[Pkg-openldap-devel] r855 - in openldap/vendor/openldap-release: . build doc doc/guide/admin doc/man/man5 doc/man/man8 include include/ac libraries/liblber libraries/libldap libraries/liblutil servers/slapd servers/slapd/back-bdb servers/slapd/back-hdb servers/slapd/back-ldap servers/slapd/back-ldif servers/slapd/back-meta servers/slapd/back-sql servers/slapd/overlays servers/slapd/schema
Russ Allbery
rra at alioth.debian.org
Mon Nov 12 00:36:12 UTC 2007
Author: rra
Date: 2007-11-12 00:36:12 +0000 (Mon, 12 Nov 2007)
New Revision: 855
Removed:
openldap/vendor/openldap-release/doc/drafts/
openldap/vendor/openldap-release/doc/rfc/
openldap/vendor/openldap-release/servers/slapd/schema/corba.schema
openldap/vendor/openldap-release/servers/slapd/schema/core.ldif
openldap/vendor/openldap-release/servers/slapd/schema/core.schema
openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema
openldap/vendor/openldap-release/servers/slapd/schema/java.schema
openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema
Modified:
openldap/vendor/openldap-release/CHANGES
openldap/vendor/openldap-release/README
openldap/vendor/openldap-release/build/openldap.m4
openldap/vendor/openldap-release/configure
openldap/vendor/openldap-release/doc/guide/admin/guide.html
openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
openldap/vendor/openldap-release/doc/man/man8/slapadd.8
openldap/vendor/openldap-release/doc/man/man8/slapcat.8
openldap/vendor/openldap-release/doc/man/man8/slapindex.8
openldap/vendor/openldap-release/include/ac/termios.h
openldap/vendor/openldap-release/include/lutil.h
openldap/vendor/openldap-release/libraries/liblber/bprint.c
openldap/vendor/openldap-release/libraries/liblber/decode.c
openldap/vendor/openldap-release/libraries/libldap/controls.c
openldap/vendor/openldap-release/libraries/libldap/cyrus.c
openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
openldap/vendor/openldap-release/libraries/liblutil/getpass.c
openldap/vendor/openldap-release/libraries/liblutil/uuid.c
openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
openldap/vendor/openldap-release/servers/slapd/backglue.c
openldap/vendor/openldap-release/servers/slapd/backover.c
openldap/vendor/openldap-release/servers/slapd/bconfig.c
openldap/vendor/openldap-release/servers/slapd/config.c
openldap/vendor/openldap-release/servers/slapd/config.h
openldap/vendor/openldap-release/servers/slapd/filter.c
openldap/vendor/openldap-release/servers/slapd/modify.c
openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
openldap/vendor/openldap-release/servers/slapd/sasl.c
openldap/vendor/openldap-release/servers/slapd/sets.c
openldap/vendor/openldap-release/servers/slapd/syncrepl.c
openldap/vendor/openldap-release/servers/slapd/value.c
Log:
Import upstream 2.3.39 release (stripped of non-DFSG content).
Modified: openldap/vendor/openldap-release/CHANGES
===================================================================
--- openldap/vendor/openldap-release/CHANGES 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/CHANGES 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,37 @@
OpenLDAP 2.3 Change Log
+OpenLDAP 2.3.39 Release (2007/10/26)
+ Fixed slapd database/overlay config conflict (ITS#4848)
+ Fixed slapd password_hash config order (ITS#5082)
+ Fixed slapd slap_mods_check bug (ITS#5119)
+ Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
+ Fixed slapd ordered values add normalization issue (ITS#5136)
+ Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
+ Fixed slapd-ldap search control parsing (ITS#5138)
+ Fixed slapd-ldap SASL idassert w/o authcId
+ Fixed slapd-ldif directory separators in DN (ITS#5172)
+ Fixed slapd-meta conn caching on bind failure (ITS#5154)
+ Fixed slapd-meta bind timeout assertion (ITS#5185)
+ Fixed slapd-sql concurrency issue (ITS#5095)
+ Fixed slapo-chain double-free (ITS#5137)
+ Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
+ Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
+ Fixed slapo-rwm modlist handling (ITS#5124)
+ Fixed slapo-rwm UUID in filter (ITS#5168)
+ Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
+ Fixed liblber Windows x64 portability (ITS#5105)
+ Fixed libldap ppolicy control creation (ITS#5103)
+ Build Environment
+ Fixed termios macro check (ITS#4880)
+ Updated Makefiles
+ Documentation
+ Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
+ Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
+ Added max-depth/return-error to slapo-chain(5)
+ slapadd/slapindex note about file ownership (ITS#5166)
+ slapcat note about using against running slapd (ITS#5028)
+ Fixed Admin Guide URL in README (ITS#5107)
+
OpenLDAP 2.3.38 Release (2007/08/20)
Fixed slapadd check for ';binary' when required (ITS#5071)
Fixed slapd select_backend/ManageDSAit (ITS#4986)
@@ -107,6 +139,7 @@
Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
Added slapo-ppolicy cn=config support (ITS#4836)
Added slapo-auditlog cn=config support
+ Fixed slapi late initialization (ITS#4468)
Build environment
Added Berkeley DB 4.5 detection
Documentation
@@ -218,6 +251,7 @@
OpenLDAP 2.3.27 Release (2006/08/19)
Fixed libldap dangling pointer issue (previous fix was broken) (ITS#4405)
+ Fixed slapd-sql noop handling (ITS#4563)
OpenLDAP 2.3.26 Release (2006/08/17)
Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610)
Modified: openldap/vendor/openldap-release/README
===================================================================
--- openldap/vendor/openldap-release/README 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/README 2007-11-12 00:36:12 UTC (rev 855)
@@ -19,7 +19,9 @@
POSIX REGEX software (required)
SLAPD:
- BDB and HDB backends require Sleepycat Berkeley DB 4.2 or later
+ BDB and HDB backends require Oracle Berkeley DB 4.2, 4.4,
+ or 4.5. It is highly recommended to apply the patches
+ from Oracle for a given release.
SLURPD:
LTHREAD compatible thread package
@@ -39,7 +41,7 @@
The OpenLDAP Administrator's Guide is available in the
guide.html file in the doc/guide/admin directory. The
guide and a number of other documents are available at
- <http://www.openldap.org/doc/guide/admin/guide.html>.
+ <http://www.openldap.org/doc/admin/guide.html>.
The distribution also includes manual pages for most programs
and library APIs. See ldap(3) for details.
@@ -76,7 +78,7 @@
<http://www.openldap.org/its/> to be considered.
---
-$OpenLDAP: pkg/ldap/README,v 1.38.2.7 2007/01/02 21:43:21 kurt Exp $
+$OpenLDAP: pkg/ldap/README,v 1.38.2.9 2007/10/11 18:52:18 quanah Exp $
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Modified: openldap/vendor/openldap-release/build/openldap.m4
===================================================================
--- openldap/vendor/openldap-release/build/openldap.m4 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/build/openldap.m4 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
dnl OpenLDAP Autoconf Macros
-dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.13 2007/08/06 12:32:51 ando Exp $
+dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.14 2007/10/05 15:33:02 hyc Exp $
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
dnl Copyright 1998-2007 The OpenLDAP Foundation.
@@ -696,8 +696,8 @@
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2-4.5 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR < 6)
__db_version_compat
#endif
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
Modified: openldap/vendor/openldap-release/configure
===================================================================
--- openldap/vendor/openldap-release/configure 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/configure 2007-11-12 00:36:12 UTC (rev 855)
@@ -35855,8 +35855,8 @@
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2-4.5 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR < 6)
__db_version_compat
#endif
Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.html 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.html 2007-11-12 00:36:12 UTC (rev 855)
@@ -23,7 +23,7 @@
<DIV CLASS="title">
<H1 CLASS="doc-title">OpenLDAP Software 2.3 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">20 August 2007</ADDRESS>
+<ADDRESS CLASS="doc-modified">26 October 2007</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,7 +1,7 @@
.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.11 2007/08/06 15:45:52 ghenry Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.12 2007/09/26 16:18:24 quanah Exp $
.SH NAME
\fBslapd-bdb\fP, \fBslapd-hdb\fP \- Berkeley DB backends to \fBslapd\fP
.SH SYNOPSIS
@@ -71,7 +71,8 @@
file.
The options set using this directive will only be written to the
.B DB_CONFIG
-file if no such file existed at server startup time. This allows one
+file if no such file existed at server startup time, otherwise
+they are completely ignored. This allows one
to set initial values without overwriting/destroying a
.B DB_CONFIG
file that was already customized through other means.
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5 2007-11-12 00:36:12 UTC (rev 855)
@@ -2,13 +2,13 @@
.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.16 2007/04/06 03:57:19 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.17 2007/09/13 19:33:55 ando Exp $
.\"
.\" Portions of this document should probably be moved to slapd-ldap(5)
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapd-meta \- metadirectory backend
+slapd-meta \- metadirectory backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -68,17 +68,16 @@
.fi
.RE
.LP
-for every
+for
.B ldap
and
.B meta
-database.
-This is because operational attributes related to entry creation and
-modification should not be proxied, as they could be mistakenly written
+databases.
+This was required because operational attributes related to entry creation
+and modification should not be proxied, as they could be mistakenly written
to the target server(s), generating an error.
-The current implementation automatically sets lastmod to off, so its use
-is redundant and should be omitted, because the lastmod directive will
-be deprecated in the future.
+The current implementation automatically sets lastmod to \fBoff\fP,
+so its use is redundant and should be omitted.
.SH SPECIAL CONFIGURATION DIRECTIVES
Target configuration starts with the "uri" directive.
@@ -88,6 +87,11 @@
They are:
.TP
+.B conn-ttl <time>
+This directive causes a cached connection to be dropped an recreated
+after a given ttl, regardless of being idle or not.
+
+.TP
.B default-target none
This directive forces the backend to reject all those operations
that must resolve to a single target in case none or multiple
@@ -111,19 +115,17 @@
directive.
.TP
-.B conn-ttl <time>
-This directive causes a cached connection to be dropped an recreated
-after a given ttl, regardless of being idle or not.
-
-.TP
-.B onerr {CONTINUE|stop}
+.B onerr {CONTINUE|report|stop}
This directive allows to select the behavior in case an error is returned
by one target during a search.
The default, \fBcontinue\fP, consists in continuing the operation,
trying to return as much data as possible.
-If this statement is set to \fBstop\fP, the search is terminated as soon
+If the value is set to \fBstop\fP, the search is terminated as soon
as an error is returned by one target, and the error is immediately
propagated to the client.
+If the value is set to \fBreport\fP, the search is continuated to the end
+but, in case at least one target returned an error code, the first
+non-success error code is returned.
.TP
.B protocol\-version {0,2,3}
@@ -144,6 +146,24 @@
identity to be deferred until actually needed by subsequent operations.
.TP
+.B quarantine <interval>,<num>[;<interval>,<num>[...]]
+Turns on quarantine of URIs that returned
+.IR LDAP_UNAVAILABLE ,
+so that an attempt to reconnect only occurs at given intervals instead
+of any time a client requests an operation.
+The pattern is: retry only after at least
+.I interval
+seconds elapsed since last attempt, for exactly
+.I num
+times; then use the next pattern.
+If
+.I num
+for the last pattern is "\fB+\fP", it retries forever; otherwise,
+no more retries occur.
+This directive must appear before any target specification;
+it affects all targets with the same pattern.
+
+.TP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
@@ -152,20 +172,30 @@
is set to
.IR yes .
+.TP
+.B single\-conn {NO|yes}
+Discards current cached connection when the client rebinds.
+
+.TP
+.B use-temporary-conn {NO|yes}
+when set to
+.BR yes ,
+create a temporary connection whenever competing with other threads
+for a shared one; otherwise, wait until the shared connection is available.
+
.SH TARGET SPECIFICATION
Target specification starts with a "uri" directive:
.TP
-.B uri <protocol>://[<host>[:<port>]]/<naming context>
-The "server" directive that was allowed in the LDAP backend (although
-deprecated) has been completely discarded in the Meta backend.
+.B uri <protocol>://[<host>]/<naming context> [...]
The <protocol> part can be anything
.BR ldap_initialize (3)
-accepts ({ldap|ldaps|ldapi} and variants); <host> and <port> may be
+accepts ({ldap|ldaps|ldapi} and variants); the <host> may be
omitted, defaulting to whatever is set in
.BR ldap.conf (5).
-The <naming context> part is mandatory.
-It must end with one of the naming contexts defined for the backend,
+The <naming context> part is \fImandatory\fP for the first URI,
+but it \fImust be omitted\fP for subsequent ones, if any.
+The naming context part must be within the naming context defined for the backend,
e.g.:
.LP
.RS
@@ -178,25 +208,25 @@
.RS
The <naming context> part doesn't need to be unique across the targets;
it may also match one of the values of the "suffix" directive.
-Multiple URIs may be defined in a single argument. The URIs must
-be separated by TABs (e.g. '\\t'; commas or spaces, unlike back-ldap,
-will not work,
-because they are legal in the <naming context>, and we don't want to use
-URL-encoded <naming context>s), and the additional URIs must have
-no <naming context> part. This causes the underlying library
+Multiple URIs may be defined in a single URI statement.
+The additional URIs must be separate arguments and must not have any
+<naming context> part. This causes the underlying library
to contact the first server of the list that responds.
For example, if \fIl1.foo.com\fP and \fIl2.foo.com\fP are shadows
of the same server, the directive
.LP
.nf
suffix "\fBdc=foo,dc=com\fP"
-uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP ldap://l2.foo.com/"
+uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP" "ldap://l2.foo.com/"
.fi
.RE
.RS
causes \fIl2.foo.com\fP to be contacted whenever \fIl1.foo.com\fP
does not respond.
+In that case, the URI list is internally rearranged, by moving unavailable
+URIs to the end, so that further connection attempts occur with respect to
+the last URI that succeeded.
.RE
.TP
@@ -340,23 +370,36 @@
overridden by any per-target directive.
.TP
-.B timeout [{add|delete|modify|modrdn}=]<seconds> [...]
-This directive allows to set per-database, per-target and per-operation
-timeouts.
-If no operation is specified, it affects all.
-Currently, only write operations are addressed, because searches
-can already be limited by means of the
-.B limits
-directive (see
+.B timeout [<op>=]<val> [...]
+This directive allows to set per-operation timeouts.
+Operations can be
+
+\fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
+
+The overall duration of the \fBsearch\fP operation is controlled either
+by the \fBtimelimit\fP parameter or by server-side enforced
+time limits (see \fBtimelimit\fP and \fBlimits\fP in
.BR slapd.conf (5)
-for details), and other operations are not supposed to incur into the
-need for timeouts.
-Note: if the timelimit is exceeded, the operation is abandoned;
-the protocol does not provide any means to rollback the operation,
-so the client will not know if the operation eventually succeeded or not.
-If set before any target specification, it affects all targets, unless
-overridden by any per-target directive.
+for details).
+This \fBtimeout\fP parameter controls how long the target can be
+irresponsive before the operation is aborted.
+Timeout is meaningless for the remaining operations,
+\fBunbind\fP and \fBabandon\fP, which do not imply any response,
+while it is not yet implemented in currently supported \fBextended\fP
+operations.
+If no operation is specified, the timeout \fBval\fP affects all
+supported operations.
+If specified before any target definition, it affects all targets
+unless overridden by per-target directives.
+Note: if the timeout is exceeded, the operation is cancelled
+(according to the \fBcancel\fP directive);
+the protocol does not provide any means to rollback operations,
+so the client will not be notified about the result of the operation,
+which may eventually succeeded or not.
+In case the timeout is exceeded during a bind operation, the connection
+is destroyed, according to RFC4511.
+
.TP
.B tls {[try-]start|[try-]propagate}
execute the StartTLS extended operation when the connection is initialized;
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.7 2007/03/05 18:39:51 ando Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.8 2007/08/22 09:01:17 ando Exp $
.SH NAME
slapd-sql \- SQL backend to slapd
.SH SYNOPSIS
@@ -657,7 +657,18 @@
honored by back-sql if non-prettified data is written via RDBMS;
when non-prettified data is written thru back-sql, the prettified
values are actually used instead.
+
.LP
+.SH BUGS
+When the
+.B ldap_entry_objclasses
+table is empty, filters on the
+.B objectClass
+attribute erroneously result in no candidates.
+A workaround consists in adding at least one row to that table,
+no matter if valid or not.
+
+.LP
.SH PROXY CACHE OVERLAY
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,7 +1,7 @@
.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.31 2007/08/06 15:46:33 ghenry Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.32 2007/10/11 20:56:48 quanah Exp $
.SH NAME
slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
.SH SYNOPSIS
@@ -1429,7 +1429,8 @@
a namingContext (suffix) of the database, a simple bind password
may also be provided using the
.B rootpw
-directive. Note that the rootdn is always needed when using syncrepl.
+directive. Many optional features, including syncrepl, require the
+rootdn to be defined for the database.
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn. The
Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,7 +1,7 @@
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.7 2007/01/02 21:43:45 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.8 2007/09/06 18:21:41 ando Exp $
.SH NAME
slapo-chain \- chain overlay
.SH SYNOPSIS
@@ -53,6 +53,14 @@
[Note: this may change in the future, as the \fBldap\fP(5) and
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
.TP
+.B chain-cache-uri {FALSE|true}
+This directive instructs the \fIchain\fP overlay to cache
+connections to URIs parsed out of referrals that are not predefined,
+to be reused for later chaining.
+These URIs inherit the properties configured for the underlying
+\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+directive; basically, they are chained anonymously.
+.TP
.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details)
@@ -71,14 +79,19 @@
If the \fBcritical\fP flag affects the control criticality if provided.
[This control is experimental and its support may change in the future.]
.TP
-.B chain-cache-uri {FALSE|true}
-This directive instructs the \fIchain\fP overlay to cache
-connections to URIs parsed out of referrals that are not predefined,
-to be reused for later chaining.
-These URIs inherit the properties configured for the underlying
-\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
-directive; in detail, they are essentially chained anonymously.
+.B chain-max-depth <n>
+In case a referral is returned during referral chasing, further chasing
+occurs at most \fB<n>\fP levels deep. Set to \fB1\fP (the default)
+to disable further referral chasing.
.TP
+.B chain-return-error {FALSE|true}
+In case referral chasing fails, the real error is returned instead
+of the original referral. In case multiple referral URIs are present,
+only the first error is returned. This behavior may not be always
+appropriate nor desirable, since failures in referral chasing might be
+better resolved by the client (e.g. when caused by distributed
+authentication issues).
+.TP
.B chain-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.
Modified: openldap/vendor/openldap-release/doc/man/man8/slapadd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapadd.8 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man8/slapadd.8 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.10 2007/04/20 20:00:58 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.11 2007/10/04 09:02:15 ando Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -42,6 +42,21 @@
adding an entry, does not perform all user and system
schema checks, and does not maintain operational
attributes (such as createTimeStamp and modifiersName).
+
+All files eventually created by
+.BR slapadd
+will belong to the identity
+.BR slapadd
+is run as, so make sure you either run
+.BR slapadd
+with the same identity
+.BR slapd (8)
+will be run as (see option
+.B \-u
+in
+.BR slapd (8)),
+or change file ownership before running
+.BR slapd (8).
.SH OPTIONS
.TP
.B \-v
Modified: openldap/vendor/openldap-release/doc/man/man8/slapcat.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapcat.8 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man8/slapcat.8 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.8 2007/01/02 21:43:46 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.9 2007/09/12 15:00:36 ghenry Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -109,10 +109,18 @@
.BI \-l " ldif-file"
Write LDIF to specified file instead of standard output.
.SH LIMITATIONS
-In general, your
+For some backend types, your
.BR slapd (8)
should not be running (at least, not in read-write
-mode) when you do this to ensure consistency of the database.
+mode) when you do this to ensure consistency of the database. It is
+always safe to run
+.B slapcat
+with the
+.BR slapd-bdb (5),
+.BR slapd-hdb (5),
+and
+.BR slapd-null (5)
+backends.
.SH EXAMPLES
To make a text backup of your SLAPD database and put it in a file called
.BR ldif ,
Modified: openldap/vendor/openldap-release/doc/man/man8/slapindex.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapindex.8 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/doc/man/man8/slapindex.8 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.10 2007/01/02 21:43:46 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.11 2007/10/04 09:02:15 ando Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -29,6 +29,21 @@
Databases configured as
.B subordinate
of this one are also re-indexed, unless \fB-g\fP is specified.
+
+All files eventually created by
+.BR slapindex
+will belong to the identity
+.BR slapindex
+is run as, so make sure you either run
+.BR slapindex
+with the same identity
+.BR slapd (8)
+will be run as (see option
+.B \-u
+in
+.BR slapd (8)),
+or change file ownership before running
+.BR slapd (8).
.SH OPTIONS
.TP
.B \-v
Modified: openldap/vendor/openldap-release/include/ac/termios.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/termios.h 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/include/ac/termios.h 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* Generic termios.h */
-/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.4 2007/09/22 23:09:11 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -17,7 +17,7 @@
#ifndef _AC_TERMIOS_H
#define _AC_TERMIOS_H
-#ifdef HAVE_POSIX_TERMIOS
+#ifdef HAVE_TERMIOS_H
#include <termios.h>
#ifdef GCWINSZ_IN_SYS_IOCTL
Modified: openldap/vendor/openldap-release/include/lutil.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil.h 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/include/lutil.h 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.7 2007/01/05 09:47:09 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.8 2007/10/04 20:02:09 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -212,6 +212,13 @@
LDAP_LUTIL_F( size_t )
lutil_uuidstr( char *buf, size_t len );
+LDAP_LUTIL_F( int )
+lutil_uuidstr_from_normalized(
+ char *uuid,
+ size_t uuidlen,
+ char *buf,
+ size_t buflen );
+
/* csn.c */
/* use this macro to allocate buffer for lutil_csnstr */
#define LDAP_LUTIL_CSNSTR_BUFSIZE 64
Modified: openldap/vendor/openldap-release/libraries/liblber/bprint.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/bprint.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/liblber/bprint.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.4 2007/08/27 10:11:31 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -265,10 +265,10 @@
len = ber_pvt_ber_write(ber);
}
- sprintf( buf, "ber_dump: buf=0x%08lx ptr=0x%08lx end=0x%08lx len=%ld\n",
- (long) ber->ber_buf,
- (long) ber->ber_ptr,
- (long) ber->ber_end,
+ sprintf( buf, "ber_dump: buf=%p ptr=%p end=%p len=%ld\n",
+ ber->ber_buf,
+ ber->ber_ptr,
+ ber->ber_end,
(long) len );
(void) (*ber_pvt_log_print)( buf );
@@ -303,10 +303,10 @@
(*ber_pvt_log_print)( "*** sos dump ***\n" );
while ( sos != NULL ) {
- sprintf( buf, "ber_sos_dump: clen %ld first 0x%lx ptr 0x%lx\n",
+ sprintf( buf, "ber_sos_dump: clen %ld first %p ptr %p\n",
(long) sos->sos_clen,
- (long) sos->sos_first,
- (long) sos->sos_ptr );
+ sos->sos_first,
+ sos->sos_ptr );
(*ber_pvt_log_print)( buf );
sprintf( buf, " current len %ld contents:\n",
Modified: openldap/vendor/openldap-release/libraries/liblber/decode.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/decode.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/liblber/decode.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.5 2007/08/27 10:11:31 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -373,7 +373,7 @@
case BvOff:
*b->res.ba = ber_memalloc_x( (n+1) * b->siz, b->ber->ber_memctx );
if ( *b->res.ba == NULL ) return LBER_DEFAULT;
- ((struct berval *)((long)(*b->res.ba) + n*b->siz +
+ ((struct berval *)((char *)(*b->res.ba) + n*b->siz +
b->off))->bv_val = NULL;
break;
}
@@ -406,7 +406,7 @@
*bvp = bv;
break;
case BvOff:
- *(BerVarray)((long)(*b->res.ba)+n*b->siz+b->off) = bv;
+ *(BerVarray)((char *)(*b->res.ba)+n*b->siz+b->off) = bv;
break;
}
}
Modified: openldap/vendor/openldap-release/libraries/libldap/controls.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/controls.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/libldap/controls.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.4 2007/08/22 20:44:41 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -442,7 +442,8 @@
return LDAP_NO_MEMORY;
}
- if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
+ BER_BVZERO( &ctrl->ldctl_value );
+ if ( ber != NULL && ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
LDAP_FREE( ctrl );
return LDAP_NO_MEMORY;
}
Modified: openldap/vendor/openldap-release/libraries/libldap/cyrus.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/cyrus.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/libldap/cyrus.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.16 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.17 2007/10/08 09:53:53 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -898,6 +898,8 @@
sasl_conn_t *ctx;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf = ssf;
#endif
ctx = conn->lconn_sasl_authctx;
@@ -907,7 +909,7 @@
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
if ( sc == SASL_OK )
sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
#else
@@ -1205,6 +1207,8 @@
int sc;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf;
#endif
sasl_conn_t *ctx;
@@ -1219,7 +1223,8 @@
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, arg);
+ sasl_ssf = * (ber_len_t *)arg;
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf);
#else
memset(&extprops, 0L, sizeof(extprops));
Modified: openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ppolicy.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/libldap/ppolicy.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.5 2007/01/02 21:43:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.6 2007/08/22 20:44:41 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2007 The OpenLDAP Foundation.
@@ -61,21 +61,13 @@
ldap_create_passwordpolicy_control( LDAP *ld,
LDAPControl **ctrlp )
{
- BerElement *ber;
-
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( ctrlp != NULL );
- if ((ber = ldap_alloc_ber_with_options(ld)) == NULL) {
- ld->ld_errno = LDAP_NO_MEMORY;
- return(LDAP_NO_MEMORY);
- }
-
ld->ld_errno = ldap_create_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- ber, 0, ctrlp);
+ NULL, 0, ctrlp);
- ber_free(ber, 1);
return(ld->ld_errno);
}
Modified: openldap/vendor/openldap-release/libraries/liblutil/getpass.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpass.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpass.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* getpass.c -- get password from user */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.4 2007/09/22 23:09:11 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -60,7 +60,7 @@
char *
lutil_getpass( const char *prompt )
{
-#if !defined(HAVE_POSIX_TERMIOS) && !defined(HAVE_SGTTY_H)
+#if !defined(HAVE_TERMIOS_H) && !defined(HAVE_SGTTY_H)
static char buf[256];
int i, c;
Modified: openldap/vendor/openldap-release/libraries/liblutil/uuid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/uuid.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/libraries/liblutil/uuid.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* uuid.c -- Universally Unique Identifier routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.5 2007/10/04 20:02:09 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -371,6 +371,47 @@
#endif
}
+int
+lutil_uuidstr_from_normalized(
+ char *uuid,
+ size_t uuidlen,
+ char *buf,
+ size_t buflen )
+{
+ unsigned char nibble;
+ int i, d = 0;
+
+ assert( uuid != NULL );
+ assert( buf != NULL );
+
+ if ( uuidlen != 16 ) return -1;
+ if ( buflen < 36 ) return -1;
+
+ for ( i = 0; i < 16; i++ ) {
+ if ( i == 4 || i == 6 || i == 8 || i == 10 ) {
+ buf[(i<<1)+d] = '-';
+ d += 1;
+ }
+
+ nibble = (uuid[i] >> 4) & 0xF;
+ if ( nibble < 10 ) {
+ buf[(i<<1)+d] = nibble + '0';
+ } else {
+ buf[(i<<1)+d] = nibble - 10 + 'a';
+ }
+
+ nibble = (uuid[i]) & 0xF;
+ if ( nibble < 10 ) {
+ buf[(i<<1)+d+1] = nibble + '0';
+ } else {
+ buf[(i<<1)+d+1] = nibble - 10 + 'a';
+ }
+ }
+
+ if ( buflen > 36 ) buf[36] = '\0';
+ return 36;
+}
+
#ifdef TEST
int
main(int argc, char **argv)
Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* config.c - bdb backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.18 2007/08/11 00:31:46 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.19 2007/09/02 21:57:35 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -363,7 +363,7 @@
break;
case BDB_CONFIG:
- if (( slapMode&SLAP_SERVER_MODE ) && !( bdb->bi_flags&BDB_IS_OPEN )
+ if ( !( bdb->bi_flags & BDB_IS_OPEN )
&& !bdb->bi_db_config ) {
char buf[SLAP_TEXT_BUFLEN];
FILE *f = fopen( bdb->bi_db_config_path, "r" );
Modified: openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
# Makefile for back-hdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.5 2007/01/02 21:44:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.6 2007/10/23 21:21:38 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
@@ -57,7 +57,7 @@
XINCPATH = -I.. -I$(srcdir)/.. -I$(srcdir) -I$(XXDIR)
XDEFS = $(MODULES_CPPFLAGS)
-depend-common: .links
+depend-local-lib: .links
all-local-lib: ../.backend
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.36 2007/03/19 14:52:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.37 2007/09/09 20:24:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -2133,7 +2133,8 @@
* but if it is not set this test fails. We need a different
* means to detect if idassert is enabled */
if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
- && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+ && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+ && BER_BVISNULL( &si->si_bc.sb_saslmech ) )
{
goto done;
}
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* chain.c - chain LDAP operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.23 2007/05/19 12:27:53 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.24 2007/09/14 22:00:56 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -726,9 +726,6 @@
ldap_memfree( li.li_uri );
li.li_uri = NULL;
- op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
- op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
-
if ( temporary ) {
lip->li_uri = NULL;
lip->li_bvuri = NULL;
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* search.c - ldap backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.39 2007/07/11 23:41:11 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.40 2007/09/29 09:06:51 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -603,12 +603,14 @@
Attribute *attr, **attrp;
const char *text;
int last;
+ char *lastb;
+ ber_len_t len;
/* safe assumptions ... */
assert( ent != NULL );
BER_BVZERO( &ent->e_bv );
- if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) {
+ if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
@@ -628,9 +630,14 @@
return LDAP_INVALID_DN_SYNTAX;
}
+ ent->e_attrs = NULL;
+ if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
+ return LDAP_SUCCESS;
+ }
+
attrp = &ent->e_attrs;
-
- while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
+ while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
+ ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int i;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
@@ -826,9 +833,9 @@
if ( oc ) {
char *ptr;
- filter = ch_malloc( STRLENOF( "(objectclass=)" )
- + oc->soc_cname.bv_len + 1 );
- ptr = lutil_strcopy( filter, "(objectclass=" );
+ filter = op->o_tmpalloc( STRLENOF( "(objectClass=" ")" )
+ + oc->soc_cname.bv_len + 1, op->o_tmpmemctx );
+ ptr = lutil_strcopy( filter, "(objectClass=" );
ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
*ptr++ = ')';
*ptr++ = '\0';
@@ -841,7 +848,8 @@
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
-
+
+ /* TODO: timeout? */
rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
attrp, 0, ctrls, NULL,
NULL, LDAP_NO_LIMIT, &result );
@@ -884,7 +892,7 @@
}
if ( filter ) {
- ch_free( filter );
+ op->o_tmpfree( filter, op->o_tmpmemctx );
}
if ( lc != NULL ) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* ldif.c - the ldif backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.22 2007/01/02 21:44:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.23 2007/10/10 16:57:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2007 The OpenLDAP Foundation.
@@ -82,25 +82,56 @@
};
static void
-dn2path(struct berval * dn, struct berval * suffixdn, struct berval * base_path,
+dn2path(struct berval * orig_dn, struct berval * suffixdn, struct berval * base_path,
struct berval *res)
{
char *ptr, *sep, *end;
+ int nsep = 0;
+ struct berval dn;
- assert( dn != NULL );
- assert( !BER_BVISNULL( dn ) );
+ assert( orig_dn != NULL );
+ assert( !BER_BVISNULL( orig_dn ) );
assert( suffixdn != NULL );
assert( !BER_BVISNULL( suffixdn ) );
- assert( dnIsSuffix( dn, suffixdn ) );
+ assert( dnIsSuffix( orig_dn, suffixdn ) );
- res->bv_len = dn->bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
+ dn = *orig_dn;
+
+ for ( ptr = dn.bv_val, end = &dn.bv_val[dn.bv_len]; ptr < end; ptr++) {
+ if ( ptr[0] == LDAP_DIRSEP[0] ) {
+ nsep++;
+ }
+ }
+
+ if ( nsep ) {
+ char *p;
+
+ dn.bv_len += 2*nsep;
+ dn.bv_val = ch_malloc( dn.bv_len + 1 );
+
+ for ( ptr = orig_dn->bv_val, end = &orig_dn->bv_val[orig_dn->bv_len], p = dn.bv_val;
+ ptr < end; ptr++, p++)
+ {
+ static const char hex[] = "0123456789ABCDEF";
+ if ( ptr[0] == LDAP_DIRSEP[0] ) {
+ *p++ = '\\'; /* FIXME: fs-escape */
+ *p++ = hex[(LDAP_DIRSEP[0] & 0xF0U) >> 4];
+ *p = hex[LDAP_DIRSEP[0] & 0x0FU];
+ } else {
+ p[0] = ptr[0];
+ }
+ }
+ p[0] = '\0';
+ }
+
+ res->bv_len = dn.bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
res->bv_val = ch_malloc( res->bv_len + 1 );
ptr = lutil_strcopy( res->bv_val, base_path->bv_val );
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strcopy( ptr, suffixdn->bv_val );
- end = dn->bv_val + dn->bv_len - suffixdn->bv_len - 1;
- while ( end > dn->bv_val ) {
- for (sep = end-1; sep >=dn->bv_val && !DN_SEPARATOR( *sep ); sep--);
+ end = dn.bv_val + dn.bv_len - suffixdn->bv_len - 1;
+ while ( end > dn.bv_val ) {
+ for (sep = end-1; sep >= dn.bv_val && !DN_SEPARATOR( *sep ); sep--);
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strncopy( ptr, sep+1, end-sep-1 );
end = sep;
@@ -117,6 +148,9 @@
break;
}
#endif
+ if ( dn.bv_val != orig_dn->bv_val ) {
+ ch_free( dn.bv_val );
+ }
}
static char * slurp_file(int fd) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.31 2007/03/09 16:23:16 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.32 2007/09/26 19:04:22 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -189,6 +189,10 @@
if ( lerr != LDAP_SUCCESS ) {
rc = rs->sr_err = lerr;
+ /* Mark the meta_conn struct as tainted so
+ * it'll be freed by meta_conn_back_destroy below */
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+
/* FIXME: in some cases (e.g. unavailable)
* do not assume it's not candidate; rather
* mark this as an error to be eventually
Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/config.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/config.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.24 2007/01/27 23:56:43 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.26 2007/09/13 19:33:55 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -111,33 +111,21 @@
/* URI of server to query */
if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
int i = mi->mi_ntargets;
-#if 0
- int j;
-#endif /* uncomment if uri MUST be a branch of suffix */
- LDAPURLDesc *ludp, *tmpludp;
+ LDAPURLDesc *ludp;
struct berval dn;
int rc;
int c;
metatarget_t *mt;
+
+ char **uris = NULL;
- switch ( argc ) {
- case 1:
+ if ( argc == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing URI "
"in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
fname, lineno, 0 );
return 1;
-
- case 2:
- break;
-
- default:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: too many args "
- "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
}
if ( be->be_nsuffix == NULL ) {
@@ -170,7 +158,6 @@
mt = mi->mi_targets[ i ];
mt->mt_rebind_f = mi->mi_rebind_f;
- mt->mt_urllist_p = mt;
mt->mt_nretries = mi->mi_nretries;
mt->mt_quarantine = mi->mi_quarantine;
@@ -185,92 +172,122 @@
mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
}
- /*
- * uri MUST be legal!
- */
- if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS )
- {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse URI"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
- }
+ for ( c = 1; c < argc; c++ ) {
+ char **tmpuris = ldap_str2charray( argv[ c ], "\t" );
- /*
- * uri MUST have the <dn> part!
- */
- if ( ludp->lud_dn == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <naming context> "
+ if ( tmpuris == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse URIs #%d"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
+ fname, lineno, c - 1 );
+ return 1;
+ }
- } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
- int j = -1;
+ if ( c == 0 ) {
+ uris = tmpuris;
- for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
- if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
- break;
- }
+ } else {
+ ldap_charray_merge( &uris, tmpuris );
+ ldap_charray_free( tmpuris );
}
+ }
- if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
+ for ( c = 0; uris[ c ] != NULL; c++ ) {
+ char *tmpuri = NULL;
+
+ /*
+ * uri MUST be legal!
+ */
+ if ( ldap_url_parselist_ext( &ludp, uris[ c ], "\t" ) != LDAP_SUCCESS
+ || ludp->lud_next != NULL )
+ {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <naming context> "
+ "%s: line %d: unable to parse URI #%d"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
+ fname, lineno, c );
+ ldap_charray_free( uris );
return 1;
}
- }
- /*
- * copies and stores uri and suffix
- */
- ber_str2bv( ludp->lud_dn, 0, 0, &dn );
- rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
- &mt->mt_nsuffix, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "target \"%s\" DN is invalid\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ if ( c == 0 ) {
- ludp->lud_dn[ 0 ] = '\0';
+ /*
+ * uri MUST have the <dn> part!
+ */
+ if ( ludp->lud_dn == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing <naming context> "
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return 1;
+ }
- switch ( ludp->lud_scope ) {
- case LDAP_SCOPE_DEFAULT:
- mt->mt_scope = LDAP_SCOPE_SUBTREE;
- break;
+ /*
+ * copies and stores uri and suffix
+ */
+ ber_str2bv( ludp->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
+ &mt->mt_nsuffix, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "target \"%s\" DN is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
- case LDAP_SCOPE_SUBTREE:
- case LDAP_SCOPE_SUBORDINATE:
- mt->mt_scope = ludp->lud_scope;
- break;
+ ludp->lud_dn[ 0 ] = '\0';
- default:
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid scope for target \"%s\"\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ switch ( ludp->lud_scope ) {
+ case LDAP_SCOPE_DEFAULT:
+ mt->mt_scope = LDAP_SCOPE_SUBTREE;
+ break;
- /* check all, to apply the scope check on the first one */
- for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
- if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "multiple URIs must have "
- "no DN part\n",
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ mt->mt_scope = ludp->lud_scope;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid scope for target \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
+
+ } else {
+ /* check all, to apply the scope check on the first one */
+ if ( ludp->lud_dn != NULL && ludp->lud_dn[ 0 ] != '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "multiple URIs must have "
+ "no DN part\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+
+ }
+ }
+
+ tmpuri = ldap_url_list2urls( ludp );
+ ldap_free_urllist( ludp );
+ if ( tmpuri == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
+ ldap_charray_free( uris );
return( 1 );
-
}
+ ldap_memfree( uris[ c ] );
+ uris[ c ] = tmpuri;
}
- mt->mt_uri = ldap_url_list2urls( ludp );
- ldap_free_urllist( ludp );
+ mt->mt_uri = ldap_charray2str( uris, " " );
+ ldap_charray_free( uris );
if ( mt->mt_uri == NULL) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
@@ -280,26 +297,18 @@
/*
* uri MUST be a branch of suffix!
*/
-#if 0 /* too strict a constraint */
- if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: <naming context> of URI does not refer to current backend"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &mt->mt_nsuffix, &be->be_nsuffix[ c ] ) ) {
+ break;
+ }
}
-#else
- /*
- * uri MUST be a branch of a suffix!
- */
- if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: <naming context> of URI does not resolve to a backend"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ "%s: line %d: <naming context> of URI must be within the naming context of this database.\n",
fname, lineno, 0 );
return 1;
}
-#endif
/* subtree-exclude */
} else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
@@ -1238,8 +1247,8 @@
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
- BackendDB *tmp_be;
- int i = mi->mi_ntargets - 1, rc;
+ BackendDB *tmp_bd;
+ int i = mi->mi_ntargets - 1, c, rc;
struct berval dn, nvnc, pvnc, nrnc, prnc;
if ( i < 0 ) {
@@ -1270,17 +1279,22 @@
ber_str2bv( argv[ 1 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix '%s' is invalid\n",
+ "suffix \"%s\" is invalid\n",
fname, lineno, argv[ 1 ] );
return 1;
}
-
- tmp_be = select_backend( &nvnc, 0, 0 );
- if ( tmp_be != NULL && tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix already in use by another backend in"
- " \"suffixMassage <suffix> <massaged suffix>\"\n",
- fname, lineno, 0 );
+
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &nvnc, &be->be_nsuffix[ 0 ] ) ) {
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "%s: line %d: <suffix> \"%s\" must be within the database naming context, in "
+ "\"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, pvnc.bv_val );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
@@ -1289,33 +1303,24 @@
ber_str2bv( argv[ 2 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "massaged suffix '%s' is invalid\n",
+ "massaged suffix \"%s\" is invalid\n",
fname, lineno, argv[ 2 ] );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
}
-#if 0
- tmp_be = select_backend( &nrnc, 0, 0 );
- if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: massaged suffix already in use by another backend in"
- " \"suffixMassage <suffix> <massaged suffix>\"\n",
- fname, lineno, 0 );
- free( pvnc.bv_val );
- free( nvnc.bv_val );
- free( prnc.bv_val );
- free( nrnc.bv_val );
- return 1;
+ tmp_bd = select_backend( &nrnc, 0, 0 );
+ if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning: <massaged suffix> \"%s\" resolves to this database, in "
+ "\"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, prnc.bv_val );
}
-#endif
-
+
/*
* The suffix massaging is emulated by means of the
* rewrite capabilities
- * FIXME: no extra rewrite capabilities should be added
- * to the database
*/
rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.28 2007/01/27 23:56:43 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.29 2007/10/13 08:26:04 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -1183,7 +1183,8 @@
case LDAP_REQ_BIND:
/* if bound as rootdn, the backend must bind to all targets
- * with the administrative identity */
+ * with the administrative identity
+ * (unless pseoudoroot-bind-defer is TRUE) */
if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
op_type = META_OP_REQUIRE_ALL;
}
@@ -1241,6 +1242,9 @@
rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
LDAP_BACK_DONTSEND, !new_conn );
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+ if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+ LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+ }
META_CANDIDATE_SET( &candidates[ i ] );
ncandidates++;
@@ -1430,6 +1434,10 @@
return NULL;
}
+ if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+ LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+ }
+
candidates[ i ].sr_err = LDAP_SUCCESS;
META_CANDIDATE_SET( &candidates[ i ] );
ncandidates++;
Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/map.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/map.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* map.c - ldap backend mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.14 2007/02/26 19:40:12 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.15 2007/10/04 20:18:59 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -57,6 +57,7 @@
#include <ac/socket.h>
#include "slap.h"
+#include "lutil.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
@@ -212,6 +213,7 @@
int remap )
{
struct berval vtmp;
+ char uuid[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
int freeval = 0;
ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
@@ -258,6 +260,14 @@
return -1;
}
+ } else if ( ad->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ vtmp.bv_len = lutil_uuidstr_from_normalized( value->bv_val,
+ value->bv_len, uuid, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ if ( vtmp.bv_len < 0 ) {
+ return -1;
+ }
+ vtmp.bv_val = uuid;
+
} else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
ldap_back_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/init.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/init.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.13 2007/01/02 21:44:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.14 2007/08/22 21:37:58 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -477,7 +477,11 @@
"connection failed, exiting\n", 0, 0, 0 );
return 1;
}
-
+ if ( backsql_load_schema_map( bi, dbh ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "schema mapping failed, exiting\n", 0, 0, 0 );
+ return 1;
+ }
if ( backsql_free_db_conn( op ) != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"connection free failed\n", 0, 0, 0 );
Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.8 2007/01/02 21:44:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.9 2007/08/22 21:37:58 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -345,6 +345,7 @@
{
/* TimesTen */
char DBMSName[ 32 ];
+ SQLHDBC dbh = SQL_NULL_HDBC;
backsql_db_conn *dbc;
int rc;
@@ -354,9 +355,7 @@
Debug( LDAP_DEBUG_TRACE, "==>backsql_open_db_conn(%lu)\n",
ldap_cid, 0, 0 );
- dbc = (backsql_db_conn *)ch_calloc( 1, sizeof( backsql_db_conn ) );
- dbc->ldap_cid = ldap_cid;
- rc = SQLAllocConnect( bi->sql_db_env, &dbc->dbh );
+ rc = SQLAllocConnect( bi->sql_db_env, &dbh );
if ( !BACKSQL_SUCCESS( rc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
"SQLAllocConnect() failed:\n", ldap_cid, 0, 0 );
@@ -365,7 +364,7 @@
return LDAP_UNAVAILABLE;
}
- rc = SQLConnect( dbc->dbh,
+ rc = SQLConnect( dbh,
(SQLCHAR*)bi->sql_dbname, SQL_NTS,
(SQLCHAR*)bi->sql_dbuser, SQL_NTS,
(SQLCHAR*)bi->sql_dbpasswd, SQL_NTS );
@@ -375,8 +374,9 @@
ldap_cid, bi->sql_dbname,
rc == SQL_SUCCESS_WITH_INFO ?
"succeeded with info" : "failed" );
- backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
+ backsql_PrintErrors( bi->sql_db_env, dbh, SQL_NULL_HENV, rc );
if ( rc != SQL_SUCCESS_WITH_INFO ) {
+ SQLFreeConnect( dbh );
return LDAP_UNAVAILABLE;
}
}
@@ -385,7 +385,7 @@
* TimesTen : Turn off autocommit. We must explicitly
* commit any transactions.
*/
- SQLSetConnectOption( dbc->dbh, SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_OFF );
+ SQLSetConnectOption( dbh, SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_OFF );
/*
* See if this connection is to TimesTen. If it is,
@@ -394,7 +394,7 @@
/* Assume until proven otherwise */
bi->sql_flags &= ~BSQLF_USE_REVERSE_DN;
DBMSName[ 0 ] = '\0';
- rc = SQLGetInfo( dbc->dbh, SQL_DBMS_NAME, (PTR)&DBMSName,
+ rc = SQLGetInfo( dbh, SQL_DBMS_NAME, (PTR)&DBMSName,
sizeof( DBMSName ), NULL );
if ( rc == SQL_SUCCESS ) {
if ( strcmp( DBMSName, "TimesTen" ) == 0 ||
@@ -403,28 +403,23 @@
"TimesTen database!\n", ldap_cid, 0, 0 );
bi->sql_flags |= BSQLF_USE_REVERSE_DN;
}
+
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
"SQLGetInfo() failed.\n", ldap_cid, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
- return rc;
+ backsql_PrintErrors( bi->sql_db_env, dbh, SQL_NULL_HENV, rc );
}
/* end TimesTen */
- Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
- "connected, adding to tree.\n", ldap_cid, 0, 0 );
- ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
- if ( avl_insert( &bi->sql_db_conns, dbc, backsql_cmp_connid, avl_dup_error ) ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
- "duplicate connection ID.\n", ldap_cid, 0, 0 );
- return LDAP_OTHER;
- }
- ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
- Debug( LDAP_DEBUG_TRACE, "<==backsql_open_db_conn(%lu)\n", ldap_cid, 0, 0 );
+ dbc = (backsql_db_conn *)ch_calloc( 1, sizeof( backsql_db_conn ) );
+ dbc->ldap_cid = ldap_cid;
+ dbc->dbh = dbh;
*pdbc = dbc;
- return LDAP_SUCCESS;
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_open_db_conn(%lu)\n", ldap_cid, 0, 0 );
+
+ return rc;
}
int
@@ -475,7 +470,9 @@
* we have one thread per connection, as I understand --
* so we do not need locking here
*/
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
dbc = avl_find( bi->sql_db_conns, &tmp, backsql_cmp_connid );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
if ( !dbc ) {
rc = backsql_open_db_conn( bi, op->o_connid, &dbc );
if ( rc != LDAP_SUCCESS) {
@@ -483,21 +480,26 @@
"could not get connection handle "
"-- returning NULL\n", 0, 0, 0 );
return rc;
- }
- }
- ldap_pvt_thread_mutex_lock( &bi->sql_schema_mutex );
- if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_get_db_conn(): "
- "first call -- reading schema map\n", 0, 0, 0 );
- rc = backsql_load_schema_map( bi, dbc->dbh );
- if ( rc != LDAP_SUCCESS ) {
- ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
- backsql_free_db_conn( op );
- return rc;
+ } else {
+ int ret;
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "connected, adding to tree.\n",
+ op->o_connid, 0, 0 );
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
+ ret = avl_insert( &bi->sql_db_conns, dbc, backsql_cmp_connid, avl_dup_error );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
+ if ( ret != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "duplicate connection ID.\n",
+ op->o_connid, 0, 0 );
+ backsql_close_db_conn( (void *)dbc );
+ dbc = NULL;
+ return LDAP_OTHER;
+ }
}
}
- ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
*dbh = dbc->dbh;
Modified: openldap/vendor/openldap-release/servers/slapd/backglue.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backglue.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/backglue.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.18 2007/07/12 00:36:36 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.19 2007/08/23 14:31:02 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2007 The OpenLDAP Foundation.
@@ -620,9 +620,10 @@
Entry **e )
{
BackendDB *b0 = op->o_bd;
- op->o_bd = glue_back_select( b0, dn );
int rc;
+ op->o_bd = glue_back_select( b0, dn );
+
if ( op->o_bd->be_fetch ) {
rc = op->o_bd->be_fetch( op, dn, oc, ad, rw, e );
} else {
Modified: openldap/vendor/openldap-release/servers/slapd/backover.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backover.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/backover.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* backover.c - backend overlay routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.22 2007/07/12 00:42:42 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.23 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -147,6 +147,7 @@
ca.bi = &on->on_bi;
ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca );
if ( ct ) {
+ ca.table = on->on_bi.bi_cf_ocs->co_type;
rc = config_add_vals( ct, &ca );
if ( rc != SLAP_CONF_UNKNOWN )
break;
Modified: openldap/vendor/openldap-release/servers/slapd/bconfig.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bconfig.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/bconfig.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* bconfig.c - the config backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.53 2007/07/23 19:41:30 hallvard Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.54 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2007 The OpenLDAP Foundation.
@@ -707,7 +707,7 @@
"NAME 'olcFrontendConfig' "
"DESC 'OpenLDAP frontend configuration' "
"AUXILIARY "
- "MAY olcDefaultSearchBase )",
+ "MAY ( olcDefaultSearchBase $ olcPasswordHash ) )",
Cft_Database, NULL, NULL },
#ifdef SLAPD_MODULES
{ "( OLcfgGlOc:8 "
@@ -1459,17 +1459,27 @@
return(0);
}
+/* For backward compatibility we allow this in the global entry
+ * but we now defer it to the frontend entry to allow modules
+ * to load new hash types.
+ */
static int
config_passwd_hash(ConfigArgs *c) {
int i;
if (c->op == SLAP_CONFIG_EMIT) {
struct berval bv;
+ /* Don't generate it in the global entry */
+ if ( c->table == Cft_Global )
+ return 1;
for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
value_add_one(&c->rvalue_vals, &bv);
}
return i ? 0 : 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
+ /* Deleting from global is a no-op, only the frontendDB entry matters */
+ if ( c->table == Cft_Global )
+ return 0;
if ( c->valx < 0 ) {
ldap_charray_free( default_passwd_hash );
default_passwd_hash = NULL;
@@ -1481,12 +1491,6 @@
}
return 0;
}
- if(default_passwd_hash) {
- Debug(LDAP_DEBUG_ANY, "%s: "
- "already set default password_hash\n",
- c->log, 0, 0);
- return(1);
- }
for(i = 1; i < c->argc; i++) {
if(!lutil_passwd_scheme(c->argv[i])) {
snprintf( c->msg, sizeof( c->msg ), "<%s> scheme not available", c->argv[0] );
@@ -1495,13 +1499,13 @@
} else {
ldap_charray_add(&default_passwd_hash, c->argv[i]);
}
- if(!default_passwd_hash) {
- snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
- Debug(LDAP_DEBUG_ANY, "%s: %s\n",
- c->log, c->msg, 0 );
- return(1);
- }
}
+ if(!default_passwd_hash) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(1);
+ }
return(0);
}
@@ -2924,6 +2928,7 @@
argv[1] = (char *)dir;
argv[2] = NULL;
c.argv = argv;
+ c.table = Cft_Database;
ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
if ( !ct )
@@ -3137,14 +3142,17 @@
}
static ConfigTable *
-config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
+config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad,
+ ConfigArgs *ca )
{
int i, j;
for (j=0; j<nocs; j++) {
for (i=0; colst[j]->co_table[i].name; i++)
- if ( colst[j]->co_table[i].ad == ad )
+ if ( colst[j]->co_table[i].ad == ad ) {
+ ca->table = colst[j]->co_type;
return &colst[j]->co_table[i];
+ }
}
return NULL;
}
@@ -3590,7 +3598,7 @@
for ( a=e->e_attrs; a; a=a->a_next ) {
if ( a == oc_at ) continue;
- ct = config_find_table( colst, nocs, a->a_desc );
+ ct = config_find_table( colst, nocs, a->a_desc, ca );
if ( !ct ) continue; /* user data? */
rc = check_vals( ct, ca, a, 1 );
if ( rc ) goto done;
@@ -3599,7 +3607,7 @@
/* Basic syntax checks are OK. Do the actual settings. */
for ( a=e->e_attrs; a; a=a->a_next ) {
if ( a == oc_at ) continue;
- ct = config_find_table( colst, nocs, a->a_desc );
+ ct = config_find_table( colst, nocs, a->a_desc, ca );
if ( !ct ) continue; /* user data? */
for (i=0; a->a_vals[i].bv_val; i++) {
ca->line = a->a_vals[i].bv_val;
@@ -3769,7 +3777,7 @@
strcpy( ca->log, "back-config" );
for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
- ct = config_find_table( colst, nocs, ml->sml_desc );
+ ct = config_find_table( colst, nocs, ml->sml_desc, ca );
switch (ml->sml_op) {
case LDAP_MOD_DELETE:
case LDAP_MOD_REPLACE: {
@@ -3882,7 +3890,7 @@
if ( rc == LDAP_SUCCESS ) {
/* Basic syntax checks are OK. Do the actual settings. */
for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
- ct = config_find_table( colst, nocs, ml->sml_desc );
+ ct = config_find_table( colst, nocs, ml->sml_desc, ca );
if ( !ct ) continue;
switch (ml->sml_op) {
@@ -4237,6 +4245,7 @@
attr_merge_normalize_one(e, ad, &val, NULL );
oc = main->co_oc;
+ c->table = main->co_type;
if ( oc->soc_required )
config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
@@ -4245,6 +4254,7 @@
if ( extra ) {
oc = extra->co_oc;
+ c->table = extra->co_type;
if ( oc->soc_required )
config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
Modified: openldap/vendor/openldap-release/servers/slapd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/config.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* config.c - configuration file handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.25 2007/02/08 12:31:24 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.26 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -308,8 +308,7 @@
return(0);
}
if(arg_type & ARG_OFFSET) {
- if (c->be && (!overlay_is_over(c->be) ||
- ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ if (c->be && c->table == Cft_Database)
ptr = c->be->be_private;
else if (c->bi)
ptr = c->bi->bi_private;
@@ -400,8 +399,7 @@
if ( rc ) return rc;
} else {
if ( cf->arg_type & ARG_OFFSET ) {
- if (c->be && (!overlay_is_over(c->be) ||
- ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ if (c->be && c->table == Cft_Database)
ptr = c->be->be_private;
else if ( c->bi )
ptr = c->bi->bi_private;
@@ -752,6 +750,7 @@
ct = config_find_keyword( cft, c );
if ( ct ) {
+ c->table = Cft_Global;
rc = config_add_vals( ct, c );
if ( !rc ) continue;
@@ -772,6 +771,7 @@
if ( c->bi->bi_cf_ocs ) {
ct = config_find_keyword( c->bi->bi_cf_ocs->co_table, c );
if ( ct ) {
+ c->table = c->bi->bi_cf_ocs->co_type;
rc = config_add_vals( ct, c );
}
}
@@ -800,6 +800,7 @@
if ( c->be->be_cf_ocs ) {
ct = config_find_keyword( c->be->be_cf_ocs->co_table, c );
if ( ct ) {
+ c->table = c->be->be_cf_ocs->co_type;
rc = config_add_vals( ct, c );
}
}
@@ -1526,7 +1527,9 @@
rc = SLAP_CONF_UNKNOWN;
ct = config_find_keyword( be->be_cf_ocs->co_table, &c );
- if ( ct )
+ if ( ct ) {
+ c.table = be->be_cf_ocs->co_type;
rc = config_add_vals( ct, &c );
+ }
return rc;
}
Modified: openldap/vendor/openldap-release/servers/slapd/config.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.h 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/config.h 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* config.h - configuration abstraction structure */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.13 2007/01/02 21:43:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.14 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -141,6 +141,7 @@
Entry *ca_entry; /* entry being modified */
void *private; /* anything */
ConfigDriver *cleanup;
+ ConfigType table; /* which config table did we come from */
} ConfigArgs;
/* If lineno is zero, we have an actual LDAP Add request from a client.
Modified: openldap/vendor/openldap-release/servers/slapd/filter.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filter.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/filter.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* filter.c - routines for parsing and dealing with filters */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.10 2007/01/02 21:43:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.12 2007/10/05 06:36:24 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -32,6 +32,7 @@
#include <ac/string.h>
#include "slap.h"
+#include "lutil.h"
static int get_filter_list(
Operation *op,
@@ -561,7 +562,14 @@
switch ( f->f_choice ) {
case LDAP_FILTER_EQUALITY:
- filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+ if ( f->f_av_desc->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ tmp.bv_val = op->o_tmpalloc( LDAP_LUTIL_UUIDSTR_BUFSIZE, op->o_tmpmemctx );
+ tmp.bv_len = lutil_uuidstr_from_normalized( f->f_av_value.bv_val,
+ f->f_av_value.bv_len, tmp.bv_val, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ assert( tmp.bv_len > 0 );
+ } else {
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+ }
fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
tmp.bv_len + ( sizeof("(=)") - 1 );
Modified: openldap/vendor/openldap-release/servers/slapd/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modify.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/modify.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.25 2007/01/02 21:43:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.26 2007/09/04 03:42:37 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -734,6 +734,7 @@
"%s: value #%ld normalization failed",
ml->sml_type.bv_val, (long) nvals );
*text = textbuf;
+ BER_BVZERO( &ml->sml_nvalues[nvals] );
return rc;
}
}
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
# Makefile.in for overlays
-# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.17 2007/05/29 21:57:47 hallvard Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.18 2007/10/23 21:21:38 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2003-2007 The OpenLDAP Foundation.
@@ -124,7 +124,7 @@
$(AR) rs $@ $(OBJS)
# Must fixup depends for non-libtool objects
-depend-local:
+depend-local: depend-common
@if test -n "$(OBJS)"; then \
OBJ2=`echo $(OBJS) $(OBJDEP) | $(SED) -e 's/\.o//g'`; \
SCR=''; for i in $$OBJ2; do SCR="$$SCR -e s/^$$i.lo:/$$i.o:/"; done; \
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.19 2007/07/23 20:08:32 hallvard Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.22 2007/10/23 23:26:19 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -1050,7 +1050,6 @@
if ( si->query.save_attrs != NULL ) {
rs->sr_attrs = si->query.save_attrs;
op->ors_attrs = si->query.save_attrs;
- si->query.save_attrs = NULL;
}
if ( rs->sr_type == REP_SEARCH ) {
@@ -1135,8 +1134,8 @@
count++;
}
- *new_attrs = (AttributeName*)ch_malloc((count+1)*
- sizeof(AttributeName));
+ *new_attrs = (AttributeName*)ch_calloc( count + 1,
+ sizeof(AttributeName) );
for (i=0; i<attrs->count; i++) {
(*new_attrs)[i].an_name = attrs->attrs[i].an_name;
(*new_attrs)[i].an_desc = attrs->attrs[i].an_desc;
@@ -1156,18 +1155,13 @@
continue;
(*new_attrs)[j].an_name = filter_attrs[i].an_name;
(*new_attrs)[j].an_desc = filter_attrs[i].an_desc;
- (*new_attrs)[j].an_oc = NULL;
- (*new_attrs)[j].an_oc_exclude = 0;
j++;
}
if ( addoc ) {
(*new_attrs)[j].an_name = slap_schema.si_ad_objectClass->ad_cname;
(*new_attrs)[j].an_desc = slap_schema.si_ad_objectClass;
- (*new_attrs)[j].an_oc = NULL;
- (*new_attrs)[j].an_oc_exclude = 0;
j++;
}
- BER_BVZERO( &(*new_attrs)[j].an_name );
}
/* NOTE: this is a quick workaround to let pcache minimally interact
@@ -1264,7 +1258,7 @@
continue;
cacheable = 1;
template_id = i;
- Debug( LDAP_DEBUG_NONE, "Entering QC, querystr = %s\n",
+ Debug( pcache_debug, "Entering QC, querystr = %s\n",
op->ors_filterstr.bv_val, 0, 0 );
answerable = (*(qm->qcfunc))(op, qm, &query, i);
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.20 2007/08/14 09:59:44 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.21 2007/09/07 07:40:11 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -516,7 +516,35 @@
return SLAP_CB_CONTINUE;
}
+/* imported from HEAD */
static int
+ber_bvarray_dup_x( BerVarray *dst, BerVarray src, void *ctx )
+{
+ int i, j;
+ BerVarray new;
+
+ if ( !src ) {
+ *dst = NULL;
+ return 0;
+ }
+
+ for (i=0; !BER_BVISNULL( &src[i] ); i++) ;
+ new = ber_memalloc_x(( i+1 ) * sizeof(BerValue), ctx );
+ if ( !new )
+ return -1;
+ for (j=0; j<i; j++) {
+ ber_dupbv_x( &new[j], &src[j], ctx );
+ if ( BER_BVISNULL( &new[j] )) {
+ ber_bvarray_free_x( new, ctx );
+ return -1;
+ }
+ }
+ BER_BVZERO( &new[j] );
+ *dst = new;
+ return 0;
+}
+
+static int
rwm_op_modify( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
@@ -544,21 +572,26 @@
isupdate = be_shadow_update( op );
for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
int is_oc = 0;
- Modifications *ml;
+ Modifications *ml = *mlp;
struct ldapmapping *mapping = NULL;
- /* duplicate the modlist */
- ml = ch_malloc( sizeof( Modifications ));
- *ml = **mlp;
- *mlp = ml;
-
+ /* ml points to a temporary mod until needs duplication */
if ( ml->sml_desc == slap_schema.si_ad_objectClass
|| ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
- } else if ( !isupdate && !get_manageDIT( op ) && (*mlp)->sml_desc->ad_type->sat_no_user_mod )
+ } else if ( !isupdate && !get_manageDIT( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
+ ml = ch_malloc( sizeof( Modifications ) );
+ *ml = **mlp;
+ if ( (*mlp)->sml_values ) {
+ ber_bvarray_dup_x( &ml->sml_values, (*mlp)->sml_values, NULL );
+ if ( (*mlp)->sml_nvalues ) {
+ ber_bvarray_dup_x( &ml->sml_nvalues, (*mlp)->sml_nvalues, NULL );
+ }
+ }
+ *mlp = ml;
goto next_mod;
} else {
@@ -573,6 +606,11 @@
}
}
+ /* duplicate the modlist */
+ ml = ch_malloc( sizeof( Modifications ));
+ *ml = **mlp;
+ *mlp = ml;
+
if ( ml->sml_values != NULL ) {
int i, num;
struct berval *bva;
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* rwmmap.c - rewrite/mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.15 2007/07/12 20:23:48 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.16 2007/10/04 20:02:08 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -32,6 +32,7 @@
#include "slap.h"
#include "rwm.h"
+#include "lutil.h"
#undef ldap_debug /* silence a warning in ldap-int.h */
#include "../../../libraries/libldap/ldap-int.h"
@@ -382,6 +383,7 @@
{
struct berval vtmp = BER_BVNULL;
int freeval = 0;
+ char uuid[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
AttributeDescription *ad = *adp;
struct ldapmapping *mapping = NULL;
@@ -425,6 +427,14 @@
return -1;
}
+ } else if ( ad->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ vtmp.bv_len = lutil_uuidstr_from_normalized( value->bv_val,
+ value->bv_len, uuid, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ if ( vtmp.bv_len < 0 ) {
+ return -1;
+ }
+ vtmp.bv_val = uuid;
+
} else if ( ad == slap_schema.si_ad_objectClass
|| ad == slap_schema.si_ad_structuralObjectClass )
{
Modified: openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.45 2007/07/22 15:24:26 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.46 2007/10/08 16:13:54 hyc Exp $ */
/* syncprov.c - syncrepl provider */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
@@ -1503,7 +1503,7 @@
{
struct berval maxcsn = BER_BVNULL;
char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
- int do_check=0;
+ int do_check = 0, have_psearches;
/* Update our context CSN */
cbuf[0] = '\0';
@@ -1548,7 +1548,10 @@
opc->sctxcsn.bv_val = cbuf;
/* Handle any persistent searches */
- if ( si->si_ops ) {
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ have_psearches = ( si->si_ops != NULL );
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ if ( have_psearches ) {
switch(op->o_tag) {
case LDAP_REQ_ADD:
case LDAP_REQ_MODIFY:
@@ -1653,12 +1656,19 @@
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
syncprov_info_t *si = on->on_bi.bi_private;
+ slap_callback *cb;
+ opcookie *opc;
+ int have_psearches, cbsize;
- slap_callback *cb = op->o_tmpcalloc(1, sizeof(slap_callback)+
- sizeof(opcookie) +
- (si->si_ops ? sizeof(modinst) : 0 ),
- op->o_tmpmemctx);
- opcookie *opc = (opcookie *)(cb+1);
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ have_psearches = ( si->si_ops != NULL );
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+
+ cbsize = sizeof(slap_callback) + sizeof(opcookie) +
+ (have_psearches ? sizeof(modinst) : 0 );
+
+ cb = op->o_tmpcalloc(1, cbsize, op->o_tmpmemctx);
+ opc = (opcookie *)(cb+1);
opc->son = on;
cb->sc_response = syncprov_op_response;
cb->sc_cleanup = syncprov_op_cleanup;
@@ -1669,7 +1679,7 @@
/* If there are active persistent searches, lock this operation.
* See seqmod.c for the locking logic on its own.
*/
- if ( si->si_ops ) {
+ if ( have_psearches ) {
modtarget *mt, mtdummy;
modinst *mi;
@@ -1716,7 +1726,7 @@
}
}
- if (( si->si_ops || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
+ if (( have_psearches || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
syncprov_matchops( op, opc, 1 );
return SLAP_CB_CONTINUE;
@@ -1865,8 +1875,9 @@
a = attr_find( rs->sr_operational_attrs, slap_schema.si_ad_entryCSN );
}
if ( a ) {
+ /* If not a persistent search */
/* Make sure entry is less than the snapshot'd contextCSN */
- if ( ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
+ if ( !ss->ss_so && ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s greater than snapshot %s\n",
rs->sr_entry->e_name.bv_val,
a->a_nvals[0].bv_val,
Modified: openldap/vendor/openldap-release/servers/slapd/sasl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sasl.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/sasl.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.18 2007/06/08 08:10:31 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.19 2007/10/08 09:53:53 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -1191,12 +1191,13 @@
#if SASL_VERSION_MAJOR >= 2
int sc;
sasl_conn_t *ctx = conn->c_sasl_authctx;
+ sasl_ssf_t sasl_ssf = ssf;
if ( ctx == NULL ) {
return LDAP_UNAVAILABLE;
}
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
if ( sc != SASL_OK ) {
return LDAP_OTHER;
@@ -1365,7 +1366,7 @@
if ( !op->o_conn->c_sasl_bind_in_progress ) {
/* If we already authenticated once, must use a new context */
if ( op->o_conn->c_sasl_done ) {
- slap_ssf_t ssf = 0;
+ sasl_ssf_t ssf = 0;
const char *authid = NULL;
#if SASL_VERSION_MAJOR >= 2
sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/corba.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/corba.schema 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/corba.schema 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,239 +0,0 @@
-# corba.schema -- Corba Object Schema
-# depends upon core.schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1999).
-## Please see full copyright statement below.
-
-
-# Network Working Group V. Ryan
-# Request for Comments: 2714 R. Lee
-# Category: Informational S. Seligman
-# Sun Microsystems, Inc.
-# October 1999
-#
-#
-# Schema for Representing CORBA Object References in an LDAP Directory
-#
-# Status of this Memo
-#
-# This memo provides information for the Internet community. It does
-# not specify an Internet standard of any kind. Distribution of this
-# memo is unlimited.
-#
-# Copyright Notice
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# Abstract
-#
-# CORBA [CORBA] is the Common Object Request Broker Architecture
-# defined by the Object Management Group. This document defines the
-# schema for representing CORBA object references in an LDAP directory
-# [LDAPv3].
-#
-# [trimmed]
-
-# 3. Attribute Type Definitions
-#
-# The following attribute types are defined in this document:
-#
-# corbaIor
-# corbaRepositoryId
-#
-# 3.1 corbaIor
-#
-# This attribute stores the string representation of the interoperable
-# object reference (IOR) for a CORBA object. An IOR is an opaque handle
-# for the object which contains the information necessary to locate the
-# object, even if the object is in another ORB.
-#
-# This attribute's syntax is 'IA5 String' and its case is
-# insignificant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.14
-# NAME 'corbaIor'
-# DESC 'Stringified interoperable object reference of a CORBA object'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
- NAME 'corbaIor'
- DESC 'Stringified interoperable object reference of a CORBA object'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-# 3.2 corbaRepositoryId
-#
-# Each CORBA interface has a unique "repository id" (also called "type
-# id") that identifies the interface. A CORBA object has one or more
-# repository ids, one for each interface that it implements.
-#
-# The format of a repository id can be any string, but the OMG
-# specifies four standard formats:
-#
-# a. IDL-style
-#
-# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
-#
-# For example, the repository id for the "NamingContext" in OMG's COS
-# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
-#
-# b. RMI-style
-#
-# RMI:ClassName:HashCode[:SUID]
-#
-# This format is used by RMI-IIOP remote objects [RMI-IIOP].
-# "ClassName" is the fully qualified name of the class (for example,
-# "java.lang.String"). "HashCode" is the object's hash code (that is,
-# that obtained by invoking the "hashCode()" method). "SUID" is the
-# "stream unique identifier", which is a 64-bit number that uniquely
-# identifies the serialization version of the class; SUID is optional
-# in the repository id.
-#
-# c. DCE-style
-#
-# DCE:UUID
-#
-# This format is used for DCE/CORBA interoperability [CORBA-DCE].
-# "UUID" represents a DCE UUID.
-#
-# d. "local"
-#
-# This format is defined by the local Object Request Broker (ORB).
-#
-# The corbaRepositoryId attribute is a multivalued attribute; each
-# value records a single repository id of an interface implemented by
-# the CORBA object. This attribute need not contain a complete list of
-# the interfaces implemented by the CORBA object.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant. The values of this attribute are encoded using UTF-8.
-# Some values may require translation from their native representation
-# in order to be correctly encoded using UTF-8.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.15
-# NAME 'corbaRepositoryId'
-# DESC 'Repository ids of interfaces implemented by a CORBA object'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
- NAME 'corbaRepositoryId'
- DESC 'Repository ids of interfaces implemented by a CORBA object'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 4. Object Class Definitions
-#
-# The following object classes are defined in this document:
-#
-# corbaContainer
-# corbaObject
-# corbaObjectReference
-#
-# 4.1 corbaContainer
-#
-# This structural object class represents a container for a CORBA
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.10
-# NAME 'corbaContainer'
-# DESC 'Container for a CORBA object'
-# SUP top
-# STRUCTURAL
-# MUST ( cn )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
- NAME 'corbaContainer'
- DESC 'Container for a CORBA object'
- SUP top
- STRUCTURAL
- MUST cn )
-
-# 4.2 corbaObject
-#
-# This abstract object class is the root class for representing a CORBA
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.9
-# NAME 'corbaObject'
-# DESC 'CORBA object representation'
-# SUP top
-# ABSTRACT
-# MAY ( corbaRepositoryId $ description )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
- NAME 'corbaObject'
- DESC 'CORBA object representation'
- SUP top
- ABSTRACT
- MAY ( corbaRepositoryId $ description ) )
-
-# 4.3 corbaObjectReference
-#
-# This auxiliary object class represents a CORBA object reference. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.11
-# NAME 'corbaObjectReference'
-# DESC 'CORBA interoperable object reference'
-# SUP corbaObject
-# AUXILIARY
-# MUST ( corbaIor )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
- NAME 'corbaObjectReference'
- DESC 'CORBA interoperable object reference'
- SUP corbaObject
- AUXILIARY
- MUST corbaIor )
-
-# 10. Full Copyright Statement
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished to
-# others, and derivative works that comment on or otherwise explain it
-# or assist in its implementation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph are
-# included on all such copies and derivative works. However, this
-# document itself may not be modified in any way, such as by removing
-# the copyright notice or references to the Internet Society or other
-# Internet organizations, except as needed for the purpose of
-# developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be
-# followed, or as required to translate it into languages other than
-# English.
-#
-# The limited permissions granted above are perpetual and will not be
-# revoked by the Internet Society or its successors or assigns.
-#
-# This document and the information contained herein is provided on an
-# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/core.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/core.ldif 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/core.ldif 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,588 +0,0 @@
-# OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.5 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1997-2003).
-## All Rights Reserved.
-##
-## This document and translations of it may be copied and furnished to
-## others, and derivative works that comment on or otherwise explain it
-## or assist in its implementation may be prepared, copied, published
-## and distributed, in whole or in part, without restriction of any
-## kind, provided that the above copyright notice and this paragraph are
-## included on all such copies and derivative works. However, this
-## document itself may not be modified in any way, such as by removing
-## the copyright notice or references to the Internet Society or other
-## Internet organizations, except as needed for the purpose of
-## developing Internet standards in which case the procedures for
-## copyrights defined in the Internet Standards process must be
-## followed, or as required to translate it into languages other than
-## English.
-##
-## The limited permissions granted above are perpetual and will not be
-## revoked by the Internet Society or its successors or assigns.
-##
-## This document and the information contained herein is provided on an
-## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-#
-#
-#
-# Includes LDAPv3 schema items from:
-# RFC 2252/2256 (LDAPv3)
-#
-# Select standard track schema items:
-# RFC 1274 (uid/dc)
-# RFC 2079 (URI)
-# RFC 2247 (dc/dcObject)
-# RFC 2587 (PKI)
-# RFC 2589 (Dynamic Directory Services)
-#
-# Select informational schema items:
-# RFC 2377 (uidObject)
-#
-#
-# Standard attribute types from RFC 2256
-#
-dn: cn=core,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: core
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
-# DESC 'RFC2256: object classes of the entity'
-# EQUALITY objectIdentifierMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-# DESC 'RFC2256: name of aliased object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
- DESC 'RFC2256: knowledge information'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-# DESC 'RFC2256: common name(s) for which the entity is known by'
-# SUP name )
-#
-olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
- DESC 'RFC2256: last (family) name(s) for which the entity is known by'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
- DESC 'RFC2256: serial number of the entity'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
-#
-olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
- DESC 'RFC2256: ISO-3166 country 2-letter code'
- SUP name SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
- DESC 'RFC2256: locality which this object resides in'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
- DESC 'RFC2256: state or province which this object resides in'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
- DESC 'RFC2256: street address of this object'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
- DESC 'RFC2256: organization this object belongs to'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
- DESC 'RFC2256: organizational unit this object belongs to'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.12 NAME 'title'
- DESC 'RFC2256: title associated with the entity'
- SUP name )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
-# DESC 'RFC2256: descriptive information'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-#
-# Deprecated by enhancedSearchGuide
-olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
- DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
-#
-olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
- DESC 'RFC2256: business category'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
- DESC 'RFC2256: postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-#
-olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
- DESC 'RFC2256: postal code'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-#
-olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
- DESC 'RFC2256: Post Office Box'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-#
-olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
- DESC 'RFC2256: Physical Delivery Office Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
- DESC 'RFC2256: Telephone Number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-#
-olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
- DESC 'RFC2256: Telex Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
-#
-olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
- DESC 'RFC2256: Teletex Terminal Identifier'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
-#
-olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
- DESC 'RFC2256: Facsimile (Fax) Telephone Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
-#
-olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
- DESC 'RFC2256: X.121 Address'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
-#
-olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
- DESC 'RFC2256: international ISDN number'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
-#
-olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
- DESC 'RFC2256: registered postal address'
- SUP postalAddress
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-#
-olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
- DESC 'RFC2256: destination indicator'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-#
-olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
- DESC 'RFC2256: preferred delivery method'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
- SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
- DESC 'RFC2256: presentation address'
- EQUALITY presentationAddressMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
- SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
- DESC 'RFC2256: supported application context'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-#
-olcAttributeTypes: ( 2.5.4.31 NAME 'member'
- DESC 'RFC2256: member of a group'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
- DESC 'RFC2256: owner (of the object)'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
- DESC 'RFC2256: occupant of role'
- SUP distinguishedName )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
-# DESC 'RFC2256: DN of related object'
-# SUP distinguishedName )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
-# DESC 'RFC2256/2307: password of user'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-#
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
- DESC 'RFC2256: X.509 user certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-#
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
- DESC 'RFC2256: X.509 CA certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
- DESC 'RFC2256: X.509 authority revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
- DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-# Must be stored and requested in the binary form
-olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
- DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
-#
-# 2.5.4.41 is defined above as it's used for subtyping
-#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
- DESC 'RFC2256: first name(s) for which the entity is known by'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
- DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
- DESC 'RFC2256: name qualifier indicating a generation'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
- DESC 'RFC2256: X.500 unique identifier'
- EQUALITY bitStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-#
-olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
- DESC 'RFC2256: DN qualifier'
- EQUALITY caseIgnoreMatch
- ORDERING caseIgnoreOrderingMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
-#
-olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
- DESC 'RFC2256: enhanced search guide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
-#
-olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
- DESC 'RFC2256: protocol information'
- EQUALITY protocolInformationMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
-#
-# 2.5.4.49 is defined above as it's used for subtyping
-#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-#
-olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
- DESC 'RFC2256: unique member of a group'
- EQUALITY uniqueMemberMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
-#
-olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
- DESC 'RFC2256: house identifier'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
- DESC 'RFC2256: supported algorithms'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
- DESC 'RFC2256: delta revocation list; use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
- DESC 'RFC2256: name of DMD'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
- DESC 'X.520(4th): pseudonym for the object'
- SUP name )
-#
-# Standard object classes from RFC2256
-#
-# system schema
-#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
-# DESC 'RFC2256: an alias'
-# SUP top STRUCTURAL
-# MUST aliasedObjectName )
-#
-olcObjectClasses: ( 2.5.6.2 NAME 'country'
- DESC 'RFC2256: a country'
- SUP top STRUCTURAL
- MUST c
- MAY ( searchGuide $ description ) )
-#
-olcObjectClasses: ( 2.5.6.3 NAME 'locality'
- DESC 'RFC2256: a locality'
- SUP top STRUCTURAL
- MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.4 NAME 'organization'
- DESC 'RFC2256: an organization'
- SUP top STRUCTURAL
- MUST o
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
- DESC 'RFC2256: an organizational unit'
- SUP top STRUCTURAL
- MUST ou
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.6 NAME 'person'
- DESC 'RFC2256: a person'
- SUP top STRUCTURAL
- MUST ( sn $ cn )
- MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
-#
-olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
- DESC 'RFC2256: an organizational person'
- SUP person STRUCTURAL
- MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
-#
-olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
- DESC 'RFC2256: an organizational role'
- SUP top STRUCTURAL
- MUST cn
- MAY ( x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
- DESC 'RFC2256: a group of names (DNs)'
- SUP top STRUCTURAL
- MUST ( member $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-#
-olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
- DESC 'RFC2256: an residential person'
- SUP person STRUCTURAL
- MUST l
- MAY ( businessCategory $ x121Address $ registeredAddress $
- destinationIndicator $ preferredDeliveryMethod $ telexNumber $
- teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l ) )
-#
-olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
- DESC 'RFC2256: an application process'
- SUP top STRUCTURAL
- MUST cn
- MAY ( seeAlso $ ou $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
- DESC 'RFC2256: an application entity'
- SUP top STRUCTURAL
- MUST ( presentationAddress $ cn )
- MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
- description ) )
-#
-olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
- DESC 'RFC2256: a directory system agent (a server)'
- SUP applicationEntity STRUCTURAL
- MAY knowledgeInformation )
-#
-olcObjectClasses: ( 2.5.6.14 NAME 'device'
- DESC 'RFC2256: a device'
- SUP top STRUCTURAL
- MUST cn
- MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
- DESC 'RFC2256: a strong authentication user'
- SUP top AUXILIARY
- MUST userCertificate )
-#
-olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
- DESC 'RFC2256: a certificate authority'
- SUP top AUXILIARY
- MUST ( authorityRevocationList $ certificateRevocationList $
- cACertificate ) MAY crossCertificatePair )
-#
-olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
- DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
- SUP top STRUCTURAL
- MUST ( uniqueMember $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-#
-olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
- DESC 'RFC2256: a user security information'
- SUP top AUXILIARY
- MAY ( supportedAlgorithms ) )
-#
-olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
- SUP certificationAuthority
- AUXILIARY MAY ( deltaRevocationList ) )
-#
-olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
- SUP top STRUCTURAL
- MUST ( cn )
- MAY ( certificateRevocationList $ authorityRevocationList $
- deltaRevocationList ) )
-#
-olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
- SUP top STRUCTURAL
- MUST ( dmdName )
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- street $ postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-#
-# Object Classes from RFC 2587
-#
-olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
- DESC 'RFC2587: a PKI user'
- SUP top AUXILIARY
- MAY userCertificate )
-#
-olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
- DESC 'RFC2587: PKI certificate authority'
- SUP top AUXILIARY
- MAY ( authorityRevocationList $ certificateRevocationList $
- cACertificate $ crossCertificatePair ) )
-#
-olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
- DESC 'RFC2587: PKI user'
- SUP top AUXILIARY
- MAY deltaRevocationList )
-#
-#
-# Standard Track URI label schema from RFC 2079
-# system schema
-#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-# DESC 'RFC2079: Uniform Resource Identifier with optional label'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
- DESC 'RFC2079: object that contains the URI attribute type'
- MAY ( labeledURI )
- SUP top AUXILIARY )
-#
-#
-# Derived from RFC 1274, but with new "short names"
-#
-#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
-# NAME ( 'uid' 'userid' )
-# DESC 'RFC1274: user identifier'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-#
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
- NAME ( 'mail' 'rfc822Mailbox' )
- DESC 'RFC1274: RFC822 Mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-#
-olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
- DESC 'RFC1274: simple security object'
- SUP top AUXILIARY
- MUST userPassword )
-#
-# RFC 1274 + RFC 2247
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
- NAME ( 'dc' 'domainComponent' )
- DESC 'RFC1274/2247: domain component'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-#
-# RFC 2247
-olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
- DESC 'RFC2247: domain component object'
- SUP top AUXILIARY MUST dc )
-#
-# RFC 2377
-olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
- DESC 'RFC2377: uid object'
- SUP top AUXILIARY MUST uid )
-#
-# From COSINE Pilot
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
- NAME 'associatedDomain'
- DESC 'RFC1274: domain associated with object'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-#
-# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
-olcAttributeTypes: ( 1.2.840.113549.1.9.1
- NAME ( 'email' 'emailAddress' 'pkcs9email' )
- DESC 'RFC3280: legacy attribute for email addresses in DNs'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-#
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/core.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/core.schema 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/core.schema 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,591 +0,0 @@
-# OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.8 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1997-2003).
-## All Rights Reserved.
-##
-## This document and translations of it may be copied and furnished to
-## others, and derivative works that comment on or otherwise explain it
-## or assist in its implementation may be prepared, copied, published
-## and distributed, in whole or in part, without restriction of any
-## kind, provided that the above copyright notice and this paragraph are
-## included on all such copies and derivative works. However, this
-## document itself may not be modified in any way, such as by removing
-## the copyright notice or references to the Internet Society or other
-## Internet organizations, except as needed for the purpose of
-## developing Internet standards in which case the procedures for
-## copyrights defined in the Internet Standards process must be
-## followed, or as required to translate it into languages other than
-## English.
-##
-## The limited permissions granted above are perpetual and will not be
-## revoked by the Internet Society or its successors or assigns.
-##
-## This document and the information contained herein is provided on an
-## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-#
-#
-# Includes LDAPv3 schema items from:
-# RFC 2252/2256 (LDAPv3)
-#
-# Select standard track schema items:
-# RFC 1274 (uid/dc)
-# RFC 2079 (URI)
-# RFC 2247 (dc/dcObject)
-# RFC 2587 (PKI)
-# RFC 2589 (Dynamic Directory Services)
-#
-# Select informational schema items:
-# RFC 2377 (uidObject)
-
-#
-# Standard attribute types from RFC 2256
-#
-
-# system schema
-#attributetype ( 2.5.4.0 NAME 'objectClass'
-# DESC 'RFC2256: object classes of the entity'
-# EQUALITY objectIdentifierMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-# system schema
-#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-# DESC 'RFC2256: name of aliased object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-
-attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
- DESC 'RFC2256: knowledge information'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-# system schema
-#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-# DESC 'RFC2256: common name(s) for which the entity is known by'
-# SUP name )
-
-attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
- DESC 'RFC2256: last (family) name(s) for which the entity is known by'
- SUP name )
-
-attributetype ( 2.5.4.5 NAME 'serialNumber'
- DESC 'RFC2256: serial number of the entity'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
-
-attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
- DESC 'RFC2256: ISO-3166 country 2-letter code'
- SUP name SINGLE-VALUE )
-
-attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
- DESC 'RFC2256: locality which this object resides in'
- SUP name )
-
-attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
- DESC 'RFC2256: state or province which this object resides in'
- SUP name )
-
-attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
- DESC 'RFC2256: street address of this object'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
- DESC 'RFC2256: organization this object belongs to'
- SUP name )
-
-attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
- DESC 'RFC2256: organizational unit this object belongs to'
- SUP name )
-
-attributetype ( 2.5.4.12 NAME 'title'
- DESC 'RFC2256: title associated with the entity'
- SUP name )
-
-# system schema
-#attributetype ( 2.5.4.13 NAME 'description'
-# DESC 'RFC2256: descriptive information'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
-# Deprecated by enhancedSearchGuide
-attributetype ( 2.5.4.14 NAME 'searchGuide'
- DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
-
-attributetype ( 2.5.4.15 NAME 'businessCategory'
- DESC 'RFC2256: business category'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.16 NAME 'postalAddress'
- DESC 'RFC2256: postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-attributetype ( 2.5.4.17 NAME 'postalCode'
- DESC 'RFC2256: postal code'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-
-attributetype ( 2.5.4.18 NAME 'postOfficeBox'
- DESC 'RFC2256: Post Office Box'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-
-attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
- DESC 'RFC2256: Physical Delivery Office Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.20 NAME 'telephoneNumber'
- DESC 'RFC2256: Telephone Number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-
-attributetype ( 2.5.4.21 NAME 'telexNumber'
- DESC 'RFC2256: Telex Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
-
-attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
- DESC 'RFC2256: Teletex Terminal Identifier'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
-
-attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
- DESC 'RFC2256: Facsimile (Fax) Telephone Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
-
-attributetype ( 2.5.4.24 NAME 'x121Address'
- DESC 'RFC2256: X.121 Address'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
-
-attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
- DESC 'RFC2256: international ISDN number'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
-
-attributetype ( 2.5.4.26 NAME 'registeredAddress'
- DESC 'RFC2256: registered postal address'
- SUP postalAddress
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-attributetype ( 2.5.4.27 NAME 'destinationIndicator'
- DESC 'RFC2256: destination indicator'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-
-attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
- DESC 'RFC2256: preferred delivery method'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
- SINGLE-VALUE )
-
-attributetype ( 2.5.4.29 NAME 'presentationAddress'
- DESC 'RFC2256: presentation address'
- EQUALITY presentationAddressMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
- SINGLE-VALUE )
-
-attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
- DESC 'RFC2256: supported application context'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-attributetype ( 2.5.4.31 NAME 'member'
- DESC 'RFC2256: member of a group'
- SUP distinguishedName )
-
-attributetype ( 2.5.4.32 NAME 'owner'
- DESC 'RFC2256: owner (of the object)'
- SUP distinguishedName )
-
-attributetype ( 2.5.4.33 NAME 'roleOccupant'
- DESC 'RFC2256: occupant of role'
- SUP distinguishedName )
-
-# system schema
-#attributetype ( 2.5.4.34 NAME 'seeAlso'
-# DESC 'RFC2256: DN of related object'
-# SUP distinguishedName )
-
-# system schema
-#attributetype ( 2.5.4.35 NAME 'userPassword'
-# DESC 'RFC2256/2307: password of user'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-attributetype ( 2.5.4.36 NAME 'userCertificate'
- DESC 'RFC2256: X.509 user certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-attributetype ( 2.5.4.37 NAME 'cACertificate'
- DESC 'RFC2256: X.509 CA certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
- DESC 'RFC2256: X.509 authority revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
- DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-# Must be stored and requested in the binary form
-attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
- DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
-
-# system schema
-#attributetype ( 2.5.4.41 NAME 'name'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
- DESC 'RFC2256: first name(s) for which the entity is known by'
- SUP name )
-
-attributetype ( 2.5.4.43 NAME 'initials'
- DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
- SUP name )
-
-attributetype ( 2.5.4.44 NAME 'generationQualifier'
- DESC 'RFC2256: name qualifier indicating a generation'
- SUP name )
-
-attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
- DESC 'RFC2256: X.500 unique identifier'
- EQUALITY bitStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-
-attributetype ( 2.5.4.46 NAME 'dnQualifier'
- DESC 'RFC2256: DN qualifier'
- EQUALITY caseIgnoreMatch
- ORDERING caseIgnoreOrderingMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
-
-attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
- DESC 'RFC2256: enhanced search guide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
-
-attributetype ( 2.5.4.48 NAME 'protocolInformation'
- DESC 'RFC2256: protocol information'
- EQUALITY protocolInformationMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
-
-# system schema
-#attributetype ( 2.5.4.49 NAME 'distinguishedName'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.5.4.50 NAME 'uniqueMember'
- DESC 'RFC2256: unique member of a group'
- EQUALITY uniqueMemberMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
-
-attributetype ( 2.5.4.51 NAME 'houseIdentifier'
- DESC 'RFC2256: house identifier'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
- DESC 'RFC2256: supported algorithms'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
- DESC 'RFC2256: delta revocation list; use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-attributetype ( 2.5.4.54 NAME 'dmdName'
- DESC 'RFC2256: name of DMD'
- SUP name )
-
-attributetype ( 2.5.4.65 NAME 'pseudonym'
- DESC 'X.520(4th): pseudonym for the object'
- SUP name )
-
-# Standard object classes from RFC2256
-
-# system schema
-#objectclass ( 2.5.6.0 NAME 'top'
-# DESC 'RFC2256: top of the superclass chain'
-# ABSTRACT
-# MUST objectClass )
-
-# system schema
-#objectclass ( 2.5.6.1 NAME 'alias'
-# DESC 'RFC2256: an alias'
-# SUP top STRUCTURAL
-# MUST aliasedObjectName )
-
-objectclass ( 2.5.6.2 NAME 'country'
- DESC 'RFC2256: a country'
- SUP top STRUCTURAL
- MUST c
- MAY ( searchGuide $ description ) )
-
-objectclass ( 2.5.6.3 NAME 'locality'
- DESC 'RFC2256: a locality'
- SUP top STRUCTURAL
- MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-
-objectclass ( 2.5.6.4 NAME 'organization'
- DESC 'RFC2256: an organization'
- SUP top STRUCTURAL
- MUST o
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-
-objectclass ( 2.5.6.5 NAME 'organizationalUnit'
- DESC 'RFC2256: an organizational unit'
- SUP top STRUCTURAL
- MUST ou
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-
-objectclass ( 2.5.6.6 NAME 'person'
- DESC 'RFC2256: a person'
- SUP top STRUCTURAL
- MUST ( sn $ cn )
- MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
-
-objectclass ( 2.5.6.7 NAME 'organizationalPerson'
- DESC 'RFC2256: an organizational person'
- SUP person STRUCTURAL
- MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
-
-objectclass ( 2.5.6.8 NAME 'organizationalRole'
- DESC 'RFC2256: an organizational role'
- SUP top STRUCTURAL
- MUST cn
- MAY ( x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-
-objectclass ( 2.5.6.9 NAME 'groupOfNames'
- DESC 'RFC2256: a group of names (DNs)'
- SUP top STRUCTURAL
- MUST ( member $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-
-objectclass ( 2.5.6.10 NAME 'residentialPerson'
- DESC 'RFC2256: an residential person'
- SUP person STRUCTURAL
- MUST l
- MAY ( businessCategory $ x121Address $ registeredAddress $
- destinationIndicator $ preferredDeliveryMethod $ telexNumber $
- teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l ) )
-
-objectclass ( 2.5.6.11 NAME 'applicationProcess'
- DESC 'RFC2256: an application process'
- SUP top STRUCTURAL
- MUST cn
- MAY ( seeAlso $ ou $ l $ description ) )
-
-objectclass ( 2.5.6.12 NAME 'applicationEntity'
- DESC 'RFC2256: an application entity'
- SUP top STRUCTURAL
- MUST ( presentationAddress $ cn )
- MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
- description ) )
-
-objectclass ( 2.5.6.13 NAME 'dSA'
- DESC 'RFC2256: a directory system agent (a server)'
- SUP applicationEntity STRUCTURAL
- MAY knowledgeInformation )
-
-objectclass ( 2.5.6.14 NAME 'device'
- DESC 'RFC2256: a device'
- SUP top STRUCTURAL
- MUST cn
- MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
-
-objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
- DESC 'RFC2256: a strong authentication user'
- SUP top AUXILIARY
- MUST userCertificate )
-
-objectclass ( 2.5.6.16 NAME 'certificationAuthority'
- DESC 'RFC2256: a certificate authority'
- SUP top AUXILIARY
- MUST ( authorityRevocationList $ certificateRevocationList $
- cACertificate ) MAY crossCertificatePair )
-
-objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
- DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
- SUP top STRUCTURAL
- MUST ( uniqueMember $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-
-objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
- DESC 'RFC2256: a user security information'
- SUP top AUXILIARY
- MAY ( supportedAlgorithms ) )
-
-objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
- SUP certificationAuthority
- AUXILIARY MAY ( deltaRevocationList ) )
-
-objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
- SUP top STRUCTURAL
- MUST ( cn )
- MAY ( certificateRevocationList $ authorityRevocationList $
- deltaRevocationList ) )
-
-objectclass ( 2.5.6.20 NAME 'dmd'
- SUP top STRUCTURAL
- MUST ( dmdName )
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- street $ postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l $ description ) )
-
-#
-# Object Classes from RFC 2587
-#
-objectclass ( 2.5.6.21 NAME 'pkiUser'
- DESC 'RFC2587: a PKI user'
- SUP top AUXILIARY
- MAY userCertificate )
-
-objectclass ( 2.5.6.22 NAME 'pkiCA'
- DESC 'RFC2587: PKI certificate authority'
- SUP top AUXILIARY
- MAY ( authorityRevocationList $ certificateRevocationList $
- cACertificate $ crossCertificatePair ) )
-
-objectclass ( 2.5.6.23 NAME 'deltaCRL'
- DESC 'RFC2587: PKI user'
- SUP top AUXILIARY
- MAY deltaRevocationList )
-
-#
-# Standard Track URI label schema from RFC 2079
-# system schema
-#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-# DESC 'RFC2079: Uniform Resource Identifier with optional label'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
- DESC 'RFC2079: object that contains the URI attribute type'
- SUP top AUXILIARY
- MAY ( labeledURI ) )
-
-#
-# Derived from RFC 1274, but with new "short names"
-#
-#attributetype ( 0.9.2342.19200300.100.1.1
-# NAME ( 'uid' 'userid' )
-# DESC 'RFC1274: user identifier'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 0.9.2342.19200300.100.1.3
- NAME ( 'mail' 'rfc822Mailbox' )
- DESC 'RFC1274: RFC822 Mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
- DESC 'RFC1274: simple security object'
- SUP top AUXILIARY
- MUST userPassword )
-
-# RFC 1274 + RFC 2247
-attributetype ( 0.9.2342.19200300.100.1.25
- NAME ( 'dc' 'domainComponent' )
- DESC 'RFC1274/2247: domain component'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-# RFC 2247
-objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
- DESC 'RFC2247: domain component object'
- SUP top AUXILIARY MUST dc )
-
-# RFC 2377
-objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
- DESC 'RFC2377: uid object'
- SUP top AUXILIARY MUST uid )
-
-# From COSINE Pilot
-attributetype ( 0.9.2342.19200300.100.1.37
- NAME 'associatedDomain'
- DESC 'RFC1274: domain associated with object'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
-attributetype ( 1.2.840.113549.1.9.1
- NAME ( 'email' 'emailAddress' 'pkcs9email' )
- DESC 'RFC3280: legacy attribute for email addresses in DNs'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,2571 +0,0 @@
-# RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# RFC1274: Cosine and Internet X.500 schema
-#
-# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
-# schema. As this schema was defined for X.500(89), some
-# oddities were introduced in the mapping to LDAPv3. The
-# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
-# (a work in progress)
-#
-# Note: It seems that the pilot schema evolved beyond what was
-# described in RFC1274. However, this document attempts to describes
-# RFC1274 as published.
-#
-# Depends on core.schema
-
-
-# Network Working Group P. Barker
-# Request for Comments: 1274 S. Kille
-# University College London
-# November 1991
-#
-# The COSINE and Internet X.500 Schema
-#
-# [trimmed]
-#
-# Abstract
-#
-# This document suggests an X.500 Directory Schema, or Naming
-# Architecture, for use in the COSINE and Internet X.500 pilots. The
-# schema is independent of any specific implementation. As well as
-# indicating support for the standard object classes and attributes, a
-# large number of generally useful object classes and attributes are
-# also defined. An appendix to this document includes a machine
-# processable version of the schema.
-#
-# [trimmed]
-
-# 7. Object Identifiers
-#
-# Some additional object identifiers are defined for this schema.
-# These are also reproduced in Appendix C.
-#
-# data OBJECT IDENTIFIER ::= {ccitt 9}
-# pss OBJECT IDENTIFIER ::= {data 2342}
-# ucl OBJECT IDENTIFIER ::= {pss 19200300}
-# pilot OBJECT IDENTIFIER ::= {ucl 100}
-#
-# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
-# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
-# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
-# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
-#
-# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
-# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
-# {pilotAttributeSyntax 5}
-#
-# 8. Object Classes
-# [relocated after 9]
-
-#
-# 9. Attribute Types
-#
-# 9.1. X.500 standard attribute types
-#
-# A number of generally useful attribute types are defined in X.520,
-# and these are supported. Refer to that document for descriptions of
-# the suggested usage of these attribute types. The ASN.1 for these
-# attribute types is reproduced for completeness in Appendix C.
-#
-# 9.2. X.400 standard attribute types
-#
-# The standard X.400 attribute types are supported. See X.402 for full
-# details. The ASN.1 for these attribute types is reproduced in
-# Appendix C.
-#
-# 9.3. COSINE/Internet attribute types
-#
-# This section describes all the attribute types defined for use in the
-# COSINE and Internet pilots. Descriptions are given as to the
-# suggested usage of these attribute types. The ASN.1 for these
-# attribute types is reproduced in Appendix C.
-#
-# 9.3.1. Userid
-#
-# The Userid attribute type specifies a computer system login name.
-#
-# userid ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-identifier))
-# ::= {pilotAttributeType 1}
-#
-#(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
-## EQUALITY caseIgnoreMatch
-## SUBSTR caseIgnoreSubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.2. Text Encoded O/R Address
-#
-# The Text Encoded O/R Address attribute type specifies a text encoding
-# of an X.400 O/R address, as specified in RFC 987. The use of this
-# attribute is deprecated as the attribute is intended for interim use
-# only. This attribute will be the first candidate for the attribute
-# expiry mechanisms!
-#
-# textEncodedORAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-text-encoded-or-address))
-# ::= {pilotAttributeType 2}
-#
-attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.3. RFC 822 Mailbox
-#
-# The RFC822 Mailbox attribute type specifies an electronic mailbox
-# attribute following the syntax specified in RFC 822. Note that this
-# attribute should not be used for greybook or other non-Internet order
-# mailboxes.
-#
-# rfc822Mailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-rfc822-mailbox))
-# ::= {pilotAttributeType 3}
-#
-#(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
-## EQUALITY caseIgnoreIA5Match
-## SUBSTR caseIgnoreIA5SubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# 9.3.4. Information
-#
-# The Information attribute type specifies any general information
-# pertinent to an object. It is recommended that specific usage of
-# this attribute type is avoided, and that specific requirements are
-# met by other (possibly additional) attribute types.
-#
-# info ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-information))
-# ::= {pilotAttributeType 4}
-#
-attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
- DESC 'RFC1274: general information'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
-
-
-# 9.3.5. Favourite Drink
-#
-# The Favourite Drink attribute type specifies the favourite drink of
-# an object (or person).
-#
-# favouriteDrink ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-favourite-drink))
-# ::= {pilotAttributeType 5}
-#
-attributetype ( 0.9.2342.19200300.100.1.5
- NAME ( 'drink' 'favouriteDrink' )
- DESC 'RFC1274: favorite drink'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.6. Room Number
-#
-# The Room Number attribute type specifies the room number of an
-# object. Note that the commonName attribute should be used for naming
-# room objects.
-#
-# roomNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-room-number))
-# ::= {pilotAttributeType 6}
-#
-attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
- DESC 'RFC1274: room number'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.7. Photo
-#
-# The Photo attribute type specifies a "photograph" for an object.
-# This should be encoded in G3 fax as explained in recommendation T.4,
-# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
-# defined in X.420.
-#
-# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
-# information-objects }
-#
-# photo ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-photo))
-# ::= {pilotAttributeType 7}
-#
-attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
- DESC 'RFC1274: photo (G3 fax)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
-
-# 9.3.8. User Class
-#
-# The User Class attribute type specifies a category of computer user.
-# The semantics placed on this attribute are for local interpretation.
-# Examples of current usage od this attribute in academia are
-# undergraduate student, researcher, lecturer, etc. Note that the
-# organizationalStatus attribute may now often be preferred as it makes
-# no distinction between computer users and others.
-#
-# userClass ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-class))
-# ::= {pilotAttributeType 8}
-#
-attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
- DESC 'RFC1274: category of user'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.9. Host
-#
-# The Host attribute type specifies a host computer.
-#
-# host ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-host))
-# ::= {pilotAttributeType 9}
-#
-attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
- DESC 'RFC1274: host computer'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.10. Manager
-#
-# The Manager attribute type specifies the manager of an object
-# represented by an entry.
-#
-# manager ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 10}
-#
-attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
- DESC 'RFC1274: DN of manager'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.11. Document Identifier
-#
-# The Document Identifier attribute type specifies a unique identifier
-# for a document.
-#
-# documentIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-identifier))
-# ::= {pilotAttributeType 11}
-#
-attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
- DESC 'RFC1274: unique identifier of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.12. Document Title
-#
-# The Document Title attribute type specifies the title of a document.
-#
-# documentTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-title))
-# ::= {pilotAttributeType 12}
-#
-attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
- DESC 'RFC1274: title of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.13. Document Version
-#
-# The Document Version attribute type specifies the version number of a
-# document.
-#
-# documentVersion ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-version))
-# ::= {pilotAttributeType 13}
-#
-attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
- DESC 'RFC1274: version of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.14. Document Author
-#
-# The Document Author attribute type specifies the distinguished name
-# of the author of a document.
-#
-# documentAuthor ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 14}
-#
-attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
- DESC 'RFC1274: DN of author of document'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.15. Document Location
-#
-# The Document Location attribute type specifies the location of the
-# document original.
-#
-# documentLocation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-location))
-# ::= {pilotAttributeType 15}
-#
-attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
- DESC 'RFC1274: location of document original'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.16. Home Telephone Number
-#
-# The Home Telephone Number attribute type specifies a home telephone
-# number associated with a person. Attribute values should follow the
-# agreed format for international telephone numbers: i.e., "+44 71 123
-# 4567".
-#
-# homeTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 20}
-#
-attributetype ( 0.9.2342.19200300.100.1.20
- NAME ( 'homePhone' 'homeTelephoneNumber' )
- DESC 'RFC1274: home telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.17. Secretary
-#
-# The Secretary attribute type specifies the secretary of a person.
-# The attribute value for Secretary is a distinguished name.
-#
-# secretary ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 21}
-#
-attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
- DESC 'RFC1274: DN of secretary'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.18. Other Mailbox
-#
-# The Other Mailbox attribute type specifies values for electronic
-# mailbox types other than X.400 and rfc822.
-#
-# otherMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# SEQUENCE {
-# mailboxType PrintableString, -- e.g. Telemail
-# mailbox IA5String -- e.g. X378:Joe
-# }
-# ::= {pilotAttributeType 22}
-#
-attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
-
-# 9.3.19. Last Modified Time
-#
-# The Last Modified Time attribute type specifies the last time, in UTC
-# time, that an entry was modified. Ideally, this attribute should be
-# maintained by the DSA.
-#
-# lastModifiedTime ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# uTCTimeSyntax
-# ::= {pilotAttributeType 23}
-#
-## Deprecated in favor of modifyTimeStamp
-#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
-# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
-# OBSOLETE
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-# USAGE directoryOperation )
-
-# 9.3.20. Last Modified By
-#
-# The Last Modified By attribute specifies the distinguished name of
-# the last user to modify the associated entry. Ideally, this
-# attribute should be maintained by the DSA.
-#
-# lastModifiedBy ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 24}
-#
-## Deprecated in favor of modifiersName
-#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
-# DESC 'RFC1274: last modifier, replaced by modifiersName'
-# OBSOLETE
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-# USAGE directoryOperation )
-
-# 9.3.21. Domain Component
-#
-# The Domain Component attribute type specifies a DNS/NRS domain. For
-# example, "uk" or "ac".
-#
-# domainComponent ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 25}
-#
-##(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
-## EQUALITY caseIgnoreIA5Match
-## SUBSTR caseIgnoreIA5SubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-# 9.3.22. DNS ARecord
-#
-# The A Record attribute type specifies a type A (Address) DNS resource
-# record [6] [7].
-#
-# aRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 26}
-#
-## incorrect syntax?
-attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-## missing from RFC1274
-## incorrect syntax?
-attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.23. MX Record
-#
-# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
-# resource record [6] [7].
-#
-# mXRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 28}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.24. NS Record
-#
-# The NS Record attribute type specifies an NS (Name Server) DNS
-# resource record [6] [7].
-#
-# nSRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 29}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.25. SOA Record
-#
-# The SOA Record attribute type specifies a type SOA (Start of
-# Authority) DNS resorce record [6] [7].
-#
-# sOARecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 30}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.26. CNAME Record
-#
-# The CNAME Record attribute type specifies a type CNAME (Canonical
-# Name) DNS resource record [6] [7].
-#
-# cNAMERecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# iA5StringSyntax
-# ::= {pilotAttributeType 31}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.27. Associated Domain
-#
-# The Associated Domain attribute type specifies a DNS or NRS domain
-# which is associated with an object in the DIT. For example, the entry
-# in the DIT with a distinguished name "C=GB, O=University College
-# London" would have an associated domain of "UCL.AC.UK. Note that all
-# domains should be represented in rfc822 order. See [3] for more
-# details of usage of this attribute.
-#
-# associatedDomain ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# ::= {pilotAttributeType 37}
-#
-#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
-# EQUALITY caseIgnoreIA5Match
-# SUBSTR caseIgnoreIA5SubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.28. Associated Name
-#
-# The Associated Name attribute type specifies an entry in the
-# organisational DIT associated with a DNS/NRS domain. See [3] for
-# more details of usage of this attribute.
-#
-# associatedName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 38}
-#
-attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
- DESC 'RFC1274: DN of entry associated with domain'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.29. Home postal address
-#
-# The Home postal address attribute type specifies a home postal
-# address for an object. This should be limited to up to 6 lines of 30
-# characters each.
-#
-# homePostalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# postalAddress
-# MATCHES FOR EQUALITY
-# ::= {pilotAttributeType 39}
-#
-attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
- DESC 'RFC1274: home postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-# 9.3.30. Personal Title
-#
-# The Personal Title attribute type specifies a personal title for a
-# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
-#
-# personalTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-personal-title))
-# ::= {pilotAttributeType 40}
-#
-attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
- DESC 'RFC1274: personal title'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.31. Mobile Telephone Number
-#
-# The Mobile Telephone Number attribute type specifies a mobile
-# telephone number associated with a person. Attribute values should
-# follow the agreed format for international telephone numbers: i.e.,
-# "+44 71 123 4567".
-#
-# mobileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 41}
-#
-attributetype ( 0.9.2342.19200300.100.1.41
- NAME ( 'mobile' 'mobileTelephoneNumber' )
- DESC 'RFC1274: mobile telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.32. Pager Telephone Number
-#
-# The Pager Telephone Number attribute type specifies a pager telephone
-# number for an object. Attribute values should follow the agreed
-# format for international telephone numbers: i.e., "+44 71 123 4567".
-#
-# pagerTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 42}
-#
-attributetype ( 0.9.2342.19200300.100.1.42
- NAME ( 'pager' 'pagerTelephoneNumber' )
- DESC 'RFC1274: pager telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.33. Friendly Country Name
-#
-# The Friendly Country Name attribute type specifies names of countries
-# in human readable format. The standard attribute country name must
-# be one of the two-letter codes defined in ISO 3166.
-#
-# friendlyCountryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# ::= {pilotAttributeType 43}
-#
-attributetype ( 0.9.2342.19200300.100.1.43
- NAME ( 'co' 'friendlyCountryName' )
- DESC 'RFC1274: friendly country name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 9.3.34. Unique Identifier
-#
-# The Unique Identifier attribute type specifies a "unique identifier"
-# for an object represented in the Directory. The domain within which
-# the identifier is unique, and the exact semantics of the identifier,
-# are for local definition. For a person, this might be an
-# institution-wide payroll number. For an organisational unit, it
-# might be a department code.
-#
-# uniqueIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-unique-identifier))
-# ::= {pilotAttributeType 44}
-#
-attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
- DESC 'RFC1274: unique identifer'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.35. Organisational Status
-#
-# The Organisational Status attribute type specifies a category by
-# which a person is often referred to in an organisation. Examples of
-# usage in academia might include undergraduate student, researcher,
-# lecturer, etc.
-#
-# A Directory administrator should probably consider carefully the
-# distinctions between this and the title and userClass attributes.
-#
-# organizationalStatus ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-organizational-status))
-# ::= {pilotAttributeType 45}
-#
-attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
- DESC 'RFC1274: organizational status'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.36. Janet Mailbox
-#
-# The Janet Mailbox attribute type specifies an electronic mailbox
-# attribute following the syntax specified in the Grey Book of the
-# Coloured Book series. This attribute is intended for the convenience
-# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
-# Entries using this attribute MUST also include an rfc822Mailbox
-# attribute.
-#
-# janetMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-janet-mailbox))
-# ::= {pilotAttributeType 46}
-#
-attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
- DESC 'RFC1274: Janet mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# 9.3.37. Mail Preference Option
-#
-# An attribute to allow users to indicate a preference for inclusion of
-# their names on mailing lists (electronic or physical). The absence
-# of such an attribute should be interpreted as if the attribute was
-# present with value "no-list-inclusion". This attribute should be
-# interpreted by anyone using the directory to derive mailing lists,
-# and its value respected.
-#
-# mailPreferenceOption ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX ENUMERATED {
-# no-list-inclusion(0),
-# any-list-inclusion(1), -- may be added to any lists
-# professional-list-inclusion(2)
-# -- may be added to lists
-# -- which the list provider
-# -- views as related to the
-# -- users professional inter-
-# -- ests, perhaps evaluated
-# -- from the business of the
-# -- organisation or keywords
-# -- in the entry.
-# }
-# ::= {pilotAttributeType 47}
-#
-attributetype ( 0.9.2342.19200300.100.1.47
- NAME 'mailPreferenceOption'
- DESC 'RFC1274: mail preference option'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-# 9.3.38. Building Name
-#
-# The Building Name attribute type specifies the name of the building
-# where an organisation or organisational unit is based.
-#
-# buildingName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-building-name))
-# ::= {pilotAttributeType 48}
-#
-attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
- DESC 'RFC1274: name of building'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.39. DSA Quality
-#
-# The DSA Quality attribute type specifies the purported quality of a
-# DSA. It allows a DSA manager to indicate the expected level of
-# availability of the DSA. See [8] for details of the syntax.
-#
-# dSAQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 49}
-#
-attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
- DESC 'RFC1274: DSA Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
-
-# 9.3.40. Single Level Quality
-#
-# The Single Level Quality attribute type specifies the purported data
-# quality at the level immediately below in the DIT. See [8] for
-# details of the syntax.
-#
-# singleLevelQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 50}
-#
-attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
- DESC 'RFC1274: Single Level Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.41. Subtree Minimum Quality
-#
-# The Subtree Minimum Quality attribute type specifies the purported
-# minimum data quality for a DIT subtree. See [8] for more discussion
-# and details of the syntax.
-#
-# subtreeMinimumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 51}
-#
-attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
- DESC 'RFC1274: Subtree Mininum Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.42. Subtree Maximum Quality
-#
-# The Subtree Maximum Quality attribute type specifies the purported
-# maximum data quality for a DIT subtree. See [8] for more discussion
-# and details of the syntax.
-#
-# subtreeMaximumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 52}
-#
-attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
- DESC 'RFC1274: Subtree Maximun Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.43. Personal Signature
-#
-# The Personal Signature attribute type allows for a representation of
-# a person's signature. This should be encoded in G3 fax as explained
-# in recommendation T.4, with an ASN.1 wrapper to make it compatible
-# with an X.400 BodyPart as defined in X.420.
-#
-# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
-# information-objects }
-#
-# personalSignature ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-personal-signature))
-# ::= {pilotAttributeType 53}
-#
-attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
- DESC 'RFC1274: Personal Signature (G3 fax)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
-
-# 9.3.44. DIT Redirect
-#
-# The DIT Redirect attribute type is used to indicate that the object
-# described by one entry now has a newer entry in the DIT. The entry
-# containing the redirection attribute should be expired after a
-# suitable grace period. This attribute may be used when an individual
-# changes his/her place of work, and thus acquires a new organisational
-# DN.
-#
-# dITRedirect ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 54}
-#
-attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
- DESC 'RFC1274: DIT Redirect'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.45. Audio
-#
-# The Audio attribute type allows the storing of sounds in the
-# Directory. The attribute uses a u-law encoded sound file as used by
-# the "play" utility on a Sun 4. This is an interim format.
-#
-# audio ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# Audio
-# (SIZE (1 .. ub-audio))
-# ::= {pilotAttributeType 55}
-#
-attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
- DESC 'RFC1274: audio (u-law)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
-
-# 9.3.46. Publisher of Document
-#
-#
-# The Publisher of Document attribute is the person and/or organization
-# that published a document.
-#
-# documentPublisher ATTRIBUTE
-# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
-# ::= {pilotAttributeType 56}
-#
-attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
- DESC 'RFC1274: publisher of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 9.4. Generally useful syntaxes
-#
-# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-# iA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# -- Syntaxes to support the DNS attributes
-#
-# DNSRecordSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformationSyntax ATTRIBUTE-SYNTAX
-# NRSInformation
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformation ::= SET {
-# [0] Context,
-# [1] Address-space-id,
-# routes [2] SEQUENCE OF SEQUENCE {
-# Route-cost,
-# Addressing-info }
-# }
-#
-#
-# 9.5. Upper bounds on length of attribute values
-#
-#
-# ub-document-identifier INTEGER ::= 256
-#
-# ub-document-location INTEGER ::= 256
-#
-# ub-document-title INTEGER ::= 256
-#
-# ub-document-version INTEGER ::= 256
-#
-# ub-favourite-drink INTEGER ::= 256
-#
-# ub-host INTEGER ::= 256
-#
-# ub-information INTEGER ::= 2048
-#
-# ub-unique-identifier INTEGER ::= 256
-#
-# ub-personal-title INTEGER ::= 256
-#
-# ub-photo INTEGER ::= 250000
-#
-# ub-rfc822-mailbox INTEGER ::= 256
-#
-# ub-room-number INTEGER ::= 256
-#
-# ub-text-or-address INTEGER ::= 256
-#
-# ub-user-class INTEGER ::= 256
-#
-# ub-user-identifier INTEGER ::= 256
-#
-# ub-organizational-status INTEGER ::= 256
-#
-# ub-janet-mailbox INTEGER ::= 256
-#
-# ub-building-name INTEGER ::= 256
-#
-# ub-personal-signature ::= 50000
-#
-# ub-audio INTEGER ::= 250000
-#
-
-# [back to 8]
-# 8. Object Classes
-#
-# 8.1. X.500 standard object classes
-#
-# A number of generally useful object classes are defined in X.521, and
-# these are supported. Refer to that document for descriptions of the
-# suggested usage of these object classes. The ASN.1 for these object
-# classes is reproduced for completeness in Appendix C.
-#
-# 8.2. X.400 standard object classes
-#
-# A number of object classes defined in X.400 are supported. Refer to
-# X.402 for descriptions of the usage of these object classes. The
-# ASN.1 for these object classes is reproduced for completeness in
-# Appendix C.
-#
-# 8.3. COSINE/Internet object classes
-#
-# This section attempts to fuse together the object classes designed
-# for use in the COSINE and Internet pilot activities. Descriptions
-# are given of the suggested usage of these object classes. The ASN.1
-# for these object classes is also reproduced in Appendix C.
-#
-# 8.3.1. Pilot Object
-#
-# The PilotObject object class is used as a sub-class to allow some
-# common, useful attributes to be assigned to entries of all other
-# object classes.
-#
-# pilotObject OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# info,
-# photo,
-# manager,
-# uniqueIdentifier,
-# lastModifiedTime,
-# lastModifiedBy,
-# dITRedirect,
-# audio}
-# ::= {pilotObjectClass 3}
-#
-#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
-# DESC 'RFC1274: pilot object'
-# SUP top AUXILIARY
-# MAY ( info $ photo $ manager $ uniqueIdentifier $
-# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
-# )
-
-# 8.3.2. Pilot Person
-#
-# The PilotPerson object class is used as a sub-class of person, to
-# allow the use of a number of additional attributes to be assigned to
-# entries of object class person.
-#
-# pilotPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# userid,
-# textEncodedORAddress,
-# rfc822Mailbox,
-# favouriteDrink,
-# roomNumber,
-# userClass,
-# homeTelephoneNumber,
-# homePostalAddress,
-# secretary,
-# personalTitle,
-# preferredDeliveryMethod,
-# businessCategory,
-# janetMailbox,
-# otherMailbox,
-# mobileTelephoneNumber,
-# pagerTelephoneNumber,
-# organizationalStatus,
-# mailPreferenceOption,
-# personalSignature}
-# ::= {pilotObjectClass 4}
-#
-objectclass ( 0.9.2342.19200300.100.4.4
- NAME ( 'pilotPerson' 'newPilotPerson' )
- SUP person STRUCTURAL
- MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
- favouriteDrink $ roomNumber $ userClass $
- homeTelephoneNumber $ homePostalAddress $ secretary $
- personalTitle $ preferredDeliveryMethod $ businessCategory $
- janetMailbox $ otherMailbox $ mobileTelephoneNumber $
- pagerTelephoneNumber $ organizationalStatus $
- mailPreferenceOption $ personalSignature )
- )
-
-# 8.3.3. Account
-#
-# The Account object class is used to define entries representing
-# computer accounts. The userid attribute should be used for naming
-# entries of this object class.
-#
-# account OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userid}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# host}
-# ::= {pilotObjectClass 5}
-#
-objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
- SUP top STRUCTURAL
- MUST userid
- MAY ( description $ seeAlso $ localityName $
- organizationName $ organizationalUnitName $ host )
- )
-
-# 8.3.4. Document
-#
-# The Document object class is used to define entries which represent
-# documents.
-#
-# document OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# documentIdentifier}
-# MAY CONTAIN {
-# commonName,
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# documentTitle,
-# documentVersion,
-# documentAuthor,
-# documentLocation,
-# documentPublisher}
-# ::= {pilotObjectClass 6}
-#
-objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
- SUP top STRUCTURAL
- MUST documentIdentifier
- MAY ( commonName $ description $ seeAlso $ localityName $
- organizationName $ organizationalUnitName $
- documentTitle $ documentVersion $ documentAuthor $
- documentLocation $ documentPublisher )
- )
-
-# 8.3.5. Room
-#
-# The Room object class is used to define entries representing rooms.
-# The commonName attribute should be used for naming pentries of this
-# object class.
-#
-# room OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# roomNumber,
-# description,
-# seeAlso,
-# telephoneNumber}
-# ::= {pilotObjectClass 7}
-#
-objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
- SUP top STRUCTURAL
- MUST commonName
- MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
- )
-
-# 8.3.6. Document Series
-#
-# The Document Series object class is used to define an entry which
-# represents a series of documents (e.g., The Request For Comments
-# papers).
-#
-# documentSeries OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# localityName,
-# organizationName,
-# organizationalUnitName}
-# ::= {pilotObjectClass 9}
-#
-objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
- SUP top STRUCTURAL
- MUST commonName
- MAY ( description $ seeAlso $ telephonenumber $
- localityName $ organizationName $ organizationalUnitName )
- )
-
-# 8.3.7. Domain
-#
-# The Domain object class is used to define entries which represent DNS
-# or NRS domains. The domainComponent attribute should be used for
-# naming entries of this object class. The usage of this object class
-# is described in more detail in [3].
-#
-# domain OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# domainComponent}
-# MAY CONTAIN {
-# associatedName,
-# organizationName,
-# organizationalAttributeSet}
-# ::= {pilotObjectClass 13}
-#
-objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
- SUP top STRUCTURAL
- MUST domainComponent
- MAY ( associatedName $ organizationName $ description $
- businessCategory $ seeAlso $ searchGuide $ userPassword $
- localityName $ stateOrProvinceName $ streetAddress $
- physicalDeliveryOfficeName $ postalAddress $ postalCode $
- postOfficeBox $ streetAddress $
- facsimileTelephoneNumber $ internationalISDNNumber $
- telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
- preferredDeliveryMethod $ destinationIndicator $
- registeredAddress $ x121Address )
- )
-
-# 8.3.8. RFC822 Local Part
-#
-# The RFC822 Local Part object class is used to define entries which
-# represent the local part of RFC822 mail addresses. This treats this
-# part of an RFC822 address as a domain. The usage of this object
-# class is described in more detail in [3].
-#
-# rFC822localPart OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# commonName,
-# surname,
-# description,
-# seeAlso,
-# telephoneNumber,
-# postalAttributeSet,
-# telecommunicationAttributeSet}
-# ::= {pilotObjectClass 14}
-#
-objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
- SUP domain STRUCTURAL
- MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
- physicalDeliveryOfficeName $ postalAddress $ postalCode $
- postOfficeBox $ streetAddress $
- facsimileTelephoneNumber $ internationalISDNNumber $
- telephoneNumber $ teletexTerminalIdentifier $
- telexNumber $ preferredDeliveryMethod $ destinationIndicator $
- registeredAddress $ x121Address )
- )
-
-# 8.3.9. DNS Domain
-#
-# The DNS Domain (Domain NameServer) object class is used to define
-# entries for DNS domains. The usage of this object class is described
-# in more detail in [3].
-#
-# dNSDomain OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# ARecord,
-# MDRecord,
-# MXRecord,
-# NSRecord,
-# SOARecord,
-# CNAMERecord}
-# ::= {pilotObjectClass 15}
-#
-objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
- SUP domain STRUCTURAL
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
- SOARecord $ CNAMERecord )
- )
-
-# 8.3.10. Domain Related Object
-#
-# The Domain Related Object object class is used to define entries
-# which represent DNS/NRS domains which are "equivalent" to an X.500
-# domain: e.g., an organisation or organisational unit. The usage of
-# this object class is described in more detail in [3].
-#
-# domainRelatedObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# associatedDomain}
-# ::= {pilotObjectClass 17}
-#
-objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
- DESC 'RFC1274: an object related to an domain'
- SUP top AUXILIARY
- MUST associatedDomain )
-
-# 8.3.11. Friendly Country
-#
-# The Friendly Country object class is used to define country entries
-# in the DIT. The object class is used to allow friendlier naming of
-# countries than that allowed by the object class country. The naming
-# attribute of object class country, countryName, has to be a 2 letter
-# string defined in ISO 3166.
-#
-# friendlyCountry OBJECT-CLASS
-# SUBCLASS OF country
-# MUST CONTAIN {
-# friendlyCountryName}
-# ::= {pilotObjectClass 18}
-#
-objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
- SUP country STRUCTURAL
- MUST friendlyCountryName )
-
-# 8.3.12. Simple Security Object
-#
-# The Simple Security Object object class is used to allow an entry to
-# have a userPassword attribute when an entry's principal object
-# classes do not allow userPassword as an attribute type.
-#
-# simpleSecurityObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userPassword }
-# ::= {pilotObjectClass 19}
-#
-## (in core.schema)
-## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
-## SUP top AUXILIARY
-## MUST userPassword )
-
-# 8.3.13. Pilot Organization
-#
-# The PilotOrganization object class is used as a sub-class of
-# organization and organizationalUnit to allow a number of additional
-# attributes to be assigned to entries of object classes organization
-# and organizationalUnit.
-#
-# pilotOrganization OBJECT-CLASS
-# SUBCLASS OF organization, organizationalUnit
-# MAY CONTAIN {
-# buildingName}
-# ::= {pilotObjectClass 20}
-#
-objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
- SUP ( organization $ organizationalUnit ) STRUCTURAL
- MAY buildingName )
-
-# 8.3.14. Pilot DSA
-#
-# The PilotDSA object class is used as a sub-class of the dsa object
-# class to allow additional attributes to be assigned to entries for
-# DSAs.
-#
-# pilotDSA OBJECT-CLASS
-# SUBCLASS OF dsa
-# MUST CONTAIN {
-# dSAQuality}
-# ::= {pilotObjectClass 21}
-#
-objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
- SUP dsa STRUCTURAL
- MAY dSAQuality )
-
-# 8.3.15. Quality Labelled Data
-#
-# The Quality Labelled Data object class is used to allow the
-# assignment of the data quality attributes to subtrees in the DIT.
-#
-# See [8] for more details.
-#
-# qualityLabelledData OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# dSAQuality}
-# MAY CONTAIN {
-# subtreeMinimumQuality,
-# subtreeMaximumQuality}
-# ::= {pilotObjectClass 22}
-objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
- SUP top AUXILIARY
- MUST dsaQuality
- MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
- )
-
-
-# References
-#
-# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
-# models and services, CCITT /ISO IS 9594.
-#
-# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
-# University College London, Department of Computer Science
-# Research Note 89/48, May 1989.
-#
-# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
-# London, November 1991.
-#
-# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
-# Report", Technical Report 90-09-10-1, published by NYSERNet
-# Inc, 1990.
-#
-# [5] Craigie, J., "UK Academic Community Directory Service Pilot
-# Project, pp. 305-310 in Computer Networks and ISDN Systems
-# 17 (1989), published by North Holland.
-#
-# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
-# RFC 1034, USC/Information Sciences Institute, November 1987.
-#
-# [7] Mockapetris, P., "Domain Names - Implementation and
-# Specification, RFC 1035, USC/Information Sciences Institute,
-# November 1987.
-#
-# [8] Kille, S., "Handling QOS (Quality of service) in the
-# Directory," publication in process, March 1991.
-#
-#
-# APPENDIX C - Summary of all Object Classes and Attribute Types
-#
-# -- Some Important Object Identifiers
-#
-# data OBJECT IDENTIFIER ::= {ccitt 9}
-# pss OBJECT IDENTIFIER ::= {data 2342}
-# ucl OBJECT IDENTIFIER ::= {pss 19200300}
-# pilot OBJECT IDENTIFIER ::= {ucl 100}
-#
-# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
-# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
-# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
-# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
-#
-# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
-# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
-# {pilotAttributeSyntax 5}
-#
-# -- Standard Object Classes
-#
-# top OBJECT-CLASS
-# MUST CONTAIN {
-# objectClass}
-# ::= {objectClass 0}
-#
-#
-# alias OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# aliasedObjectName}
-# ::= {objectClass 1}
-#
-#
-# country OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# countryName}
-# MAY CONTAIN {
-# description,
-# searchGuide}
-# ::= {objectClass 2}
-#
-#
-# locality OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# description,
-# localityName,
-# stateOrProvinceName,
-# searchGuide,
-# seeAlso,
-# streetAddress}
-# ::= {objectClass 3}
-#
-#
-# organization OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# organizationName}
-# MAY CONTAIN {
-# organizationalAttributeSet}
-# ::= {objectClass 4}
-#
-#
-# organizationalUnit OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# organizationalUnitName}
-# MAY CONTAIN {
-# organizationalAttributeSet}
-# ::= {objectClass 5}
-#
-#
-# person OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# surname}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# userPassword}
-# ::= {objectClass 6}
-#
-#
-# organizationalPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# localeAttributeSet,
-# organizationalUnitName,
-# postalAttributeSet,
-# telecommunicationAttributeSet,
-# title}
-# ::= {objectClass 7}
-#
-#
-# organizationalRole OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localeAttributeSet,
-# organizationalUnitName,
-# postalAttributeSet,
-# preferredDeliveryMethod,
-# roleOccupant,
-# seeAlso,
-# telecommunicationAttributeSet}
-# ::= {objectClass 8}
-#
-#
-# groupOfNames OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# member}
-# MAY CONTAIN {
-# description,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# businessCategory}
-# ::= {objectClass 9}
-#
-#
-# residentialPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MUST CONTAIN {
-# localityName}
-# MAY CONTAIN {
-# localeAttributeSet,
-# postalAttributeSet,
-# preferredDeliveryMethod,
-# telecommunicationAttributeSet,
-# businessCategory}
-# ::= {objectClass 10}
-#
-#
-# applicationProcess OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationalUnitName,
-# seeAlso}
-# ::= {objectClass 11}
-#
-#
-# applicationEntity OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# presentationAddress}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# seeAlso,
-# supportedApplicationContext}
-# ::= {objectClass 12}
-#
-#
-# dSA OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# knowledgeInformation}
-# ::= {objectClass 13}
-#
-#
-# device OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# serialNumber}
-# ::= {objectClass 14}
-#
-#
-# strongAuthenticationUser OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userCertificate}
-# ::= {objectClass 15}
-#
-#
-# certificationAuthority OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# cACertificate,
-# certificateRevocationList,
-# authorityRevocationList}
-# MAY CONTAIN {
-# crossCertificatePair}
-# ::= {objectClass 16}
-#
-# -- Standard MHS Object Classes
-#
-# mhsDistributionList OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# mhsDLSubmitPermissions,
-# mhsORAddresses}
-# MAY CONTAIN {
-# description,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# mhsDeliverableContentTypes,
-# mhsdeliverableEits,
-# mhsDLMembers,
-# mhsPreferredDeliveryMethods}
-# ::= {mhsObjectClass 0}
-#
-#
-# mhsMessageStore OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# description,
-# owner,
-# mhsSupportedOptionalAttributes,
-# mhsSupportedAutomaticActions,
-# mhsSupportedContentTypes}
-# ::= {mhsObjectClass 1}
-#
-#
-# mhsMessageTransferAgent OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# description,
-# owner,
-# mhsDeliverableContentLength}
-# ::= {mhsObjectClass 2}
-#
-#
-# mhsOrganizationalUser OBJECT-CLASS
-# SUBCLASS OF organizationalPerson
-# MUST CONTAIN {
-# mhsORAddresses}
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsMessageStoreName,
-# mhsPreferredDeliveryMethods }
-# ::= {mhsObjectClass 3}
-#
-#
-# mhsResidentialUser OBJECT-CLASS
-# SUBCLASS OF residentialPerson
-# MUST CONTAIN {
-# mhsORAddresses}
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsMessageStoreName,
-# mhsPreferredDeliveryMethods }
-# ::= {mhsObjectClass 4}
-#
-#
-# mhsUserAgent OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsORAddresses,
-# owner}
-# ::= {mhsObjectClass 5}
-#
-#
-#
-#
-# -- Pilot Object Classes
-#
-# pilotObject OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# info,
-# photo,
-# manager,
-# uniqueIdentifier,
-# lastModifiedTime,
-# lastModifiedBy,
-# dITRedirect,
-# audio}
-# ::= {pilotObjectClass 3}
-# pilotPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# userid,
-# textEncodedORAddress,
-# rfc822Mailbox,
-# favouriteDrink,
-# roomNumber,
-# userClass,
-# homeTelephoneNumber,
-# homePostalAddress,
-# secretary,
-# personalTitle,
-# preferredDeliveryMethod,
-# businessCategory,
-# janetMailbox,
-# otherMailbox,
-# mobileTelephoneNumber,
-# pagerTelephoneNumber,
-# organizationalStatus,
-# mailPreferenceOption,
-# personalSignature}
-# ::= {pilotObjectClass 4}
-#
-#
-# account OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userid}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# host}
-# ::= {pilotObjectClass 5}
-#
-#
-# document OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# documentIdentifier}
-# MAY CONTAIN {
-# commonName,
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# documentTitle,
-# documentVersion,
-# documentAuthor,
-# documentLocation,
-# documentPublisher}
-# ::= {pilotObjectClass 6}
-#
-#
-# room OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# roomNumber,
-# description,
-# seeAlso,
-# telephoneNumber}
-# ::= {pilotObjectClass 7}
-#
-#
-# documentSeries OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# localityName,
-# organizationName,
-# organizationalUnitName}
-# ::= {pilotObjectClass 9}
-#
-#
-# domain OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# domainComponent}
-# MAY CONTAIN {
-# associatedName,
-# organizationName,
-# organizationalAttributeSet}
-# ::= {pilotObjectClass 13}
-#
-#
-# rFC822localPart OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# commonName,
-# surname,
-# description,
-# seeAlso,
-# telephoneNumber,
-# postalAttributeSet,
-# telecommunicationAttributeSet}
-# ::= {pilotObjectClass 14}
-#
-#
-# dNSDomain OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# ARecord,
-# MDRecord,
-# MXRecord,
-# NSRecord,
-# SOARecord,
-# CNAMERecord}
-# ::= {pilotObjectClass 15}
-#
-#
-# domainRelatedObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# associatedDomain}
-# ::= {pilotObjectClass 17}
-#
-#
-# friendlyCountry OBJECT-CLASS
-# SUBCLASS OF country
-# MUST CONTAIN {
-# friendlyCountryName}
-# ::= {pilotObjectClass 18}
-#
-#
-# simpleSecurityObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userPassword }
-# ::= {pilotObjectClass 19}
-#
-#
-# pilotOrganization OBJECT-CLASS
-# SUBCLASS OF organization, organizationalUnit
-# MAY CONTAIN {
-# buildingName}
-# ::= {pilotObjectClass 20}
-#
-#
-# pilotDSA OBJECT-CLASS
-# SUBCLASS OF dsa
-# MUST CONTAIN {
-# dSAQuality}
-# ::= {pilotObjectClass 21}
-#
-#
-# qualityLabelledData OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# dSAQuality}
-# MAY CONTAIN {
-# subtreeMinimumQuality,
-# subtreeMaximumQuality}
-# ::= {pilotObjectClass 22}
-#
-#
-#
-#
-# -- Standard Attribute Types
-#
-# objectClass ObjectClass
-# ::= {attributeType 0}
-#
-#
-# aliasedObjectName AliasedObjectName
-# ::= {attributeType 1}
-#
-#
-# knowledgeInformation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreString
-# ::= {attributeType 2}
-#
-#
-# commonName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-common-name))
-# ::= {attributeType 3}
-#
-#
-# surname ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-surname))
-# ::= {attributeType 4}
-#
-#
-# serialNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX printableStringSyntax
-# (SIZE (1..ub-serial-number))
-# ::= {attributeType 5}
-#
-#
-# countryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PrintableString
-# (SIZE (1..ub-country-code))
-# SINGLE VALUE
-# ::= {attributeType 6}
-#
-#
-# localityName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-locality-name))
-# ::= {attributeType 7}
-#
-#
-# stateOrProvinceName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-state-name))
-# ::= {attributeType 8}
-#
-#
-# streetAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-street-address))
-# ::= {attributeType 9}
-#
-#
-# organizationName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-organization-name))
-# ::= {attributeType 10}
-#
-#
-# organizationalUnitName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-organizational-unit-name))
-# ::= {attributeType 11}
-#
-#
-# title ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-title))
-# ::= {attributeType 12}
-#
-#
-# description ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-description))
-# ::= {attributeType 13}
-#
-#
-# searchGuide ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX Guide
-# ::= {attributeType 14}
-#
-#
-# businessCategory ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-business-category))
-# ::= {attributeType 15}
-#
-#
-# postalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PostalAddress
-# MATCHES FOR EQUALITY
-# ::= {attributeType 16}
-#
-#
-# postalCode ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-postal-code))
-# ::= {attributeType 17}
-#
-#
-# postOfficeBox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-post-office-box))
-# ::= {attributeType 18}
-#
-#
-# physicalDeliveryOfficeName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-physical-office-name))
-# ::= {attributeType 19}
-#
-#
-# telephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
-# (SIZE (1..ub-telephone-number))
-# ::= {attributeType 20}
-#
-#
-# telexNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX TelexNumber
-# (SIZE (1..ub-telex))
-# ::= {attributeType 21}
-#
-#
-# teletexTerminalIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
-# (SIZE (1..ub-teletex-terminal-id))
-# ::= {attributeType 22}
-#
-#
-# facsimileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
-# ::= {attributeType 23}
-#
-#
-# x121Address ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX NumericString
-# (SIZE (1..ub-x121-address))
-# ::= {attributeType 24}
-#
-#
-# internationaliSDNNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX NumericString
-# (SIZE (1..ub-isdn-address))
-# ::= {attributeType 25}
-#
-#
-# registeredAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PostalAddress
-# ::= {attributeType 26}
-#
-#
-# destinationIndicator ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PrintableString
-# (SIZE (1..ub-destination-indicator))
-# MATCHES FOR EQUALITY SUBSTRINGS
-# ::= {attributeType 27}
-#
-#
-# preferredDeliveryMethod ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX deliveryMethod
-# ::= {attributeType 28}
-#
-#
-# presentationAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PresentationAddress
-# MATCHES FOR EQUALITY
-# ::= {attributeType 29}
-#
-#
-# supportedApplicationContext ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
-# ::= {attributeType 30}
-#
-#
-# member ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 31}
-#
-#
-# owner ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 32}
-#
-#
-# roleOccupant ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 33}
-#
-#
-# seeAlso ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 34}
-#
-#
-# userPassword ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX Userpassword
-# ::= {attributeType 35}
-#
-#
-# userCertificate ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX UserCertificate
-# ::= {attributeType 36}
-#
-#
-# cACertificate ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX cACertificate
-# ::= {attributeType 37}
-#
-#
-# authorityRevocationList ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
-# ::= {attributeType 38}
-#
-#
-# certificateRevocationList ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
-# ::= {attributeType 39}
-#
-#
-# crossCertificatePair ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
-# ::= {attributeType 40}
-#
-#
-#
-#
-# -- Standard MHS Attribute Types
-#
-# mhsDeliverableContentLength ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX integer
-# ::= {mhsAttributeType 0}
-#
-#
-# mhsDeliverableContentTypes ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 1}
-#
-#
-# mhsDeliverableEits ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 2}
-#
-#
-# mhsDLMembers ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oRName
-# ::= {mhsAttributeType 3}
-#
-#
-# mhsDLSubmitPermissions ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
-# ::= {mhsAttributeType 4}
-#
-#
-# mhsMessageStoreName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX dN
-# ::= {mhsAttributeType 5}
-#
-#
-# mhsORAddresses ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oRAddress
-# ::= {mhsAttributeType 6}
-#
-#
-# mhsPreferredDeliveryMethods ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX deliveryMethod
-# ::= {mhsAttributeType 7}
-#
-#
-# mhsSupportedAutomaticActions ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 8}
-#
-#
-# mhsSupportedContentTypes ATTRIBUTE
-#
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 9}
-#
-#
-# mhsSupportedOptionalAttributes ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 10}
-#
-#
-#
-#
-# -- Pilot Attribute Types
-#
-# userid ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-identifier))
-# ::= {pilotAttributeType 1}
-#
-#
-# textEncodedORAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-text-encoded-or-address))
-# ::= {pilotAttributeType 2}
-#
-#
-# rfc822Mailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-rfc822-mailbox))
-# ::= {pilotAttributeType 3}
-#
-#
-# info ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-information))
-# ::= {pilotAttributeType 4}
-#
-#
-# favouriteDrink ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-favourite-drink))
-# ::= {pilotAttributeType 5}
-#
-#
-# roomNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-room-number))
-# ::= {pilotAttributeType 6}
-#
-#
-# photo ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-photo))
-# ::= {pilotAttributeType 7}
-#
-#
-# userClass ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-class))
-# ::= {pilotAttributeType 8}
-#
-#
-# host ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-host))
-# ::= {pilotAttributeType 9}
-#
-#
-# manager ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 10}
-#
-#
-# documentIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-identifier))
-# ::= {pilotAttributeType 11}
-#
-#
-# documentTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-title))
-# ::= {pilotAttributeType 12}
-#
-#
-# documentVersion ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-version))
-# ::= {pilotAttributeType 13}
-#
-#
-# documentAuthor ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 14}
-#
-#
-# documentLocation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-location))
-# ::= {pilotAttributeType 15}
-#
-#
-# homeTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 20}
-#
-#
-# secretary ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 21}
-#
-#
-# otherMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# SEQUENCE {
-# mailboxType PrintableString, -- e.g. Telemail
-# mailbox IA5String -- e.g. X378:Joe
-# }
-# ::= {pilotAttributeType 22}
-#
-#
-# lastModifiedTime ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# uTCTimeSyntax
-# ::= {pilotAttributeType 23}
-#
-#
-# lastModifiedBy ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 24}
-#
-#
-# domainComponent ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 25}
-#
-#
-# aRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 26}
-#
-#
-# mXRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 28}
-#
-#
-# nSRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 29}
-#
-# sOARecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 30}
-#
-#
-# cNAMERecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# iA5StringSyntax
-# ::= {pilotAttributeType 31}
-#
-#
-# associatedDomain ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# ::= {pilotAttributeType 37}
-#
-#
-# associatedName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 38}
-#
-#
-# homePostalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# postalAddress
-# MATCHES FOR EQUALITY
-# ::= {pilotAttributeType 39}
-#
-#
-# personalTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-personal-title))
-# ::= {pilotAttributeType 40}
-#
-#
-# mobileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 41}
-#
-#
-# pagerTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 42}
-#
-#
-# friendlyCountryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# ::= {pilotAttributeType 43}
-#
-#
-# uniqueIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-unique-identifier))
-# ::= {pilotAttributeType 44}
-#
-#
-# organizationalStatus ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-organizational-status))
-# ::= {pilotAttributeType 45}
-#
-#
-# janetMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-janet-mailbox))
-# ::= {pilotAttributeType 46}
-#
-#
-# mailPreferenceOption ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX ENUMERATED {
-# no-list-inclusion(0),
-# any-list-inclusion(1), -- may be added to any lists
-# professional-list-inclusion(2)
-# -- may be added to lists
-# -- which the list provider
-# -- views as related to the
-# -- users professional inter-
-# -- ests, perhaps evaluated
-# -- from the business of the
-# -- organisation or keywords
-# -- in the entry.
-# }
-# ::= {pilotAttributeType 47}
-#
-#
-# buildingName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-building-name))
-# ::= {pilotAttributeType 48}
-#
-#
-# dSAQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 49}
-#
-#
-# singleLevelQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-#
-#
-# subtreeMinimumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 51}
-#
-#
-# subtreeMaximumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 52}
-#
-#
-# personalSignature ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-personal-signature))
-# ::= {pilotAttributeType 53}
-#
-#
-# dITRedirect ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 54}
-#
-#
-# audio ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# Audio
-# (SIZE (1 .. ub-audio))
-# ::= {pilotAttributeType 55}
-#
-# documentPublisher ATTRIBUTE
-# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
-# ::= {pilotAttributeType 56}
-#
-#
-#
-# -- Generally useful syntaxes
-#
-#
-# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# iA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# -- Syntaxes to support the DNS attributes
-#
-# DNSRecordSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformationSyntax ATTRIBUTE-SYNTAX
-# NRSInformation
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformation ::= SET {
-# [0] Context,
-# [1] Address-space-id,
-# routes [2] SEQUENCE OF SEQUENCE {
-# Route-cost,
-# Addressing-info }
-# }
-#
-#
-# -- Upper bounds on length of attribute values
-#
-#
-# ub-document-identifier INTEGER ::= 256
-#
-# ub-document-location INTEGER ::= 256
-#
-# ub-document-title INTEGER ::= 256
-#
-# ub-document-version INTEGER ::= 256
-#
-# ub-favourite-drink INTEGER ::= 256
-#
-# ub-host INTEGER ::= 256
-#
-# ub-information INTEGER ::= 2048
-#
-# ub-unique-identifier INTEGER ::= 256
-#
-# ub-personal-title INTEGER ::= 256
-#
-# ub-photo INTEGER ::= 250000
-#
-# ub-rfc822-mailbox INTEGER ::= 256
-#
-# ub-room-number INTEGER ::= 256
-#
-# ub-text-or-address INTEGER ::= 256
-#
-# ub-user-class INTEGER ::= 256
-#
-# ub-user-identifier INTEGER ::= 256
-#
-# ub-organizational-status INTEGER ::= 256
-#
-# ub-janet-mailbox INTEGER ::= 256
-#
-# ub-building-name INTEGER ::= 256
-#
-# ub-personal-signature ::= 50000
-#
-# ub-audio INTEGER ::= 250000
-#
-# [remainder of memo trimmed]
-
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/java.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/java.schema 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/java.schema 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,403 +0,0 @@
-# java.schema -- Java Object Schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Java Object Schema (defined in RFC 2713)
-# depends upon core.schema
-#
-
-# Network Working Group V. Ryan
-# Request for Comments: 2713 S. Seligman
-# Category: Informational R. Lee
-# Sun Microsystems, Inc.
-# October 1999
-#
-#
-# Schema for Representing Java(tm) Objects in an LDAP Directory
-#
-# Status of this Memo
-#
-# This memo provides information for the Internet community. It does
-# not specify an Internet standard of any kind. Distribution of this
-# memo is unlimited.
-#
-# Copyright Notice
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# Abstract
-#
-# This document defines the schema for representing Java(tm) objects in
-# an LDAP directory [LDAPv3]. It defines schema elements to represent
-# a Java serialized object [Serial], a Java marshalled object [RMI], a
-# Java remote object [RMI], and a JNDI reference [JNDI].
-#
-
-# [trimmed]
-
-# 3 Attribute Type Definitions
-#
-# The following attribute types are defined in this document:
-#
-# javaClassName
-# javaClassNames
-# javaCodebase
-# javaSerializedData
-# javaFactory
-# javaReferenceAddress
-# javaDoc
-#
-# 3.1 javaClassName
-#
-# This attribute stores the fully qualified name of the Java object's
-# "distinguished" class or interface (for example, "java.lang.String").
-# It is a single-valued attribute. This attribute's syntax is '
-# Directory String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.6
-# NAME 'javaClassName'
-# DESC 'Fully qualified name of distinguished Java class or
-# interface'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
- NAME 'javaClassName'
- DESC 'Fully qualified name of distinguished Java class or interface'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# 3.2 javaCodebase
-#
-# This attribute stores the Java class definition's locations. It
-# specifies the locations from which to load the class definition for
-# the class specified by the javaClassName attribute. Each value of
-# the attribute contains an ordered list of URLs, separated by spaces.
-# For example, a value of "url1 url2 url3" means that the three
-# (possibly interdependent) URLs (url1, url2, and url3) form the
-# codebase for loading in the Java class definition.
-#
-# If the javaCodebase attribute contains more than one value, each
-# value is an independent codebase. That is, there is no relationship
-# between the URLs in one value and those in another; each value can be
-# viewed as an alternate source for loading the Java class definition.
-# See [Java] for information regarding class loading.
-#
-# This attribute's syntax is 'IA5 String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.7
-# NAME 'javaCodebase'
-# DESC 'URL(s) specifying the location of class definition'
-# EQUALITY caseExactIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
- NAME 'javaCodebase'
- DESC 'URL(s) specifying the location of class definition'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 3.3 javaClassNames
-#
-# This attribute stores the Java object's fully qualified class or
-# interface names (for example, "java.lang.String"). It is a
-# multivalued attribute. When more than one value is present, each is
-# the name of a class or interface, or ancestor class or interface, of
-# this object.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.13
-# NAME 'javaClassNames'
-# DESC 'Fully qualified Java class or interface name'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
- NAME 'javaClassNames'
- DESC 'Fully qualified Java class or interface name'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 3.4 javaSerializedData
-#
-# This attribute stores the serialized form of a Java object. The
-# serialized form is described in [Serial].
-#
-# This attribute's syntax is 'Octet String'.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.8
-# NAME 'javaSerializedData
-# DESC 'Serialized form of a Java object'
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
- NAME 'javaSerializedData'
- DESC 'Serialized form of a Java object'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
- SINGLE-VALUE )
-
-# 3.5 javaFactory
-#
-# This attribute stores the fully qualified class name of the object
-# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
-# used to create an instance of the object identified by the
-# javaClassName attribute.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.10
-# NAME 'javaFactory'
-# DESC 'Fully qualified Java class name of a JNDI object factory'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
- NAME 'javaFactory'
- DESC 'Fully qualified Java class name of a JNDI object factory'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# 3.6 javaReferenceAddress
-#
-# This attribute represents the sequence of addresses of a JNDI
-# reference. Each of its values represents one address, a Java object
-# of type javax.naming.RefAddr. Its value is a concatenation of the
-# address type and address contents, preceded by a sequence number (the
-# order of addresses in a JNDI reference is significant). For example:
-#
-# #0#TypeA#ValA
-# #1#TypeB#ValB
-# #2#TypeC##rO0ABXNyABpq...
-#
-# In more detail, the value is encoded as follows:
-#
-# The delimiter is the first character of the value. For readability
-# the character '#' is recommended when it is not otherwise used
-# anywhere in the value, but any character may be used subject to
-# restrictions given below.
-#
-# The first delimiter is followed by the sequence number. The sequence
-# number of an address is its position in the JNDI reference, with the
-# first address being numbered 0. It is represented by its shortest
-# string form, in decimal notation.
-#
-# The sequence number is followed by a delimiter, then by the address
-# type, and then by another delimiter. If the address is of Java class
-# javax.naming.StringRefAddr, then this delimiter is followed by the
-# value of the address contents (which is a string). Otherwise, this
-# delimiter is followed immediately by another delimiter, and then by
-# the Base64 encoding of the serialized form of the entire address.
-#
-# The delimiter may be any character other than a digit or a character
-# contained in the address type. In addition, if the address contents
-# is a string, the delimiter may not be the first character of that
-# string.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant. It can contain multiple values.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.11
-# NAME 'javaReferenceAddress'
-# DESC 'Addresses associated with a JNDI Reference'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
- NAME 'javaReferenceAddress'
- DESC 'Addresses associated with a JNDI Reference'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 3.7 javaDoc
-#
-# This attribute stores a pointer to the Java documentation for the
-# class. It's value is a URL. For example, the following URL points to
-# the specification of the java.lang.String class:
-# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
-#
-# This attribute's syntax is 'IA5 String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.12
-# NAME 'javaDoc'
-# DESC 'The Java documentation for the class'
-# EQUALITY caseExactIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
- NAME 'javaDoc'
- DESC 'The Java documentation for the class'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 4 Object Class Definitions
-#
-# The following object classes are defined in this document:
-#
-# javaContainer
-# javaObject
-# javaSerializedObject
-# javaMarshalledObject
-# javaNamingReference
-#
-# 4.1 javaContainer
-#
-# This structural object class represents a container for a Java
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.1
-# NAME 'javaContainer'
-# DESC 'Container for a Java object'
-# SUP top
-# STRUCTURAL
-# MUST ( cn )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
- NAME 'javaContainer'
- DESC 'Container for a Java object'
- SUP top
- STRUCTURAL
- MUST cn )
-
-# 4.2 javaObject
-#
-# This abstract object class represents a Java object. A javaObject
-# cannot exist in the directory; only auxiliary or structural
-# subclasses of it can exist in the directory.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.4
-# NAME 'javaObject'
-# DESC 'Java object representation'
-# SUP top
-# ABSTRACT
-# MUST ( javaClassName )
-# MAY ( javaClassNames $
-# javaCodebase $
-# javaDoc $
-# description )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
- NAME 'javaObject'
- DESC 'Java object representation'
- SUP top
- ABSTRACT
- MUST javaClassName
- MAY ( javaClassNames $ javaCodebase $
- javaDoc $ description ) )
-
-# 4.3 javaSerializedObject
-#
-# This auxiliary object class represents a Java serialized object. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.5
-# NAME 'javaSerializedObject'
-# DESC 'Java serialized object'
-# SUP javaObject
-# AUXILIARY
-# MUST ( javaSerializedData )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
- NAME 'javaSerializedObject'
- DESC 'Java serialized object'
- SUP javaObject
- AUXILIARY
- MUST javaSerializedData )
-
-# 4.4 javaMarshalledObject
-#
-# This auxiliary object class represents a Java marshalled object. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.8
-# NAME 'javaMarshalledObject'
-# DESC 'Java marshalled object'
-# SUP javaObject
-# AUXILIARY
-# MUST ( javaSerializedData )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
- NAME 'javaMarshalledObject'
- DESC 'Java marshalled object'
- SUP javaObject
- AUXILIARY
- MUST javaSerializedData )
-
-# 4.5 javaNamingReference
-#
-# This auxiliary object class represents a JNDI reference. It must be
-# mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.7
-# NAME 'javaNamingReference'
-# DESC 'JNDI reference'
-# SUP javaObject
-# AUXILIARY
-# MAY ( javaReferenceAddress $
-# javaFactory )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
- NAME 'javaNamingReference'
- DESC 'JNDI reference'
- SUP javaObject
- AUXILIARY
- MAY ( javaReferenceAddress $ javaFactory ) )
-
-# Full Copyright Statement
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished to
-# others, and derivative works that comment on or otherwise explain it
-# or assist in its implementation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph are
-# included on all such copies and derivative works. However, this
-# document itself may not be modified in any way, such as by removing
-# the copyright notice or references to the Internet Society or other
-# Internet organizations, except as needed for the purpose of
-# developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be
-# followed, or as required to translate it into languages other than
-# English.
-#
-# The limited permissions granted above are perpetual and will not be
-# revoked by the Internet Society or its successors or assigns.
-#
-# This document and the information contained herein is provided on an
-# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Deleted: openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,531 +0,0 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 2004-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (2004).
-## Please see full copyright statement below.
-
-# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
-# Password Policy for LDAP Directories
-# With extensions from Hewlett-Packard:
-# pwdCheckModule etc.
-
-# Contents of this file are subject to change (including deletion)
-# without notice.
-#
-# Not recommended for production use!
-# Use with extreme caution!
-
-#Network Working Group J. Sermersheim
-#Internet-Draft Novell, Inc
-#Expires: April 24, 2005 L. Poitou
-# Sun Microsystems
-# October 24, 2004
-#
-#
-# Password Policy for LDAP Directories
-# draft-behera-ldap-password-policy-08.txt
-#
-#Status of this Memo
-#
-# This document is an Internet-Draft and is subject to all provisions
-# of section 3 of RFC 3667. By submitting this Internet-Draft, each
-# author represents that any applicable patent or other IPR claims of
-# which he or she is aware have been or will be disclosed, and any of
-# which he or she become aware will be disclosed, in accordance with
-# RFC 3668.
-#
-# Internet-Drafts are working documents of the Internet Engineering
-# Task Force (IETF), its areas, and its working groups. Note that
-# other groups may also distribute working documents as
-# Internet-Drafts.
-#
-# Internet-Drafts are draft documents valid for a maximum of six months
-# and may be updated, replaced, or obsoleted by other documents at any
-# time. It is inappropriate to use Internet-Drafts as reference
-# material or to cite them other than as "work in progress."
-#
-# The list of current Internet-Drafts can be accessed at
-# http://www.ietf.org/ietf/1id-abstracts.txt.
-#
-# The list of Internet-Draft Shadow Directories can be accessed at
-# http://www.ietf.org/shadow.html.
-#
-# This Internet-Draft will expire on April 24, 2005.
-#
-#Copyright Notice
-#
-# Copyright (C) The Internet Society (2004).
-#
-#Abstract
-#
-# Password policy as described in this document is a set of rules that
-# controls how passwords are used and administered in Lightweight
-# Directory Access Protocol (LDAP) based directories. In order to
-# improve the security of LDAP directories and make it difficult for
-# password cracking programs to break into directories, it is desirable
-# to enforce a set of rules on password usage. These rules are made to
-#
-# [trimmed]
-#
-#5. Schema used for Password Policy
-#
-# The schema elements defined here fall into two general categories. A
-# password policy object class is defined which contains a set of
-# administrative password policy attributes, and a set of operational
-# attributes are defined that hold general password policy state
-# information for each user.
-#
-#5.2 Attribute Types used in the pwdPolicy ObjectClass
-#
-# Following are the attribute types used by the pwdPolicy object class.
-#
-#5.2.1 pwdAttribute
-#
-# This holds the name of the attribute to which the password policy is
-# applied. For example, the password policy may be applied to the
-# userPassword attribute.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
- NAME 'pwdAttribute'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-#5.2.2 pwdMinAge
-#
-# This attribute holds the number of seconds that must elapse between
-# modifications to the password. If this attribute is not present, 0
-# seconds is assumed.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
- NAME 'pwdMinAge'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.3 pwdMaxAge
-#
-# This attribute holds the number of seconds after which a modified
-# password will expire.
-#
-# If this attribute is not present, or if the value is 0 the password
-# does not expire. If not 0, the value must be greater than or equal
-# to the value of the pwdMinAge.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
- NAME 'pwdMaxAge'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.4 pwdInHistory
-#
-# This attribute specifies the maximum number of used passwords stored
-# in the pwdHistory attribute.
-#
-# If this attribute is not present, or if the value is 0, used
-# passwords are not stored in the pwdHistory attribute and thus may be
-# reused.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
- NAME 'pwdInHistory'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.5 pwdCheckQuality
-#
-# {TODO: Consider changing the syntax to OID. Each OID will list a
-# quality rule (like min len, # of special characters, etc). These
-# rules can be specified outsid ethis document.}
-#
-# {TODO: Note that even though this is meant to be a check that happens
-# during password modification, it may also be allowed to happen during
-# authN. This is useful for situations where the password is encrypted
-# when modified, but decrypted when used to authN.}
-#
-# This attribute indicates how the password quality will be verified
-# while being modified or added. If this attribute is not present, or
-# if the value is '0', quality checking will not be enforced. A value
-# of '1' indicates that the server will check the quality, and if the
-# server is unable to check it (due to a hashed password or other
-# reasons) it will be accepted. A value of '2' indicates that the
-# server will check the quality, and if the server is unable to verify
-# it, it will return an error refusing the password.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
- NAME 'pwdCheckQuality'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.6 pwdMinLength
-#
-# When quality checking is enabled, this attribute holds the minimum
-# number of characters that must be used in a password. If this
-# attribute is not present, no minimum password length will be
-# enforced. If the server is unable to check the length (due to a
-# hashed password or otherwise), the server will, depending on the
-# value of the pwdCheckQuality attribute, either accept the password
-# without checking it ('0' or '1') or refuse it ('2').
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
- NAME 'pwdMinLength'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.7 pwdExpireWarning
-#
-# This attribute specifies the maximum number of seconds before a
-# password is due to expire that expiration warning messages will be
-# returned to an authenticating user.
-#
-# If this attribute is not present, or if the value is 0 no warnings
-# will be returned. If not 0, the value must be smaller than the value
-# of the pwdMaxAge attribute.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
- NAME 'pwdExpireWarning'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.8 pwdGraceAuthNLimit
-#
-# This attribute specifies the number of times an expired password can
-# be used to authenticate. If this attribute is not present or if the
-# value is 0, authentication will fail.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
- NAME 'pwdGraceAuthNLimit'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.9 pwdLockout
-#
-# This attribute indicates, when its value is "TRUE", that the password
-# may not be used to authenticate after a specified number of
-# consecutive failed bind attempts. The maximum number of consecutive
-# failed bind attempts is specified in pwdMaxFailure.
-#
-# If this attribute is not present, or if the value is "FALSE", the
-# password may be used to authenticate when the number of failed bind
-# attempts has been reached.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
- NAME 'pwdLockout'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.10 pwdLockoutDuration
-#
-# This attribute holds the number of seconds that the password cannot
-# be used to authenticate due to too many failed bind attempts. If
-# this attribute is not present, or if the value is 0 the password
-# cannot be used to authenticate until reset by a password
-# administrator.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
- NAME 'pwdLockoutDuration'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.11 pwdMaxFailure
-#
-# This attribute specifies the number of consecutive failed bind
-# attempts after which the password may not be used to authenticate.
-# If this attribute is not present, or if the value is 0, this policy
-# is not checked, and the value of pwdLockout will be ignored.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
- NAME 'pwdMaxFailure'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.12 pwdFailureCountInterval
-#
-# This attribute holds the number of seconds after which the password
-# failures are purged from the failure counter, even though no
-# successful authentication occurred.
-#
-# If this attribute is not present, or if its value is 0, the failure
-# counter is only reset by a successful authentication.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
- NAME 'pwdFailureCountInterval'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.13 pwdMustChange
-#
-# This attribute specifies with a value of "TRUE" that users must
-# change their passwords when they first bind to the directory after a
-# password is set or reset by a password administrator. If this
-# attribute is not present, or if the value is "FALSE", users are not
-# required to change their password upon binding after the password
-# administrator sets or resets the password. This attribute is not set
-# due to any actions specified by this document, it is typically set by
-# a password administrator after resetting a user's password.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
- NAME 'pwdMustChange'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.14 pwdAllowUserChange
-#
-# This attribute indicates whether users can change their own
-# passwords, although the change operation is still subject to access
-# control. If this attribute is not present, a value of "TRUE" is
-# assumed. This attribute is intended to be used in the absense of an
-# access control mechanism.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
- NAME 'pwdAllowUserChange'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.15 pwdSafeModify
-#
-# This attribute specifies whether or not the existing password must be
-# sent along with the new password when being changed. If this
-# attribute is not present, a "FALSE" value is assumed.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
- NAME 'pwdSafeModify'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-# HP extensions
-#
-# pwdCheckModule
-#
-# This attribute names a user-defined loadable module that provides
-# a check_password() function. If pwdCheckQuality is set to '1' or '2'
-# this function will be called after all of the internal password
-# quality checks have been passed. The function has this prototype:
-#
-# int check_password( char *password, char **errormessage, void *arg )
-#
-# The function should return LDAP_SUCCESS for a valid password.
-
-attributetype ( 1.3.6.1.4.1.4754.1.99.1
- NAME 'pwdCheckModule'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- DESC 'Loadable module that instantiates "check_password() function'
- SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.4754.2.99.1
- NAME 'pwdPolicyChecker'
- SUP top
- AUXILIARY
- MAY ( pwdCheckModule ) )
-
-#5.1 The pwdPolicy Object Class
-#
-# This object class contains the attributes defining a password policy
-# in effect for a set of users. Section 10 describes the
-# administration of this object, and the relationship between it and
-# particular objects.
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
- NAME 'pwdPolicy'
- SUP top
- AUXILIARY
- MUST ( pwdAttribute )
- MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
- pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
- $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
- pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
-
-#5.3 Attribute Types for Password Policy State Information
-#
-# Password policy state information must be maintained for each user.
-# The information is located in each user entry as a set of operational
-# attributes. These operational attributes are: pwdChangedTime,
-# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
-# pwdReset, pwdPolicySubEntry.
-#
-#5.3.1 Password Policy State Attribute Option
-#
-# Since the password policy could apply to several attributes used to
-# store passwords, each of the above operational attributes must have
-# an option to specify which pwdAttribute it applies to. The password
-# policy option is defined as the following:
-#
-# pwd-<passwordAttribute>
-#
-# where passwordAttribute a string following the OID syntax
-# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
-# (short name) MUST be used.
-#
-# For example, if the pwdPolicy object has for pwdAttribute
-# "userPassword" then the pwdChangedTime operational attribute, in a
-# user entry, will be:
-#
-# pwdChangedTime;pwd-userPassword: 20000103121520Z
-#
-# This attribute option follows sub-typing semantics. If a client
-# requests a password policy state attribute to be returned in a search
-# operation, and does not specify an option, all subtypes of that
-# policy state attribute are returned.
-#
-#5.3.2 pwdChangedTime
-#
-# This attribute specifies the last time the entry's password was
-# changed. This is used by the password expiration policy. If this
-# attribute does not exist, the password will never expire.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.16
-# NAME 'pwdChangedTime'
-# DESC 'The time the password was last changed'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.3 pwdAccountLockedTime
-#
-# This attribute holds the time that the user's account was locked. A
-# locked account means that the password may no longer be used to
-# authenticate. A 000001010000Z value means that the account has been
-# locked permanently, and that only a password administrator can unlock
-# the account.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.17
-# NAME 'pwdAccountLockedTime'
-# DESC 'The time an user account was locked'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.4 pwdFailureTime
-#
-# This attribute holds the timestamps of the consecutive authentication
-# failures.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.19
-# NAME 'pwdFailureTime'
-# DESC 'The timestamps of the last consecutive authentication
-# failures'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# USAGE directoryOperation )
-#
-#5.3.5 pwdHistory
-#
-# This attribute holds a history of previously used passwords. Values
-# of this attribute are transmitted in string format as given by the
-# following ABNF:
-#
-# pwdHistory = time "#" syntaxOID "#" length "#" data
-#
-# time = <generalizedTimeString as specified in 6.14
-# of [RFC2252]>
-#
-# syntaxOID = numericoid ; the string representation of the
-# ; dotted-decimal OID that defines the
-# ; syntax used to store the password.
-# ; numericoid is described in 4.1
-# ; of [RFC2252].
-#
-# length = numericstring ; the number of octets in data.
-# ; numericstring is described in 4.1
-# ; of [RFC2252].
-#
-# data = <octets representing the password in the format
-# specified by syntaxOID>.
-#
-# This format allows the server to store, and transmit a history of
-# passwords that have been used. In order for equality matching to
-# function properly, the time field needs to adhere to a consistent
-# format. For this purpose, the time field MUST be in GMT format.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.20
-# NAME 'pwdHistory'
-# DESC 'The history of user s passwords'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-# USAGE directoryOperation )
-#
-#5.3.6 pwdGraceUseTime
-#
-# This attribute holds the timestamps of grace authentications after a
-# password has expired.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.21
-# NAME 'pwdGraceUseTime'
-# DESC 'The timestamps of the grace authentication after the
-# password has expired'
-# EQUALITY generalizedTimeMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-#
-#5.3.7 pwdReset
-#
-# This attribute holds a flag to indicate (when TRUE) that the password
-# has been updated by the password administrator and must be changed by
-# the user on first authentication.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.22
-# NAME 'pwdReset'
-# DESC 'The indication that the password has been reset'
-# EQUALITY booleanMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.8 pwdPolicySubentry
-#
-# This attribute points to the pwdPolicy subentry in effect for this
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.23
-# NAME 'pwdPolicySubentry'
-# DESC 'The pwdPolicy subentry in effect for this object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#
-#Disclaimer of Validity
-#
-# This document and the information contained herein are provided on an
-# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
-# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
-# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
-# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-#
-#
-#Copyright Statement
-#
-# Copyright (C) The Internet Society (2004). This document is subject
-# to the rights, licenses and restrictions contained in BCP 78, and
-# except as set forth therein, the authors retain all their rights.
-
Modified: openldap/vendor/openldap-release/servers/slapd/sets.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sets.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/sets.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.5 2007/01/02 21:43:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.7 2007/10/24 15:03:07 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -111,19 +111,19 @@
BerVarray rset )
{
BerVarray set;
- long i, j, last;
+ long i, j, last, rlast;
unsigned op = ( op_flags & SLAP_SET_OPMASK );
set = NULL;
switch ( op ) {
case '|': /* union */
- if ( lset == NULL || BER_BVISNULL( lset ) ) {
+ if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] ) ) {
if ( rset == NULL ) {
if ( lset == NULL ) {
set = cp->set_op->o_tmpcalloc( 1,
sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ BER_BVZERO( &set[ 0 ] );
return set;
}
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
@@ -131,12 +131,14 @@
slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
return set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
}
- if ( rset == NULL || BER_BVISNULL( rset ) ) {
+ if ( rset == NULL || BER_BVISNULL( &rset[ 0 ] ) ) {
slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
}
- i = slap_set_size( lset ) + slap_set_size( rset ) + 1;
+ /* worst scenario: no duplicates */
+ rlast = slap_set_size( rset );
+ i = slap_set_size( lset ) + rlast + 1;
set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( set != NULL ) {
/* set_chase() depends on this routine to
@@ -153,6 +155,9 @@
}
}
+ /* pointers to values have been used in set - don't free twice */
+ op_flags |= SLAP_SET_LREFVAL;
+
last = i;
for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
@@ -163,11 +168,12 @@
{
if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );
- BER_BVZERO( &rset[ i ] );
+ rset[ i ] = rset[ --rlast ];
+ BER_BVZERO( &rset[ rlast ] );
}
exists = 1;
- break;
- }
+ break;
+ }
}
if ( !exists ) {
@@ -180,37 +186,59 @@
last++;
}
}
+
+ /* pointers to values have been used in set - don't free twice */
+ op_flags |= SLAP_SET_RREFVAL;
+
BER_BVZERO( &set[ last ] );
}
break;
case '&': /* intersection */
- if ( lset == NULL || BER_BVISNULL( lset )
- || rset == NULL || BER_BVISNULL( rset ) )
+ if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] )
+ || rset == NULL || BER_BVISNULL( &rset[ 0 ] ) )
{
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ BER_BVZERO( &set[ 0 ] );
+ break;
} else {
- set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ long llen, rlen;
+ BerVarray sset;
+
+ llen = slap_set_size( lset );
+ rlen = slap_set_size( rset );
+
+ /* dup the shortest */
+ if ( llen < rlen ) {
+ last = llen;
+ set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ lset = NULL;
+ sset = rset;
+
+ } else {
+ last = rlen;
+ set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ rset = NULL;
+ sset = lset;
+ }
+
if ( set == NULL ) {
break;
}
- lset = NULL;
- last = slap_set_size( set ) - 1;
+
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
- for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
- if ( bvmatch( &set[ i ], &rset[ j ] ) ) {
+ for ( j = 0; !BER_BVISNULL( &sset[ j ] ); j++ ) {
+ if ( bvmatch( &set[ i ], &sset[ j ] ) ) {
break;
}
}
- if ( BER_BVISNULL( &rset[ j ] ) ) {
+ if ( BER_BVISNULL( &sset[ j ] ) ) {
cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx );
- set[ i ] = set[ last ];
+ set[ i ] = set[ --last ];
BER_BVZERO( &set[ last ] );
- last--;
i--;
}
}
@@ -221,6 +249,29 @@
i = slap_set_size( rset );
j = slap_set_size( lset );
+ /* handle empty set cases */
+ if ( i == 0 ) {
+ if ( j == 0 ) {
+ set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ break;
+ }
+ BER_BVZERO( &set[ 0 ] );
+ break;
+
+ } else {
+ set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ lset = NULL;
+ break;
+ }
+
+ } else if ( j == 0 ) {
+ set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ rset = NULL;
+ break;
+ }
+
set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
if ( set == NULL ) {
@@ -232,17 +283,36 @@
struct berval bv;
long k;
- bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
- bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
- cp->set_op->o_tmpmemctx );
- if ( bv.bv_val == NULL ) {
- slap_set_dispose( cp, set, 0 );
- set = NULL;
- goto done;
+ /* don't concatenate with the empty string */
+ if ( BER_BVISEMPTY( &lset[ i ] ) ) {
+ ber_dupbv_x( &bv, &rset[ j ], cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+
+ } else if ( BER_BVISEMPTY( &rset[ j ] ) ) {
+ ber_dupbv_x( &bv, &lset[ i ], cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+
+ } else {
+ bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
+ bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
+ cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+ AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
+ AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
+ bv.bv_val[ bv.bv_len ] = '\0';
}
- AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
- AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
- bv.bv_val[ bv.bv_len ] = '\0';
for ( k = 0; k < last; k++ ) {
if ( bvmatch( &set[ k ], &bv ) ) {
@@ -264,18 +334,9 @@
}
done:;
- if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
- if ( !( op_flags & SLAP_SET_LREFVAL ))
- cp->set_op->o_tmpfree( lset->bv_val, cp->set_op->o_tmpmemctx );
- cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx );
- }
+ if ( lset ) slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ if ( rset ) slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
- if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
- if ( !( op_flags & SLAP_SET_RREFVAL ))
- cp->set_op->o_tmpfree( rset->bv_val, cp->set_op->o_tmpmemctx );
- cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx );
- }
-
return set;
}
@@ -289,7 +350,9 @@
if ( set == NULL ) {
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ if ( set != NULL ) {
+ BER_BVZERO( &set[ 0 ] );
+ }
return set;
}
@@ -299,7 +362,7 @@
nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( nset == NULL ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
return NULL;
}
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
@@ -308,7 +371,7 @@
nset = slap_set_join( cp, nset, '|', vals );
}
}
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
if ( closure ) {
for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
@@ -573,11 +636,11 @@
_error:
if ( IS_SET( set ) ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
}
while ( ( set = SF_POP() ) ) {
if ( IS_SET( set ) ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
}
}
return rc;
Modified: openldap/vendor/openldap-release/servers/slapd/syncrepl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syncrepl.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/syncrepl.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.49 2007/08/08 16:26:00 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.50 2007/10/05 08:36:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -2109,11 +2109,8 @@
for (i=0; uuids[i].bv_val; i++) {
op->ors_slimit = 1;
- slap_uuidstr_from_normalized( &uf.f_av_value, &uuids[i],
- op->o_tmpmemctx );
- filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
- op->o_tmpfree( uf.f_av_value.bv_val, op->o_tmpmemctx );
uf.f_av_value = uuids[i];
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
rc = be->be_search( op, &rs_search );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
Modified: openldap/vendor/openldap-release/servers/slapd/value.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/value.c 2007-09-17 21:00:52 UTC (rev 854)
+++ openldap/vendor/openldap-release/servers/slapd/value.c 2007-11-12 00:36:12 UTC (rev 855)
@@ -1,5 +1,5 @@
/* value.c - routines for dealing with values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.14 2007/01/02 21:43:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.15 2007/09/14 21:59:53 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -697,7 +697,21 @@
}
new = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
- if ( a->a_nvals && a->a_nvals != a->a_vals ) {
+
+ /* sanity check: if normalized modifications come in, either
+ * no values are present or normalized existing values differ
+ * from non-normalized; if no normalized modifications come in,
+ * either no values are present or normalized existing values
+ * don't differ from non-normalized */
+ if ( nvals != NULL ) {
+ assert( nvals != vals );
+ assert( a->a_nvals == NULL || a->a_nvals != a->a_vals );
+
+ } else {
+ assert( a->a_nvals == NULL || a->a_nvals == a->a_vals );
+ }
+
+ if ( ( a->a_nvals && a->a_nvals != a->a_vals ) || nvals != NULL ) {
nnew = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
/* Shouldn't happen... */
if ( !nvals ) nvals = vals;
More information about the Pkg-openldap-devel
mailing list