173,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35995"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-168.726,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35997"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-163.2804,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient35999"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-161.465,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36001"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-165.0955,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36003"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-177.8021,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36005"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-166.9107,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36007"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-181.4325,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36009"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-170.5413,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36011"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-172.3565,714.2859)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36013"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-175.9868,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36015"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-174.1717,714.2858)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36017"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-190.5793,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36019"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-182.1337,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36021"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-179.3183,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36023"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-184.9488,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36025"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-187.764,716.0358)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36027"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.74272,0,0,0.445632,-79.21517,253.0031)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36029"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36031"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <linearGradient
+ y2="1085.6781"
+ y1="1085.6781"
+ xlink:href="#linearGradient12759"
+ x2="-116.40664"
+ x1="-128.30727"
+ id="linearGradient36033"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.787283,0,0,0.475341,-83.75044,220.7488)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient36035"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient36037"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient36039"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-145.8756,697.2777)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient12151"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.20227,0,0,0.454077,6.691668,-148.3193)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12153"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,1.691668,-145.8193)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient14835"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12155"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,1.924904,-161.8157)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12744"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient12157"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.350818,114.6621,-134.6472)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12159"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-59.65453)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12161"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-61.33423)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12163"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.07916,-63.01391)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient12165"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.389249,0,0,0.194625,-60.09869,-64.40064)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ </defs>
+ <sodipodi:namedview
+ bordercolor="#666666"
+ borderopacity="1.0"
+ id="base"
+ inkscape:current-layer="layer1"
+ inkscape:cx="391.40904"
+ inkscape:cy="253.29159"
+ inkscape:document-units="px"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:window-height="722"
+ inkscape:window-width="1014"
+ inkscape:window-x="0"
+ inkscape:window-y="25"
+ inkscape:zoom="1"
+ pagecolor="#ffffff"
+ width="1052.3622px"
+ height="744.09448px"
+ showgrid="false" />
+ <g
+ id="layer1"
+ inkscape:groupmode="layer"
+ inkscape:label="Layer 1">
+ <g
+ id="g12774"
+ transform="matrix(0.1881701,0,0,0.2844466,82.77219,152.33679)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path12776"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12778"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path12780"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot12890"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="translate(51.007531,-424.27533)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion12892"><rect
+ id="rect12894"
+ width="156.14285"
+ height="34"
+ x="194.28572"
+ y="475.52304"
+ style="font-size:24px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara6968">Delta-syncrepl</flowPara></flowRoot> <flowRoot
+ xml:space="preserve"
+ id="flowRoot27609"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="translate(-33,210)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion27611"><rect
+ id="rect27613"
+ width="134.05586"
+ height="26.345188"
+ x="96.974648"
+ y="113.75929"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara27617">Master/Provider</flowPara></flowRoot> <flowRoot
+ xml:space="preserve"
+ id="flowRoot3120"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial"
+ transform="matrix(1,0,0,1.2037203,-16.30957,-194.07388)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90"><flowRegion
+ id="flowRegion3122"><rect
+ id="rect3124"
+ width="317.52289"
+ height="139.3987"
+ x="412.14224"
+ y="279.42432"
+ style="font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Arial" /></flowRegion><flowPara
+ id="flowPara4477">Delta-syncrepl is a changelog-based variant of syncrepl. It works by maintaining a changelog of a selectable depth on the provider. The replication consumer checks the changelog for the changes.</flowPara></flowRoot> <g
+ id="g7023"
+ transform="matrix(0.1267968,0,0,0.1710106,204.38313,147.27416)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path7025"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path7027"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path7029"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="253"
+ y="224.40942"
+ id="text7033"><tspan
+ sodipodi:role="line"
+ x="253"
+ y="224.40942"
+ id="tspan7037">cn=accesslog</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="239.40942"
+ id="tspan3575">database to hold</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="254.40942"
+ id="tspan4415">changes etc.</tspan><tspan
+ sodipodi:role="line"
+ x="253"
+ y="254.40942"
+ id="tspan4419" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="269.40942"
+ id="tspan4417" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="284.40942"
+ id="tspan3577" /><tspan
+ sodipodi:role="line"
+ x="253"
+ y="299.40942"
+ id="tspan3573" /></text>
+ <rect
+ style="fill:#0000ff;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;opacity:0"
+ id="rect3579"
+ width="297"
+ height="168"
+ x="48"
+ y="128.40942" />
+ <rect
+ style="opacity:0;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;fill:none"
+ id="rect4375"
+ width="305"
+ height="167"
+ x="55"
+ y="127.40942" />
+ <rect
+ style="opacity:0;fill:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4379"
+ width="293"
+ height="167"
+ x="60"
+ y="123.40942" />
+ <rect
+ style="opacity:0;fill:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0;fill-opacity:1"
+ id="rect4381"
+ width="275"
+ height="161"
+ x="76"
+ y="143.40942" />
+ <rect
+ style="opacity:0;fill:#000000;fill-opacity:1;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:2, 1;stroke-dashoffset:0"
+ id="rect4383"
+ width="305"
+ height="172"
+ x="61"
+ y="127.40942" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="93.694336"
+ y="286.38306"
+ id="text4397"><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="301.38306"
+ id="tspan4401">main database</tspan><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="316.38306"
+ id="tspan4403" /><tspan
+ sodipodi:role="line"
+ x="93.694336"
+ y="331.38306"
+ id="tspan4405" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="316"
+ y="236.40942"
+ id="text4409"><tspan
+ sodipodi:role="line"
+ id="tspan4411"
+ x="316"
+ y="236.40942"></tspan><tspan
+ sodipodi:role="line"
+ id="tspan4413" /></text>
+ <rect
+ style="fill:#9087ff;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;opacity:1;fill-opacity:0;stroke-miterlimit:4;stroke-dasharray:3,1;stroke-dashoffset:0"
+ id="rect4421"
+ width="313"
+ height="184"
+ x="64"
+ y="133.40942" />
+ <g
+ id="g4423"
+ transform="matrix(0.1267968,0,0,0.1710106,337.38313,350.27416)"
+ inkscape:export-filename="/anything/src/openldap/ldap/doc/guide/images/src/push-based-complete.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <path
+ transform="matrix(0,-0.604122,1.608296,0,-165.2214,394.5863)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:3.75"
+ sodipodi:nodetypes="ccccccc"
+ id="path4425"
+ d="M 426.278,378.046 L 79.4376,379.165 C 79.4376,379.165 -4.63207,356.939 -1.27547,255.125 C -13.892,169.635 56.2895,146.476 60.7648,142 C 65.2402,137.525 427.397,137.496 427.397,137.496 L 427.397,137.496 L 426.278,378.046 z" />
+ <path
+ transform="matrix(0,-0.174045,0.823205,0,39.47672,182.772)"
+ style="font-size:12px;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:9.76546001"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path4427"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ <path
+ transform="matrix(0,-0.169729,0.807961,0,43.34661,181.9851)"
+ style="font-size:12px;fill:#cccccc;fill-opacity:1;fill-rule:evenodd;stroke-width:3.75"
+ sodipodi:type="arc"
+ sodipodi:ry="236.07524"
+ sodipodi:rx="234.95641"
+ sodipodi:cy="253.85521"
+ sodipodi:cx="260.68973"
+ id="path4429"
+ d="M 495.64613,253.85521 A 234.95641,236.07524 0 1 1 25.733322,253.85521 A 234.95641,236.07524 0 1 1 495.64613,253.85521 z" />
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
+ x="276.03223"
+ y="437.88306"
+ id="text4431"><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="437.88306"
+ id="tspan4441"><tspan
+ style="font-weight:bold"
+ id="tspan5582">Consumer</tspan> which uses syncrepl and the </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="452.88306"
+ id="tspan4439">"syncdata=accesslog" setting.</tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="467.88306"
+ id="tspan4469">Switches back to normal syncrepl if gets </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="482.88306"
+ id="tspan4471">too far out of sync, then once caught up </tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="497.88306"
+ id="tspan4473">goes back to delta.</tspan><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="512.88306"
+ id="tspan4435" /><tspan
+ sodipodi:role="line"
+ x="276.03223"
+ y="527.88306"
+ id="tspan4437" /></text>
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.08729029px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 244.20659,325.76325 L 336.79341,392.05559"
+ id="path25655" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.48164538px;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-mid:none;marker-end:url(#Arrow1Lend);stroke-opacity:1"
+ d="M 168.40377,220.39252 L 208.59623,190.42632"
+ id="path5584" />
+ </g>
+</svg>
Added: openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/images/src/ldap-sync-refreshandpersist.svg 2009-07-27 22:27:07 UTC (rev 1224)
@@ -0,0 +1,4853 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ height="524.40942"
+ id="svg7893"
+ inkscape:version="0.46"
+ sodipodi:docbase="/home/ghenry/Desktop"
+ sodipodi:docname="ldap-sync-refreshandpersist.svg"
+ sodipodi:version="0.32"
+ width="744.09448"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ version="1.0"
+ inkscape:export-filename="/home/ghenry/Desktop/ldap-sync-refreshandpersist.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <metadata
+ id="metadata2563">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:title>Firewall2</dc:title>
+ <dc:description />
+ <dc:subject>
+ <rdf:Bag>
+ <rdf:li>wall</rdf:li>
+ <rdf:li>brick</rdf:li>
+ <rdf:li>computer</rdf:li>
+ <rdf:li>networksym</rdf:li>
+ </rdf:Bag>
+ </dc:subject>
+ <dc:publisher>
+ <cc:Agent
+ rdf:about="http://www.openclipart.org/">
+ <dc:title>Open Clip Art Library</dc:title>
+ </cc:Agent>
+ </dc:publisher>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>HASH(0x89c79d4)</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <dc:date />
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <cc:license
+ rdf:resource="http://web.resource.org/cc/PublicDomain" />
+ <dc:language>en</dc:language>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://web.resource.org/cc/PublicDomain">
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Reproduction" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/Distribution" />
+ <cc:permits
+ rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <defs
+ id="defs7895">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.04724 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.3622 : 372.04724 : 1"
+ inkscape:persp3d-origin="526.18109 : 248.03149 : 1"
+ id="perspective6943" />
+ <marker
+ inkscape:stockid="Arrow1Lend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lend"
+ style="overflow:visible">
+ <path
+ id="path17680"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.8,0,0,-0.8,-10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Lstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Lstart"
+ style="overflow:visible">
+ <path
+ id="path17677"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.8,0,0,0.8,10,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mend"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mend"
+ style="overflow:visible">
+ <path
+ id="path17686"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(-0.4,0,0,-0.4,-4,0)" />
+ </marker>
+ <marker
+ inkscape:stockid="Arrow1Mstart"
+ orient="auto"
+ refY="0"
+ refX="0"
+ id="Arrow1Mstart"
+ style="overflow:visible">
+ <path
+ id="path17683"
+ d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z"
+ style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
+ transform="matrix(0.4,0,0,0.4,4,0)" />
+ </marker>
+ <linearGradient
+ id="linearGradient6508">
+ <stop
+ id="stop6509"
+ offset="0.0000000"
+ style="stop-color:#ff0000;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6511"
+ offset="0.64370060"
+ style="stop-color:#ffb900;stop-opacity:1.0000000;" />
+ <stop
+ id="stop6512"
+ offset="0.79038113"
+ style="stop-color:#ffff00;stop-opacity:0.84102565;" />
+ <stop
+ id="stop6510"
+ offset="1.0000000"
+ style="stop-color:#ffffff;stop-opacity:0.21568628;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient13376">
+ <stop
+ style="stop-color:#d4d4d4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop13377" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.49803922;"
+ offset="0.50000000"
+ id="stop13380" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop13378" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12744">
+ <stop
+ style="stop-color:#839da4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12745" />
+ <stop
+ style="stop-color:#496d77;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12746" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient10810">
+ <stop
+ style="stop-color:#0e0000;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop10811" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="0.50000000"
+ id="stop10814" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop10812" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11442">
+ <stop
+ style="stop-color:#6e6e6e;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop11443" />
+ <stop
+ style="stop-color:#000000;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop11444" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14160">
+ <stop
+ style="stop-color:#4af853;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14161" />
+ <stop
+ style="stop-color:#68b96d;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14162" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient14835">
+ <stop
+ style="stop-color:#bed1d0;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop14836" />
+ <stop
+ style="stop-color:#52727b;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop14837" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient29203">
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop29205" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop29207" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient6658">
+ <stop
+ style="stop-color:#677883;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop6659" />
+ <stop
+ style="stop-color:#677883;stop-opacity:0.0000000;"
+ offset="1.0000000"
+ id="stop6660" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient41493">
+ <stop
+ style="stop-color:#181818;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop41495" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop41497" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient12759">
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop12761" />
+ <stop
+ style="stop-color:#d7d8de;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop12763" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient21825">
+ <stop
+ style="stop-color:#808080;stop-opacity:1.0000000;"
+ offset="0.0000000"
+ id="stop21827" />
+ <stop
+ style="stop-color:#5e5e5e;stop-opacity:1.0000000;"
+ offset="1.0000000"
+ id="stop21829" />
+ </linearGradient>
+ <radialGradient
+ xlink:href="#linearGradient13376"
+ r="31.620827"
+ id="radialGradient25527"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.776429,0,0,0.659114,-120.5524,673.5049)"
+ fy="254.35735"
+ fx="-19.038713"
+ cy="253.63734"
+ cx="-19.261518" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient12759"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25525"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.505549,0,0,0.399114,-145.458,730.6984)" />
+ <linearGradient
+ y2="275.81308"
+ y1="233.36613"
+ xlink:href="#linearGradient21825"
+ x2="8.3977861"
+ x1="-35.94503"
+ id="linearGradient25403"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.500039,0,0,0.399114,-145.2247,712.702)" />
+ <linearGradient
+ y2="1977.8738"
+ y1="1924.0137"
+ xlink:href="#linearGradient41493"
+ x2="-35.763195"
+ x1="-39.828941"
+ id="linearGradient25401"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.672454,0,0,0.374188,-3.473342,95.2718)" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient25353"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.270019,0,0,0.370779,-149.3489,792.5495)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <radialGradient
+ xlink:href="#linearGradient14160"
+ r="2.0070677"
+ id="radialGradient26976"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.380937,0,0,0.180797,-90.06505,808.8095)"
+ fy="99.988457"
+ fx="-66.099426"
+ cy="99.988457"
+ cx="-66.099426" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26972"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26974"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient26964"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.05831,0,0,0.803858,616.249,115.0105)" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient26966"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.838868,0,0,0.530755,508.4408,137.664)" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28284"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28286"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28288"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28290"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28274"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28276"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28278"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28280"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28264"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28266"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28268"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28270"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28254"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28256"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28258"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28260"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28244"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28246"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28248"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28250"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="84.271248"
+ y1="80.490494"
+ xlink:href="#linearGradient10810"
+ x2="-152.33473"
+ x1="-156.03067"
+ id="linearGradient28234"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.731264,0,0,1.388554,183.0968,-38.74554)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="2.8901422"
+ id="radialGradient28236"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="scale(1.112677,0.898733)"
+ fy="84.14624"
+ fx="-75.26889"
+ cy="84.14624"
+ cx="-75.26889" />
+ <linearGradient
+ y2="80.317116"
+ y1="83.947449"
+ xlink:href="#linearGradient11442"
+ x2="-63.953007"
+ x1="-64.000694"
+ id="linearGradient28238"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.372284,0,0,0.916806,6.735873,0)" />
+ <radialGradient
+ xlink:href="#linearGradient6658"
+ r="