Branch '389-ds-base-1.2.11' - ldap/schema
by Mark Reynolds
ldap/schema/50ns-mail.ldif | 10 +--
ldap/schema/60qmail.ldif | 20 +++---
ldap/schema/60radius.ldif | 132 ++++++++++++++++++++++-----------------------
ldap/schema/60samba3.ldif | 2
4 files changed, 82 insertions(+), 82 deletions(-)
New commits:
commit 4a29fe1a3fae5a81007c7dec126f48baa03948e0
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 7 14:48:07 2013 -0400
Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3)
Bug Description: RFC 2252 (ldapv3), DESC, defined as a qdstring, should not
be an empty string. In the standard schema there are
several attributes/objectclasses that have " DESC '' ",
which violates the RFC.
Fix Description: Set all empty DESC's with values.
https://fedorahosted.org/389/ticket/47376
Reviewed by: richm & nkinder (Thanks!!)
(cherry picked from commit 9f73f01a408cef05f112f4ec406949f3d48afe78)
diff --git a/ldap/schema/50ns-mail.ldif b/ldap/schema/50ns-mail.ldif
index 8d06119..27006e0 100644
--- a/ldap/schema/50ns-mail.ldif
+++ b/ldap/schema/50ns-mail.ldif
@@ -73,8 +73,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME ( 'mailForwardingAddress' ) DESC
attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif
index b1bc391..98d0810 100644
--- a/ldap/schema/60qmail.ldif
+++ b/ldap/schema/60qmail.ldif
@@ -308,7 +308,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.1
NAME 'qladnmanager'
- DESC ''
+ DESC 'qladnmanager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
@@ -318,7 +318,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.2
NAME 'qlaDomainList'
- DESC ''
+ DESC 'qlaDomainList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -329,7 +329,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.3
NAME 'qlaUidPrefix'
- DESC ''
+ DESC 'qlaUidPrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -341,7 +341,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.4
NAME 'qlaQmailUid'
- DESC ''
+ DESC 'qlaQmailUid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -352,7 +352,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.5
NAME 'qlaQmailGid'
- DESC ''
+ DESC 'qlaQmailGid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -363,7 +363,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.6
NAME 'qlaMailMStorePrefix'
- DESC ''
+ DESC 'qlaMailMStorePrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -375,7 +375,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.7
NAME 'qlaMailQuotaSize'
- DESC ''
+ DESC 'qlaMailQuotaSize'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -386,7 +386,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.8
NAME 'qlaMailQuotaCount'
- DESC ''
+ DESC 'qlaMailQuotaCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -397,7 +397,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.9
NAME 'qlaMailSizeMax'
- DESC ''
+ DESC 'qlaMailSizeMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -408,7 +408,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.10
NAME 'qlaMailHostList'
- DESC ''
+ DESC 'qlaMailHostList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
diff --git a/ldap/schema/60radius.ldif b/ldap/schema/60radius.ldif
index 93a5ba3..3350a9c 100644
--- a/ldap/schema/60radius.ldif
+++ b/ldap/schema/60radius.ldif
@@ -14,7 +14,7 @@ dn: cn=schema
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.1
NAME 'radiusArapFeatures'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -22,7 +22,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.2
NAME 'radiusArapSecurity'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -30,7 +30,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.3
NAME 'radiusArapZoneAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -38,7 +38,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.44
NAME 'radiusAuthType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -46,7 +46,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.4
NAME 'radiusCallbackId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -54,7 +54,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.5
NAME 'radiusCallbackNumber'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -62,7 +62,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.6
NAME 'radiusCalledStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -70,7 +70,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.7
NAME 'radiusCallingStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -78,14 +78,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.8
NAME 'radiusClass'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.45
NAME 'radiusClientIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -93,14 +93,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.9
NAME 'radiusFilterId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.10
NAME 'radiusFramedAppleTalkLink'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -108,14 +108,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.11
NAME 'radiusFramedAppleTalkNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.12
NAME 'radiusFramedAppleTalkZone'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -123,14 +123,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.13
NAME 'radiusFramedCompression'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.14
NAME 'radiusFramedIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -138,7 +138,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.15
NAME 'radiusFramedIPNetmask'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -146,7 +146,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.16
NAME 'radiusFramedIPXNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -154,7 +154,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.17
NAME 'radiusFramedMTU'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -162,7 +162,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.18
NAME 'radiusFramedProtocol'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -170,14 +170,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.19
NAME 'radiusFramedRoute'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.20
NAME 'radiusFramedRouting'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -185,14 +185,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.46
NAME 'radiusGroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.47
NAME 'radiusHint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -200,14 +200,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.48
NAME 'radiusHuntgroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.21
NAME 'radiusIdleTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -215,14 +215,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.22
NAME 'radiusLoginIPHost'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.23
NAME 'radiusLoginLATGroup'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -230,7 +230,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.24
NAME 'radiusLoginLATNode'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -238,7 +238,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.25
NAME 'radiusLoginLATPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -246,7 +246,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.26
NAME 'radiusLoginLATService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -254,7 +254,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.27
NAME 'radiusLoginService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -262,7 +262,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.28
NAME 'radiusLoginTCPPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -270,7 +270,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.29
NAME 'radiusPasswordRetry'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -278,7 +278,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.30
NAME 'radiusPortLimit'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -286,7 +286,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.49
NAME 'radiusProfileDn'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
@@ -294,7 +294,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.31
NAME 'radiusPrompt'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -302,7 +302,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.50
NAME 'radiusProxyToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -310,7 +310,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.51
NAME 'radiusReplicateToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -318,7 +318,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.52
NAME 'radiusRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -326,7 +326,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.32
NAME 'radiusServiceType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -334,7 +334,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.33
NAME 'radiusSessionTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -342,7 +342,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.34
NAME 'radiusTerminationAction'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -350,21 +350,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.35
NAME 'radiusTunnelAssignmentId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.36
NAME 'radiusTunnelMediumType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.37
NAME 'radiusTunnelPassword'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -372,42 +372,42 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.38
NAME 'radiusTunnelPreference'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.39
NAME 'radiusTunnelPrivateGroupId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.40
NAME 'radiusTunnelServerEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.41
NAME 'radiusTunnelType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.42
NAME 'radiusVSA'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.43
NAME 'radiusTunnelClientEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -415,14 +415,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.53
NAME 'radiusSimultaneousUse'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.54
NAME 'radiusLoginTime'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -430,7 +430,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.55
NAME 'radiusUserCategory'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -438,14 +438,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.56
NAME 'radiusStripUserName'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.57
NAME 'dialupAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -453,7 +453,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.58
NAME 'radiusExpiration'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -461,21 +461,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.59
NAME 'radiusCheckItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.60
NAME 'radiusReplyItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.61
NAME 'radiusNASIpAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -483,7 +483,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.62
NAME 'radiusReplyMessage'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -491,7 +491,7 @@ objectClasses:
( 1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
SUP top AUXILIARY
- DESC ''
+ DESC 'radiusObjectclass'
MUST uid
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
@@ -529,7 +529,7 @@ objectClasses:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.64
NAME 'radiusClientSecret'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -537,7 +537,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.65
NAME 'radiusClientNASType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -545,7 +545,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.66
NAME 'radiusClientShortName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
diff --git a/ldap/schema/60samba3.ldif b/ldap/schema/60samba3.ldif
index 5dd5f31..91c17be 100644
--- a/ldap/schema/60samba3.ldif
+++ b/ldap/schema/60samba3.ldif
@@ -204,7 +204,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7165.2.1.47
NAME 'sambaMungedDial'
- DESC ''
+ DESC 'sambaMungedDial'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050}
)
10 years, 10 months
Branch '389-ds-base-1.3.0' - ldap/schema
by Mark Reynolds
ldap/schema/50ns-mail.ldif | 10 +--
ldap/schema/60qmail.ldif | 20 +++---
ldap/schema/60radius.ldif | 132 ++++++++++++++++++++++-----------------------
ldap/schema/60samba3.ldif | 2
4 files changed, 82 insertions(+), 82 deletions(-)
New commits:
commit e05c7b4c1f8ba981300fd942789cb89318c0b571
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 7 14:48:07 2013 -0400
Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3)
Bug Description: RFC 2252 (ldapv3), DESC, defined as a qdstring, should not
be an empty string. In the standard schema there are
several attributes/objectclasses that have " DESC '' ",
which violates the RFC.
Fix Description: Set all empty DESC's with values.
https://fedorahosted.org/389/ticket/47376
Reviewed by: richm & nkinder (Thanks!!)
(cherry picked from commit 9f73f01a408cef05f112f4ec406949f3d48afe78)
diff --git a/ldap/schema/50ns-mail.ldif b/ldap/schema/50ns-mail.ldif
index 8d06119..27006e0 100644
--- a/ldap/schema/50ns-mail.ldif
+++ b/ldap/schema/50ns-mail.ldif
@@ -73,8 +73,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME ( 'mailForwardingAddress' ) DESC
attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif
index b1bc391..98d0810 100644
--- a/ldap/schema/60qmail.ldif
+++ b/ldap/schema/60qmail.ldif
@@ -308,7 +308,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.1
NAME 'qladnmanager'
- DESC ''
+ DESC 'qladnmanager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
@@ -318,7 +318,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.2
NAME 'qlaDomainList'
- DESC ''
+ DESC 'qlaDomainList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -329,7 +329,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.3
NAME 'qlaUidPrefix'
- DESC ''
+ DESC 'qlaUidPrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -341,7 +341,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.4
NAME 'qlaQmailUid'
- DESC ''
+ DESC 'qlaQmailUid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -352,7 +352,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.5
NAME 'qlaQmailGid'
- DESC ''
+ DESC 'qlaQmailGid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -363,7 +363,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.6
NAME 'qlaMailMStorePrefix'
- DESC ''
+ DESC 'qlaMailMStorePrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -375,7 +375,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.7
NAME 'qlaMailQuotaSize'
- DESC ''
+ DESC 'qlaMailQuotaSize'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -386,7 +386,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.8
NAME 'qlaMailQuotaCount'
- DESC ''
+ DESC 'qlaMailQuotaCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -397,7 +397,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.9
NAME 'qlaMailSizeMax'
- DESC ''
+ DESC 'qlaMailSizeMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -408,7 +408,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.10
NAME 'qlaMailHostList'
- DESC ''
+ DESC 'qlaMailHostList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
diff --git a/ldap/schema/60radius.ldif b/ldap/schema/60radius.ldif
index 93a5ba3..3350a9c 100644
--- a/ldap/schema/60radius.ldif
+++ b/ldap/schema/60radius.ldif
@@ -14,7 +14,7 @@ dn: cn=schema
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.1
NAME 'radiusArapFeatures'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -22,7 +22,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.2
NAME 'radiusArapSecurity'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -30,7 +30,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.3
NAME 'radiusArapZoneAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -38,7 +38,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.44
NAME 'radiusAuthType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -46,7 +46,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.4
NAME 'radiusCallbackId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -54,7 +54,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.5
NAME 'radiusCallbackNumber'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -62,7 +62,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.6
NAME 'radiusCalledStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -70,7 +70,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.7
NAME 'radiusCallingStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -78,14 +78,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.8
NAME 'radiusClass'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.45
NAME 'radiusClientIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -93,14 +93,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.9
NAME 'radiusFilterId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.10
NAME 'radiusFramedAppleTalkLink'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -108,14 +108,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.11
NAME 'radiusFramedAppleTalkNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.12
NAME 'radiusFramedAppleTalkZone'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -123,14 +123,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.13
NAME 'radiusFramedCompression'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.14
NAME 'radiusFramedIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -138,7 +138,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.15
NAME 'radiusFramedIPNetmask'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -146,7 +146,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.16
NAME 'radiusFramedIPXNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -154,7 +154,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.17
NAME 'radiusFramedMTU'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -162,7 +162,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.18
NAME 'radiusFramedProtocol'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -170,14 +170,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.19
NAME 'radiusFramedRoute'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.20
NAME 'radiusFramedRouting'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -185,14 +185,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.46
NAME 'radiusGroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.47
NAME 'radiusHint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -200,14 +200,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.48
NAME 'radiusHuntgroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.21
NAME 'radiusIdleTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -215,14 +215,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.22
NAME 'radiusLoginIPHost'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.23
NAME 'radiusLoginLATGroup'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -230,7 +230,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.24
NAME 'radiusLoginLATNode'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -238,7 +238,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.25
NAME 'radiusLoginLATPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -246,7 +246,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.26
NAME 'radiusLoginLATService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -254,7 +254,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.27
NAME 'radiusLoginService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -262,7 +262,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.28
NAME 'radiusLoginTCPPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -270,7 +270,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.29
NAME 'radiusPasswordRetry'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -278,7 +278,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.30
NAME 'radiusPortLimit'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -286,7 +286,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.49
NAME 'radiusProfileDn'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
@@ -294,7 +294,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.31
NAME 'radiusPrompt'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -302,7 +302,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.50
NAME 'radiusProxyToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -310,7 +310,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.51
NAME 'radiusReplicateToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -318,7 +318,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.52
NAME 'radiusRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -326,7 +326,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.32
NAME 'radiusServiceType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -334,7 +334,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.33
NAME 'radiusSessionTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -342,7 +342,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.34
NAME 'radiusTerminationAction'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -350,21 +350,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.35
NAME 'radiusTunnelAssignmentId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.36
NAME 'radiusTunnelMediumType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.37
NAME 'radiusTunnelPassword'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -372,42 +372,42 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.38
NAME 'radiusTunnelPreference'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.39
NAME 'radiusTunnelPrivateGroupId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.40
NAME 'radiusTunnelServerEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.41
NAME 'radiusTunnelType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.42
NAME 'radiusVSA'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.43
NAME 'radiusTunnelClientEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -415,14 +415,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.53
NAME 'radiusSimultaneousUse'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.54
NAME 'radiusLoginTime'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -430,7 +430,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.55
NAME 'radiusUserCategory'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -438,14 +438,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.56
NAME 'radiusStripUserName'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.57
NAME 'dialupAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -453,7 +453,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.58
NAME 'radiusExpiration'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -461,21 +461,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.59
NAME 'radiusCheckItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.60
NAME 'radiusReplyItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.61
NAME 'radiusNASIpAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -483,7 +483,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.62
NAME 'radiusReplyMessage'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -491,7 +491,7 @@ objectClasses:
( 1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
SUP top AUXILIARY
- DESC ''
+ DESC 'radiusObjectclass'
MUST uid
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
@@ -529,7 +529,7 @@ objectClasses:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.64
NAME 'radiusClientSecret'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -537,7 +537,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.65
NAME 'radiusClientNASType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -545,7 +545,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.66
NAME 'radiusClientShortName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
diff --git a/ldap/schema/60samba3.ldif b/ldap/schema/60samba3.ldif
index 5dd5f31..91c17be 100644
--- a/ldap/schema/60samba3.ldif
+++ b/ldap/schema/60samba3.ldif
@@ -204,7 +204,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7165.2.1.47
NAME 'sambaMungedDial'
- DESC ''
+ DESC 'sambaMungedDial'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050}
)
10 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/schema
by Mark Reynolds
ldap/schema/50ns-mail.ldif | 10 +--
ldap/schema/60qmail.ldif | 20 +++---
ldap/schema/60radius.ldif | 132 ++++++++++++++++++++++-----------------------
ldap/schema/60samba3.ldif | 2
4 files changed, 82 insertions(+), 82 deletions(-)
New commits:
commit 75a40e892f24857ca7578bb9ed8886ed45bd4eac
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 7 14:48:07 2013 -0400
Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3)
Bug Description: RFC 2252 (ldapv3), DESC, defined as a qdstring, should not
be an empty string. In the standard schema there are
several attributes/objectclasses that have " DESC '' ",
which violates the RFC.
Fix Description: Set all empty DESC's with values.
https://fedorahosted.org/389/ticket/47376
Reviewed by: richm & nkinder (Thanks!!)
(cherry picked from commit 9f73f01a408cef05f112f4ec406949f3d48afe78)
diff --git a/ldap/schema/50ns-mail.ldif b/ldap/schema/50ns-mail.ldif
index 8d06119..27006e0 100644
--- a/ldap/schema/50ns-mail.ldif
+++ b/ldap/schema/50ns-mail.ldif
@@ -73,8 +73,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME ( 'mailForwardingAddress' ) DESC
attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif
index b1bc391..98d0810 100644
--- a/ldap/schema/60qmail.ldif
+++ b/ldap/schema/60qmail.ldif
@@ -308,7 +308,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.1
NAME 'qladnmanager'
- DESC ''
+ DESC 'qladnmanager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
@@ -318,7 +318,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.2
NAME 'qlaDomainList'
- DESC ''
+ DESC 'qlaDomainList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -329,7 +329,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.3
NAME 'qlaUidPrefix'
- DESC ''
+ DESC 'qlaUidPrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -341,7 +341,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.4
NAME 'qlaQmailUid'
- DESC ''
+ DESC 'qlaQmailUid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -352,7 +352,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.5
NAME 'qlaQmailGid'
- DESC ''
+ DESC 'qlaQmailGid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -363,7 +363,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.6
NAME 'qlaMailMStorePrefix'
- DESC ''
+ DESC 'qlaMailMStorePrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -375,7 +375,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.7
NAME 'qlaMailQuotaSize'
- DESC ''
+ DESC 'qlaMailQuotaSize'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -386,7 +386,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.8
NAME 'qlaMailQuotaCount'
- DESC ''
+ DESC 'qlaMailQuotaCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -397,7 +397,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.9
NAME 'qlaMailSizeMax'
- DESC ''
+ DESC 'qlaMailSizeMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -408,7 +408,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.10
NAME 'qlaMailHostList'
- DESC ''
+ DESC 'qlaMailHostList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
diff --git a/ldap/schema/60radius.ldif b/ldap/schema/60radius.ldif
index 93a5ba3..3350a9c 100644
--- a/ldap/schema/60radius.ldif
+++ b/ldap/schema/60radius.ldif
@@ -14,7 +14,7 @@ dn: cn=schema
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.1
NAME 'radiusArapFeatures'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -22,7 +22,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.2
NAME 'radiusArapSecurity'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -30,7 +30,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.3
NAME 'radiusArapZoneAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -38,7 +38,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.44
NAME 'radiusAuthType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -46,7 +46,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.4
NAME 'radiusCallbackId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -54,7 +54,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.5
NAME 'radiusCallbackNumber'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -62,7 +62,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.6
NAME 'radiusCalledStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -70,7 +70,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.7
NAME 'radiusCallingStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -78,14 +78,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.8
NAME 'radiusClass'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.45
NAME 'radiusClientIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -93,14 +93,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.9
NAME 'radiusFilterId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.10
NAME 'radiusFramedAppleTalkLink'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -108,14 +108,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.11
NAME 'radiusFramedAppleTalkNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.12
NAME 'radiusFramedAppleTalkZone'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -123,14 +123,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.13
NAME 'radiusFramedCompression'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.14
NAME 'radiusFramedIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -138,7 +138,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.15
NAME 'radiusFramedIPNetmask'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -146,7 +146,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.16
NAME 'radiusFramedIPXNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -154,7 +154,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.17
NAME 'radiusFramedMTU'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -162,7 +162,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.18
NAME 'radiusFramedProtocol'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -170,14 +170,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.19
NAME 'radiusFramedRoute'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.20
NAME 'radiusFramedRouting'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -185,14 +185,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.46
NAME 'radiusGroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.47
NAME 'radiusHint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -200,14 +200,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.48
NAME 'radiusHuntgroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.21
NAME 'radiusIdleTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -215,14 +215,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.22
NAME 'radiusLoginIPHost'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.23
NAME 'radiusLoginLATGroup'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -230,7 +230,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.24
NAME 'radiusLoginLATNode'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -238,7 +238,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.25
NAME 'radiusLoginLATPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -246,7 +246,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.26
NAME 'radiusLoginLATService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -254,7 +254,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.27
NAME 'radiusLoginService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -262,7 +262,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.28
NAME 'radiusLoginTCPPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -270,7 +270,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.29
NAME 'radiusPasswordRetry'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -278,7 +278,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.30
NAME 'radiusPortLimit'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -286,7 +286,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.49
NAME 'radiusProfileDn'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
@@ -294,7 +294,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.31
NAME 'radiusPrompt'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -302,7 +302,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.50
NAME 'radiusProxyToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -310,7 +310,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.51
NAME 'radiusReplicateToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -318,7 +318,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.52
NAME 'radiusRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -326,7 +326,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.32
NAME 'radiusServiceType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -334,7 +334,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.33
NAME 'radiusSessionTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -342,7 +342,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.34
NAME 'radiusTerminationAction'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -350,21 +350,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.35
NAME 'radiusTunnelAssignmentId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.36
NAME 'radiusTunnelMediumType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.37
NAME 'radiusTunnelPassword'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -372,42 +372,42 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.38
NAME 'radiusTunnelPreference'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.39
NAME 'radiusTunnelPrivateGroupId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.40
NAME 'radiusTunnelServerEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.41
NAME 'radiusTunnelType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.42
NAME 'radiusVSA'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.43
NAME 'radiusTunnelClientEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -415,14 +415,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.53
NAME 'radiusSimultaneousUse'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.54
NAME 'radiusLoginTime'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -430,7 +430,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.55
NAME 'radiusUserCategory'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -438,14 +438,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.56
NAME 'radiusStripUserName'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.57
NAME 'dialupAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -453,7 +453,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.58
NAME 'radiusExpiration'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -461,21 +461,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.59
NAME 'radiusCheckItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.60
NAME 'radiusReplyItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.61
NAME 'radiusNASIpAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -483,7 +483,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.62
NAME 'radiusReplyMessage'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -491,7 +491,7 @@ objectClasses:
( 1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
SUP top AUXILIARY
- DESC ''
+ DESC 'radiusObjectclass'
MUST uid
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
@@ -529,7 +529,7 @@ objectClasses:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.64
NAME 'radiusClientSecret'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -537,7 +537,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.65
NAME 'radiusClientNASType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -545,7 +545,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.66
NAME 'radiusClientShortName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
diff --git a/ldap/schema/60samba3.ldif b/ldap/schema/60samba3.ldif
index 5dd5f31..91c17be 100644
--- a/ldap/schema/60samba3.ldif
+++ b/ldap/schema/60samba3.ldif
@@ -204,7 +204,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7165.2.1.47
NAME 'sambaMungedDial'
- DESC ''
+ DESC 'sambaMungedDial'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050}
)
10 years, 10 months
ldap/schema
by Mark Reynolds
ldap/schema/50ns-mail.ldif | 10 +--
ldap/schema/60qmail.ldif | 20 +++---
ldap/schema/60radius.ldif | 132 ++++++++++++++++++++++-----------------------
ldap/schema/60samba3.ldif | 2
4 files changed, 82 insertions(+), 82 deletions(-)
New commits:
commit 9f73f01a408cef05f112f4ec406949f3d48afe78
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 7 14:48:07 2013 -0400
Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3)
Bug Description: RFC 2252 (ldapv3), DESC, defined as a qdstring, should not
be an empty string. In the standard schema there are
several attributes/objectclasses that have " DESC '' ",
which violates the RFC.
Fix Description: Set all empty DESC's with values.
https://fedorahosted.org/389/ticket/47376
Reviewed by: richm & nkinder (Thanks!!)
diff --git a/ldap/schema/50ns-mail.ldif b/ldap/schema/50ns-mail.ldif
index 8d06119..27006e0 100644
--- a/ldap/schema/50ns-mail.ldif
+++ b/ldap/schema/50ns-mail.ldif
@@ -73,8 +73,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME ( 'mailForwardingAddress' ) DESC
attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )
attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
-objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif
index b1bc391..98d0810 100644
--- a/ldap/schema/60qmail.ldif
+++ b/ldap/schema/60qmail.ldif
@@ -308,7 +308,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.1
NAME 'qladnmanager'
- DESC ''
+ DESC 'qladnmanager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
@@ -318,7 +318,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.2
NAME 'qlaDomainList'
- DESC ''
+ DESC 'qlaDomainList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -329,7 +329,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.3
NAME 'qlaUidPrefix'
- DESC ''
+ DESC 'qlaUidPrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -341,7 +341,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.4
NAME 'qlaQmailUid'
- DESC ''
+ DESC 'qlaQmailUid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -352,7 +352,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.5
NAME 'qlaQmailGid'
- DESC ''
+ DESC 'qlaQmailGid'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -363,7 +363,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.6
NAME 'qlaMailMStorePrefix'
- DESC ''
+ DESC 'qlaMailMStorePrefix'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
@@ -375,7 +375,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.7
NAME 'qlaMailQuotaSize'
- DESC ''
+ DESC 'qlaMailQuotaSize'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -386,7 +386,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.8
NAME 'qlaMailQuotaCount'
- DESC ''
+ DESC 'qlaMailQuotaCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -397,7 +397,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.9
NAME 'qlaMailSizeMax'
- DESC ''
+ DESC 'qlaMailSizeMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
@@ -408,7 +408,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7914.1.4.1.10
NAME 'qlaMailHostList'
- DESC ''
+ DESC 'qlaMailHostList'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
diff --git a/ldap/schema/60radius.ldif b/ldap/schema/60radius.ldif
index 93a5ba3..3350a9c 100644
--- a/ldap/schema/60radius.ldif
+++ b/ldap/schema/60radius.ldif
@@ -14,7 +14,7 @@ dn: cn=schema
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.1
NAME 'radiusArapFeatures'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -22,7 +22,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.2
NAME 'radiusArapSecurity'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -30,7 +30,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.3
NAME 'radiusArapZoneAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -38,7 +38,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.44
NAME 'radiusAuthType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -46,7 +46,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.4
NAME 'radiusCallbackId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -54,7 +54,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.5
NAME 'radiusCallbackNumber'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -62,7 +62,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.6
NAME 'radiusCalledStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -70,7 +70,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.7
NAME 'radiusCallingStationId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -78,14 +78,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.8
NAME 'radiusClass'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.45
NAME 'radiusClientIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -93,14 +93,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.9
NAME 'radiusFilterId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.10
NAME 'radiusFramedAppleTalkLink'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -108,14 +108,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.11
NAME 'radiusFramedAppleTalkNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.12
NAME 'radiusFramedAppleTalkZone'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -123,14 +123,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.13
NAME 'radiusFramedCompression'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.14
NAME 'radiusFramedIPAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -138,7 +138,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.15
NAME 'radiusFramedIPNetmask'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -146,7 +146,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.16
NAME 'radiusFramedIPXNetwork'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -154,7 +154,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.17
NAME 'radiusFramedMTU'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -162,7 +162,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.18
NAME 'radiusFramedProtocol'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -170,14 +170,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.19
NAME 'radiusFramedRoute'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.20
NAME 'radiusFramedRouting'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -185,14 +185,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.46
NAME 'radiusGroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.47
NAME 'radiusHint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -200,14 +200,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.48
NAME 'radiusHuntgroupName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.21
NAME 'radiusIdleTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -215,14 +215,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.22
NAME 'radiusLoginIPHost'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.23
NAME 'radiusLoginLATGroup'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -230,7 +230,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.24
NAME 'radiusLoginLATNode'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -238,7 +238,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.25
NAME 'radiusLoginLATPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -246,7 +246,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.26
NAME 'radiusLoginLATService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -254,7 +254,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.27
NAME 'radiusLoginService'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -262,7 +262,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.28
NAME 'radiusLoginTCPPort'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -270,7 +270,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.29
NAME 'radiusPasswordRetry'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -278,7 +278,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.30
NAME 'radiusPortLimit'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -286,7 +286,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.49
NAME 'radiusProfileDn'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
@@ -294,7 +294,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.31
NAME 'radiusPrompt'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -302,7 +302,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.50
NAME 'radiusProxyToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -310,7 +310,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.51
NAME 'radiusReplicateToRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -318,7 +318,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.52
NAME 'radiusRealm'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -326,7 +326,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.32
NAME 'radiusServiceType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -334,7 +334,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.33
NAME 'radiusSessionTimeout'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -342,7 +342,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.34
NAME 'radiusTerminationAction'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -350,21 +350,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.35
NAME 'radiusTunnelAssignmentId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.36
NAME 'radiusTunnelMediumType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.37
NAME 'radiusTunnelPassword'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -372,42 +372,42 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.38
NAME 'radiusTunnelPreference'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.39
NAME 'radiusTunnelPrivateGroupId'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.40
NAME 'radiusTunnelServerEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.41
NAME 'radiusTunnelType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.42
NAME 'radiusVSA'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.43
NAME 'radiusTunnelClientEndpoint'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -415,14 +415,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.53
NAME 'radiusSimultaneousUse'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.54
NAME 'radiusLoginTime'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -430,7 +430,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.55
NAME 'radiusUserCategory'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -438,14 +438,14 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.56
NAME 'radiusStripUserName'
- DESC ''
+ DESC 'radiusAttribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.57
NAME 'dialupAccess'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -453,7 +453,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.58
NAME 'radiusExpiration'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -461,21 +461,21 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.59
NAME 'radiusCheckItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.60
NAME 'radiusReplyItem'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.61
NAME 'radiusNASIpAddress'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -483,7 +483,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.62
NAME 'radiusReplyMessage'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -491,7 +491,7 @@ objectClasses:
( 1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
SUP top AUXILIARY
- DESC ''
+ DESC 'radiusObjectclass'
MUST uid
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
@@ -529,7 +529,7 @@ objectClasses:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.64
NAME 'radiusClientSecret'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -537,7 +537,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.65
NAME 'radiusClientNASType'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
@@ -545,7 +545,7 @@ attributeTypes:
attributeTypes:
( 1.3.6.1.4.1.3317.4.3.1.66
NAME 'radiusClientShortName'
- DESC ''
+ DESC 'radiusAttribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
diff --git a/ldap/schema/60samba3.ldif b/ldap/schema/60samba3.ldif
index 5dd5f31..91c17be 100644
--- a/ldap/schema/60samba3.ldif
+++ b/ldap/schema/60samba3.ldif
@@ -204,7 +204,7 @@ attributeTypes: (
attributeTypes: (
1.3.6.1.4.1.7165.2.1.47
NAME 'sambaMungedDial'
- DESC ''
+ DESC 'sambaMungedDial'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050}
)
10 years, 10 months
ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/start_tls_extop.c | 230 ++++++++++++++++-------------------
1 file changed, 110 insertions(+), 120 deletions(-)
New commits:
commit 944f7cd7e00a9fd458ce24234dcb91dbf37ac836
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed May 29 18:44:26 2013 -0600
Ticket #47375 - flush_ber error sending back start_tls response will deadlock
https://fedorahosted.org/389/ticket/47375
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: The deadlock is caused by the client (or intermediary network
device) closing the connection while the server is attempting to write to the
client, to send back the start tls "success" response. The server will lock
the c_mutex to disconnect the connection in this error case. Since the c_mutex
has already been locked in start_tls(), the server will deadlock. The polling
thread will also attempt to lock c_mutex, deadlocking it too, and the server
will become completely unresponsive. The fix for this part is to make sure
never to call send_ldap_result with c_mutex locked.
After the server sends back the "success" response, if the
client immediately issues a TLS session negotiation, the server may not
have yet completely set up the socket for TLS, and will attempt to use the
partially setup socket, which can crash. The fix for this is to setup the
socket for TLS IO using a Conn_IO_Layer callback, to establish the TLS IO
for the connection before the next read() operation.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit ae38b5fc5a40247e52bab960146ed23b286e05f6)
diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
index dffaeea..1efa657 100644
--- a/ldap/servers/slapd/start_tls_extop.c
+++ b/ldap/servers/slapd/start_tls_extop.c
@@ -72,7 +72,85 @@
Slapi_PluginDesc exopdesc = { "start_tls_plugin", VENDOR, DS_PACKAGE_VERSION,
"Start TLS extended operation plugin" };
+static int
+start_tls_io_enable(Connection *c, void *data /* UNUSED */)
+{
+ int secure = 1;
+ PRFileDesc *newsocket;
+ int rv = -1;
+ int ns;
+
+ /* So far we have set up the environment for deploying SSL. It's now time to import the socket
+ * into SSL and to configure it consequently. */
+
+ if ( slapd_ssl_listener_is_initialized() != 0 ) {
+ PRFileDesc * ssl_listensocket;
+
+ ssl_listensocket = get_ssl_listener_fd();
+ if ( ssl_listensocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL listener socket not found.\n" );
+ goto done;
+ }
+ newsocket = slapd_ssl_importFD( ssl_listensocket, c->c_prfd );
+ if ( newsocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import failed.\n" );
+ goto done;
+ }
+ } else {
+ if ( slapd_ssl_init2( &c->c_prfd, 1 ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import or configuration failed.\n" );
+ goto done;
+ }
+ newsocket = c->c_prfd;
+ }
+
+
+ rv = slapd_ssl_resetHandshake( newsocket, 1 );
+ if ( rv != SECSuccess ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "Unable to set socket ready for SSL handshake.\n" );
+ goto done;
+ }
+
+
+ /* From here on, messages will be sent through the SSL layer, so we need to get our
+ * connection ready. */
+
+ ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
+
+ c->c_flags |= CONN_FLAG_SSL;
+ c->c_flags |= CONN_FLAG_START_TLS;
+ c->c_sd = ns;
+ c->c_prfd = newsocket;
+
+ /* Get the effective key length */
+ SSL_SecurityStatus(c->c_prfd, NULL, NULL, NULL, &(c->c_ssl_ssf), NULL, NULL);
+ rv = slapd_ssl_handshakeCallback (c->c_prfd, (void *)handle_handshake_done, c);
+
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+
+ if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
+ rv = slapd_ssl_badCertHook (c->c_prfd, (void *)handle_bad_certificate, c);
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ c->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+ }
+
+done:
+ return rv;
+}
/* Start TLS Extended operation plugin function */
@@ -82,13 +160,12 @@ start_tls( Slapi_PBlock *pb )
char *oid;
Connection *conn;
- PRFileDesc *oldsocket, *newsocket;
- int secure;
- int ns;
#ifdef _WIN32
+ PRFileDesc *oldsocket;
int oldnativesocket;
#endif
- int rv;
+ int ldaprc = LDAP_SUCCESS;
+ char *ldapmsg = NULL;
/* Get the pb ready for sending Start TLS Extended Responses back to the client.
* The only requirement is to set the LDAP OID of the extended response to the START_TLS_OID. */
@@ -133,23 +210,23 @@ start_tls( Slapi_PBlock *pb )
conn = pb->pb_conn;
PR_Lock( conn->c_mutex );
+ /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
#ifndef _WIN32
- oldsocket = conn->c_prfd;
- if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Connection socket not available.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection socket not available.", 0, NULL );
+ if ( conn->c_prfd == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Connection socket not available.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection socket not available.";
goto unlock_and_return;
}
#else
oldnativesocket = conn->c_sd;
oldsocket = PR_ImportTCPSocket(oldnativesocket);
if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Failed to import NT native socket into NSPR.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Failed to import NT native socket into NSPR.", 0, NULL );
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Failed to import NT native socket into NSPR.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Failed to import NT native socket into NSPR.";
goto unlock_and_return;
}
#endif
@@ -160,8 +237,8 @@ start_tls( Slapi_PBlock *pb )
1 /* check for ops where result not yet sent */ )) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Other operations are still pending on the connection.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "Other operations are still pending on the connection.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "Other operations are still pending on the connection.";
goto unlock_and_return;
}
@@ -171,8 +248,8 @@ start_tls( Slapi_PBlock *pb )
/* slapi_send_ldap_result( pb, LDAP_REFERRAL, NULL, msg, 0, url ); */
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL not supported by this server.\n" );
- slapi_send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
- "SSL not supported by this server.", 0, NULL );
+ ldaprc = LDAP_PROTOCOL_ERROR;
+ ldapmsg = "SSL not supported by this server.";
goto unlock_and_return;
}
@@ -180,16 +257,16 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_SSL ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL connection already established.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SSL connection already established.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SSL connection already established.";
goto unlock_and_return;
}
if ( conn->c_flags & CONN_FLAG_SASL_CONTINUE ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SASL multi-stage bind in progress.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SASL multi-stage bind in progress.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SASL multi-stage bind in progress.";
goto unlock_and_return;
}
@@ -197,8 +274,8 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_CLOSING ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Connection being closed at this moment.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection being closed at this moment.", 0, NULL );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection being closed at this moment.";
goto unlock_and_return;
}
@@ -208,110 +285,23 @@ start_tls( Slapi_PBlock *pb )
* So, we may as well try initialising SSL. */
if ( slapd_security_library_is_initialized() == 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "NSS libraries not initialised.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "NSS libraries not initialised.", 0, NULL );
- goto unlock_and_return;
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "NSS libraries not initialised.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "NSS libraries not initialised.";
+ goto unlock_and_return;
}
+ /* Enable TLS I/O on the connection */
+ connection_set_io_layer_cb(conn, start_tls_io_enable, NULL, NULL);
/* Since no specific argument for denying the Start TLS request has been found,
* we send a success response back to the client. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Start TLS request accepted.Server willing to negotiate SSL.\n" );
- slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL,
- "Start TLS request accepted.Server willing to negotiate SSL.", 0, NULL );
-
-
- /* So far we have set up the environment for deploying SSL. It's now time to import the socket
- * into SSL and to configure it consequently. */
-
- if ( slapd_ssl_listener_is_initialized() != 0 ) {
- PRFileDesc * ssl_listensocket;
-
- ssl_listensocket = get_ssl_listener_fd();
- if ( ssl_listensocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL listener socket not found.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL listener socket not found.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = slapd_ssl_importFD( ssl_listensocket, oldsocket );
- if ( newsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import failed.", 0, NULL );
- goto unlock_and_return;
- }
- } else {
- if ( slapd_ssl_init2( &oldsocket, 1 ) != 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import or configuration failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import or configuration failed.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = oldsocket;
- }
-
-
- rv = slapd_ssl_resetHandshake( newsocket, 1 );
- if ( rv != SECSuccess ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Unable to set socket ready for SSL handshake.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Unable to set socket ready for SSL handshake.", 0, NULL );
- goto unlock_and_return;
- }
-
-
-
- /* From here on, messages will be sent through the SSL layer, so we need to get our
- * connection ready. */
-
- secure = 1;
- ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
-
- conn->c_flags |= CONN_FLAG_SSL;
- conn->c_flags |= CONN_FLAG_START_TLS;
- conn->c_sd = ns;
- conn->c_prfd = newsocket;
-
- /* Get the effective key length */
- SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-
- rv = slapd_ssl_handshakeCallback (conn->c_prfd, (void *)handle_handshake_done, conn);
-
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- rv, prerr, slapd_pr_strerror( prerr ) );
- }
-
- if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
- rv = slapd_ssl_badCertHook (conn->c_prfd, (void *)handle_bad_certificate, conn);
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- conn->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
- }
- }
-
-
- /* Once agreed in starting TLS, the handshake must be carried out. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Starting SSL Handshake.\n" );
-
+ ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
unlock_and_return:
PR_Unlock( conn->c_mutex );
+ slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
10 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/start_tls_extop.c | 230 ++++++++++++++++-------------------
1 file changed, 110 insertions(+), 120 deletions(-)
New commits:
commit 188fbd92a47077ac3087a60785d41453f9089f3a
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed May 29 18:44:26 2013 -0600
Ticket #47375 - flush_ber error sending back start_tls response will deadlock
https://fedorahosted.org/389/ticket/47375
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.3.1
Fix Description: The deadlock is caused by the client (or intermediary network
device) closing the connection while the server is attempting to write to the
client, to send back the start tls "success" response. The server will lock
the c_mutex to disconnect the connection in this error case. Since the c_mutex
has already been locked in start_tls(), the server will deadlock. The polling
thread will also attempt to lock c_mutex, deadlocking it too, and the server
will become completely unresponsive. The fix for this part is to make sure
never to call send_ldap_result with c_mutex locked.
After the server sends back the "success" response, if the
client immediately issues a TLS session negotiation, the server may not
have yet completely set up the socket for TLS, and will attempt to use the
partially setup socket, which can crash. The fix for this is to setup the
socket for TLS IO using a Conn_IO_Layer callback, to establish the TLS IO
for the connection before the next read() operation.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit ae38b5fc5a40247e52bab960146ed23b286e05f6)
(cherry picked from commit 944f7cd7e00a9fd458ce24234dcb91dbf37ac836)
diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
index dffaeea..1efa657 100644
--- a/ldap/servers/slapd/start_tls_extop.c
+++ b/ldap/servers/slapd/start_tls_extop.c
@@ -72,7 +72,85 @@
Slapi_PluginDesc exopdesc = { "start_tls_plugin", VENDOR, DS_PACKAGE_VERSION,
"Start TLS extended operation plugin" };
+static int
+start_tls_io_enable(Connection *c, void *data /* UNUSED */)
+{
+ int secure = 1;
+ PRFileDesc *newsocket;
+ int rv = -1;
+ int ns;
+
+ /* So far we have set up the environment for deploying SSL. It's now time to import the socket
+ * into SSL and to configure it consequently. */
+
+ if ( slapd_ssl_listener_is_initialized() != 0 ) {
+ PRFileDesc * ssl_listensocket;
+
+ ssl_listensocket = get_ssl_listener_fd();
+ if ( ssl_listensocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL listener socket not found.\n" );
+ goto done;
+ }
+ newsocket = slapd_ssl_importFD( ssl_listensocket, c->c_prfd );
+ if ( newsocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import failed.\n" );
+ goto done;
+ }
+ } else {
+ if ( slapd_ssl_init2( &c->c_prfd, 1 ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import or configuration failed.\n" );
+ goto done;
+ }
+ newsocket = c->c_prfd;
+ }
+
+
+ rv = slapd_ssl_resetHandshake( newsocket, 1 );
+ if ( rv != SECSuccess ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "Unable to set socket ready for SSL handshake.\n" );
+ goto done;
+ }
+
+
+ /* From here on, messages will be sent through the SSL layer, so we need to get our
+ * connection ready. */
+
+ ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
+
+ c->c_flags |= CONN_FLAG_SSL;
+ c->c_flags |= CONN_FLAG_START_TLS;
+ c->c_sd = ns;
+ c->c_prfd = newsocket;
+
+ /* Get the effective key length */
+ SSL_SecurityStatus(c->c_prfd, NULL, NULL, NULL, &(c->c_ssl_ssf), NULL, NULL);
+ rv = slapd_ssl_handshakeCallback (c->c_prfd, (void *)handle_handshake_done, c);
+
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+
+ if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
+ rv = slapd_ssl_badCertHook (c->c_prfd, (void *)handle_bad_certificate, c);
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ c->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+ }
+
+done:
+ return rv;
+}
/* Start TLS Extended operation plugin function */
@@ -82,13 +160,12 @@ start_tls( Slapi_PBlock *pb )
char *oid;
Connection *conn;
- PRFileDesc *oldsocket, *newsocket;
- int secure;
- int ns;
#ifdef _WIN32
+ PRFileDesc *oldsocket;
int oldnativesocket;
#endif
- int rv;
+ int ldaprc = LDAP_SUCCESS;
+ char *ldapmsg = NULL;
/* Get the pb ready for sending Start TLS Extended Responses back to the client.
* The only requirement is to set the LDAP OID of the extended response to the START_TLS_OID. */
@@ -133,23 +210,23 @@ start_tls( Slapi_PBlock *pb )
conn = pb->pb_conn;
PR_Lock( conn->c_mutex );
+ /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
#ifndef _WIN32
- oldsocket = conn->c_prfd;
- if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Connection socket not available.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection socket not available.", 0, NULL );
+ if ( conn->c_prfd == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Connection socket not available.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection socket not available.";
goto unlock_and_return;
}
#else
oldnativesocket = conn->c_sd;
oldsocket = PR_ImportTCPSocket(oldnativesocket);
if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Failed to import NT native socket into NSPR.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Failed to import NT native socket into NSPR.", 0, NULL );
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Failed to import NT native socket into NSPR.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Failed to import NT native socket into NSPR.";
goto unlock_and_return;
}
#endif
@@ -160,8 +237,8 @@ start_tls( Slapi_PBlock *pb )
1 /* check for ops where result not yet sent */ )) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Other operations are still pending on the connection.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "Other operations are still pending on the connection.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "Other operations are still pending on the connection.";
goto unlock_and_return;
}
@@ -171,8 +248,8 @@ start_tls( Slapi_PBlock *pb )
/* slapi_send_ldap_result( pb, LDAP_REFERRAL, NULL, msg, 0, url ); */
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL not supported by this server.\n" );
- slapi_send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
- "SSL not supported by this server.", 0, NULL );
+ ldaprc = LDAP_PROTOCOL_ERROR;
+ ldapmsg = "SSL not supported by this server.";
goto unlock_and_return;
}
@@ -180,16 +257,16 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_SSL ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL connection already established.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SSL connection already established.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SSL connection already established.";
goto unlock_and_return;
}
if ( conn->c_flags & CONN_FLAG_SASL_CONTINUE ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SASL multi-stage bind in progress.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SASL multi-stage bind in progress.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SASL multi-stage bind in progress.";
goto unlock_and_return;
}
@@ -197,8 +274,8 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_CLOSING ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Connection being closed at this moment.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection being closed at this moment.", 0, NULL );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection being closed at this moment.";
goto unlock_and_return;
}
@@ -208,110 +285,23 @@ start_tls( Slapi_PBlock *pb )
* So, we may as well try initialising SSL. */
if ( slapd_security_library_is_initialized() == 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "NSS libraries not initialised.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "NSS libraries not initialised.", 0, NULL );
- goto unlock_and_return;
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "NSS libraries not initialised.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "NSS libraries not initialised.";
+ goto unlock_and_return;
}
+ /* Enable TLS I/O on the connection */
+ connection_set_io_layer_cb(conn, start_tls_io_enable, NULL, NULL);
/* Since no specific argument for denying the Start TLS request has been found,
* we send a success response back to the client. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Start TLS request accepted.Server willing to negotiate SSL.\n" );
- slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL,
- "Start TLS request accepted.Server willing to negotiate SSL.", 0, NULL );
-
-
- /* So far we have set up the environment for deploying SSL. It's now time to import the socket
- * into SSL and to configure it consequently. */
-
- if ( slapd_ssl_listener_is_initialized() != 0 ) {
- PRFileDesc * ssl_listensocket;
-
- ssl_listensocket = get_ssl_listener_fd();
- if ( ssl_listensocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL listener socket not found.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL listener socket not found.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = slapd_ssl_importFD( ssl_listensocket, oldsocket );
- if ( newsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import failed.", 0, NULL );
- goto unlock_and_return;
- }
- } else {
- if ( slapd_ssl_init2( &oldsocket, 1 ) != 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import or configuration failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import or configuration failed.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = oldsocket;
- }
-
-
- rv = slapd_ssl_resetHandshake( newsocket, 1 );
- if ( rv != SECSuccess ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Unable to set socket ready for SSL handshake.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Unable to set socket ready for SSL handshake.", 0, NULL );
- goto unlock_and_return;
- }
-
-
-
- /* From here on, messages will be sent through the SSL layer, so we need to get our
- * connection ready. */
-
- secure = 1;
- ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
-
- conn->c_flags |= CONN_FLAG_SSL;
- conn->c_flags |= CONN_FLAG_START_TLS;
- conn->c_sd = ns;
- conn->c_prfd = newsocket;
-
- /* Get the effective key length */
- SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-
- rv = slapd_ssl_handshakeCallback (conn->c_prfd, (void *)handle_handshake_done, conn);
-
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- rv, prerr, slapd_pr_strerror( prerr ) );
- }
-
- if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
- rv = slapd_ssl_badCertHook (conn->c_prfd, (void *)handle_bad_certificate, conn);
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- conn->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
- }
- }
-
-
- /* Once agreed in starting TLS, the handshake must be carried out. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Starting SSL Handshake.\n" );
-
+ ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
unlock_and_return:
PR_Unlock( conn->c_mutex );
+ slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
10 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/start_tls_extop.c | 230 ++++++++++++++++-------------------
1 file changed, 110 insertions(+), 120 deletions(-)
New commits:
commit 01f7e5b10a70701b7af790e63cc56d39bc73efa4
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed May 29 18:44:26 2013 -0600
Ticket #47375 - flush_ber error sending back start_tls response will deadlock
https://fedorahosted.org/389/ticket/47375
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.2.11
Fix Description: The deadlock is caused by the client (or intermediary network
device) closing the connection while the server is attempting to write to the
client, to send back the start tls "success" response. The server will lock
the c_mutex to disconnect the connection in this error case. Since the c_mutex
has already been locked in start_tls(), the server will deadlock. The polling
thread will also attempt to lock c_mutex, deadlocking it too, and the server
will become completely unresponsive. The fix for this part is to make sure
never to call send_ldap_result with c_mutex locked.
After the server sends back the "success" response, if the
client immediately issues a TLS session negotiation, the server may not
have yet completely set up the socket for TLS, and will attempt to use the
partially setup socket, which can crash. The fix for this is to setup the
socket for TLS IO using a Conn_IO_Layer callback, to establish the TLS IO
for the connection before the next read() operation.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
index dffaeea..1efa657 100644
--- a/ldap/servers/slapd/start_tls_extop.c
+++ b/ldap/servers/slapd/start_tls_extop.c
@@ -72,7 +72,85 @@
Slapi_PluginDesc exopdesc = { "start_tls_plugin", VENDOR, DS_PACKAGE_VERSION,
"Start TLS extended operation plugin" };
+static int
+start_tls_io_enable(Connection *c, void *data /* UNUSED */)
+{
+ int secure = 1;
+ PRFileDesc *newsocket;
+ int rv = -1;
+ int ns;
+
+ /* So far we have set up the environment for deploying SSL. It's now time to import the socket
+ * into SSL and to configure it consequently. */
+
+ if ( slapd_ssl_listener_is_initialized() != 0 ) {
+ PRFileDesc * ssl_listensocket;
+
+ ssl_listensocket = get_ssl_listener_fd();
+ if ( ssl_listensocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL listener socket not found.\n" );
+ goto done;
+ }
+ newsocket = slapd_ssl_importFD( ssl_listensocket, c->c_prfd );
+ if ( newsocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import failed.\n" );
+ goto done;
+ }
+ } else {
+ if ( slapd_ssl_init2( &c->c_prfd, 1 ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import or configuration failed.\n" );
+ goto done;
+ }
+ newsocket = c->c_prfd;
+ }
+
+
+ rv = slapd_ssl_resetHandshake( newsocket, 1 );
+ if ( rv != SECSuccess ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "Unable to set socket ready for SSL handshake.\n" );
+ goto done;
+ }
+
+
+ /* From here on, messages will be sent through the SSL layer, so we need to get our
+ * connection ready. */
+
+ ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
+
+ c->c_flags |= CONN_FLAG_SSL;
+ c->c_flags |= CONN_FLAG_START_TLS;
+ c->c_sd = ns;
+ c->c_prfd = newsocket;
+
+ /* Get the effective key length */
+ SSL_SecurityStatus(c->c_prfd, NULL, NULL, NULL, &(c->c_ssl_ssf), NULL, NULL);
+ rv = slapd_ssl_handshakeCallback (c->c_prfd, (void *)handle_handshake_done, c);
+
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+
+ if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
+ rv = slapd_ssl_badCertHook (c->c_prfd, (void *)handle_bad_certificate, c);
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ c->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+ }
+
+done:
+ return rv;
+}
/* Start TLS Extended operation plugin function */
@@ -82,13 +160,12 @@ start_tls( Slapi_PBlock *pb )
char *oid;
Connection *conn;
- PRFileDesc *oldsocket, *newsocket;
- int secure;
- int ns;
#ifdef _WIN32
+ PRFileDesc *oldsocket;
int oldnativesocket;
#endif
- int rv;
+ int ldaprc = LDAP_SUCCESS;
+ char *ldapmsg = NULL;
/* Get the pb ready for sending Start TLS Extended Responses back to the client.
* The only requirement is to set the LDAP OID of the extended response to the START_TLS_OID. */
@@ -133,23 +210,23 @@ start_tls( Slapi_PBlock *pb )
conn = pb->pb_conn;
PR_Lock( conn->c_mutex );
+ /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
#ifndef _WIN32
- oldsocket = conn->c_prfd;
- if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Connection socket not available.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection socket not available.", 0, NULL );
+ if ( conn->c_prfd == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Connection socket not available.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection socket not available.";
goto unlock_and_return;
}
#else
oldnativesocket = conn->c_sd;
oldsocket = PR_ImportTCPSocket(oldnativesocket);
if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Failed to import NT native socket into NSPR.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Failed to import NT native socket into NSPR.", 0, NULL );
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Failed to import NT native socket into NSPR.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Failed to import NT native socket into NSPR.";
goto unlock_and_return;
}
#endif
@@ -160,8 +237,8 @@ start_tls( Slapi_PBlock *pb )
1 /* check for ops where result not yet sent */ )) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Other operations are still pending on the connection.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "Other operations are still pending on the connection.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "Other operations are still pending on the connection.";
goto unlock_and_return;
}
@@ -171,8 +248,8 @@ start_tls( Slapi_PBlock *pb )
/* slapi_send_ldap_result( pb, LDAP_REFERRAL, NULL, msg, 0, url ); */
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL not supported by this server.\n" );
- slapi_send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
- "SSL not supported by this server.", 0, NULL );
+ ldaprc = LDAP_PROTOCOL_ERROR;
+ ldapmsg = "SSL not supported by this server.";
goto unlock_and_return;
}
@@ -180,16 +257,16 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_SSL ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL connection already established.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SSL connection already established.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SSL connection already established.";
goto unlock_and_return;
}
if ( conn->c_flags & CONN_FLAG_SASL_CONTINUE ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SASL multi-stage bind in progress.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SASL multi-stage bind in progress.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SASL multi-stage bind in progress.";
goto unlock_and_return;
}
@@ -197,8 +274,8 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_CLOSING ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Connection being closed at this moment.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection being closed at this moment.", 0, NULL );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection being closed at this moment.";
goto unlock_and_return;
}
@@ -208,110 +285,23 @@ start_tls( Slapi_PBlock *pb )
* So, we may as well try initialising SSL. */
if ( slapd_security_library_is_initialized() == 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "NSS libraries not initialised.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "NSS libraries not initialised.", 0, NULL );
- goto unlock_and_return;
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "NSS libraries not initialised.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "NSS libraries not initialised.";
+ goto unlock_and_return;
}
+ /* Enable TLS I/O on the connection */
+ connection_set_io_layer_cb(conn, start_tls_io_enable, NULL, NULL);
/* Since no specific argument for denying the Start TLS request has been found,
* we send a success response back to the client. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Start TLS request accepted.Server willing to negotiate SSL.\n" );
- slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL,
- "Start TLS request accepted.Server willing to negotiate SSL.", 0, NULL );
-
-
- /* So far we have set up the environment for deploying SSL. It's now time to import the socket
- * into SSL and to configure it consequently. */
-
- if ( slapd_ssl_listener_is_initialized() != 0 ) {
- PRFileDesc * ssl_listensocket;
-
- ssl_listensocket = get_ssl_listener_fd();
- if ( ssl_listensocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL listener socket not found.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL listener socket not found.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = slapd_ssl_importFD( ssl_listensocket, oldsocket );
- if ( newsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import failed.", 0, NULL );
- goto unlock_and_return;
- }
- } else {
- if ( slapd_ssl_init2( &oldsocket, 1 ) != 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import or configuration failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import or configuration failed.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = oldsocket;
- }
-
-
- rv = slapd_ssl_resetHandshake( newsocket, 1 );
- if ( rv != SECSuccess ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Unable to set socket ready for SSL handshake.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Unable to set socket ready for SSL handshake.", 0, NULL );
- goto unlock_and_return;
- }
-
-
-
- /* From here on, messages will be sent through the SSL layer, so we need to get our
- * connection ready. */
-
- secure = 1;
- ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
-
- conn->c_flags |= CONN_FLAG_SSL;
- conn->c_flags |= CONN_FLAG_START_TLS;
- conn->c_sd = ns;
- conn->c_prfd = newsocket;
-
- /* Get the effective key length */
- SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-
- rv = slapd_ssl_handshakeCallback (conn->c_prfd, (void *)handle_handshake_done, conn);
-
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- rv, prerr, slapd_pr_strerror( prerr ) );
- }
-
- if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
- rv = slapd_ssl_badCertHook (conn->c_prfd, (void *)handle_bad_certificate, conn);
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- conn->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
- }
- }
-
-
- /* Once agreed in starting TLS, the handshake must be carried out. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Starting SSL Handshake.\n" );
-
+ ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
unlock_and_return:
PR_Unlock( conn->c_mutex );
+ slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
10 years, 10 months
Branch '389-ds-base-1.3.0' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/start_tls_extop.c | 230 ++++++++++++++++-------------------
1 file changed, 110 insertions(+), 120 deletions(-)
New commits:
commit e57be70e2a9cb83c1133f67cf180aac407c3770d
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed May 29 18:44:26 2013 -0600
Ticket #47375 - flush_ber error sending back start_tls response will deadlock
https://fedorahosted.org/389/ticket/47375
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.3.0
Fix Description: The deadlock is caused by the client (or intermediary network
device) closing the connection while the server is attempting to write to the
client, to send back the start tls "success" response. The server will lock
the c_mutex to disconnect the connection in this error case. Since the c_mutex
has already been locked in start_tls(), the server will deadlock. The polling
thread will also attempt to lock c_mutex, deadlocking it too, and the server
will become completely unresponsive. The fix for this part is to make sure
never to call send_ldap_result with c_mutex locked.
After the server sends back the "success" response, if the
client immediately issues a TLS session negotiation, the server may not
have yet completely set up the socket for TLS, and will attempt to use the
partially setup socket, which can crash. The fix for this is to setup the
socket for TLS IO using a Conn_IO_Layer callback, to establish the TLS IO
for the connection before the next read() operation.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit ae38b5fc5a40247e52bab960146ed23b286e05f6)
(cherry picked from commit 944f7cd7e00a9fd458ce24234dcb91dbf37ac836)
(cherry picked from commit 188fbd92a47077ac3087a60785d41453f9089f3a)
diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
index dffaeea..1efa657 100644
--- a/ldap/servers/slapd/start_tls_extop.c
+++ b/ldap/servers/slapd/start_tls_extop.c
@@ -72,7 +72,85 @@
Slapi_PluginDesc exopdesc = { "start_tls_plugin", VENDOR, DS_PACKAGE_VERSION,
"Start TLS extended operation plugin" };
+static int
+start_tls_io_enable(Connection *c, void *data /* UNUSED */)
+{
+ int secure = 1;
+ PRFileDesc *newsocket;
+ int rv = -1;
+ int ns;
+
+ /* So far we have set up the environment for deploying SSL. It's now time to import the socket
+ * into SSL and to configure it consequently. */
+
+ if ( slapd_ssl_listener_is_initialized() != 0 ) {
+ PRFileDesc * ssl_listensocket;
+
+ ssl_listensocket = get_ssl_listener_fd();
+ if ( ssl_listensocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL listener socket not found.\n" );
+ goto done;
+ }
+ newsocket = slapd_ssl_importFD( ssl_listensocket, c->c_prfd );
+ if ( newsocket == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import failed.\n" );
+ goto done;
+ }
+ } else {
+ if ( slapd_ssl_init2( &c->c_prfd, 1 ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL socket import or configuration failed.\n" );
+ goto done;
+ }
+ newsocket = c->c_prfd;
+ }
+
+
+ rv = slapd_ssl_resetHandshake( newsocket, 1 );
+ if ( rv != SECSuccess ) {
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "Unable to set socket ready for SSL handshake.\n" );
+ goto done;
+ }
+
+
+ /* From here on, messages will be sent through the SSL layer, so we need to get our
+ * connection ready. */
+
+ ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
+
+ c->c_flags |= CONN_FLAG_SSL;
+ c->c_flags |= CONN_FLAG_START_TLS;
+ c->c_sd = ns;
+ c->c_prfd = newsocket;
+
+ /* Get the effective key length */
+ SSL_SecurityStatus(c->c_prfd, NULL, NULL, NULL, &(c->c_ssl_ssf), NULL, NULL);
+ rv = slapd_ssl_handshakeCallback (c->c_prfd, (void *)handle_handshake_done, c);
+
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+
+ if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
+ rv = slapd_ssl_badCertHook (c->c_prfd, (void *)handle_bad_certificate, c);
+ if ( rv < 0 ) {
+ PRErrorCode prerr = PR_GetError();
+ slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
+ "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
+ c->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
+ }
+ }
+
+done:
+ return rv;
+}
/* Start TLS Extended operation plugin function */
@@ -82,13 +160,12 @@ start_tls( Slapi_PBlock *pb )
char *oid;
Connection *conn;
- PRFileDesc *oldsocket, *newsocket;
- int secure;
- int ns;
#ifdef _WIN32
+ PRFileDesc *oldsocket;
int oldnativesocket;
#endif
- int rv;
+ int ldaprc = LDAP_SUCCESS;
+ char *ldapmsg = NULL;
/* Get the pb ready for sending Start TLS Extended Responses back to the client.
* The only requirement is to set the LDAP OID of the extended response to the START_TLS_OID. */
@@ -133,23 +210,23 @@ start_tls( Slapi_PBlock *pb )
conn = pb->pb_conn;
PR_Lock( conn->c_mutex );
+ /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
#ifndef _WIN32
- oldsocket = conn->c_prfd;
- if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Connection socket not available.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection socket not available.", 0, NULL );
+ if ( conn->c_prfd == (PRFileDesc *) NULL ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Connection socket not available.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection socket not available.";
goto unlock_and_return;
}
#else
oldnativesocket = conn->c_sd;
oldsocket = PR_ImportTCPSocket(oldnativesocket);
if ( oldsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Failed to import NT native socket into NSPR.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Failed to import NT native socket into NSPR.", 0, NULL );
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "Failed to import NT native socket into NSPR.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Failed to import NT native socket into NSPR.";
goto unlock_and_return;
}
#endif
@@ -160,8 +237,8 @@ start_tls( Slapi_PBlock *pb )
1 /* check for ops where result not yet sent */ )) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Other operations are still pending on the connection.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "Other operations are still pending on the connection.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "Other operations are still pending on the connection.";
goto unlock_and_return;
}
@@ -171,8 +248,8 @@ start_tls( Slapi_PBlock *pb )
/* slapi_send_ldap_result( pb, LDAP_REFERRAL, NULL, msg, 0, url ); */
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL not supported by this server.\n" );
- slapi_send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
- "SSL not supported by this server.", 0, NULL );
+ ldaprc = LDAP_PROTOCOL_ERROR;
+ ldapmsg = "SSL not supported by this server.";
goto unlock_and_return;
}
@@ -180,16 +257,16 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_SSL ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SSL connection already established.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SSL connection already established.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SSL connection already established.";
goto unlock_and_return;
}
if ( conn->c_flags & CONN_FLAG_SASL_CONTINUE ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"SASL multi-stage bind in progress.\n" );
- slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- "SASL multi-stage bind in progress.", 0, NULL );
+ ldaprc = LDAP_OPERATIONS_ERROR;
+ ldapmsg = "SASL multi-stage bind in progress.";
goto unlock_and_return;
}
@@ -197,8 +274,8 @@ start_tls( Slapi_PBlock *pb )
if ( conn->c_flags & CONN_FLAG_CLOSING ) {
slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
"Connection being closed at this moment.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Connection being closed at this moment.", 0, NULL );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "Connection being closed at this moment.";
goto unlock_and_return;
}
@@ -208,110 +285,23 @@ start_tls( Slapi_PBlock *pb )
* So, we may as well try initialising SSL. */
if ( slapd_security_library_is_initialized() == 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "NSS libraries not initialised.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "NSS libraries not initialised.", 0, NULL );
- goto unlock_and_return;
+ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
+ "NSS libraries not initialised.\n" );
+ ldaprc = LDAP_UNAVAILABLE;
+ ldapmsg = "NSS libraries not initialised.";
+ goto unlock_and_return;
}
+ /* Enable TLS I/O on the connection */
+ connection_set_io_layer_cb(conn, start_tls_io_enable, NULL, NULL);
/* Since no specific argument for denying the Start TLS request has been found,
* we send a success response back to the client. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Start TLS request accepted.Server willing to negotiate SSL.\n" );
- slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL,
- "Start TLS request accepted.Server willing to negotiate SSL.", 0, NULL );
-
-
- /* So far we have set up the environment for deploying SSL. It's now time to import the socket
- * into SSL and to configure it consequently. */
-
- if ( slapd_ssl_listener_is_initialized() != 0 ) {
- PRFileDesc * ssl_listensocket;
-
- ssl_listensocket = get_ssl_listener_fd();
- if ( ssl_listensocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL listener socket not found.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL listener socket not found.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = slapd_ssl_importFD( ssl_listensocket, oldsocket );
- if ( newsocket == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import failed.", 0, NULL );
- goto unlock_and_return;
- }
- } else {
- if ( slapd_ssl_init2( &oldsocket, 1 ) != 0 ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "SSL socket import or configuration failed.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "SSL socket import or configuration failed.", 0, NULL );
- goto unlock_and_return;
- }
- newsocket = oldsocket;
- }
-
-
- rv = slapd_ssl_resetHandshake( newsocket, 1 );
- if ( rv != SECSuccess ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Unable to set socket ready for SSL handshake.\n" );
- slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL,
- "Unable to set socket ready for SSL handshake.", 0, NULL );
- goto unlock_and_return;
- }
-
-
-
- /* From here on, messages will be sent through the SSL layer, so we need to get our
- * connection ready. */
-
- secure = 1;
- ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
-
- conn->c_flags |= CONN_FLAG_SSL;
- conn->c_flags |= CONN_FLAG_START_TLS;
- conn->c_sd = ns;
- conn->c_prfd = newsocket;
-
- /* Get the effective key length */
- SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-
- rv = slapd_ssl_handshakeCallback (conn->c_prfd, (void *)handle_handshake_done, conn);
-
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- rv, prerr, slapd_pr_strerror( prerr ) );
- }
-
- if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) {
- rv = slapd_ssl_badCertHook (conn->c_prfd, (void *)handle_bad_certificate, conn);
- if ( rv < 0 ) {
- PRErrorCode prerr = PR_GetError();
- slapi_log_error( SLAPI_LOG_FATAL, "start_tls",
- "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
- conn->c_sd, rv, prerr, slapd_pr_strerror( prerr ) );
- }
- }
-
-
- /* Once agreed in starting TLS, the handshake must be carried out. */
-
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
- "Starting SSL Handshake.\n" );
-
+ ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
unlock_and_return:
PR_Unlock( conn->c_mutex );
+ slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
10 years, 10 months
Branch '389-ds-base-1.3.0' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/daemon.c | 16 ++++------------
ldap/servers/slapd/libglobs.c | 32 ++++++++++++++++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 2 ++
ldap/servers/slapd/slap.h | 10 ++++++++++
4 files changed, 48 insertions(+), 12 deletions(-)
New commits:
commit c886ecf49b2546997c9dc16a4656db70a08336a6
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Apr 16 08:26:03 2013 -0600
Ticket #47377 - make listen backlog size configurable
https://fedorahosted.org/389/ticket/47377
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.3.0
Fix Description: Add the attribute nsslapd-listen-backlog-size - this controls
the listening socket connection backlog maximum size. This corresponds to
the backlog parameter of the listen() system call. The default value is 128.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: yes - need to doc the new attribute
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 101cd75..d6ed7fa 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -101,14 +101,6 @@
#include "getsocketpeer.h"
#endif /* ENABLE_LDAPI */
-/*
- * Define the backlog number for use in listen() call.
- * We use the same definition as in ldapserver/include/base/systems.h
- */
-#ifndef DAEMON_LISTEN_SIZE
-#define DAEMON_LISTEN_SIZE 128
-#endif
-
#if defined (LDAP_IOCP)
#define SLAPD_WAKEUP_TIMER 250
#else
@@ -1085,7 +1077,7 @@ void slapd_daemon( daemon_ports_t *ports )
/* We are now ready to accept incoming connections */
#if defined( XP_WIN32 )
if ( n_tcps != SLAPD_INVALID_SOCKET
- && listen( n_tcps, DAEMON_LISTEN_SIZE ) == -1 ) {
+ && listen( n_tcps, config_get_listen_backlog_size() ) == -1 ) {
int oserr = errno;
char addrbuf[ 256 ];
@@ -1101,7 +1093,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **nap = ports->n_listenaddr;
for (fdesp = n_tcps; fdesp && *fdesp; fdesp++, nap++) {
- if ( PR_Listen( *fdesp, DAEMON_LISTEN_SIZE ) == PR_FAILURE ) {
+ if ( PR_Listen( *fdesp, config_get_listen_backlog_size() ) == PR_FAILURE ) {
PRErrorCode prerr = PR_GetError();
char addrbuf[ 256 ];
@@ -1121,7 +1113,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **sap = ports->s_listenaddr;
for (fdesp = s_tcps; fdesp && *fdesp; fdesp++, sap++) {
- if ( PR_Listen( *fdesp, DAEMON_LISTEN_SIZE ) == PR_FAILURE ) {
+ if ( PR_Listen( *fdesp, config_get_listen_backlog_size() ) == PR_FAILURE ) {
PRErrorCode prerr = PR_GetError();
char addrbuf[ 256 ];
@@ -1142,7 +1134,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **iap = ports->i_listenaddr;
for (fdesp = i_unix; fdesp && *fdesp; fdesp++, iap++) {
- if ( PR_Listen(*fdesp, DAEMON_LISTEN_SIZE) == PR_FAILURE) {
+ if ( PR_Listen(*fdesp, config_get_listen_backlog_size()) == PR_FAILURE) {
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "slapd_daemon",
"listen() on %s failed: error %d (%s)\n",
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index ac664a4..7b2de68 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -252,6 +252,7 @@ int init_entryusn_global;
int init_disk_monitoring;
int init_disk_logging_critical;
int init_ndn_cache_enabled;
+int init_listen_backlog_size;
#ifdef MEMPOOL_EXPERIMENTAL
int init_mempool_switch;
@@ -1012,6 +1013,10 @@ static struct config_get_and_set {
(void**)&global_slapdFrontendConfig.sasl_max_bufsize,
CONFIG_INT, (ConfigGetFunc)config_get_sasl_maxbufsize,
DEFAULT_SASL_MAXBUFSIZE},
+ {CONFIG_LISTEN_BACKLOG_SIZE, config_set_listen_backlog_size,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.listen_backlog_size, CONFIG_INT,
+ (ConfigGetFunc)config_get_listen_backlog_size, &init_listen_backlog_size}
#ifdef MEMPOOL_EXPERIMENTAL
,{CONFIG_MEMPOOL_SWITCH_ATTRIBUTE, config_set_mempool_switch,
NULL, 0,
@@ -1439,6 +1444,7 @@ FrontendConfig_init () {
cfg->ndn_cache_max_size = NDN_DEFAULT_SIZE;
cfg->sasl_max_bufsize = SLAPD_DEFAULT_SASL_MAXBUFSIZE;
+ init_listen_backlog_size = cfg->listen_backlog_size = DAEMON_LISTEN_SIZE;
#ifdef MEMPOOL_EXPERIMENTAL
init_mempool_switch = cfg->mempool_switch = LDAP_ON;
cfg->mempool_maxfreelist = 1024;
@@ -6681,6 +6687,32 @@ config_set_default_naming_context(const char *attrname,
return LDAP_SUCCESS;
}
+int
+config_set_listen_backlog_size( const char *attrname, char *value,
+ char *errorbuf, int apply )
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ if ( apply ) {
+ slapdFrontendConfig->listen_backlog_size = atoi(value);
+ }
+ return LDAP_SUCCESS;
+}
+
+int
+config_get_listen_backlog_size()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ retVal = slapdFrontendConfig->listen_backlog_size;
+ return retVal;
+}
+
/*
* This function is intended to be used from the dse code modify callback. It
* is "optimized" for that case because it takes a berval** of values, which is
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 0a90e92..788cd16 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -395,6 +395,7 @@ int config_set_auditlog_unhashed_pw(const char *attrname, char *value, char *err
int config_set_ndn_cache_enabled(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_listen_backlog_size(const char *attrname, char *value, char *errorbuf, int apply);
#if !defined(_WIN32) && !defined(AIX)
int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply );
@@ -556,6 +557,7 @@ char *config_get_allowed_sasl_mechs();
int config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf, int apply);
int config_get_schemamod();
int config_get_sasl_maxbufsize();
+int config_get_listen_backlog_size(void);
PLHashNumber hashNocaseString(const void *key);
PRIntn hashNocaseCompare(const void *v1, const void *v2);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 4026c37..fb4c5ac 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2054,6 +2054,15 @@ typedef struct _slapdEntryPoints {
#define CONFIG_NDN_CACHE_SIZE "nsslapd-ndn-cache-max-size"
#define CONFIG_ALLOWED_SASL_MECHS "nsslapd-allowed-sasl-mechanisms"
#define CONFIG_SASL_MAXBUFSIZE "nsslapd-sasl-max-buffer-size"
+#define CONFIG_LISTEN_BACKLOG_SIZE "nsslapd-listen-backlog-size"
+
+/*
+ * Define the backlog number for use in listen() call.
+ * We use the same definition as in ldapserver/include/base/systems.h
+ */
+#ifndef DAEMON_LISTEN_SIZE
+#define DAEMON_LISTEN_SIZE 128
+#endif
#ifdef MEMPOOL_EXPERIMENTAL
#define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool"
@@ -2249,6 +2258,7 @@ typedef struct _slapdFrontendConfig {
int minssf_exclude_rootdse; /* ON: minssf is ignored when searching rootdse */
size_t maxsasliosize; /* limit incoming SASL IO packet size */
char *anon_limits_dn; /* template entry for anonymous resource limits */
+ int listen_backlog_size; /* size of backlog parameter to PR_Listen */
#ifndef _WIN32
struct passwd *localuserinfo; /* userinfo of localuser */
#endif /* _WIN32 */
10 years, 10 months
ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/daemon.c | 16 ++++------------
ldap/servers/slapd/libglobs.c | 34 +++++++++++++++++++++++++++++++++-
ldap/servers/slapd/proto-slap.h | 3 ++-
ldap/servers/slapd/slap.h | 10 ++++++++++
4 files changed, 49 insertions(+), 14 deletions(-)
New commits:
commit ecaf0677d6b50bdf6a095d46244defe9d6bbf3be
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Apr 16 08:26:03 2013 -0600
Ticket #47377 - make listen backlog size configurable
https://fedorahosted.org/389/ticket/47377
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: Add the attribute nsslapd-listen-backlog-size - this controls
the listening socket connection backlog maximum size. This corresponds to
the backlog parameter of the listen() system call. The default value is 128.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: yes - need to doc the new attribute
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 0120aaa..bef10f3 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -101,14 +101,6 @@
#include "getsocketpeer.h"
#endif /* ENABLE_LDAPI */
-/*
- * Define the backlog number for use in listen() call.
- * We use the same definition as in ldapserver/include/base/systems.h
- */
-#ifndef DAEMON_LISTEN_SIZE
-#define DAEMON_LISTEN_SIZE 128
-#endif
-
#if defined (LDAP_IOCP)
#define SLAPD_WAKEUP_TIMER 250
#else
@@ -1085,7 +1077,7 @@ void slapd_daemon( daemon_ports_t *ports )
/* We are now ready to accept incoming connections */
#if defined( XP_WIN32 )
if ( n_tcps != SLAPD_INVALID_SOCKET
- && listen( n_tcps, DAEMON_LISTEN_SIZE ) == -1 ) {
+ && listen( n_tcps, config_get_listen_backlog_size() ) == -1 ) {
int oserr = errno;
char addrbuf[ 256 ];
@@ -1101,7 +1093,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **nap = ports->n_listenaddr;
for (fdesp = n_tcps; fdesp && *fdesp; fdesp++, nap++) {
- if ( PR_Listen( *fdesp, DAEMON_LISTEN_SIZE ) == PR_FAILURE ) {
+ if ( PR_Listen( *fdesp, config_get_listen_backlog_size() ) == PR_FAILURE ) {
PRErrorCode prerr = PR_GetError();
char addrbuf[ 256 ];
@@ -1121,7 +1113,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **sap = ports->s_listenaddr;
for (fdesp = s_tcps; fdesp && *fdesp; fdesp++, sap++) {
- if ( PR_Listen( *fdesp, DAEMON_LISTEN_SIZE ) == PR_FAILURE ) {
+ if ( PR_Listen( *fdesp, config_get_listen_backlog_size() ) == PR_FAILURE ) {
PRErrorCode prerr = PR_GetError();
char addrbuf[ 256 ];
@@ -1142,7 +1134,7 @@ void slapd_daemon( daemon_ports_t *ports )
PRFileDesc **fdesp;
PRNetAddr **iap = ports->i_listenaddr;
for (fdesp = i_unix; fdesp && *fdesp; fdesp++, iap++) {
- if ( PR_Listen(*fdesp, DAEMON_LISTEN_SIZE) == PR_FAILURE) {
+ if ( PR_Listen(*fdesp, config_get_listen_backlog_size()) == PR_FAILURE) {
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "slapd_daemon",
"listen() on %s failed: error %d (%s)\n",
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index b8fe9ba..12a1e03 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -259,6 +259,7 @@ slapi_onoff_t init_return_orig_type;
slapi_onoff_t init_enable_turbo_mode;
slapi_onoff_t init_connection_nocanon;
slapi_int_t init_connection_buffer;
+slapi_int_t init_listen_backlog_size;
#ifdef MEMPOOL_EXPERIMENTAL
slapi_onoff_t init_mempool_switch;
#endif
@@ -1057,7 +1058,11 @@ static struct config_get_and_set {
{CONFIG_CONNECTION_NOCANON, config_set_connection_nocanon,
NULL, 0,
(void**)&global_slapdFrontendConfig.connection_nocanon,
- CONFIG_ON_OFF, (ConfigGetFunc)config_get_connection_nocanon, &init_connection_nocanon}
+ CONFIG_ON_OFF, (ConfigGetFunc)config_get_connection_nocanon, &init_connection_nocanon},
+ {CONFIG_LISTEN_BACKLOG_SIZE, config_set_listen_backlog_size,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.listen_backlog_size, CONFIG_INT,
+ (ConfigGetFunc)config_get_listen_backlog_size, &init_listen_backlog_size}
#ifdef MEMPOOL_EXPERIMENTAL
,{CONFIG_MEMPOOL_SWITCH_ATTRIBUTE, config_set_mempool_switch,
NULL, 0,
@@ -1499,6 +1504,7 @@ FrontendConfig_init () {
init_connection_buffer = cfg->connection_buffer = CONNECTION_BUFFER_ON;
init_connection_nocanon = cfg->connection_nocanon = LDAP_ON;
+ init_listen_backlog_size = cfg->listen_backlog_size = DAEMON_LISTEN_SIZE;
#ifdef MEMPOOL_EXPERIMENTAL
init_mempool_switch = cfg->mempool_switch = LDAP_ON;
cfg->mempool_maxfreelist = 1024;
@@ -7024,6 +7030,32 @@ config_set_connection_buffer( const char *attrname, char *value,
return retVal;
}
+int
+config_set_listen_backlog_size( const char *attrname, char *value,
+ char *errorbuf, int apply )
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ if ( apply ) {
+ PR_AtomicSet(&slapdFrontendConfig->listen_backlog_size, atoi(value));
+ }
+ return LDAP_SUCCESS;
+}
+
+int
+config_get_listen_backlog_size()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ retVal = slapdFrontendConfig->listen_backlog_size;
+ return retVal;
+}
+
/*
* This function is intended to be used from the dse code modify callback. It
* is "optimized" for that case because it takes a berval** of values, which is
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 86284fc..dc73faa 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -402,6 +402,7 @@ int config_set_ndn_cache_max_size(const char *attrname, char *value, char *error
int config_set_unhashed_pw_switch(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_return_orig_type_switch(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_listen_backlog_size(const char *attrname, char *value, char *errorbuf, int apply);
#if !defined(_WIN32) && !defined(AIX)
int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply );
@@ -575,7 +576,7 @@ int config_get_connection_buffer();
int config_set_connection_buffer(const char *attrname, char *value, char *errorbuf, int apply);
int config_get_connection_nocanon();
int config_set_connection_nocanon(const char *attrname, char *value, char *errorbuf, int apply);
-
+int config_get_listen_backlog_size(void);
PLHashNumber hashNocaseString(const void *key);
PRIntn hashNocaseCompare(const void *v1, const void *v2);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index e1af7b9..f836b16 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2089,6 +2089,15 @@ typedef struct _slapdEntryPoints {
#define CONFIG_ENABLE_TURBO_MODE "nsslapd-enable-turbo-mode"
#define CONFIG_CONNECTION_BUFFER "nsslapd-connection-buffer"
#define CONFIG_CONNECTION_NOCANON "nsslapd-connection-nocanon"
+#define CONFIG_LISTEN_BACKLOG_SIZE "nsslapd-listen-backlog-size"
+
+/*
+ * Define the backlog number for use in listen() call.
+ * We use the same definition as in ldapserver/include/base/systems.h
+ */
+#ifndef DAEMON_LISTEN_SIZE
+#define DAEMON_LISTEN_SIZE 128
+#endif
#ifdef MEMPOOL_EXPERIMENTAL
#define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool"
@@ -2297,6 +2306,7 @@ typedef struct _slapdFrontendConfig {
slapi_onoff_t minssf_exclude_rootdse; /* ON: minssf is ignored when searching rootdse */
size_t maxsasliosize; /* limit incoming SASL IO packet size */
char *anon_limits_dn; /* template entry for anonymous resource limits */
+ slapi_int_t listen_backlog_size; /* size of backlog parameter to PR_Listen */
#ifndef _WIN32
struct passwd *localuserinfo; /* userinfo of localuser */
#endif /* _WIN32 */
10 years, 10 months