~ubuntu-branches/ubuntu/utopic/389-ds-base/utopic-proposed

« back to all changes in this revision

Viewing changes to ldap/admin/src/scripts/ns-activate.pl.in

Committer: Package Import Robot
Author(s): Timo Aaltonen
Date: 2014-02-03 11:08:50 UTC
mfrom: (0.2.1)
Revision ID: package-import@ubuntu.com-20140203110850-tjzx85elnke9fiu3

Tags: 1.3.2.9-1

http://bugs.debian.org/704077

http://bugs.debian.org/704421

http://bugs.debian.org/718325

http://bugs.debian.org/721222

http://bugs.debian.org/730115

* New upstream release.
  - fixes CVE-2013-0336 (Closes: #704077)
  - fixes CVE-2013-1897 (Closes: #704421)
  - fixes CVE-2013-2219 (Closes: #718325)
  - fixes CVE-2013-4283 (Closes: #721222)
  - fixes CVE-2013-4485 (Closes: #730115)
* Drop fix-CVE-2013-0312.diff, upstream.
* rules: Add new scripts to rename.
* fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP:
  #1088822)
* admin_scripts.diff: Add patch from upstream #47511 to fix bashisms.
* control: Add ldap-utils to -base depends.
* rules, rename-online-scripts.diff: Some scripts with .pl suffix are
  meant for an online server, so instead of overwriting the offline
  scripts use -online suffix.
* rules: Enable parallel build, but limit the jobs to 1 for
  dh_auto_install.
* control: Bump policy to 3.9.5, no changes.
* rules: Add get-orig-source target.
* lintian-overrides: Drop obsolete entries, add comments for the rest.

files added:
.pc/admin_scripts.diff

.pc/admin_scripts.diff/ldap

.pc/admin_scripts.diff/ldap/admin

.pc/admin_scripts.diff/ldap/admin/src

.pc/admin_scripts.diff/ldap/admin/src/scripts

.pc/admin_scripts.diff/ldap/admin/src/scripts/bak2db.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/db2bak.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/db2index.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/db2ldif.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/dbverify.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/dn2rdn.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/ldif2db.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/ldif2ldap.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/monitor.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/restart-dirsrv.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/restoreconfig.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/saveconfig.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/start-dirsrv.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/stop-dirsrv.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/suffix2instance.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/upgradedb.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/upgradednformat.in

.pc/admin_scripts.diff/ldap/admin/src/scripts/vlvindex.in

.pc/fix-sasl-path.diff

.pc/fix-sasl-path.diff/ldap

.pc/fix-sasl-path.diff/ldap/servers

.pc/fix-sasl-path.diff/ldap/servers/slapd

.pc/fix-sasl-path.diff/ldap/servers/slapd/ldaputil.c

.pc/fix-sasl-path.diff/ldap/servers/slapd/saslbind.c

.pc/rename-online-scripts.diff

.pc/rename-online-scripts.diff/ldap

.pc/rename-online-scripts.diff/ldap/admin

.pc/rename-online-scripts.diff/ldap/admin/src

.pc/rename-online-scripts.diff/ldap/admin/src/scripts

.pc/rename-online-scripts.diff/ldap/admin/src/scripts/template-bak2db.pl.in

.pc/rename-online-scripts.diff/ldap/admin/src/scripts/template-db2bak.pl.in

.pc/rename-online-scripts.diff/ldap/admin/src/scripts/template-db2index.pl.in

.pc/rename-online-scripts.diff/ldap/admin/src/scripts/template-db2ldif.pl.in

.pc/rename-online-scripts.diff/ldap/admin/src/scripts/template-ldif2db.pl.in

debian/patches/admin_scripts.diff

debian/patches/fix-sasl-path.diff

debian/patches/rename-online-scripts.diff

ldap/admin/src/scripts/50contentsync.ldif

ldap/admin/src/scripts/60upgradeconfigfiles.pl

ldap/admin/src/scripts/80upgradednformat.pl.in

ldap/admin/src/scripts/DSSharedLib.in

ldap/admin/src/scripts/bak2db.in

ldap/admin/src/scripts/bak2db.pl.in

ldap/admin/src/scripts/cleanallruv.pl.in

ldap/admin/src/scripts/db2bak.in

ldap/admin/src/scripts/db2bak.pl.in

ldap/admin/src/scripts/db2index.in

ldap/admin/src/scripts/db2index.pl.in

ldap/admin/src/scripts/db2ldif.in

ldap/admin/src/scripts/db2ldif.pl.in

ldap/admin/src/scripts/dbverify.in

ldap/admin/src/scripts/dn2rdn.in

ldap/admin/src/scripts/fixup-linkedattrs.pl.in

ldap/admin/src/scripts/fixup-memberof.pl.in

ldap/admin/src/scripts/ldif2db.in

ldap/admin/src/scripts/ldif2db.pl.in

ldap/admin/src/scripts/ldif2ldap.in

ldap/admin/src/scripts/monitor.in

ldap/admin/src/scripts/ns-accountstatus.pl.in

ldap/admin/src/scripts/ns-activate.pl.in

ldap/admin/src/scripts/ns-inactivate.pl.in

ldap/admin/src/scripts/ns-newpwpolicy.pl.in

ldap/admin/src/scripts/restoreconfig.in

ldap/admin/src/scripts/saveconfig.in

ldap/admin/src/scripts/schema-reload.pl.in

ldap/admin/src/scripts/suffix2instance.in

ldap/admin/src/scripts/syntax-validate.pl.in

ldap/admin/src/scripts/upgradedb.in

ldap/admin/src/scripts/upgradednformat.in

ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in

ldap/admin/src/scripts/verify-db.pl.in

ldap/admin/src/scripts/vlvindex.in

ldap/servers/plugins/sync

ldap/servers/plugins/sync/sync.h

ldap/servers/plugins/sync/sync_init.c

ldap/servers/plugins/sync/sync_persist.c

ldap/servers/plugins/sync/sync_refresh.c

ldap/servers/plugins/sync/sync_util.c

ldap/servers/plugins/whoami

ldap/servers/plugins/whoami/whoami.c

ldap/servers/slapd/mozldap.h

ldap/servers/slapd/openldapber.h

man/man8/bak2db.8

man/man8/bak2db.pl.8

man/man8/cleanallruv.pl.8

man/man8/db2bak.8

man/man8/db2bak.pl.8

man/man8/db2index.8

man/man8/db2index.pl.8

man/man8/db2ldif.8

man/man8/db2ldif.pl.8

man/man8/dbverify.8

man/man8/dn2rdn.8

man/man8/fixup-linkedattrs.pl.8

man/man8/fixup-memberof.pl.8

man/man8/ldif2db.8

man/man8/ldif2db.pl.8

man/man8/ldif2ldap.8

man/man8/monitor.8

man/man8/ns-accountstatus.pl.8

man/man8/ns-activate.pl.8

man/man8/ns-inactivate.pl.8

man/man8/ns-newpwpolicy.pl.8

man/man8/restoreconfig.8

man/man8/saveconfig.8

man/man8/schema-reload.pl.8

man/man8/suffix2instance.8

man/man8/syntax-validate.pl.8

man/man8/upgradedb.8

man/man8/upgradednformat.8

man/man8/usn-tombstone-cleanup.pl.8

man/man8/verify-db.pl.8

man/man8/vlvindex.8

rpm.mk

rpm/389-ds-base-devel.README

rpm/389-ds-base-git.sh

rpm/389-ds-base.spec.in

rpm/add_patches.sh

rpm/rpmverrel.sh

files removed:
.pc/fix-CVE-2013-0312.diff

.pc/fix-CVE-2013-0312.diff/ldap

.pc/fix-CVE-2013-0312.diff/ldap/servers

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/chainingdb

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/chainingdb/cb_controls.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/chainingdb/cb_utils.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/deref

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/deref/deref.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/dna

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/dna/dna.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/replication

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/replication/repl5_total.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/replication/repl_controls.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/replication/repl_extop.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/plugins/replication/windows_private.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/back-ldbm

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/back-ldbm/sort.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/back-ldbm/vlv.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/passwd_extop.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/proxyauth.c

.pc/fix-CVE-2013-0312.diff/ldap/servers/slapd/slapi-plugin.h

debian/patches/fix-CVE-2013-0312.diff

ldap/admin/src/scripts/80upgradednformat.pl

files modified:
.pc/applied-patches

.pc/default_user/configure.ac

Makefile.am

Makefile.in

VERSION.sh

aclocal.m4

compile

config.guess

config.h.in

config.sub

configure

configure.ac

debian/389-ds-base-libs.lintian-overrides

debian/389-ds-base.lintian-overrides

debian/changelog

debian/control

debian/patches/series

debian/rules

depcomp

include/base/ereport.h

include/base/file.h

include/i18n.h

include/libaccess/acl.h

include/libaccess/aclerror.h

include/libaccess/aclproto.h

include/libaccess/las.h

include/libaccess/nsautherr.h

include/libaccess/nserror.h

include/libaccess/symbols.h

include/public/nsacl/aclapi.h

include/public/nsacl/acldef.h

include/public/nsacl/nserrdef.h

install-sh

ldap/admin/src/logconv.pl

ldap/admin/src/scripts/20betxn.pl

ldap/admin/src/scripts/60upgradeschemafiles.pl

ldap/admin/src/scripts/DSCreate.pm.in

ldap/admin/src/scripts/DSDialogs.pm

ldap/admin/src/scripts/DSMigration.pm.in

ldap/admin/src/scripts/DSUtil.pm.in

ldap/admin/src/scripts/remove-ds.pl.in

ldap/admin/src/scripts/restart-dirsrv.in

ldap/admin/src/scripts/setup-ds.pl.in

ldap/admin/src/scripts/setup-ds.res.in

ldap/admin/src/scripts/start-dirsrv.in

ldap/admin/src/scripts/stop-dirsrv.in

ldap/admin/src/scripts/template-bak2db.in

ldap/admin/src/scripts/template-bak2db.pl.in

ldap/admin/src/scripts/template-cleanallruv.pl.in

ldap/admin/src/scripts/template-db2bak.in

ldap/admin/src/scripts/template-db2bak.pl.in

ldap/admin/src/scripts/template-db2index.in

ldap/admin/src/scripts/template-db2index.pl.in

ldap/admin/src/scripts/template-db2ldif.in

ldap/admin/src/scripts/template-db2ldif.pl.in

ldap/admin/src/scripts/template-dbverify.in

ldap/admin/src/scripts/template-dn2rdn.in

ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in

ldap/admin/src/scripts/template-fixup-memberof.pl.in

ldap/admin/src/scripts/template-ldif2db.in

ldap/admin/src/scripts/template-ldif2db.pl.in

ldap/admin/src/scripts/template-ldif2ldap.in

ldap/admin/src/scripts/template-monitor.in

ldap/admin/src/scripts/template-ns-accountstatus.pl.in

ldap/admin/src/scripts/template-ns-activate.pl.in

ldap/admin/src/scripts/template-ns-inactivate.pl.in

ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in

ldap/admin/src/scripts/template-restart-slapd.in

ldap/admin/src/scripts/template-restoreconfig.in

ldap/admin/src/scripts/template-saveconfig.in

ldap/admin/src/scripts/template-schema-reload.pl.in

ldap/admin/src/scripts/template-start-slapd.in

ldap/admin/src/scripts/template-stop-slapd.in

ldap/admin/src/scripts/template-suffix2instance.in

ldap/admin/src/scripts/template-syntax-validate.pl.in

ldap/admin/src/scripts/template-upgradedb.in

ldap/admin/src/scripts/template-upgradednformat.in

ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in

ldap/admin/src/scripts/template-verify-db.pl.in

ldap/admin/src/scripts/template-vlvindex.in

ldap/ldif/template-dse.ldif.in

ldap/libraries/libavl/avl.c

ldap/schema/01core389.ldif

ldap/schema/02common.ldif

ldap/schema/10dna-plugin.ldif

ldap/schema/50ns-mail.ldif

ldap/schema/60qmail.ldif

ldap/schema/60radius.ldif

ldap/schema/60samba3.ldif

ldap/schema/slapd-collations.conf

ldap/servers/plugins/acct_usability/acct_usability.c

ldap/servers/plugins/acctpolicy/acct_config.c

ldap/servers/plugins/acctpolicy/acct_init.c

ldap/servers/plugins/acctpolicy/acct_plugin.c

ldap/servers/plugins/acctpolicy/acct_util.c

ldap/servers/plugins/acctpolicy/acctpolicy.h

ldap/servers/plugins/acl/acl.c

ldap/servers/plugins/acl/acl.h

ldap/servers/plugins/acl/acl_ext.c

ldap/servers/plugins/acl/aclanom.c

ldap/servers/plugins/acl/acleffectiverights.c

ldap/servers/plugins/acl/aclinit.c

ldap/servers/plugins/acl/acllas.c

ldap/servers/plugins/acl/acllist.c

ldap/servers/plugins/acl/aclparse.c

ldap/servers/plugins/acl/aclutil.c

ldap/servers/plugins/automember/automember.c

ldap/servers/plugins/chainingdb/cb_conn_stateless.c

ldap/servers/plugins/chainingdb/cb_instance.c

ldap/servers/plugins/chainingdb/cb_utils.c

ldap/servers/plugins/collation/collate.c

ldap/servers/plugins/cos/cos.c

ldap/servers/plugins/cos/cos_cache.c

ldap/servers/plugins/deref/deref.c

ldap/servers/plugins/dna/dna.c

ldap/servers/plugins/http/http_impl.c

ldap/servers/plugins/linkedattrs/fixup_task.c

ldap/servers/plugins/linkedattrs/linked_attrs.c

ldap/servers/plugins/linkedattrs/linked_attrs.h

ldap/servers/plugins/memberof/memberof.c

ldap/servers/plugins/memberof/memberof.h

ldap/servers/plugins/memberof/memberof_config.c

ldap/servers/plugins/mep/mep.c

ldap/servers/plugins/pam_passthru/pam_ptconfig.c

ldap/servers/plugins/pam_passthru/pam_ptimpl.c

ldap/servers/plugins/pam_passthru/pam_ptpreop.c

ldap/servers/plugins/posix-winsync/posix-group-func.c

ldap/servers/plugins/posix-winsync/posix-group-func.h

ldap/servers/plugins/posix-winsync/posix-group-task.c

ldap/servers/plugins/posix-winsync/posix-winsync.c

ldap/servers/plugins/referint/referint.c

ldap/servers/plugins/replication/cl5.h

ldap/servers/plugins/replication/cl5_api.c

ldap/servers/plugins/replication/cl5_api.h

ldap/servers/plugins/replication/cl5_clcache.c

ldap/servers/plugins/replication/cl5_config.c

ldap/servers/plugins/replication/cl5_init.c

ldap/servers/plugins/replication/cl5_test.c

ldap/servers/plugins/replication/repl-session-plugin.h

ldap/servers/plugins/replication/repl5.h

ldap/servers/plugins/replication/repl5_agmt.c

ldap/servers/plugins/replication/repl5_agmtlist.c

ldap/servers/plugins/replication/repl5_connection.c

ldap/servers/plugins/replication/repl5_inc_protocol.c

ldap/servers/plugins/replication/repl5_init.c

ldap/servers/plugins/replication/repl5_mtnode_ext.c

ldap/servers/plugins/replication/repl5_plugins.c

ldap/servers/plugins/replication/repl5_prot_private.h

ldap/servers/plugins/replication/repl5_protocol.c

ldap/servers/plugins/replication/repl5_protocol_util.c

ldap/servers/plugins/replication/repl5_replica.c

ldap/servers/plugins/replication/repl5_replica_config.c

ldap/servers/plugins/replication/repl5_ruv.c

ldap/servers/plugins/replication/repl5_ruv.h

ldap/servers/plugins/replication/repl5_schedule.c

ldap/servers/plugins/replication/repl5_tot_protocol.c

ldap/servers/plugins/replication/repl5_total.c

ldap/servers/plugins/replication/repl_connext.c

ldap/servers/plugins/replication/repl_extop.c

ldap/servers/plugins/replication/repl_globals.c

ldap/servers/plugins/replication/repl_shared.h

ldap/servers/plugins/replication/replutil.c

ldap/servers/plugins/replication/urp.c

ldap/servers/plugins/replication/windows_connection.c

ldap/servers/plugins/replication/windows_inc_protocol.c

ldap/servers/plugins/replication/windows_private.c

ldap/servers/plugins/replication/windows_protocol_util.c

ldap/servers/plugins/replication/windows_tot_protocol.c

ldap/servers/plugins/replication/windowsrepl.h

ldap/servers/plugins/replication/winsync-plugin.h

ldap/servers/plugins/retrocl/retrocl.c

ldap/servers/plugins/retrocl/retrocl.h

ldap/servers/plugins/retrocl/retrocl_cn.c

ldap/servers/plugins/retrocl/retrocl_po.c

ldap/servers/plugins/roles/roles_cache.c

ldap/servers/plugins/roles/roles_cache.h

ldap/servers/plugins/roles/roles_plugin.c

ldap/servers/plugins/rootdn_access/rootdn_access.c

ldap/servers/plugins/rootdn_access/rootdn_access.h

ldap/servers/plugins/statechange/statechange.c

ldap/servers/plugins/syntaxes/string.c

ldap/servers/plugins/syntaxes/validate_task.c

ldap/servers/plugins/syntaxes/value.c

ldap/servers/plugins/uiduniq/7bit.c

ldap/servers/plugins/uiduniq/uid.c

ldap/servers/plugins/usn/usn.c

ldap/servers/plugins/views/views.c

ldap/servers/slapd/abandon.c

ldap/servers/slapd/add.c

ldap/servers/slapd/agtmmap.c

ldap/servers/slapd/agtmmap.h

ldap/servers/slapd/attr.c

ldap/servers/slapd/attrlist.c

ldap/servers/slapd/attrsyntax.c

ldap/servers/slapd/auth.c

ldap/servers/slapd/back-ldbm/ancestorid.c

ldap/servers/slapd/back-ldbm/archive.c

ldap/servers/slapd/back-ldbm/back-ldbm.h

ldap/servers/slapd/back-ldbm/cache.c

ldap/servers/slapd/back-ldbm/dbhelp.c

ldap/servers/slapd/back-ldbm/dblayer.c

ldap/servers/slapd/back-ldbm/dblayer.h

ldap/servers/slapd/back-ldbm/dbsize.c

ldap/servers/slapd/back-ldbm/dbverify.c

ldap/servers/slapd/back-ldbm/dbversion.c

ldap/servers/slapd/back-ldbm/filterindex.c

ldap/servers/slapd/back-ldbm/id2entry.c

ldap/servers/slapd/back-ldbm/idl.c

ldap/servers/slapd/back-ldbm/idl_common.c

ldap/servers/slapd/back-ldbm/idl_new.c

ldap/servers/slapd/back-ldbm/import-merge.c

ldap/servers/slapd/back-ldbm/import-threads.c

ldap/servers/slapd/back-ldbm/import.c

ldap/servers/slapd/back-ldbm/import.h

ldap/servers/slapd/back-ldbm/index.c

ldap/servers/slapd/back-ldbm/ldbm_add.c

ldap/servers/slapd/back-ldbm/ldbm_attr.c

ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c

ldap/servers/slapd/back-ldbm/ldbm_config.c

ldap/servers/slapd/back-ldbm/ldbm_config.h

ldap/servers/slapd/back-ldbm/ldbm_delete.c

ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c

ldap/servers/slapd/back-ldbm/ldbm_modify.c

ldap/servers/slapd/back-ldbm/ldbm_modrdn.c

ldap/servers/slapd/back-ldbm/ldbm_search.c

ldap/servers/slapd/back-ldbm/ldbm_usn.c

ldap/servers/slapd/back-ldbm/ldif2ldbm.c

ldap/servers/slapd/back-ldbm/misc.c

ldap/servers/slapd/back-ldbm/monitor.c

ldap/servers/slapd/back-ldbm/parents.c

ldap/servers/slapd/back-ldbm/proto-back-ldbm.h

ldap/servers/slapd/back-ldbm/seq.c

ldap/servers/slapd/back-ldbm/sort.c

ldap/servers/slapd/back-ldbm/start.c

ldap/servers/slapd/back-ldbm/upgrade.c

ldap/servers/slapd/back-ldbm/vlv.c

ldap/servers/slapd/backend.c

ldap/servers/slapd/bind.c

ldap/servers/slapd/charray.c

ldap/servers/slapd/compare.c

ldap/servers/slapd/computed.c

ldap/servers/slapd/config.c

ldap/servers/slapd/configdse.c

ldap/servers/slapd/connection.c

ldap/servers/slapd/conntable.c

ldap/servers/slapd/control.c

ldap/servers/slapd/csn.c

ldap/servers/slapd/csngen.c

ldap/servers/slapd/daemon.c

ldap/servers/slapd/delete.c

ldap/servers/slapd/dn.c

ldap/servers/slapd/dse.c

ldap/servers/slapd/dynalib.c

ldap/servers/slapd/entry.c

ldap/servers/slapd/entrywsi.c

ldap/servers/slapd/errormap.c

ldap/servers/slapd/extendop.c

ldap/servers/slapd/fe.h

ldap/servers/slapd/fedse.c

ldap/servers/slapd/filterentry.c

ldap/servers/slapd/getfilelist.c

ldap/servers/slapd/globals.c

ldap/servers/slapd/ldaputil.c

ldap/servers/slapd/libglobs.c

ldap/servers/slapd/libslapd.def

ldap/servers/slapd/log.c

ldap/servers/slapd/main.c

ldap/servers/slapd/mapping_tree.c

ldap/servers/slapd/modify.c

ldap/servers/slapd/modrdn.c

ldap/servers/slapd/monitor.c

ldap/servers/slapd/ntperfdll/nsldapctr.cpp

ldap/servers/slapd/ntperfdll/nsldapctrdef.h

ldap/servers/slapd/ntperfdll/nsldapctrs.h

ldap/servers/slapd/operation.c

ldap/servers/slapd/opshared.c

ldap/servers/slapd/pagedresults.c

ldap/servers/slapd/pblock.c

ldap/servers/slapd/plugin.c

ldap/servers/slapd/plugin_acl.c

ldap/servers/slapd/plugin_syntax.c

ldap/servers/slapd/proto-slap.h

ldap/servers/slapd/proxyauth.c

ldap/servers/slapd/psearch.c

ldap/servers/slapd/pw.c

ldap/servers/slapd/pw.h

ldap/servers/slapd/pw_mgmt.c

ldap/servers/slapd/rdn.c

ldap/servers/slapd/regex.c

ldap/servers/slapd/result.c

ldap/servers/slapd/sasl_io.c

ldap/servers/slapd/sasl_map.c

ldap/servers/slapd/saslbind.c

ldap/servers/slapd/schema.c

ldap/servers/slapd/search.c

ldap/servers/slapd/slap.h

ldap/servers/slapd/slapi-plugin.h

ldap/servers/slapd/slapi-private.h

ldap/servers/slapd/snmp_collator.c

ldap/servers/slapd/sort.c

ldap/servers/slapd/ssl.c

ldap/servers/slapd/start_tls_extop.c

ldap/servers/slapd/str2filter.c

ldap/servers/slapd/task.c

ldap/servers/slapd/test-plugins/testdbinterop.c

ldap/servers/slapd/tools/dbscan.c

ldap/servers/slapd/tools/ldclt/data.c

ldap/servers/slapd/tools/ldclt/ldapfct.c

ldap/servers/slapd/tools/ldclt/ldclt.c

ldap/servers/slapd/tools/ldclt/ldclt.h

ldap/servers/slapd/tools/ldclt/threadMain.c

ldap/servers/slapd/tools/ldclt/utils.c

ldap/servers/slapd/tools/ldclt/utils.h

ldap/servers/slapd/tools/mmldif.c

ldap/servers/slapd/tools/pwenc.c

ldap/servers/slapd/tools/rsearch/infadd.c

ldap/servers/slapd/tools/rsearch/nametable.c

ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl.in

ldap/servers/slapd/tools/rsearch/sdattable.c

ldap/servers/slapd/tools/rsearch/searchthread.c

ldap/servers/slapd/unbind.c

ldap/servers/slapd/util.c

ldap/servers/slapd/uuid.c

ldap/servers/slapd/valueset.c

ldap/servers/slapd/vattr.c

ldap/servers/snmp/ldap-agent.c

ldap/servers/snmp/ldap-agent.h

ldap/servers/snmp/main.c

ldap/servers/snmp/ntagt/nsldapagt_nt.c

ldap/servers/snmp/ntagt/nsldapagt_nt.h

ldap/servers/snmp/redhat-directory.mib

lib/base/file.cpp

lib/base/pool.cpp

lib/base/util.cpp

lib/ldaputil/cert.c

lib/ldaputil/dbconf.c

lib/libaccess/acl.tab.cpp

lib/libaccess/aclerror.cpp

lib/libaccess/acleval.cpp

lib/libaccess/aclspace.cpp

lib/libaccess/acltext.y

lib/libaccess/acltools.cpp

lib/libaccess/lasdns.cpp

lib/libaccess/lasip.cpp

lib/libaccess/nsautherr.cpp

lib/libaccess/nseframe.cpp

lib/libaccess/oneeval.cpp

lib/libaccess/register.cpp

lib/libaccess/symbols.cpp

lib/libadmin/error.c

lib/libsi18n/getstrprop.c

ltmain.sh *

man/man1/logconv.pl.1

missing

Show diffs side-by-side

added added

removed removed

ldap/admin/src/scripts/ns-activate.pl.in

#!@perlexec@

# BEGIN COPYRIGHT BLOCK

# This Program is free software; you can redistribute it and/or modify it under

# the terms of the GNU General Public License as published by the Free Software

# Foundation; version 2 of the License.

# This Program is distributed in the hope that it will be useful, but WITHOUT

# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS

# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

# You should have received a copy of the GNU General Public License along with

# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple

# Place, Suite 330, Boston, MA 02111-1307 USA.

# In addition, as a special exception, Red Hat, Inc. gives You the additional

# right to link the code of this Program with code not covered under the GNU

# General Public License ("Non-GPL Code") and to distribute linked combinations

# including the two, subject to the limitations in this paragraph. Non-GPL Code

# permitted under this exception must only link to the code of this Program

# through those well defined interfaces identified in the file named EXCEPTION

# found in the source code files (the "Approved Interfaces"). The files of

# Non-GPL Code may instantiate templates or use macros or inline functions from

# the Approved Interfaces without causing the resulting work to be covered by

# the GNU General Public License. Only Red Hat, Inc. may make changes or

# additions to the list of Approved Interfaces. You must obey the GNU General

# Public License in all respects for all of the Program code and other code used

# in conjunction with the Program except the Non-GPL Code covered by this

# exception. If you modify this file, you may extend this exception to your

# version of the file, but you are not obligated to do so. If you do not wish to

# provide this exception without modification, you must delete this exception

# statement from your version and license this file solely under the GPL without

# exception.

# END COPYRIGHT BLOCK

use lib qw(@perlpath@);

use DSUtil;

DSUtil::libpath_add("@nss_libdir@");

DSUtil::libpath_add("/usr/lib");

$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin:/usr/lib64/mozldap/";

$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";

$single = 0;

$role = 0;

###############################

# SUB-ROUTINES

###############################

sub usage

{

print (STDERR "ns-activate.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");

print (STDERR " [-p port] [-h host] [-P protocol] -I DN-to-$operation\n\n");

print (STDERR "May be used to $operation a user or a domain of users\n\n");

print (STDERR "Arguments:\n");

print (STDERR " -? - Display usage\n");

print (STDERR " -D rootdn - Provide a Directory Manager DN\n");

print (STDERR " -w password - Provide a password for the Directory Manager DN\n");

print (STDERR " -w - - Prompt for the Directory Manager's password\n");

print (STDERR " -Z serverID - Server instance identifier\n");

print (STDERR " -j filename - Read the Directory Manager's password from file\n");

print (STDERR " -p port - Provide a port\n");

print (STDERR " -h host - Provide a host name'\n");

print (STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n");

print (STDERR " -I DN-to-$operation - Single entry DN or role DN to $operation\n");

}

sub debug

{

# print " ==> @_";

}

sub out

{

print "@_";

}

# --------------------------

# Check if the entry is part of a locked role:

# i.e.: for each role member (nsroledn) of nsdisabledrole, check if

# * it is the same as the entry

# * the entry is member of role (==has nsroledn attributes), compare each of

# them with the nsroledn of nsdisabledrole

# * if nsroledn of nsdisabledrole are complex, go through each of them

# argv[0] is the local file handler

# argv[1] is the entry (may be a single entry DN or a role DN)

# argv[2] is the base for the search

# --------------------------

$throughRole="";

sub indirectLock

100

{

101

# For recursivity, file handler must be local

102

my $L_filehandle=$_[0];

103

$L_filehandle++;

104

105

my $L_entry=$_[1];

106

# Remove useless space

107

my @L_intern=split /([,])/,$L_entry;

108

my $L_result="";

109

foreach $L_part (@L_intern){

110

$L_part=~s/^ +//;

111

$L_part=~ tr/A-Z/a-z/;

112

$L_result="$L_result$L_part";

113

}

114

$L_entry=$L_result;

115

116

my $L_base=$_[2];

117

my $L_search;

118

my $L_currentrole;

119

my $L_retCode;

120

my $L_local;

121

122

$info{base} = $L_base;

123

$info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))";

124

$info{scope} = "base";

125

$info{attrs} = "nsroledn";

126

$info{redirect} = ">> /dev/null 2>&1";

127

DSUtil::ldapsrch_ext(%info);

128

$info{redirect} = "";

129

$retCode=$?;

130

if ( $retCode != 0 ){

131

$retCode=$?>>8;

132

return 1;

133

}

134

135

# Check if the role is a nested role

136

$info{filter} = "(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))";

137

$info{attrs} = "";

138

@L_Nested=DSUtil::ldapsrch(%info);

139

# L_isNested == 1 means that we are going through a nested role, so for each member of that

140

# nested role, check that the member is below the scope of the nested

141

$L_isNested=@L_Nested;

142

143

# Not Direct Lock, Go through roles if any

144

$info{attrs} = "nsroledn";

145

$info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))";

146

$L_search=DSUtil::ldapsrch(%info);

147

148

debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");

149

150

unless (open ($L_filehandle, "$L_search |")){

151

out("Can't open file $L_filehandle\n");

152

exit;

153

}

154

while (<$L_filehandle>) {

155

s/\n //g;

156

if (/^nsroledn: (.*)\n/) {

157

$L_currentrole = $1;

158

159

# Remove useless space

160

my @L_intern=split /([,])/,$L_currentrole;

161

my $L_result="";

162

foreach $L_part (@L_intern){

163

$L_part=~s/^ +//;

164

$L_part=~ tr/A-Z/a-z/;

165

$L_result="$L_result$L_part";

166

}

167

$L_currentrole=$L_result;

168

169

debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");

170

if ( $L_isNested == 1 ){

171

if ( checkScope($L_currentrole, $L_base) == 0 ){

172

# Scope problem probably a bad conf, skip the currentrole

173

next;

174

}

175

}

176

177

if ( $L_currentrole eq $L_entry ){

178

# the entry is a role that is directly locked

179

# i.e, nsroledn of nsdisabledrole contains the entry

180

$throughRole=$L_base;

181

$throughRole=~ tr/A-Z/a-z/;

182

183

# skipDisabled means that we've just found that the entry (which is a role)

184

# is locked directly (==its DN is part of nsroledn attributes)

185

# we just want to know now, if it is locked through another role

186

# at least, one

187

if ( $skipDisabled == 1 ){

188

# direct inactivation

189

$directLocked=1;

190

# just go through that test once

191

$skipDisabled=0;

192

next;

193

}

194

debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");

195

return 0;

196

}

197

198

$L_retCode=memberOf($L_currentrole, $L_entry);

199

if ( $L_retCode == 0 && $single == 1 ){

200

$throughRole=$L_currentrole;

201

$throughRole=~ tr/A-Z/a-z/;

202

if ( $skipManaged == 1 ){

203

if ( $L_currentrole eq $nsManagedDisabledRole){

204

# Try next nsroledn

205

$directLocked=1;

206

$skipManaged=0;

207

next;

208

}

209

}

210

debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");

211

return 0;

212

}

213

214

# Only for the first iteration

215

# the first iteration is with nsdisabledrole as base, other

216

# loops are deeper

217

$L_local=$skipDisabled;

218

$skipDisabled=0;

219

220

# the current nsroledn may be a complex role, just go through

221

# its won nsroledn

222

$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);

223

224

# Because of recursivity, to keep the initial value for the first level

225

$skipDisabled=$L_local;

226

227

if ( $L_retCode == 0 ){

228

$throughRole=$L_currentrole;

229

$throughRole=~ tr/A-Z/a-z/;

230

debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");

231

return 0;

232

}

233

}

234

}

235

236

close($L_filehandle);

237

238

debug("\t<--indirectLock: no more nsroledn to process\n");

239

return 1;

240

}

241

242

# --------------------------

243

# Check if nsroledn is part of the entry attributes

244

# argv[0] is a role DN (nsroledn attribute)

245

# argv[1] is the entry

246

# --------------------------

247

sub memberOf

248

{

249

my $L_nsroledn=$_[0];

250

$L_nsroledn=~ tr/A-Z/a-z/;

251

my $L_entry=$_[1];

252

my $L_search;

253

my $L_currentrole;

254

255

$info{base} = $L_entry;

256

$info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))";

257

$info{scope} = "base";

258

$info{attrs} = "nsrole";

259

$L_search = DSUtil::ldapsrch(%info);

260

261

debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");

262

263

open (LDAP2, "$L_search |");

264

while (<LDAP2>) {

265

s/\n //g;

266

if (/^nsrole: (.*)\n/) {

267

$L_currentrole = $1;

268

$L_currentrole=~ tr/A-Z/a-z/;

269

if ( $L_currentrole eq $L_nsroledn ){

270

# the parm is part of the $L_entry nsroledn

271

debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");

272

return 0;

273

}

274

}

275

}

276

close(LDAP2);

277

278

# the parm is not part of the $L_entry nsroledn

279

debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");

280

return 1;

281

}

282

283

284

# --------------------------

285

# Remove the rdn of a DN

286

# argv[0] is a DN

287

# --------------------------

288

sub removeRdn

289

{

290

$L_entry=$_[0];

291

292

@L_entryToTest=split /([,])/,$L_entry;

293

debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");

294

295

$newDN="";

296

$removeRDN=1;

297

foreach $part (@L_entryToTest){

298

$part=~ s/^ +//;

299

$part=~ tr/A-Z/a-z/;

300

if ( $removeRDN <= 2 ){

301

$removeRDN=$removeRDN+1;

302

} else {

303

$newDN="$newDN$part";

304

}

305

}

306

307

debug("removeRdn: new DN **$newDN**\n");

308

}

309

310

# --------------------------

311

# Check if L_current is below the scope of

312

# L_nestedRole

313

# argv[0] is a role

314

# argv[1] is the nested role

315

# --------------------------

316

sub checkScope

317

{

318

$L_current=$_[0];

319

$L_nestedRole=$_[1];

320

321

debug("checkScope: check if $L_current is below $L_nestedRole\n");

322

323

removeRdn($L_nestedRole);

324

$L_nestedRoleSuffix=$newDN;

325

debug("checkScope: nested role based: $L_nestedRoleSuffix\n");

326

327

$cont=1;

328

while ( ($cont == 1) && ($L_current ne "") ){

329

removeRdn($L_current);

330

$currentDn=$newDN;

331

debug("checkScope: current DN to check: $currentDn\n");

332

333

if ( $currentDn eq $L_nestedRoleSuffix ){

334

debug("checkScope: DN match!!!\n");

335

$cont = 0;

336

} else {

337

$L_current=$currentDn;

338

}

339

}

340

341

if ( $cont == 1 ){

342

debug("checkScope: $_[0] and $_[1] are not compatible\n");

343

return 0;

344

} else {

345

debug("checkScope: $_[0] and $_[1] are compatible\n");

346

return 1;

347

}

348

}

349

350

351

###############################

352

# MAIN ROUTINE

353

###############################

354

355

# Generated variable

356

357

# Determine which command we are running

358

if ( $0 =~ /ns-inactivate(.pl)?$/ ){

359

$cmd="ns-inactivate.pl";

360

$operation="inactivate";

361

$state="inactivated";

362

$modrole="add";

363

$already="already";

364

} elsif ( $0 =~ /ns-activate(.pl)?$/ ){

365

$cmd="ns-activate.pl";

366

$operation="activate";

367

$state="activated";

368

$modrole="delete";

369

$already="already";

370

} elsif ( $0 =~ /ns-accountstatus(.pl)?$/ ){

371

$cmd="ns-accountstatus.pl";

372

$operation="get status of";

373

$state="activated";

374

# no need for $modrole as no operation is performed

375

$already="";

376

377

} else {

378

out("$0: unknown command\n");

379

exit 100;

380

}

381

382

debug("Running ** $cmd ** $operation\n");

383

384

# Process the command line arguments

385

while( $arg = shift)

386

{

387

if($arg eq "-?"){

388

usage();

389

exit(0);

390

} elsif($arg eq "-D"){

391

$rootdn = shift @ARGV;

392

} elsif($arg eq "-w"){

393

$rootpw = shift @ARGV;

394

} elsif($arg eq "-j"){

395

$pwfile = shift @ARGV;

396

} elsif($arg eq "-p"){

397

$port = shift @ARGV;

398

} elsif($arg eq "-h"){

399

$host = shift @ARGV;

400

} elsif($arg eq "-I"){

401

$entry = shift @ARGV;

402

} elsif($arg eq "-Z"){

403

$servid = shift @ARGV;

404

} elsif ($arg eq "-P") {

405

$protocol = shift @ARGV;

406

} else {

407

print "$arg: Unknown command line argument.\n";

408

usage();

409

exit(1);

410

}

411

}

412

413

414

# Gather all our config settings

415

416

($servid, $confdir) = DSUtil::get_server_id($servid, "@initconfigdir@");

417

%info = DSUtil::get_info($confdir, $host, $port, $rootdn);

418

$info{rootdnpw} = DSUtil::get_password_from_file($rootpw, $pwfile);

419

$info{protocol} = $protocol;

420

$info{args} = "-c";

421

if($entry eq ""){

422

usage();

423

exit 1;

424

}

425

426

427

# Check the actual existence of the entry to inactivate/activate

428

# and at the same time, validate the various parm: port, host, rootdn, rootpw

429

430

$info{base} = $entry;

431

$info{filter} = "(objectclass=*)";

432

$info{scope} = "base";

433

$info{attrs} = "dn";

434

@exist=DSUtil::ldapsrch_ext(%info);

435

$retCode1=$?;

436

if ( $retCode1 != 0 ){

437

$retCode1=$?>>8;

438

exit $retCode1;

439

}

440

441

$info{filter} = "(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))";

442

@isRole = DSUtil::ldapsrch_ext(%info);

443

$nbLineRole=@isRole;

444

$retCode2=$?;

445

if ( $retCode2 != 0 ){

446

$retCode2=$?>>8;

447

exit $retCode2;

448

}

449

450

if ( $nbLineRole > 0 ){

451

debug("Groups of users\n");

452

$role=1;

453

} else {

454

debug("Single user\n");

455

$single=1;

456

}

457

458

459

# First of all, check the existence of the nsaccountlock attribute in the entry

460

461

$isLocked=0;

462

if ( $single == 1 ){

463

$info{filter} = "(objectclass=*)";

464

$info{attrs} = "nsaccountlock";

465

$searchAccountLock= DSUtil::ldapsrch(%info);

466

open (LDAP1, "$searchAccountLock |");

467

while (<LDAP1>) {

468

s/\n //g;

469

if (/^nsaccountlock: (.*)\n/) {

470

$L_currentvalue = $1;

471

$L_currentvalue=~ tr/A-Z/a-z/;

472

if ( $L_currentvalue eq "true"){

473

$isLocked=1;

474

} elsif ( $L_currentvalue eq "false" ){

475

$isLocked=0;

476

}

477

}

478

}

479

close(LDAP1);

480

}

481

debug("Is the entry already locked? ==> $isLocked\n");

482

483

484

# Get the suffix name of that entry

485

486

487

# Remove the space at the beginning (just in case...)

488

# -I "uid=jvedder , ou=People , o=sun.com"

489

@suffix=split /([,])/,$entry;

490

$result="";

491

foreach $part (@suffix){

492

$part=~s/^ +//;

493

$part=~ tr/A-Z/a-z/;

494

$result="$result$part";

495

}

496

@suffixN=$result;

497

498

debug("Entry to $operation: #@suffix#\n");

499

debug("Entry to $operation: #@suffixN#\n");

500

501

# Get the suffix

502

$cont=0;

503

while ($cont == 0){

504

# Look if suffix is the suffix of the entry

505

# ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""

506

507

debug("\tSuffix from the entry: #@suffixN#\n");

508

$info{base} = "cn=mapping tree, cn=config";

509

$info{filter} = "cn=\"@suffixN\"";

510

$info{scope} = "one";

511

$info{attrs} = "cn";

512

@mapping = DSUtil::ldapsrch_ext(%info);

513

$retCode=$?;

514

if ( $retCode != 0 ){

515

$retCode=$?>>8;

516

exit $retCode;

517

}

518

519

# If we get a result, remove the dn:

520

# dn: cn="o=sun.com",cn=mapping tree,cn=config

521

# cn: "o=sun.com"

522

523

shift @mapping;

524

525

foreach $res (@mapping){

526

# Break the string cn: "o=sun.com" into pieces

527

@cn= split(/ /,$res);

528

529

# And remove the cn: part

530

shift @cn;

531

532

# Now compare the suffix we extract from the mapping tree

533

# with the suffix derived from the entry

534

debug("\tSuffix from mapping tree: #@cn#\n");

535

if ( @cn eq @suffixN ) {

536

debug("Found matching suffix\n");

537

$cont=1;

538

}

539

}

540

541

if ( $cont == 0 ){

542

# Remove the current rdn to try another suffix

543

shift @suffix;

544

545

$result="";

546

foreach $part (@suffix){

547

$part=~ s/^ +//;

548

$part=~ tr/A-Z/a-z/;

549

$result="$result$part";

550

}

551

@suffixN=$result;

552

553

debug("\t\tNothing found => go up one level in rdn #@suffix#\n");

554

$len=@suffix;

555

if ( $len == 0 ){

556

debug("Can not find suffix. Problem\n");

557

$cont=2;

558

}

559

}

560

}

561

if ( $cont == 2){

562

out("Can not find suffix for entry $entry\n");

563

exit 100;

564

}

565

566

if ( $operation eq "inactivate" ){

567

568

# Now that we have the suffix and we know if we deal with a single entry or

569

# a role, just try to create the COS and roles associated.

570

571

$role1="dn: cn=nsManagedDisabledRole,@suffixN\n" .

572

"objectclass: LDAPsubentry\n" .

573

"objectclass: nsRoleDefinition\n" .

574

"objectclass: nsSimpleRoleDefinition\n" .

575

"objectclass: nsManagedRoleDefinition\n" .

576

"cn: nsManagedDisabledRole\n\n";

577

$role2="dn: cn=nsDisabledRole,@suffixN\n" .

578

"objectclass: top\n" .

579

"objectclass: LDAPsubentry\n" .

580

"objectclass: nsRoleDefinition\n" .

581

"objectclass: nsComplexRoleDefinition\n" .

582

"objectclass: nsNestedRoleDefinition\n" .

583

"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n" .

584

"cn: nsDisabledRole\n\n";

585

$cos1="dn: cn=nsAccountInactivationTmp,@suffixN\n" .

586

"objectclass: top\n" .

587

"objectclass: nsContainer\n\n";

588

$cos2="dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n" .

589

"objectclass: top\n" .

590

"objectclass: extensibleObject\n" .

591

"objectclass: costemplate\n" .

592

"objectclass: ldapsubentry\n" .

593

"cosPriority: 1\n" .

594

"nsAccountLock: true\n\n";

595

$cos3="dn: cn=nsAccountInactivation_cos,@suffixN\n" .

596

"objectclass: top\n" .

597

"objectclass: LDAPsubentry\n" .

598

"objectclass: cosSuperDefinition\n" .

599

"objectclass: cosClassicDefinition\n" .

600

"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n" .

601

"cosSpecifier: nsRole\n" .

602

"cosAttribute: nsAccountLock operational\n\n";

603

$all=$role1 . $role2 . $cos1 . $cos2 . $cos3;

604

605

$info{args} = "-c -a";

606

DSUtil::ldapmod($all[$i], %info);

607

if ( $? != 0 ){

608

$retCode=$?>>8;

609

if ( $retCode == 68 ){

610

debug("Entry already exists, ignore error\n");

611

} else {

612

# Probably a more serious problem.

613

# Exit with LDAP error

614

exit $retCode;

615

}

616

} else {

617

debug("Role/cos entries created\n");

618

}

619

}

620

621

$skipManaged=0;

622

$skipDisabled=0;

623

$directLocked=0;

624

625

$nsDisabledRole="cn=nsDisabledRole,@suffixN";

626

$nsDisabledRole=~ tr/A-Z/a-z/;

627

628

$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";

629

$nsManagedDisabledRole=~ tr/A-Z/a-z/;

630

631

if ( $operation eq "inactivate" ){

632

# Go through all the roles part of nsdisabledrole to check if the entry

633

# is a member of one of those roles

634

$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);

635

if ( $ret == 0 ){

636

if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole ){

637

# indirect lock

638

out("$entry already $state through $throughRole.\n");

639

} else {

640

# direct lock

641

out("$entry already $state.\n");

642

}

643

exit 100;

644

} elsif ( $isLocked == 1 ){

645

# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?

646

out("$entry already $state (probably directly).\n");

647

exit 103;

648

}

649

} elsif ( $operation eq "activate" || $operation eq "get status of" ){

650

$skipManaged=$single;

651

$skipDisabled=$role;

652

653

$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);

654

655

if ( $ret == 0 ){

656

# undirectly locked

657

if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole ){

658

if ( $operation eq "activate" ){

659

out("$entry inactivated through $throughRole. Can not activate it individually.\n");

660

exit 100;

661

} else {

662

out("$entry inactivated through $throughRole.\n");

663

exit 104;

664

}

665

}

666

debug("$entry locked individually\n");

667

668

if ( $operation ne "activate" ){

669

out("$entry inactivated.\n");

670

exit 103;

671

}

672

} elsif ( $directLocked == 0 ){

673

if ( $operation eq "activate" && $isLocked != 1 ){

674

out("$entry $already $state.\n");

675

exit 100;

676

} elsif ( $isLocked != 1 ) {

677

out("$entry $already $state.\n");

678

exit 102;

679

} else {

680

# not locked using our schema, but nsaccountlock is probably present

681

out("$entry inactivated (probably directly).\n");

682

exit 103;

683

}

684

} elsif ( $operation ne "activate" ){

685

out("$entry inactivated.\n");

686

exit 103;

687

}

688

# else Locked directly, juste unlock it!

689

debug("$entry locked individually\n");

690

}

691

692

693

# Inactivate/activate the entry

694

695

if ( $single == 1 ){

696

$record = "dn: $entry\n" . "changetype: modify\n" . "$modrole: nsRoleDN\n" . "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n";

697

} else {

698

$record = "dn: cn=nsDisabledRole,@suffixN\n" . "changetype: modify\n" . "$modrole: nsRoleDN\n" . "nsRoleDN: $entry\n";

699

}

700

701

$info{args} = "-c";

702

DSUtil::ldapmod($record, %info);

703

if( $? != 0 ){

704

debug("$modrole, $entry\n");

705

$retCode=$?>>8;

706

exit $retCode;

707

}

708

709

out("$entry $state.\n");

710

exit 0;

Older »