[Pkg-openldap-devel] r797 - in openldap/vendor/openldap-release: . build clients clients/tools contrib/ldapc++ contrib/ldapc++/src/ac contrib/slapd-modules/acl contrib/slapd-modules/comp_match contrib/slapd-modules/dsaschema contrib/slapd-modules/passwd contrib/slapd-modules/smbk5pwd contrib/slapd-tools contrib/slapi-plugins/addrdnvalues doc doc/guide doc/guide/admin doc/guide/release doc/man doc/man/man1 doc/man/man3 doc/man/man5 doc/man/man8 include include/ac libraries libraries/liblber libraries/libldap libraries/libldap_r libraries/liblunicode libraries/liblunicode/ucdata libraries/liblunicode/ure libraries/liblunicode/utbm libraries/liblutil libraries/librewrite servers servers/slapd servers/slapd/back-bdb servers/slapd/back-dnssrv servers/slapd/back-hdb servers/slapd/back-ldap servers/slapd/back-ldbm servers/slapd/back-ldif servers/slapd/back-meta servers/slapd/back-monitor servers/slapd/back-null servers/slapd/back-passwd servers/slapd/back-perl servers/slapd/back-relay servers/slapd/back-shell servers/slapd/back-sql servers/slapd/back-sql/rdbms_depend/timesten/dnreverse servers/slapd/overlays servers/slapd/schema servers/slapd/shell-backends servers/slapd/slapi servers/slurpd tests tests/data tests/progs tests/scripts

Russ Allbery rra at alioth.debian.org
Wed May 23 19:07:39 UTC 2007


Author: rra
Date: 2007-05-23 19:07:37 +0000 (Wed, 23 May 2007)
New Revision: 797

Modified:
   openldap/vendor/openldap-release/ANNOUNCEMENT
   openldap/vendor/openldap-release/CHANGES
   openldap/vendor/openldap-release/COPYRIGHT
   openldap/vendor/openldap-release/INSTALL
   openldap/vendor/openldap-release/Makefile.in
   openldap/vendor/openldap-release/README
   openldap/vendor/openldap-release/build/config.guess
   openldap/vendor/openldap-release/build/config.sub
   openldap/vendor/openldap-release/build/crupdate
   openldap/vendor/openldap-release/build/dir.mk
   openldap/vendor/openldap-release/build/info.mk
   openldap/vendor/openldap-release/build/lib-shared.mk
   openldap/vendor/openldap-release/build/lib-static.mk
   openldap/vendor/openldap-release/build/lib.mk
   openldap/vendor/openldap-release/build/ltmain.sh
   openldap/vendor/openldap-release/build/man.mk
   openldap/vendor/openldap-release/build/missing
   openldap/vendor/openldap-release/build/mkdep
   openldap/vendor/openldap-release/build/mkdep.aix
   openldap/vendor/openldap-release/build/mkrelease
   openldap/vendor/openldap-release/build/mkvers.bat
   openldap/vendor/openldap-release/build/mkversion
   openldap/vendor/openldap-release/build/mod.mk
   openldap/vendor/openldap-release/build/openldap.m4
   openldap/vendor/openldap-release/build/rules.mk
   openldap/vendor/openldap-release/build/srv.mk
   openldap/vendor/openldap-release/build/top.mk
   openldap/vendor/openldap-release/build/version.h
   openldap/vendor/openldap-release/build/version.sh
   openldap/vendor/openldap-release/build/version.var
   openldap/vendor/openldap-release/clients/Makefile.in
   openldap/vendor/openldap-release/clients/tools/Makefile.in
   openldap/vendor/openldap-release/clients/tools/common.c
   openldap/vendor/openldap-release/clients/tools/common.h
   openldap/vendor/openldap-release/clients/tools/ldapcompare.c
   openldap/vendor/openldap-release/clients/tools/ldapdelete.c
   openldap/vendor/openldap-release/clients/tools/ldapmodify.c
   openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c
   openldap/vendor/openldap-release/clients/tools/ldappasswd.c
   openldap/vendor/openldap-release/clients/tools/ldapsearch.c
   openldap/vendor/openldap-release/clients/tools/ldapwhoami.c
   openldap/vendor/openldap-release/configure
   openldap/vendor/openldap-release/configure.in
   openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT
   openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h
   openldap/vendor/openldap-release/contrib/slapd-modules/acl/README
   openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c
   openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README
   openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c
   openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
   openldap/vendor/openldap-release/contrib/slapd-tools/README
   openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README
   openldap/vendor/openldap-release/doc/Makefile.in
   openldap/vendor/openldap-release/doc/guide/COPYRIGHT
   openldap/vendor/openldap-release/doc/guide/admin/Makefile
   openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf
   openldap/vendor/openldap-release/doc/guide/admin/admin.sdf
   openldap/vendor/openldap-release/doc/guide/admin/config.sdf
   openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf
   openldap/vendor/openldap-release/doc/guide/admin/guide.html
   openldap/vendor/openldap-release/doc/guide/admin/guide.sdf
   openldap/vendor/openldap-release/doc/guide/admin/index.sdf
   openldap/vendor/openldap-release/doc/guide/admin/install.sdf
   openldap/vendor/openldap-release/doc/guide/admin/intro.sdf
   openldap/vendor/openldap-release/doc/guide/admin/master.sdf
   openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf
   openldap/vendor/openldap-release/doc/guide/admin/preface.sdf
   openldap/vendor/openldap-release/doc/guide/admin/proxycache.sdf
   openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf
   openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf
   openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
   openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf
   openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
   openldap/vendor/openldap-release/doc/guide/admin/schema.sdf
   openldap/vendor/openldap-release/doc/guide/admin/security.sdf
   openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
   openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
   openldap/vendor/openldap-release/doc/guide/admin/syncrepl.sdf
   openldap/vendor/openldap-release/doc/guide/admin/tls.sdf
   openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf
   openldap/vendor/openldap-release/doc/guide/plain.sdf
   openldap/vendor/openldap-release/doc/guide/preamble.sdf
   openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf
   openldap/vendor/openldap-release/doc/guide/release/copyright.sdf
   openldap/vendor/openldap-release/doc/guide/release/install.sdf
   openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf
   openldap/vendor/openldap-release/doc/guide/release/license.sdf
   openldap/vendor/openldap-release/doc/man/Makefile.in
   openldap/vendor/openldap-release/doc/man/man1/Makefile.in
   openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
   openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
   openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
   openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
   openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
   openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
   openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
   openldap/vendor/openldap-release/doc/man/man3/Makefile.in
   openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
   openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
   openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
   openldap/vendor/openldap-release/doc/man/man3/lber-types.3
   openldap/vendor/openldap-release/doc/man/man3/ldap.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
   openldap/vendor/openldap-release/doc/man/man5/Makefile.in
   openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
   openldap/vendor/openldap-release/doc/man/man5/ldif.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.replog.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-lastmod.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
   openldap/vendor/openldap-release/doc/man/man8/Makefile.in
   openldap/vendor/openldap-release/doc/man/man8/slapacl.8
   openldap/vendor/openldap-release/doc/man/man8/slapadd.8
   openldap/vendor/openldap-release/doc/man/man8/slapauth.8
   openldap/vendor/openldap-release/doc/man/man8/slapcat.8
   openldap/vendor/openldap-release/doc/man/man8/slapd.8
   openldap/vendor/openldap-release/doc/man/man8/slapdn.8
   openldap/vendor/openldap-release/doc/man/man8/slapindex.8
   openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
   openldap/vendor/openldap-release/doc/man/man8/slaptest.8
   openldap/vendor/openldap-release/doc/man/man8/slurpd.8
   openldap/vendor/openldap-release/include/Makefile.in
   openldap/vendor/openldap-release/include/ac/alloca.h
   openldap/vendor/openldap-release/include/ac/assert.h
   openldap/vendor/openldap-release/include/ac/bytes.h
   openldap/vendor/openldap-release/include/ac/crypt.h
   openldap/vendor/openldap-release/include/ac/ctype.h
   openldap/vendor/openldap-release/include/ac/dirent.h
   openldap/vendor/openldap-release/include/ac/errno.h
   openldap/vendor/openldap-release/include/ac/fdset.h
   openldap/vendor/openldap-release/include/ac/krb.h
   openldap/vendor/openldap-release/include/ac/krb5.h
   openldap/vendor/openldap-release/include/ac/localize.h
   openldap/vendor/openldap-release/include/ac/param.h
   openldap/vendor/openldap-release/include/ac/regex.h
   openldap/vendor/openldap-release/include/ac/setproctitle.h
   openldap/vendor/openldap-release/include/ac/signal.h
   openldap/vendor/openldap-release/include/ac/socket.h
   openldap/vendor/openldap-release/include/ac/stdarg.h
   openldap/vendor/openldap-release/include/ac/stdlib.h
   openldap/vendor/openldap-release/include/ac/string.h
   openldap/vendor/openldap-release/include/ac/sysexits.h
   openldap/vendor/openldap-release/include/ac/syslog.h
   openldap/vendor/openldap-release/include/ac/termios.h
   openldap/vendor/openldap-release/include/ac/time.h
   openldap/vendor/openldap-release/include/ac/unistd.h
   openldap/vendor/openldap-release/include/ac/wait.h
   openldap/vendor/openldap-release/include/avl.h
   openldap/vendor/openldap-release/include/getopt-compat.h
   openldap/vendor/openldap-release/include/lber.h
   openldap/vendor/openldap-release/include/lber_pvt.h
   openldap/vendor/openldap-release/include/lber_types.hin
   openldap/vendor/openldap-release/include/ldap.h
   openldap/vendor/openldap-release/include/ldap_cdefs.h
   openldap/vendor/openldap-release/include/ldap_config.hin
   openldap/vendor/openldap-release/include/ldap_defaults.h
   openldap/vendor/openldap-release/include/ldap_features.hin
   openldap/vendor/openldap-release/include/ldap_int_thread.h
   openldap/vendor/openldap-release/include/ldap_log.h
   openldap/vendor/openldap-release/include/ldap_pvt.h
   openldap/vendor/openldap-release/include/ldap_pvt_thread.h
   openldap/vendor/openldap-release/include/ldap_pvt_uc.h
   openldap/vendor/openldap-release/include/ldap_queue.h
   openldap/vendor/openldap-release/include/ldap_rq.h
   openldap/vendor/openldap-release/include/ldap_schema.h
   openldap/vendor/openldap-release/include/ldap_utf8.h
   openldap/vendor/openldap-release/include/ldif.h
   openldap/vendor/openldap-release/include/lutil.h
   openldap/vendor/openldap-release/include/lutil_hash.h
   openldap/vendor/openldap-release/include/lutil_ldap.h
   openldap/vendor/openldap-release/include/lutil_lockf.h
   openldap/vendor/openldap-release/include/lutil_md5.h
   openldap/vendor/openldap-release/include/lutil_sha1.h
   openldap/vendor/openldap-release/include/portable.hin
   openldap/vendor/openldap-release/include/rewrite.h
   openldap/vendor/openldap-release/include/slapi-plugin.h
   openldap/vendor/openldap-release/include/sysexits-compat.h
   openldap/vendor/openldap-release/libraries/Makefile.in
   openldap/vendor/openldap-release/libraries/liblber/Makefile.in
   openldap/vendor/openldap-release/libraries/liblber/assert.c
   openldap/vendor/openldap-release/libraries/liblber/bprint.c
   openldap/vendor/openldap-release/libraries/liblber/debug.c
   openldap/vendor/openldap-release/libraries/liblber/decode.c
   openldap/vendor/openldap-release/libraries/liblber/dtest.c
   openldap/vendor/openldap-release/libraries/liblber/encode.c
   openldap/vendor/openldap-release/libraries/liblber/etest.c
   openldap/vendor/openldap-release/libraries/liblber/idtest.c
   openldap/vendor/openldap-release/libraries/liblber/io.c
   openldap/vendor/openldap-release/libraries/liblber/lber-int.h
   openldap/vendor/openldap-release/libraries/liblber/memory.c
   openldap/vendor/openldap-release/libraries/liblber/nt_err.c
   openldap/vendor/openldap-release/libraries/liblber/options.c
   openldap/vendor/openldap-release/libraries/liblber/sockbuf.c
   openldap/vendor/openldap-release/libraries/liblber/stdio.c
   openldap/vendor/openldap-release/libraries/libldap/Makefile.in
   openldap/vendor/openldap-release/libraries/libldap/abandon.c
   openldap/vendor/openldap-release/libraries/libldap/add.c
   openldap/vendor/openldap-release/libraries/libldap/addentry.c
   openldap/vendor/openldap-release/libraries/libldap/apitest.c
   openldap/vendor/openldap-release/libraries/libldap/bind.c
   openldap/vendor/openldap-release/libraries/libldap/cancel.c
   openldap/vendor/openldap-release/libraries/libldap/charray.c
   openldap/vendor/openldap-release/libraries/libldap/compare.c
   openldap/vendor/openldap-release/libraries/libldap/controls.c
   openldap/vendor/openldap-release/libraries/libldap/cyrus.c
   openldap/vendor/openldap-release/libraries/libldap/delete.c
   openldap/vendor/openldap-release/libraries/libldap/dnssrv.c
   openldap/vendor/openldap-release/libraries/libldap/dntest.c
   openldap/vendor/openldap-release/libraries/libldap/error.c
   openldap/vendor/openldap-release/libraries/libldap/extended.c
   openldap/vendor/openldap-release/libraries/libldap/filter.c
   openldap/vendor/openldap-release/libraries/libldap/free.c
   openldap/vendor/openldap-release/libraries/libldap/ftest.c
   openldap/vendor/openldap-release/libraries/libldap/getattr.c
   openldap/vendor/openldap-release/libraries/libldap/getdn.c
   openldap/vendor/openldap-release/libraries/libldap/getentry.c
   openldap/vendor/openldap-release/libraries/libldap/getvalues.c
   openldap/vendor/openldap-release/libraries/libldap/groupings.c
   openldap/vendor/openldap-release/libraries/libldap/init.c
   openldap/vendor/openldap-release/libraries/libldap/kbind.c
   openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
   openldap/vendor/openldap-release/libraries/libldap/messages.c
   openldap/vendor/openldap-release/libraries/libldap/modify.c
   openldap/vendor/openldap-release/libraries/libldap/modrdn.c
   openldap/vendor/openldap-release/libraries/libldap/open.c
   openldap/vendor/openldap-release/libraries/libldap/options.c
   openldap/vendor/openldap-release/libraries/libldap/os-ip.c
   openldap/vendor/openldap-release/libraries/libldap/os-local.c
   openldap/vendor/openldap-release/libraries/libldap/passwd.c
   openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
   openldap/vendor/openldap-release/libraries/libldap/print.c
   openldap/vendor/openldap-release/libraries/libldap/references.c
   openldap/vendor/openldap-release/libraries/libldap/request.c
   openldap/vendor/openldap-release/libraries/libldap/result.c
   openldap/vendor/openldap-release/libraries/libldap/sasl.c
   openldap/vendor/openldap-release/libraries/libldap/sbind.c
   openldap/vendor/openldap-release/libraries/libldap/schema.c
   openldap/vendor/openldap-release/libraries/libldap/search.c
   openldap/vendor/openldap-release/libraries/libldap/sort.c
   openldap/vendor/openldap-release/libraries/libldap/sortctrl.c
   openldap/vendor/openldap-release/libraries/libldap/string.c
   openldap/vendor/openldap-release/libraries/libldap/t61.c
   openldap/vendor/openldap-release/libraries/libldap/test.c
   openldap/vendor/openldap-release/libraries/libldap/tls.c
   openldap/vendor/openldap-release/libraries/libldap/turn.c
   openldap/vendor/openldap-release/libraries/libldap/txn.c
   openldap/vendor/openldap-release/libraries/libldap/unbind.c
   openldap/vendor/openldap-release/libraries/libldap/url.c
   openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c
   openldap/vendor/openldap-release/libraries/libldap/utf-8.c
   openldap/vendor/openldap-release/libraries/libldap/util-int.c
   openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c
   openldap/vendor/openldap-release/libraries/libldap/whoami.c
   openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in
   openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h
   openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c
   openldap/vendor/openldap-release/libraries/libldap_r/rq.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c
   openldap/vendor/openldap-release/libraries/libldap_r/threads.c
   openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
   openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h
   openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c
   openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c
   openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h
   openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c
   openldap/vendor/openldap-release/libraries/liblutil/Makefile.in
   openldap/vendor/openldap-release/libraries/liblutil/avl.c
   openldap/vendor/openldap-release/libraries/liblutil/base64.c
   openldap/vendor/openldap-release/libraries/liblutil/csn.c
   openldap/vendor/openldap-release/libraries/liblutil/detach.c
   openldap/vendor/openldap-release/libraries/liblutil/entropy.c
   openldap/vendor/openldap-release/libraries/liblutil/fetch.c
   openldap/vendor/openldap-release/libraries/liblutil/getopt.c
   openldap/vendor/openldap-release/libraries/liblutil/getpass.c
   openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
   openldap/vendor/openldap-release/libraries/liblutil/hash.c
   openldap/vendor/openldap-release/libraries/liblutil/ldif.c
   openldap/vendor/openldap-release/libraries/liblutil/lockf.c
   openldap/vendor/openldap-release/libraries/liblutil/md5.c
   openldap/vendor/openldap-release/libraries/liblutil/memcmp.c
   openldap/vendor/openldap-release/libraries/liblutil/ntservice.c
   openldap/vendor/openldap-release/libraries/liblutil/passfile.c
   openldap/vendor/openldap-release/libraries/liblutil/passwd.c
   openldap/vendor/openldap-release/libraries/liblutil/ptest.c
   openldap/vendor/openldap-release/libraries/liblutil/sasl.c
   openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c
   openldap/vendor/openldap-release/libraries/liblutil/sha1.c
   openldap/vendor/openldap-release/libraries/liblutil/signal.c
   openldap/vendor/openldap-release/libraries/liblutil/sockpair.c
   openldap/vendor/openldap-release/libraries/liblutil/tavl.c
   openldap/vendor/openldap-release/libraries/liblutil/testavl.c
   openldap/vendor/openldap-release/libraries/liblutil/utils.c
   openldap/vendor/openldap-release/libraries/liblutil/uuid.c
   openldap/vendor/openldap-release/libraries/librewrite/Makefile.in
   openldap/vendor/openldap-release/libraries/librewrite/config.c
   openldap/vendor/openldap-release/libraries/librewrite/context.c
   openldap/vendor/openldap-release/libraries/librewrite/info.c
   openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c
   openldap/vendor/openldap-release/libraries/librewrite/map.c
   openldap/vendor/openldap-release/libraries/librewrite/params.c
   openldap/vendor/openldap-release/libraries/librewrite/parse.c
   openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
   openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h
   openldap/vendor/openldap-release/libraries/librewrite/rewrite.c
   openldap/vendor/openldap-release/libraries/librewrite/rule.c
   openldap/vendor/openldap-release/libraries/librewrite/session.c
   openldap/vendor/openldap-release/libraries/librewrite/subst.c
   openldap/vendor/openldap-release/libraries/librewrite/var.c
   openldap/vendor/openldap-release/libraries/librewrite/xmap.c
   openldap/vendor/openldap-release/servers/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/abandon.c
   openldap/vendor/openldap-release/servers/slapd/aci.c
   openldap/vendor/openldap-release/servers/slapd/acl.c
   openldap/vendor/openldap-release/servers/slapd/aclparse.c
   openldap/vendor/openldap-release/servers/slapd/ad.c
   openldap/vendor/openldap-release/servers/slapd/add.c
   openldap/vendor/openldap-release/servers/slapd/alock.c
   openldap/vendor/openldap-release/servers/slapd/alock.h
   openldap/vendor/openldap-release/servers/slapd/at.c
   openldap/vendor/openldap-release/servers/slapd/attr.c
   openldap/vendor/openldap-release/servers/slapd/ava.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c
   openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/add.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/alias.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/attr.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/back-ldbm.h
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/cache.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/close.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/config.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/dbcache.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/dn2id.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/entry.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/extended.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/filterindex.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2children.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2entry.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/idl.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/index.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/init.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/key.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.h
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/nextid.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/proto-back-ldbm.h
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/referral.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/search.c
   openldap/vendor/openldap-release/servers/slapd/back-ldbm/tools.c
   openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-meta/add.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h
   openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/init.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h
   openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h
   openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h
   openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c
   openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-null/null.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h
   openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h
   openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm
   openldap/vendor/openldap-release/servers/slapd/back-perl/add.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/config.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/search.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h
   openldap/vendor/openldap-release/servers/slapd/back-relay/config.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/init.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-shell/add.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/config.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/init.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/result.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/search.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf
   openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh
   openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-sql/add.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/api.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h
   openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
   openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
   openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
   openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/util.c
   openldap/vendor/openldap-release/servers/slapd/backend.c
   openldap/vendor/openldap-release/servers/slapd/backglue.c
   openldap/vendor/openldap-release/servers/slapd/backover.c
   openldap/vendor/openldap-release/servers/slapd/bconfig.c
   openldap/vendor/openldap-release/servers/slapd/bind.c
   openldap/vendor/openldap-release/servers/slapd/cancel.c
   openldap/vendor/openldap-release/servers/slapd/ch_malloc.c
   openldap/vendor/openldap-release/servers/slapd/compare.c
   openldap/vendor/openldap-release/servers/slapd/component.c
   openldap/vendor/openldap-release/servers/slapd/component.h
   openldap/vendor/openldap-release/servers/slapd/config.c
   openldap/vendor/openldap-release/servers/slapd/config.h
   openldap/vendor/openldap-release/servers/slapd/connection.c
   openldap/vendor/openldap-release/servers/slapd/controls.c
   openldap/vendor/openldap-release/servers/slapd/cr.c
   openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
   openldap/vendor/openldap-release/servers/slapd/daemon.c
   openldap/vendor/openldap-release/servers/slapd/delete.c
   openldap/vendor/openldap-release/servers/slapd/dn.c
   openldap/vendor/openldap-release/servers/slapd/entry.c
   openldap/vendor/openldap-release/servers/slapd/extended.c
   openldap/vendor/openldap-release/servers/slapd/filter.c
   openldap/vendor/openldap-release/servers/slapd/filterentry.c
   openldap/vendor/openldap-release/servers/slapd/frontend.c
   openldap/vendor/openldap-release/servers/slapd/globals.c
   openldap/vendor/openldap-release/servers/slapd/index.c
   openldap/vendor/openldap-release/servers/slapd/init.c
   openldap/vendor/openldap-release/servers/slapd/kerberos.c
   openldap/vendor/openldap-release/servers/slapd/ldapsync.c
   openldap/vendor/openldap-release/servers/slapd/limits.c
   openldap/vendor/openldap-release/servers/slapd/lock.c
   openldap/vendor/openldap-release/servers/slapd/main.c
   openldap/vendor/openldap-release/servers/slapd/matchedValues.c
   openldap/vendor/openldap-release/servers/slapd/modify.c
   openldap/vendor/openldap-release/servers/slapd/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/mods.c
   openldap/vendor/openldap-release/servers/slapd/module.c
   openldap/vendor/openldap-release/servers/slapd/mr.c
   openldap/vendor/openldap-release/servers/slapd/mra.c
   openldap/vendor/openldap-release/servers/slapd/nt_svc.c
   openldap/vendor/openldap-release/servers/slapd/oc.c
   openldap/vendor/openldap-release/servers/slapd/oidm.c
   openldap/vendor/openldap-release/servers/slapd/operation.c
   openldap/vendor/openldap-release/servers/slapd/operational.c
   openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
   openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c
   openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
   openldap/vendor/openldap-release/servers/slapd/overlays/denyop.c
   openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c
   openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
   openldap/vendor/openldap-release/servers/slapd/overlays/lastmod.c
   openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c
   openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
   openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
   openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
   openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
   openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c
   openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
   openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
   openldap/vendor/openldap-release/servers/slapd/overlays/unique.c
   openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c
   openldap/vendor/openldap-release/servers/slapd/passwd.c
   openldap/vendor/openldap-release/servers/slapd/phonetic.c
   openldap/vendor/openldap-release/servers/slapd/proto-slap.h
   openldap/vendor/openldap-release/servers/slapd/referral.c
   openldap/vendor/openldap-release/servers/slapd/repl.c
   openldap/vendor/openldap-release/servers/slapd/result.c
   openldap/vendor/openldap-release/servers/slapd/root_dse.c
   openldap/vendor/openldap-release/servers/slapd/sasl.c
   openldap/vendor/openldap-release/servers/slapd/saslauthz.c
   openldap/vendor/openldap-release/servers/slapd/schema.c
   openldap/vendor/openldap-release/servers/slapd/schema/README
   openldap/vendor/openldap-release/servers/slapd/schema/corba.schema
   openldap/vendor/openldap-release/servers/slapd/schema/core.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/core.schema
   openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema
   openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema
   openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema
   openldap/vendor/openldap-release/servers/slapd/schema/java.schema
   openldap/vendor/openldap-release/servers/slapd/schema/misc.schema
   openldap/vendor/openldap-release/servers/slapd/schema/nis.schema
   openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema
   openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema
   openldap/vendor/openldap-release/servers/slapd/schema_check.c
   openldap/vendor/openldap-release/servers/slapd/schema_init.c
   openldap/vendor/openldap-release/servers/slapd/schema_prep.c
   openldap/vendor/openldap-release/servers/slapd/schemaparse.c
   openldap/vendor/openldap-release/servers/slapd/search.c
   openldap/vendor/openldap-release/servers/slapd/sets.c
   openldap/vendor/openldap-release/servers/slapd/sets.h
   openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c
   openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c
   openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h
   openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
   openldap/vendor/openldap-release/servers/slapd/slap.h
   openldap/vendor/openldap-release/servers/slapd/slapacl.c
   openldap/vendor/openldap-release/servers/slapd/slapadd.c
   openldap/vendor/openldap-release/servers/slapd/slapauth.c
   openldap/vendor/openldap-release/servers/slapd/slapcat.c
   openldap/vendor/openldap-release/servers/slapd/slapcommon.c
   openldap/vendor/openldap-release/servers/slapd/slapcommon.h
   openldap/vendor/openldap-release/servers/slapd/slapdn.c
   openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c
   openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c
   openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
   openldap/vendor/openldap-release/servers/slapd/slapindex.c
   openldap/vendor/openldap-release/servers/slapd/slappasswd.c
   openldap/vendor/openldap-release/servers/slapd/slaptest.c
   openldap/vendor/openldap-release/servers/slapd/starttls.c
   openldap/vendor/openldap-release/servers/slapd/str2filter.c
   openldap/vendor/openldap-release/servers/slapd/syncrepl.c
   openldap/vendor/openldap-release/servers/slapd/syntax.c
   openldap/vendor/openldap-release/servers/slapd/unbind.c
   openldap/vendor/openldap-release/servers/slapd/user.c
   openldap/vendor/openldap-release/servers/slapd/value.c
   openldap/vendor/openldap-release/servers/slapd/zn_malloc.c
   openldap/vendor/openldap-release/servers/slurpd/Makefile.in
   openldap/vendor/openldap-release/servers/slurpd/admin.c
   openldap/vendor/openldap-release/servers/slurpd/args.c
   openldap/vendor/openldap-release/servers/slurpd/ch_malloc.c
   openldap/vendor/openldap-release/servers/slurpd/config.c
   openldap/vendor/openldap-release/servers/slurpd/fm.c
   openldap/vendor/openldap-release/servers/slurpd/globals.c
   openldap/vendor/openldap-release/servers/slurpd/globals.h
   openldap/vendor/openldap-release/servers/slurpd/ldap_op.c
   openldap/vendor/openldap-release/servers/slurpd/lock.c
   openldap/vendor/openldap-release/servers/slurpd/main.c
   openldap/vendor/openldap-release/servers/slurpd/nt_svc.c
   openldap/vendor/openldap-release/servers/slurpd/proto-slurp.h
   openldap/vendor/openldap-release/servers/slurpd/re.c
   openldap/vendor/openldap-release/servers/slurpd/reject.c
   openldap/vendor/openldap-release/servers/slurpd/replica.c
   openldap/vendor/openldap-release/servers/slurpd/replog.c
   openldap/vendor/openldap-release/servers/slurpd/ri.c
   openldap/vendor/openldap-release/servers/slurpd/rq.c
   openldap/vendor/openldap-release/servers/slurpd/sanity.c
   openldap/vendor/openldap-release/servers/slurpd/slurp.h
   openldap/vendor/openldap-release/servers/slurpd/st.c
   openldap/vendor/openldap-release/tests/Makefile.in
   openldap/vendor/openldap-release/tests/data/ditcontentrules.conf
   openldap/vendor/openldap-release/tests/data/retcode.conf
   openldap/vendor/openldap-release/tests/data/slapd-aci.conf
   openldap/vendor/openldap-release/tests/data/slapd-acl.conf
   openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-chain1.conf
   openldap/vendor/openldap-release/tests/data/slapd-chain2.conf
   openldap/vendor/openldap-release/tests/data/slapd-component.conf
   openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf
   openldap/vendor/openldap-release/tests/data/slapd-dn.conf
   openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf
   openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf
   openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue.conf
   openldap/vendor/openldap-release/tests/data/slapd-idassert.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf
   openldap/vendor/openldap-release/tests/data/slapd-limits.conf
   openldap/vendor/openldap-release/tests/data/slapd-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-meta.conf
   openldap/vendor/openldap-release/tests/data/slapd-meta2.conf
   openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-passwd.conf
   openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
   openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf
   openldap/vendor/openldap-release/tests/data/slapd-pw.conf
   openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf
   openldap/vendor/openldap-release/tests/data/slapd-referrals.conf
   openldap/vendor/openldap-release/tests/data/slapd-refint.conf
   openldap/vendor/openldap-release/tests/data/slapd-relay.conf
   openldap/vendor/openldap-release/tests/data/slapd-repl-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-repl-slave.conf
   openldap/vendor/openldap-release/tests/data/slapd-retcode.conf
   openldap/vendor/openldap-release/tests/data/slapd-schema.conf
   openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-sql.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf
   openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf
   openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf
   openldap/vendor/openldap-release/tests/data/slapd-unique.conf
   openldap/vendor/openldap-release/tests/data/slapd-valsort.conf
   openldap/vendor/openldap-release/tests/data/slapd-whoami.conf
   openldap/vendor/openldap-release/tests/data/slapd.conf
   openldap/vendor/openldap-release/tests/data/slapd2.conf
   openldap/vendor/openldap-release/tests/data/test-translucent-data.ldif
   openldap/vendor/openldap-release/tests/data/test-translucent-merged.ldif
   openldap/vendor/openldap-release/tests/data/test.schema
   openldap/vendor/openldap-release/tests/progs/Makefile.in
   openldap/vendor/openldap-release/tests/progs/slapd-addel.c
   openldap/vendor/openldap-release/tests/progs/slapd-bind.c
   openldap/vendor/openldap-release/tests/progs/slapd-modify.c
   openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
   openldap/vendor/openldap-release/tests/progs/slapd-read.c
   openldap/vendor/openldap-release/tests/progs/slapd-search.c
   openldap/vendor/openldap-release/tests/progs/slapd-tester.c
   openldap/vendor/openldap-release/tests/run.in
   openldap/vendor/openldap-release/tests/scripts/acfilter.sh
   openldap/vendor/openldap-release/tests/scripts/all
   openldap/vendor/openldap-release/tests/scripts/conf.sh
   openldap/vendor/openldap-release/tests/scripts/defines.sh
   openldap/vendor/openldap-release/tests/scripts/passwd-search
   openldap/vendor/openldap-release/tests/scripts/relay
   openldap/vendor/openldap-release/tests/scripts/sql-all
   openldap/vendor/openldap-release/tests/scripts/sql-test000-read
   openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency
   openldap/vendor/openldap-release/tests/scripts/sql-test900-write
   openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl
   openldap/vendor/openldap-release/tests/scripts/start-server
   openldap/vendor/openldap-release/tests/scripts/start-server-nolog
   openldap/vendor/openldap-release/tests/scripts/start-server2
   openldap/vendor/openldap-release/tests/scripts/start-server2-nolog
   openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh
   openldap/vendor/openldap-release/tests/scripts/test000-rootdse
   openldap/vendor/openldap-release/tests/scripts/test001-slapadd
   openldap/vendor/openldap-release/tests/scripts/test002-populate
   openldap/vendor/openldap-release/tests/scripts/test003-search
   openldap/vendor/openldap-release/tests/scripts/test004-modify
   openldap/vendor/openldap-release/tests/scripts/test005-modrdn
   openldap/vendor/openldap-release/tests/scripts/test006-acls
   openldap/vendor/openldap-release/tests/scripts/test007-replication
   openldap/vendor/openldap-release/tests/scripts/test008-concurrency
   openldap/vendor/openldap-release/tests/scripts/test009-referral
   openldap/vendor/openldap-release/tests/scripts/test010-passwd
   openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd
   openldap/vendor/openldap-release/tests/scripts/test012-glue-populate
   openldap/vendor/openldap-release/tests/scripts/test013-language
   openldap/vendor/openldap-release/tests/scripts/test014-whoami
   openldap/vendor/openldap-release/tests/scripts/test015-xsearch
   openldap/vendor/openldap-release/tests/scripts/test016-subref
   openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
   openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
   openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
   openldap/vendor/openldap-release/tests/scripts/test020-proxycache
   openldap/vendor/openldap-release/tests/scripts/test021-certificate
   openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
   openldap/vendor/openldap-release/tests/scripts/test023-refint
   openldap/vendor/openldap-release/tests/scripts/test024-unique
   openldap/vendor/openldap-release/tests/scripts/test025-limits
   openldap/vendor/openldap-release/tests/scripts/test026-dn
   openldap/vendor/openldap-release/tests/scripts/test027-emptydn
   openldap/vendor/openldap-release/tests/scripts/test028-idassert
   openldap/vendor/openldap-release/tests/scripts/test029-ldapglue
   openldap/vendor/openldap-release/tests/scripts/test030-relay
   openldap/vendor/openldap-release/tests/scripts/test031-component-filter
   openldap/vendor/openldap-release/tests/scripts/test032-chain
   openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
   openldap/vendor/openldap-release/tests/scripts/test034-translucent
   openldap/vendor/openldap-release/tests/scripts/test035-meta
   openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency
   openldap/vendor/openldap-release/tests/scripts/test037-manage
   openldap/vendor/openldap-release/tests/scripts/test038-retcode
   openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency
   openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename
   openldap/vendor/openldap-release/tests/scripts/test041-aci
   openldap/vendor/openldap-release/tests/scripts/test042-valsort
   openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
   openldap/vendor/openldap-release/tests/scripts/test044-dynlist
Log:
Load openldap-2.3.35 into openldap/vendor/openldap-release.


Modified: openldap/vendor/openldap-release/ANNOUNCEMENT
===================================================================
--- openldap/vendor/openldap-release/ANNOUNCEMENT	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/ANNOUNCEMENT	2007-05-23 19:07:37 UTC (rev 797)
@@ -99,6 +99,6 @@
 ---
 OpenLDAP is a registered trademark of the OpenLDAP Foundation.
 
-Copyright 1999-2006 The OpenLDAP Foundation, Redwood City,
+Copyright 1999-2007 The OpenLDAP Foundation, Redwood City,
 California, USA.  All Rights Reserved.  Permission to copy and
 distribute verbatim copies of this document is granted.

Modified: openldap/vendor/openldap-release/CHANGES
===================================================================
--- openldap/vendor/openldap-release/CHANGES	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/CHANGES	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,103 @@
 OpenLDAP 2.3 Change Log
 
-OpenLDAP 2.3.30 Release
+OpenLDAP 2.3.35 Release (2007/04/09)
+	Fixed ldapmodify to use correct memory free functions (ITS#4901)
+	Fixed slapd acl set minor typo (ITS#4874)
+	Fixed slapd entry consistency check in str2entry2 (ITS#4852)
+	Fixed slapd ldapi:// credential issue (ITS#4893)
+	Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854)
+	Fixed slapd syncrepl delta-sync modlist free (ITS#4904)
+	Added slapd syncrepl retry logging (ITS#4915)
+	Fixed slapd zero-length IA5string handling (ITS#4823)
+	Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851)
+	Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861)
+	Fixed slapd-ldap bind cleanup in case of unauthorized idassert
+	Fixed slapd-meta search cleanup
+	Fixed slapd-meta/slapo-rwm filter mapping
+	Fixed slapd-sql subtree shortcut (ITS#4856)
+	Fixed slapo-dynlist crasher (ITS#4891)
+	Fixed slapo-refint config message (ITS#4853)
+	Fixed libldap time_t signedness (ITS#4872)
+	Fixed libldap_r tpool reset (ITS#4855,#4899)
+	Documentation
+		Misc Doc fixes (ITS#4863, ITS#4877, ITS#4885, ITS#4897)
+
+OpenLDAP 2.3.34 Release (2007/02/16)
+	Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815)
+	Fixed ldapmodify printing error from ldap_result() (ITS#4812)
+	Fixed slapadd LDIF parsing (ITS#4817)
+	Fixed slapd libltdl link ordering (ITS#4830)
+	Fixed slapd syncrepl memory leaks (ITS#4805)
+	Fixed slapd dynacl/ACI compatibility with 2.1
+	Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810)
+	Fixed slapd-ldap more response handling bugs (ITS#4782)
+	Fixed slapd-ldap C-API code tests (ITS#4808)
+	Fixed slapd-monitor NULL printf (ITS#4811)
+	Fixed slapo-chain spurious additional info in response (ITS#4828)
+	Fixed slapo-syncprov presence list (ITS#4813)
+	Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
+	Added slapo-ppolicy cn=config support (ITS#4836)
+	Added slapo-auditlog cn=config support
+	Build environment
+		Added Berkeley DB 4.5 detection
+	Documentation
+		Note slapo-dynlist interaction with manageDSAit (ITS#4831)
+
+OpenLDAP 2.3.33 Release (2007/01/17)
+	Fixed slapd syncrepl error logging with delta-syncrepl
+	Fixed slapd-ldap/meta privileged conn caching (ITS#4547)
+	Fixed slapd-ldap chase-referrals switch (ITS#4557)
+	Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781)
+	Fixed slapd-ldap response handling bugs (ITS#4782)
+	Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
+	Fixed slapd-ldap/meta privileged connections handling (ITS#4791)
+	Fixed slapd-meta retrying (ITS#4594, 4762)
+	Fixed slapo-chain referral DN use (ITS#4776)
+	Fixed slapo-dynlist dangling pointer after entry free (ITS#4801)
+	Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
+	Documentation
+		Fixed reference to deprecated stmt in slapacl(8) (ITS#4803)
+
+OpenLDAP 2.3.32 Release (2007/01/04)
+	Fixed slapd add redundant duplicate value check (ITS#4600)
+	Fixed slapd ACL set memleak (ITS#4780)
+	Fixed slapd syncrepl shutdown hang (ITS#4790)
+	Fixed slapd connection_get race condition on Windows (ITS#4793)
+	Fixed slapd values return filter control leak (ITS#4794)
+	Fixed slapd-sql Debug typo (ITS#4784)
+	Fixed slapo-rwm parameter handling (ITS#3971, 4458, 4638, 4689)
+	Documentation
+		Fixed reference to deprecated option in admin guide (ITS#4795)
+
+OpenLDAP 2.3.31 Release (2006/12/17)
+	Fixed libldap unchased referral leak (ITS#4545)
+	Fixed libldap tls callback (ITS#4723)
+	Fixed liblutil ldif file: URL parsing
+	Fixed slapd syncrepl logging (ITS#4755)
+	Fixed slapd group ACL caching when proxyAuthz'ing (ITS#4760)
+	Fixed slapd "group" authz default member parsing (ITS#4761)
+	Fixed slapd uninitialized sd_actives array (ITS#4765)
+	Fixed slapd DN parsing in bindconf_parse (ITS#4766)
+	Fixed slapd conditional in macro argument (ITS#4769)
+	Fixed slapd send_search_reference should propagate errors
+	Fixed slapd memleak on failed bind (ITS#4771)
+	Fixed slapd schema preparation case to match RFCs (ITS#4764)
+	Fixed slapd kbind buffer overflow condition (ITS#4775)
+	Fixed slapd connections_shutdown assert
+	Fixed slapd glue parent/sub db overlay nesting (ITS#4615)
+	Fixed slapd-bdb/hdb/ldbm slap_add_opattrs error checking
+	Fixed slapd-bdb/hdb setting up tool threads when no indices specified
+	Fixed slapd-perl interpreter context (ITS#4751)
+	Fixed slapo-syncprov to complain if defined outside of a database
+	Fixed test021 modify ops to be syntactically correct
+	Fixed contrib smbk5pwd, check kadm5 init result
+	Documentation
+		Fixed typo in slapo-retcode(5) man page (ITS#4753)
+		Fixed syncrepl searchbase note (ITS#4540)
+		Added syncrepl starttls in the admin guide (ITS#4510)
+		Fixed reference to deprecated function in ldap_parse_result(3)
+
+OpenLDAP 2.3.30 Release (2006/11/14)
 	Fixed slapd authzTo/authzFrom URL matching (ITS#4744)
 	Fixed slapd syncrepl consumer memory leaks (ITS#4746)
 	Fixed slapd-hdb livelock (ITS#4738)
@@ -8,12 +105,12 @@
 	Documentation
 		Fixed ldapsearch(1) man page acknowledgement (ITS#4743)
 
-OpenLDAP 2.3.29 Release
+OpenLDAP 2.3.29 Release (2006/11/10)
 	Fixed liblber/libldap error codes on Windows (ITS#4606)
 	Fixed libldap string length assert (ITS#4740)
 	Fixed liblunicode case mapping (ITS#4724)
 	Fixed slapd ldapi:// socket permissions (ITS#4709)
-	Fixed slapd c_writewaiters assert (ITS#4696, #4736)
+	Fixed slapd c_writewaiters assert (ITS#4696,4736)
 	Fixed slapo-accesslog purge contextCSN bug (ITS#4704)
 	Fixed slapo-accesslog modify/replace bug (ITS#4728)
 	Fixed slapo-dynlist leaks (ITS#4664)
@@ -25,7 +122,7 @@
 		Fixed slapd-ldap/meta(5) rebind-as-user usage (ITS#4715)
 		Fixed slapd-ldap/meta(5) missing network-timeout (ITS#4718)
 
-OpenLDAP 2.3.28 Release
+OpenLDAP 2.3.28 Release (2006/10/21)
 	Fixed libldap ldap.conf max line length (ITS#4669)
 	Fixed libldap use keepalive for syncrepl (ITS#4708)
 	Fixed liblutil LDIF CR/LF parsing bug (ITS#4635)
@@ -50,10 +147,10 @@
 		Updated ldapsearch(1) options (ITS#4371,4526,4647)
 		Fixed slapd.access(5) non-optional dn= error (ITS#4522)
 
-OpenLDAP 2.3.27 Release
+OpenLDAP 2.3.27 Release (2006/08/19)
 	Fixed libldap dangling pointer issue (previous fix was broken) (ITS#4405)
 
-OpenLDAP 2.3.26 Release
+OpenLDAP 2.3.26 Release (2006/08/17)
 	Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610)
 	Fixed libldap dangling pointer issue (ITS#4405)
 	Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
@@ -65,7 +162,7 @@
 	Fixed slapo-ppolicy logging verbosity when using default policy
 	Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
 
-OpenLDAP 2.3.25 Release
+OpenLDAP 2.3.25 Release (2006/08/01)
 	Fixed liblber ber_bvreplace_x argument checks
 	Add libldap_r TLS concurrency workaround (ITS#4583)
 	Fixed liblutil password length bug
@@ -100,17 +197,17 @@
 		Added slapd.conf(5) access control note to authz-regexp discussion
 		Updated slapo-syncprov(5) to clarify SyncProv and syncrepl diffs
 
-OpenLDAP 2.3.24 Release
+OpenLDAP 2.3.24 Release (2006/05/30)
 	Fixed slapd syncrepl timestamp bug (delta-sync/cascade) (ITS#4567)
 	Fixed slapd-bdb/hdb non-root users adding suffix/root entries (ITS#4552)
 	Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
 	Fixed slapd-ldif assert bug (ITS#4568)
 	Fixed slapo-syncprov crash under glued database (ITS#4562)
 
-OpenLDAP 2.3.23 Release
+OpenLDAP 2.3.23 Release (2006/05/17)
 	Fixed slapd-ldap improper free bug (ITS#4550)
 
-OpenLDAP 2.3.22 Release
+OpenLDAP 2.3.22 Release (2006/05/15)
 	Fixed libldap referral input destroy issue (ITS#4533)
 	Fixed libldap ldap_sort_entries tail bug (ITS#4536)
 	Fixed libldap default connection concurrency issue (ITS#4541)
@@ -158,7 +255,7 @@
 		Fixed slapd(8) logging header reference (ITS#4509)
 		Clarified slapd.conf(5) "disable bind_anon" feature
 
-OpenLDAP 2.3.21 Release
+OpenLDAP 2.3.21 Release (2006/04/08)
 	Fixed libldap referral chasing issue (ITS#4448)
 	Fixed libldap invalid free bug (ITS#4436)
 	Fixed libldap mutex leak (ITS#4441)
@@ -188,7 +285,7 @@
 		Updated libtool to version 1.5.22 (ITS#4471)
 		Updated shtool to version 2.0.5
 
-OpenLDAP 2.3.20 Release
+OpenLDAP 2.3.20 Release (2006/02/18)
 	Added libldap SASL workaround for broken LDAP servers (ITS#4391)
 	Fixed libldap/slapd valuesReturnFilter OID (ITS#4404)
 	Fixed slapd config_generic_wrapper missing parameter bug (ITS#4376)
@@ -221,7 +318,7 @@
 	Documentation
 		Updated misc. manual pages
 
-OpenLDAP 2.3.19 Release
+OpenLDAP 2.3.19 Release (2006/01/25)
 	Fixed libldap disable DH key exchange with DH params (ITS#4354)
 	Fixed libldap_r thread pool destroy hang (ITS#4349,ITS#4368)
 	Fixed slapd slap_daemon destroy issue (ITS#4370)
@@ -235,7 +332,7 @@
 		Fixed slaptools when --disable-debug (ITS#4351)
 		Fixed slapd(8) solaris select(2) issue (ITS#4357)
 
-OpenLDAP 2.3.18 Release
+OpenLDAP 2.3.18 Release (2006/01/17)
 	Fixed slapd syncrepl variable used before set bug (ITS#4331)
 	Updated slapd-meta retry capabilities (ITS#4328)
 	Fixed slapd-bdb slapcat autorecover bug (ITS#4324)
@@ -255,7 +352,7 @@
 		Updated release documents
 		Updated misc. manual pages
 
-OpenLDAP 2.3.17 Release
+OpenLDAP 2.3.17 Release (2006/01/10)
 	Fixed slapd anonymous proxy authorization issue (ITS#4320)
 	Fixed slapd-ldap/meta session reuse issue (ITS#4315)
 	Fixed slapd-ldap idassert anon-to-anon issue (ITS#4321)
@@ -264,7 +361,7 @@
 		Updated Linux sched_yield(2) workaround to use nanosleep(2) (ITS#3950)
 		Fixed configure report-to URL
 
-OpenLDAP 2.3.16 Release
+OpenLDAP 2.3.16 Release (2006/01/08)
 	Fixed slapd-bdb reindexing via cn=config not noticed issue (ITS#4260)
 	Fixed slapd-monitor connection search crash (ITS#4300)
 	Flapd slapd cn=config bad ACL syntax modify crash (ITS#4306)
@@ -282,7 +379,7 @@
 		Added slapd-bdb(5) cachefree description
 		Updated misc. manual pages
 
-OpenLDAP 2.3.15 Release
+OpenLDAP 2.3.15 Release (2006/01/04)
 	Fixed slapd strerror logging bug (ITS#4292)
 	Fixed slapd ACL add/delete fraction issue (ITS#4295)
 	Fixed slapd ACL users selfwrite issue (ITS#4299)
@@ -291,7 +388,7 @@
 	Build environment
 		Disable test030-relay when threads are unavailable (ITS#4297)
 
-OpenLDAP 2.3.14 Release
+OpenLDAP 2.3.14 Release (2005/12/23)
 	Fixed slapd assertion control restrictions
 	Fixed slapd sc_prev update after free bug (ITS#4237)
 	Fixed slapd pid file creation (ITS#4241,4251)
@@ -330,7 +427,7 @@
 		Updated slapo-pcache(5) (ITS#4232)
 		Updated slapindex(8) (ITS#4242)
 
-OpenLDAP 2.3.13 Release
+OpenLDAP 2.3.13 Release (2005/11/30)
 	Fixed libldap/liblutil MSG_ACCRIGHTSLEN bug (ITS#4206)
 	Fixed libldap ldap_bv2escaped_filter_value issue (ITS#4212)
 	Fixed liblutil URL value-specs issue (ITS#4221)
@@ -364,7 +461,7 @@
 	Documentation
 		Updated ldif(5) to include change record description
 
-OpenLDAP 2.3.12 Release
+OpenLDAP 2.3.12 Release (2005/11/17)
 	Fixed libldap ldapi:// authdn construction
 	Added libldap ldap_bv2escaped_filter_value (ITS#2535)
 	Added libldap/slapd TLS DSA certificate support (ITS#4017)
@@ -419,7 +516,7 @@
 		slapd.conf(5) defaultSearchBase issue (ITS#4162)
 		slap tool man pages wll typo (ITS#4169)
 
-OpenLDAP 2.3.11 Release
+OpenLDAP 2.3.11 Release (2005/10/12)
 	Fixed libldap reentrancy issue (ITS#3988)
 	Fixed libldap ndelay without timeout
 	Fixed slapd ldaps:// not configured issue (ITS#4082,4083)
@@ -429,7 +526,7 @@
 	Updated slapd syncrepl to use ldap_unbind_ext
 	Removed lint
 
-OpenLDAP 2.3.10 Release
+OpenLDAP 2.3.10 Release (2005/10/10)
 	Fixed libldap chasing of chased referrals (ITS#2942)
 	Added libldap LDAP_NOT_SUPPORTED for TLS (ITS#4072)
 	Added libldap LDAP_MSG_RECEIVED support
@@ -438,7 +535,7 @@
 	Fixed slapd-meta bus error (ITS#4073)
 	Fixed slapd-meta/ldap/rwm empty naming context issue (ITS#4071)
 
-OpenLDAP 2.3.9 Release
+OpenLDAP 2.3.9 Release (2005/10/07)
 	Fixed slapd req_pwdexop bug
 	Fixed slapo-syncprov queued UUIDs bug (ITS#4068)
 	Fixed slapo-syncprov memory leak
@@ -448,7 +545,7 @@
 		Updated testsuite to test only primary backends by default
 		Disable test041-aci
 
-OpenLDAP 2.3.8 Release
+OpenLDAP 2.3.8 Release (2005/10/05)
 	Fixed slapd undef HAVE_EPOLL issue
 	Fixed slapd connection-get wake bug (ITS#3999)
 	Fixed slapd uninitialized var bug (ITS#3854)
@@ -509,7 +606,7 @@
 		Fixed test suite tool error handling
 		Updated contrib/ldapc++ build environment
 
-OpenLDAP 2.3.7 Release
+OpenLDAP 2.3.7 Release (2005/08/31)
 	Updated slapd ManageDIT support
 	Updated slapd ACI syntax checking (ITS#3877)
 	Fixed slapd STATS2 referral logging
@@ -548,7 +645,7 @@
 		Fixed tests veryclean-local testdata cleanup
 		Add subtree rename test (hdb only)
 
-OpenLDAP 2.3.6 Release
+OpenLDAP 2.3.6 Release (2005/08/19)
 	Fixed slapd dnRelativeMatch return (ITS#3931)
 	Fixed slapd send_search_entry issue (ITS#3951)
 	Fixed slapd-bdb/hdb release entry in paged response
@@ -578,7 +675,7 @@
 		Fixed test015-xsearch regression (ITS#3506)
 		Added test040-subtree-rename
 
-OpenLDAP 2.3.5 Release
+OpenLDAP 2.3.5 Release (2005/08/14)
 	Fixed slapd integerBitOr/AndMatch logic (ITS#3782)
 	Fixed slapd substrings filter length checks (ITS#3790)
 	Fixed slapd thread pool initialization (ITS#3793)
@@ -664,6 +761,6 @@
 		Updated slapd-monitor(5) (ITS#3822,3836)
 		Updated slapd-bdb(5) (ITS#3823)
 
-OpenLDAP 2.3.4 Release
+OpenLDAP 2.3.4 Release (2005/06/10)
 	Initial release for "general use".
 

Modified: openldap/vendor/openldap-release/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/COPYRIGHT	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/COPYRIGHT	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/INSTALL
===================================================================
--- openldap/vendor/openldap-release/INSTALL	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/INSTALL	2007-05-23 19:07:37 UTC (rev 797)
@@ -107,7 +107,7 @@
 
 This work is part of OpenLDAP Software <http://www.openldap.org/>.
 
-Copyright 1998-2006 The OpenLDAP Foundation.
+Copyright 1998-2007 The OpenLDAP Foundation.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Master Makefile for OpenLDAP
-# $OpenLDAP: pkg/ldap/Makefile.in,v 1.27.2.3 2006/01/03 22:15:45 kurt Exp $
+# $OpenLDAP: pkg/ldap/Makefile.in,v 1.27.2.4 2007/01/02 21:43:21 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/README
===================================================================
--- openldap/vendor/openldap-release/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -76,11 +76,11 @@
     <http://www.openldap.org/its/> to be considered.
 
 ---
-$OpenLDAP: pkg/ldap/README,v 1.38.2.6 2006/01/17 19:26:10 kurt Exp $
+$OpenLDAP: pkg/ldap/README,v 1.38.2.7 2007/01/02 21:43:21 kurt Exp $
 
 This work is part of OpenLDAP Software <http://www.openldap.org/>.
 
-Copyright 1998-2006 The OpenLDAP Foundation.
+Copyright 1998-2007 The OpenLDAP Foundation.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/config.guess
===================================================================
--- openldap/vendor/openldap-release/build/config.guess	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/config.guess	2007-05-23 19:07:37 UTC (rev 797)
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
 timestamp='2003-07-02-OpenLDAP'
-# $OpenLDAP: pkg/ldap/build/config.guess,v 1.14.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/config.guess,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -29,7 +29,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/config.sub
===================================================================
--- openldap/vendor/openldap-release/build/config.sub	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/config.sub	2007-05-23 19:07:37 UTC (rev 797)
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
 timestamp='2003-07-04-OpenLDAP'
-# $OpenLDAP: pkg/ldap/build/config.sub,v 1.14.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/config.sub,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -34,7 +34,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/crupdate
===================================================================
--- openldap/vendor/openldap-release/build/crupdate	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/crupdate	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/crupdate,v 1.5.2.2 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/crupdate,v 1.5.2.3 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -18,5 +18,5 @@
 
 set -e 		# exit immediately if any errors occur
 
-find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2006 The OpenLDAP Foundation/g;' {} \;
+find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2007 The OpenLDAP Foundation/g;' {} \;
 

Modified: openldap/vendor/openldap-release/build/dir.mk
===================================================================
--- openldap/vendor/openldap-release/build/dir.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/dir.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/dir.mk,v 1.14.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/dir.mk,v 1.14.2.4 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/info.mk
===================================================================
--- openldap/vendor/openldap-release/build/info.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/info.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/info.mk,v 1.9.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/info.mk,v 1.9.2.4 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib-shared.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib-shared.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/lib-shared.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib-shared.mk,v 1.19.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib-shared.mk,v 1.19.2.4 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib-static.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib-static.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/lib-static.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib-static.mk,v 1.10.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib-static.mk,v 1.10.2.4 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/lib.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.20.2.3 2006/01/03 22:16:00 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.20.2.4 2007/01/02 21:43:40 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/ltmain.sh
===================================================================
--- openldap/vendor/openldap-release/build/ltmain.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/ltmain.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -28,7 +28,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP inself.
 
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/man.mk
===================================================================
--- openldap/vendor/openldap-release/build/man.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/man.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/man.mk,v 1.27.2.5 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/man.mk,v 1.27.2.8 2007/01/02 23:42:47 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 			-e 's%LIBDIR%$(libdir)%' \
 			-e 's%LIBEXECDIR%$(libexecdir)%' \
 			-e 's%RELEASEDATE%$(RELEASEDATE)%' \
-			$(srcdir)/$$page > $$page.$(TMP_SUFFIX); \
+				$(srcdir)/$$page > $$page.$(TMP_SUFFIX); \
 	done
 
 install-common:

Modified: openldap/vendor/openldap-release/build/missing
===================================================================
--- openldap/vendor/openldap-release/build/missing	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/missing	2007-05-23 19:07:37 UTC (rev 797)
@@ -29,7 +29,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkdep
===================================================================
--- openldap/vendor/openldap-release/build/mkdep	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mkdep	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh -
-# $OpenLDAP: pkg/ldap/build/mkdep,v 1.29.2.3 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkdep,v 1.29.2.4 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkdep.aix
===================================================================
--- openldap/vendor/openldap-release/build/mkdep.aix	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mkdep.aix	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkrelease
===================================================================
--- openldap/vendor/openldap-release/build/mkrelease	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mkrelease	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/mkrelease,v 1.18.2.4 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkrelease,v 1.18.2.5 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkvers.bat
===================================================================
--- openldap/vendor/openldap-release/build/mkvers.bat	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mkvers.bat	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-:: $OpenLDAP: pkg/ldap/build/mkvers.bat,v 1.5.2.2 2006/01/03 22:16:01 kurt Exp $
+:: $OpenLDAP: pkg/ldap/build/mkvers.bat,v 1.5.2.3 2007/01/02 21:43:41 kurt Exp $
 :: This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ::
-:: Copyright 1998-2006 The OpenLDAP Foundation.
+:: Copyright 1998-2007 The OpenLDAP Foundation.
 :: All rights reserved.
 ::
 :: Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkversion
===================================================================
--- openldap/vendor/openldap-release/build/mkversion	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mkversion	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,9 +1,9 @@
 #! /bin/sh
 # Create a version.c file
-# $OpenLDAP: pkg/ldap/build/mkversion,v 1.12.2.2 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkversion,v 1.12.2.3 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -55,7 +55,7 @@
 cat << __EOF__
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -68,7 +68,7 @@
  */
 
 static const char copyright[] =
-"Copyright 1998-2006 The OpenLDAP Foundation.  All rights reserved.\n"
+"Copyright 1998-2007 The OpenLDAP Foundation.  All rights reserved.\n"
 "COPYING RESTRICTIONS APPLY\n";
 
 $static $const char $SYMBOL[] =

Modified: openldap/vendor/openldap-release/build/mod.mk
===================================================================
--- openldap/vendor/openldap-release/build/mod.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/mod.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/mod.mk,v 1.22.2.3 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mod.mk,v 1.22.2.4 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/openldap.m4
===================================================================
--- openldap/vendor/openldap-release/build/openldap.m4	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/openldap.m4	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 dnl OpenLDAP Autoconf Macros
-dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.10 2006/01/03 22:16:01 kurt Exp $
+dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.12 2007/02/13 04:35:39 kurt Exp $
 dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
 dnl
-dnl Copyright 1998-2006 The OpenLDAP Foundation.
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
 dnl All rights reserved.
 dnl
 dnl Redistribution and use in source and binary forms, with or without
@@ -486,7 +486,12 @@
 ])
 
 if test $ol_cv_bdb_major = 4 ; then
-	if test $ol_cv_bdb_minor = 4 ; then
+	if test $ol_cv_bdb_minor = 5 ; then
+		OL_BERKELEY_DB_TRY(ol_cv_db_db45,[-ldb45])
+		OL_BERKELEY_DB_TRY(ol_cv_db_db_45,[-ldb-45])
+		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_5,[-ldb-4.5])
+		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_5,[-ldb-4-5])
+	elif test $ol_cv_bdb_minor = 4 ; then
 		OL_BERKELEY_DB_TRY(ol_cv_db_db44,[-ldb44])
 		OL_BERKELEY_DB_TRY(ol_cv_db_db_44,[-ldb-44])
 		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_4,[-ldb-4.4])

Modified: openldap/vendor/openldap-release/build/rules.mk
===================================================================
--- openldap/vendor/openldap-release/build/rules.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/rules.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/rules.mk,v 1.12.2.3 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/rules.mk,v 1.12.2.4 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/srv.mk
===================================================================
--- openldap/vendor/openldap-release/build/srv.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/srv.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/srv.mk,v 1.15.2.3 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/srv.mk,v 1.15.2.4 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/top.mk
===================================================================
--- openldap/vendor/openldap-release/build/top.mk	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/top.mk	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/top.mk,v 1.93.2.8 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/top.mk,v 1.93.2.11 2007/01/02 23:42:47 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/version.h
===================================================================
--- openldap/vendor/openldap-release/build/version.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/version.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -13,6 +13,6 @@
  */
 
 static const char copyright[] =
-"Copyright 1998-2006 The OpenLDAP Foundation.  All rights reserved.\n"
+"Copyright 1998-2007 The OpenLDAP Foundation.  All rights reserved.\n"
 "COPYING RESTRICTIONS APPLY.\n";
 

Modified: openldap/vendor/openldap-release/build/version.sh
===================================================================
--- openldap/vendor/openldap-release/build/version.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/version.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.sh,v 1.14.2.2 2006/01/03 22:16:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.sh,v 1.14.2.3 2007/01/02 21:43:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/version.var
===================================================================
--- openldap/vendor/openldap-release/build/version.var	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/build/version.var	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.var,v 1.7.2.73 2006/11/14 02:39:13 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.7.2.85 2007/04/09 17:22:49 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -15,9 +15,9 @@
 ol_package=OpenLDAP
 ol_major=2
 ol_minor=3
-ol_patch=30
-ol_api_inc=20330
+ol_patch=35
+ol_api_inc=20335
 ol_api_current=2
-ol_api_revision=18
+ol_api_revision=23
 ol_api_age=2
-ol_release_date="2006/11/14"
+ol_release_date="2007/04/09"

Modified: openldap/vendor/openldap-release/clients/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/clients/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 # Clients Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/clients/Makefile.in,v 1.14.2.3 2006/01/03 22:16:01 kurt Exp $
-## Copyright 1998-2006 The OpenLDAP Foundation.
+# $OpenLDAP: pkg/ldap/clients/Makefile.in,v 1.14.2.4 2007/01/02 21:43:41 kurt Exp $
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/clients/tools/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/clients/tools/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 # Makefile for LDAP tools
-# $OpenLDAP: pkg/ldap/clients/tools/Makefile.in,v 1.39.2.4 2006/01/03 22:16:01 kurt Exp $
-## Copyright 1998-2006 The OpenLDAP Foundation.
+# $OpenLDAP: pkg/ldap/clients/tools/Makefile.in,v 1.39.2.5 2007/01/02 21:43:41 kurt Exp $
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/clients/tools/common.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/common.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* common.c - common routines for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.39.2.9 2006/01/03 22:16:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.39.2.11 2007/04/01 22:44:09 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
@@ -163,7 +163,7 @@
 N_("  -n         show what would be done but don't actually do it\n"),
 N_("  -O props   SASL security properties\n"),
 N_("  -p port    port on LDAP server\n"),
-N_("  -P version procotol version (default: 3)\n"),
+N_("  -P version protocol version (default: 3)\n"),
 N_("  -Q         use SASL Quiet mode\n"),
 N_("  -R realm   SASL realm\n"),
 N_("  -U authcid SASL authentication identity\n"),

Modified: openldap/vendor/openldap-release/clients/tools/common.h
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/common.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* common.h - common definitions for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.h,v 1.11.2.6 2006/01/03 22:16:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.h,v 1.11.2.7 2007/01/02 21:43:41 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/clients/tools/ldapcompare.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapcompare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapcompare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapcompare.c -- LDAP compare tool */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapcompare.c,v 1.34.2.4 2006/01/03 22:16:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapcompare.c,v 1.34.2.5 2007/01/02 21:43:41 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/clients/tools/ldapdelete.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapdelete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapdelete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapdelete.c - simple program to delete an entry using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapdelete.c,v 1.109.2.5 2006/05/13 03:55:00 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapdelete.c,v 1.109.2.6 2007/01/02 21:43:41 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/clients/tools/ldapmodify.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapmodify.c - generic program to modify or add entries using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.158.2.9 2006/04/04 03:23:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.158.2.12 2007/04/01 22:44:23 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.
@@ -389,8 +389,8 @@
 			fprintf( rejfp, "\n%s\n", rejbuf );
 		}
 
-		if (rejfp) free( rejbuf );
-		free( rbuf );
+		if (rejfp) ber_memfree( rejbuf );
+		ber_memfree( rbuf );
 	}
 
 #ifdef LDAP_GROUP_TRANSACTION
@@ -519,7 +519,7 @@
 				printf(_("%s: skipping change record for entry: %s\n"),
 					prog, dn);
 				printf(_("\t(LDAP host/port does not match replica: lines)\n"));
-				free( dn );
+				ber_memfree( dn );
 				ber_memfree( type );
 				ber_memfree( val.bv_val );
 				return( 0 );
@@ -727,13 +727,13 @@
 	}
 
 	if ( dn != NULL ) {
-		free( dn );
+		ber_memfree( dn );
 	}
 	if ( newrdn != NULL ) {
-		free( newrdn );
+		ber_memfree( newrdn );
 	}
 	if ( newsup != NULL ) {
-		free( newsup );
+		ber_memfree( newsup );
 	}
 	if ( pmods != NULL ) {
 		ldap_mods_free( pmods, 1 );
@@ -1155,6 +1155,7 @@
 
 		if ( rc == -1 ) {
 			ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
+			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
 			return rc;
 		}
 

Modified: openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodrdn.c,v 1.106.2.5 2006/01/03 22:16:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodrdn.c,v 1.106.2.6 2007/01/02 21:43:41 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.

Modified: openldap/vendor/openldap-release/clients/tools/ldappasswd.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldappasswd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldappasswd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldappasswd -- a tool for change LDAP passwords */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.127.2.5 2006/02/16 20:06:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.127.2.6 2007/01/02 21:43:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.

Modified: openldap/vendor/openldap-release/clients/tools/ldapsearch.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapsearch.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapsearch.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapsearch -- a tool for searching LDAP directories */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.207.2.10 2006/08/25 02:51:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.207.2.11 2007/01/02 21:43:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.

Modified: openldap/vendor/openldap-release/clients/tools/ldapwhoami.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapwhoami.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/clients/tools/ldapwhoami.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapwhoami.c -- a tool for asking the directory "Who Am I?" */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapwhoami.c,v 1.33.2.4 2006/04/04 03:23:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapwhoami.c,v 1.33.2.5 2007/01/02 21:43:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.

Modified: openldap/vendor/openldap-release/configure
===================================================================
--- openldap/vendor/openldap-release/configure	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/configure	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,9 +1,9 @@
 #! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.560.2.31 2006/11/07 20:57:24 ando Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #
-# Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+# Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
 # Restrictions apply, see COPYRIGHT and LICENSE files.
 #
 # Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1209,7 +1209,7 @@
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
-Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.
 _ACEOF
   exit 0
@@ -28477,8 +28477,445 @@
 echo "${ECHO_T}$ol_cv_bdb_minor" >&6
 
 if test $ol_cv_bdb_major = 4 ; then
-	if test $ol_cv_bdb_minor = 4 ; then
+	if test $ol_cv_bdb_minor = 5 ; then
 		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
+if test "${ol_cv_db_db45+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb45
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db45=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
+echo "${ECHO_T}$ol_cv_db_db45" >&6
+
+	if test $ol_cv_db_db45 = yes ; then
+		ol_cv_lib_db=-ldb45
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
+if test "${ol_cv_db_db_45+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-45
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_45=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
+echo "${ECHO_T}$ol_cv_db_db_45" >&6
+
+	if test $ol_cv_db_db_45 = yes ; then
+		ol_cv_lib_db=-ldb-45
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-4.5
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_4_dot_5=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
+
+	if test $ol_cv_db_db_4_dot_5 = yes ; then
+		ol_cv_lib_db=-ldb-4.5
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_5+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-4-5
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_4_5=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+
+	if test $ol_cv_db_db_4_5 = yes ; then
+		ol_cv_lib_db=-ldb-4-5
+	fi
+fi
+
+	elif test $ol_cv_bdb_minor = 4 ; then
+		if test $ol_cv_lib_db = no ; then
 	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
 echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
 if test "${ol_cv_db_db44+set}" = set; then
@@ -31854,8 +32291,445 @@
 echo "${ECHO_T}$ol_cv_bdb_minor" >&6
 
 if test $ol_cv_bdb_major = 4 ; then
-	if test $ol_cv_bdb_minor = 4 ; then
+	if test $ol_cv_bdb_minor = 5 ; then
 		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
+if test "${ol_cv_db_db45+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb45
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db45=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
+echo "${ECHO_T}$ol_cv_db_db45" >&6
+
+	if test $ol_cv_db_db45 = yes ; then
+		ol_cv_lib_db=-ldb45
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
+if test "${ol_cv_db_db_45+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-45
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_45=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
+echo "${ECHO_T}$ol_cv_db_db_45" >&6
+
+	if test $ol_cv_db_db_45 = yes ; then
+		ol_cv_lib_db=-ldb-45
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-4.5
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_4_dot_5=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
+
+	if test $ol_cv_db_db_4_dot_5 = yes ; then
+		ol_cv_lib_db=-ldb-4.5
+	fi
+fi
+
+		if test $ol_cv_lib_db = no ; then
+	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_5+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+	ol_DB_LIB=-ldb-4-5
+	ol_LIBS=$LIBS
+	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+	{
+		char *version;
+		int major, minor, patch;
+
+		version = db_version( &major, &minor, &patch );
+
+		if( major != DB_VERSION_MAJOR ||
+			minor < DB_VERSION_MINOR )
+		{
+			printf("Berkeley DB version mismatch\n"
+				"\theader: %s\n\tlibrary: %s\n",
+				DB_VERSION_STRING, version);
+			return 1;
+		}
+	}
+#endif
+
+#if DB_VERSION_MAJOR > 2
+	db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+	db_appexit( NULL );
+#else
+	(void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ol_cv_db_db_4_5=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+
+	LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+
+	if test $ol_cv_db_db_4_5 = yes ; then
+		ol_cv_lib_db=-ldb-4-5
+	fi
+fi
+
+	elif test $ol_cv_bdb_minor = 4 ; then
+		if test $ol_cv_lib_db = no ; then
 	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
 echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
 if test "${ol_cv_db_db44+set}" = set; then
@@ -46537,7 +47411,7 @@
 cat > $BACKENDSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -46588,7 +47462,7 @@
 cat > $OVERLAYSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/configure.in
===================================================================
--- openldap/vendor/openldap-release/configure.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/configure.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-dnl $OpenLDAP: pkg/ldap/configure.in,v 1.560.2.31 2006/11/07 20:57:24 ando Exp $
+dnl $OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp $
 dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
 dnl
-dnl Copyright 1998-2006 The OpenLDAP Foundation.
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
 dnl All rights reserved.
 dnl
 dnl Redistribution and use in source and binary forms, with or without
@@ -23,9 +23,9 @@
 define([AC_LIBTOOL_LANG_GCJ_CONFIG], [:])dnl
 dnl ================================================================
 dnl Configure.in for OpenLDAP
-AC_COPYRIGHT([[Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+AC_COPYRIGHT([[Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.]])
-AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.560.2.31 2006/11/07 20:57:24 ando Exp $])
+AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.560.2.32 2007/01/02 21:43:40 kurt Exp $])
 AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
 m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
 AC_CONFIG_SRCDIR(build/version.sh)dnl
@@ -93,7 +93,7 @@
 /* begin of portable.h.pre */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation
+ * Copyright 1998-2007 The OpenLDAP Foundation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -3203,7 +3203,7 @@
 cat > $BACKENDSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -3254,7 +3254,7 @@
 cat > $OVERLAYSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* Generic time.h */
-/* $OpenLDAP: pkg/ldap/contrib/ldapc++/src/ac/time.h,v 1.5.2.2 2006/01/03 22:16:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/ldapc++/src/ac/time.h,v 1.5.2.3 2007/01/02 21:43:42 kurt Exp $ */
 /*
- * Copyright 1998-2006 The OpenLDAP Foundation, Redwood City, California, USA
+ * Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms are permitted only

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/acl/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/acl/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/acl/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 2005-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2005-2007 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/acl/posixgroup.c,v 1.1.2.3 2006/01/03 22:16:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/acl/posixgroup.c,v 1.1.2.5 2007/01/02 21:43:42 kurt Exp $ */
 /*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -283,7 +283,7 @@
 
 	if ( user != NULL && user != target ) {
 		op->o_bd = user_be;
-		be_entry_release_r( op, group );
+		be_entry_release_r( op, user );
 		op->o_bd = be;
 	}
 

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/comp_match/Makefile,v 1.3.2.5 2006/01/03 22:16:02 kurt Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/comp_match/Makefile,v 1.3.2.6 2007/01/02 21:43:42 kurt Exp $
 # This work is part of OpenLDAP Software <http://www.openldap.org/>.
 #
-# Copyright 2003-2006 The OpenLDAP Foundation.
+# Copyright 2003-2007 The OpenLDAP Foundation.
 # Portions Copyright 2004 by IBM Corporation.
 # All rights reserved.
 

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/dsaschema/dsaschema.c,v 1.3.2.2 2006/01/03 22:16:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/dsaschema/dsaschema.c,v 1.3.2.3 2007/01/02 21:43:42 kurt Exp $ */
 /*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/kerberos.c,v 1.2.2.3 2006/01/03 22:16:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/kerberos.c,v 1.2.2.4 2007/01/02 21:43:42 kurt Exp $ */
 /*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.2.2.3 2006/01/03 22:16:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.2.2.4 2007/01/02 21:43:42 kurt Exp $ */
 /*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 /* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.1.2.9 2005/12/20 23:49:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.1.2.10 2006/12/15 15:39:35 hyc Exp $ */
 /*
  * Copyright 2004-2005 by Howard Chu, Symas Corp.
  * All rights reserved.
@@ -818,20 +818,32 @@
 		ret = krb5_init_context(&context);
 		if (ret) {
 			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
-				"unable to initialize krb5 context.\n",
-				0, 0, 0 );
+				"unable to initialize krb5 context (%d).\n",
+				ret, 0, 0 );
 			oc_krb5KDCEntry = NULL;
 			return -1;
 		}
 
-		/* FIXME: check return code? */
 		ret = kadm5_s_init_with_password_ctx( context,
 			KADM5_ADMIN_SERVICE,
 			NULL,
 			KADM5_ADMIN_SERVICE,
 			&conf, 0, 0, &kadm_context );
+		if (ret) {
+			char *err_str, *err_msg = "<unknown error>";
+			err_str = krb5_get_error_string( context );
+			if (!err_str)
+				err_msg = krb5_get_err_text( context, ret );
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to initialize krb5 admin context: %s (%d).\n",
+				err_str ? err_str : err_msg, ret, 0 );
+			if (err_str)
+				krb5_free_error_string( context, err_str );
+			krb5_free_context( context );
+			oc_krb5KDCEntry = NULL;
+			return -1;
+		}
 
-		/* FIXME: check return code? */
 		db = _kadm5_s_get_db( kadm_context );
 	}
 #endif /* DO_KRB5 */

Modified: openldap/vendor/openldap-release/contrib/slapd-tools/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-tools/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapd-tools/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 2003-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2003-2007 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/doc/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 ## doc Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/Makefile.in,v 1.8.2.3 2006/01/03 22:16:03 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/Makefile.in,v 1.8.2.4 2007/01/02 21:43:43 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/guide/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/doc/guide/COPYRIGHT	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/COPYRIGHT	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/guide/admin/Makefile
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/Makefile	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/Makefile	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 ## Makefile for OpenLDAP Administrator's Guide
-# $OpenLDAP: pkg/openldap-guide/admin/Makefile,v 1.4.2.2 2006/01/03 22:16:03 kurt Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/Makefile,v 1.4.2.3 2007/01/02 21:43:43 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/abstract.sdf,v 1.6.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/abstract.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 # 
 # OpenLDAP Administrator's Guide: Abstract

Modified: openldap/vendor/openldap-release/doc/guide/admin/admin.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/admin.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/admin.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/admin.sdf,v 1.1.2.2 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/admin.sdf,v 1.1.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # guide.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/config.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/config.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/config.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/config.sdf,v 1.13.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/config.sdf,v 1.13.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: The Big Picture - Configuration Choices
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/dbtools.sdf,v 1.23.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/dbtools.sdf,v 1.23.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Database Creation and Maintenance Tools

Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.html	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.html	2007-05-23 19:07:37 UTC (rev 797)
@@ -23,7 +23,7 @@
 <DIV CLASS="title">
 <H1 CLASS="doc-title">OpenLDAP Software 2.3 Administrator's Guide</H1>
 <ADDRESS CLASS="doc-author">The OpenLDAP Project &lt;<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>&gt;</ADDRESS>
-<ADDRESS CLASS="doc-modified">3 January 2006</ADDRESS>
+<ADDRESS CLASS="doc-modified">9 April 2007</ADDRESS>
 <BR CLEAR="All">
 </DIV>
 <DIV CLASS="contents">
@@ -1256,10 +1256,11 @@
 <PRE>
         olcSyncrepl: rid=&lt;replica ID&gt;
                 provider=ldap[s]://&lt;hostname&gt;[:port]
+                [starttls=yes|critical]
                 [type=refreshOnly|refreshAndPersist]
                 [interval=dd:hh:mm:ss]
                 [retry=[&lt;retry interval&gt; &lt;# of retries&gt;]+]
-                [searchbase=&lt;base DN&gt;]
+                searchbase=&lt;base DN&gt;
                 [filter=&lt;filter str&gt;]
                 [scope=sub|one|base]
                 [attrs=&lt;attr list&gt;]
@@ -1279,6 +1280,7 @@
 <P>This directive specifies the current database as a replica of the master content by establishing the current <EM>slapd</EM>(8) as a replication consumer site running a syncrepl replication engine. The master database is located at the replication provider site specified by the <TT>provider</TT> parameter. The replica database is kept up-to-date with the master content using the LDAP Content Synchronization protocol. See <TT>draft-zeilenga-ldup-sync-xx.txt</TT> (<EM>a work in progress</EM>) for more information on the protocol.</P>
 <P>The <TT>rid</TT> parameter is used for identification of the current <TT>syncrepl</TT> directive within the replication consumer server, where <TT>&lt;replica ID&gt;</TT> uniquely identifies the syncrepl specification described by the current <TT>syncrepl</TT> directive. <TT>&lt;replica ID&gt;</TT> is non-negative and is no more than three decimal digits in length.</P>
 <P>The <TT>provider</TT> parameter specifies the replication provider site containing the master content as an LDAP URI. The <TT>provider</TT> parameter specifies a scheme, a host and optionally a port where the provider slapd instance can be found. Either a domain name or IP address may be used for &lt;hostname&gt;. Examples are <TT>ldap://provider.example.com:389</TT> or <TT>ldaps://192.168.1.1:636</TT>. If &lt;port&gt; is not given, the standard LDAP port number (389 or 636) is used. Note that the syncrepl uses a consumer-initiated protocol, and hence its specification is located at the consumer site, whereas the <TT>replica</TT> specification is located at the provider site. <TT>syncrepl</TT> and <TT>replica</TT> directives define two independent replication mechanisms. They do not represent the replication peers of each other.</P>
+<P>The <TT>starttls</TT> parameter specifies use of the StartTLS extended operation to establish a TLS session before Binding to the provider. If the StartTLS request fails and the <TT>critical</TT> argument was used, the session will be aborted. Otherwise the syncrepl session continues without TLS.</P>
 <P>The content of the syncrepl replica is defined using a search specification as its result set. The consumer slapd will send search requests to the provider slapd according to the search specification. The search specification includes <TT>searchbase</TT>, <TT>scope</TT>, <TT>filter</TT>, <TT>attrs</TT>, <TT>attrsonly</TT>, <TT>sizelimit</TT>, and <TT>timelimit</TT> parameters as in the normal search specification. The <TT>searchbase</TT> parameter has no default value and must always be specified. The <TT>scope</TT> defaults to <TT>sub</TT>, the <TT>filter</TT> defaults to <TT>(objectclass=*)</TT>, <TT>attrs</TT> defaults to <TT>&quot;*,+&quot;</TT> to replicate all user and operational attributes, and <TT>attrsonly</TT> is unset by default. Both <TT>sizelimit</TT> and <TT>timelimit</TT> default to &quot;unlimited&quot;, and only positive integers or &quot;unlimited&quot; may be specified.</P>
 <P>The LDAP Content Synchronization protocol has two operation types: <TT>refreshOnly</TT> and <TT>refreshAndPersist</TT>. The operation type is specified by the <TT>type</TT> parameter. In the <TT>refreshOnly</TT> operation, the next synchronization search operation is periodically rescheduled at an interval time after each synchronization operation finishes. The interval is specified by the <TT>interval</TT> parameter. It is set to one day by default. In the <TT>refreshAndPersist</TT> operation, a synchronization search remains persistent in the provider slapd. Further updates to the master replica will generate <TT>searchResultEntry</TT> to the consumer slapd as the search responses to the persistent synchronization search.</P>
 <P>If an error occurs during replication, the consumer will attempt to reconnect according to the retry parameter which is a list of the &lt;retry interval&gt; and &lt;# of retries&gt; pairs. For example, retry=&quot;60 10 300 3&quot; lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next three times before stop retrying. + in &lt;#  of retries&gt; means indefinite number of retries until success.</P>
@@ -1689,7 +1691,7 @@
 <P>Also note that if no <TT>olcAccess: to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  That is, every <TT>olcAccess: to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>olcAccess: to * by * none</TT> directive.</P>
 <P>The next example again shows the importance of ordering, both of the access directives and the <TT>by &lt;who&gt;</TT> clauses.  It also shows the use of an attribute selector to grant access to a specific attribute and various <TT>&lt;who&gt;</TT> selectors.</P>
 <PRE>
-        olcAccess: to dn.subtree=&quot;dc=example,dc=com&quot; attr=homePhone
+        olcAccess: to dn.subtree=&quot;dc=example,dc=com&quot; attrs=homePhone
                 by self write
                 by dn.children=dc=example,dc=com&quot; search
                 by peername.regex=IP:10\..+ read
@@ -1701,14 +1703,14 @@
 <P>This example applies to entries in the &quot;<TT>dc=example,dc=com</TT>&quot; subtree. To all attributes except <TT>homePhone</TT>, an entry can write to itself, entries under <TT>example.com</TT> entries can search by them, anybody else has no access (implicit <TT>by * none</TT>) excepting for authentication/authorization (which is always done anonymously).  The <TT>homePhone</TT> attribute is writable by the entry, searchable by entries under <TT>example.com</TT>, readable by clients connecting from network 10, and otherwise not readable (implicit <TT>by * none</TT>).  All other access is denied by the implicit <TT>access to * by * none</TT>.</P>
 <P>Sometimes it is useful to permit a particular DN to add or remove itself from an attribute. For example, if you would like to create a group and allow people to add and remove only their own DN from the member attribute, you could accomplish it with an access directive like this:</P>
 <PRE>
-        olcAccess: to attr=member,entry
+        olcAccess: to attrs=member,entry
                 by dnattr=member selfwrite
 </PRE>
 <P>The dnattr <TT>&lt;who&gt;</TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
 <H3><A NAME="Access Control Ordering">5.3.6. Access Control Ordering</A></H3>
 <P>Since the ordering of <TT>olcAccess</TT> directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a <TT>&quot;{X}&quot;</TT> numeric index to each value, similarly to the approach used for ordering the configuration entries. These index tags are maintained automatically by slapd and do not need to be specified when originally defining the values. For example, when you create the settings</P>
 <PRE>
-        olcAccess: to attr=member,entry
+        olcAccess: to attrs=member,entry
                 by dnattr=member selfwrite
         olcAccess: to dn.children=&quot;dc=example,dc=com&quot;
                 by * search
@@ -1717,7 +1719,7 @@
 </PRE>
 <P>when you read them back using slapcat or ldapsearch they will contain</P>
 <PRE>
-        olcAccess: {0}to attr=member,entry
+        olcAccess: {0}to attrs=member,entry
                 by dnattr=member selfwrite
         olcAccess: {1}to dn.children=&quot;dc=example,dc=com&quot;
                 by * search
@@ -1747,7 +1749,7 @@
 </PRE>
 <P>This example deletes whatever rule is in value #1 of the <TT>olcAccess</TT> attribute (regardless of its value) and adds a new value that is explicitly inserted as value #1. The result will be</P>
 <PRE>
-        olcAccess: {0}to attr=member,entry
+        olcAccess: {0}to attrs=member,entry
                 by dnattr=member selfwrite
         olcAccess: {1}to dn.children=&quot;dc=example,dc=com&quot;
                 by * write
@@ -1804,7 +1806,7 @@
  30.    olcDbIndex: uid pres,eq
  31.    olcDbIndex: cn,sn,uid pres,eq,approx,sub
  32.    olcDbIndex: objectClass eq
- 33.    olcAccess: to attr=userPassword
+ 33.    olcAccess: to attrs=userPassword
  34.      by self write
  35.      by anonymous auth
  36.      by dn.base=&quot;cn=Admin,dc=example,dc=com&quot; write
@@ -2594,7 +2596,7 @@
 <P>Also note that if no <TT>access to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  That is, every <TT>access to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>access to * by * none</TT> directive.</P>
 <P>The next example again shows the importance of ordering, both of the access directives and the <TT>by &lt;who&gt;</TT> clauses.  It also shows the use of an attribute selector to grant access to a specific attribute and various <TT>&lt;who&gt;</TT> selectors.</P>
 <PRE>
-        access to dn.subtree=&quot;dc=example,dc=com&quot; attr=homePhone
+        access to dn.subtree=&quot;dc=example,dc=com&quot; attrs=homePhone
                 by self write
                 by dn.children=&quot;dc=example,dc=com&quot; search
                 by peername.regex=IP:10\..+ read
@@ -2606,7 +2608,7 @@
 <P>This example applies to entries in the &quot;<TT>dc=example,dc=com</TT>&quot; subtree. To all attributes except <TT>homePhone</TT>, an entry can write to itself, entries under <TT>example.com</TT> entries can search by them, anybody else has no access (implicit <TT>by * none</TT>) excepting for authentication/authorization (which is always done anonymously).  The <TT>homePhone</TT> attribute is writable by the entry, searchable by entries under <TT>example.com</TT>, readable by clients connecting from network 10, and otherwise not readable (implicit <TT>by * none</TT>).  All other access is denied by the implicit <TT>access to * by * none</TT>.</P>
 <P>Sometimes it is useful to permit a particular DN to add or remove itself from an attribute. For example, if you would like to create a group and allow people to add and remove only their own DN from the member attribute, you could accomplish it with an access directive like this:</P>
 <PRE>
-        access to attr=member,entry
+        access to attrs=member,entry
                 by dnattr=member selfwrite
 </PRE>
 <P>The dnattr <TT>&lt;who&gt;</TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
@@ -2641,7 +2643,7 @@
  21.    index cn,sn,uid pres,eq,approx,sub
  22.    index objectClass eq
  23.    # database access control definitions
- 24.    access to attr=userPassword
+ 24.    access to attrs=userPassword
  25.            by self write
  26.            by anonymous auth
  27.            by dn.base=&quot;cn=Admin,dc=example,dc=com&quot; write
@@ -3709,7 +3711,7 @@
 <P>Anonymous access is requested by providing no name and no password to the &quot;simple&quot; bind operation.  Unauthenticated access is requested by providing a name but no password.  Authenticated access is requested by providing a valid name and password.</P>
 <P>An anonymous bind results in an <EM>anonymous</EM> authorization association.  Anonymous bind mechanism is enabled by default, but can be disabled by specifying &quot;<TT>disallow bind_anon</TT>&quot; in <EM>slapd.conf</EM>(5).  Note that disabling the anonymous bind mechanism does not prevent anonymous access to the directory.  To require authentication to access the directory, one should instead specify &quot;<TT>require authc</TT>&quot;.</P>
 <P>An unauthenticated bind also results in an <EM>anonymous</EM> authorization association.  Unauthenticated bind mechanism is disabled by default, but can be enabled by specifying &quot;<TT>allow bind_anon_cred</TT>&quot; in <EM>slapd.conf</EM>(5).  As a number of LDAP applications mistakenly generate unauthenticated bind request when authenticated access was intended (that is, they do not ensure a password was provided), this mechanism should generally remain disabled.</P>
-<P>A successful user/password authenticated bind results in a user authorization identity, the provided name, being associated with the session.  User/password authenticated bind is enabled by default. However, as this mechanism itself offers no evesdropping protection (e.g., the password is set in the clear), it is recommended that it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, <TERM>IPSEC</TERM>). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled.  This is done by setting &quot;<TT>disallow bind_simple_unprotected</TT>&quot; in <EM>slapd.conf</EM>(5).  The <TT>security</TT> directive's <TT>simple_bind</TT> option provides fine grain control over the level of confidential protection to require for <EM>simple</EM> user/password authentication.</P>
+<P>A successful user/password authenticated bind results in a user authorization identity, the provided name, being associated with the session.  User/password authenticated bind is enabled by default. However, as this mechanism itself offers no evesdropping protection (e.g., the password is set in the clear), it is recommended that it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, <TERM>IPSEC</TERM>). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled.  This is done using the <TT>security</TT> directive's <TT>simple_bind</TT> option, which provides fine grain control over the level of confidential protection to require for <EM>simple</EM> user/password authentication. E.g., using <TT>security simple_bind=56</TT> would require <EM>simple</EM> binds to use encryption of DES equivalent or better.</P>
 <P>The user/password authenticated bind mechanism can be completely disabled by setting &quot;<TT>disallow bind_simple</TT>&quot;.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>An unsuccessful bind always results in the session having an <EM>anonymous</EM> authorization association.
@@ -3953,7 +3955,7 @@
 <P>Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression characters). Anything that does not begin with &quot;<TT>ldap://</TT>&quot; is taken as a DN. It is not permissable to enter another authorization identity of the form &quot;<TT>u:&lt;username&gt;</TT>&quot; as an authorization rule.</P>
 <H4><A NAME="Policy Configuration">11.3.3.2. Policy Configuration</A></H4>
 <P>The decision of which type of rules to use, <TT>authzFrom</TT> or <TT>authzTo</TT>, will depend on the site's situation. For example, if the set of people who may become a given identity can easily be written as a search filter, then a single destination rule could be written. If the set of people is not easily defined by a search filter, and the set of people is small, it may be better to write a source rule in the entries of each of those people who should be allowed to perform the proxy authorization.</P>
-<P>By default, processing of proxy authorization rules is disabled. The <TT>authz-policy</TT> directive must be set in the <EM>slapd.conf</EM>(5) file to enable authorization. This directive can be set to <TT>none</TT> for no rules (the default), <TT>from</TT> for source rules, <TT>to</TT> for destination rules, or <TT>both</TT> for both source and destination rules.</P>
+<P>By default, processing of proxy authorization rules is disabled. The <TT>authz-policy</TT> directive must be set in the <EM>slapd.conf</EM>(5) file to enable authorization. This directive can be set to <TT>none</TT> for no rules (the default), <TT>to</TT> for source rules, <TT>from</TT> for destination rules, or <TT>both</TT> for both source and destination rules.</P>
 <P>Destination rules are extremely powerful. If ordinary users have access to write the <TT>authzTo</TT> attribute in their own entries, then they can write rules that would allow them to authorize as anyone else.  As such, when using destination rules, the <TT>authzTo</TT> attribute should be protected with an ACL that only allows privileged users to set its values.</P>
 <P></P>
 <HR>
@@ -4579,16 +4581,16 @@
 <HR>
 <H1><A NAME="OpenLDAP Software Copyright Notices">B. OpenLDAP Software Copyright Notices</A></H1>
 <H2><A NAME="OpenLDAP Copyright Notice">B.1. OpenLDAP Copyright Notice</A></H2>
-<P>Copyright 1998-2005 The OpenLDAP Foundation.<BR><EM>All rights reserved.</EM></P>
+<P>Copyright 1998-2007 The OpenLDAP Foundation.<BR><EM>All rights reserved.</EM></P>
 <P>Redistribution and use in source and binary forms, with or without modification, are permitted <EM>only as authorized</EM> by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
 <P>A copy of this license is available in file <TT>LICENSE</TT> in the top-level directory of the distribution or, alternatively, at &lt;<A HREF="http://www.OpenLDAP.org/license.html">http://www.OpenLDAP.org/license.html</A>&gt;.</P>
 <P>OpenLDAP is a registered trademark of the OpenLDAP Foundation.</P>
 <P>Individual files and/or contributed packages may be copyright by other parties and their use subject to additional restrictions.</P>
-<P>This work is derived from the University of Michigan LDAP v3.3 distribution.  Information concerning this software is available at &lt;<A HREF="http://www.umich.edu/~dirsvcs/ldap/">http://www.umich.edu/~dirsvcs/ldap/</A>&gt;.</P>
+<P>This work is derived from the University of Michigan LDAP v3.3 distribution.  Information concerning this software is available at &lt;<A HREF="http://www.umich.edu/~dirsvcs/ldap/ldap.html">http://www.umich.edu/~dirsvcs/ldap/ldap.html</A>&gt;.</P>
 <P>This work also contains materials derived from public sources.</P>
 <P>Additional information about OpenLDAP software can be obtained at &lt;<A HREF="http://www.OpenLDAP.org/">http://www.OpenLDAP.org/</A>&gt;.</P>
 <H2><A NAME="Additional Copyright Notice">B.2. Additional Copyright Notice</A></H2>
-<P>Portions Copyright 1998-2005 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2005 Net Boolean Incorporated.<BR>Portions Copyright 2001-2005 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
+<P>Portions Copyright 1998-2006 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2006 Net Boolean Incorporated.<BR>Portions Copyright 2001-2006 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
 <P>Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
 <P>Portions Copyright 1999-2005 Howard Y.H. Chu.<BR>Portions Copyright 1999-2005 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR><EM>All rights reserved.</EM></P>
 <P>Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission.  This software is provided ``as is'' without express or implied warranty.</P>
@@ -4656,7 +4658,7 @@
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
 ________________<BR>
-<SMALL>&copy; Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>&copy; Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
 
 </DIV>
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/guide.sdf,v 1.6.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/guide.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # guide.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/index.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/index.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/index.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/index.sdf,v 1.6.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/index.sdf,v 1.6.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # index.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/install.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/install.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/install.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/install.sdf,v 1.34.2.4 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/install.sdf,v 1.34.2.5 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Building and Installing OpenLDAP Software

Modified: openldap/vendor/openldap-release/doc/guide/admin/intro.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/intro.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/intro.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/intro.sdf,v 1.40.2.3 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/intro.sdf,v 1.40.2.4 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Introduction to OpenLDAP Directory Services
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/master.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/master.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/master.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/master.sdf,v 1.16.2.2 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/master.sdf,v 1.16.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # master file for the OpenLDAP Administrator's Guide

Modified: openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/monitoringslapd.sdf,v 1.8.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/monitoringslapd.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Monitoring Slapd
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/preface.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/preface.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/preface.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/preface.sdf,v 1.24.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/preface.sdf,v 1.24.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 # 
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/proxycache.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/proxycache.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/proxycache.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/proxycache.sdf,v 1.8.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 2003-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/proxycache.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: The Proxy Cache Engine

Modified: openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/quickstart.sdf,v 1.43.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/quickstart.sdf,v 1.43.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: A Quick-Start Guide

Modified: openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/referrals.sdf,v 1.24.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/referrals.sdf,v 1.24.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Constructing a Distributed Directory Service

Modified: openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/replication.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/replication.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.30.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.30.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Replication with slurpd
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/runningslapd.sdf,v 1.15.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/runningslapd.sdf,v 1.15.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Running slapd
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Using SASL
@@ -675,8 +675,8 @@
 By default, processing of proxy authorization rules is disabled.
 The {{EX:authz-policy}} directive must be set in the
 {{slapd.conf}}(5) file to enable authorization. This directive can
-be set to {{EX:none}} for no rules (the default), {{EX:from}} for
-source rules, {{EX:to}} for destination rules, or {{EX:both}} for
+be set to {{EX:none}} for no rules (the default), {{EX:to}} for
+source rules, {{EX:from}} for destination rules, or {{EX:both}} for
 both source and destination rules.
 
 Destination rules are extremely powerful. If ordinary users have

Modified: openldap/vendor/openldap-release/doc/guide/admin/schema.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/schema.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/schema.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/schema.sdf,v 1.39.2.2 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/schema.sdf,v 1.39.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Schema Specification

Modified: openldap/vendor/openldap-release/doc/guide/admin/security.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/security.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/security.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Security Considerations
@@ -147,10 +147,11 @@
 session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
 Where the administrator relies on TLS to protect the password, it
 is recommended that unprotected authentication be disabled.  This
-is done by setting "{{EX:disallow bind_simple_unprotected}}" in
-{{slapd.conf}}(5).  The {{EX:security}} directive's {{EX:simple_bind}}
-option provides fine grain control over the level of confidential
+is done using the {{EX:security}} directive's {{EX:simple_bind}}
+option, which provides fine grain control over the level of confidential
 protection to require for {{simple}} user/password authentication.
+E.g., using {{EX:security simple_bind=56}} would require {{simple}}
+binds to use encryption of DES equivalent or better.
 
 The user/password authenticated bind mechanism can be completely
 disabled by setting "{{EX:disallow bind_simple}}".

Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.1.2.10 2006/01/03 22:16:03 kurt Exp $
-# Copyright 2005-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.1.2.14 2007/04/06 03:59:58 quanah Exp $
+# Copyright 2005-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Configuring slapd
@@ -609,10 +609,11 @@
 
 >	olcSyncrepl: rid=<replica ID>
 >		provider=ldap[s]://<hostname>[:port]
+>		[starttls=yes|critical]
 >		[type=refreshOnly|refreshAndPersist]
 >		[interval=dd:hh:mm:ss]
 >		[retry=[<retry interval> <# of retries>]+]
->		[searchbase=<base DN>]
+>		searchbase=<base DN>
 >		[filter=<filter str>]
 >		[scope=sub|one|base]
 >		[attrs=<attr list>]
@@ -658,6 +659,12 @@
 {{EX:replica}} directives define two independent replication
 mechanisms. They do not represent the replication peers of each other.
 
+The {{EX:starttls}} parameter specifies use of the StartTLS extended
+operation to establish a TLS session before Binding to the provider. If the
+StartTLS request fails and the {{EX:critical}} argument was used, the
+session will be aborted. Otherwise the syncrepl session continues without
+TLS.
+
 The content of the syncrepl replica is defined using a search
 specification as its result set. The consumer slapd will
 send search requests to the provider slapd according to the search
@@ -1291,7 +1298,7 @@
 shows the use of an attribute selector to grant access to a specific
 attribute and various {{EX:<who>}} selectors.
 
->	olcAccess: to dn.subtree="dc=example,dc=com" attr=homePhone
+>	olcAccess: to dn.subtree="dc=example,dc=com" attrs=homePhone
 >		by self write
 >		by dn.children=dc=example,dc=com" search
 >		by peername.regex=IP:10\..+ read
@@ -1317,7 +1324,7 @@
 their own DN from the member attribute, you could accomplish
 it with an access directive like this:
 
->	olcAccess: to attr=member,entry
+>	olcAccess: to attrs=member,entry
 > 		by dnattr=member selfwrite
 
 The dnattr {{EX:<who>}} selector says that the access applies to
@@ -1341,7 +1348,7 @@
 when originally defining the values. For example, when you create the
 settings
 
->	olcAccess: to attr=member,entry
+>	olcAccess: to attrs=member,entry
 > 		by dnattr=member selfwrite
 >	olcAccess: to dn.children="dc=example,dc=com"
 > 		by * search
@@ -1350,7 +1357,7 @@
 
 when you read them back using slapcat or ldapsearch they will contain
 
->	olcAccess: {0}to attr=member,entry
+>	olcAccess: {0}to attrs=member,entry
 > 		by dnattr=member selfwrite
 >	olcAccess: {1}to dn.children="dc=example,dc=com"
 > 		by * search
@@ -1389,7 +1396,7 @@
 attribute (regardless of its value) and adds a new value that is
 explicitly inserted as value #1. The result will be
 
->	olcAccess: {0}to attr=member,entry
+>	olcAccess: {0}to attrs=member,entry
 > 		by dnattr=member selfwrite
 >	olcAccess: {1}to dn.children="dc=example,dc=com"
 > 		by * write
@@ -1479,7 +1486,7 @@
 E: 30.	olcDbIndex: uid pres,eq
 E: 31.	olcDbIndex: cn,sn,uid pres,eq,approx,sub
 E: 32.	olcDbIndex: objectClass eq
-E: 33.	olcAccess: to attr=userPassword
+E: 33.	olcAccess: to attrs=userPassword
 E: 34.	  by self write
 E: 35.	  by anonymous auth
 E: 36.	  by dn.base="cn=Admin,dc=example,dc=com" write

Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.79.2.6 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.79.2.8 2007/04/06 04:00:41 quanah Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: The slapd Configuration File
@@ -963,7 +963,7 @@
 shows the use of an attribute selector to grant access to a specific
 attribute and various {{EX:<who>}} selectors.
 
->	access to dn.subtree="dc=example,dc=com" attr=homePhone
+>	access to dn.subtree="dc=example,dc=com" attrs=homePhone
 >		by self write
 >		by dn.children="dc=example,dc=com" search
 >		by peername.regex=IP:10\..+ read
@@ -989,7 +989,7 @@
 their own DN from the member attribute, you could accomplish
 it with an access directive like this:
 
->	access to attr=member,entry
+>	access to attrs=member,entry
 > 		by dnattr=member selfwrite
 
 The dnattr {{EX:<who>}} selector says that the access applies to
@@ -1057,7 +1057,7 @@
 E: 21.	index cn,sn,uid pres,eq,approx,sub
 E: 22.	index objectClass eq
 E: 23.	# database access control definitions
-E: 24.	access to attr=userPassword
+E: 24.	access to attrs=userPassword
 E: 25.		by self write
 E: 26.		by anonymous auth
 E: 27.		by dn.base="cn=Admin,dc=example,dc=com" write

Modified: openldap/vendor/openldap-release/doc/guide/admin/syncrepl.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/syncrepl.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/syncrepl.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/syncrepl.sdf,v 1.14.2.2 2006/01/03 22:16:03 kurt Exp $
-# Copyright 2003-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/syncrepl.sdf,v 1.14.2.3 2007/01/02 21:43:43 kurt Exp $
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: LDAP Sync Replication

Modified: openldap/vendor/openldap-release/doc/guide/admin/tls.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/tls.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/tls.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Using TLS

Modified: openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/tuning.sdf,v 1.8.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/tuning.sdf,v 1.8.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Performance Tuning

Modified: openldap/vendor/openldap-release/doc/guide/plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/plain.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/plain.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/plain.sdf,v 1.10.2.1 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/plain.sdf,v 1.10.2.2 2007/01/02 21:43:43 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 # template for plain documents

Modified: openldap/vendor/openldap-release/doc/guide/preamble.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/preamble.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/preamble.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/preamble.sdf,v 1.63.2.3 2006/01/03 22:16:03 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/preamble.sdf,v 1.63.2.5 2007/01/02 21:46:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
  
 #
@@ -55,7 +55,7 @@
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
 ________________<BR>
-<SMALL>&copy; Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>&copy; Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
 
 	!endblock
 !endmacro
@@ -91,7 +91,7 @@
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
 ________________<BR>
-<SMALL>&copy; Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>&copy; Copyright 2006, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
 
 	!endblock
 !endmacro

Modified: openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/copyright-plain.sdf,v 1.9.4.1 2006/01/03 22:16:04 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/copyright-plain.sdf,v 1.9.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 #

Modified: openldap/vendor/openldap-release/doc/guide/release/copyright.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/copyright.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/release/copyright.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/copyright.sdf,v 1.20.2.2 2006/01/03 22:16:04 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/copyright.sdf,v 1.20.2.4 2007/01/02 21:48:19 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 !if OPT_PP_HTML
@@ -13,7 +13,7 @@
 H2: OpenLDAP Copyright Notice
 
 !block nofill
-[[copyright]] 1998-2005 The OpenLDAP Foundation.
+[[copyright]] 1998-2007 The OpenLDAP Foundation.
 {{All rights reserved.}}
 !endblock
 
@@ -32,7 +32,7 @@
 
 This work is derived from the University of Michigan LDAP v3.3
 distribution.  Information concerning this software is available
-at <{{URL:http://www.umich.edu/~dirsvcs/ldap/}}>.
+at <{{URL:http://www.umich.edu/~dirsvcs/ldap/ldap.html}}>.
 
 This work also contains materials derived from public sources.
 
@@ -43,9 +43,9 @@
 H2: Additional Copyright Notice
 
 !block nofill
-Portions [[copyright]] 1998-2005 Kurt D. Zeilenga.
-Portions [[copyright]] 1998-2005 Net Boolean Incorporated.
-Portions [[copyright]] 2001-2005 IBM Corporation.
+Portions [[copyright]] 1998-2006 Kurt D. Zeilenga.
+Portions [[copyright]] 1998-2006 Net Boolean Incorporated.
+Portions [[copyright]] 2001-2006 IBM Corporation.
 {{All rights reserved.}}
 !endblock
 

Modified: openldap/vendor/openldap-release/doc/guide/release/install.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/install.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/release/install.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.21.2.1 2006/01/03 22:16:04 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.21.2.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 P1: Making and Installing the OpenLDAP Distribution

Modified: openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/license-plain.sdf,v 1.9.4.1 2006/01/03 22:16:04 kurt Exp $
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/license-plain.sdf,v 1.9.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 #

Modified: openldap/vendor/openldap-release/doc/guide/release/license.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/license.sdf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/guide/release/license.sdf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/license.sdf,v 1.11.4.1 2006/01/03 22:16:04 kurt Exp $
-# Copyright 2000-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/license.sdf,v 1.11.4.2 2007/01/02 21:43:44 kurt Exp $
+# Copyright 2000-2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: OpenLDAP Public License

Modified: openldap/vendor/openldap-release/doc/man/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # man Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/Makefile.in,v 1.8.2.3 2006/01/03 22:16:04 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/Makefile.in,v 1.8.2.4 2007/01/02 21:43:44 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man1/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # man1 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man1/Makefile.in,v 1.8.2.3 2006/01/03 22:16:04 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man1/Makefile.in,v 1.8.2.4 2007/01/02 21:43:44 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.8.2.4 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.8.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapcompare \- LDAP compare tool

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.38.2.4 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.38.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapdelete \- LDAP delete entry tool

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.44.2.5 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.44.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.34.2.4 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.34.2.6 2007/04/06 04:31:49 quanah Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapmodrdn \- LDAP rename entry tool
@@ -9,6 +9,8 @@
 [\c
 .BR \-r ]
 [\c
+.BI \-s \ newsup\fR]
+[\c
 .BR \-n ]
 [\c
 .BR \-v ]
@@ -74,6 +76,10 @@
 .B \-r
 Remove old RDN values from the entry.  Default is to keep old values.
 .TP
+.BI \-s \ newsup
+Specify a new superior entry. (I.e., move the target entry and make it a
+child of the new superior.)  This option is not supported in LDAPv2.
+.TP
 .B \-n
 Show what would be done, but don't actually change entries.  Useful for
 debugging in conjunction with -v.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.36.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.36.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldappasswd \- change the password of an LDAP entry

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.49.2.10 2006/11/10 20:54:01 hyc Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.49.2.11 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapsearch \- LDAP search tool

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.6.2.4 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.6.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapwhoami \- LDAP who am i? tool

Modified: openldap/vendor/openldap-release/doc/man/man3/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # man3 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.8.2.4 2006/01/03 22:16:04 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.8.2.5 2007/01/02 21:43:44 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-decode.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-decode.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int,

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-encode.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-encode.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_alloc_t, ber_flush, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- LBER simplified Basic Encoding Rules library routines for encoding

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-memory.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-memory.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- LBER memory allocators

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-types.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-types.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-types.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t,

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.5 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap - OpenLDAP Lightweight Directory Access Protocol API

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_abandon, ldap_abandon_ext \- Abandon an LDAP operation in progress

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_add.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_add.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_add, ldap_add_s, ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.4 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.5 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_compare, ldap_compare_s \- Perform an LDAP compare operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_delete, ldap_delete_s \- Perform an LDAP delete operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_error.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_error.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.5 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.6 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.4 2007/01/02 21:43:44 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_modify, ldap_modify_s \- Perform an LDAP modify operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_open.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_open.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_init, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_reference \- Extract referrals and controls from a reference message

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.5 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_result \- Parsing results
@@ -58,7 +58,7 @@
 .LP
 The \fIreferralsp\fP parameter will be filled in with an allocated array of
 referral strings from the parsed message. This array should be freed using
-.BR ldap_value_free (3).
+.BR ldap_memvfree (3).
 If no referrals were returned, \fI*referralsp\fP is set to NULL.
 .LP
 The \fIserverctrlsp\fP parameter will be filled in with an allocated array of

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_result.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_result.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.5 2007/04/06 04:35:09 quanah Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_result \- Wait for the result of an LDAP operation
@@ -90,7 +90,7 @@
 	LDAP_RES_MODDN (0x6d)
 	LDAP_RES_COMPARE (0x6f)
 	LDAP_RES_EXTENDED (0x78)
-	LDAP_RES_EXTENDED_PARTIAL (0x79)
+	LDAP_RES_INTERMEDIATE (0x79)
 .fi
 .LP
 The

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 2000-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 2000-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free,

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_search.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_search.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.5 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.6 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_url.3	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_url.3	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_is_ldap_url,

Modified: openldap/vendor/openldap-release/doc/man/man5/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # man5 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man5/Makefile.in,v 1.8.2.4 2006/01/03 22:16:05 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man5/Makefile.in,v 1.8.2.5 2007/01/02 21:43:45 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.28.2.3 2006/01/03 22:16:05 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.28.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .UC 6
 .SH NAME

Modified: openldap/vendor/openldap-release/doc/man/man5/ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldif.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/ldif.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.18.2.4 2006/01/03 22:16:05 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.18.2.5 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldif \- LDAP Data Interchange Format

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.9 2006/01/17 19:14:24 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.10 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 \fBslapd-bdb\fP, \fBslapd-hdb\fP \- Berkeley DB backends to \fBslapd\fP
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.7.2.4 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.7.2.5 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-dnssrv \- DNS SRV referral backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.24.2.16 2006/10/24 18:02:38 ando Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.24.2.17 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-ldap \- LDAP backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.8.2.5 2006/01/17 19:14:24 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.8.2.6 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-ldbm \- LDBM backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.1.2.3 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.1.2.4 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-ldif \- LDIF backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 .TH SLAPD-META 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.14 2006/10/24 18:02:38 ando Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.16 2007/04/06 03:57:19 quanah Exp $
 .\"
 .\" Portions of this document should probably be moved to slapd-ldap(5)
 .\" and maybe manual pages for librewrite.
@@ -488,7 +488,7 @@
 .LP
 .RS
 .nf
-access to dn="<dn>" attr=<attr>
+access to dn="<dn>" attrs=<attr>
        by dnattr=<dnattr> read
        by * none
 .fi

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.4.2.5 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.4.2.6 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 .B slapd-monitor 
 \- Monitor backend to slapd

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-null.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-null.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-NULL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2006 The OpenLDAP Foundation.  All Rights Reserved.
+.\" Copyright 2002-2007 The OpenLDAP Foundation.  All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.5.4.4 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.5.4.5 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-null \- Null backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.8.2.4 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.8.2.5 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-passwd \- /etc/passwd backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.13.2.5 2006/05/15 15:51:58 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.13.2.6 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd-shell \- Shell backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-sql.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.6 2005/08/09 16:58:45 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.7 2007/03/05 18:39:51 ando Exp $
 .SH NAME
 slapd-sql \- SQL backend to slapd
 .SH SYNOPSIS
@@ -100,7 +100,7 @@
 and \fBstrcast_func\fP in "HELPER CONFIGURATION" for details.
 
 .TP
-.B use_subtree_shortcut { NO | yes }
+.B use_subtree_shortcut { YES | no }
 Do not use the subtree condition when the searchBase is the database
 suffix, and the scope is subtree; rather collect all entries.
 

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.access.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.access.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.55.2.9 2006/10/10 11:36:55 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.55.2.10 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.23 2006/10/06 00:01:45 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.28 2007/04/02 20:33:57 hyc Exp $
 .SH NAME
 slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
 .SH SYNOPSIS
@@ -1309,7 +1309,8 @@
 them. Overlays are pushed onto
 a stack over the database, and so they will execute in the reverse
 of the order in which they were configured and the database itself
-will receive control last of all.
+will receive control last of all. Note that all of the database's
+regular settings should be configured before any overlay settings.
 .TP
 .B readonly on | off
 This option puts the database into "read-only" mode.  Any attempts to 
@@ -1504,7 +1505,7 @@
 .B [type=refreshOnly|refreshAndPersist]
 .B [interval=dd:hh:mm:ss]
 .B [retry=[<retry interval> <# of retries>]+]
-.B [searchbase=<base DN>]
+.B searchbase=<base DN>
 .B [filter=<filter str>]
 .B [scope=sub|one|base]
 .B [attrs=<attr list>]
@@ -1596,9 +1597,10 @@
 .B starttls
 parameter specifies use of the StartTLS extended operation
 to establish a TLS session before Binding to the provider. If the
+StartTLS request fails and the
 .B critical
-argument is supplied, the session will be aborted if the StartTLS request
-fails. Otherwise the syncrepl session continues without TLS.
+argument was used, the session will be aborted. Otherwise the syncrepl
+session continues without TLS.
 A
 .B bindmethod
 of 
@@ -1609,6 +1611,7 @@
 .B credentials
 and should only be used when adequate security services
 (e.g. TLS or IPSEC) are in place.
+.B REMEMBER: simple bind credentials must be in cleartext!
 A
 .B bindmethod
 of

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPD.PLUGIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2002-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapd.plugin \- plugin configuration for slapd, the stand-alone LDAP daemon

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.replog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.replog.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.replog.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLAPD.REPLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.replog.5,v 1.12.2.3 2006/01/03 22:16:05 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.replog.5,v 1.12.2.4 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapd.replog \- slapd replication log format

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-ACCESSLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.1.2.8 2006/07/28 13:01:35 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.1.2.9 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-accesslog \- Access Logging overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.1.2.3 2006/02/16 01:59:53 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.1.2.4 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-auditlog \- Audit Logging overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.6 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.7 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-chain \- chain overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-DYNLIST 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.1.2.6 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.1.2.8 2007/02/03 09:06:46 ando Exp $
 .SH NAME
 slapo-dynlist \- Dynamic List overlay
 .SH SYNOPSIS
@@ -22,6 +22,10 @@
 are enforced.
 For example, if a \fISINGLE-VALUE\fP attribute is listed,
 only the first value results in the final entry.
+The above described behavior is disabled when the \fImanageDSAit\fP
+control (RFC 3296) is used.
+In that case, the contents of the dynamic group entry is returned;
+namely, the URLs are returned instead of being expanded.
 
 .SH CONFIGURATION
 The config directives that are specific to the

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-lastmod.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-lastmod.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-lastmod.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
 .SH NAME

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 .TH SLAPO-PCACHE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.3.2.9 2006/02/17 02:18:08 hyc Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.3.2.10 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-pcache \- proxycache overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.4.2.6 2006/02/16 01:59:53 kurt Exp $
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.4.2.7 2007/01/02 21:43:45 kurt Exp $
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
 .SH NAME

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.2.2.4 2006/02/16 01:59:53 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.2.2.5 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-refint \- Referential Integrity overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
-.TH SLAPO-RETCODE5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.TH SLAPO-RETCODE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.2.2.6 2006/04/05 18:06:15 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.2.2.8 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-retcode \- return code overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 .TH SLAPO-RWM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.8.2.6 2006/01/03 22:16:05 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.8.2.7 2007/01/02 21:43:45 kurt Exp $
 .\"
 .\" Portions of this document should probably be moved to slapd-ldap(5)
 .\" and maybe manual pages for librewrite.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.2.2.7 2006/07/31 22:50:02 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.2.2.8 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-syncprov \- Sync Provider overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.2.2.3 2006/01/03 22:16:06 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.2.2.4 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-translucent \- Translucent Proxy overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.2.2.5 2006/02/16 01:59:53 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.2.2.6 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-unique \- Attribute Uniqueness overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 .TH SLAPO-VALSORT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.2.2.4 2006/02/16 01:59:53 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.2.2.5 2007/01/02 21:43:45 kurt Exp $
 .SH NAME
 slapo-valsort \- Value Sorting overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man8/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # man8 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man8/Makefile.in,v 1.8.2.3 2006/01/03 22:16:06 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man8/Makefile.in,v 1.8.2.4 2007/01/02 21:43:46 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man8/slapacl.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapacl.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapacl.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapacl \- Check access to a list of attributes.
@@ -25,8 +25,6 @@
 .BR slapd.conf (5)
 configuration file, reads in the 
 .B access
-and
-.B defaultaccess
 directives, and then parses the 
 .B attr
 list given on the command-line; if none is given, access to the

Modified: openldap/vendor/openldap-release/doc/man/man8/slapadd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapadd.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapadd.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.8 2006/01/03 22:16:06 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.9 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapadd \- Add entries to a SLAPD database

Modified: openldap/vendor/openldap-release/doc/man/man8/slapauth.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapauth.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapauth.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapauth \- Check a list of string-represented IDs for authc/authz.

Modified: openldap/vendor/openldap-release/doc/man/man8/slapcat.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapcat.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapcat.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.7 2006/01/03 22:16:06 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.8 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapcat \- SLAPD database to LDIF utility

Modified: openldap/vendor/openldap-release/doc/man/man8/slapd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapd.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapd.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.53.2.8 2006/05/13 03:55:00 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.53.2.9 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
 .SH NAME

Modified: openldap/vendor/openldap-release/doc/man/man8/slapdn.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapdn.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapdn.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapdn \- Check a list of string-represented DNs based on schema syntax.

Modified: openldap/vendor/openldap-release/doc/man/man8/slapindex.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapindex.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slapindex.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.9 2006/01/03 22:16:06 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.10 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapindex \- SLAPD index to LDIF utility

Modified: openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slappasswd.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slappasswd.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.18.2.2 2006/01/03 22:16:06 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.18.2.3 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slappasswd \- OpenLDAP password utility

Modified: openldap/vendor/openldap-release/doc/man/man8/slaptest.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slaptest.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slaptest.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,5 +1,5 @@
 .TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slaptest \- Check the suitability of the slapd.conf file.

Modified: openldap/vendor/openldap-release/doc/man/man8/slurpd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slurpd.8	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/doc/man/man8/slurpd.8	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 .TH SLURPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slurpd.8,v 1.17.2.4 2006/01/03 22:16:06 kurt Exp $
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slurpd.8,v 1.17.2.5 2007/01/02 21:43:46 kurt Exp $
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slurpd \- Standalone LDAP Update Replication Daemon

Modified: openldap/vendor/openldap-release/include/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/include/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # include Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/include/Makefile.in,v 1.30.2.3 2006/01/03 22:16:06 kurt Exp $
+# $OpenLDAP: pkg/ldap/include/Makefile.in,v 1.30.2.4 2007/01/02 21:43:46 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/alloca.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/alloca.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/alloca.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic alloca.h */
-/* $OpenLDAP: pkg/ldap/include/ac/alloca.h,v 1.16.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/alloca.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/assert.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/assert.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/assert.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic assert.h */
-/* $OpenLDAP: pkg/ldap/include/ac/assert.h,v 1.19.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/assert.h,v 1.19.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/bytes.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/bytes.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/bytes.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic bytes.h */
-/* $OpenLDAP: pkg/ldap/include/ac/bytes.h,v 1.18.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/bytes.h,v 1.18.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/crypt.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/crypt.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/crypt.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic crypt.h */
-/* $OpenLDAP: pkg/ldap/include/ac/crypt.h,v 1.8.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/crypt.h,v 1.8.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/ctype.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/ctype.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/ctype.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic ctype.h */
-/* $OpenLDAP: pkg/ldap/include/ac/ctype.h,v 1.14.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/ctype.h,v 1.14.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/dirent.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/dirent.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/dirent.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic dirent.h */
-/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.12.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.12.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/errno.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/errno.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/errno.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic errno.h */
-/* $OpenLDAP: pkg/ldap/include/ac/errno.h,v 1.28.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/errno.h,v 1.28.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/fdset.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/fdset.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/fdset.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* redefine FD_SET */
-/* $OpenLDAP: pkg/ldap/include/ac/fdset.h,v 1.3.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/fdset.h,v 1.3.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/krb.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/krb.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/krb.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic krb.h */
-/* $OpenLDAP: pkg/ldap/include/ac/krb.h,v 1.15.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/krb.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/krb5.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/krb5.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/krb5.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic krb.h */
-/* $OpenLDAP: pkg/ldap/include/ac/krb5.h,v 1.8.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/krb5.h,v 1.8.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/localize.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/localize.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/localize.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* localize.h (i18n/l10n) */
-/* $OpenLDAP: pkg/ldap/include/ac/localize.h,v 1.5.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/localize.h,v 1.5.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/param.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/param.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/param.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic param.h */
-/* $OpenLDAP: pkg/ldap/include/ac/param.h,v 1.11.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/param.h,v 1.11.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/regex.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/regex.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/regex.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic Regex */
-/* $OpenLDAP: pkg/ldap/include/ac/regex.h,v 1.15.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/regex.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/setproctitle.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/setproctitle.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/setproctitle.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic setproctitle.h */
-/* $OpenLDAP: pkg/ldap/include/ac/setproctitle.h,v 1.19.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/setproctitle.h,v 1.19.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/signal.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/signal.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/signal.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic signal.h */
-/* $OpenLDAP: pkg/ldap/include/ac/signal.h,v 1.23.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/signal.h,v 1.23.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/socket.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/socket.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/socket.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic socket.h */
-/* $OpenLDAP: pkg/ldap/include/ac/socket.h,v 1.65.2.3 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/socket.h,v 1.65.2.4 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/stdarg.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/stdarg.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/stdarg.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic stdarg.h */
-/* $OpenLDAP: pkg/ldap/include/ac/stdarg.h,v 1.17.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/stdarg.h,v 1.17.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/stdlib.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/stdlib.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/stdlib.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic stdlib.h */
-/* $OpenLDAP: pkg/ldap/include/ac/stdlib.h,v 1.17.2.3 2006/10/20 16:52:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/stdlib.h,v 1.17.2.4 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/string.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/string.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/string.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic string.h */
-/* $OpenLDAP: pkg/ldap/include/ac/string.h,v 1.44.2.6 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/string.h,v 1.44.2.7 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/sysexits.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/sysexits.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/sysexits.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic sysexits */
-/* $OpenLDAP: pkg/ldap/include/ac/sysexits.h,v 1.10.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/sysexits.h,v 1.10.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/syslog.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/syslog.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/syslog.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic syslog.h */
-/* $OpenLDAP: pkg/ldap/include/ac/syslog.h,v 1.15.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/syslog.h,v 1.15.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/termios.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/termios.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/termios.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic termios.h */
-/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/time.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/time.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/time.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic time.h */
-/* $OpenLDAP: pkg/ldap/include/ac/time.h,v 1.16.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/time.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/unistd.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/unistd.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/unistd.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic unistd.h */
-/* $OpenLDAP: pkg/ldap/include/ac/unistd.h,v 1.35.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/unistd.h,v 1.35.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/wait.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/wait.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ac/wait.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* Generic wait.h */
-/* $OpenLDAP: pkg/ldap/include/ac/wait.h,v 1.14.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/wait.h,v 1.14.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/avl.h
===================================================================
--- openldap/vendor/openldap-release/include/avl.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/avl.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* avl.h - avl tree definitions */
-/* $OpenLDAP: pkg/ldap/include/avl.h,v 1.24.2.3 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/avl.h,v 1.24.2.4 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/getopt-compat.h
===================================================================
--- openldap/vendor/openldap-release/include/getopt-compat.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/getopt-compat.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* getopt-compat.h -- getopt(3) compatibility header */
-/* $OpenLDAP: pkg/ldap/include/getopt-compat.h,v 1.17.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/getopt-compat.h,v 1.17.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber.h
===================================================================
--- openldap/vendor/openldap-release/include/lber.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lber.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.94.2.4 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.94.2.5 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber_pvt.h
===================================================================
--- openldap/vendor/openldap-release/include/lber_pvt.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lber_pvt.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber_pvt.h,v 1.30.2.4 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber_pvt.h,v 1.30.2.5 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber_types.hin
===================================================================
--- openldap/vendor/openldap-release/include/lber_types.hin	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lber_types.hin	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber_types.hin,v 1.2.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber_types.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.263.2.24 2006/08/15 17:11:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.263.2.25 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_cdefs.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_cdefs.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_cdefs.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_cdefs.h,v 1.26.2.3 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_cdefs.h,v 1.26.2.4 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_config.hin
===================================================================
--- openldap/vendor/openldap-release/include/ldap_config.hin	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_config.hin	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_config.hin,v 1.2.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_config.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_defaults.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_defaults.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_defaults.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_defaults.h,v 1.30.2.3 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_defaults.h,v 1.30.2.4 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_features.hin
===================================================================
--- openldap/vendor/openldap-release/include/ldap_features.hin	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_features.hin	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_features.hin,v 1.2.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_features.hin,v 1.2.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_int_thread.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_int_thread.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_int_thread.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldap_int_thread.h - ldap internal thread wrappers header file */
-/* $OpenLDAP: pkg/ldap/include/ldap_int_thread.h,v 1.13.2.3 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_int_thread.h,v 1.13.2.4 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_log.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_log.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_log.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_log.h,v 1.35.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_log.h,v 1.35.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_pvt.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_pvt.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt.h,v 1.82.2.7 2006/02/13 19:18:36 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt.h,v 1.82.2.8 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_pvt_thread.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt_thread.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_pvt_thread.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldap_pvt_thread.h - ldap threads header file */
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.41.2.6 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.41.2.7 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_pvt_uc.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt_uc.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_pvt_uc.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt_uc.h,v 1.28.2.3 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_uc.h,v 1.28.2.4 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_queue.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_queue.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_queue.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldap_queue.h -- queue macros */
-/* $OpenLDAP: pkg/ldap/include/ldap_queue.h,v 1.11.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_queue.h,v 1.11.2.4 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -111,6 +111,7 @@
  * _HEAD		+	+	+	+	+
  * _ENTRY		+	+	+	+	+
  * _INIT		+	+	+	+	+
+ * _ENTRY_INIT		+	+	+	+	+
  * _EMPTY		+	+	+	+	+
  * _FIRST		+	+	+	+	+
  * _NEXT		+	+	+	+	+
@@ -160,6 +161,10 @@
 	(head)->slh_first = NULL;					\
 }
 
+#define LDAP_SLIST_ENTRY_INIT(var, field) {				\
+	(var)->field.sle_next = NULL;					\
+}
+
 #define LDAP_SLIST_INSERT_AFTER(slistelm, elm, field) do {		\
 	(elm)->field.sle_next = (slistelm)->field.sle_next;		\
 	(slistelm)->field.sle_next = (elm);				\
@@ -219,6 +224,10 @@
 	(head)->stqh_last = &(head)->stqh_first;			\
 } while (0)
 
+#define LDAP_STAILQ_ENTRY_INIT(var, field) {				\
+	(entry)->field.stqe_next = NULL;				\
+}
+
 #define LDAP_STAILQ_FIRST(head)	((head)->stqh_first)
 
 #define	LDAP_STAILQ_LAST(head, type, field)				\
@@ -310,6 +319,11 @@
 	(head)->lh_first = NULL;					\
 } while (0)
 
+#define LDAP_LIST_ENTRY_INIT(var, field) do {				\
+	(var)->field.le_next = NULL;					\
+	(var)->field.le_prev = NULL;					\
+} while (0)
+
 #define LDAP_LIST_INSERT_AFTER(listelm, elm, field) do {		\
 	if (((elm)->field.le_next = (listelm)->field.le_next) != NULL)	\
 		(listelm)->field.le_next->field.le_prev =		\
@@ -396,6 +410,11 @@
 	(head)->tqh_last = &(head)->tqh_first;				\
 } while (0)
 
+#define LDAP_TAILQ_ENTRY_INIT(var, field) do {				\
+	(var)->field.tqe_next = NULL;					\
+	(var)->field.tqe_prev = NULL;					\
+} while (0)
+
 #define LDAP_TAILQ_INSERT_HEAD(head, elm, field) do {			\
 	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
 		(head)->tqh_first->field.tqe_prev =			\
@@ -476,6 +495,11 @@
 	(head)->cqh_last = (void *)(head);				\
 } while (0)
 
+#define LDAP_CIRCLEQ_ENTRY_INIT(var, field) do {			\
+	(var)->field.cqe_next = NULL;					\
+	(var)->field.cqe_prev = NULL;					\
+} while (0)
+
 #define LDAP_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do {	\
 	(elm)->field.cqe_next = (listelm)->field.cqe_next;		\
 	(elm)->field.cqe_prev = (listelm);				\

Modified: openldap/vendor/openldap-release/include/ldap_rq.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_rq.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_rq.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_rq.h,v 1.9.2.4 2006/05/09 17:29:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_rq.h,v 1.9.2.5 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_schema.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_schema.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_schema.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_schema.h,v 1.34.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_schema.h,v 1.34.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_utf8.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_utf8.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldap_utf8.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_utf8.h,v 1.11.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_utf8.h,v 1.11.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldif.h
===================================================================
--- openldap/vendor/openldap-release/include/ldif.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/ldif.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.23.2.6 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.23.2.7 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.5 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.7 2007/01/05 09:47:09 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -296,6 +296,32 @@
 LDAP_LUTIL_F (int)
 lutil_unparse_time( char *buf, size_t buflen, unsigned long t );
 
+#ifdef timerdiv
+#define lutil_timerdiv timerdiv
+#else /* ! timerdiv */
+/* works inplace (x == t) */
+#define lutil_timerdiv(t,d,x) \
+	do { \
+		time_t s = (t)->tv_sec; \
+		assert( d > 0 ); \
+		(x)->tv_sec = s / d; \
+		(x)->tv_usec = ( (t)->tv_usec + 1000000 * ( s % d ) ) / d; \
+	} while ( 0 )
+#endif /* ! timerdiv */
+
+#ifdef timermul
+#define lutil_timermul timermul
+#else /* ! timermul */
+/* works inplace (x == t) */
+#define lutil_timermul(t,m,x) \
+	do { \
+		time_t u = (t)->tv_usec * m; \
+		assert( m > 0 ); \
+		(x)->tv_sec = (t)->tv_sec * m + u / 1000000; \
+		(x)->tv_usec = u % 1000000; \
+	} while ( 0 );
+#endif /* ! timermul */
+
 LDAP_END_DECL
 
 #endif /* _LUTIL_H */

Modified: openldap/vendor/openldap-release/include/lutil_hash.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_hash.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil_hash.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_hash.h,v 1.6.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_hash.h,v 1.6.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_ldap.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_ldap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil_ldap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_ldap.h,v 1.9.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_ldap.h,v 1.9.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_lockf.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_lockf.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil_lockf.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_lockf.h,v 1.15.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_lockf.h,v 1.15.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_md5.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_md5.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil_md5.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_md5.h,v 1.22.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_md5.h,v 1.22.2.3 2007/01/02 21:43:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_sha1.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_sha1.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/lutil_sha1.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_sha1.h,v 1.26.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_sha1.h,v 1.26.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/portable.hin
===================================================================
--- openldap/vendor/openldap-release/include/portable.hin	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/portable.hin	2007-05-23 19:07:37 UTC (rev 797)
@@ -4,7 +4,7 @@
 /* begin of portable.h.pre */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation
+ * Copyright 1998-2007 The OpenLDAP Foundation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/rewrite.h
===================================================================
--- openldap/vendor/openldap-release/include/rewrite.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/rewrite.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
-/* $OpenLDAP: pkg/ldap/include/rewrite.h,v 1.12.2.3 2006/01/03 22:16:06 kurt Exp $
+/* $OpenLDAP: pkg/ldap/include/rewrite.h,v 1.12.2.4 2007/01/02 21:43:47 kurt Exp $
  */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/include/slapi-plugin.h
===================================================================
--- openldap/vendor/openldap-release/include/slapi-plugin.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/slapi-plugin.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.37.2.5 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.37.2.6 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002,2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/include/sysexits-compat.h
===================================================================
--- openldap/vendor/openldap-release/include/sysexits-compat.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/include/sysexits-compat.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/sysexits-compat.h,v 1.9.2.2 2006/01/03 22:16:06 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/sysexits-compat.h,v 1.9.2.3 2007/01/02 21:43:47 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Libraries Makefile for OpenLDAP
-# $OpenLDAP: pkg/ldap/libraries/Makefile.in,v 1.24.2.3 2006/01/03 22:16:07 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/Makefile.in,v 1.24.2.4 2007/01/02 21:43:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # LIBLBER
-# $OpenLDAP: pkg/ldap/libraries/liblber/Makefile.in,v 1.35.2.2 2006/01/03 22:16:07 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblber/Makefile.in,v 1.35.2.3 2007/01/02 21:43:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/assert.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/assert.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/assert.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/assert.c,v 1.11.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/assert.c,v 1.11.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/bprint.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/bprint.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/bprint.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/debug.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/debug.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/debug.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/debug.c,v 1.18.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/debug.c,v 1.18.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/decode.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/decode.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/decode.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.3 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/dtest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/dtest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/dtest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dtest.c - lber decoding test program */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/dtest.c,v 1.35.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/dtest.c,v 1.35.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/encode.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/encode.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/encode.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* encode.c - ber output encoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/encode.c,v 1.61.2.3 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/encode.c,v 1.61.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/etest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/etest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/etest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* etest.c - lber encoding test program */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/etest.c,v 1.33.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/etest.c,v 1.33.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/idtest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/idtest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/idtest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* idtest.c - ber decoding test program using isode libraries */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/idtest.c,v 1.16.2.2 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/idtest.c,v 1.16.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/io.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/io.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/io.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* io.c - ber general i/o routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.107.2.5 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.107.2.6 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/lber-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/lber-int.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/lber-int.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/lber-int.h,v 1.65.2.3 2006/01/03 22:16:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/lber-int.h,v 1.65.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/memory.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/memory.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/memory.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.57.2.6 2006/07/28 13:01:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.57.2.7 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/nt_err.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/nt_err.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/nt_err.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/nt_err.c,v 1.13.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/nt_err.c,v 1.13.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/options.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/options.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/options.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/options.c,v 1.37.2.4 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/options.c,v 1.37.2.5 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/sockbuf.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/sockbuf.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/sockbuf.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* sockbuf.c - i/o routines with support for adding i/o layers. */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/sockbuf.c,v 1.60.2.6 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/sockbuf.c,v 1.60.2.7 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/stdio.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/stdio.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblber/stdio.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/stdio.c,v 1.9.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/stdio.c,v 1.9.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -lldap
-# $OpenLDAP: pkg/ldap/libraries/libldap/Makefile.in,v 1.71.2.3 2006/01/03 22:16:08 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/libldap/Makefile.in,v 1.71.2.4 2007/01/02 21:43:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/abandon.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/abandon.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/abandon.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* abandon.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/abandon.c,v 1.36.2.4 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/abandon.c,v 1.36.2.5 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/add.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* add.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/add.c,v 1.23.2.3 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/add.c,v 1.23.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/addentry.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/addentry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/addentry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* addentry.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/addentry.c,v 1.14.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/addentry.c,v 1.14.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/apitest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/apitest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/apitest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* apitest.c -- OpenLDAP API Test Program */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/apitest.c,v 1.23.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/apitest.c,v 1.23.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/bind.c,v 1.22.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/bind.c,v 1.22.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/cancel.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/cancel.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/cancel.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cancel.c,v 1.7.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cancel.c,v 1.7.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/charray.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/charray.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/charray.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* charray.c - routines for dealing with char * arrays */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.14.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.14.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/compare.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/compare.c,v 1.26.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/compare.c,v 1.26.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/controls.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/controls.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/controls.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/cyrus.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/cyrus.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/cyrus.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.15 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.16 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/delete.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/delete.c,v 1.23.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/delete.c,v 1.23.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/dnssrv.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/dnssrv.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/dnssrv.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/dnssrv.c,v 1.37.2.3 2006/08/09 01:43:20 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dnssrv.c,v 1.37.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/dntest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/dntest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/dntest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dntest.c -- OpenLDAP DN API Test Program */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/dntest.c,v 1.24.2.3 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dntest.c,v 1.24.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/error.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/error.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/error.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.64.2.8 2006/04/03 19:49:54 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.64.2.9 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/extended.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/extended.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/extended.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/extended.c,v 1.32.2.5 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/extended.c,v 1.32.2.6 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/filter.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/filter.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/filter.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/filter.c,v 1.27.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/filter.c,v 1.27.2.4 2007/01/10 09:22:18 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -425,6 +425,10 @@
 				parens--;
 				break;
 
+			case '(':
+				rc = -1;
+				goto done;
+
 			default:
 				Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
 				    0, 0, 0 );
@@ -497,9 +501,11 @@
 			str = next;
 			break;
 		}
+		if ( !parens )
+			break;
 	}
 
-	rc = parens ? -1 : 0;
+	rc = ( parens || *str ) ? -1 : 0;
 
 done:
 	LDAP_FREE( freeme );

Modified: openldap/vendor/openldap-release/libraries/libldap/free.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/free.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/free.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* free.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/free.c,v 1.20.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/free.c,v 1.20.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/ftest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ftest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/ftest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ftest.c -- OpenLDAP Filter API Test */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ftest.c,v 1.13.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ftest.c,v 1.13.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getattr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getattr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/getattr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getattr.c,v 1.33.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getattr.c,v 1.33.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getdn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/getdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.124.2.5 2006/11/08 22:57:33 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.124.2.6 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getentry.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getentry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/getentry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getentry.c,v 1.26.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getentry.c,v 1.26.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getvalues.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getvalues.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/getvalues.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getvalues.c,v 1.24.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getvalues.c,v 1.24.2.3 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/groupings.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/groupings.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/groupings.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/groupings.c,v 1.4.2.3 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/groupings.c,v 1.4.2.4 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/init.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.93.2.11 2006/10/20 16:52:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.93.2.12 2007/01/02 21:43:48 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/kbind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/kbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/kbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/kbind.c,v 1.37.2.3 2006/05/15 15:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/kbind.c,v 1.37.2.4 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ldap-int.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/ldap-int.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /*  ldap-int.h - defines & prototypes internal to the LDAP library */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.160.2.8 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.160.2.9 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/messages.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/messages.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/messages.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* messages.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/messages.c,v 1.15.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/messages.c,v 1.15.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/modify.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/modify.c,v 1.21.2.3 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modify.c,v 1.21.2.4 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/modrdn.c,v 1.27.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modrdn.c,v 1.27.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/open.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/open.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/open.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/open.c,v 1.105.2.6 2006/05/15 15:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/open.c,v 1.105.2.7 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/options.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/options.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/options.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/options.c,v 1.67.2.7 2006/04/03 19:49:54 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/options.c,v 1.67.2.8 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/os-ip.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/os-ip.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/os-ip.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* os-ip.c -- platform-specific TCP & UDP related code */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/os-ip.c,v 1.108.2.12 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-ip.c,v 1.108.2.13 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Lars Uffmann.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap/os-local.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/os-local.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/os-local.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* os-local.c -- platform-specific domain socket code */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/os-local.c,v 1.37.2.6 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-local.c,v 1.37.2.8 2007/04/04 21:56:13 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -191,6 +191,7 @@
 	 */
 sendcred:
 		{
+#if 0	/* ITS#4893 disable all of this for now */
 			int fds[2];
 			if (pipe(fds) == 0) {
 				/* Abandon, noop, has no reply */
@@ -234,6 +235,9 @@
 				close(fds[0]);
 				close(fds[1]);
 			}
+# else
+			write( s, abandonPDU, sizeof( abandonPDU ));
+#endif /* ITS#4893 */
 		}
 #endif
 		return 0;

Modified: openldap/vendor/openldap-release/libraries/libldap/passwd.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/passwd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/passwd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/passwd.c,v 1.14.2.2 2006/01/03 22:16:08 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/passwd.c,v 1.14.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ppolicy.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/ppolicy.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.4 2006/05/09 17:43:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.5 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Hewlett-Packard Company.
  * Portions Copyright 2004 Howard Chu, Symas Corp.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/libraries/libldap/print.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/print.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/print.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/print.c,v 1.14.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/print.c,v 1.14.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/references.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/references.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/references.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* references.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/references.c,v 1.22.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/references.c,v 1.22.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/request.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/request.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/request.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.103.2.14 2006/11/07 04:06:21 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.103.2.15 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/result.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/result.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/result.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* result.c - wait for an ldap result */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.99.2.18 2006/11/07 04:06:22 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.99.2.23 2007/03/13 08:53:15 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -369,13 +369,18 @@
 		}
 
 		if ( rc == LDAP_MSG_X_KEEP_LOOKING && tvp != NULL ) {
+			time_t	delta_time;
+
 			tmp_time = time( NULL );
-			tv0.tv_sec -= ( tmp_time - start_time );
-			if ( tv0.tv_sec <= 0 ) {
+			delta_time = tmp_time - start_time;
+
+			/* do not assume time_t is signed */
+			if ( tv0.tv_sec <= delta_time ) {
 				rc = 0;	/* timed out */
 				ld->ld_errno = LDAP_TIMEOUT;
 				break;
 			}
+			tv0.tv_sec -= delta_time;
 			tv.tv_sec = tv0.tv_sec;
 
 			Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld secs to go\n",
@@ -566,7 +571,7 @@
 								lr->lr_msgid, 0, 0);
 						}
 
-						/* We sucessfully chased the reference */
+						/* We successfully chased the reference */
 						v3ref = V3REF_SUCCESS;
 					}
 				}
@@ -612,9 +617,6 @@
 					if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
 							 || (lr->lr_parent != NULL) )
 					{
-						/* Assume referral not chased and return it to app */
-						v3ref = V3REF_TOAPP;
-
 						/* Get the referral list */
 						if( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
 							rc = LDAP_DECODING_ERROR;
@@ -630,11 +632,15 @@
 							    0, &lr->lr_res_error, &hadref );
 							lr->lr_status = LDAP_REQST_COMPLETED;
 							Debug( LDAP_DEBUG_TRACE,
-								"read1msg: referral chased, mark request completed, ld %p msgid %d\n",
-								(void *)ld, lr->lr_msgid, 0);
+								"read1msg: referral %s chased, "
+								"mark request completed, ld %p msgid %d\n",
+								hadref ? "" : "not",
+								(void *)ld, lr->lr_msgid);
 							if( refer_cnt > 0) {
 								/* Referral successfully chased */
 								v3ref = V3REF_SUCCESS;
+							} else {
+								refer_cnt = 0;
 							}
 						}
 					}
@@ -656,11 +662,13 @@
 	 * go through the following code.  This code also chases V2 referrals
 	 * and checks if all referrals have been chased.
 	 */
-	if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref != V3REF_TOAPP) &&
-		(tag != LDAP_RES_INTERMEDIATE ))
+	if ( tag != LDAP_RES_SEARCH_ENTRY &&
+		tag != LDAP_RES_SEARCH_REFERENCE &&
+		tag != LDAP_RES_INTERMEDIATE )
 	{
 		/* For a v3 search referral/reference, only come here if already chased it */
 		if ( ld->ld_version >= LDAP_VERSION2 &&
+			v3ref != V3REF_TOAPP &&
 			( lr->lr_parent != NULL ||
 			LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) )
 		{

Modified: openldap/vendor/openldap-release/libraries/libldap/sasl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sasl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/sasl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.58.2.4 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.58.2.5 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/sbind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/sbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sbind.c,v 1.23.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sbind.c,v 1.23.2.3 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/schema.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/schema.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/schema.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/schema.c,v 1.66.2.6 2006/04/03 19:49:54 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/schema.c,v 1.66.2.7 2007/01/02 21:43:49 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/search.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/search.c,v 1.64.2.7 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/search.c,v 1.64.2.8 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/sort.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sort.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/sort.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* sort.c -- LDAP library entry and value sort routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sort.c,v 1.25.2.3 2006/05/11 18:33:31 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sort.c,v 1.25.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/sortctrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sortctrl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/sortctrl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sortctrl.c,v 1.12.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sortctrl.c,v 1.12.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/string.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/string.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/string.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/string.c,v 1.20.2.3 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/string.c,v 1.20.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/t61.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/t61.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/t61.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/t61.c,v 1.7.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/t61.c,v 1.7.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/test.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/test.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/test.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/test.c,v 1.50.2.6 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/test.c,v 1.50.2.7 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/tls.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/tls.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* tls.c - Handle tls/ssl using SSLeay or OpenSSL. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls.c,v 1.118.2.14 2006/11/07 04:06:22 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls.c,v 1.118.2.17 2007/01/25 02:28:40 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -115,7 +115,10 @@
 		ldap_pvt_thread_mutex_init( &tls_mutexes[i] );
 	}
 	CRYPTO_set_locking_callback( tls_locking_cb );
-	/* FIXME: the thread id should be added somehow... */
+	CRYPTO_set_id_callback( ldap_pvt_thread_self );
+	/* FIXME: CRYPTO_set_id_callback only works when ldap_pvt_thread_t
+	 * is an integral type that fits in an unsigned long
+	 */
 
 	ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
 	ldap_pvt_thread_mutex_init( &tls_connect_mutex );
@@ -1287,6 +1290,10 @@
 		*(int *)arg = tls_opt_crlcheck;
 		break;
 #endif
+	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+		*(char **)arg = tls_opt_ciphersuite ?
+			LDAP_STRDUP( tls_opt_ciphersuite ) : NULL;
+		break;
 	case LDAP_OPT_X_TLS_RANDOM_FILE:
 		*(char **)arg = tls_opt_randfile ?
 			LDAP_STRDUP( tls_opt_randfile ) : NULL;

Modified: openldap/vendor/openldap-release/libraries/libldap/turn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/turn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/turn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/turn.c,v 1.1.2.3 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/turn.c,v 1.1.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/txn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/txn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/txn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/txn.c,v 1.2.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/txn.c,v 1.2.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/unbind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/unbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/unbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.48.2.7 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.48.2.8 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/url.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/url.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/url.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* LIBLDAP url.c -- LDAP URL (RFC 2255) related routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.84.2.7 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.84.2.8 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8-conv.c,v 1.11.2.4 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8-conv.c,v 1.11.2.5 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/utf-8.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/utf-8.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/utf-8.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* utf-8.c -- Basic UTF-8 routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8.c,v 1.34.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8.c,v 1.34.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/util-int.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/util-int.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/util-int.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/util-int.c,v 1.51.2.4 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/util-int.c,v 1.51.2.5 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998 A. Hartgers.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/vlvctrl.c,v 1.13.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/vlvctrl.c,v 1.13.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/whoami.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/whoami.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap/whoami.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/whoami.c,v 1.6.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/whoami.c,v 1.6.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -lldap
-# $OpenLDAP: pkg/ldap/libraries/libldap_r/Makefile.in,v 1.70.2.4 2006/01/03 22:16:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/libldap_r/Makefile.in,v 1.70.2.5 2007/01/02 21:43:50 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldap_thr_debug.h - preprocessor magic for LDAP_THREAD_DEBUG */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/ldap_thr_debug.h,v 1.1.2.2 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/ldap_thr_debug.h,v 1.1.2.3 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rdwr.c,v 1.23.2.4 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rdwr.c,v 1.23.2.5 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/rq.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/rq.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/rq.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rq.c,v 1.17.2.4 2006/05/09 17:29:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rq.c,v 1.17.2.5 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_cthreads.c - wrapper for mach cthreads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_cthreads.c,v 1.17.2.3 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_cthreads.c,v 1.17.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_debug.c - wrapper around the chosen thread wrapper, for debugging. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_debug.c,v 1.1.2.3 2006/05/09 17:43:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_debug.c,v 1.1.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_lwp.c - wrappers around SunOS LWP threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_lwp.c,v 1.17.2.3 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_lwp.c,v 1.17.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_nt.c - wrapper around NT threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_nt.c,v 1.29.2.3 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_nt.c,v 1.29.2.4 2007/01/02 21:43:50 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_posix.c - wrapper around posix and posixish thread implementations.  */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_posix.c,v 1.37.2.6 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_posix.c,v 1.37.2.7 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_pth.c - wrappers around GNU Pth */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_pth.c,v 1.12.2.4 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_pth.c,v 1.12.2.5 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_stub.c - stubs for the threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.22.2.4 2006/01/03 22:16:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.22.2.5 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thr_thr.c - wrappers around solaris threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_thr.c,v 1.15.2.3 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_thr.c,v 1.15.2.4 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/threads.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/threads.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/threads.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/threads.c,v 1.15.2.3 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/threads.c,v 1.15.2.4 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/tpool.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/libldap_r/tpool.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.30.2.15 2006/05/09 17:47:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.30.2.19 2007/04/01 09:53:06 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -491,12 +491,7 @@
 		}
 	}
 
-	for ( i=0; i<MAXKEYS && ltc_key[i].ltk_key; i++ ) {
-		if (ltc_key[i].ltk_free)
-			ltc_key[i].ltk_free(
-				ltc_key[i].ltk_key,
-				ltc_key[i].ltk_data );
-	}
+	ldap_pvt_thread_pool_context_reset( ltc_key );
 
 	thread_keys[keyslot].ctx = NULL;
 	thread_keys[keyslot].id = tid_zero;
@@ -601,10 +596,25 @@
 	if ( !ctx || !key ) return EINVAL;
 
 	for ( i=0; i<MAXKEYS; i++ ) {
-		if ( !ctx[i].ltk_key || ctx[i].ltk_key == key ) {
-			ctx[i].ltk_key = key;
-			ctx[i].ltk_data = data;
-			ctx[i].ltk_free = kfree;
+		if (( data && !ctx[i].ltk_key ) || ctx[i].ltk_key == key ) {
+			if ( data || kfree ) {
+				ctx[i].ltk_key = key;
+				ctx[i].ltk_data = data;
+				ctx[i].ltk_free = kfree;
+			} else {
+				int j;
+				for ( j=i+1; j<MAXKEYS; j++ )
+					if ( !ctx[j].ltk_key ) break;
+				j--;
+				if ( j != i ) {
+					ctx[i].ltk_key = ctx[j].ltk_key;
+					ctx[i].ltk_data = ctx[j].ltk_data;
+					ctx[i].ltk_free = ctx[j].ltk_free;
+				}
+				ctx[j].ltk_key = NULL;
+				ctx[j].ltk_data = NULL;
+				ctx[j].ltk_free = NULL;
+			}
 			return 0;
 		}
 	}
@@ -665,7 +675,9 @@
 	ldap_int_thread_key_t *ctx = vctx;
 	int i;
 
-	for ( i=0; i<MAXKEYS && ctx[i].ltk_key; i++) {
+	for ( i=MAXKEYS-1; i>=0; i--) {
+		if ( ctx[i].ltk_key == NULL )
+			continue;
 		if ( ctx[i].ltk_free )
 			ctx[i].ltk_free( ctx[i].ltk_key, ctx[i].ltk_data );
 		ctx[i].ltk_key = NULL;

Modified: openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -llunicode
-# $OpenLDAP: pkg/ldap/libraries/liblunicode/Makefile.in,v 1.26.2.6 2006/04/07 02:43:24 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblunicode/Makefile.in,v 1.26.2.7 2007/01/02 21:43:51 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.30.2.3 2006/10/30 17:45:45 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.30.2.4 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.17.2.2 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.17.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.36.2.3 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.36.2.4 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.5.2.2 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.5.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.6.2.2 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.6.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.34.2.3 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.34.2.4 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.15.2.2 2006/01/03 22:16:10 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.15.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.11.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.11.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.12.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.12.2.3 2007/01/02 21:43:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.5.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.5.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.6.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.4.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.4.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile for -llutil
-# $OpenLDAP: pkg/ldap/libraries/liblutil/Makefile.in,v 1.33.2.4 2006/01/03 22:16:11 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblutil/Makefile.in,v 1.33.2.5 2007/01/02 21:43:52 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ## 
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/avl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/avl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/avl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* avl.c - routines to implement an avl tree */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/avl.c,v 1.3.2.4 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/avl.c,v 1.3.2.5 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/base64.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/base64.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/base64.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* base64.c -- routines to encode/decode base64 data */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/base64.c,v 1.13.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/base64.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1995 IBM Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/libraries/liblutil/csn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/csn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/csn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* csn.c - Change Sequence Number routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/csn.c,v 1.11.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/csn.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/detach.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/detach.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/detach.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* detach.c -- routines to daemonize a process */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/detach.c,v 1.16.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/detach.c,v 1.16.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/entropy.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/entropy.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/entropy.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* entropy.c -- routines for providing pseudo-random data */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/entropy.c,v 1.27.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/entropy.c,v 1.27.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/fetch.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/fetch.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/fetch.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* fetch.c - routines for fetching data at URLs */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/fetch.c,v 1.2.2.6 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/fetch.c,v 1.2.2.8 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *
@@ -48,16 +48,15 @@
 	url = fetchGetURL( (char*) urlstr, "" );
 
 #else
-	if( strncasecmp( "file://", urlstr, sizeof("file://")-1 ) == 0 ) {
-		p = strchr( &urlstr[sizeof("file://")-1], '/' );
-		if( p == NULL ) {
-			return NULL;
-		}
+	if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
+		p = urlstr + sizeof("file:")-1;
 
 		/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
-		if( p[1] == '.' && ( p[2] == '/' || ( p[2] == '.' && p[3] == '/' ))) {
-			/* skip over false root */
-			p++;
+		if ( p[0] == '/' && p[1] == '/' ) {
+			p += 2;
+			/* path must be absolute if authority is present */
+			if ( p[0] != '/' )
+				return NULL;
 		}
 
 		p = ber_strdup( p );

Modified: openldap/vendor/openldap-release/libraries/liblutil/getopt.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getopt.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/getopt.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* getopt.c -- replacement getopt(3) routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getopt.c,v 1.14.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getopt.c,v 1.14.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/getpass.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpass.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpass.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* getpass.c -- get password from user */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* getpeereid.c */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.13.2.7 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.13.2.9 2007/04/02 23:21:36 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,9 +31,10 @@
 #include <sys/ucred.h>
 #endif
 
-#if !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && \
+/* Disabled due to ITS#4893, will revisit in release 2.4 */
+#if 0 /* !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && \
 	defined(HAVE_SENDMSG) && (defined(HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN) || \
-		defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL))
+		defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL)) */
 #define DO_SENDMSG
 #ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h>

Modified: openldap/vendor/openldap-release/libraries/liblutil/hash.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/hash.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/hash.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/hash.c,v 1.6.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/hash.c,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/ldif.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ldif.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/ldif.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldif.c - routines for dealing with LDIF files */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.2.2.9 2006/10/07 20:19:22 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.2.2.11 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -777,6 +777,7 @@
 	}
 }
 
+#define	LDIF_MAXLINE	4096
 /*
  * ldif_read_record - read an ldif record.  Return 1 for success, 0 for EOF.
  */
@@ -787,7 +788,7 @@
 	char        **bufp,     /* ptr to malloced output buffer           */
 	int         *buflenp )  /* ptr to length of *bufp                  */
 {
-	char        linebuf[BUFSIZ], *line, *nbufp;
+	char        linebuf[LDIF_MAXLINE], *line, *nbufp;
 	ber_len_t   lcur = 0, len, linesize;
 	int         last_ch = '\n', found_entry = 0, stop, top_comment = 0;
 
@@ -882,7 +883,7 @@
 		}
 
 		if ( *buflenp - lcur <= len ) {
-			*buflenp += len + BUFSIZ;
+			*buflenp += len + LDIF_MAXLINE;
 			nbufp = ber_memrealloc( *bufp, *buflenp );
 			if( nbufp == NULL ) {
 				return 0;

Modified: openldap/vendor/openldap-release/libraries/liblutil/lockf.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/lockf.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/lockf.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/lockf.c,v 1.13.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/lockf.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/md5.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/md5.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/md5.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* md5.c -- MD5 message-digest algorithm */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/md5.c,v 1.17.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/md5.c,v 1.17.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/memcmp.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/memcmp.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/memcmp.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/memcmp.c,v 1.6.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/memcmp.c,v 1.6.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/ntservice.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ntservice.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/ntservice.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ntservice.c,v 1.29.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ntservice.c,v 1.29.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/passfile.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passfile.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/passfile.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.6.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.6.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/passwd.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passwd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/passwd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.92.2.10 2006/07/28 13:01:36 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.92.2.11 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/ptest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ptest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/ptest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ptest.c,v 1.10.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ptest.c,v 1.10.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sasl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sasl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/sasl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sasl.c,v 1.20.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sasl.c,v 1.20.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/setproctitle.c,v 1.13.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/setproctitle.c,v 1.13.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sha1.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sha1.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/sha1.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sha1.c,v 1.24.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sha1.c,v 1.24.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/signal.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/signal.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/signal.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/signal.c,v 1.8.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/signal.c,v 1.8.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sockpair.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sockpair.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/sockpair.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sockpair.c,v 1.15.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sockpair.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/tavl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/tavl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/tavl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* avl.c - routines to implement an avl tree */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/tavl.c,v 1.10.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/tavl.c,v 1.10.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions Copyright (c) 2005 by Howard Chu, Symas Corp.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/testavl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/testavl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/testavl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* testavl.c - Test Tim Howes AVL code */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/testavl.c,v 1.2.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/testavl.c,v 1.2.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/utils.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/utils.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/utils.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.24.2.8 2006/05/09 17:48:32 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.24.2.9 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/uuid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/uuid.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/liblutil/uuid.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* uuid.c -- Universally Unique Identifier routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/librewrite/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # LIBREWRITE
-# $OpenLDAP: pkg/ldap/libraries/librewrite/Makefile.in,v 1.10.2.4 2006/01/03 22:16:11 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/librewrite/Makefile.in,v 1.10.2.5 2007/01/02 21:43:52 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/config.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/config.c,v 1.10.2.4 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/config.c,v 1.10.2.5 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/context.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/context.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/context.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/context.c,v 1.11.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/context.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/info.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/info.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/info.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/info.c,v 1.11.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/info.c,v 1.11.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/ldapmap.c,v 1.9.2.4 2006/09/23 10:33:42 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/ldapmap.c,v 1.9.2.5 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/map.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/map.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/map.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/map.c,v 1.18.2.4 2006/09/23 14:11:06 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/map.c,v 1.18.2.5 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/params.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/params.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/params.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/params.c,v 1.7.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/params.c,v 1.7.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/parse.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/parse.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/parse.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/parse.c,v 1.7.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/parse.c,v 1.7.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.15.2.5 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.15.2.6 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-map.h,v 1.5.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-map.h,v 1.5.2.3 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite.c,v 1.12.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite.c,v 1.12.2.4 2007/01/02 21:43:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rule.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rule.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/rule.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rule.c,v 1.14.2.7 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rule.c,v 1.14.2.8 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/session.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/session.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/session.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/session.c,v 1.11.2.6 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/session.c,v 1.11.2.7 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/subst.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/subst.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/subst.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/subst.c,v 1.19.2.3 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/subst.c,v 1.19.2.4 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/var.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/var.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/var.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/var.c,v 1.11.2.2 2006/01/03 22:16:11 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/var.c,v 1.11.2.3 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/xmap.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/xmap.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/libraries/librewrite/xmap.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/xmap.c,v 1.6.2.6 2006/04/03 19:49:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/xmap.c,v 1.6.2.7 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # servers Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/servers/Makefile.in,v 1.9.2.3 2006/01/03 22:16:11 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/Makefile.in,v 1.9.2.4 2007/01/02 21:43:53 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 ## Makefile.in for slapd
-# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.163.2.11 2006/01/03 22:16:12 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.163.2.13 2007/02/14 15:59:43 hyc Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -72,9 +72,9 @@
 XDEFS = $(MODULES_CPPFLAGS)
 XLDFLAGS = $(MODULES_LDFLAGS)
 
-XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_L)
+XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_L) $(MODULES_LIBS) 
 XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
-XXXLIBS = $(LTHREAD_LIBS) $(SLAPI_LIBS) $(MODULES_LIBS)
+XXXLIBS = $(LTHREAD_LIBS) $(SLAPI_LIBS)
 
 BUILD_OPT = "--enable-slapd"
 BUILD_SRV = @BUILD_SLAPD@

Modified: openldap/vendor/openldap-release/servers/slapd/abandon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/abandon.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/abandon.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* abandon.c - decode and handle an ldap abandon operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.45.2.7 2006/01/03 22:16:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.45.2.8 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/aci.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/aci.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/aci.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* aci.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/aci.c,v 1.1.2.7 2006/01/03 22:16:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aci.c,v 1.1.2.9 2007/02/13 22:41:20 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -291,10 +291,8 @@
 	slap_access_t	*mask;
 	int		i, found;
 
-	if ( attr == NULL || BER_BVISEMPTY( attr )
-			|| ber_bvstrcasecmp( attr, &aci_bv[ ACI_BV_ENTRY ] ) == 0 )
-	{
-		attr = &aci_bv[ ACI_BV_BR_ENTRY ];
+	if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
+		attr = &aci_bv[ ACI_BV_ENTRY ];
 	}
 
 	found = 0;
@@ -433,7 +431,7 @@
 	   This routine now supports scope={ENTRY,CHILDREN}
 	   with the semantics:
 	     - ENTRY applies to "entry" and "subtree";
-	     - CHILDREN aplies to "children" and "subtree"
+	     - CHILDREN applies to "children" and "subtree"
 	 */
 
 	/* check that the aci has all 5 components */
@@ -1027,7 +1025,7 @@
  *    action    := perms;attr[[;perms;attr]...]
  *    perms     := perm[[,perm]...]
  *    perm      := c|s|r|w|x
- *    attr      := attributeType|[all]
+ *    attr      := attributeType|"[all]"
  *    type      :=  public|users|self|dnattr|group|role|set|set-ref|
  *                  access_id|subtree|onelevel|children
  */
@@ -1110,6 +1108,11 @@
 				continue;
 			}
 
+			/* "[entry]" is tolerated for backward compatibility */
+			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				continue;
+			}
+
 			if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
 				return LDAP_INVALID_SYNTAX;
 			}
@@ -1167,6 +1170,10 @@
 			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
 				bv = aci_bv[ ACI_BV_BR_ALL ];
 
+			/* "[entry]" is tolerated for backward compatibility */
+			} else if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				bv = aci_bv[ ACI_BV_ENTRY ];
+
 			} else {
 				AttributeDescription	*ad = NULL;
 				const char		*text = NULL;
@@ -1456,6 +1463,8 @@
 			freetype = 0;
 	char		*ptr;
 
+	BER_BVZERO( out );
+
 	if ( BER_BVISEMPTY( val ) ) {
 		return LDAP_INVALID_SYNTAX;
 	}
@@ -1626,7 +1635,7 @@
 	out->bv_len = 
 		oid.bv_len + STRLENOF( "#" )
 		+ scope.bv_len + STRLENOF( "#" )
-		+ rights.bv_len + STRLENOF( "#" )
+		+ nrights.bv_len + STRLENOF( "#" )
 		+ ntype.bv_len + STRLENOF( "#" )
 		+ nsubject.bv_len;
 

Modified: openldap/vendor/openldap-release/servers/slapd/acl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/acl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/acl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* acl.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.250.2.26 2006/07/31 23:35:43 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.250.2.28 2007/04/01 21:31:25 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -2476,7 +2476,7 @@
 			}
 		}
 
-		if ( bvals ) {
+		if ( bvalsp ) {
 			p->bvals = slap_set_join( p->cookie, p->bvals,
 					( '|' | SLAP_SET_RREF ), bvalsp );
 		}

Modified: openldap/vendor/openldap-release/servers/slapd/aclparse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/aclparse.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/aclparse.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* aclparse.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.145.2.20 2006/10/10 11:36:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.145.2.21 2007/01/02 21:43:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ad.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ad.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/ad.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ad.c - routines for dealing with attribute descriptions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ad.c,v 1.74.2.14 2006/05/09 19:26:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ad.c,v 1.74.2.16 2007/03/05 15:19:00 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -888,12 +888,14 @@
 	}
 
 	an = ch_realloc( an, ( i + j + 1 ) * sizeof( AttributeName ) );
-	BER_BVZERO( &an[i + j].an_name );
 	anew = an + i;
 	for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
 		s != NULL;
 		s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
 	{
+		/* put a stop mark */
+		BER_BVZERO( &anew[1].an_name );
+
 		anew->an_desc = NULL;
 		anew->an_oc = NULL;
 		anew->an_oc_exclude = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/add.c,v 1.208.2.16 2006/02/13 19:50:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/add.c,v 1.208.2.18 2007/01/03 08:50:41 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -314,7 +314,7 @@
 				}
 
 
-				/* check for duplicate values */
+				/* check for unmodifiable attributes */
 				rs->sr_err = slap_mods_no_repl_user_mod_check( op,
 					modlist, &rs->sr_text, textbuf, textlen );
 				if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -322,12 +322,14 @@
 					goto done;
 				}
 
+#if 0			/* This is a no-op since *modtail is NULL */
 				rs->sr_err = slap_mods2entry( *modtail, &op->ora_e,
 					0, 0, &rs->sr_text, textbuf, textlen );
 				if ( rs->sr_err != LDAP_SUCCESS ) {
 					send_ldap_result( op, rs );
 					goto done;
 				}
+#endif
 			}
 
 #ifdef SLAPD_MULTIMASTER
@@ -436,7 +438,7 @@
 			attr->a_vals = ch_realloc( attr->a_vals,
 				sizeof( struct berval ) * (i+j) );
 
-			/* should check for duplicates */
+			/* checked for duplicates in slap_mods_check */
 
 			if ( dup ) {
 				for ( j = 0; mods->sml_values[j].bv_val; j++ ) {
@@ -475,6 +477,7 @@
 #endif
 		}
 
+#if 0	/* checked for duplicates in slap_mods_check */
 		if( mods->sml_values[1].bv_val != NULL ) {
 			/* check for duplicates */
 			int		i, j, rc, match;
@@ -510,6 +513,7 @@
 				}
 			}
 		}
+#endif
 
 		attr = ch_calloc( 1, sizeof(Attribute) );
 
@@ -517,7 +521,6 @@
 		attr->a_desc = mods->sml_desc;
 
 		/* move values to attr structure */
-		/*	should check for duplicates */
 		if ( dup ) { 
 			int i;
 			for ( i = 0; mods->sml_values[i].bv_val; i++ ) /* EMPTY */;

Modified: openldap/vendor/openldap-release/servers/slapd/alock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/alock.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/alock.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* alock.c - access lock library */
-/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.2.2.4 2006/01/23 19:09:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.2.2.5 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/alock.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/alock.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/alock.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* alock.h - access lock header */
-/* $OpenLDAP: pkg/ldap/servers/slapd/alock.h,v 1.1.2.3 2006/01/23 19:09:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.h,v 1.1.2.4 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/at.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/at.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/at.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* at.c - routines for dealing with attribute types */
-/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.62.2.9 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.62.2.10 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/attr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/attr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* attr.c - routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/attr.c,v 1.100.2.10 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/attr.c,v 1.100.2.12 2007/02/21 21:32:21 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -208,7 +208,9 @@
 		 * of nvals and the value of (*a)->a_nvals must be consistent
 		 */
 		assert( ( nvals == NULL && (*a)->a_nvals == (*a)->a_vals )
-				|| ( nvals != NULL && (*a)->a_nvals != (*a)->a_vals ) );
+				|| ( nvals != NULL && (
+					( (*a)->a_vals == NULL && (*a)->a_nvals == NULL )
+					|| ( (*a)->a_nvals != (*a)->a_vals ) ) ) );
 	}
 
 	rc = value_add( &(*a)->a_vals, vals );

Modified: openldap/vendor/openldap-release/servers/slapd/ava.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ava.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/ava.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ava.c - routines for dealing with attribute value assertions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ava.c,v 1.40.2.5 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ava.c,v 1.40.2.6 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-bdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/Makefile.in,v 1.29.2.4 2006/01/03 22:16:16 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/Makefile.in,v 1.29.2.5 2007/01/02 21:43:59 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* add.c - ldap BerkeleyDB back-end add routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.126.2.14 2006/05/27 08:58:53 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.126.2.16 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -51,7 +51,13 @@
 
 	/* add opattrs to shadow as well, only missing attrs will actually
 	 * be added; helps compatibility with older OL versions */
-	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+	rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
+			"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+		goto return_results;
+	}
 
 	/* check entry's schema */
 	rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* attr.c - backend routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.19.2.9 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.19.2.10 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* back-bdb.h - bdb back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.117.2.11 2006/04/07 16:12:33 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.117.2.13 2007/01/03 04:36:04 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -68,7 +68,6 @@
 
 typedef struct bdb_idl_cache_entry_s {
 	struct berval kstr;
-	ldap_pvt_thread_rdwr_t idl_entry_rwlock;
 	ID      *idl;
 	DB      *db;
 	struct bdb_idl_cache_entry_s* idl_lru_prev;

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - bdb backend bind routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/bind.c,v 1.41.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/bind.c,v 1.41.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.88.2.19 2006/11/12 23:25:27 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.88.2.21 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1293,6 +1293,19 @@
 	}
 }
 
+/* free up any keys used by the main thread */
+void
+bdb_locker_flush( DB_ENV *env )
+{
+	void *data;
+	void *ctx = ldap_pvt_thread_pool_context();
+
+	if ( !ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
+		ldap_pvt_thread_pool_setkey( ctx, env, NULL, NULL );
+		bdb_locker_id_free( env, data );
+	}
+}
+
 int
 bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker )
 {

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - bdb backend compare routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/compare.c,v 1.44.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/compare.c,v 1.44.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - bdb backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.16 2006/01/06 19:03:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.17 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dbcache.c - manage cache of open databases */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dbcache.c,v 1.38.2.4 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dbcache.c,v 1.38.2.5 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* delete.c - bdb backend delete routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/delete.c,v 1.132.2.9 2006/05/10 14:53:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/delete.c,v 1.132.2.10 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dn2entry.c - routines to deal with the dn2id / id2entry glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2entry.c,v 1.25.2.4 2006/07/28 13:01:37 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2entry.c,v 1.25.2.5 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dn2id.c - routines to deal with the dn2id index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.106.2.14 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.106.2.15 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* error.c - BDB errcall routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/error.c,v 1.15.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/error.c,v 1.15.2.4 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* extended.c - bdb backend extended routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/extended.c,v 1.16.2.2 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/extended.c,v 1.16.2.3 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* filterindex.c - generate the list of candidate entries from a filter */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/filterindex.c,v 1.51.2.9 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/filterindex.c,v 1.51.2.10 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* id2entry.c - routines to deal with the id2entry database */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/id2entry.c,v 1.62.2.8 2006/04/07 16:12:33 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/id2entry.c,v 1.62.2.10 2007/01/25 12:39:23 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -387,21 +387,6 @@
 		"=> bdb_entry_get: found entry: \"%s\"\n",
 		ndn->bv_val, 0, 0 ); 
 
-	/* find attribute values */
-	if( is_entry_alias( e ) ) {
-		Debug( LDAP_DEBUG_ACL,
-			"<= bdb_entry_get: entry is an alias\n", 0, 0, 0 );
-		rc = LDAP_ALIAS_PROBLEM;
-		goto return_results;
-	}
-
-	if( is_entry_referral( e ) ) {
-		Debug( LDAP_DEBUG_ACL,
-			"<= bdb_entry_get: entry is a referral\n", 0, 0, 0 );
-		rc = LDAP_REFERRAL;
-		goto return_results;
-	}
-
 	if ( oc && !is_entry_objectclass( e, oc, 0 )) {
 		Debug( LDAP_DEBUG_ACL,
 			"<= bdb_entry_get: failed to find objectClass %s\n",

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* idl.c - ldap id list handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.c,v 1.94.2.14 2006/05/11 18:25:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.c,v 1.94.2.15 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* idl.h - ldap bdb back-end ID list header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.h,v 1.16.2.3 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.h,v 1.16.2.4 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/index.c,v 1.46.2.9 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/index.c,v 1.46.2.10 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.177.2.25 2006/05/11 16:56:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.177.2.28 2007/02/24 19:28:11 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,10 @@
 typedef void * db_malloc(size_t);
 typedef void * db_realloc(void *, size_t);
 
+#define bdb_db_init	BDB_SYMBOL(db_init)
+#define bdb_db_open	BDB_SYMBOL(db_open)
+#define bdb_db_close	BDB_SYMBOL(db_close)
+
 static int
 bdb_db_init( BackendDB *be )
 {
@@ -100,19 +104,19 @@
 
 	if ( be->be_suffix == NULL ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: need suffix\n",
+			LDAP_XSTRING(bdb_db_open) ": need suffix\n",
 			0, 0, 0 );
 		return -1;
 	}
 
 	Debug( LDAP_DEBUG_ARGS,
-		"bdb_db_open: %s\n",
+		LDAP_XSTRING(bdb_db_open) ": %s\n",
 		be->be_suffix[0].bv_val, 0, 0 );
 
 #ifndef BDB_MULTIPLE_SUFFIXES
 	if ( be->be_suffix[1].bv_val ) {
 	Debug( LDAP_DEBUG_ANY,
-		"bdb_db_open: only one suffix allowed\n", 0, 0, 0 );
+		LDAP_XSTRING(bdb_db_open) ": only one suffix allowed\n", 0, 0, 0 );
 		return -1;
 	}
 #endif
@@ -121,7 +125,7 @@
 	rc = stat( bdb->bi_dbenv_home, &stat1 );
 	if( rc !=0 ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: Cannot access database directory %s (%d)\n",
+			LDAP_XSTRING(bdb_db_open) ": Cannot access database directory %s (%d)\n",
 			bdb->bi_dbenv_home, errno, 0 );
 			return -1;
 	}
@@ -143,19 +147,19 @@
 
 	if( rc == ALOCK_RECOVER ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: unclean shutdown detected;"
+			LDAP_XSTRING(bdb_db_open) ": unclean shutdown detected;"
 			" attempting recovery.\n", 
 			0, 0, 0 );
 		do_alock_recover = 1;
 		do_recover = DB_RECOVER;
 	} else if( rc == ALOCK_BUSY ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: database already in use\n", 
+			LDAP_XSTRING(bdb_db_open) ": database already in use\n", 
 			0, 0, 0 );
 		return -1;
 	} else if( rc != ALOCK_CLEAN ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: alock package is unstable\n", 
+			LDAP_XSTRING(bdb_db_open) ": alock package is unstable\n", 
 			0, 0, 0 );
 		return -1;
 	}
@@ -173,7 +177,7 @@
 			if( stat( path, &stat2 ) == 0 ) {
 				if( stat2.st_mtime < stat1.st_mtime ) {
 					Debug( LDAP_DEBUG_ANY,
-						"bdb_db_open: DB_CONFIG for suffix %s has changed.\n"
+						LDAP_XSTRING(bdb_db_open) ": DB_CONFIG for suffix %s has changed.\n"
 						"Performing database recovery to activate new settings.\n",
 						be->be_suffix[0].bv_val, 0, 0 );
 					do_recover = DB_RECOVER;
@@ -183,7 +187,7 @@
 	}
 	else {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: Warning - No DB_CONFIG file found "
+			LDAP_XSTRING(bdb_db_open) ": Warning - No DB_CONFIG file found "
 			"in directory %s: (%d)\n"
 			"Expect poor performance for suffix %s.\n",
 			bdb->bi_dbenv_home, errno, be->be_suffix[0].bv_val );
@@ -195,7 +199,7 @@
 	 */
 	if ( do_recover && ( slapMode & SLAP_TOOL_READONLY )) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: Recovery skipped in read-only mode. "
+			LDAP_XSTRING(bdb_db_open) ": Recovery skipped in read-only mode. "
 			"Run manual recovery if errors are encountered.\n",
 			0, 0, 0 );
 		do_recover = 0;
@@ -205,7 +209,7 @@
 	/* An existing environment in Quick mode has nothing to recover. */
 	if ( alockt && do_recover ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: cannot recover, database must be reinitialized.\n", 
+			LDAP_XSTRING(bdb_db_open) ": cannot recover, database must be reinitialized.\n", 
 			0, 0, 0 );
 		rc = -1;
 		goto fail;
@@ -214,7 +218,7 @@
 	rc = db_env_create( &bdb->bi_dbenv, 0 );
 	if( rc != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: db_env_create failed: %s (%d)\n",
+			LDAP_XSTRING(bdb_db_open) ": db_env_create failed: %s (%d)\n",
 			db_strerror(rc), rc, 0 );
 		goto fail;
 	}
@@ -231,10 +235,11 @@
 	 * currently requested modes, remove it.
 	 */
 	if ( !do_recover && ( alockt ^ quick )) {
+shm_retry:
 		rc = bdb->bi_dbenv->remove( bdb->bi_dbenv, dbhome, DB_FORCE );
 		if ( rc ) {
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_db_open: dbenv remove failed: %s (%d)\n",
+				LDAP_XSTRING(bdb_db_open) ": dbenv remove failed: %s (%d)\n",
 				db_strerror(rc), rc, 0 );
 			bdb->bi_dbenv = NULL;
 			goto fail;
@@ -242,7 +247,7 @@
 		rc = db_env_create( &bdb->bi_dbenv, 0 );
 		if( rc != 0 ) {
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_db_open: db_env_create failed: %s (%d)\n",
+				LDAP_XSTRING(bdb_db_open) ": db_env_create failed: %s (%d)\n",
 				db_strerror(rc), rc, 0 );
 			goto fail;
 		}
@@ -261,7 +266,7 @@
 			bdb->bi_dbenv_xflags, 1);
 		if( rc != 0 ) {
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_db_open: dbenv_set_flags failed: %s (%d)\n",
+				LDAP_XSTRING(bdb_db_open) ": dbenv_set_flags failed: %s (%d)\n",
 				db_strerror(rc), rc, 0 );
 			goto fail;
 		}
@@ -270,7 +275,7 @@
 #define	BDB_TXN_FLAGS	(DB_INIT_LOCK | DB_INIT_LOG | DB_INIT_TXN)
 
 	Debug( LDAP_DEBUG_TRACE,
-		"bdb_db_open: dbenv_open(%s)\n",
+		LDAP_XSTRING(bdb_db_open) ": dbenv_open(%s)\n",
 		bdb->bi_dbenv_home, 0, 0);
 
 	flags = DB_INIT_MPOOL | DB_CREATE | DB_THREAD;
@@ -287,8 +292,21 @@
 			flags | do_recover, bdb->bi_dbenv_mode );
 
 	if ( rc ) {
+		/* Regular open failed, probably a missing shm environment.
+		 * Start over, do a recovery.
+		 */
+		if ( !do_recover && bdb->bi_shm_key ) {
+			bdb->bi_dbenv->close( bdb->bi_dbenv, 0 );
+			rc = db_env_create( &bdb->bi_dbenv, 0 );
+			if( rc == 0 ) {
+				Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_db_open)
+					": Shared memory env open failed, assuming stale env\n",
+					0, 0, 0 );
+				goto shm_retry;
+			}
+		}
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: Database cannot be %s, err %d. "
+			LDAP_XSTRING(bdb_db_open) ": Database cannot be %s, err %d. "
 			"Restore from backup!\n",
 				do_recover ? "recovered" : "opened", rc, 0);
 		goto fail;
@@ -296,7 +314,7 @@
 
 	if ( do_alock_recover && alock_recover (&bdb->bi_alock_info) != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: alock_recover failed\n",
+			LDAP_XSTRING(bdb_db_open) ": alock_recover failed\n",
 			0, 0, 0 );
 		rc = -1;
 		goto fail;
@@ -336,7 +354,7 @@
 		rc = db_create( &db->bdi_db, bdb->bi_dbenv, 0 );
 		if( rc != 0 ) {
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_db_open: db_create(%s) failed: %s (%d)\n",
+				LDAP_XSTRING(bdb_db_open) ": db_create(%s) failed: %s (%d)\n",
 				bdb->bi_dbenv_home, db_strerror(rc), rc );
 			goto fail;
 		}
@@ -397,7 +415,7 @@
 			snprintf( buf, sizeof(buf), "%s/%s", 
 				bdb->bi_dbenv_home, bdbi_databases[i].file );
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_db_open: db_open(%s) failed: %s (%d)\n",
+				LDAP_XSTRING(bdb_db_open) ": db_open(%s) failed: %s (%d)\n",
 				buf, db_strerror(rc), rc );
 			db->bdi_db->close( db->bdi_db, 0 );
 			goto fail;
@@ -415,7 +433,7 @@
 	rc = bdb_last_id( be, NULL );
 	if( rc != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
-			"bdb_db_open: last_id(%s) failed: %s (%d)\n",
+			LDAP_XSTRING(bdb_db_open) ": last_id(%s) failed: %s (%d)\n",
 			bdb->bi_dbenv_home, db_strerror(rc), rc );
 		goto fail;
 	}
@@ -481,7 +499,9 @@
 			XLOCK_ID_FREE(bdb->bi_dbenv, bdb->bi_cache.c_locker);
 			bdb->bi_cache.c_locker = 0;
 		}
-
+#ifdef BDB_REUSE_LOCKERS
+		bdb_locker_flush( bdb->bi_dbenv );
+#endif
 		/* force a checkpoint, but not if we were ReadOnly,
 		 * and not in Quick mode since there are no transactions there.
 		 */

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/key.c,v 1.16.2.3 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/key.c,v 1.16.2.4 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modify.c - bdb backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.124.2.15 2006/05/10 14:53:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.124.2.16 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modrdn.c - bdb backend modrdn routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modrdn.c,v 1.160.2.11 2006/05/10 14:53:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modrdn.c,v 1.160.2.12 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/nextid.c,v 1.23.2.3 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/nextid.c,v 1.23.2.4 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* operational.c - bdb backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.24.2.4 2006/01/16 18:59:27 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.24.2.5 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.111.2.9 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.111.2.11 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -574,7 +574,9 @@
 #ifdef BDB_REUSE_LOCKERS
 
 #define bdb_locker_id				BDB_SYMBOL(locker_id)
+#define bdb_locker_flush			BDB_SYMBOL(locker_flush)
 int bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker );
+void bdb_locker_flush( DB_ENV *env );
 
 #define	LOCK_ID_FREE(env, locker)	((void)0)
 #define	LOCK_ID(env, locker)	bdb_locker_id(op, env, locker)

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* referral.c - BDB backend referral handler */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/referral.c,v 1.36.2.5 2006/05/15 23:41:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/referral.c,v 1.36.2.6 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - search operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.221.2.14 2006/01/16 18:59:27 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.221.2.15 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* tools.c - tools for slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/tools.c,v 1.72.2.14 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/tools.c,v 1.72.2.16 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -391,6 +391,9 @@
 {
 	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
 
+	if (!bdb->bi_nattrs)
+		return 0;
+
 	if ( slapMode & SLAP_TOOL_QUICK ) {
 		IndexRec *ir;
 		int i, rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* trans.c - bdb backend transaction routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/trans.c,v 1.6.2.2 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/trans.c,v 1.6.2.3 2007/01/02 21:44:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-dnssrv
-# $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/Makefile.in,v 1.12.2.3 2006/01/03 22:16:17 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/Makefile.in,v 1.12.2.4 2007/01/02 21:44:01 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## Portions Copyright 1998-2003 Kurt D. Zeilenga.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - DNS SRV backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.19.2.4 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.19.2.5 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - DNS SRV backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/compare.c,v 1.16.2.3 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/compare.c,v 1.16.2.4 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - DNS SRV backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.13.2.4 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.13.2.5 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.24.2.5 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.24.2.6 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/proto-dnssrv.h,v 1.2.2.4 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/proto-dnssrv.h,v 1.2.2.5 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* referral.c - DNS SRV backend referral handler */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/referral.c,v 1.17.2.5 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/referral.c,v 1.17.2.6 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - DNS SRV backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/search.c,v 1.35.2.5 2006/01/03 22:16:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/search.c,v 1.35.2.6 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile for back-hdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.4 2006/01/03 22:16:17 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.5 2007/01/02 21:44:01 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* back-bdb.h - hdb back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/back-bdb.h,v 1.3.2.2 2006/01/03 22:16:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/back-bdb.h,v 1.3.2.3 2007/01/02 21:44:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu @ Symas Corp.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-ldap
-# $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/Makefile.in,v 1.26.2.2 2006/01/03 22:16:18 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/Makefile.in,v 1.26.2.3 2007/01/02 21:44:01 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* add.c - ldap backend add function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/add.c,v 1.53.2.8 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/add.c,v 1.53.2.11 2007/01/13 11:19:06 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -36,26 +36,25 @@
 	Operation	*op,
 	SlapReply	*rs )
 {
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	ldapconn_t	*lc;
-	int		i = 0,
-			j = 0;
-	Attribute	*a;
-	LDAPMod		**attrs = NULL,
-			*attrs2 = NULL;
-	ber_int_t	msgid;
-	int		isupdate;
-	int		do_retry = 1;
-	LDAPControl	**ctrls = NULL;
+	ldapconn_t		*lc = NULL;
+	int			i = 0,
+				j = 0;
+	Attribute		*a;
+	LDAPMod			**attrs = NULL,
+				*attrs2 = NULL;
+	ber_int_t		msgid;
+	int			isupdate;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
+	LDAPControl		**ctrls = NULL;
 
 	rs->sr_err = LDAP_SUCCESS;
 	
 	Debug( LDAP_DEBUG_ARGS, "==> ldap_back_add(\"%s\")\n",
 			op->o_req_dn.bv_val, 0, 0 );
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		lc = NULL;
 		goto cleanup;
 	}
@@ -94,7 +93,8 @@
 
 retry:
 	ctrls = op->o_ctrls;
-	rs->sr_err = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
 		goto cleanup;
@@ -103,9 +103,10 @@
 	rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
 			ctrls, NULL, &msgid );
 	rs->sr_err = ldap_back_op_result( lc, op, rs, msgid,
-		li->li_timeout[ LDAP_BACK_OP_ADD ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		li->li_timeout[ SLAP_OP_ADD ],
+		( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
@@ -124,7 +125,7 @@
 	}
 
 	if ( lc ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	Debug( LDAP_DEBUG_ARGS, "<== ldap_back_add(\"%s\"): %d\n",

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* back-ldap.h - ldap backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.63.2.19 2006/04/11 21:26:27 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.63.2.23 2007/01/27 23:56:43 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -26,41 +26,94 @@
 
 LDAP_BEGIN_DECL
 
+struct ldapinfo_t;
+
+enum {
+	/* even numbers are connection types */
+	LDAP_BACK_PCONN_FIRST = 0,
+	LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
+	LDAP_BACK_PCONN_ANON = 2,
+	LDAP_BACK_PCONN_BIND = 4,
+
+	/* add the TLS bit */
+	LDAP_BACK_PCONN_TLS = 0x1U,
+
+	LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
+	LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
+	LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
+
+	LDAP_BACK_PCONN_LAST
+};
+
 typedef struct ldapconn_t {
 	Connection		*lc_conn;
-#define	LDAP_BACK_PCONN		((void *)0x0)
-#define	LDAP_BACK_PCONN_TLS	((void *)0x1)
-#define	LDAP_BACK_PCONN_ID(c)	((void *)(c) > LDAP_BACK_PCONN_TLS ? (c)->c_connid : -1)
+#define	LDAP_BACK_CONN2PRIV(lc)		((unsigned long)(lc)->lc_conn)
+#define LDAP_BACK_PCONN_ISPRIV(lc)	((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \
+						&& (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST)
+#define LDAP_BACK_PCONN_ISROOTDN(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
+						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISANON(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
+						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
+						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISBIND(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
+						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
+#define LDAP_BACK_PCONN_ISTLS(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
+						&& (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
+#define	LDAP_BACK_PCONN_ID(lc)		(LDAP_BACK_PCONN_ISPRIV((lc)) ? \
+						( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid )
 #ifdef HAVE_TLS
-#define	LDAP_BACK_PCONN_SET(op)	((op)->o_conn->c_is_tls ? LDAP_BACK_PCONN_TLS : LDAP_BACK_PCONN)
+#define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
+#define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
+	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
+#define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
+	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
 #else /* ! HAVE_TLS */
-#define	LDAP_BACK_PCONN_SET(op)	(LDAP_BACK_PCONN)
+#define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
+#define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
+	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
+#define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
+	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
 #endif /* ! HAVE_TLS */
+#define	LDAP_BACK_PCONN_SET(lc, op) \
+	(BER_BVISEMPTY(&(op)->o_ndn) ? \
+		LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
 
 	LDAP			*lc_ld;
 	struct berval		lc_cred;
 	struct berval 		lc_bound_ndn;
 	struct berval		lc_local_ndn;
 	unsigned		lc_lcflags;
-#define LDAP_BACK_CONN_ISSET(lc,f)	((lc)->lc_lcflags & (f))
-#define	LDAP_BACK_CONN_SET(lc,f)	((lc)->lc_lcflags |= (f))
-#define	LDAP_BACK_CONN_CLEAR(lc,f)	((lc)->lc_lcflags &= ~(f))
-#define	LDAP_BACK_CONN_CPY(lc,f,mlc) \
+#define LDAP_BACK_CONN_ISSET_F(fp,f)	(*(fp) & (f))
+#define	LDAP_BACK_CONN_SET_F(fp,f)	(*(fp) |= (f))
+#define	LDAP_BACK_CONN_CLEAR_F(fp,f)	(*(fp) &= ~(f))
+#define	LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
 	do { \
-		if ( ((f) & (mlc)->lc_lcflags) == (f) ) { \
-			(lc)->lc_lcflags |= (f); \
+		if ( ((f) & *(mfp)) == (f) ) { \
+			*(fp) |= (f); \
 		} else { \
-			(lc)->lc_lcflags &= ~(f); \
+			*(fp) &= ~(f); \
 		} \
 	} while ( 0 )
 
-#define	LDAP_BACK_FCONN_ISBOUND	(0x01)
-#define	LDAP_BACK_FCONN_ISANON	(0x02)
+#define LDAP_BACK_CONN_ISSET(lc,f)	LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
+#define	LDAP_BACK_CONN_SET(lc,f)	LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
+#define	LDAP_BACK_CONN_CLEAR(lc,f)	LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
+#define	LDAP_BACK_CONN_CPY(lc,f,mlc)	LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
+
+/* 0xFFF00000U are reserved for back-meta */
+
+#define	LDAP_BACK_FCONN_ISBOUND	(0x00000001U)
+#define	LDAP_BACK_FCONN_ISANON	(0x00000002U)
 #define	LDAP_BACK_FCONN_ISBMASK	(LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
-#define	LDAP_BACK_FCONN_ISPRIV	(0x04)
-#define	LDAP_BACK_FCONN_ISTLS	(0x08)
-#define	LDAP_BACK_FCONN_BINDING	(0x10)
-#define	LDAP_BACK_FCONN_TAINTED	(0x20)
+#define	LDAP_BACK_FCONN_ISPRIV	(0x00000004U)
+#define	LDAP_BACK_FCONN_ISTLS	(0x00000008U)
+#define	LDAP_BACK_FCONN_BINDING	(0x00000010U)
+#define	LDAP_BACK_FCONN_TAINTED	(0x00000020U)
+#define	LDAP_BACK_FCONN_ABANDON	(0x00000040U)
+#define	LDAP_BACK_FCONN_ISIDASR	(0x00000080U)
+#define	LDAP_BACK_FCONN_CACHED	(0x00000100U)
 
 #define	LDAP_BACK_CONN_ISBOUND(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
 #define	LDAP_BACK_CONN_ISBOUND_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
@@ -84,105 +137,165 @@
 #define	LDAP_BACK_CONN_TAINTED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
 #define	LDAP_BACK_CONN_TAINTED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
 #define	LDAP_BACK_CONN_TAINTED_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
+#define	LDAP_BACK_CONN_ABANDON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
+#define	LDAP_BACK_CONN_ABANDON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
+#define	LDAP_BACK_CONN_ABANDON_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
+#define	LDAP_BACK_CONN_ISIDASSERT(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
+#define	LDAP_BACK_CONN_ISIDASSERT_SET(lc)	LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
+#define	LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
+#define	LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
+#define	LDAP_BACK_CONN_CACHED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
+#define	LDAP_BACK_CONN_CACHED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
+#define	LDAP_BACK_CONN_CACHED_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
 
 	unsigned		lc_refcnt;
-	unsigned		lc_binding;
 	unsigned		lc_flags;
 	time_t			lc_create_time;
 	time_t			lc_time;
+
+	LDAP_TAILQ_ENTRY(ldapconn_t)	lc_q;
 } ldapconn_t;
 
+typedef struct ldap_avl_info_t {
+	ldap_pvt_thread_mutex_t		lai_mutex;
+	Avlnode				*lai_tree;
+} ldap_avl_info_t;
+
+typedef struct slap_retry_info_t {
+	time_t		*ri_interval;
+	int		*ri_num;
+	int		ri_idx;
+	int		ri_count;
+	time_t		ri_last;
+
+#define SLAP_RETRYNUM_FOREVER	(-1)		/* retry forever */
+#define SLAP_RETRYNUM_TAIL	(-2)		/* end of retrynum array */
+#define SLAP_RETRYNUM_VALID(n)	((n) >= SLAP_RETRYNUM_FOREVER)	/* valid retrynum */
+#define SLAP_RETRYNUM_FINITE(n)	((n) > SLAP_RETRYNUM_FOREVER)	/* not forever */
+} slap_retry_info_t;
+
 /*
  * identity assertion modes
  */
-enum {
+typedef enum {
 	LDAP_BACK_IDASSERT_LEGACY = 1,
 	LDAP_BACK_IDASSERT_NOASSERT,
 	LDAP_BACK_IDASSERT_ANONYMOUS,
 	LDAP_BACK_IDASSERT_SELF,
 	LDAP_BACK_IDASSERT_OTHERDN,
 	LDAP_BACK_IDASSERT_OTHERID
-};
+} slap_idassert_mode_t;
 
+/* ID assert stuff */
+typedef struct slap_idassert_t {
+	slap_idassert_mode_t	si_mode;
+#define	li_idassert_mode	li_idassert.si_mode
+
+	slap_bindconf	si_bc;
+#define	li_idassert_authcID	li_idassert.si_bc.sb_authcId
+#define	li_idassert_authcDN	li_idassert.si_bc.sb_binddn
+#define	li_idassert_passwd	li_idassert.si_bc.sb_cred
+#define	li_idassert_authzID	li_idassert.si_bc.sb_authzId
+#define	li_idassert_authmethod	li_idassert.si_bc.sb_method
+#define	li_idassert_sasl_mech	li_idassert.si_bc.sb_saslmech
+#define	li_idassert_sasl_realm	li_idassert.si_bc.sb_realm
+#define	li_idassert_secprops	li_idassert.si_bc.sb_secprops
+#define	li_idassert_tls		li_idassert.si_bc.sb_tls
+
+	unsigned 	si_flags;
+#define LDAP_BACK_AUTH_NONE				(0x00U)
+#define	LDAP_BACK_AUTH_NATIVE_AUTHZ			(0x01U)
+#define	LDAP_BACK_AUTH_OVERRIDE				(0x02U)
+#define	LDAP_BACK_AUTH_PRESCRIPTIVE			(0x04U)
+#define	LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ		(0x08U)
+#define	LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND	(0x10U)
+#define	LDAP_BACK_AUTH_AUTHZ_ALL			(0x20U)
+#define	li_idassert_flags	li_idassert.si_flags
+
+	BerVarray	si_authz;
+#define	li_idassert_authz	li_idassert.si_authz
+} slap_idassert_t;
+
 /*
- * operation enumeration for timeouts
+ * Hook to allow mucking with ldapinfo_t when quarantine is over
  */
-enum {
-	LDAP_BACK_OP_ADD = 0,
-	LDAP_BACK_OP_DELETE,
-	LDAP_BACK_OP_MODIFY,
-	LDAP_BACK_OP_MODRDN,
-	LDAP_BACK_OP_LAST
-};
+typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
 
-typedef struct ldap_avl_info_t {
-	ldap_pvt_thread_mutex_t		lai_mutex;
-	Avlnode				*lai_tree;
-} ldap_avl_info_t;
-
 typedef struct ldapinfo_t {
 	/* li_uri: the string that goes into ldap_initialize()
 	 * TODO: use li_acl.sb_uri instead */
-	char		*li_uri;
+	char			*li_uri;
 	/* li_bvuri: an array of each single URI that is equivalent;
 	 * to be checked for the presence of a certain item */
-	BerVarray	li_bvuri;
+	BerVarray		li_bvuri;
+	ldap_pvt_thread_mutex_t	li_uri_mutex;
 
-	slap_bindconf	li_acl;
-#define	li_acl_authcID	li_acl.sb_authcId
-#define	li_acl_authcDN	li_acl.sb_binddn
-#define	li_acl_passwd	li_acl.sb_cred
-#define	li_acl_authzID	li_acl.sb_authzId
+	LDAP_REBIND_PROC	*li_rebind_f;
+	void			*li_urllist_p;
+
+	slap_bindconf		li_acl;
+#define	li_acl_authcID		li_acl.sb_authcId
+#define	li_acl_authcDN		li_acl.sb_binddn
+#define	li_acl_passwd		li_acl.sb_cred
+#define	li_acl_authzID		li_acl.sb_authzId
 #define	li_acl_authmethod	li_acl.sb_method
 #define	li_acl_sasl_mech	li_acl.sb_saslmech
 #define	li_acl_sasl_realm	li_acl.sb_realm
-#define	li_acl_secprops	li_acl.sb_secprops
+#define	li_acl_secprops		li_acl.sb_secprops
 
 	/* ID assert stuff */
-	int		li_idassert_mode;
-
-	slap_bindconf	li_idassert;
-#define	li_idassert_authcID	li_idassert.sb_authcId
-#define	li_idassert_authcDN	li_idassert.sb_binddn
-#define	li_idassert_passwd	li_idassert.sb_cred
-#define	li_idassert_authzID	li_idassert.sb_authzId
-#define	li_idassert_authmethod	li_idassert.sb_method
-#define	li_idassert_sasl_mech	li_idassert.sb_saslmech
-#define	li_idassert_sasl_realm	li_idassert.sb_realm
-#define	li_idassert_secprops	li_idassert.sb_secprops
-
-	unsigned 	li_idassert_flags;
-#define LDAP_BACK_AUTH_NONE		0x00U
-#define	LDAP_BACK_AUTH_NATIVE_AUTHZ	0x01U
-#define	LDAP_BACK_AUTH_OVERRIDE		0x02U
-#define	LDAP_BACK_AUTH_PRESCRIPTIVE	0x04U
-
-	BerVarray	li_idassert_authz;
+	slap_idassert_t		li_idassert;
 	/* end of ID assert stuff */
 
-	int		li_nretries;
+	int			li_nretries;
 #define LDAP_BACK_RETRY_UNDEFINED	(-2)
 #define LDAP_BACK_RETRY_FOREVER		(-1)
 #define LDAP_BACK_RETRY_NEVER		(0)
 #define LDAP_BACK_RETRY_DEFAULT		(3)
 
-	unsigned	li_flags;
-#define LDAP_BACK_F_NONE		0x00U
-#define LDAP_BACK_F_SAVECRED		0x01U
-#define LDAP_BACK_F_USE_TLS		0x02U
-#define LDAP_BACK_F_PROPAGATE_TLS	0x04U
-#define LDAP_BACK_F_TLS_CRITICAL	0x08U
+	unsigned		li_flags;
+
+/* 0xFFF00000U are reserved for back-meta */
+
+#define LDAP_BACK_F_NONE		(0x00000000U)
+#define LDAP_BACK_F_SAVECRED		(0x00000001U)
+#define LDAP_BACK_F_USE_TLS		(0x00000002U)
+#define LDAP_BACK_F_PROPAGATE_TLS	(0x00000004U)
+#define LDAP_BACK_F_TLS_CRITICAL	(0x00000008U)
+#define LDAP_BACK_F_TLS_LDAPS		(0x00000010U)
+
 #define LDAP_BACK_F_TLS_USE_MASK	(LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
 #define LDAP_BACK_F_TLS_PROPAGATE_MASK	(LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
-#define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK)
-#define LDAP_BACK_F_CHASE_REFERRALS	0x10U
-#define LDAP_BACK_F_PROXY_WHOAMI	0x20U
+#define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
+#define LDAP_BACK_F_CHASE_REFERRALS	(0x00000020U)
+#define LDAP_BACK_F_PROXY_WHOAMI	(0x00000040U)
 
-#define	LDAP_BACK_F_SUPPORT_T_F			0x80U
-#define	LDAP_BACK_F_SUPPORT_T_F_DISCOVER	0x40U
-#define	LDAP_BACK_F_SUPPORT_T_F_MASK		(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER)
+#define	LDAP_BACK_F_T_F			(0x00000080U)
+#define	LDAP_BACK_F_T_F_DISCOVER	(0x00000100U)
+#define	LDAP_BACK_F_T_F_MASK		(LDAP_BACK_F_T_F)
+#define	LDAP_BACK_F_T_F_MASK2		(LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
 
-#define	LDAP_BACK_ISSET(li,f)		( ( (li)->li_flags & (f) ) == (f) )
+#define LDAP_BACK_F_MONITOR		(0x00000200U)
+#define	LDAP_BACK_F_SINGLECONN		(0x00000400U)
+#define LDAP_BACK_F_USE_TEMPORARIES	(0x00000800U)
+
+#define	LDAP_BACK_F_ISOPEN		(0x00001000U)
+
+#define	LDAP_BACK_F_CANCEL_ABANDON	(0x00000000U)
+#define	LDAP_BACK_F_CANCEL_IGNORE	(0x00002000U)
+#define	LDAP_BACK_F_CANCEL_EXOP		(0x00004000U)
+#define	LDAP_BACK_F_CANCEL_EXOP_DISCOVER	(0x00008000U)
+#define	LDAP_BACK_F_CANCEL_MASK		(LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
+#define	LDAP_BACK_F_CANCEL_MASK2	(LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
+
+#define	LDAP_BACK_F_QUARANTINE		(0x00010000U)
+
+#define	LDAP_BACK_ISSET_F(ff,f)		( ( (ff) & (f) ) == (f) )
+#define	LDAP_BACK_ISMASK_F(ff,m,f)	( ( (ff) & (m) ) == (f) )
+
+#define	LDAP_BACK_ISSET(li,f)		LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
+#define	LDAP_BACK_ISMASK(li,m,f)	LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
+
 #define LDAP_BACK_SAVECRED(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
 #define LDAP_BACK_USE_TLS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
 #define LDAP_BACK_PROPAGATE_TLS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
@@ -190,14 +303,56 @@
 #define LDAP_BACK_CHASE_REFERRALS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
 #define LDAP_BACK_PROXY_WHOAMI(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
 
-	int		li_version;
+#define LDAP_BACK_USE_TLS_F(ff)		LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_PROPAGATE_TLS_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
+#define LDAP_BACK_TLS_CRITICAL_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
 
-	ldap_avl_info_t	li_conninfo;
+#define	LDAP_BACK_T_F(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
+#define	LDAP_BACK_T_F_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
 
-	time_t		li_network_timeout;
-	time_t		li_conn_ttl;
-	time_t		li_idle_timeout;
-	time_t		li_timeout[ LDAP_BACK_OP_LAST ];
+#define LDAP_BACK_MONITOR(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
+#define	LDAP_BACK_SINGLECONN(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
+#define	LDAP_BACK_USE_TEMPORARIES(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
+
+#define	LDAP_BACK_ISOPEN(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
+
+#define	LDAP_BACK_ABANDON(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
+#define	LDAP_BACK_IGNORE(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
+#define	LDAP_BACK_CANCEL(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
+#define	LDAP_BACK_CANCEL_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+
+#define	LDAP_BACK_QUARANTINE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
+
+	int			li_version;
+
+	/* cached connections; 
+	 * special conns are in tailq rather than in tree */
+	ldap_avl_info_t		li_conninfo;
+	struct {
+		int						lic_num;
+		LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t)	lic_priv;
+	}			li_conn_priv[ LDAP_BACK_PCONN_LAST ];
+	int			li_conn_priv_max;
+#define	LDAP_BACK_CONN_PRIV_MIN		(1)
+#define	LDAP_BACK_CONN_PRIV_MAX		(256)
+	/* must be between LDAP_BACK_CONN_PRIV_MIN
+	 * and LDAP_BACK_CONN_PRIV_MAX ! */
+#define	LDAP_BACK_CONN_PRIV_DEFAULT	(16)
+
+	sig_atomic_t		li_isquarantined;
+#define	LDAP_BACK_FQ_NO		(0)
+#define	LDAP_BACK_FQ_YES	(1)
+#define	LDAP_BACK_FQ_RETRYING	(2)
+
+	slap_retry_info_t	li_quarantine;
+	ldap_pvt_thread_mutex_t	li_quarantine_mutex;
+	ldap_back_quarantine_f	li_quarantine_f;
+	void			*li_quarantine_p;
+
+	time_t			li_network_timeout;
+	time_t			li_conn_ttl;
+	time_t			li_idle_timeout;
+	time_t			li_timeout[ SLAP_OP_LAST ];
 } ldapinfo_t;
 
 typedef enum ldap_back_send_t {
@@ -206,10 +361,19 @@
 	LDAP_BACK_SENDERR		= 0x02,
 	LDAP_BACK_SENDRESULT		= (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
 	LDAP_BACK_BINDING		= 0x04,
+
 	LDAP_BACK_BIND_DONTSEND		= (LDAP_BACK_BINDING),
 	LDAP_BACK_BIND_SOK		= (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
 	LDAP_BACK_BIND_SERR		= (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
-	LDAP_BACK_BIND_SRES		= (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT)
+	LDAP_BACK_BIND_SRES		= (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
+
+	LDAP_BACK_RETRYING		= 0x08,
+	LDAP_BACK_RETRY_DONTSEND	= (LDAP_BACK_RETRYING),
+	LDAP_BACK_RETRY_SOK		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
+	LDAP_BACK_RETRY_SERR		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
+	LDAP_BACK_RETRY_SRES		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
+
+	LDAP_BACK_GETCONN		= 0x10
 } ldap_back_send_t;
 
 /* define to use asynchronous StartTLS */
@@ -224,6 +388,10 @@
 		(tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
 	} while ( 0 )
 
+#ifndef LDAP_BACK_PRINT_CONNTREE
+#define LDAP_BACK_PRINT_CONNTREE 0
+#endif /* !LDAP_BACK_PRINT_CONNTREE */
+
 LDAP_END_DECL
 
 #include "proto-ldap.h"

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.27 2006/05/09 20:00:36 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.36 2007/03/19 14:52:17 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -32,89 +32,222 @@
 #define AVL_INTERNAL
 #include "slap.h"
 #include "back-ldap.h"
+#undef ldap_debug	/* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
 
-#include <lutil_ldap.h>
+#include "lutil_ldap.h"
 
-#ifndef PRINT_CONNTREE
-#define PRINT_CONNTREE 0
-#endif /* !PRINT_CONNTREE */
-
 #define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ	"2.16.840.1.113730.3.4.12"
 
-static LDAP_REBIND_PROC	ldap_back_default_rebind;
+#if LDAP_BACK_PRINT_CONNTREE > 0
+static void
+ldap_back_ravl_print( Avlnode *root, int depth )
+{
+	int		i;
+	ldapconn_t	*lc;
+	
+	if ( root == 0 ) {
+		return;
+	}
+	
+	ldap_back_ravl_print( root->avl_right, depth+1 );
+	
+	for ( i = 0; i < depth; i++ ) {
+		fprintf( stderr, "-" );
+	}
 
-LDAP_REBIND_PROC	*ldap_back_rebind_f = ldap_back_default_rebind;
+	lc = root->avl_data;
+	fprintf( stderr, "lc=%p local=\"%s\" conn=%p %s refcnt=%d flags=0x%08x\n",
+		(void *)lc,
+		lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
+		(void *)lc->lc_conn,
+		avl_bf2str( root->avl_bf ), lc->lc_refcnt, lc->lc_lcflags );
+	
+	ldap_back_ravl_print( root->avl_left, depth+1 );
+}
 
+static char* priv2str[] = {
+	"privileged",
+	"privileged/TLS",
+	"anonymous",
+	"anonymous/TLS",
+	"bind",
+	"bind/TLS",
+	NULL
+};
+
+void
+ldap_back_print_conntree( ldapinfo_t *li, char *msg )
+{
+	int	c;
+
+	fprintf( stderr, "========> %s\n", msg );
+
+	for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+		int		i = 0;
+		ldapconn_t	*lc;
+
+		fprintf( stderr, "  %s[%d]\n", priv2str[ c ], li->li_conn_priv[ c ].lic_num );
+
+		LDAP_TAILQ_FOREACH( lc, &li->li_conn_priv[ c ].lic_priv, lc_q )
+		{
+			fprintf( stderr, "    [%d] lc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+				i,
+				(void *)lc,
+				lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
+				(void *)lc->lc_conn, lc->lc_refcnt, lc->lc_lcflags );
+			i++;
+		}
+	}
+	
+	if ( li->li_conninfo.lai_tree == 0 ) {
+		fprintf( stderr, "\t(empty)\n" );
+
+	} else {
+		ldap_back_ravl_print( li->li_conninfo.lai_tree, 0 );
+	}
+	
+	fprintf( stderr, "<======== %s\n", msg );
+}
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
 static int
-ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock );
 
+static ldapconn_t *
+ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+	struct berval *binddn, struct berval *bindcred );
+
 static int
-ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
+ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+	struct berval *binddn, struct berval *bindcred );
 
 static int
+ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs,
+	ldap_back_send_t sendok, struct berval *binddn, struct berval *bindcred );
+
+static int
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs,
+	ldap_back_send_t sendok );
+
+static int
 ldap_back_conndnlc_cmp( const void *c1, const void *c2 );
 
+ldapconn_t *
+ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc )
+{
+	if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+		if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+			assert( lc->lc_q.tqe_prev != NULL );
+			assert( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num > 0 );
+			li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num--;
+			LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+			LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+			LDAP_BACK_CONN_CACHED_CLEAR( lc );
+
+		} else {
+			assert( LDAP_BACK_CONN_TAINTED( lc ) );
+			assert( lc->lc_q.tqe_prev == NULL );
+		}
+
+	} else {
+		ldapconn_t	*tmplc = NULL;
+
+		if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+			assert( !LDAP_BACK_CONN_TAINTED( lc ) );
+			tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
+				ldap_back_conndnlc_cmp );
+			assert( tmplc == lc );
+			LDAP_BACK_CONN_CACHED_CLEAR( lc );
+		}
+
+		assert( LDAP_BACK_CONN_TAINTED( lc ) || tmplc == lc );
+	}
+
+	return lc;
+}
+
 int
 ldap_back_bind( Operation *op, SlapReply *rs )
 {
-	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
-	ldapconn_t	*lc;
+	ldapinfo_t		*li = (ldapinfo_t *) op->o_bd->be_private;
+	ldapconn_t		*lc;
 
-	int rc = 0;
-	ber_int_t msgid;
+	int			rc = 0;
+	ber_int_t		msgid;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_BIND_SERR );
+	lc = ldap_back_getconn( op, rs, LDAP_BACK_BIND_SERR, NULL, NULL );
 	if ( !lc ) {
 		return rs->sr_err;
 	}
 
+	/* we can do (almost) whatever we want with this conn,
+	 * because either it's temporary, or it's marked as binding */
 	if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
 		ch_free( lc->lc_bound_ndn.bv_val );
 		BER_BVZERO( &lc->lc_bound_ndn );
 	}
+	if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+		memset( lc->lc_cred.bv_val, 0, lc->lc_cred.bv_len );
+		ch_free( lc->lc_cred.bv_val );
+		BER_BVZERO( &lc->lc_cred );
+	}
 	LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
 
+retry:;
 	/* method is always LDAP_AUTH_SIMPLE if we got here */
 	rs->sr_err = ldap_sasl_bind( lc->lc_ld, op->o_req_dn.bv_val,
 			LDAP_SASL_SIMPLE,
 			&op->orb_cred, op->o_ctrls, NULL, &msgid );
-	rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_SENDERR );
+	/* FIXME: should we always retry, or only when piping the bind
+	 * in the "override" connection pool? */
+	rc = ldap_back_op_result( lc, op, rs, msgid,
+		li->li_timeout[ SLAP_OP_BIND ],
+		LDAP_BACK_BIND_SERR | retrying );
+	if ( rc == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
+		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_BIND_SERR ) ) {
+			goto retry;
+		}
+	}
 
 	if ( rc == LDAP_SUCCESS ) {
 		/* If defined, proxyAuthz will be used also when
 		 * back-ldap is the authorizing backend; for this
-		 * purpose, a successful bind is followed by a
-		 * bind with the configured identity assertion */
+		 * purpose, after a successful bind the connection
+		 * is left for further binds, and further operations 
+		 * on this client connection will use a default
+		 * connection with identity assertion */
 		/* NOTE: use with care */
 		if ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
-			ldap_back_proxy_authz_bind( lc, op, rs, LDAP_BACK_SENDERR );
-			if ( !LDAP_BACK_CONN_ISBOUND( lc ) ) {
-				rc = 1;
-				goto done;
-			}
+			ldap_back_release_conn( li, lc );
+			return( rc );
 		}
 
+		/* rebind is now done inside ldap_back_proxy_authz_bind()
+		 * in case of success */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
 		ber_dupbv( &lc->lc_bound_ndn, &op->o_req_ndn );
 
+		if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+			memset( lc->lc_cred.bv_val, 0,
+					lc->lc_cred.bv_len );
+		}
+
 		if ( LDAP_BACK_SAVECRED( li ) ) {
-			if ( !BER_BVISNULL( &lc->lc_cred ) ) {
-				memset( lc->lc_cred.bv_val, 0,
-						lc->lc_cred.bv_len );
-			}
 			ber_bvreplace( &lc->lc_cred, &op->orb_cred );
-			ldap_set_rebind_proc( lc->lc_ld, ldap_back_rebind_f, lc );
+			ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+		} else {
+			lc->lc_cred.bv_len = 0;
 		}
 	}
-done:;
 
-	assert( lc->lc_binding == 1 );
-	lc->lc_binding = 0;
-
 	/* must re-insert if local DN changed as result of bind */
 	if ( !LDAP_BACK_CONN_ISBOUND( lc )
-		|| ( LDAP_BACK_CONN_ISBOUND( lc )
-			&& !dn_match( &op->o_req_ndn, &lc->lc_local_ndn ) ) )
+		|| ( !dn_match( &op->o_req_ndn, &lc->lc_local_ndn )
+			&& !LDAP_BACK_PCONN_ISPRIV( lc ) ) )
 	{
 		int		lerr = -1;
 		ldapconn_t	*tmplc;
@@ -128,20 +261,54 @@
 			goto retry_lock;
 		}
 
+#if LDAP_BACK_PRINT_CONNTREE > 0
+		ldap_back_print_conntree( li, ">>> ldap_back_bind" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
 		assert( lc->lc_refcnt == 1 );
-		tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
-				ldap_back_conndnlc_cmp );
-		assert( tmplc == NULL || lc == tmplc );
+		ldap_back_conn_delete( li, lc );
 
+		/* delete all cached connections with the current connection */
+		if ( LDAP_BACK_SINGLECONN( li ) ) {
+			while ( ( tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc, ldap_back_conn_cmp ) ) != NULL )
+			{
+				Debug( LDAP_DEBUG_TRACE,
+					"=>ldap_back_bind: destroying conn %ld (refcnt=%u)\n",
+					LDAP_BACK_PCONN_ID( lc ), lc->lc_refcnt, 0 );
+
+				if ( tmplc->lc_refcnt != 0 ) {
+					/* taint it */
+					LDAP_BACK_CONN_TAINTED_SET( tmplc );
+					LDAP_BACK_CONN_CACHED_CLEAR( tmplc );
+
+				} else {
+					/*
+					 * Needs a test because the handler may be corrupted,
+					 * and calling ldap_unbind on a corrupted header results
+					 * in a segmentation fault
+					 */
+					ldap_back_conn_free( tmplc );
+				}
+			}
+		}
+
 		if ( LDAP_BACK_CONN_ISBOUND( lc ) ) {
 			ber_bvreplace( &lc->lc_local_ndn, &op->o_req_ndn );
+			if ( be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
+				LDAP_BACK_PCONN_ROOTDN_SET( lc, op );
+			}
 			lerr = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
 				ldap_back_conndn_cmp, ldap_back_conndn_dup );
 		}
 
+#if LDAP_BACK_PRINT_CONNTREE > 0
+		ldap_back_print_conntree( li, "<<< ldap_back_bind" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+	
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 		switch ( lerr ) {
 		case 0:
+			LDAP_BACK_CONN_CACHED_SET( lc );
 			break;
 
 		case -1:
@@ -154,7 +321,7 @@
 	}
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return( rc );
@@ -255,64 +422,27 @@
 	return 0;
 }
 
-#if PRINT_CONNTREE > 0
-static void
-ravl_print( Avlnode *root, int depth )
+static int
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock )
 {
-	int		i;
-	ldapconn_t	*lc;
-	
-	if ( root == 0 ) {
-		return;
+	if ( dolock ) {
+		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 	}
-	
-	ravl_print( root->avl_right, depth+1 );
-	
-	for ( i = 0; i < depth; i++ ) {
-		fprintf( stderr, "-" );
-	}
 
-	lc = root->avl_data;
-	fprintf( stderr, "lc=%p local=\"%s\" conn=%p %s refcnt=%d\n",
-		(void *)lc, lc->lc_local_ndn.bv_val, (void *)lc->lc_conn,
-		avl_bf2str( root->avl_bf ), lc->lc_refcnt );
-	
-	ravl_print( root->avl_left, depth+1 );
-}
+#if LDAP_BACK_PRINT_CONNTREE > 0
+	ldap_back_print_conntree( li, ">>> ldap_back_freeconn" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
 
-static void
-myprint( Avlnode *root )
-{
-	fprintf( stderr, "========>\n" );
-	
-	if ( root == 0 ) {
-		fprintf( stderr, "\tNULL\n" );
+	(void)ldap_back_conn_delete( li, lc );
 
-	} else {
-		ravl_print( root, 0 );
-	}
-	
-	fprintf( stderr, "<========\n" );
-}
-#endif /* PRINT_CONNTREE */
-
-int
-ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock )
-{
-	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
-	ldapconn_t	*tmplc;
-
-	if ( dolock ) {
-		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-	}
-
-	tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
-			ldap_back_conndnlc_cmp );
-	assert( LDAP_BACK_CONN_TAINTED( lc ) || tmplc == lc );
 	if ( lc->lc_refcnt == 0 ) {
 		ldap_back_conn_free( (void *)lc );
 	}
 
+#if LDAP_BACK_PRINT_CONNTREE > 0
+	ldap_back_print_conntree( li, "<<< ldap_back_freeconn" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
 	if ( dolock ) {
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 	}
@@ -332,13 +462,9 @@
 	const char	**text )
 {
 	int		rc = LDAP_SUCCESS;
-	ldapinfo_t	dummy;
 
-	/* this is ridiculous... */
-	dummy.li_flags = flags;
-
 	/* start TLS ("tls-[try-]{start,propagate}" statements) */
-	if ( ( LDAP_BACK_USE_TLS( &dummy ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS( &dummy ) ) )
+	if ( ( LDAP_BACK_USE_TLS_F( flags ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS_F( flags ) ) )
 				&& !ldap_is_ldaps_url( url ) )
 	{
 #ifdef SLAP_STARTTLS_ASYNCHRONOUS
@@ -354,14 +480,16 @@
 		}
 
 		if ( protocol < LDAP_VERSION3 ) {
-			protocol = LDAP_VERSION3;
-			/* Set LDAP version */
-			ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-					(const void *)&protocol );
+			/* we should rather bail out... */
+			rc = LDAP_UNWILLING_TO_PERFORM;
+			*text = "invalid protocol version";
 		}
 
-		rc = ldap_start_tls( ld, NULL, NULL, &msgid );
 		if ( rc == LDAP_SUCCESS ) {
+			rc = ldap_start_tls( ld, NULL, NULL, &msgid );
+		}
+
+		if ( rc == LDAP_SUCCESS ) {
 			LDAPMessage	*res = NULL;
 			struct timeval	tv;
 
@@ -445,7 +573,7 @@
 			break;
 
 		default:
-			if ( LDAP_BACK_TLS_CRITICAL( &dummy ) ) {
+			if ( LDAP_BACK_TLS_CRITICAL_F( flags ) ) {
 				*text = "could not start TLS";
 				break;
 			}
@@ -465,18 +593,19 @@
 #endif /* HAVE_TLS */
 
 static int
-ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
 {
 	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
-	int		vers = op->o_protocol;
+	int		version;
 	LDAP		*ld = NULL;
 #ifdef HAVE_TLS
 	int		is_tls = op->o_conn->c_is_tls;
+	time_t		lc_time = (time_t)(-1);
 #endif /* HAVE_TLS */
 
-	assert( lcp != NULL );
-
+	ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
 	rs->sr_err = ldap_initialize( &ld, li->li_uri );
+	ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		goto error_return;
 	}
@@ -484,11 +613,17 @@
 	/* Set LDAP version. This will always succeed: If the client
 	 * bound with a particular version, then so can we.
 	 */
-	if ( vers == 0 ) {
+	if ( li->li_version != 0 ) {
+		version = li->li_version;
+
+	} else if ( op->o_protocol != 0 ) {
+		version = op->o_protocol;
+
+	} else {
 		/* assume it's an internal op; set to LDAPv3 */
-		vers = LDAP_VERSION3;
+		version = LDAP_VERSION3;
 	}
-	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&vers );
+	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&version );
 
 	/* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
 	ldap_set_option( ld, LDAP_OPT_REFERRALS,
@@ -503,27 +638,32 @@
 	}
 
 #ifdef HAVE_TLS
+	ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
 	rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
 			li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
+	ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		ldap_unbind_ext( ld, NULL, NULL );
+		rs->sr_text = "Start TLS failed";
 		goto error_return;
+
+	} else if ( li->li_idle_timeout ) {
+		/* only touch when activity actually took place... */
+		lc_time = op->o_time;
 	}
 #endif /* HAVE_TLS */
 
-	if ( *lcp == NULL ) {
-		*lcp = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
-		(*lcp)->lc_flags= li->li_flags;
-	}
-	(*lcp)->lc_ld = ld;
-	(*lcp)->lc_refcnt = 1;
-	(*lcp)->lc_binding = 1;
+	lc->lc_ld = ld;
+	lc->lc_refcnt = 1;
 #ifdef HAVE_TLS
 	if ( is_tls ) {
-		LDAP_BACK_CONN_ISTLS_SET( *lcp );
+		LDAP_BACK_CONN_ISTLS_SET( lc );
 	} else {
-		LDAP_BACK_CONN_ISTLS_CLEAR( *lcp );
+		LDAP_BACK_CONN_ISTLS_CLEAR( lc );
 	}
+	if ( lc_time != (time_t)(-1) ) {
+		lc->lc_time = lc_time;
+	}
 #endif /* HAVE_TLS */
 
 error_return:;
@@ -531,95 +671,250 @@
 		rs->sr_err = slap_map_api2result( rs );
 		if ( sendok & LDAP_BACK_SENDERR ) {
 			if ( rs->sr_text == NULL ) {
-				rs->sr_text = "ldap_initialize() failed";
+				rs->sr_text = "Proxy connection initialization failed";
 			}
 			send_ldap_result( op, rs );
-			rs->sr_text = NULL;
 		}
 
 	} else {
 		if ( li->li_conn_ttl > 0 ) {
-			(*lcp)->lc_create_time = op->o_time;
+			lc->lc_create_time = op->o_time;
 		}
 	}
 
 	return rs->sr_err;
 }
 
-ldapconn_t *
-ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+static ldapconn_t *
+ldap_back_getconn(
+	Operation		*op,
+	SlapReply		*rs,
+	ldap_back_send_t	sendok,
+	struct berval		*binddn,
+	struct berval		*bindcred )
 {
 	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 	ldapconn_t	*lc = NULL,
 			lc_curr = { 0 };
-	int		refcnt = 1, binding = 1;
+	int		refcnt = 1,
+			lookupconn = !( sendok & LDAP_BACK_BINDING );
 
+	/* if the server is quarantined, and
+	 * - the current interval did not expire yet, or
+	 * - no more retries should occur,
+	 * don't return the connection */
+	if ( li->li_isquarantined ) {
+		slap_retry_info_t	*ri = &li->li_quarantine;
+		int			dont_retry = 1;
+
+		if ( li->li_quarantine.ri_interval ) {
+			ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
+			if ( li->li_isquarantined == LDAP_BACK_FQ_YES ) {
+				dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+					|| slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+				if ( !dont_retry ) {
+					Debug( LDAP_DEBUG_ANY,
+						"%s: ldap_back_getconn quarantine "
+						"retry block #%d try #%d.\n",
+						op->o_log_prefix, ri->ri_idx, ri->ri_count );
+					li->li_isquarantined = LDAP_BACK_FQ_RETRYING;
+				}
+			}
+			ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
+		}
+
+		if ( dont_retry ) {
+			rs->sr_err = LDAP_UNAVAILABLE;
+			if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+				rs->sr_text = "Target is quarantined";
+				send_ldap_result( op, rs );
+			}
+			return NULL;
+		}
+	}
+
 	/* Internal searches are privileged and shared. So is root. */
 	if ( op->o_do_not_cache || be_isroot( op ) ) {
 		LDAP_BACK_CONN_ISPRIV_SET( &lc_curr );
 		lc_curr.lc_local_ndn = op->o_bd->be_rootndn;
-		lc_curr.lc_conn = LDAP_BACK_PCONN_SET( op );
+		LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
 
 	} else {
+		struct berval	tmpbinddn,
+				tmpbindcred,
+				save_o_dn,
+				save_o_ndn;
+		int		isproxyauthz;
+
+		/* need cleanup */
+		if ( binddn == NULL ) {
+			binddn = &tmpbinddn;
+		}	
+		if ( bindcred == NULL ) {
+			bindcred = &tmpbindcred;
+		}
+		if ( op->o_tag == LDAP_REQ_BIND ) {
+			save_o_dn = op->o_dn;
+			save_o_ndn = op->o_ndn;
+			op->o_dn = op->o_req_dn;
+			op->o_ndn = op->o_req_ndn;
+		}
+		isproxyauthz = ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred );
+		if ( op->o_tag == LDAP_REQ_BIND ) {
+			op->o_dn = save_o_dn;
+			op->o_ndn = save_o_ndn;
+		}
+		if ( isproxyauthz == -1 ) {
+			return NULL;
+		}
+
 		lc_curr.lc_local_ndn = op->o_ndn;
-		/* Explicit binds must not be shared */
-		if ( op->o_tag == LDAP_REQ_BIND || SLAP_IS_AUTHZ_BACKEND( op ) ) {
+		/* Explicit binds must not be shared;
+		 * however, explicit binds are piped in a special connection
+		 * when idassert is to occur with "override" set */
+		if ( op->o_tag == LDAP_REQ_BIND && !isproxyauthz ) {
 			lc_curr.lc_conn = op->o_conn;
-	
+
 		} else {
-			lc_curr.lc_conn = LDAP_BACK_PCONN_SET( op );
+			if ( isproxyauthz && !( sendok & LDAP_BACK_BINDING ) ) {
+				lc_curr.lc_local_ndn = *binddn;
+				LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
+				LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+
+			} else if ( isproxyauthz && ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) {
+				lc_curr.lc_local_ndn = slap_empty_bv;
+				LDAP_BACK_PCONN_BIND_SET( &lc_curr, op );
+				LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+				lookupconn = 1;
+
+			} else if ( SLAP_IS_AUTHZ_BACKEND( op ) ) {
+				lc_curr.lc_conn = op->o_conn;
+
+			} else {
+				LDAP_BACK_PCONN_ANON_SET( &lc_curr, op );
+			}
 		}
 	}
 
 	/* Explicit Bind requests always get their own conn */
-	if ( !( sendok & LDAP_BACK_BINDING ) ) {
-		/* Searches for a ldapconn in the avl tree */
+	if ( lookupconn ) {
 retry_lock:
 		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+		if ( LDAP_BACK_PCONN_ISPRIV( &lc_curr ) ) {
+			/* lookup a conn that's not binding */
+			LDAP_TAILQ_FOREACH( lc,
+				&li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv,
+				lc_q )
+			{
+				if ( !LDAP_BACK_CONN_BINDING( lc ) && lc->lc_refcnt == 0 ) {
+					break;
+				}
+			}
 
-		lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree, 
-				(caddr_t)&lc_curr, ldap_back_conndn_cmp );
+			if ( lc != NULL ) {
+				if ( lc != LDAP_TAILQ_LAST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+					ldapconn_t, lc_q ) )
+				{
+					LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+						lc, lc_q );
+					LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+					LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+						lc, lc_q );
+				}
+
+			} else if ( !LDAP_BACK_USE_TEMPORARIES( li )
+				&& li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_num == li->li_conn_priv_max )
+			{
+				lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv );
+			}
+			
+		} else {
+
+			/* Searches for a ldapconn in the avl tree */
+			lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree, 
+					(caddr_t)&lc_curr, ldap_back_conndn_cmp );
+		}
+
 		if ( lc != NULL ) {
 			/* Don't reuse connections while they're still binding */
 			if ( LDAP_BACK_CONN_BINDING( lc ) ) {
-				ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
-				ldap_pvt_thread_yield();
-				goto retry_lock;
+				if ( !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+					ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+					ldap_pvt_thread_yield();
+					goto retry_lock;
+				}
+				lc = NULL;
 			}
-			refcnt = ++lc->lc_refcnt;
-			binding = ++lc->lc_binding;
+
+			if ( lc != NULL ) {
+				if ( op->o_tag == LDAP_REQ_BIND ) {
+					/* right now, this is the only possible case */
+					assert( ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) );
+					LDAP_BACK_CONN_BINDING_SET( lc );
+				}
+
+				refcnt = ++lc->lc_refcnt;
+			}
 		}
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 	}
 
 	/* Looks like we didn't get a bind. Open a new session... */
 	if ( lc == NULL ) {
-		if ( ldap_back_prepare_conn( &lc, op, rs, sendok ) != LDAP_SUCCESS ) {
+		lc = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
+		lc->lc_flags = li->li_flags;
+		lc->lc_lcflags = lc_curr.lc_lcflags;
+		if ( ldap_back_prepare_conn( lc, op, rs, sendok ) != LDAP_SUCCESS ) {
+			ch_free( lc );
 			return NULL;
 		}
+
 		if ( sendok & LDAP_BACK_BINDING ) {
 			LDAP_BACK_CONN_BINDING_SET( lc );
 		}
+
 		lc->lc_conn = lc_curr.lc_conn;
 		ber_dupbv( &lc->lc_local_ndn, &lc_curr.lc_local_ndn );
 
+		/*
+		 * the rationale is: connections as the rootdn are privileged,
+		 * so acl_authcDN is to be used; however, in some cases
+		 * one already configured identity assertion with a highly
+		 * privileged idassert_authcDN, so if acl_authcDN is NULL
+		 * and idassert_authcDN is not, use the second instead.
+		 *
+		 * might change in the future, because it's preferable
+		 * to make clear what identity is being used, since
+		 * the only drawback is that one risks to configure
+		 * the same identity twice...
+		 */
 		if ( LDAP_BACK_CONN_ISPRIV( &lc_curr ) ) {
-			ber_dupbv( &lc->lc_cred, &li->li_acl_passwd );
-			ber_dupbv( &lc->lc_bound_ndn, &li->li_acl_authcDN );
+			if ( BER_BVISNULL( &li->li_acl_authcDN ) && !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+				ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
+				ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+
+			} else {
+				ber_dupbv( &lc->lc_bound_ndn, &li->li_acl_authcDN );
+				ber_dupbv( &lc->lc_cred, &li->li_acl_passwd );
+			}
 			LDAP_BACK_CONN_ISPRIV_SET( lc );
 
+		} else if ( LDAP_BACK_CONN_ISIDASSERT( &lc_curr ) ) {
+			if ( !LDAP_BACK_PCONN_ISBIND( &lc_curr ) ) {
+				ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
+				ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+			}
+			LDAP_BACK_CONN_ISIDASSERT_SET( lc );
+
 		} else {
 			BER_BVZERO( &lc->lc_cred );
 			BER_BVZERO( &lc->lc_bound_ndn );
-#if 0
-			/* FIXME: if we set lc_bound_ndn = o_ndn
-			 * we end up with a bind with DN but no password! */
 			if ( !BER_BVISEMPTY( &op->o_ndn )
 				&& SLAP_IS_AUTHZ_BACKEND( op ) )
 			{
 				ber_dupbv( &lc->lc_bound_ndn, &op->o_ndn );
 			}
-#endif
 		}
 
 #ifdef HAVE_TLS
@@ -627,18 +922,24 @@
 		 * check if the non-TLS connection was already
 		 * in cache; in case, destroy the newly created
 		 * connection and use the existing one */
-		if ( lc->lc_conn == LDAP_BACK_PCONN_TLS
+		if ( LDAP_BACK_PCONN_ISTLS( lc ) 
 				&& !ldap_tls_inplace( lc->lc_ld ) )
 		{
-			ldapconn_t *tmplc;
+			ldapconn_t	*tmplc = NULL;
+			int		idx = LDAP_BACK_CONN2PRIV( &lc_curr ) - 1;
 			
-			lc_curr.lc_conn = LDAP_BACK_PCONN;
 			ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-			tmplc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree, 
-					(caddr_t)&lc_curr, ldap_back_conndn_cmp );
+			LDAP_TAILQ_FOREACH( tmplc,
+				&li->li_conn_priv[ idx ].lic_priv,
+				lc_q )
+			{
+				if ( !LDAP_BACK_CONN_BINDING( tmplc ) ) {
+					break;
+				}
+			}
+
 			if ( tmplc != NULL ) {
 				refcnt = ++tmplc->lc_refcnt;
-				binding = ++tmplc->lc_binding;
 				ldap_back_conn_free( lc );
 				lc = tmplc;
 			}
@@ -650,57 +951,84 @@
 		}
 #endif /* HAVE_TLS */
 
-		LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
-
 		/* Inserts the newly created ldapconn in the avl tree */
 		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 
+		LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+
 		assert( lc->lc_refcnt == 1 );
-		assert( lc->lc_binding == 1 );
-		rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
-			ldap_back_conndn_cmp, ldap_back_conndn_dup );
 
-#if PRINT_CONNTREE > 0
-		myprint( li->li_conninfo.lai_tree );
-#endif /* PRINT_CONNTREE */
+#if LDAP_BACK_PRINT_CONNTREE > 0
+		ldap_back_print_conntree( li, ">>> ldap_back_getconn(insert)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
 	
+		if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+			if ( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num < li->li_conn_priv_max ) {
+				LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+				li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num++;
+				LDAP_BACK_CONN_CACHED_SET( lc );
+
+			} else {
+				LDAP_BACK_CONN_TAINTED_SET( lc );
+			}
+			rs->sr_err = 0;
+
+		} else {
+			rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
+				ldap_back_conndn_cmp, ldap_back_conndn_dup );
+			LDAP_BACK_CONN_CACHED_SET( lc );
+		}
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+		ldap_back_print_conntree( li, "<<< ldap_back_getconn(insert)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+	
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 
-		Debug( LDAP_DEBUG_TRACE,
-			"=>ldap_back_getconn: conn %p inserted refcnt=%u binding=%u\n",
-			(void *)lc, refcnt, binding );
+		if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+			char	buf[ SLAP_TEXT_BUFLEN ];
+
+			snprintf( buf, sizeof( buf ),
+				"lc=%p inserted refcnt=%u rc=%d",
+				(void *)lc, refcnt, rs->sr_err );
+				
+			Debug( LDAP_DEBUG_TRACE,
+				"=>ldap_back_getconn: %s: %s\n",
+				op->o_log_prefix, buf, 0 );
+		}
 	
-		/* Err could be -1 in case a duplicate ldapconn is inserted */
-		switch ( rs->sr_err ) {
-		case 0:
-			break;
+		if ( !LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+			/* Err could be -1 in case a duplicate ldapconn is inserted */
+			switch ( rs->sr_err ) {
+			case 0:
+				break;
 
-		case -1:
-			if ( !( sendok & LDAP_BACK_BINDING ) ) {
-				/* duplicate: free and try to get the newly created one */
-				goto retry_lock;
-			}
-			/* taint connection, so that it'll be freed when released */
-			ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-			(void *)avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
-					ldap_back_conndnlc_cmp );
-			ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
-			LDAP_BACK_CONN_TAINTED_SET( lc );
-			break;
+			case -1:
+				LDAP_BACK_CONN_CACHED_CLEAR( lc );
+				if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+					/* duplicate: free and try to get the newly created one */
+					ldap_back_conn_free( lc );
+					lc = NULL;
+					goto retry_lock;
+				}
 
-		default:
-			ldap_back_conn_free( lc );
-			rs->sr_err = LDAP_OTHER;
-			rs->sr_text = "proxy bind collision";
-			if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
-				send_ldap_result( op, rs );
-				rs->sr_text = NULL;
+				/* taint connection, so that it'll be freed when released */
+				LDAP_BACK_CONN_TAINTED_SET( lc );
+				break;
+
+			default:
+				LDAP_BACK_CONN_CACHED_CLEAR( lc );
+				ldap_back_conn_free( lc );
+				rs->sr_err = LDAP_OTHER;
+				rs->sr_text = "Proxy bind collision";
+				if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+					send_ldap_result( op, rs );
+				}
+				return NULL;
 			}
-			return NULL;
 		}
 
 	} else {
-		char	buf[ SLAP_TEXT_BUFLEN ];
 		int	expiring = 0;
 
 		if ( ( li->li_idle_timeout != 0 && op->o_time > lc->lc_time + li->li_idle_timeout )
@@ -711,41 +1039,49 @@
 			/* let it be used, but taint/delete it so that 
 			 * no-one else can look it up any further */
 			ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-			(void *)avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
-					ldap_back_conndnlc_cmp );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+			ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+			(void)ldap_back_conn_delete( li, lc );
+			LDAP_BACK_CONN_TAINTED_SET( lc );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+			ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
 			ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
-			LDAP_BACK_CONN_TAINTED_SET( lc );
 		}
 
-		{
+		if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+			char	buf[ SLAP_TEXT_BUFLEN ];
+
 			snprintf( buf, sizeof( buf ),
-				"conn %p fetched refcnt=%u binding=%u%s",
-				(void *)lc, refcnt, binding, expiring ? " expiring" : "" );
+				"conn %p fetched refcnt=%u%s",
+				(void *)lc, refcnt,
+				expiring ? " expiring" : "" );
 			Debug( LDAP_DEBUG_TRACE,
 				"=>ldap_back_getconn: %s.\n", buf, 0, 0 );
 		}
-	
 	}
 
 #ifdef HAVE_TLS
 done:;
 #endif /* HAVE_TLS */
-	if ( li->li_idle_timeout && lc ) {
-		lc->lc_time = op->o_time;
-	}
 
 	return lc;
 }
 
 void
 ldap_back_release_conn_lock(
-	Operation		*op,
-	SlapReply		*rs,
-	ldapconn_t		*lc,
+	ldapinfo_t		*li,
+	ldapconn_t		**lcp,
 	int			dolock )
 {
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 
+	ldapconn_t	*lc = *lcp;
+
 	if ( dolock ) {
 		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 	}
@@ -753,25 +1089,93 @@
 	LDAP_BACK_CONN_BINDING_CLEAR( lc );
 	lc->lc_refcnt--;
 	if ( LDAP_BACK_CONN_TAINTED( lc ) ) {
-		ldap_back_freeconn( op, lc, 0 );
+		ldap_back_freeconn( li, lc, 0 );
+		*lcp = NULL;
 	}
 	if ( dolock ) {
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 	}
 }
 
+void
+ldap_back_quarantine(
+	Operation	*op,
+	SlapReply	*rs )
+{
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
+
+	slap_retry_info_t	*ri = &li->li_quarantine;
+
+	ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
+
+	if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+		time_t		new_last = slap_get_time();
+
+		switch ( li->li_isquarantined ) {
+		case LDAP_BACK_FQ_NO:
+			if ( ri->ri_last == new_last ) {
+				goto done;
+			}
+
+			Debug( LDAP_DEBUG_ANY,
+				"%s: ldap_back_quarantine enter.\n",
+				op->o_log_prefix, 0, 0 );
+
+			ri->ri_idx = 0;
+			ri->ri_count = 0;
+			break;
+
+		case LDAP_BACK_FQ_RETRYING:
+			Debug( LDAP_DEBUG_ANY,
+				"%s: ldap_back_quarantine block #%d try #%d failed.\n",
+				op->o_log_prefix, ri->ri_idx, ri->ri_count );
+
+			++ri->ri_count;
+			if ( ri->ri_num[ ri->ri_idx ] != SLAP_RETRYNUM_FOREVER
+				&& ri->ri_count == ri->ri_num[ ri->ri_idx ] )
+			{
+				ri->ri_count = 0;
+				++ri->ri_idx;
+			}
+			break;
+
+		default:
+			break;
+		}
+
+		li->li_isquarantined = LDAP_BACK_FQ_YES;
+		ri->ri_last = new_last;
+
+	} else if ( li->li_isquarantined != LDAP_BACK_FQ_NO ) {
+		if ( ri->ri_last == slap_get_time() ) {
+			goto done;
+		}
+
+		Debug( LDAP_DEBUG_ANY,
+			"%s: ldap_back_quarantine exit (%d) err=%d.\n",
+			op->o_log_prefix, li->li_isquarantined, rs->sr_err );
+
+		if ( li->li_quarantine_f ) {
+			(void)li->li_quarantine_f( li, li->li_quarantine_p );
+		}
+
+		ri->ri_count = 0;
+		ri->ri_idx = 0;
+		li->li_isquarantined = LDAP_BACK_FQ_NO;
+	}
+
+done:;
+	ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
+}
+
 /*
- * ldap_back_dobind
+ * ldap_back_dobind_int
  *
- * Note: as the check for the value of lc->lc_bound was already here, I removed
- * it from all the callers, and I made the function return the flag, so
- * it can be used to simplify the check.
- *
  * Note: dolock indicates whether li->li_conninfo.lai_mutex must be locked or not
  */
 static int
 ldap_back_dobind_int(
-	ldapconn_t		*lc,
+	ldapconn_t		**lcp,
 	Operation		*op,
 	SlapReply		*rs,
 	ldap_back_send_t	sendok,
@@ -780,11 +1184,33 @@
 {	
 	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	int		rc, binding = 0;
+	ldapconn_t	*lc;
+	struct berval	binddn = slap_empty_bv,
+			bindcred = slap_empty_bv;
+
+	int		rc = 0,
+			isbound,
+			binding = 0;
 	ber_int_t	msgid;
 
+	assert( lcp != NULL );
 	assert( retries >= 0 );
 
+	if ( sendok & LDAP_BACK_GETCONN ) {
+		assert( *lcp == NULL );
+
+		lc = ldap_back_getconn( op, rs, sendok, &binddn, &bindcred );
+		if ( lc == NULL ) {
+			return 0;
+		}
+		*lcp = lc;
+
+	} else {
+		lc = *lcp;
+	}
+
+	assert( lc != NULL );
+
 retry_lock:;
  	if ( dolock ) {
  		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
@@ -792,9 +1218,8 @@
 
  	if ( binding == 0 ) {
 		/* check if already bound */
-		rc = LDAP_BACK_CONN_ISBOUND( lc );
-		if ( rc ) {
-			lc->lc_binding--;
+		rc = isbound = LDAP_BACK_CONN_ISBOUND( lc );
+		if ( isbound ) {
  			if ( dolock ) {
  				ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
  			}
@@ -816,38 +1241,10 @@
 		}
 	}
 
-	/* wait for pending operations to finish */
-	/* FIXME: may become a bottleneck! */
-	if ( lc->lc_refcnt != lc->lc_binding ) {
- 		if ( dolock ) {
- 			ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- 		}
-		ldap_pvt_thread_yield();
-		goto retry_lock;
-	}
-
  	if ( dolock ) {
  		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
  	}
 
-#if 0
-	while ( lc->lc_refcnt > 1 ) {
-		ldap_pvt_thread_yield();
-		rc = LDAP_BACK_CONN_ISBOUND( lc );
-		if ( rc ) {
-			return rc;
-		}
-	}
-
- 	if ( dolock ) {
- 		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
- 	}
- 	LDAP_BACK_CONN_BINDING_SET( lc );
- 	if ( dolock ) {
- 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- 	}
-#endif
-
 	/*
 	 * FIXME: we need to let clients use proxyAuthz
 	 * otherwise we cannot do symmetric pools of servers;
@@ -870,12 +1267,14 @@
 	 * but the "override" flag is given to idassert.
 	 * It allows to use SASL bind and yet proxyAuthz users
 	 */
-	if ( op->o_conn != NULL &&
-			!op->o_do_not_cache &&
-			( BER_BVISNULL( &lc->lc_bound_ndn ) ||
-			  ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
-	{
-		(void)ldap_back_proxy_authz_bind( lc, op, rs, sendok );
+	if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
+		if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) {
+			/* if we got here, it shouldn't return result */
+			rc = ldap_back_is_proxy_authz( op, rs,
+				LDAP_BACK_DONTSEND, &binddn, &bindcred );
+			assert( rc == 1 );
+		}
+		rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred );
 		goto done;
 	}
 
@@ -887,12 +1286,12 @@
 
 		if ( li->li_acl_secprops != NULL ) {
 			rc = ldap_set_option( lc->lc_ld,
-				LDAP_OPT_X_SASL_SECPROPS, li->li_acl_secprops);
+				LDAP_OPT_X_SASL_SECPROPS, li->li_acl_secprops );
 
 			if ( rc != LDAP_OPT_SUCCESS ) {
 				Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
-					"(%s,SECPROPS,\"%s\") failed!\n",
-					li->li_uri, li->li_acl_secprops, 0 );
+					"(SECPROPS,\"%s\") failed!\n",
+					li->li_acl_secprops, 0, 0 );
 				goto done;
 			}
 		}
@@ -915,18 +1314,25 @@
 		rs->sr_err = slap_map_api2result( rs );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
 			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
-			send_ldap_result( op, rs );
+			if ( sendok & LDAP_BACK_SENDERR ) {
+				send_ldap_result( op, rs );
+			}
 
 		} else {
 			LDAP_BACK_CONN_ISBOUND_SET( lc );
 		}
+
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			ldap_back_quarantine( op, rs );
+		}
+
 		goto done;
 	}
 #endif /* HAVE_CYRUS_SASL */
 
 retry:;
 	rs->sr_err = ldap_sasl_bind( lc->lc_ld,
-			lc->lc_bound_ndn.bv_val,
+			BER_BVISNULL( &lc->lc_cred ) ? "" : lc->lc_bound_ndn.bv_val,
 			LDAP_SASL_SIMPLE, &lc->lc_cred,
 			NULL, NULL, &msgid );
 
@@ -942,9 +1348,9 @@
 				lc->lc_ld = NULL;
 
 				/* lc here must be the regular lc, reset and ready for init */
-				rs->sr_err = ldap_back_prepare_conn( &lc, op, rs, sendok );
+				rs->sr_err = ldap_back_prepare_conn( lc, op, rs, sendok );
 				if ( rs->sr_err != LDAP_SUCCESS ) {
-					lc->lc_binding--;
+					sendok &= ~LDAP_BACK_SENDERR;
 					lc->lc_refcnt = 0;
 				}
 			}
@@ -959,45 +1365,59 @@
 				}
 				goto retry;
 			}
-
-		} else {
-			if ( dolock ) {
-				ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-			}
-			lc->lc_binding--;
-			if ( dolock ) {
-				ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
-			}
 		}
 
-		ldap_back_freeconn( op, lc, dolock );
+		assert( lc->lc_refcnt == 1 );
+		lc->lc_refcnt = 0;
+		ldap_back_freeconn( li, lc, dolock );
+		*lcp = NULL;
 		rs->sr_err = slap_map_api2result( rs );
 
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			ldap_back_quarantine( op, rs );
+		}
+
+		if ( rs->sr_err != LDAP_SUCCESS &&
+			( sendok & LDAP_BACK_SENDERR ) )
+		{
+			rs->sr_text = "Internal proxy bind failure";
+			send_ldap_result( op, rs );
+		}
+
 		return 0;
 	}
 
-	rc = ldap_back_op_result( lc, op, rs, msgid, 0, sendok );
+	rc = ldap_back_op_result( lc, op, rs, msgid,
+		-1, ( sendok | LDAP_BACK_BINDING ) );
 	if ( rc == LDAP_SUCCESS ) {
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
 	}
 
 done:;
-	lc->lc_binding--;
 	LDAP_BACK_CONN_BINDING_CLEAR( lc );
 	rc = LDAP_BACK_CONN_ISBOUND( lc );
 	if ( !rc ) {
-		ldap_back_release_conn_lock( op, rs, lc, dolock );
+		ldap_back_release_conn_lock( li, lcp, dolock );
+
+	} else if ( LDAP_BACK_SAVECRED( li ) ) {
+		ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
 	}
 
 	return rc;
 }
 
+/*
+ * ldap_back_dobind
+ *
+ * Note: dolock indicates whether li->li_conninfo.lai_mutex must be locked or not
+ */
 int
-ldap_back_dobind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+ldap_back_dobind( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
 {
 	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	return ldap_back_dobind_int( lc, op, rs, sendok, li->li_nretries, 1 );
+	return ldap_back_dobind_int( lcp, op, rs,
+		( sendok | LDAP_BACK_GETCONN ), li->li_nretries, 1 );
 }
 
 /*
@@ -1006,7 +1426,7 @@
  * This is a callback used for chasing referrals using the same
  * credentials as the original user on this session.
  */
-static int 
+int 
 ldap_back_default_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
 	ber_int_t msgid, void *params )
 {
@@ -1031,11 +1451,37 @@
 
 	/* FIXME: add checks on the URL/identity? */
 
-	return ldap_sasl_bind_s( ld, lc->lc_bound_ndn.bv_val,
+	return ldap_sasl_bind_s( ld,
+			BER_BVISNULL( &lc->lc_cred ) ? "" : lc->lc_bound_ndn.bv_val,
 			LDAP_SASL_SIMPLE, &lc->lc_cred, NULL, NULL, NULL );
 }
 
 int
+ldap_back_cancel(
+		ldapconn_t		*lc,
+		Operation		*op,
+		SlapReply		*rs,
+		ber_int_t		msgid,
+		ldap_back_send_t	sendok )
+{
+	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+
+	/* default behavior */
+	if ( LDAP_BACK_ABANDON( li ) ) {
+		return ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
+	}
+
+	if ( LDAP_BACK_CANCEL( li ) ) {
+		/* FIXME: asynchronous? */
+		return ldap_cancel_s( lc->lc_ld, msgid, NULL, NULL );
+	}
+
+	assert( 0 );
+
+	return LDAP_OTHER;
+}
+
+int
 ldap_back_op_result(
 		ldapconn_t		*lc,
 		Operation		*op,
@@ -1044,14 +1490,19 @@
 		time_t			timeout,
 		ldap_back_send_t	sendok )
 {
+	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+
 	char		*match = NULL;
-	LDAPMessage	*res = NULL;
 	char		*text = NULL;
+	char		**refs = NULL;
+	LDAPControl	**ctrls = NULL;
 
 #define	ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
 
 	rs->sr_text = NULL;
 	rs->sr_matched = NULL;
+	rs->sr_ref = NULL;
+	rs->sr_ctrls = NULL;
 
 	/* if the error recorded in the reply corresponds
 	 * to a successful state, get the error from the
@@ -1059,28 +1510,83 @@
 	if ( ERR_OK( rs->sr_err ) ) {
 		int		rc;
 		struct timeval	tv;
+		LDAPMessage	*res = NULL;
+		time_t		stoptime = (time_t)(-1);
+		int		timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+					LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+		const char	*timeout_text = "Operation timed out";
 
-		if ( timeout ) {
-			tv.tv_sec = timeout;
-			tv.tv_usec = 0;
+		/* if timeout is not specified, compute and use
+		 * the one specific to the ongoing operation */
+		if ( timeout == (time_t)(-1) ) {
+			slap_op_t	opidx = slap_req2op( op->o_tag );
 
-		} else {
-			LDAP_BACK_TV_SET( &tv );
+			if ( opidx == SLAP_OP_SEARCH ) {
+				if ( op->ors_tlimit <= 0 ) {
+					timeout = 0;
+
+				} else {
+					timeout = op->ors_tlimit;
+					timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+					timeout_text = NULL;
+				}
+
+			} else {
+				timeout = li->li_timeout[ opidx ];
+			}
 		}
 
+		/* better than nothing :) */
+		if ( timeout == 0 ) {
+			if ( li->li_idle_timeout ) {
+				timeout = li->li_idle_timeout;
+
+			} else if ( li->li_conn_ttl ) {
+				timeout = li->li_conn_ttl;
+			}
+		}
+
+		if ( timeout ) {
+			stoptime = op->o_time + timeout;
+		}
+
+		LDAP_BACK_TV_SET( &tv );
+
 retry:;
 		/* if result parsing fails, note the failure reason */
 		rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
 		switch ( rc ) {
 		case 0:
-			if ( timeout ) {
-				(void)ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
-				rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
-					LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR;
-				rs->sr_text = "Operation timed out";
+			if ( timeout && slap_get_time() > stoptime ) {
+				if ( sendok & LDAP_BACK_BINDING ) {
+					ldap_unbind_ext( lc->lc_ld, NULL, NULL );
+					lc->lc_ld = NULL;
+
+					/* let it be used, but taint/delete it so that 
+					 * no-one else can look it up any further */
+					ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+					ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+					(void)ldap_back_conn_delete( li, lc );
+					LDAP_BACK_CONN_TAINTED_SET( lc );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+					ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+					ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+				} else {
+					(void)ldap_back_cancel( lc, op, rs, msgid, sendok );
+				}
+				rs->sr_err = timeout_err;
+				rs->sr_text = timeout_text;
 				break;
 			}
 
+			/* timeout == 0 */
 			LDAP_BACK_TV_SET( &tv );
 			ldap_pvt_thread_yield();
 			goto retry;
@@ -1096,22 +1602,58 @@
 		 * structure (this includes 
 		 * LDAP_COMPARE_{TRUE|FALSE}) */
 		default:
+			/* only touch when activity actually took place... */
+			if ( li->li_idle_timeout && lc ) {
+				lc->lc_time = op->o_time;
+			}
+
 			rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
-					&match, &text, NULL, NULL, 1 );
-#ifndef LDAP_NULL_IS_NULL
-			if ( match != NULL && match[ 0 ] == '\0' ) {
-				ldap_memfree( match );
-				match = NULL;
-			}
-			if ( text != NULL && text[ 0 ] == '\0' ) {
-				ldap_memfree( text );
-				text = NULL;
-			}
-#endif /* LDAP_NULL_IS_NULL */
+					&match, &text, &refs, &ctrls, 1 );
 			rs->sr_text = text;
 			if ( rc != LDAP_SUCCESS ) {
 				rs->sr_err = rc;
 			}
+
+			/* RFC 4511: referrals can only appear
+			 * if result code is LDAP_REFERRAL */
+			if ( refs != NULL
+				&& refs[ 0 ] != NULL
+				&& refs[ 0 ][ 0 ] != '\0' )
+			{
+				if ( rs->sr_err != LDAP_REFERRAL ) {
+					Debug( LDAP_DEBUG_ANY,
+						"%s ldap_back_op_result: "
+						"got referrals with err=%d\n",
+						op->o_log_prefix,
+						rs->sr_err, 0 );
+
+				} else {
+					int	i;
+
+					for ( i = 0; refs[ i ] != NULL; i++ )
+						/* count */ ;
+					rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
+						op->o_tmpmemctx );
+					for ( i = 0; refs[ i ] != NULL; i++ ) {
+						ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
+					}
+					BER_BVZERO( &rs->sr_ref[ i ] );
+				}
+
+			} else if ( rs->sr_err == LDAP_REFERRAL ) {
+				Debug( LDAP_DEBUG_ANY,
+					"%s ldap_back_op_result: "
+					"got err=%d with null "
+					"or empty referrals\n",
+					op->o_log_prefix,
+					rs->sr_err, 0 );
+
+				rs->sr_err = LDAP_NO_SUCH_OBJECT;
+			}
+
+			if ( ctrls != NULL ) {
+				rs->sr_ctrls = ctrls;
+			}
 		}
 	}
 
@@ -1130,12 +1672,25 @@
 			rs->sr_matched = match;
 		}
 	}
-	if ( op->o_conn &&
-			( ( sendok & LDAP_BACK_SENDOK ) 
-			  || ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+
+	if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+		if ( !( sendok & LDAP_BACK_RETRYING ) ) {
+			if ( LDAP_BACK_QUARANTINE( li ) ) {
+				ldap_back_quarantine( op, rs );
+			}
+			if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+				if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
+				send_ldap_result( op, rs );
+			}
+		}
+
+	} else if ( op->o_conn &&
+		( ( ( sendok & LDAP_BACK_SENDOK ) && ERR_OK( rs->sr_err ) )
+			|| ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
 	{
 		send_ldap_result( op, rs );
 	}
+
 	if ( match ) {
 		if ( rs->sr_matched != match ) {
 			free( (char *)rs->sr_matched );
@@ -1143,10 +1698,27 @@
 		rs->sr_matched = NULL;
 		ldap_memfree( match );
 	}
+
 	if ( text ) {
 		ldap_memfree( text );
 	}
 	rs->sr_text = NULL;
+
+	if ( rs->sr_ref ) {
+		op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+		rs->sr_ref = NULL;
+	}
+
+	if ( refs ) {
+		ber_memvfree( (void **)refs );
+	}
+
+	if ( ctrls ) {
+		assert( rs->sr_ctrls != NULL );
+		ldap_controls_free( ctrls );
+		rs->sr_ctrls = NULL;
+	}
+
 	return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
 }
 
@@ -1154,8 +1726,8 @@
 int
 ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
 {
+	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 	int		rc = 0;
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
 
 	assert( lcp != NULL );
 	assert( *lcp != NULL );
@@ -1163,25 +1735,42 @@
 	ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 
 	if ( (*lcp)->lc_refcnt == 1 ) {
+		int binding = LDAP_BACK_CONN_BINDING( *lcp );
+
+		ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
 		Debug( LDAP_DEBUG_ANY,
 			"%s ldap_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
 			op->o_log_prefix, li->li_uri,
 			BER_BVISNULL( &(*lcp)->lc_bound_ndn ) ?
 				"" : (*lcp)->lc_bound_ndn.bv_val );
+		ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
 
 		ldap_unbind_ext( (*lcp)->lc_ld, NULL, NULL );
 		(*lcp)->lc_ld = NULL;
 		LDAP_BACK_CONN_ISBOUND_CLEAR( (*lcp) );
 
 		/* lc here must be the regular lc, reset and ready for init */
-		rc = ldap_back_prepare_conn( lcp, op, rs, sendok );
+		rc = ldap_back_prepare_conn( *lcp, op, rs, sendok );
 		if ( rc != LDAP_SUCCESS ) {
+			/* freeit, because lc_refcnt == 1 */
+			(*lcp)->lc_refcnt = 0;
+			(void)ldap_back_freeconn( li, *lcp, 0 );
+			*lcp = NULL;
 			rc = 0;
-			*lcp = NULL;
 
+		} else if ( ( sendok & LDAP_BACK_BINDING ) ) {
+			if ( binding ) {
+				LDAP_BACK_CONN_BINDING_SET( *lcp );
+			}
+			rc = 1;
+
 		} else {
-			rc = ldap_back_dobind_int( *lcp, op, rs, sendok, 0, 0 );
-			if ( rc == 0 ) {
+			rc = ldap_back_dobind_int( lcp, op, rs, sendok, 0, 0 );
+			if ( rc == 0 && *lcp != NULL ) {
+				/* freeit, because lc_refcnt == 1 */
+				(*lcp)->lc_refcnt = 0;
+				LDAP_BACK_CONN_TAINTED_SET( *lcp );
+				(void)ldap_back_freeconn( li, *lcp, 0 );
 				*lcp = NULL;
 			}
 		}
@@ -1191,12 +1780,13 @@
 			"ldap_back_retry: conn %p refcnt=%u unable to retry.\n",
 			(void *)(*lcp), (*lcp)->lc_refcnt, 0 );
 
-		ldap_back_release_conn_lock( op, rs, *lcp, 0 );
-		*lcp = NULL;
+		LDAP_BACK_CONN_TAINTED_SET( *lcp );
+		ldap_back_release_conn_lock( li, lcp, 0 );
+		assert( *lcp == NULL );
 
-		if ( sendok ) {
+		if ( sendok & LDAP_BACK_SENDERR ) {
 			rs->sr_err = LDAP_UNAVAILABLE;
-			rs->sr_text = "unable to retry";
+			rs->sr_text = "Unable to retry";
 			send_ldap_result( op, rs );
 		}
 	}
@@ -1207,16 +1797,41 @@
 }
 
 static int
-ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
+	struct berval *binddn, struct berval *bindcred )
 {
 	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
-	struct berval	binddn = slap_empty_bv;
-	struct berval	bindcred = slap_empty_bv;
 	struct berval	ndn;
 	int		dobind = 0;
-	int		msgid;
-	int		rc;
 
+	if ( op->o_conn == NULL || op->o_do_not_cache ) {
+		goto done;
+	}
+
+	/* don't proxyAuthz if protocol is not LDAPv3 */
+	switch ( li->li_version ) {
+	case LDAP_VERSION3:
+		break;
+
+	case 0:
+		if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+			break;
+		}
+		/* fall thru */
+
+	default:
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		if ( sendok & LDAP_BACK_SENDERR ) {
+			send_ldap_result( op, rs );
+			dobind = -1;
+		}
+		goto done;
+	}
+
+	/* safe default */
+	*binddn = slap_empty_bv;
+	*bindcred = slap_empty_bv;
+
 	if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
 		ndn = op->o_conn->c_ndn;
 
@@ -1224,36 +1839,13 @@
 		ndn = op->o_ndn;
 	}
 
-	/*
-	 * FIXME: we need to let clients use proxyAuthz
-	 * otherwise we cannot do symmetric pools of servers;
-	 * we have to live with the fact that a user can
-	 * authorize itself as any ID that is allowed
-	 * by the authzTo directive of the "proxyauthzdn".
-	 */
-	/*
-	 * NOTE: current Proxy Authorization specification
-	 * and implementation do not allow proxy authorization
-	 * control to be provided with Bind requests
-	 */
-	/*
-	 * if no bind took place yet, but the connection is bound
-	 * and the "proxyauthzdn" is set, then bind as 
-	 * "proxyauthzdn" and explicitly add the proxyAuthz 
-	 * control to every operation with the dn bound 
-	 * to the connection as control value.
-	 */
-
-	/* bind as proxyauthzdn only if no idassert mode
-	 * is requested, or if the client's identity
-	 * is authorized */
 	switch ( li->li_idassert_mode ) {
 	case LDAP_BACK_IDASSERT_LEGACY:
 		if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
 			if ( !BER_BVISNULL( &li->li_idassert_authcDN ) && !BER_BVISEMPTY( &li->li_idassert_authcDN ) )
 			{
-				binddn = li->li_idassert_authcDN;
-				bindcred = li->li_idassert_passwd;
+				*binddn = li->li_idassert_authcDN;
+				*bindcred = li->li_idassert_passwd;
 				dobind = 1;
 			}
 		}
@@ -1261,18 +1853,21 @@
 
 	default:
 		/* NOTE: rootdn can always idassert */
-		if ( BER_BVISNULL( &ndn ) && li->li_idassert_authz == NULL ) {
+		if ( BER_BVISNULL( &ndn )
+			&& li->li_idassert_authz == NULL
+			&& !( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+		{
 			if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
 				rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
 				if ( sendok & LDAP_BACK_SENDERR ) {
 					send_ldap_result( op, rs );
+					dobind = -1;
 				}
-				LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
 
 			} else {
 				rs->sr_err = LDAP_SUCCESS;
-				binddn = slap_empty_bv;
-				bindcred = slap_empty_bv;
+				*binddn = slap_empty_bv;
+				*bindcred = slap_empty_bv;
 				break;
 			}
 
@@ -1293,13 +1888,13 @@
 				if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
 					if ( sendok & LDAP_BACK_SENDERR ) {
 						send_ldap_result( op, rs );
+						dobind = -1;
 					}
-					LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
 
 				} else {
 					rs->sr_err = LDAP_SUCCESS;
-					binddn = slap_empty_bv;
-					bindcred = slap_empty_bv;
+					*binddn = slap_empty_bv;
+					*bindcred = slap_empty_bv;
 					break;
 				}
 
@@ -1307,13 +1902,38 @@
 			}
 		}
 
-		binddn = li->li_idassert_authcDN;
-		bindcred = li->li_idassert_passwd;
+		*binddn = li->li_idassert_authcDN;
+		*bindcred = li->li_idassert_passwd;
 		dobind = 1;
 		break;
 	}
 
-	if ( dobind && li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
+done:;
+	return dobind;
+}
+
+static int
+ldap_back_proxy_authz_bind(
+	ldapconn_t		*lc,
+	Operation		*op,
+	SlapReply		*rs,
+	ldap_back_send_t	sendok,
+	struct berval		*binddn,
+	struct berval		*bindcred )
+{
+	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+	struct berval	ndn;
+	int		msgid;
+	int		rc;
+
+	if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+		ndn = op->o_conn->c_ndn;
+
+	} else {
+		ndn = op->o_ndn;
+	}
+
+	if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL
 		void		*defaults = NULL;
 		struct berval	authzID = BER_BVNULL;
@@ -1374,7 +1994,7 @@
 				li->li_idassert_passwd.bv_val,
 				authzID.bv_val );
 
-		rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn.bv_val,
+		rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn->bv_val,
 				li->li_idassert_sasl_mech.bv_val, NULL, NULL,
 				LDAP_SASL_QUIET, lutil_sasl_interact,
 				defaults );
@@ -1401,13 +2021,17 @@
 
 	switch ( li->li_idassert_authmethod ) {
 	case LDAP_AUTH_NONE:
-		LDAP_BACK_CONN_ISBOUND_SET( lc );
-		goto done;
+		/* FIXME: do we really need this? */
+		BER_BVSTR( binddn, "" );
+		BER_BVSTR( bindcred, "" );
+		/* fallthru */
 
 	case LDAP_AUTH_SIMPLE:
 		rs->sr_err = ldap_sasl_bind( lc->lc_ld,
-				binddn.bv_val, LDAP_SASL_SIMPLE,
-				&bindcred, NULL, NULL, &msgid );
+				binddn->bv_val, LDAP_SASL_SIMPLE,
+				bindcred, NULL, NULL, &msgid );
+		rc = ldap_back_op_result( lc, op, rs, msgid,
+			-1, ( sendok | LDAP_BACK_BINDING ) );
 		break;
 
 	default:
@@ -1420,9 +2044,25 @@
 		goto done;
 	}
 
-	rc = ldap_back_op_result( lc, op, rs, msgid, 0, sendok );
 	if ( rc == LDAP_SUCCESS ) {
+		/* set rebind stuff in case of successful proxyAuthz bind,
+		 * so that referral chasing is attempted using the right
+		 * identity */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
+		ber_bvreplace( &lc->lc_bound_ndn, binddn );
+
+		if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+			memset( lc->lc_cred.bv_val, 0,
+					lc->lc_cred.bv_len );
+		}
+
+		if ( LDAP_BACK_SAVECRED( li ) ) {
+			ber_bvreplace( &lc->lc_cred, bindcred );
+			ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+		} else {
+			lc->lc_cred.bv_len = 0;
+		}
 	}
 done:;
 	return LDAP_BACK_CONN_ISBOUND( lc );
@@ -1456,32 +2096,49 @@
  */
 int
 ldap_back_proxy_authz_ctrl(
-		ldapconn_t	*lc,
+		struct berval	*bound_ndn,
+		int		version,
+		slap_idassert_t	*si,
 		Operation	*op,
 		SlapReply	*rs,
 		LDAPControl	***pctrls )
 {
-	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
-	LDAPControl	**ctrls = NULL;
-	int		i = 0,
-			mode;
-	struct berval	assertedID,
-			ndn;
+	LDAPControl		**ctrls = NULL;
+	int			i = 0;
+	slap_idassert_mode_t	mode;
+	struct berval		assertedID,
+				ndn;
+	int			isroot = 0;
 
 	*pctrls = NULL;
 
 	rs->sr_err = LDAP_SUCCESS;
 
+	/* don't proxyAuthz if protocol is not LDAPv3 */
+	switch ( version ) {
+	case LDAP_VERSION3:
+		break;
+
+	case 0:
+		if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+			break;
+		}
+		/* fall thru */
+
+	default:
+		goto done;
+	}
+
 	/* FIXME: SASL/EXTERNAL over ldapi:// doesn't honor the authcID,
 	 * but if it is not set this test fails.  We need a different
 	 * means to detect if idassert is enabled */
-	if ( ( BER_BVISNULL( &li->li_idassert_authcID ) || BER_BVISEMPTY( &li->li_idassert_authcID ) )
-			&& ( BER_BVISNULL( &li->li_idassert_authcDN ) || BER_BVISEMPTY( &li->li_idassert_authcDN ) ) )
+	if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
+			&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
 	{
 		goto done;
 	}
 
-	if ( !op->o_conn || op->o_do_not_cache || be_isroot( op ) ) {
+	if ( !op->o_conn || op->o_do_not_cache || ( isroot = be_isroot( op ) ) ) {
 		goto done;
 	}
 
@@ -1495,7 +2152,7 @@
 		ndn = op->o_ndn;
 	}
 
-	if ( li->li_idassert_mode == LDAP_BACK_IDASSERT_LEGACY ) {
+	if ( si->si_mode == LDAP_BACK_IDASSERT_LEGACY ) {
 		if ( op->o_proxy_authz ) {
 			/*
 			 * FIXME: we do not want to perform proxyAuthz
@@ -1514,7 +2171,7 @@
 			goto done;
 		}
 
-		if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
+		if ( !BER_BVISNULL( bound_ndn ) ) {
 			goto done;
 		}
 
@@ -1522,23 +2179,18 @@
 			goto done;
 		}
 
-		if ( BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+		if ( BER_BVISNULL( &si->si_bc.sb_binddn ) ) {
 			goto done;
 		}
 
-	} else if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
-		if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ )
-				/* && ( !BER_BVISNULL( &ndn )
-					|| LDAP_BACK_CONN_ISBOUND( lc ) ) */ )
+	} else if ( si->si_bc.sb_method == LDAP_AUTH_SASL ) {
+		if ( ( si->si_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
 		{
 			/* already asserted in SASL via native authz */
-			/* NOTE: the test on lc->lc_bound is used to trap
-			 * native authorization of anonymous users,
-			 * since in that case ndn is NULL */
 			goto done;
 		}
 
-	} else if ( li->li_idassert_authz && !be_isroot( op ) ) {
+	} else if ( si->si_authz && !isroot ) {
 		int		rc;
 		struct berval authcDN;
 
@@ -1547,11 +2199,10 @@
 		} else {
 			authcDN = ndn;
 		}
-		rc = slap_sasl_matches( op, li->li_idassert_authz,
+		rc = slap_sasl_matches( op, si->si_authz,
 				&authcDN, & authcDN );
 		if ( rc != LDAP_SUCCESS ) {
-			if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE )
-			{
+			if ( si->si_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
 				/* ndn is not authorized
 				 * to use idassert */
 				rs->sr_err = rc;
@@ -1586,25 +2237,15 @@
 		mode = LDAP_BACK_IDASSERT_NOASSERT;
 
 	} else {
-		mode = li->li_idassert_mode;
+		mode = si->si_mode;
 	}
 
 	switch ( mode ) {
-	case LDAP_BACK_IDASSERT_SELF:
-		if ( BER_BVISNULL( &ndn ) ) {
-			goto done;
-		}
-		assertedID = ndn;
-		break;
-
 	case LDAP_BACK_IDASSERT_LEGACY:
 		/* original behavior:
 		 * assert the client's identity */
-		if ( BER_BVISNULL( &ndn ) ) {
-			assertedID = slap_empty_bv;
-		} else {
-			assertedID = ndn;
-		}
+	case LDAP_BACK_IDASSERT_SELF:
+		assertedID = ndn;
 		break;
 
 	case LDAP_BACK_IDASSERT_ANONYMOUS:
@@ -1619,19 +2260,20 @@
 	case LDAP_BACK_IDASSERT_OTHERID:
 	case LDAP_BACK_IDASSERT_OTHERDN:
 		/* assert idassert DN */
-		assertedID = li->li_idassert_authzID;
+		assertedID = si->si_bc.sb_authzId;
 		break;
 
 	default:
 		assert( 0 );
 	}
 
+	/* if we got here, "" is allowed to proxyAuthz */
 	if ( BER_BVISNULL( &assertedID ) ) {
 		assertedID = slap_empty_bv;
 	}
 
 	/* don't idassert the bound DN (ITS#4497) */
-	if ( dn_match( &assertedID, &lc->lc_bound_ndn ) ) {
+	if ( dn_match( &assertedID, bound_ndn ) ) {
 		goto done;
 	}
 
@@ -1647,7 +2289,7 @@
 	ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
 	ctrls[ 0 ]->ldctl_iscritical = 1;
 
-	switch ( li->li_idassert_mode ) {
+	switch ( si->si_mode ) {
 	/* already in u:ID or dn:DN form */
 	case LDAP_BACK_IDASSERT_OTHERID:
 	case LDAP_BACK_IDASSERT_OTHERDN:
@@ -1665,6 +2307,88 @@
 		break;
 	}
 
+	/* Older versions of <draft-weltman-ldapv3-proxy> required
+	 * to encode the value of the authzID (and called it proxyDN);
+	 * this hack provides compatibility with those DSAs that
+	 * implement it this way */
+	if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+		struct berval		authzID = ctrls[ 0 ]->ldctl_value;
+		BerElementBuffer	berbuf;
+		BerElement		*ber = (BerElement *)&berbuf;
+		ber_tag_t		tag;
+
+		ber_init2( ber, 0, LBER_USE_DER );
+		ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+		tag = ber_printf( ber, "O", &authzID );
+		if ( tag == LBER_ERROR ) {
+			rs->sr_err = LDAP_OTHER;
+			goto free_ber;
+		}
+
+		if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+			rs->sr_err = LDAP_OTHER;
+			goto free_ber;
+		}
+
+free_ber:;
+		op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+		ber_free_buf( ber );
+
+		if ( rs->sr_err != LDAP_SUCCESS ) {
+			op->o_tmpfree( ctrls, op->o_tmpmemctx );
+			ctrls = NULL;
+			goto done;
+		}
+
+	} else if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+		struct berval		authzID = ctrls[ 0 ]->ldctl_value,
+					tmp;
+		BerElementBuffer	berbuf;
+		BerElement		*ber = (BerElement *)&berbuf;
+		ber_tag_t		tag;
+
+		if ( strncasecmp( authzID.bv_val, "dn:", STRLENOF( "dn:" ) ) != 0 ) {
+			op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
+			op->o_tmpfree( ctrls, op->o_tmpmemctx );
+			ctrls = NULL;
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+
+		tmp = authzID;
+		tmp.bv_val += STRLENOF( "dn:" );
+		tmp.bv_len -= STRLENOF( "dn:" );
+
+		ber_init2( ber, 0, LBER_USE_DER );
+		ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+		/* apparently, Mozilla API encodes this
+		 * as "SEQUENCE { LDAPDN }" */
+		tag = ber_printf( ber, "{O}", &tmp );
+		if ( tag == LBER_ERROR ) {
+			rs->sr_err = LDAP_OTHER;
+			goto free_ber2;
+		}
+
+		if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+			rs->sr_err = LDAP_OTHER;
+			goto free_ber2;
+		}
+
+free_ber2:;
+		op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
+		ber_free_buf( ber );
+
+		if ( rs->sr_err != LDAP_SUCCESS ) {
+			op->o_tmpfree( ctrls, op->o_tmpmemctx );
+			ctrls = NULL;
+			goto done;
+		}
+
+		ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+	}
+
 	if ( op->o_ctrls ) {
 		for ( i = 0; op->o_ctrls[ i ]; i++ ) {
 			ctrls[ i + 1 ] = op->o_ctrls[ i ];

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* chain.c - chain LDAP operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.19 2006/04/05 21:53:57 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.22 2007/02/01 21:20:21 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *
@@ -27,9 +27,9 @@
 #include <ac/string.h>
 #include <ac/socket.h>
 
+#include "lutil.h"
 #include "slap.h"
 #include "back-ldap.h"
-
 #include "config.h"
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -58,10 +58,11 @@
 static int		sc_chainingBehavior;
 #endif /*  LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
-#define	LDAP_CH_NONE			((void *)(0))
-#define	LDAP_CH_RES			((void *)(1))
-#define LDAP_CH_ERR			((void *)(2))
-
+typedef enum {
+	LDAP_CH_NONE = 0,
+	LDAP_CH_RES,
+	LDAP_CH_ERR
+} ldap_chain_status_t;
 static BackendInfo	*lback;
 
 typedef struct ldap_chain_t {
@@ -87,13 +88,19 @@
 	/* tree of configured[/generated?] "uri" info */
 	ldap_avl_info_t		lc_lai;
 
+	/* max depth in nested referrals chaining */
+	int			lc_max_depth;
+
 	unsigned		lc_flags;
 #define LDAP_CHAIN_F_NONE		(0x00U)
 #define	LDAP_CHAIN_F_CHAINING		(0x01U)
-#define	LDAP_CHAIN_F_CACHE_URI		(0x10U)
+#define	LDAP_CHAIN_F_CACHE_URI		(0x02U)
+#define	LDAP_CHAIN_F_RETURN_ERR		(0x04U)
 
-#define	LDAP_CHAIN_CHAINING( lc )	( ( (lc)->lc_flags & LDAP_CHAIN_F_CHAINING ) == LDAP_CHAIN_F_CHAINING )
-#define	LDAP_CHAIN_CACHE_URI( lc )	( ( (lc)->lc_flags & LDAP_CHAIN_F_CACHE_URI ) == LDAP_CHAIN_F_CACHE_URI )
+#define LDAP_CHAIN_ISSET(lc, f)		( ( (lc)->lc_flags & (f) ) == (f) )
+#define	LDAP_CHAIN_CHAINING( lc )	LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_CHAINING )
+#define	LDAP_CHAIN_CACHE_URI( lc )	LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_CACHE_URI )
+#define	LDAP_CHAIN_RETURN_ERR( lc )	LDAP_CHAIN_ISSET( (lc), LDAP_CHAIN_F_RETURN_ERR )
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 	LDAPControl		lc_chaining_ctrl;
@@ -103,10 +110,34 @@
 
 static int ldap_chain_db_init_common( BackendDB	*be );
 static int ldap_chain_db_init_one( BackendDB *be );
-#define	ldap_chain_db_open_one(be)	(lback)->bi_db_open( (be) )
+static int ldap_chain_db_open_one( BackendDB *be );
 #define	ldap_chain_db_close_one(be)	(0)
 #define	ldap_chain_db_destroy_one(be)	(lback)->bi_db_destroy( (be) )
 
+typedef struct ldap_chain_cb_t {
+	ldap_chain_status_t	lb_status;
+	ldap_chain_t		*lb_lc;
+	BI_op_func		*lb_op_f;
+	int			lb_depth;
+} ldap_chain_cb_t;
+
+static int
+ldap_chain_op(
+	Operation	*op,
+	SlapReply	*rs,
+	BI_op_func	*op_f,
+	BerVarray	ref,
+	int		depth );
+
+static int
+ldap_chain_search(
+	Operation	*op,
+	SlapReply	*rs,
+	BerVarray	ref,
+	int		depth );
+
+static slap_overinst ldapchain;
+
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 static int
 chaining_control_add(
@@ -225,10 +256,12 @@
 static int
 ldap_chain_cb_search_response( Operation *op, SlapReply *rs )
 {
+	ldap_chain_cb_t	*lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+
 	assert( op->o_tag == LDAP_REQ_SEARCH );
 
 	/* if in error, don't proceed any further */
-	if ( op->o_callback->sc_private == LDAP_CH_ERR ) {
+	if ( lb->lb_status == LDAP_CH_ERR ) {
 		return 0;
 	}
 
@@ -260,12 +293,15 @@
 	} else if ( rs->sr_type == REP_SEARCHREF ) {
 		/* if we get it here, it means the library was unable
 		 * to chase the referral... */
+		if ( lb->lb_depth < lb->lb_lc->lc_max_depth && rs->sr_ref != NULL ) {
+			rs->sr_err = ldap_chain_search( op, rs, rs->sr_ref, lb->lb_depth );
+		}
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-		if ( get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
+		if ( rs->sr_err == LDAP_REFERRAL && get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
 			switch ( get_continuationBehavior( op ) ) {
 			case SLAP_CH_RESOLVE_CHAINING_REQUIRED:
-				op->o_callback->sc_private = LDAP_CH_ERR;
+				lb->lb_status = LDAP_CH_ERR;
 				return rs->sr_err = LDAP_X_CANNOT_CHAIN;
 
 			default:
@@ -276,8 +312,15 @@
 		return SLAP_CB_CONTINUE;
 
 	} else if ( rs->sr_type == REP_RESULT ) {
+		if ( rs->sr_err == LDAP_REFERRAL
+			&& lb->lb_depth < lb->lb_lc->lc_max_depth
+			&& rs->sr_ref != NULL )
+		{
+			rs->sr_err = ldap_chain_op( op, rs, lb->lb_op_f, rs->sr_ref, lb->lb_depth );
+		}
+
 		/* back-ldap tried to send result */
-		op->o_callback->sc_private = LDAP_CH_RES;
+		lb->lb_status = LDAP_CH_RES;
 	}
 
 	return 0;
@@ -290,12 +333,15 @@
 static int
 ldap_chain_cb_response( Operation *op, SlapReply *rs )
 {
+	ldap_chain_cb_t	*lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+
 	/* if in error, don't proceed any further */
-	if ( op->o_callback->sc_private == LDAP_CH_ERR ) {
+	if ( lb->lb_status == LDAP_CH_ERR ) {
 		return 0;
 	}
 
 	if ( rs->sr_type == REP_RESULT ) {
+retry:;
 		switch ( rs->sr_err ) {
 		case LDAP_COMPARE_TRUE:
 		case LDAP_COMPARE_FALSE:
@@ -305,15 +351,20 @@
 			/* fallthru */
 
 		case LDAP_SUCCESS:
-			op->o_callback->sc_private = LDAP_CH_RES;
+			lb->lb_status = LDAP_CH_RES;
 			break;
 
 		case LDAP_REFERRAL:
+			if ( lb->lb_depth < lb->lb_lc->lc_max_depth && rs->sr_ref != NULL ) {
+				rs->sr_err = ldap_chain_op( op, rs, lb->lb_op_f, rs->sr_ref, lb->lb_depth );
+				goto retry;
+			}
+
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 			if ( get_chaining( op ) > SLAP_CONTROL_IGNORED ) {
 				switch ( get_continuationBehavior( op ) ) {
 				case SLAP_CH_RESOLVE_CHAINING_REQUIRED:
-					op->o_callback->sc_private = LDAP_CH_ERR;
+					lb->lb_status = LDAP_CH_ERR;
 					return rs->sr_err = LDAP_X_CANNOT_CHAIN;
 
 				default:
@@ -341,15 +392,18 @@
 	Operation	*op,
 	SlapReply	*rs,
 	BI_op_func	*op_f,
-	BerVarray	ref )
+	BerVarray	ref,
+	int		depth )
 {
 	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	ldap_chain_cb_t	*lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
 	ldap_chain_t	*lc = (ldap_chain_t *)on->on_bi.bi_private;
 	ldapinfo_t	li = { 0 }, *lip = NULL;
 	struct berval	bvuri[ 2 ] = { { 0 } };
 
 	/* NOTE: returned if ref is empty... */
-	int		rc = LDAP_OTHER;
+	int		rc = LDAP_OTHER,
+			first_rc;
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 	LDAPControl	**ctrls = NULL;
@@ -358,15 +412,21 @@
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
 	li.li_bvuri = bvuri;
+	first_rc = -1;
 	for ( ; !BER_BVISNULL( ref ); ref++ ) {
-		LDAPURLDesc	*srv;
-		char		*save_dn;
+		SlapReply	rs2 = { 0 };
+		LDAPURLDesc	*srv = NULL;
+		struct berval	save_req_dn = op->o_req_dn,
+				save_req_ndn = op->o_req_ndn,
+				dn,
+				pdn = BER_BVNULL,
+				ndn = BER_BVNULL;
 		int		temporary = 0;
 			
 		/* We're setting the URI of the first referral;
 		 * what if there are more?
 
-Document: draft-ietf-ldapbis-protocol-27.txt
+Document: RFC 4511
 
 4.1.10. Referral 
    ...
@@ -388,22 +448,215 @@
 			continue;
 		}
 
-		/* remove DN essentially because later on 
-		 * ldap_initialize() will parse the URL 
-		 * as a comma-separated URL list */
-		save_dn = srv->lud_dn;
-		srv->lud_dn = "";
-		srv->lud_scope = LDAP_SCOPE_DEFAULT;
-		li.li_uri = ldap_url_desc2str( srv );
-		srv->lud_dn = save_dn;
+		/* normalize DN */
+		ber_str2bv( srv->lud_dn, 0, 0, &dn );
+		rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+		if ( rc == LDAP_SUCCESS ) {
+			/* remove DN essentially because later on 
+			 * ldap_initialize() will parse the URL 
+			 * as a comma-separated URL list */
+			srv->lud_dn = "";
+			srv->lud_scope = LDAP_SCOPE_DEFAULT;
+			li.li_uri = ldap_url_desc2str( srv );
+			srv->lud_dn = dn.bv_val;
+		}
 		ldap_free_urldesc( srv );
 
+		if ( rc != LDAP_SUCCESS ) {
+			/* try next */
+			rc = LDAP_OTHER;
+			continue;
+		}
+
 		if ( li.li_uri == NULL ) {
 			/* try next */
 			rc = LDAP_OTHER;
+			goto further_cleanup;
+		}
+
+		op->o_req_dn = pdn;
+		op->o_req_ndn = ndn;
+
+		ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
+
+		/* Searches for a ldapinfo in the avl tree */
+		ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+		lip = (ldapinfo_t *)avl_find( lc->lc_lai.lai_tree, 
+			(caddr_t)&li, ldap_chain_uri_cmp );
+		ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+		if ( lip != NULL ) {
+			op->o_bd->be_private = (void *)lip;
+
+		} else {
+			rc = ldap_chain_db_init_one( op->o_bd );
+			if ( rc != 0 ) {
+				goto cleanup;
+			}
+			lip = (ldapinfo_t *)op->o_bd->be_private;
+			lip->li_uri = li.li_uri;
+			lip->li_bvuri = bvuri;
+			rc = ldap_chain_db_open_one( op->o_bd );
+			if ( rc != 0 ) {
+				lip->li_uri = NULL;
+				lip->li_bvuri = NULL;
+				(void)ldap_chain_db_destroy_one( op->o_bd );
+				goto cleanup;
+			}
+
+			if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
+				ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+				if ( avl_insert( &lc->lc_lai.lai_tree,
+					(caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+				{
+					/* someone just inserted another;
+					 * don't bother, use this and then
+					 * just free it */
+					temporary = 1;
+				}
+				ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+			} else {
+				temporary = 1;
+			}
+		}
+
+		lb->lb_op_f = op_f;
+		lb->lb_depth = depth + 1;
+
+		rc = op_f( op, &rs2 );
+
+		/* note the first error */
+		if ( first_rc == -1 ) {
+			first_rc = rc;
+		}
+
+cleanup:;
+		ldap_memfree( li.li_uri );
+		li.li_uri = NULL;
+
+		if ( temporary ) {
+			lip->li_uri = NULL;
+			lip->li_bvuri = NULL;
+			(void)ldap_chain_db_close_one( op->o_bd );
+			(void)ldap_chain_db_destroy_one( op->o_bd );
+		}
+
+further_cleanup:;
+		if ( !BER_BVISNULL( &pdn ) ) {
+			op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+		}
+		op->o_req_dn = save_req_dn;
+
+		if ( !BER_BVISNULL( &ndn ) ) {
+			op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+		}
+		op->o_req_ndn = save_req_ndn;
+		
+		if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+			*rs = rs2;
+			break;
+		}
+
+		rc = rs2.sr_err;
+	}
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+	(void)chaining_control_remove( op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+	if ( rc != LDAP_SUCCESS && first_rc > 0 ) {
+		rc = first_rc;
+	}
+
+	return rc;
+}
+
+static int
+ldap_chain_search(
+	Operation	*op,
+	SlapReply	*rs,
+	BerVarray	ref,
+	int		depth )
+
+{
+	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	ldap_chain_cb_t	*lb = (ldap_chain_cb_t *)op->o_callback->sc_private;
+	ldap_chain_t	*lc = (ldap_chain_t *)on->on_bi.bi_private;
+	ldapinfo_t	li = { 0 }, *lip = NULL;
+	struct berval	bvuri[ 2 ] = { { 0 } };
+
+	struct berval	odn = op->o_req_dn,
+			ondn = op->o_req_ndn;
+	slap_response	*save_response = op->o_callback->sc_response;
+
+	int		rc = LDAP_OTHER,
+			first_rc = -1;
+
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+	LDAPControl	**ctrls = NULL;
+	
+	(void)chaining_control_add( lc, op, &ctrls );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+
+	rs->sr_type = REP_SEARCH;
+
+	op->o_callback->sc_response = ldap_chain_cb_search_response;
+
+	/* if we parse the URI then by no means 
+	 * we can cache stuff or reuse connections, 
+	 * because in back-ldap there's no caching
+	 * based on the URI value, which is supposed
+	 * to be set once for all (correct?) */
+	li.li_bvuri = bvuri;
+	for ( ; !BER_BVISNULL( &ref[0] ); ref++ ) {
+		SlapReply	rs2 = { 0 };
+		LDAPURLDesc	*srv;
+		struct berval	save_req_dn = op->o_req_dn,
+				save_req_ndn = op->o_req_ndn,
+				dn,
+				pdn = BER_BVNULL,
+				ndn = BER_BVNULL;
+		int		temporary = 0;
+
+		/* parse reference and use
+		 * proto://[host][:port]/ only */
+		rc = ldap_url_parse_ext( ref[0].bv_val, &srv );
+		if ( rc != LDAP_URL_SUCCESS ) {
+			/* try next */
+			rs->sr_err = LDAP_OTHER;
 			continue;
 		}
 
+		/* normalize DN */
+		ber_str2bv( srv->lud_dn, 0, 0, &dn );
+		rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+		if ( rc == LDAP_SUCCESS ) {
+			/* remove DN essentially because later on 
+			 * ldap_initialize() will parse the URL 
+			 * as a comma-separated URL list */
+			srv->lud_dn = "";
+			srv->lud_scope = LDAP_SCOPE_DEFAULT;
+			li.li_uri = ldap_url_desc2str( srv );
+			srv->lud_dn = dn.bv_val;
+		}
+		ldap_free_urldesc( srv );
+
+		if ( rc != LDAP_SUCCESS ) {
+			/* try next */
+			rc = LDAP_OTHER;
+			continue;
+		}
+
+		if ( li.li_uri == NULL ) {
+			/* try next */
+			rc = LDAP_OTHER;
+			goto further_cleanup;
+		}
+
+		op->o_req_dn = pdn;
+		op->o_req_ndn = ndn;
+
 		ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
 
 		/* Searches for a ldapinfo in the avl tree */
@@ -416,6 +669,7 @@
 			op->o_bd->be_private = (void *)lip;
 
 		} else {
+			/* if none is found, create a temporary... */
 			rc = ldap_chain_db_init_one( op->o_bd );
 			if ( rc != 0 ) {
 				goto cleanup;
@@ -425,6 +679,8 @@
 			lip->li_bvuri = bvuri;
 			rc = ldap_chain_db_open_one( op->o_bd );
 			if ( rc != 0 ) {
+				lip->li_uri = NULL;
+				lip->li_bvuri = NULL;
 				(void)ldap_chain_db_destroy_one( op->o_bd );
 				goto cleanup;
 			}
@@ -446,12 +702,23 @@
 			}
 		}
 
-		rc = op_f( op, rs );
+		lb->lb_op_f = lback->bi_op_search;
+		lb->lb_depth = depth + 1;
 
+		/* FIXME: should we also copy filter and scope?
+		 * according to RFC3296, no */
+		rc = lback->bi_op_search( op, &rs2 );
+		if ( first_rc == -1 ) {
+			first_rc = rc;
+		}
+
 cleanup:;
 		ldap_memfree( li.li_uri );
 		li.li_uri = NULL;
 
+		op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+		op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+
 		if ( temporary ) {
 			lip->li_uri = NULL;
 			lip->li_bvuri = NULL;
@@ -459,15 +726,45 @@
 			(void)ldap_chain_db_destroy_one( op->o_bd );
 		}
 		
-		if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
+further_cleanup:;
+		if ( !BER_BVISNULL( &pdn ) ) {
+			op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+		}
+		op->o_req_dn = save_req_dn;
+
+		if ( !BER_BVISNULL( &ndn ) ) {
+			op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+		}
+		op->o_req_ndn = save_req_ndn;
+		
+		if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+			*rs = rs2;
 			break;
 		}
+
+		rc = rs2.sr_err;
 	}
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 	(void)chaining_control_remove( op, &ctrls );
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
+	op->o_req_dn = odn;
+	op->o_req_ndn = ondn;
+	op->o_callback->sc_response = save_response;
+	rs->sr_type = REP_SEARCHREF;
+	rs->sr_entry = NULL;
+
+	if ( rc != LDAP_SUCCESS ) {
+		/* couldn't chase any of the referrals */
+		if ( first_rc != -1 ) {
+			rc = first_rc;
+
+		} else {
+			rc = SLAP_CB_CONTINUE;
+		}
+	}
+
 	return rc;
 }
 
@@ -475,10 +772,13 @@
 ldap_chain_response( Operation *op, SlapReply *rs )
 {
 	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
-	void		*private = op->o_bd->be_private;
+	ldap_chain_t	*lc = (ldap_chain_t *)on->on_bi.bi_private;
+	BackendDB	db, *bd = op->o_bd;
+	ldap_chain_cb_t	lb = { 0 };
 	slap_callback	*sc = op->o_callback,
 			sc2 = { 0 };
 	int		rc = 0;
+	char		*text = NULL;
 	const char	*matched;
 	BerVarray	ref;
 	struct berval	ndn = op->o_ndn;
@@ -530,12 +830,19 @@
 	 *   e) what ssf
 	 */
 
+	db = *op->o_bd;
+	op->o_bd = &db;
+
+	text = rs->sr_text;
+	rs->sr_text = NULL;
 	matched = rs->sr_matched;
 	rs->sr_matched = NULL;
 	ref = rs->sr_ref;
 	rs->sr_ref = NULL;
 
 	/* we need this to know if back-ldap returned any result */
+	lb.lb_lc = lc;
+	sc2.sc_private = &lb;
 	sc2.sc_response = ldap_chain_cb_response;
 	op->o_callback = &sc2;
 
@@ -556,30 +863,30 @@
 		/* FIXME: can we really get a referral for binds? */
 		op->o_req_ndn = slap_empty_bv;
 		op->o_conn = NULL;
-		rc = ldap_chain_op( op, rs, lback->bi_op_bind, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_bind, ref, 0 );
 		op->o_req_ndn = rndn;
 		op->o_conn = conn;
 		}
 		break;
 
 	case LDAP_REQ_ADD:
-		rc = ldap_chain_op( op, rs, lback->bi_op_add, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_add, ref, 0 );
 		break;
 
 	case LDAP_REQ_DELETE:
-		rc = ldap_chain_op( op, rs, lback->bi_op_delete, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_delete, ref, 0 );
 		break;
 
 	case LDAP_REQ_MODRDN:
-		rc = ldap_chain_op( op, rs, lback->bi_op_modrdn, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_modrdn, ref, 0 );
 	    	break;
 
 	case LDAP_REQ_MODIFY:
-		rc = ldap_chain_op( op, rs, lback->bi_op_modify, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_modify, ref, 0 );
 		break;
 
 	case LDAP_REQ_COMPARE:
-		rc = ldap_chain_op( op, rs, lback->bi_op_compare, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_op_compare, ref, 0 );
 		if ( rs->sr_err == LDAP_COMPARE_TRUE || rs->sr_err == LDAP_COMPARE_FALSE ) {
 			rc = LDAP_SUCCESS;
 		}
@@ -587,150 +894,7 @@
 
 	case LDAP_REQ_SEARCH:
 		if ( rs->sr_type == REP_SEARCHREF ) {
-			ldap_chain_t	*lc = (ldap_chain_t *)on->on_bi.bi_private;
-			ldapinfo_t	li = { 0 }, *lip = NULL;
-			struct berval	bvuri[ 2 ] = { { 0 } };
-
-			struct berval	*curr = ref,
-					odn = op->o_req_dn,
-					ondn = op->o_req_ndn;
-
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-			LDAPControl	**ctrls = NULL;
-	
-			(void)chaining_control_add( lc, op, &ctrls );
-#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-
-			rs->sr_type = REP_SEARCH;
-
-			sc2.sc_response = ldap_chain_cb_search_response;
-
-			/* if we parse the URI then by no means 
-			 * we can cache stuff or reuse connections, 
-			 * because in back-ldap there's no caching
-			 * based on the URI value, which is supposed
-			 * to be set once for all (correct?) */
-			li.li_bvuri = bvuri;
-			for ( ; !BER_BVISNULL( &curr[0] ); curr++ ) {
-				LDAPURLDesc	*srv;
-				char		*save_dn;
-				int		temporary = 0;
-
-				/* parse reference and use
-				 * proto://[host][:port]/ only */
-				rc = ldap_url_parse_ext( curr[0].bv_val, &srv );
-				if ( rc != LDAP_URL_SUCCESS ) {
-					/* try next */
-					rs->sr_err = LDAP_OTHER;
-					continue;
-				}
-
-				/* remove DN essentially because later on 
-				 * ldap_initialize() will parse the URL 
-				 * as a comma-separated URL list */
-				save_dn = srv->lud_dn;
-				srv->lud_dn = "";
-				srv->lud_scope = LDAP_SCOPE_DEFAULT;
-				li.li_uri = ldap_url_desc2str( srv );
-				if ( li.li_uri != NULL ) {
-					ber_str2bv_x( save_dn, 0, 1, &op->o_req_dn,
-							op->o_tmpmemctx );
-					ber_dupbv_x( &op->o_req_ndn, &op->o_req_dn,
-							op->o_tmpmemctx );
-				}
-
-				srv->lud_dn = save_dn;
-				ldap_free_urldesc( srv );
-
-				if ( li.li_uri == NULL ) {
-					/* try next */
-					rs->sr_err = LDAP_OTHER;
-					continue;
-				}
-
-				ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
-
-				/* Searches for a ldapinfo in the avl tree */
-				ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
-				lip = (ldapinfo_t *)avl_find( lc->lc_lai.lai_tree, 
-					(caddr_t)&li, ldap_chain_uri_cmp );
-				ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
-
-				if ( lip != NULL ) {
-					op->o_bd->be_private = (void *)lip;
-
-				} else {
-					/* if none is found, create a temporary... */
-					rc = ldap_chain_db_init_one( op->o_bd );
-					if ( rc != 0 ) {
-						goto cleanup;
-					}
-					lip = (ldapinfo_t *)op->o_bd->be_private;
-					lip->li_uri = li.li_uri;
-					lip->li_bvuri = bvuri;
-					rc = ldap_chain_db_open_one( op->o_bd );
-					if ( rc != 0 ) {
-						(void)ldap_chain_db_destroy_one( op->o_bd );
-						goto cleanup;
-					}
-
-					if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
-						ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
-						if ( avl_insert( &lc->lc_lai.lai_tree,
-							(caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
-						{
-							/* someone just inserted another;
-							 * don't bother, use this and then
-							 * just free it */
-							temporary = 1;
-						}
-						ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
-		
-					} else {
-						temporary = 1;
-					}
-				}
-
-				/* FIXME: should we also copy filter and scope?
-				 * according to RFC3296, no */
-				rc = lback->bi_op_search( op, rs );
-
-cleanup:;
-				ldap_memfree( li.li_uri );
-				li.li_uri = NULL;
-
-				op->o_tmpfree( op->o_req_dn.bv_val,
-						op->o_tmpmemctx );
-				op->o_tmpfree( op->o_req_ndn.bv_val,
-						op->o_tmpmemctx );
-
-				if ( temporary ) {
-					lip->li_uri = NULL;
-					lip->li_bvuri = NULL;
-					(void)ldap_chain_db_close_one( op->o_bd );
-					(void)ldap_chain_db_destroy_one( op->o_bd );
-				}
-		
-				if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
-					break;
-				}
-
-				rc = rs->sr_err;
-			}
-
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-			(void)chaining_control_remove( op, &ctrls );
-#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-
-			op->o_req_dn = odn;
-			op->o_req_ndn = ondn;
-			rs->sr_type = REP_SEARCHREF;
-			rs->sr_entry = NULL;
-
-			if ( rc != LDAP_SUCCESS ) {
-				/* couldn't chase any of the referrals */
-				rc = SLAP_CB_CONTINUE;
-			}
+			rc = ldap_chain_search( op, rs, ref, 0 );
 			
 		} else {
 			/* we might get here before any database actually 
@@ -738,7 +902,7 @@
 			 * to check limits, to make sure safe defaults
 			 * are in place */
 			if ( op->ors_limit != NULL || limits_check( op, rs ) == 0 ) {
-				rc = ldap_chain_op( op, rs, lback->bi_op_search, ref );
+				rc = ldap_chain_op( op, rs, lback->bi_op_search, ref, 0 );
 
 			} else {
 				rc = SLAP_CB_CONTINUE;
@@ -747,7 +911,7 @@
 	    	break;
 
 	case LDAP_REQ_EXTENDED:
-		rc = ldap_chain_op( op, rs, lback->bi_extended, ref );
+		rc = ldap_chain_op( op, rs, lback->bi_extended, ref, 0 );
 		/* FIXME: ldap_back_extended() by design 
 		 * doesn't send result; frontend is expected
 		 * to send it... */
@@ -756,7 +920,7 @@
 			send_ldap_extended( op, rs );
 			rc = LDAP_SUCCESS;
 		}
-		sc2.sc_private = LDAP_CH_RES;
+		lb.lb_status = LDAP_CH_RES;
 		break;
 
 	default:
@@ -771,7 +935,7 @@
 	case LDAP_SUCCESS:
 	case LDAP_REFERRAL:
 		/* slapd-ldap sent response */
-		if ( !op->o_abandon && sc2.sc_private != LDAP_CH_RES ) {
+		if ( !op->o_abandon && lb.lb_status != LDAP_CH_RES ) {
 			/* FIXME: should we send response? */
 			Debug( LDAP_DEBUG_ANY,
 				"%s: ldap_chain_response: "
@@ -782,7 +946,7 @@
 
 	default:
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-		if ( sc2.sc_private == LDAP_CH_ERR && rs->sr_err == LDAP_X_CANNOT_CHAIN ) {
+		if ( lb.lb_status == LDAP_CH_ERR && rs->sr_err == LDAP_X_CANNOT_CHAIN ) {
 			goto cannot_chain;
 		}
 
@@ -796,18 +960,25 @@
 
 		default:
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-			rc = SLAP_CB_CONTINUE;
-			rs->sr_err = sr_err;
-			rs->sr_type = sr_type;
-			rs->sr_matched = matched;
-			rs->sr_ref = ref;
+			if ( LDAP_CHAIN_RETURN_ERR( lc ) ) {
+				rs->sr_err = rc;
+				rs->sr_type = sr_type;
+
+			} else {
+				rc = SLAP_CB_CONTINUE;
+				rs->sr_err = sr_err;
+				rs->sr_type = sr_type;
+				rs->sr_text = text;
+				rs->sr_matched = matched;
+				rs->sr_ref = ref;
+			}
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 			break;
 		}
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 	}
 
-	if ( sc2.sc_private == LDAP_CH_NONE && rc != SLAPD_ABANDON ) {
+	if ( lb.lb_status == LDAP_CH_NONE && rc != SLAPD_ABANDON ) {
 		op->o_callback = NULL;
 		rc = rs->sr_err = slap_map_api2result( rs );
 		send_ldap_result( op, rs );
@@ -816,9 +987,10 @@
 dont_chain:;
 	rs->sr_err = sr_err;
 	rs->sr_type = sr_type;
+	rs->sr_text = text;
 	rs->sr_matched = matched;
 	rs->sr_ref = ref;
-	op->o_bd->be_private = private;
+	op->o_bd = bd;
 	op->o_callback = sc;
 	op->o_ndn = ndn;
 
@@ -858,7 +1030,9 @@
 
 enum {
 	CH_CHAINING = 1,
-	CH_CACHE_URI = 2,
+	CH_CACHE_URI,
+	CH_MAX_DEPTH,
+	CH_RETURN_ERR,
 
 	CH_LAST
 };
@@ -877,9 +1051,21 @@
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 	{ "chain-cache-uri", "TRUE/FALSE",
 		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
-		"( OLcfgOvAt:3.2 NAME 'olcCacheURI' "
+		"( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' "
 			"DESC 'Enables caching of URIs not present in configuration' "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ "chain-max-depth", "args",
+		2, 2, 0, ARG_MAGIC|ARG_INT|CH_MAX_DEPTH, chain_cf_gen,
+		"( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' "
+			"DESC 'max referral depth' "
+			"SYNTAX OMsInteger "
+			"EQUALITY integerMatch "
+			"SINGLE-VALUE )", NULL, NULL },
+	{ "chain-return-error", "TRUE/FALSE",
+		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_RETURN_ERR, chain_cf_gen,
+		"( OLcfgOvAt:3.4 NAME 'olcChainReturnError' "
+			"DESC 'Errors are returned instead of the original referral' "
+			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
 
@@ -892,7 +1078,9 @@
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 			"olcChainingBehavior $ "
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-			"olcCacheURI "
+			"olcChainCacheURI $ "
+			"olcChainMaxReferralDepth $ "
+			"olcChainReturnError "
 			") )",
 		Cft_Overlay, chaincfg, NULL, chain_cfadd },
 	{ "( OLcfgOvOc:3.2 "
@@ -976,14 +1164,18 @@
 	if ( lc->lc_common_li == NULL ) {
 		lc->lc_common_li = li;
 
-	} else if ( avl_insert( &lc->lc_lai.lai_tree, (caddr_t)li,
-		ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
-	{
-		Debug( LDAP_DEBUG_ANY, "slapd-chain: "
-			"database \"%s\" insert failed.\n",
-			e->e_name.bv_val, 0, 0 );
-		rc = LDAP_CONSTRAINT_VIOLATION;
-		goto done;
+	} else {
+		li->li_uri = ch_strdup( at->a_vals[ 0 ].bv_val );
+		value_add_one( &li->li_bvuri, &at->a_vals[ 0 ] );
+		if ( avl_insert( &lc->lc_lai.lai_tree, (caddr_t)li,
+			ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+		{
+			Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+				"database \"%s\" insert failed.\n",
+				e->e_name.bv_val, 0, 0 );
+			rc = LDAP_CONSTRAINT_VIOLATION;
+			goto done;
+		}
 	}
 
 done:;
@@ -1110,6 +1302,14 @@
 			c->value_int = LDAP_CHAIN_CACHE_URI( lc );
 			break;
 
+		case CH_MAX_DEPTH:
+			c->value_int = lc->lc_max_depth;
+			break;
+
+		case CH_RETURN_ERR:
+			c->value_int = LDAP_CHAIN_RETURN_ERR( lc );
+			break;
+
 		default:
 			assert( 0 );
 			rc = 1;
@@ -1125,6 +1325,14 @@
 			lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
 			break;
 
+		case CH_MAX_DEPTH:
+			c->value_int = 0;
+			break;
+
+		case CH_RETURN_ERR:
+			lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+			break;
+
 		default:
 			return 1;
 		}
@@ -1257,6 +1465,26 @@
 		}
 		break;
 
+	case CH_MAX_DEPTH:
+		if ( c->value_int < 0 ) {
+			snprintf( c->msg, sizeof( c->msg ),
+				"<%s> invalid max referral depth %d",
+				c->argv[0], c->value_int );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->msg, 0 );
+			rc = 1;
+			break;
+		}
+		lc->lc_max_depth = c->value_int;
+
+	case CH_RETURN_ERR:
+		if ( c->value_int ) {
+			lc->lc_flags |= LDAP_CHAIN_F_RETURN_ERR;
+		} else {
+			lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+		}
+		break;
+
 	default:
 		assert( 0 );
 		return 1;
@@ -1272,11 +1500,17 @@
 	ldap_chain_t	*lc = NULL;
 
 	if ( lback == NULL ) {
+		static BackendInfo	lback2;
+
 		lback = backend_info( "ldap" );
 
 		if ( lback == NULL ) {
 			return 1;
 		}
+
+		lback2 = *lback;
+		lback2.bi_type = ldapchain.on_bi.bi_type;
+		lback = &lback2;
 	}
 
 	lc = ch_malloc( sizeof( ldap_chain_t ) );
@@ -1284,6 +1518,7 @@
 		return 1;
 	}
 	memset( lc, 0, sizeof( ldap_chain_t ) );
+	lc->lc_max_depth = 1;
 	ldap_pvt_thread_mutex_init( &lc->lc_lai.lai_mutex );
 
 	on->on_bi.bi_private = (void *)lc;
@@ -1494,10 +1729,9 @@
 {
 	slap_overinst	*on = (slap_overinst *) be->bd_info;
 	ldap_chain_t	*lc = (ldap_chain_t *)on->on_bi.bi_private;
+	int		rc = 0;
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-	int	rc = 0;
-
 	rc = overlay_register_control( be, LDAP_CONTROL_X_CHAINING_BEHAVIOR );
 	if ( rc != 0 ) {
 		return rc;
@@ -1511,7 +1745,10 @@
 		be->be_private = be_private;
 	}
 
-	return ldap_chain_db_func( be, db_open );
+	/* filter out and restore monitoring */
+	rc = ldap_chain_db_func( be, db_open );
+
+	return rc;
 }
 
 static int
@@ -1550,14 +1787,17 @@
 	BackendDB	*be )
 {
 	BackendInfo	*bi = be->bd_info;
-	int		t;
+	ldapinfo_t	*li;
+	int		rc;
 
 	be->bd_info = lback;
 	be->be_private = NULL;
-	t = lback->bi_db_init( be );
-	if ( t != 0 ) {
-		return t;
+	rc = lback->bi_db_init( be );
+	if ( rc != 0 ) {
+		return rc;
 	}
+	li = (ldapinfo_t *)be->be_private;
+
 	be->bd_info = bi;
 
 	return 0;
@@ -1581,7 +1821,7 @@
 	BackendInfo	*bi = be->bd_info;
 	ldapinfo_t	*li;
 
-	int		t;
+	slap_op_t	t;
 
 	be->bd_info = lback;
 	be->be_private = NULL;
@@ -1595,7 +1835,7 @@
 	li->li_nretries = lc->lc_common_li->li_nretries;
 	li->li_flags = lc->lc_common_li->li_flags;
 	li->li_version = lc->lc_common_li->li_version;
-	for ( t = 0; t < LDAP_BACK_OP_LAST; t++ ) {
+	for ( t = 0; t < SLAP_OP_LAST; t++ ) {
 		li->li_timeout[ t ] = lc->lc_common_li->li_timeout[ t ];
 	}
 	be->bd_info = bi;
@@ -1603,6 +1843,13 @@
 	return 0;
 }
 
+static int
+ldap_chain_db_open_one(
+	BackendDB	*be )
+{
+	return lback->bi_db_open( be );
+}
+
 typedef struct ldap_chain_conn_apply_t {
 	BackendDB	*be;
 	Connection	*conn;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - ldap backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.52.2.8 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.52.2.11 2007/01/13 11:19:06 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -36,21 +36,23 @@
 		Operation	*op,
 		SlapReply	*rs )
 {
-	ldapconn_t	*lc;
-	ber_int_t	msgid;
-	int		do_retry = 1;
-	LDAPControl	**ctrls = NULL;
-	int		rc = LDAP_SUCCESS;
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	ldapconn_t		*lc = NULL;
+	ber_int_t		msgid;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
+	LDAPControl		**ctrls = NULL;
+	int			rc = LDAP_SUCCESS;
+
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		lc = NULL;
 		goto cleanup;
 	}
 
 retry:
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
 		goto cleanup;
@@ -60,9 +62,11 @@
 			op->orc_ava->aa_desc->ad_cname.bv_val,
 			&op->orc_ava->aa_value, 
 			ctrls, NULL, &msgid );
-	rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_SENDRESULT );
-	if ( rc == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+	rc = ldap_back_op_result( lc, op, rs, msgid,
+		li->li_timeout[ SLAP_OP_COMPARE ],
+		( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rc == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
@@ -74,7 +78,7 @@
 	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 	
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rs->sr_err;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - ldap backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/config.c,v 1.73.2.20 2006/05/09 20:54:19 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/config.c,v 1.73.2.24 2007/01/27 23:56:43 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -64,6 +64,11 @@
 	LDAP_BACK_CFG_CONN_TTL,
 	LDAP_BACK_CFG_NETWORK_TIMEOUT,
 	LDAP_BACK_CFG_VERSION,
+	LDAP_BACK_CFG_SINGLECONN,
+	LDAP_BACK_CFG_USETEMP,
+	LDAP_BACK_CFG_CONNPOOLMAX,
+	LDAP_BACK_CFG_CANCEL,
+	LDAP_BACK_CFG_QUARANTINE,
 	LDAP_BACK_CFG_REWRITE,
 
 	LDAP_BACK_CFG_LAST
@@ -250,6 +255,46 @@
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
+	{ "single-conn", "TRUE/FALSE", 2, 0, 0,
+		ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_SINGLECONN,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.19 "
+			"NAME 'olcDbSingleConn' "
+			"DESC 'cache a single connection per identity' "
+			"SYNTAX OMsBoolean "
+			"SINGLE-VALUE )",
+		NULL, NULL },
+	{ "cancel", "ABANDON|ignore|exop", 2, 0, 0,
+		ARG_MAGIC|LDAP_BACK_CFG_CANCEL,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.20 "
+			"NAME 'olcDbCancel' "
+			"DESC 'abandon/ignore/exop operations when appropriate' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL },
+	{ "quarantine", "retrylist", 2, 0, 0,
+		ARG_MAGIC|LDAP_BACK_CFG_QUARANTINE,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.21 "
+			"NAME 'olcDbQuarantine' "
+			"DESC 'Quarantine database if connection fails and retry according to rule' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL },
+	{ "use-temporary-conn", "TRUE/FALSE", 2, 0, 0,
+		ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_USETEMP,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
+			"NAME 'olcDbUseTemporaryConn' "
+			"DESC 'Use temporary connections if the cached one is busy' "
+			"SYNTAX OMsBoolean "
+			"SINGLE-VALUE )",
+		NULL, NULL },
+	{ "conn-pool-max", "<n>", 2, 0, 0,
+		ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_CONNPOOLMAX,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
+			"NAME 'olcDbConnectionPoolMax' "
+			"DESC 'Max size of privileged connections pool' "
+			"SYNTAX OMsInteger "
+			"SINGLE-VALUE )",
+		NULL, NULL },
 	{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
 		ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
 		ldap_back_cf_gen, NULL, NULL, NULL },
@@ -268,8 +313,8 @@
 		"NAME 'olcLDAPConfig' "
 		"DESC 'LDAP backend configuration' "
 		"SUP olcDatabaseConfig "
-		"MUST olcDbURI "
-		"MAY ( olcDbStartTLS "
+		"MAY ( olcDbURI "
+			"$ olcDbStartTLS "
 			"$ olcDbACLAuthcDn "
 			"$ olcDbACLPasswd "
 			"$ olcDbACLBind "
@@ -284,6 +329,11 @@
 			"$ olcDbProxyWhoAmI "
 			"$ olcDbTimeout "
 			"$ olcDbIdleTimeout "
+			"$ olcDbSingleConn "
+			"$ olcDbCancel "
+			"$ olcDbQuarantine "
+			"$ olcDbUseTemporaryConn "
+			"$ olcDbConnectionPoolMax "
 		") )",
 		 	Cft_Database, ldapcfg},
 	{ NULL, 0, NULL }
@@ -307,30 +357,409 @@
 };
 
 static slap_verbmasks t_f_mode[] = {
-	{ BER_BVC( "yes" ),		LDAP_BACK_F_SUPPORT_T_F },
-	{ BER_BVC( "discover" ),	LDAP_BACK_F_SUPPORT_T_F_DISCOVER },
+	{ BER_BVC( "yes" ),		LDAP_BACK_F_T_F },
+	{ BER_BVC( "discover" ),	LDAP_BACK_F_T_F_DISCOVER },
 	{ BER_BVC( "no" ),		LDAP_BACK_F_NONE },
 	{ BER_BVNULL,			0 }
 };
 
+static slap_verbmasks cancel_mode[] = {
+#if 0	/* needs ldap_int_discard(), 2.4 */
+	{ BER_BVC( "ignore" ),		LDAP_BACK_F_CANCEL_IGNORE },
+#endif
+	{ BER_BVC( "exop" ),		LDAP_BACK_F_CANCEL_EXOP },
+	{ BER_BVC( "exop-discover" ),	LDAP_BACK_F_CANCEL_EXOP_DISCOVER },
+	{ BER_BVC( "abandon" ),		LDAP_BACK_F_CANCEL_ABANDON },
+	{ BER_BVNULL,			0 }
+};
+
+/* see enum in slap.h */
 static slap_cf_aux_table timeout_table[] = {
-	{ BER_BVC("add="), 0 * sizeof( time_t ), 'u', 0, NULL },
-	{ BER_BVC("delete="), 1 * sizeof( time_t ), 'u', 0, NULL },
-	{ BER_BVC("modify="), 2 * sizeof( time_t ), 'u', 0, NULL },
-	{ BER_BVC("modrdn="), 3 * sizeof( time_t ), 'u', 0, NULL },
+	{ BER_BVC("bind="),	SLAP_OP_BIND * sizeof( time_t ),	'u', 0, NULL },
+	/* unbind makes no sense */
+	{ BER_BVC("add="),	SLAP_OP_ADD * sizeof( time_t ),		'u', 0, NULL },
+	{ BER_BVC("delete="),	SLAP_OP_DELETE * sizeof( time_t ),	'u', 0, NULL },
+	{ BER_BVC("modrdn="),	SLAP_OP_MODRDN * sizeof( time_t ),	'u', 0, NULL },
+	{ BER_BVC("modify="),	SLAP_OP_MODIFY * sizeof( time_t ),	'u', 0, NULL },
+	{ BER_BVC("compare="),	SLAP_OP_COMPARE * sizeof( time_t ),	'u', 0, NULL },
+	{ BER_BVC("search="),	SLAP_OP_SEARCH * sizeof( time_t ),	'u', 0, NULL },
+	/* abandon makes little sense */
+#if 0	/* not implemented yet */
+	{ BER_BVC("extended="),	SLAP_OP_EXTENDED * sizeof( time_t ),	'u', 0, NULL },
+#endif
 	{ BER_BVNULL, 0, 0, 0, NULL }
 };
 
+int
+slap_retry_info_parse(
+	char			*in,
+	slap_retry_info_t 	*ri,
+	char			*buf,
+	ber_len_t		buflen )
+{
+	char			**retrylist = NULL;
+	int			rc = 0;
+	int			i;
+
+	slap_str2clist( &retrylist, in, " ;" );
+	if ( retrylist == NULL ) {
+		return 1;
+	}
+
+	for ( i = 0; retrylist[ i ] != NULL; i++ )
+		/* count */ ;
+
+	ri->ri_interval = ch_calloc( sizeof( time_t ), i + 1 );
+	ri->ri_num = ch_calloc( sizeof( int ), i + 1 );
+
+	for ( i = 0; retrylist[ i ] != NULL; i++ ) {
+		unsigned long	t;
+		char		*sep = strchr( retrylist[ i ], ',' );
+
+		if ( sep == NULL ) {
+			snprintf( buf, buflen,
+				"missing comma in retry pattern #%d \"%s\"",
+				i, retrylist[ i ] );
+			rc = 1;
+			goto done;
+		}
+
+		*sep++ = '\0';
+
+		if ( lutil_parse_time( retrylist[ i ], &t ) ) {
+			snprintf( buf, buflen,
+				"unable to parse interval #%d \"%s\"",
+				i, retrylist[ i ] );
+			rc = 1;
+			goto done;
+		}
+		ri->ri_interval[ i ] = (time_t)t;
+
+		if ( strcmp( sep, "+" ) == 0 ) {
+			if ( retrylist[ i + 1 ] != NULL ) {
+				snprintf( buf, buflen,
+					"extra cruft after retry pattern "
+					"#%d \"%s,+\" with \"forever\" mark",
+					i, retrylist[ i ] );
+				rc = 1;
+				goto done;
+			}
+			ri->ri_num[ i ] = SLAP_RETRYNUM_FOREVER;
+			
+		} else if ( lutil_atoi( &ri->ri_num[ i ], sep ) ) {
+			snprintf( buf, buflen,
+				"unable to parse retry num #%d \"%s\"",
+				i, sep );
+			rc = 1;
+			goto done;
+		}
+	}
+
+	ri->ri_num[ i ] = SLAP_RETRYNUM_TAIL;
+
+	ri->ri_idx = 0;
+	ri->ri_count = 0;
+	ri->ri_last = (time_t)(-1);
+
+done:;
+	ldap_charray_free( retrylist );
+
+	if ( rc ) {
+		slap_retry_info_destroy( ri );
+	}
+
+	return rc;
+}
+
+int
+slap_retry_info_unparse(
+	slap_retry_info_t	*ri,
+	struct berval		*bvout )
+{
+	int		i;
+	char		buf[ BUFSIZ * 2 ],
+			*ptr = buf;
+	struct berval	bv = BER_BVNULL;
+
+	assert( ri != NULL );
+	assert( bvout != NULL );
+
+	BER_BVZERO( bvout );
+
+#define WHATSLEFT	( sizeof( buf ) - ( ptr - buf ) )
+
+	for ( i = 0; ri->ri_num[ i ] != SLAP_RETRYNUM_TAIL; i++ ) {
+		if ( i > 0 ) {
+			if ( WHATSLEFT <= 1 ) {
+				return 1;
+			}
+			*ptr++ = ';';
+		}
+
+		if ( lutil_unparse_time( ptr, WHATSLEFT, (long)ri->ri_interval[i] ) ) {
+			return 1;
+		}
+		ptr += strlen( ptr );
+
+		if ( WHATSLEFT <= 1 ) {
+			return 1;
+		}
+		*ptr++ = ',';
+
+		if ( ri->ri_num[i] == SLAP_RETRYNUM_FOREVER ) {
+			if ( WHATSLEFT <= 1 ) {
+				return 1;
+			}
+			*ptr++ = '+';
+
+		} else {
+			ptr += snprintf( ptr, WHATSLEFT, "%d", ri->ri_num[i] );
+			if ( WHATSLEFT <= 0 ) {
+				return 1;
+			}
+		}
+	}
+
+	bv.bv_val = buf;
+	bv.bv_len = ptr - buf;
+
+	ber_dupbv( bvout, &bv );
+
+	return 0;
+}
+
+void
+slap_retry_info_destroy(
+	slap_retry_info_t	*ri )
+{
+	assert( ri != NULL );
+
+	assert( ri->ri_interval != NULL );
+	ch_free( ri->ri_interval );
+	ri->ri_interval = NULL;
+
+	assert( ri->ri_num != NULL );
+	ch_free( ri->ri_num );
+	ri->ri_num = NULL;
+}
+
 static int
+slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
+{
+	struct berval	bv;
+
+ 	if ( strcmp( c->argv[ 1 ], "*" ) == 0
+ 		|| strcmp( c->argv[ 1 ], "dn:*" ) == 0
+ 		|| strcasecmp( c->argv[ 1 ], "dn.regex:.*" ) == 0 )
+ 	{
+ 		if ( si->si_authz != NULL ) {
+ 			snprintf( c->msg, sizeof( c->msg ),
+ 				"\"idassert-authzFrom <authz>\": "
+ 				"\"%s\" conflicts with existing authz rules",
+ 				c->argv[ 1 ] );
+ 			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ 			return 1;
+ 		}
+ 
+ 		si->si_flags |= LDAP_BACK_AUTH_AUTHZ_ALL;
+ 
+ 		return 0;
+ 
+ 	} else if ( ( si->si_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+  		snprintf( c->msg, sizeof( c->msg ),
+  			"\"idassert-authzFrom <authz>\": "
+ 			"\"<authz>\" conflicts with \"*\"" );
+  		Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+  		return 1;
+  	}
+
+#ifdef SLAP_AUTHZ_SYNTAX
+	{
+		struct berval	in;
+		int		rc;
+
+		ber_str2bv( c->argv[ 1 ], 0, 0, &in );
+		rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
+		if ( rc != LDAP_SUCCESS ) {
+			snprintf( c->msg, sizeof( c->msg ),
+				"\"idassert-authzFrom <authz>\": "
+				"invalid syntax" );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+			return 1;
+		}
+	}
+#else /* !SLAP_AUTHZ_SYNTAX */
+	ber_str2bv( c->argv[ 1 ], 0, 1, &bv );
+#endif /* !SLAP_AUTHZ_SYNTAX */
+
+	ber_bvarray_add( &si->si_authz, &bv );
+
+	return 0;
+}
+
+static int
+slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
+{
+	int		i;
+
+	for ( i = 1; i < c->argc; i++ ) {
+		if ( strncasecmp( c->argv[ i ], "mode=", STRLENOF( "mode=" ) ) == 0 ) {
+			char	*argvi = c->argv[ i ] + STRLENOF( "mode=" );
+			int	j;
+
+			j = verb_to_mask( argvi, idassert_mode );
+			if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
+				snprintf( c->msg, sizeof( c->msg ),
+					"\"idassert-bind <args>\": "
+					"unknown mode \"%s\"",
+					argvi );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+				return 1;
+			}
+
+			si->si_mode = idassert_mode[ j ].mask;
+
+		} else if ( strncasecmp( c->argv[ i ], "authz=", STRLENOF( "authz=" ) ) == 0 ) {
+			char	*argvi = c->argv[ i ] + STRLENOF( "authz=" );
+
+			if ( strcasecmp( argvi, "native" ) == 0 ) {
+				if ( si->si_bc.sb_method != LDAP_AUTH_SASL ) {
+					snprintf( c->msg, sizeof( c->msg ),
+						"\"idassert-bind <args>\": "
+						"authz=\"native\" incompatible "
+						"with auth method" );
+					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+					return 1;
+				}
+				si->si_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
+
+			} else if ( strcasecmp( argvi, "proxyAuthz" ) == 0 ) {
+				si->si_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
+
+			} else {
+				snprintf( c->msg, sizeof( c->msg ),
+					"\"idassert-bind <args>\": "
+					"unknown authz \"%s\"",
+					argvi );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+				return 1;
+			}
+
+		} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 ) {
+			char	*argvi = c->argv[ i ] + STRLENOF( "flags=" );
+			char	**flags = ldap_str2charray( argvi, "," );
+			int	j, err = 0;
+
+			if ( flags == NULL ) {
+				snprintf( c->msg, sizeof( c->msg ),
+					"\"idassert-bind <args>\": "
+					"unable to parse flags \"%s\"",
+					argvi );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+				return 1;
+			}
+
+			for ( j = 0; flags[ j ] != NULL; j++ ) {
+
+				if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
+					si->si_flags |= LDAP_BACK_AUTH_OVERRIDE;
+
+				} else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) {
+					si->si_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+				} else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) {
+					si->si_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
+				} else if ( strcasecmp( flags[ j ], "obsolete-proxy-authz" ) == 0 ) {
+					if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+						Debug( LDAP_DEBUG_ANY,
+                                      		 		"%s: \"obsolete-proxy-authz\" flag "
+                                      		 		"in \"idassert-mode <args>\" "
+                                      		 		"incompatible with previously issued \"obsolete-encoding-workaround\" flag.\n",
+                                      	 			c->log, 0, 0 );
+						err = 1;
+						break;
+
+					} else {
+						si->si_flags |= LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ;
+					}
+
+				} else if ( strcasecmp( flags[ j ], "obsolete-encoding-workaround" ) == 0 ) {
+					if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+						Debug( LDAP_DEBUG_ANY,
+                                      	 			"%s: \"obsolete-encoding-workaround\" flag "
+                                       			"in \"idassert-mode <args>\" "
+                                       			"incompatible with previously issued \"obsolete-proxy-authz\" flag.\n",
+                                       			c->log, 0, 0 );
+						err = 1;
+						break;
+
+					} else {
+						si->si_flags |= LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND;
+					}
+
+				} else {
+					snprintf( c->msg, sizeof( c->msg ),
+						"\"idassert-bind <args>\": "
+						"unknown flag \"%s\"",
+						flags[ j ] );
+					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+					err = 1;
+					break;
+				}
+			}
+
+			ldap_charray_free( flags );
+			if ( err ) {
+				return 1;
+			}
+
+		} else if ( bindconf_parse( c->argv[ i ], &si->si_bc ) ) {
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
+/* NOTE: temporary, until back-meta is ported to back-config */
+int
+slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si )
+{
+	ConfigArgs	c = { 0 };
+	char		*argv[ 3 ];
+
+	snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
+	c.argc = 2;
+	c.argv = argv;
+	argv[ 0 ] = "idassert-authzFrom";
+	argv[ 1 ] = (char *)arg;
+	argv[ 2 ] = NULL;
+
+	return slap_idassert_authzfrom_parse( &c, si );
+}
+
+int
+slap_idassert_parse_cf( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si )
+{
+	ConfigArgs	c = { 0 };
+
+	snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
+	c.argc = argc;
+	c.argv = argv;
+
+	return slap_idassert_parse( &c, si );
+}
+
+static int
 ldap_back_cf_gen( ConfigArgs *c )
 {
 	ldapinfo_t	*li = ( ldapinfo_t * )c->be->be_private;
-	int		rc;
+	int		rc = 0;
 	int		i;
 
 	if ( c->op == SLAP_CONFIG_EMIT ) {
 		struct berval	bv = BER_BVNULL;
-		rc = 0;
 
 		if ( li == NULL ) {
 			return 1;
@@ -339,10 +768,14 @@
 		switch( c->type ) {
 		case LDAP_BACK_CFG_URI:
 			if ( li->li_uri != NULL ) {
-				struct berval	bv;
+				struct berval	bv, bv2;
 
 				ber_str2bv( li->li_uri, 0, 0, &bv );
-				value_add_one( &c->rvalue_vals, &bv );
+				bv2.bv_len = bv.bv_len + STRLENOF( "\"\"" );
+				bv2.bv_val = ch_malloc( bv2.bv_len + 1 );
+				snprintf( bv2.bv_val, bv2.bv_len + 1,
+					"\"%s\"", bv.bv_val );
+				ber_bvarray_add( &c->rvalue_vals, &bv2 );
 
 			} else {
 				rc = 1;
@@ -396,7 +829,13 @@
 			int		i;
 
 			if ( li->li_idassert_authz == NULL ) {
-				rc = 1;
+				if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+					BER_BVSTR( &bv, "*" );
+					value_add_one( &c->rvalue_vals, &bv );
+
+				} else {
+					rc = 1;
+				}
 				break;
 			}
 
@@ -462,7 +901,7 @@
 					(void)lutil_strcopy( ptr, "authz=native" );
 				}
 
-				len = bv.bv_len + STRLENOF( "flags=non-prescriptive,override" );
+				len = bv.bv_len + STRLENOF( "flags=non-prescriptive,override,obsolete-encoding-workaround" );
 				/* flags */
 				if ( !BER_BVISEMPTY( &bv ) ) {
 					len += STRLENOF( " " );
@@ -488,11 +927,18 @@
 					ptr = lutil_strcopy( ptr, ",override" );
 				}
 
+				if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+					ptr = lutil_strcopy( ptr, ",obsolete-proxy-authz" );
+
+				} else if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+					ptr = lutil_strcopy( ptr, ",obsolete-encoding-workaround" );
+				}
+
 				bv.bv_len = ( ptr - bv.bv_val );
 				/* end-of-flags */
 			}
 
-			bindconf_unparse( &li->li_idassert, &bc );
+			bindconf_unparse( &li->li_idassert.si_bc, &bc );
 
 			if ( !BER_BVISNULL( &bv ) ) {
 				ber_len_t	len = bv.bv_len + bc.bv_len;
@@ -531,7 +977,7 @@
 			break;
 
 		case LDAP_BACK_CFG_T_F:
-			enum_to_verb( t_f_mode, (li->li_flags & LDAP_BACK_F_SUPPORT_T_F_MASK), &bv );
+			enum_to_verb( t_f_mode, (li->li_flags & LDAP_BACK_F_T_F_MASK2), &bv );
 			if ( BER_BVISNULL( &bv ) ) {
 				/* there's something wrong... */
 				assert( 0 );
@@ -549,13 +995,13 @@
 		case LDAP_BACK_CFG_TIMEOUT:
 			BER_BVZERO( &bv );
 
-			for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+			for ( i = 0; i < SLAP_OP_LAST; i++ ) {
 				if ( li->li_timeout[ i ] != 0 ) {
 					break;
 				}
 			}
 
-			if ( i == LDAP_BACK_OP_LAST ) {
+			if ( i == SLAP_OP_LAST ) {
 				return 1;
 			}
 
@@ -622,6 +1068,47 @@
 			c->value_int = li->li_version;
 			break;
 
+		case LDAP_BACK_CFG_SINGLECONN:
+			c->value_int = LDAP_BACK_SINGLECONN( li );
+			break;
+
+		case LDAP_BACK_CFG_USETEMP:
+			c->value_int = LDAP_BACK_USE_TEMPORARIES( li );
+			break;
+
+		case LDAP_BACK_CFG_CONNPOOLMAX:
+			c->value_int = li->li_conn_priv_max;
+			break;
+
+		case LDAP_BACK_CFG_CANCEL: {
+			slap_mask_t	mask = LDAP_BACK_F_CANCEL_MASK2;
+
+			if ( LDAP_BACK_CANCEL_DISCOVER( li ) ) {
+				mask &= ~LDAP_BACK_F_CANCEL_EXOP;
+			}
+			enum_to_verb( cancel_mode, (li->li_flags & mask), &bv );
+			if ( BER_BVISNULL( &bv ) ) {
+				/* there's something wrong... */
+				assert( 0 );
+				rc = 1;
+
+			} else {
+				value_add_one( &c->rvalue_vals, &bv );
+			}
+			} break;
+
+		case LDAP_BACK_CFG_QUARANTINE:
+			if ( !LDAP_BACK_QUARANTINE( li ) ) {
+				rc = 1;
+				break;
+			}
+
+			rc = slap_retry_info_unparse( &li->li_quarantine, &bv );
+			if ( rc == 0 ) {
+				ber_bvarray_add( &c->rvalue_vals, &bv );
+			}
+			break;
+
 		default:
 			/* FIXME: we need to handle all... */
 			assert( 0 );
@@ -630,7 +1117,6 @@
 		return rc;
 
 	} else if ( c->op == LDAP_MOD_DELETE ) {
-		rc = 0;
 		switch( c->type ) {
 		case LDAP_BACK_CFG_URI:
 			if ( li->li_uri != NULL ) {
@@ -683,18 +1169,19 @@
 			break;
 
 		case LDAP_BACK_CFG_IDASSERT_BIND:
-			bindconf_free( &li->li_idassert );
+			bindconf_free( &li->li_idassert.si_bc );
 			break;
 
 		case LDAP_BACK_CFG_REBIND:
 		case LDAP_BACK_CFG_CHASE:
 		case LDAP_BACK_CFG_T_F:
 		case LDAP_BACK_CFG_WHOAMI:
+		case LDAP_BACK_CFG_CANCEL:
 			rc = 1;
 			break;
 
 		case LDAP_BACK_CFG_TIMEOUT:
-			for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+			for ( i = 0; i < SLAP_OP_LAST; i++ ) {
 				li->li_timeout[ i ] = 0;
 			}
 			break;
@@ -715,6 +1202,29 @@
 			li->li_version = 0;
 			break;
 
+		case LDAP_BACK_CFG_SINGLECONN:
+			li->li_flags &= ~LDAP_BACK_F_SINGLECONN;
+			break;
+
+		case LDAP_BACK_CFG_USETEMP:
+			li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+			break;
+
+		case LDAP_BACK_CFG_CONNPOOLMAX:
+			li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_MIN;
+			break;
+
+		case LDAP_BACK_CFG_QUARANTINE:
+			if ( !LDAP_BACK_QUARANTINE( li ) ) {
+				break;
+			}
+
+			slap_retry_info_destroy( &li->li_quarantine );
+			ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
+			li->li_isquarantined = 0;
+			li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
+			break;
+
 		default:
 			/* FIXME: we need to handle all... */
 			assert( 0 );
@@ -988,6 +1498,28 @@
 				} else if ( strcasecmp( c->argv[ i ], "non-prescriptive" ) == 0 ) {
 					li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
 
+				} else if ( strcasecmp( c->argv[ i ], "obsolete-proxy-authz" ) == 0 ) {
+					if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
+						Debug( LDAP_DEBUG_ANY,
+                                       	 		"%s: line %d: \"obsolete-proxy-authz\" flag "
+                                        		"in \"idassert-mode <args>\" "
+                                        		"incompatible with previously issued \"obsolete-encoding-workaround\" flag.\n",
+                                        		c->fname, c->lineno, 0 );
+                                		return 1;
+					}
+					li->li_idassert_flags |= LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ;
+
+				} else if ( strcasecmp( c->argv[ i ], "obsolete-encoding-workaround" ) == 0 ) {
+					if ( li->li_idassert_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
+						Debug( LDAP_DEBUG_ANY,
+                                       	 		"%s: line %d: \"obsolete-encoding-workaround\" flag "
+                                        		"in \"idassert-mode <args>\" "
+                                        		"incompatible with previously issued \"obsolete-proxy-authz\" flag.\n",
+                                        		c->fname, c->lineno, 0 );
+                                		return 1;
+					}
+					li->li_idassert_flags |= LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND;
+
 				} else {
 					Debug( LDAP_DEBUG_ANY,
                                         	"%s: line %d: unknown flag #%d "
@@ -1049,27 +1581,10 @@
 		ber_str2bv( c->argv[ 1 ], 0, 1, &li->li_idassert_passwd );
 		break;
 
-	case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: {
-		struct berval	bv;
-#ifdef SLAP_AUTHZ_SYNTAX
-		struct berval	in;
-		int		rc;
+	case LDAP_BACK_CFG_IDASSERT_AUTHZFROM:
+		rc = slap_idassert_authzfrom_parse( c, &li->li_idassert );
+		break;
 
-		ber_str2bv( c->argv[ 1 ], 0, 0, &in );
-		rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
-		if ( rc != LDAP_SUCCESS ) {
-			snprintf( c->msg, sizeof( c->msg ),
-				"\"idassert-authzFrom <authz>\": "
-				"invalid syntax" );
-			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-			return 1;
-		}
-#else /* !SLAP_AUTHZ_SYNTAX */
-		ber_str2bv( c->argv[ 1 ], 0, 1, &bv );
-#endif /* !SLAP_AUTHZ_SYNTAX */
-		ber_bvarray_add( &li->li_idassert_authz, &bv );
-		} break;
-
 	case LDAP_BACK_CFG_IDASSERT_METHOD:
 		/* no longer supported */
 		snprintf( c->msg, sizeof( c->msg ),
@@ -1079,90 +1594,7 @@
 		return 1;
 
 	case LDAP_BACK_CFG_IDASSERT_BIND:
-		for ( i = 1; i < c->argc; i++ ) {
-			if ( strncasecmp( c->argv[ i ], "mode=", STRLENOF( "mode=" ) ) == 0 ) {
-				char	*argvi = c->argv[ i ] + STRLENOF( "mode=" );
-				int	j;
-
-				j = verb_to_mask( argvi, idassert_mode );
-				if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
-					snprintf( c->msg, sizeof( c->msg ),
-						"\"idassert-bind <args>\": "
-						"unknown mode \"%s\"",
-						argvi );
-					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-					return 1;
-				}
-
-				li->li_idassert_mode = idassert_mode[ j ].mask;
-
-			} else if ( strncasecmp( c->argv[ i ], "authz=", STRLENOF( "authz=" ) ) == 0 ) {
-				char	*argvi = c->argv[ i ] + STRLENOF( "authz=" );
-
-				if ( strcasecmp( argvi, "native" ) == 0 ) {
-					if ( li->li_idassert_authmethod != LDAP_AUTH_SASL ) {
-						snprintf( c->msg, sizeof( c->msg ),
-							"\"idassert-bind <args>\": "
-							"authz=\"native\" incompatible "
-							"with auth method" );
-						Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-						return 1;
-					}
-					li->li_idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
-
-				} else if ( strcasecmp( argvi, "proxyAuthz" ) == 0 ) {
-					li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
-
-				} else {
-					snprintf( c->msg, sizeof( c->msg ),
-						"\"idassert-bind <args>\": "
-						"unknown authz \"%s\"",
-						argvi );
-					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-					return 1;
-				}
-
-			} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 ) {
-				char	*argvi = c->argv[ i ] + STRLENOF( "flags=" );
-				char	**flags = ldap_str2charray( argvi, "," );
-				int	j;
-
-				if ( flags == NULL ) {
-					snprintf( c->msg, sizeof( c->msg ),
-						"\"idassert-bind <args>\": "
-						"unable to parse flags \"%s\"",
-						argvi );
-					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-					return 1;
-				}
-
-				for ( j = 0; flags[ j ] != NULL; j++ ) {
-					if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
-						li->li_idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
-
-					} else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) {
-						li->li_idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
-
-					} else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) {
-						li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
-
-					} else {
-						snprintf( c->msg, sizeof( c->msg ),
-							"\"idassert-bind <args>\": "
-							"unknown flag \"%s\"",
-							flags[ j ] );
-						Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
-						ldap_charray_free( flags );
-						return 1;
-					}
-				}
-
-				ldap_charray_free( flags );
-
-			} else if ( bindconf_parse( c->argv[ i ], &li->li_idassert ) ) {
-				return 1;
-			}
-		}
+		rc = slap_idassert_parse( c, &li->li_idassert );
 		break;
 
 	case LDAP_BACK_CFG_REBIND:
@@ -1183,15 +1615,42 @@
 		}
 		break;
 
-	case LDAP_BACK_CFG_T_F:
+	case LDAP_BACK_CFG_T_F: {
+		slap_mask_t		mask;
+
 		i = verb_to_mask( c->argv[1], t_f_mode );
 		if ( BER_BVISNULL( &t_f_mode[i].word ) ) {
 			return 1;
 		}
-		li->li_flags &= ~LDAP_BACK_F_SUPPORT_T_F_MASK;
-		li->li_flags |= t_f_mode[i].mask;
-		break;
 
+		mask = t_f_mode[i].mask;
+
+		if ( LDAP_BACK_ISOPEN( li )
+			&& mask == LDAP_BACK_F_T_F_DISCOVER
+			&& !LDAP_BACK_T_F( li ) )
+		{
+			int		rc;
+
+			if ( li->li_uri == NULL ) {
+				snprintf( c->msg, sizeof( c->msg ),
+					"need URI to discover \"cancel\" support "
+					"in \"cancel exop-discover\"" );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+				return 1;
+			}
+
+			rc = slap_discover_feature( li->li_uri, li->li_version,
+					slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+					LDAP_FEATURE_ABSOLUTE_FILTERS );
+			if ( rc == LDAP_COMPARE_TRUE ) {
+				mask |= LDAP_BACK_F_T_F;
+			}
+		}
+
+		li->li_flags &= ~LDAP_BACK_F_T_F_MASK2;
+		li->li_flags |= mask;
+		} break;
+
 	case LDAP_BACK_CFG_WHOAMI:
 		if ( c->argc == 1 || c->value_int ) {
 			li->li_flags |= LDAP_BACK_F_PROXY_WHOAMI;
@@ -1210,10 +1669,14 @@
 				unsigned	u;
 
 				if ( lutil_atoux( &u, c->argv[ i ], 0 ) != 0 ) {
+					snprintf( c->msg, sizeof( c->msg),
+						"unable to parse timeout \"%s\"",
+						c->argv[ i ] );
+					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 					return 1;
 				}
 
-				for ( j = 0; j < LDAP_BACK_OP_LAST; j++ ) {
+				for ( j = 0; j < SLAP_OP_LAST; j++ ) {
 					li->li_timeout[ j ] = u;
 				}
 
@@ -1221,6 +1684,10 @@
 			}
 
 			if ( slap_cf_aux_table_parse( c->argv[ i ], li->li_timeout, timeout_table, "slapd-ldap timeout" ) ) {
+				snprintf( c->msg, sizeof( c->msg),
+					"unable to parse timeout \"%s\"",
+					c->argv[ i ] );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 				return 1;
 			}
 		}
@@ -1266,18 +1733,111 @@
 		} break;
 
 	case LDAP_BACK_CFG_VERSION:
-		switch ( c->value_int ) {
-		case 0:
-		case LDAP_VERSION2:
-		case LDAP_VERSION3:
-			li->li_version = c->value_int;
-			break;
+		if ( c->value_int != 0 && ( c->value_int < LDAP_VERSION_MIN || c->value_int > LDAP_VERSION_MAX ) ) {
+			snprintf( c->msg, sizeof( c->msg ),
+				"unsupported version \"%s\" "
+				"in \"protocol-version <version>\"",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+			return 1;
+		}
 
-		default:
+		li->li_version = c->value_int;
+		break;
+
+	case LDAP_BACK_CFG_SINGLECONN:
+		if ( c->value_int ) {
+			li->li_flags |= LDAP_BACK_F_SINGLECONN;
+
+		} else {
+			li->li_flags &= ~LDAP_BACK_F_SINGLECONN;
+		}
+		break;
+
+	case LDAP_BACK_CFG_USETEMP:
+		if ( c->value_int ) {
+			li->li_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+
+		} else {
+			li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+		}
+		break;
+
+	case LDAP_BACK_CFG_CONNPOOLMAX:
+		if ( c->value_int < LDAP_BACK_CONN_PRIV_MIN
+			|| c->value_int > LDAP_BACK_CONN_PRIV_MAX )
+		{
+			snprintf( c->msg, sizeof( c->msg ),
+				"invalid max size " "of privileged "
+				"connections pool \"%s\" "
+				"in \"conn-pool-max <n> "
+				"(must be between %d and %d)\"",
+				c->argv[ 1 ],
+				LDAP_BACK_CONN_PRIV_MIN,
+				LDAP_BACK_CONN_PRIV_MAX );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 			return 1;
 		}
+		li->li_conn_priv_max = c->value_int;
 		break;
 
+	case LDAP_BACK_CFG_CANCEL: {
+		slap_mask_t		mask;
+
+		i = verb_to_mask( c->argv[1], cancel_mode );
+		if ( BER_BVISNULL( &cancel_mode[i].word ) ) {
+			return 1;
+		}
+
+		mask = cancel_mode[i].mask;
+
+		if ( LDAP_BACK_ISOPEN( li )
+			&& mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
+			&& !LDAP_BACK_CANCEL( li ) )
+		{
+			int		rc;
+
+			if ( li->li_uri == NULL ) {
+				snprintf( c->msg, sizeof( c->msg ),
+					"need URI to discover \"cancel\" support "
+					"in \"cancel exop-discover\"" );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+				return 1;
+			}
+
+			rc = slap_discover_feature( li->li_uri, li->li_version,
+					slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+					LDAP_EXOP_CANCEL );
+			if ( rc == LDAP_COMPARE_TRUE ) {
+				mask |= LDAP_BACK_F_CANCEL_EXOP;
+			}
+		}
+
+		li->li_flags &= ~LDAP_BACK_F_CANCEL_MASK2;
+		li->li_flags |= mask;
+		} break;
+
+	case LDAP_BACK_CFG_QUARANTINE:
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			snprintf( c->msg, sizeof( c->msg ),
+				"quarantine already defined" );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+			return 1;
+		}
+		rc = slap_retry_info_parse( c->argv[1], &li->li_quarantine,
+			c->msg, sizeof( c->msg ) );
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+
+		} else {
+			ldap_pvt_thread_mutex_init( &li->li_quarantine_mutex );
+			/* give it a chance to retry if the pattern gets reset
+			 * via back-config */
+			li->li_isquarantined = 0;
+			li->li_flags |= LDAP_BACK_F_QUARANTINE;
+		}
+		break;
+
 	case LDAP_BACK_CFG_REWRITE:
 		snprintf( c->msg, sizeof( c->msg ),
 			"rewrite/remap capabilities have been moved "
@@ -1293,7 +1853,7 @@
 		break;
 	}
 
-	return 0;
+	return rc;
 }
 
 int
@@ -1368,7 +1928,7 @@
 		&& !strcmp( op->o_conn->c_authz_backend->be_type, "ldap" )
 		&& !dn_match( &op->o_ndn, &op->o_conn->c_ndn ) )
 	{
-		ldapconn_t	*lc;
+		ldapconn_t	*lc = NULL;
 		LDAPControl c, *ctrls[2] = {NULL, NULL};
 		LDAPMessage *res;
 		Operation op2 = *op;
@@ -1378,8 +1938,7 @@
 
 		ctrls[0] = &c;
 		op2.o_ndn = op->o_conn->c_ndn;
-		lc = ldap_back_getconn(&op2, rs, LDAP_BACK_SENDERR);
-		if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+		if ( !ldap_back_dobind( &lc, &op2, rs, LDAP_BACK_SENDERR ) ) {
 			return -1;
 		}
 		c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
@@ -1419,7 +1978,7 @@
 		}
 
 		if ( lc != NULL ) {
-			ldap_back_release_conn( &op2, rs, lc );
+			ldap_back_release_conn( (ldapinfo_t *)op2.o_bd->be_private, lc );
 		}
 
 	} else {

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* delete.c - ldap backend delete function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/delete.c,v 1.37.2.9 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/delete.c,v 1.37.2.13 2007/01/17 20:57:10 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -36,23 +36,22 @@
 		Operation	*op,
 		SlapReply	*rs )
 {
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	ldapconn_t	*lc;
-	ber_int_t	msgid;
-	LDAPControl	**ctrls = NULL;
-	int		do_retry = 1;
-	int		rc = LDAP_SUCCESS;
+	ldapconn_t		*lc = NULL;
+	ber_int_t		msgid;
+	LDAPControl		**ctrls = NULL;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
+	int			rc = LDAP_SUCCESS;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}
 
 retry:
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
 		rc = rs->sr_err;
@@ -62,9 +61,10 @@
 	rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_dn.bv_val,
 			ctrls, NULL, &msgid );
 	rc = ldap_back_op_result( lc, op, rs, msgid,
-		li->li_timeout[ LDAP_BACK_OP_DELETE], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
-		do_retry = 0;
+		li->li_timeout[ SLAP_OP_DELETE ],
+		( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
@@ -76,7 +76,7 @@
 	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* extended.c - ldap backend extended routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/extended.c,v 1.22.2.14 2006/05/20 09:17:02 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/extended.c,v 1.22.2.17 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42,7 +42,9 @@
 static int
 ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
 {
-	ldapconn_t	*lc;
+	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
+
+	ldapconn_t	*lc = NULL;
 	LDAPControl	**oldctrls = NULL;
 	int		rc;
 
@@ -50,13 +52,14 @@
 	 * called twice; maybe we could avoid the 
 	 * ldap_back_dobind() call inside each extended()
 	 * call ... */
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return -1;
 	}
 
 	oldctrls = op->o_ctrls;
-	if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
+	if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
+	{
 		op->o_ctrls = oldctrls;
 		send_ldap_extended( op, rs );
 		rs->sr_text = NULL;
@@ -75,7 +78,7 @@
 
 done:;
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 			
 	return rc;
@@ -106,7 +109,9 @@
 		Operation	*op,
 		SlapReply	*rs )
 {
-	ldapconn_t	*lc;
+	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
+
+	ldapconn_t	*lc = NULL;
 	req_pwdexop_s	*qpw = &op->oq_pwdexop;
 	LDAPMessage	*res;
 	ber_int_t	msgid;
@@ -114,8 +119,7 @@
 	int		do_retry = 1;
 	char *text = NULL;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return -1;
 	}
 
@@ -136,6 +140,11 @@
 			rs->sr_err = rc;
 
 		} else {
+			/* only touch when activity actually took place... */
+			if ( li->li_idle_timeout && lc ) {
+				lc->lc_time = op->o_time;
+			}
+
 			/* sigh. parse twice, because parse_passwd
 			 * doesn't give us the err / match / msg info.
 			 */
@@ -191,10 +200,18 @@
 				goto retry;
 			}
 		}
+
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			ldap_back_quarantine( op, rs );
+		}
+
 		if ( text ) rs->sr_text = text;
 		send_ldap_extended( op, rs );
 		/* otherwise frontend resends result */
 		rc = rs->sr_err = SLAPD_ABANDON;
+
+	} else if ( LDAP_BACK_QUARANTINE( li ) ) {
+		ldap_back_quarantine( op, rs );
 	}
 
 	/* these have to be freed anyway... */
@@ -209,7 +226,7 @@
 	}
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;
@@ -220,15 +237,16 @@
 	Operation	*op,
 	SlapReply	*rs )
 {
-	ldapconn_t	*lc;
+	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
+
+	ldapconn_t	*lc = NULL;
 	LDAPMessage	*res;
 	ber_int_t	msgid;
 	int		rc;
 	int		do_retry = 1;
 	char *text = NULL;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return -1;
 	}
 
@@ -246,6 +264,11 @@
 			rs->sr_err = rc;
 
 		} else {
+			/* only touch when activity actually took place... */
+			if ( li->li_idle_timeout && lc ) {
+				lc->lc_time = op->o_time;
+			}
+
 			/* sigh. parse twice, because parse_passwd
 			 * doesn't give us the err / match / msg info.
 			 */
@@ -287,10 +310,18 @@
 				goto retry;
 			}
 		}
+
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			ldap_back_quarantine( op, rs );
+		}
+
 		if ( text ) rs->sr_text = text;
 		send_ldap_extended( op, rs );
 		/* otherwise frontend resends result */
 		rc = rs->sr_err = SLAPD_ABANDON;
+
+	} else if ( LDAP_BACK_QUARANTINE( li ) ) {
+		ldap_back_quarantine( op, rs );
 	}
 
 	/* these have to be freed anyway... */
@@ -305,7 +336,7 @@
 	}
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/init.c,v 1.79.2.11 2006/01/03 22:16:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/init.c,v 1.79.2.13 2007/01/05 09:47:10 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -81,12 +81,16 @@
 ldap_back_db_init( Backend *be )
 {
 	ldapinfo_t	*li;
+	unsigned	i;
 
 	li = (ldapinfo_t *)ch_calloc( 1, sizeof( ldapinfo_t ) );
 	if ( li == NULL ) {
  		return -1;
  	}
 
+	li->li_rebind_f = ldap_back_default_rebind;
+	ldap_pvt_thread_mutex_init( &li->li_uri_mutex );
+
 	BER_BVZERO( &li->li_acl_authcID );
 	BER_BVZERO( &li->li_acl_authcDN );
 	BER_BVZERO( &li->li_acl_passwd );
@@ -105,7 +109,7 @@
 
 	li->li_idassert_authmethod = LDAP_AUTH_NONE;
 	BER_BVZERO( &li->li_idassert_sasl_mech );
-	li->li_idassert.sb_tls = SB_TLS_DEFAULT;
+	li->li_idassert_tls = SB_TLS_DEFAULT;
 
 	/* by default, use proxyAuthz control on each operation */
 	li->li_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
@@ -120,6 +124,12 @@
 
 	ldap_pvt_thread_mutex_init( &li->li_conninfo.lai_mutex );
 
+	for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+		li->li_conn_priv[ i ].lic_num = 0;
+		LDAP_TAILQ_INIT( &li->li_conn_priv[ i ].lic_priv );
+	}
+	li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
+
 	be->be_private = li;
 	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
 
@@ -150,48 +160,30 @@
 		break;
 	}
 
-#if 0 && defined(SLAPD_MONITOR)
-	{
-		/* FIXME: disabled because namingContexts doesn't have
-		 * a matching rule, and using an MRA filter doesn't work
-		 * because the normalized assertion is compared to the 
-		 * non-normalized value, which in general differs from
-		 * the normalized one.  See ITS#3406 */
-		struct berval	filter,
-				base = BER_BVC( "cn=Databases," SLAPD_MONITOR );
-		Attribute	a = { 0 };
+	if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) {
+		int		rc;
 
-		filter.bv_len = STRLENOF( "(&(namingContexts:distinguishedNameMatch:=)(monitoredInfo=ldap))" )
-			+ be->be_nsuffix[ 0 ].bv_len;
-		filter.bv_val = ch_malloc( filter.bv_len + 1 );
-		snprintf( filter.bv_val, filter.bv_len + 1,
-				"(&(namingContexts:distinguishedNameMatch:=%s)(monitoredInfo=ldap))",
-				be->be_nsuffix[ 0 ].bv_val );
-
-		a.a_desc = slap_schema.si_ad_labeledURI;
-		a.a_vals = li->li_bvuri;
-		a.a_nvals = li->li_bvuri;
-		if ( monitor_back_register_entry_attrs( NULL, &a, NULL, &base, LDAP_SCOPE_SUBTREE, &filter ) ) {
-			/* error */
+		rc = slap_discover_feature( li->li_uri, li->li_version,
+				slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+				LDAP_FEATURE_ABSOLUTE_FILTERS );
+		if ( rc == LDAP_COMPARE_TRUE ) {
+			li->li_flags |= LDAP_BACK_F_T_F;
 		}
-
-		ch_free( filter.bv_val );
 	}
-#endif /* SLAPD_MONITOR */
 
-	if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
+	if ( LDAP_BACK_CANCEL_DISCOVER( li ) && !LDAP_BACK_CANCEL( li ) ) {
 		int		rc;
 
-		li->li_flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
-
 		rc = slap_discover_feature( li->li_uri, li->li_version,
-				slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
-				LDAP_FEATURE_ABSOLUTE_FILTERS );
+				slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+				LDAP_EXOP_CANCEL );
 		if ( rc == LDAP_COMPARE_TRUE ) {
-			li->li_flags |= LDAP_BACK_F_SUPPORT_T_F;
+			li->li_flags |= LDAP_BACK_F_CANCEL_EXOP;
 		}
 	}
 
+	li->li_flags |= LDAP_BACK_F_ISOPEN;
+
 	return 0;
 }
 
@@ -213,16 +205,17 @@
 	if ( !BER_BVISNULL( &lc->lc_local_ndn ) ) {
 		ch_free( lc->lc_local_ndn.bv_val );
 	}
+	lc->lc_q.tqe_prev = NULL;
+	lc->lc_q.tqe_next = NULL;
 	ch_free( lc );
 }
 
 int
-ldap_back_db_destroy(
-    Backend	*be
-)
+ldap_back_db_destroy( Backend *be )
 {
 	if ( be->be_private ) {
 		ldapinfo_t	*li = ( ldapinfo_t * )be->be_private;
+		unsigned	i;
 
 		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 
@@ -285,9 +278,22 @@
                	if ( li->li_conninfo.lai_tree ) {
 			avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
 		}
+		for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+			while ( !LDAP_TAILQ_EMPTY( &li->li_conn_priv[ i ].lic_priv ) ) {
+				ldapconn_t	*lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ i ].lic_priv );
 
+				LDAP_TAILQ_REMOVE( &li->li_conn_priv[ i ].lic_priv, lc, lc_q );
+				ldap_back_conn_free( lc );
+			}
+		}
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			slap_retry_info_destroy( &li->li_quarantine );
+			ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
+		}
+
 		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 		ldap_pvt_thread_mutex_destroy( &li->li_conninfo.lai_mutex );
+		ldap_pvt_thread_mutex_destroy( &li->li_uri_mutex );
 	}
 
 	ch_free( be->be_private );

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modify.c - ldap backend modify function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modify.c,v 1.58.2.11 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modify.c,v 1.58.2.14 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -36,20 +36,19 @@
 		Operation	*op,
 		SlapReply	*rs )
 {
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	ldapconn_t	*lc;
-	LDAPMod		**modv = NULL,
-			*mods = NULL;
-	Modifications	*ml;
-	int		i, j, rc;
-	ber_int_t	msgid;
-	int		isupdate;
-	int		do_retry = 1;
-	LDAPControl	**ctrls = NULL;
+	ldapconn_t		*lc = NULL;
+	LDAPMod			**modv = NULL,
+				*mods = NULL;
+	Modifications		*ml;
+	int			i, j, rc;
+	ber_int_t		msgid;
+	int			isupdate;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
+	LDAPControl		**ctrls = NULL;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}
 
@@ -100,7 +99,8 @@
 
 retry:;
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
 		rc = -1;
@@ -110,9 +110,10 @@
 	rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,
 			ctrls, NULL, &msgid );
 	rc = ldap_back_op_result( lc, op, rs, msgid,
-		li->li_timeout[ LDAP_BACK_OP_MODIFY], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		li->li_timeout[ SLAP_OP_MODIFY ],
+		( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
@@ -129,7 +130,7 @@
 	ch_free( modv );
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modrdn.c - ldap backend modrdn function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modrdn.c,v 1.38.2.10 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modrdn.c,v 1.38.2.14 2007/01/17 20:57:10 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -36,17 +36,16 @@
 		Operation	*op,
  		SlapReply	*rs )
 {
-	ldapinfo_t	*li = (ldapinfo_t *)op->o_bd->be_private;
+	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;
 
-	ldapconn_t	*lc;
-	ber_int_t	msgid;
-	LDAPControl	**ctrls = NULL;
-	int		do_retry = 1;
-	int		rc = LDAP_SUCCESS;
-	char		*newSup = NULL;
+	ldapconn_t		*lc = NULL;
+	ber_int_t		msgid;
+	LDAPControl		**ctrls = NULL;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
+	int			rc = LDAP_SUCCESS;
+	char			*newSup = NULL;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}
 
@@ -75,7 +74,8 @@
 
 retry:
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
 		rc = -1;
@@ -86,9 +86,10 @@
 			op->orr_newrdn.bv_val, newSup,
 			op->orr_deleteoldrdn, ctrls, NULL, &msgid );
 	rc = ldap_back_op_result( lc, op, rs, msgid,
-		li->li_timeout[ LDAP_BACK_OP_MODRDN ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
-		do_retry = 0;
+		li->li_timeout[ SLAP_OP_MODRDN ],
+		( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
@@ -100,7 +101,7 @@
 	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/proto-ldap.h,v 1.3.2.10 2006/02/16 22:21:27 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/proto-ldap.h,v 1.3.2.13 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -47,15 +47,14 @@
 
 extern BI_entry_get_rw		ldap_back_entry_get;
 
-int ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock );
-ldapconn_t *ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok );
-void ldap_back_release_conn_lock( Operation *op, SlapReply *rs, ldapconn_t *lc, int dolock );
-#define ldap_back_release_conn(op, rs, lc) ldap_back_release_conn_lock((op), (rs), (lc), 1)
-int ldap_back_dobind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
+void ldap_back_release_conn_lock( ldapinfo_t *li, ldapconn_t **lcp, int dolock );
+#define ldap_back_release_conn(li, lc) ldap_back_release_conn_lock((li), &(lc), 1)
+int ldap_back_dobind( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
 int ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
 int ldap_back_map_result( SlapReply *rs );
 int ldap_back_op_result( ldapconn_t *lc, Operation *op, SlapReply *rs,
 	ber_int_t msgid, time_t timeout, ldap_back_send_t sendok );
+int ldap_back_cancel( ldapconn_t *lc, Operation *op, SlapReply *rs, ber_int_t msgid, ldap_back_send_t sendok );
 
 int ldap_back_init_cf( BackendInfo *bi );
 
@@ -64,9 +63,13 @@
 extern int ldap_back_conndn_dup( void *c1, void *c2 );
 extern void ldap_back_conn_free( void *c );
 
+extern ldapconn_t * ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc );
+
 extern int
 ldap_back_proxy_authz_ctrl(
-		ldapconn_t	*lc,
+		struct berval	*bound_ndn,
+		int		version,
+		slap_idassert_t	*si,
 		Operation	*op,
 		SlapReply	*rs,
 		LDAPControl	***pctrls );
@@ -76,9 +79,27 @@
 		Operation	*op,
 		LDAPControl	***pctrls );
 
+extern void
+ldap_back_quarantine(
+	Operation	*op,
+	SlapReply	*rs );
+
+#ifdef LDAP_BACK_PRINT_CONNTREE
+extern void
+ldap_back_print_conntree( ldapinfo_t *li, char *msg );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+extern void slap_retry_info_destroy( slap_retry_info_t *ri );
+extern int slap_retry_info_parse( char *in, slap_retry_info_t *ri,
+	char *buf, ber_len_t buflen );
+extern int slap_retry_info_unparse( slap_retry_info_t *ri, struct berval *bvout );
+
+extern int slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
+extern int slap_idassert_parse_cf( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si );
+
 extern int chain_init( void );
 
-extern LDAP_REBIND_PROC		*ldap_back_rebind_f;
+extern LDAP_REBIND_PROC		ldap_back_default_rebind;
 
 LDAP_END_DECL
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - ldap backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.31 2006/09/26 12:54:26 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.38 2007/03/09 16:23:16 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -75,7 +75,7 @@
 
 		if ( strncmp( ptr, bv_true.bv_val, bv_true.bv_len ) == 0 ) {
 			oldbv = &bv_true;
-			if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F ) {
+			if ( LDAP_BACK_T_F( li ) ) {
 				newbv = &bv_t;
 
 			} else {
@@ -85,7 +85,7 @@
 		} else if ( strncmp( ptr, bv_false.bv_val, bv_false.bv_len ) == 0 )
 		{
 			oldbv = &bv_false;
-			if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F ) {
+			if ( LDAP_BACK_T_F( li ) ) {
 				newbv = &bv_f;
 
 			} else {
@@ -141,25 +141,29 @@
 		Operation	*op,
 		SlapReply	*rs )
 {
-	ldapconn_t	*lc;
+	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
+
+	ldapconn_t	*lc = NULL;
 	struct timeval	tv;
-	time_t		stoptime = (time_t)-1;
+	time_t		stoptime = (time_t)(-1);
 	LDAPMessage	*res,
 			*e;
 	int		rc = 0,
 			msgid; 
 	struct berval	match = BER_BVNULL,
 			filter = BER_BVNULL;
+	int		free_filter = 0;
 	int		i;
 	char		**attrs = NULL;
 	int		freetext = 0;
 	int		do_retry = 1, dont_retry = 0;
 	LDAPControl	**ctrls = NULL;
+	char		**references = NULL;
+
 	/* FIXME: shouldn't this be null? */
 	const char	*save_matched = rs->sr_matched;
 
-	lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-	if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}
 
@@ -201,7 +205,8 @@
 	}
 
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		goto finish;
 	}
@@ -237,6 +242,7 @@
 
 		case LDAP_FILTER_ERROR:
 			if ( ldap_back_munge_filter( op, &filter ) ) {
+				free_filter = 1;
 				goto retry;
 			}
 
@@ -252,38 +258,64 @@
 		}
 	}
 
+	/* if needed, initialize timeout */
+	if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+		if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+			tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+			tv.tv_usec = 0;
+		}
+	}
+
 	/* We pull apart the ber result, stuff it into a slapd entry, and
 	 * let send_search_entry stuff it back into ber format. Slow & ugly,
 	 * but this is necessary for version matching, and for ACL processing.
 	 */
 
-	for ( rc = 0; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
+	for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
 	{
 		/* check for abandon */
-		if ( op->o_abandon ) {
+		if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
 			if ( rc > 0 ) {
 				ldap_msgfree( res );
 			}
-			ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
+			(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
 			rc = SLAPD_ABANDON;
 			goto finish;
 		}
 
-		if ( rc == 0 ) {
-			LDAP_BACK_TV_SET( &tv );
+		if ( rc == 0 || rc == -2 ) {
 			ldap_pvt_thread_yield();
 
+			/* check timeout */
+			if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+				if ( rc == 0 ) {
+					(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+					rs->sr_text = "Operation timed out";
+					rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+						LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+					goto finish;
+				}
+
+			} else {
+				LDAP_BACK_TV_SET( &tv );
+			}
+
 			/* check time limit */
 			if ( op->ors_tlimit != SLAP_NO_LIMIT
 					&& slap_get_time() > stoptime )
 			{
-				ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
+				(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
 				rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
 				goto finish;
 			}
 			continue;
 
 		} else {
+			/* only touch when activity actually took place... */
+			if ( li->li_idle_timeout && lc ) {
+				lc->lc_time = op->o_time;
+			}
+
 			/* don't retry any more */
 			dont_retry = 1;
 		}
@@ -320,14 +352,12 @@
 				if ( rc == LDAP_UNAVAILABLE ) {
 					rc = rs->sr_err = LDAP_OTHER;
 				} else {
-					ldap_abandon_ext( lc->lc_ld, msgid, NULL, NULL );
+					(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
 				}
 				goto finish;
 			}
 
 		} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
-			char		**references = NULL;
-
 			do_retry = 0;
 			rc = ldap_parse_reference( lc->lc_ld, res,
 					&references, &rs->sr_ctrls, 1 );
@@ -344,7 +374,8 @@
 					/* NO OP */ ;
 
 				/* FIXME: there MUST be at least one */
-				rs->sr_ref = ch_malloc( ( cnt + 1 ) * sizeof( struct berval ) );
+				rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
+					op->o_tmpmemctx );
 
 				for ( cnt = 0; references[ cnt ]; cnt++ ) {
 					ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
@@ -365,8 +396,9 @@
 			/* cleanup */
 			if ( references ) {
 				ber_memvfree( (void **)references );
-				ch_free( rs->sr_ref );
+				op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
 				rs->sr_ref = NULL;
+				references = NULL;
 			}
 
 			if ( rs->sr_ctrls ) {
@@ -375,7 +407,7 @@
 			}
 
 		} else {
-			char		**references = NULL, *err = NULL;
+			char		*err = NULL;
 
 			rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
 					&match.bv_val, &err,
@@ -389,29 +421,44 @@
 				freetext = 1;
 			}
 
-			if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
-				int	cnt;
-
+			/* RFC 4511: referrals can only appear
+			 * if result code is LDAP_REFERRAL */
+			if ( references 
+				&& references[ 0 ]
+				&& references[ 0 ][ 0 ] )
+			{
 				if ( rs->sr_err != LDAP_REFERRAL ) {
-					/* FIXME: error */
 					Debug( LDAP_DEBUG_ANY,
 						"%s ldap_back_search: "
-						"got referrals with %d\n",
+						"got referrals with err=%d\n",
 						op->o_log_prefix,
 						rs->sr_err, 0 );
-					rs->sr_err = LDAP_REFERRAL;
-				}
 
-				for ( cnt = 0; references[ cnt ]; cnt++ )
-					/* NO OP */ ;
+				} else {
+					int	cnt;
+
+					for ( cnt = 0; references[ cnt ]; cnt++ )
+						/* NO OP */ ;
 				
-				rs->sr_ref = ch_malloc( ( cnt + 1 ) * sizeof( struct berval ) );
+					rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
+						op->o_tmpmemctx );
 
-				for ( cnt = 0; references[ cnt ]; cnt++ ) {
-					/* duplicating ...*/
-					ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
+					for ( cnt = 0; references[ cnt ]; cnt++ ) {
+						/* duplicating ...*/
+						ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
+					}
+					BER_BVZERO( &rs->sr_ref[ cnt ] );
 				}
-				BER_BVZERO( &rs->sr_ref[ cnt ] );
+
+			} else if ( rs->sr_err == LDAP_REFERRAL ) {
+				Debug( LDAP_DEBUG_ANY,
+					"%s ldap_back_search: "
+					"got err=%d with null "
+					"or empty referrals\n",
+					op->o_log_prefix,
+					rs->sr_err, 0 );
+
+				rs->sr_err = LDAP_NO_SUCH_OBJECT;
 			}
 
 			if ( match.bv_val != NULL ) {
@@ -432,14 +479,17 @@
 			}
 #endif /* LDAP_NULL_IS_NULL */
 
-			/* cleanup */
-			if ( references ) {
-				ber_memvfree( (void **)references );
-			}
-
 			rc = 0;
 			break;
 		}
+
+		/* if needed, restore timeout */
+		if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+			if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+				tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+				tv.tv_usec = 0;
+			}
+		}
 	}
 
  	if ( rc == -1 && dont_retry == 0 ) {
@@ -474,7 +524,15 @@
 	}
 
 finish:;
-	if ( rc != SLAPD_ABANDON ) {
+	if ( LDAP_BACK_QUARANTINE( li ) ) {
+		ldap_back_quarantine( op, rs );
+	}
+
+#if 0
+	/* let send_ldap_result play cleanup handlers (ITS#4645) */
+	if ( rc != SLAPD_ABANDON )
+#endif
+	{
 		send_ldap_result( op, rs );
 	}
 
@@ -495,7 +553,7 @@
 		rs->sr_matched = save_matched;
 	}
 
-	if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) {
+	if ( free_filter ) {
 		op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
 	}
 
@@ -507,16 +565,20 @@
 	}
 
 	if ( rs->sr_ref ) {
-		ber_bvarray_free( rs->sr_ref );
+		op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
 		rs->sr_ref = NULL;
 	}
 
+	if ( references ) {
+		ber_memvfree( (void **)references );
+	}
+
 	if ( attrs ) {
 		ch_free( attrs );
 	}
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rs->sr_err;
@@ -714,10 +776,11 @@
 		ObjectClass		*oc,
 		AttributeDescription	*at,
 		int			rw,
-		Entry			**ent
-)
+		Entry			**ent )
 {
-	ldapconn_t	*lc;
+	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;
+
+	ldapconn_t	*lc = NULL;
 	int		rc = 1,
 			do_not_cache;
 	struct berval	bdn;
@@ -734,8 +797,7 @@
 	/* Tell getconn this is a privileged op */
 	do_not_cache = op->o_do_not_cache;
 	op->o_do_not_cache = 1;
-	lc = ldap_back_getconn( op, &rs, LDAP_BACK_DONTSEND );
-	if ( !lc || !ldap_back_dobind( lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+	if ( !ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
 		op->o_do_not_cache = do_not_cache;
 		return rs.sr_err;
 	}
@@ -767,7 +829,8 @@
 
 retry:
 	ctrls = op->o_ctrls;
-	rc = ldap_back_proxy_authz_ctrl( lc, op, &rs, &ctrls );
+	rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
+		li->li_version, &li->li_idassert, op, &rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
@@ -802,7 +865,7 @@
 	rc = ldap_build_entry( op, e, *ent, &bdn );
 
 	if ( rc != LDAP_SUCCESS ) {
-		ch_free( *ent );
+		entry_free( *ent );
 		*ent = NULL;
 	}
 
@@ -818,7 +881,7 @@
 	}
 
 	if ( lc != NULL ) {
-		ldap_back_release_conn( op, &rs, lc );
+		ldap_back_release_conn( li, lc );
 	}
 
 	return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* unbind.c - ldap backend unbind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/unbind.c,v 1.24.2.7 2006/02/16 22:21:27 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/unbind.c,v 1.24.2.10 2007/01/17 23:03:20 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -48,21 +48,30 @@
 	lc_curr.lc_conn = conn;
 	
 	ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+#if LDAP_BACK_PRINT_CONNTREE > 0
+	ldap_back_print_conntree( li, ">>> ldap_back_conn_destroy" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
 	while ( ( lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)&lc_curr, ldap_back_conn_cmp ) ) != NULL )
 	{
 		Debug( LDAP_DEBUG_TRACE,
-			"=>ldap_back_conn_destroy: destroying conn %ld (refcnt=%u)\n",
-			LDAP_BACK_PCONN_ID( lc->lc_conn ), lc->lc_refcnt, 0 );
+			"=>ldap_back_conn_destroy: destroying conn %ld "
+			"refcnt=%d flags=0x%08x\n",
+			LDAP_BACK_PCONN_ID( lc ),
+			lc->lc_refcnt, lc->lc_lcflags );
 
-		assert( lc->lc_refcnt == 0 );
+		if ( lc->lc_refcnt > 0 ) {
+			/* someone else might be accessing the connection;
+			 * mark for deletion */
+			LDAP_BACK_CONN_CACHED_CLEAR( lc );
+			LDAP_BACK_CONN_TAINTED_SET( lc );
 
-		/*
-		 * Needs a test because the handler may be corrupted,
-		 * and calling ldap_unbind on a corrupted header results
-		 * in a segmentation fault
-		 */
-		ldap_back_conn_free( lc );
+		} else {
+			ldap_back_conn_free( lc );
+		}
 	}
+#if LDAP_BACK_PRINT_CONNTREE > 0
+	ldap_back_print_conntree( li, "<<< ldap_back_conn_destroy" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
 	ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
 
 	return 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-ldbm
-# $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/Makefile.in,v 1.39.2.2 2006/01/03 22:16:18 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/Makefile.in,v 1.39.2.3 2007/01/02 21:44:02 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* add.c - ldap ldbm back-end add routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/add.c,v 1.92.2.6 2006/01/03 22:16:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/add.c,v 1.92.2.8 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -56,7 +56,13 @@
 	Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n",
 		op->o_req_dn.bv_val, 0, 0);
 	
-	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+	rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"entry failed op attrs add: %s (%d)\n",
+			rs->sr_text, rs->sr_err, 0 );
+		goto return_results;
+	}
 
 	cb.sc_cleanup = ldbm_csn_cb;
 	cb.sc_next = op->o_callback;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/alias.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/alias.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/alias.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/alias.c,v 1.47.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/alias.c,v 1.47.2.4 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/attr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/attr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* attr.c - backend routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/attr.c,v 1.39.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/attr.c,v 1.39.2.4 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/back-ldbm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/back-ldbm.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/back-ldbm.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* back-ldbm.h - ldap ldbm back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/back-ldbm.h,v 1.64.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/back-ldbm.h,v 1.64.2.5 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - ldbm backend bind and unbind routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/bind.c,v 1.75.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/bind.c,v 1.75.2.3 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/cache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/cache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/cache.c,v 1.66.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/cache.c,v 1.66.2.5 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/close.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/close.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/close.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* close.c - close ldbm backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/close.c,v 1.19.2.5 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/close.c,v 1.19.2.6 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - ldbm backend compare routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/compare.c,v 1.49.2.6 2006/04/04 20:29:34 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/compare.c,v 1.49.2.7 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - ldbm backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/config.c,v 1.37.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/config.c,v 1.37.2.5 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/dbcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/dbcache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/dbcache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldbmcache.c - maintain a cache of open ldbm files */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dbcache.c,v 1.57.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dbcache.c,v 1.57.2.5 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* delete.c - ldbm backend delete routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/delete.c,v 1.80.2.5 2006/02/13 19:50:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/delete.c,v 1.80.2.6 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/dn2id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/dn2id.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/dn2id.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dn2id.c - routines to deal with the dn2id index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dn2id.c,v 1.70.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/dn2id.c,v 1.70.2.4 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* entry.c - ldbm backend entry_release routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/entry.c,v 1.21.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/entry.c,v 1.21.2.5 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/extended.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/extended.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* extended.c - ldbm backend extended routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/extended.c,v 1.18.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/extended.c,v 1.18.2.3 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/filterindex.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/filterindex.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/filterindex.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* filterindex.c - generate the list of candidate entries from a filter */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/filterindex.c,v 1.53.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/filterindex.c,v 1.53.2.3 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2children.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2children.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2children.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* id2children.c - routines to deal with the id2children index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2children.c,v 1.31.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2children.c,v 1.31.2.3 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/id2entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* id2entry.c - routines to deal with the id2entry index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2entry.c,v 1.38.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/id2entry.c,v 1.38.2.4 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/idl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/idl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/idl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* idl.c - ldap id list handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/idl.c,v 1.86.2.3 2006/04/04 20:29:34 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/idl.c,v 1.86.2.4 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/index.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/index.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/index.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/index.c,v 1.88.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/index.c,v 1.88.2.3 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize ldbm backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/init.c,v 1.96.2.7 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/init.c,v 1.96.2.8 2007/01/02 21:44:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/key.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/key.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/key.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/key.c,v 1.9.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/key.c,v 1.9.2.3 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldbm.c - ldap dbm compatibility routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.c,v 1.4.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.c,v 1.4.2.4 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/ldbm.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldbm.h - ldap dbm compatibility routine header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.h,v 1.2.2.2 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/ldbm.h,v 1.2.2.3 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modify.c - ldbm backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modify.c,v 1.115.2.8 2006/04/04 20:29:34 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modify.c,v 1.115.2.9 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modrdn.c - ldbm backend modrdn routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modrdn.c,v 1.153.2.8 2006/02/13 19:50:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modrdn.c,v 1.153.2.9 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/nextid.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/nextid.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/nextid.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* nextid.c - keep track of the next id to be given out */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/nextid.c,v 1.36.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/nextid.c,v 1.36.2.4 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/operational.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/operational.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* operational.c - ldbm backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/operational.c,v 1.12.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/operational.c,v 1.12.2.4 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/proto-back-ldbm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/proto-back-ldbm.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/proto-back-ldbm.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h,v 1.79.2.3 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h,v 1.79.2.4 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/referral.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/referral.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* referral.c - LDBM backend referral handler */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/referral.c,v 1.24.2.3 2006/01/06 19:46:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/referral.c,v 1.24.2.4 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - ldbm backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/search.c,v 1.128.2.7 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/search.c,v 1.128.2.8 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldbm/tools.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldbm/tools.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldbm/tools.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* tools.c - tools for slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/tools.c,v 1.43.2.4 2006/01/03 22:16:19 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/tools.c,v 1.43.2.5 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-ldif
-# $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/Makefile.in,v 1.1.2.3 2006/01/03 22:16:20 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/Makefile.in,v 1.1.2.4 2007/01/02 21:44:03 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldif.c - the ldif backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.21 2006/05/27 08:06:14 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.22 2007/01/02 21:44:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-meta
-# $OpenLDAP: pkg/ldap/servers/slapd/back-meta/Makefile.in,v 1.12.2.6 2006/01/03 22:16:20 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-meta/Makefile.in,v 1.12.2.7 2007/01/02 21:44:03 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/add.c,v 1.27.2.14 2006/04/05 21:27:52 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/add.c,v 1.27.2.17 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -36,6 +36,7 @@
 meta_back_add( Operation *op, SlapReply *rs )
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t	*mt;
 	metaconn_t	*mc;
 	int		i, candidate = -1;
 	int		isupdate;
@@ -45,7 +46,7 @@
 	dncookie	dc;
 	int		msgid;
 	int		do_retry = 1;
-	int		maperr = 1;
+	LDAPControl	**ctrls = NULL;
 
 	Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
 			op->o_req_dn.bv_val, 0, 0 );
@@ -63,7 +64,8 @@
 	/*
 	 * Rewrite the add dn, if needed
 	 */
-	dc.target = &mi->mi_targets[ candidate ];
+	mt = mi->mi_targets[ candidate ];
+	dc.target = mt;
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 	dc.ctx = "addDN";
@@ -96,7 +98,7 @@
 			mapped = a->a_desc->ad_cname;
 
 		} else {
-			ldap_back_map( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
+			ldap_back_map( &mt->mt_rwmap.rwm_at,
 					&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
 			if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
 				continue;
@@ -121,11 +123,11 @@
 			for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
 				struct ldapmapping	*mapping;
 
-				ldap_back_mapping( &mi->mi_targets[ candidate ].mt_rwmap.rwm_oc,
+				ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
 						&a->a_vals[ j ], &mapping, BACKLDAP_MAP );
 
 				if ( mapping == NULL ) {
-					if ( mi->mi_targets[ candidate ].mt_rwmap.rwm_oc.drop_missing ) {
+					if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
 						continue;
 					}
 					attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
@@ -166,64 +168,30 @@
 	attrs[ i ] = NULL;
 
 retry:;
+	ctrls = op->o_ctrls;
+	if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+	{
+		send_ldap_result( op, rs );
+		goto cleanup;
+	}
+
 	rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
-			      attrs, op->o_ctrls, NULL, &msgid );
+			      attrs, ctrls, NULL, &msgid );
+	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+		mt->mt_timeout[ SLAP_OP_ADD ], LDAP_BACK_SENDRESULT );
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
-		goto cleanup;
-
-	} else if ( rs->sr_err == LDAP_SUCCESS ) {
-		struct timeval	tv, *tvp = NULL;
-		LDAPMessage	*res = NULL;
-		int		rc;
-
-		if ( mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_ADD ] != 0 ) {
-			tv.tv_sec = mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_ADD ];
-			tv.tv_usec = 0;
-			tvp = &tv;
-		}
-
-		rs->sr_err = LDAP_OTHER;
-		maperr = 0;
-		rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
-			msgid, LDAP_MSG_ALL, tvp, &res );
-		switch ( rc ) {
-		case -1:
-			break;
-
-		case 0:
-			ldap_abandon_ext( mc->mc_conns[ candidate ].msc_ld,
-				msgid, NULL, NULL );
-			rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
-				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR;
-			break;
-
-		case LDAP_RES_ADD:
-			rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld,
-				res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-			if ( rc != LDAP_SUCCESS ) {
-				rs->sr_err = rc;
-			}
-			maperr = 1;
-			break;
-
-		default:
-			ldap_msgfree( res );
-			break;
-		}
 	}
 
-	if ( maperr ) {
-		rs->sr_err = meta_back_op_result( mc, op, rs, candidate );
-
-	} else {
-		send_ldap_result( op, rs );
-	}
-
 cleanup:;
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
 	for ( --i; i >= 0; --i ) {
 		free( attrs[ i ]->mod_bvalues );
 		free( attrs[ i ] );
@@ -236,7 +204,7 @@
 
 done:;
 	if ( mc ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	return rs->sr_err;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/back-meta.h,v 1.23.2.18 2006/04/04 22:34:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/back-meta.h,v 1.23.2.22 2007/01/27 23:56:43 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -33,6 +33,13 @@
 #include "rewrite.h"
 LDAP_BEGIN_DECL
 
+/*
+ * Set META_BACK_PRINT_CONNTREE larger than 0 to dump the connection tree (debug only)
+ */
+#ifndef META_BACK_PRINT_CONNTREE
+#define META_BACK_PRINT_CONNTREE 0
+#endif /* !META_BACK_PRINT_CONNTREE */
+
 struct slap_conn;
 struct slap_op;
 
@@ -153,26 +160,71 @@
 
 /* (end of) from back-ldap.h before rwm removal */
 
+/*
+ * A metasingleconn_t can be in the following, mutually exclusive states:
+ *
+ *	- none			(0x0U)
+ *	- creating		META_BACK_FCONN_CREATING
+ *	- initialized		META_BACK_FCONN_INITED
+ *	- binding		LDAP_BACK_FCONN_BINDING
+ *	- bound/anonymous	LDAP_BACK_FCONN_ISBOUND/LDAP_BACK_FCONN_ISANON
+ *
+ * possible modifiers are:
+ *
+ *	- privileged		LDAP_BACK_FCONN_ISPRIV
+ *	- privileged, TLS	LDAP_BACK_FCONN_ISTLS
+ *	- subjected to idassert	LDAP_BACK_FCONN_ISIDASR
+ *	- tainted		LDAP_BACK_FCONN_TAINTED
+ */
+
+#define META_BACK_FCONN_INITED		(0x00100000U)
+#define META_BACK_FCONN_CREATING	(0x00200000U)
+
+#define	META_BACK_CONN_INITED(lc)		LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_INITED)
+#define	META_BACK_CONN_INITED_SET(lc)		LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_INITED)
+#define	META_BACK_CONN_INITED_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_INITED)
+#define	META_BACK_CONN_INITED_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_INITED, (mlc))
+#define	META_BACK_CONN_CREATING(lc)		LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_CREATING)
+#define	META_BACK_CONN_CREATING_SET(lc)		LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_CREATING)
+#define	META_BACK_CONN_CREATING_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_CREATING)
+#define	META_BACK_CONN_CREATING_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_CREATING, (mlc))
+
 struct metainfo_t;
 
+#define	META_NOT_CANDIDATE		((ber_tag_t)0x0)
+#define	META_CANDIDATE			((ber_tag_t)0x1)
+#define	META_BINDING			((ber_tag_t)0x2)
+#define	META_RETRYING			((ber_tag_t)0x4)
+
 typedef struct metasingleconn_t {
-	int			msc_candidate;
-#define	META_NOT_CANDIDATE	((ber_tag_t)0)
-#define	META_CANDIDATE		((ber_tag_t)1)
+#define META_CND_ISSET(rs,f)		( ( (rs)->sr_tag & (f) ) == (f) )
+#define META_CND_SET(rs,f)		( (rs)->sr_tag |= (f) )
+#define META_CND_CLEAR(rs,f)		( (rs)->sr_tag &= ~(f) )
+
+#define META_CANDIDATE_RESET(rs)	( (rs)->sr_tag = 0 )
+#define META_IS_CANDIDATE(rs)		META_CND_ISSET( (rs), META_CANDIDATE )
+#define META_CANDIDATE_SET(rs)		META_CND_SET( (rs), META_CANDIDATE )
+#define META_CANDIDATE_CLEAR(rs)	META_CND_CLEAR( (rs), META_CANDIDATE )
+#define META_IS_BINDING(rs)		META_CND_ISSET( (rs), META_BINDING )
+#define META_BINDING_SET(rs)		META_CND_SET( (rs), META_BINDING )
+#define META_BINDING_CLEAR(rs)		META_CND_CLEAR( (rs), META_BINDING )
+#define META_IS_RETRYING(rs)		META_CND_ISSET( (rs), META_RETRYING )
+#define META_RETRYING_SET(rs)		META_CND_SET( (rs), META_RETRYING )
+#define META_RETRYING_CLEAR(rs)		META_CND_CLEAR( (rs), META_RETRYING )
 	
 	LDAP            	*msc_ld;
+	time_t			msc_time;
 	struct berval          	msc_bound_ndn;
 	struct berval		msc_cred;
 	unsigned		msc_mscflags;
 	/* NOTE: lc_lcflags is redefined to msc_mscflags to reuse the macros
 	 * defined for back-ldap */
 #define	lc_lcflags		msc_mscflags
-
-	struct metainfo_t	*msc_info;
 } metasingleconn_t;
 
 typedef struct metaconn_t {
 	struct slap_conn	*mc_conn;
+#define	lc_conn			mc_conn
 	unsigned		mc_refcnt;
 
 	time_t			mc_create_time;
@@ -190,6 +242,11 @@
 	int             	mc_authz_target;
 #define META_BOUND_NONE		(-1)
 #define META_BOUND_ALL		(-2)
+
+	struct metainfo_t	*mc_info;
+
+	LDAP_TAILQ_ENTRY(metaconn_t)	mc_q;
+
 	/* supersedes the connection stuff */
 	metasingleconn_t	mc_conns[ 1 ];
 	/* NOTE: mc_conns must be last, because
@@ -199,6 +256,13 @@
 
 typedef struct metatarget_t {
 	char			*mt_uri;
+	ldap_pvt_thread_mutex_t	mt_uri_mutex;
+
+	/* TODO: we might want to enable different strategies
+	 * for different targets */
+	LDAP_REBIND_PROC	*mt_rebind_f;
+	void			*mt_urllist_p;
+
 	BerVarray		mt_subtree_exclude;
 	int			mt_scope;
 
@@ -208,23 +272,50 @@
 	struct berval		mt_binddn;
 	struct berval		mt_bindpw;
 
-	struct berval           mt_pseudorootdn;
-	struct berval           mt_pseudorootpw;
+	slap_idassert_t		mt_idassert;
+#define	mt_idassert_mode	mt_idassert.si_mode
+#define	mt_idassert_authcID	mt_idassert.si_bc.sb_authcId
+#define	mt_idassert_authcDN	mt_idassert.si_bc.sb_binddn
+#define	mt_idassert_passwd	mt_idassert.si_bc.sb_cred
+#define	mt_idassert_authzID	mt_idassert.si_bc.sb_authzId
+#define	mt_idassert_authmethod	mt_idassert.si_bc.sb_method
+#define	mt_idassert_sasl_mech	mt_idassert.si_bc.sb_saslmech
+#define	mt_idassert_sasl_realm	mt_idassert.si_bc.sb_realm
+#define	mt_idassert_secprops	mt_idassert.si_bc.sb_secprops
+#define	mt_idassert_tls		mt_idassert.si_bc.sb_tls
+#define	mt_idassert_flags	mt_idassert.si_flags
+#define	mt_idassert_authz	mt_idassert.si_authz
 
 	int			mt_nretries;
 #define META_RETRY_UNDEFINED	(-2)
 #define META_RETRY_FOREVER	(-1)
 #define META_RETRY_NEVER	(0)
-#define META_RETRY_DEFAULT	(3)
+#define META_RETRY_DEFAULT	(10)
 
 	struct ldaprwmap	mt_rwmap;
 
+	sig_atomic_t		mt_isquarantined;
+	slap_retry_info_t	mt_quarantine;
+	ldap_pvt_thread_mutex_t	mt_quarantine_mutex;
+
 	unsigned		mt_flags;
+#define	META_BACK_TGT_ISSET(mt,f)		( ( (mt)->mt_flags & (f) ) == (f) )
+#define	META_BACK_TGT_ISMASK(mt,m,f)		( ( (mt)->mt_flags & (m) ) == (f) )
+
+#define	META_BACK_TGT_T_F(mt)			META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
+#define	META_BACK_TGT_T_F_DISCOVER(mt)		META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
+
+#define	META_BACK_TGT_ABANDON(mt)		META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
+#define	META_BACK_TGT_IGNORE(mt)		META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
+#define	META_BACK_TGT_CANCEL(mt)		META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
+#define	META_BACK_TGT_CANCEL_DISCOVER(mt)	META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+#define	META_BACK_TGT_QUARANTINE(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_QUARANTINE )
+
 	int			mt_version;
 	time_t			mt_network_timeout;
 	struct timeval		mt_bind_timeout;
 #define META_BIND_TIMEOUT	LDAP_BACK_RESULT_UTIMEOUT
-	time_t			mt_timeout[ LDAP_BACK_OP_LAST ];
+	time_t			mt_timeout[ SLAP_OP_LAST ];
 } metatarget_t;
 
 typedef struct metadncache_t {
@@ -241,36 +332,66 @@
 	SlapReply		*mc_candidates;
 } metacandidates_t;
 
+/*
+ * Hook to allow mucking with metainfo_t/metatarget_t when quarantine is over
+ */
+typedef int (*meta_back_quarantine_f)( struct metainfo_t *, int target, void * );
+
 typedef struct metainfo_t {
 	int			mi_ntargets;
 	int			mi_defaulttarget;
 #define META_DEFAULT_TARGET_NONE	(-1)
 	int			mi_nretries;
 
-	metatarget_t		*mi_targets;
+	metatarget_t		**mi_targets;
 	metacandidates_t	*mi_candidates;
 
+	LDAP_REBIND_PROC	*mi_rebind_f;
+
 	metadncache_t		mi_cache;
 	
+	/* cached connections; 
+	 * special conns are in tailq rather than in tree */
 	ldap_avl_info_t		mi_conninfo;
+	struct {
+		int						mic_num;
+		LDAP_TAILQ_HEAD(mc_conn_priv_q, metaconn_t)	mic_priv;
+	}			mi_conn_priv[ LDAP_BACK_PCONN_LAST ];
+	int			mi_conn_priv_max;
 
+	/* NOTE: quarantine uses the connection mutex */
+	slap_retry_info_t	mi_quarantine;
+	meta_back_quarantine_f	mi_quarantine_f;
+	void			*mi_quarantine_p;
+
 	unsigned		mi_flags;
 #define	li_flags		mi_flags
 /* uses flags as defined in <back-ldap/back-ldap.h> */
-#define	META_BACK_F_ONERR_STOP		0x00010000U
-#define	META_BACK_F_DEFER_ROOTDN_BIND	0x00020000U
+#define	META_BACK_F_ONERR_STOP		(0x00100000U)
+#define	META_BACK_F_ONERR_REPORT	(0x00200000U)
+#define	META_BACK_F_ONERR_MASK		(META_BACK_F_ONERR_STOP|META_BACK_F_ONERR_REPORT)
+#define	META_BACK_F_DEFER_ROOTDN_BIND	(0x00400000U)
+#define	META_BACK_F_PROXYAUTHZ_ALWAYS	(0x00800000U)	/* users always proxyauthz */
+#define	META_BACK_F_PROXYAUTHZ_ANON	(0x01000000U)	/* anonymous always proxyauthz */
+#define	META_BACK_F_PROXYAUTHZ_NOANON	(0x02000000U)	/* anonymous remains anonymous */
 
-#define	META_BACK_ONERR_STOP(mi)	( (mi)->mi_flags & META_BACK_F_ONERR_STOP )
-#define	META_BACK_ONERR_CONTINUE(mi)	( !META_BACK_ONERR_CONTINUE( (mi) ) )
+#define	META_BACK_ONERR_STOP(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_STOP )
+#define	META_BACK_ONERR_REPORT(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_REPORT )
+#define	META_BACK_ONERR_CONTINUE(mi)	( !LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_MASK ) )
 
-#define META_BACK_DEFER_ROOTDN_BIND(mi)	( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_DEFER_ROOTDN_BIND(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_PROXYAUTHZ_ALWAYS(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ALWAYS )
+#define META_BACK_PROXYAUTHZ_ANON(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ANON )
+#define META_BACK_PROXYAUTHZ_NOANON(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_NOANON )
 
+#define META_BACK_QUARANTINE(mi)	LDAP_BACK_ISSET( (mi), LDAP_BACK_F_QUARANTINE )
+
 	int			mi_version;
 	time_t			mi_network_timeout;
 	time_t			mi_conn_ttl;
 	time_t			mi_idle_timeout;
 	struct timeval		mi_bind_timeout;
-	time_t			mi_timeout[ LDAP_BACK_OP_LAST ];
+	time_t			mi_timeout[ SLAP_OP_LAST ];
 } metainfo_t;
 
 typedef enum meta_op_type {
@@ -291,11 +412,10 @@
 
 extern void
 meta_back_release_conn_lock(
-       	Operation 		*op,
+       	metainfo_t		*mi,
 	metaconn_t		*mc,
-	int			dofree,
 	int			dolock );
-#define meta_back_release_conn(op, mc)	meta_back_release_conn_lock( (op), (mc), 0, 1 )
+#define meta_back_release_conn(mi, mc)	meta_back_release_conn_lock( (mi), (mc), 1 )
 
 extern int
 meta_back_retry(
@@ -309,23 +429,28 @@
 meta_back_conn_free(
 	void			*v_mc );
 
+#if META_BACK_PRINT_CONNTREE > 0
+extern void
+meta_back_print_conntree(
+	metainfo_t		*mi,
+	char			*msg );
+#endif
+
 extern int
 meta_back_init_one_conn(
 	Operation		*op,
 	SlapReply		*rs,
-	metatarget_t		*mt, 
 	metaconn_t		*mc,
 	int			candidate,
 	int			ispriv,
-	ldap_back_send_t	sendok );
+	ldap_back_send_t	sendok,
+	int			dolock );
 
-extern int
-meta_back_single_bind(
+extern void
+meta_back_quarantine(
 	Operation		*op,
 	SlapReply		*rs,
-	metaconn_t		*mc,
-	int			candidate,
-	int			massage );
+	int			candidate );
 
 extern int
 meta_back_dobind(
@@ -345,11 +470,34 @@
 	int			dolock );
 
 extern int
+meta_back_proxy_authz_cred(
+	metaconn_t		*mc,
+	int			candidate,
+	Operation		*op,
+	SlapReply		*rs,
+	ldap_back_send_t	sendok,
+	struct berval		*binddn,
+	struct berval		*bindcred,
+	int			*method );
+
+extern int
+meta_back_cancel(
+	metaconn_t		*mc,
+	Operation		*op,
+	SlapReply		*rs,
+	ber_int_t		msgid,
+	int			candidate,
+	ldap_back_send_t	sendok );
+
+extern int
 meta_back_op_result(
 	metaconn_t		*mc,
 	Operation		*op,
 	SlapReply		*rs,
-	int			candidate );
+	int			candidate,
+	ber_int_t		msgid,
+	time_t			timeout,
+	ldap_back_send_t	sendok );
 
 extern int
 back_meta_LTX_init_module(
@@ -376,9 +524,7 @@
  */
 extern int
 meta_back_is_candidate(
-	struct berval		*nsuffix,
-	int			suffixscope,
-	BerVarray		subtree_exclude,
+	metatarget_t		*mt,
 	struct berval		*ndn,
 	int			scope );
 
@@ -394,12 +540,9 @@
 
 extern int
 meta_clear_one_candidate(
-	metasingleconn_t	*mc );
-
-extern int
-meta_clear_candidates(
 	Operation		*op,
-	metaconn_t		*mc );
+	metaconn_t		*mc,
+	int			candidate );
 
 /*
  * Dn cache stuff (experimental)
@@ -435,7 +578,7 @@
 extern void
 meta_dncache_free( void *entry );
 
-extern LDAP_REBIND_PROC		*meta_back_rebind_f;
+extern LDAP_REBIND_PROC		meta_back_default_rebind;
 
 LDAP_END_DECL
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.24 2006/04/04 22:34:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.31 2007/03/09 16:23:16 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -33,14 +33,26 @@
 #include "slap.h"
 #include "../back-ldap/back-ldap.h"
 #include "back-meta.h"
+#undef ldap_debug	/* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
 
-static LDAP_REBIND_PROC	meta_back_default_rebind;
+#include "lutil_ldap.h"
 
-/*
- * a module could register a replacement for this function
- */
-LDAP_REBIND_PROC	*meta_back_rebind_f = meta_back_default_rebind;
+static int
+meta_back_proxy_authz_bind(
+	metaconn_t		*mc,
+	int			candidate,
+	Operation		*op,
+	SlapReply		*rs,
+	ldap_back_send_t	sendok );
 
+static int
+meta_back_single_bind(
+	Operation		*op,
+	SlapReply		*rs,
+	metaconn_t		*mc,
+	int			candidate );
+
 int
 meta_back_bind( Operation *op, SlapReply *rs )
 {
@@ -85,17 +97,19 @@
 	 * invalidCredentials */
 	mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_BIND_DONTSEND );
 	if ( !mc ) {
-		char	buf[ SLAP_TEXT_BUFLEN ];
+		if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+			char	buf[ SLAP_TEXT_BUFLEN ];
 
-		snprintf( buf, sizeof( buf ),
-			"meta_back_bind: no target "
-			"for dn \"%s\" (%d%s%s).",
-			op->o_req_dn.bv_val, rs->sr_err,
-			rs->sr_text ? ". " : "",
-			rs->sr_text ? rs->sr_text : "" );
-		Debug( LDAP_DEBUG_ANY,
-			"%s %s\n",
-			op->o_log_prefix, buf, 0 );
+			snprintf( buf, sizeof( buf ),
+				"meta_back_bind: no target "
+				"for dn \"%s\" (%d%s%s).",
+				op->o_req_dn.bv_val, rs->sr_err,
+				rs->sr_text ? ". " : "",
+				rs->sr_text ? rs->sr_text : "" );
+			Debug( LDAP_DEBUG_ANY,
+				"%s %s\n",
+				op->o_log_prefix, buf, 0 );
+		}
 
 		/* FIXME: there might be cases where we don't want
 		 * to map the error onto invalidCredentials */
@@ -115,14 +129,13 @@
 	 */
 	mc->mc_authz_target = META_BOUND_NONE;
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
+		metatarget_t	*mt = mi->mi_targets[ i ];
 		int		lerr;
-		Operation	op2 = *op;
-		int		massage = 1;
 
 		/*
 		 * Skip non-candidates
 		 */
-		if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
+		if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
 			continue;
 		}
 
@@ -144,7 +157,8 @@
 		}
 
 		if ( isroot ) {
-			if ( BER_BVISNULL( &mi->mi_targets[ i ].mt_pseudorootdn ) )
+			if ( mt->mt_idassert_authmethod == LDAP_AUTH_NONE
+				|| BER_BVISNULL( &mt->mt_idassert_authcDN ) )
 			{
 				metasingleconn_t	*msc = &mc->mc_conns[ i ];
 
@@ -154,9 +168,7 @@
 					BER_BVZERO( &msc->msc_bound_ndn );
 				}
 
-				if ( LDAP_BACK_SAVECRED( mi ) &&
-					!BER_BVISNULL( &msc->msc_cred ) )
-				{
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 					/* destroy sensitive data */
 					memset( msc->msc_cred.bv_val, 0,
 						msc->msc_cred.bv_len );
@@ -167,15 +179,13 @@
 				continue;
 			}
 
-			op2.o_req_dn = mi->mi_targets[ i ].mt_pseudorootdn;
-			op2.o_req_ndn = mi->mi_targets[ i ].mt_pseudorootdn;
-			op2.orb_cred = mi->mi_targets[ i ].mt_pseudorootpw;
-			op2.orb_method = LDAP_AUTH_SIMPLE;
+			
+			(void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND );
+			lerr = rs->sr_err;
 
-			massage = 0;
+		} else {
+			lerr = meta_back_single_bind( op, rs, mc, i );
 		}
-		
-		lerr = meta_back_single_bind( &op2, rs, mc, i, massage );
 
 		if ( lerr != LDAP_SUCCESS ) {
 			rc = rs->sr_err = lerr;
@@ -183,7 +193,7 @@
 			 * do not assume it's not candidate; rather
 			 * mark this as an error to be eventually
 			 * reported to client */
-			candidates[ i ].sr_tag = META_NOT_CANDIDATE;
+			META_CANDIDATE_CLEAR( &candidates[ i ] );
 			break;
 		}
 	}
@@ -195,7 +205,9 @@
 			ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
 		}
 
-		if ( !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) ) {
+		if ( !LDAP_BACK_PCONN_ISPRIV( mc )
+			&& !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
+		{
 			metaconn_t	*tmpmc;
 			int		lerr;
 
@@ -209,18 +221,50 @@
 			}
 
 			assert( mc->mc_refcnt == 1 );
+#if META_BACK_PRINT_CONNTREE > 0
+			meta_back_print_conntree( mi, ">>> meta_back_bind" );
+#endif /* META_BACK_PRINT_CONNTREE */
 			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
 				meta_back_conndn_cmp );
 			assert( tmpmc == mc );
 
+			/* delete all cached connections with the current connection */
+			if ( LDAP_BACK_SINGLECONN( mi ) ) {
+				while ( ( tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc, meta_back_conn_cmp ) ) != NULL )
+				{
+					Debug( LDAP_DEBUG_TRACE,
+						"=>meta_back_bind: destroying conn %ld (refcnt=%u)\n",
+						LDAP_BACK_PCONN_ID( mc ), mc->mc_refcnt, 0 );
+
+					if ( tmpmc->mc_refcnt != 0 ) {
+						/* taint it */
+						LDAP_BACK_CONN_TAINTED_SET( tmpmc );
+
+					} else {
+						/*
+						 * Needs a test because the handler may be corrupted,
+						 * and calling ldap_unbind on a corrupted header results
+						 * in a segmentation fault
+						 */
+						meta_back_conn_free( tmpmc );
+					}
+				}
+			}
+
 			ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
+			if ( isroot ) {
+				LDAP_BACK_CONN_ISPRIV_SET( mc );
+				LDAP_BACK_PCONN_SET( mc, op );
+			}
 			lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
 				meta_back_conndn_cmp, meta_back_conndn_dup );
+#if META_BACK_PRINT_CONNTREE > 0
+			meta_back_print_conntree( mi, "<<< meta_back_bind" );
+#endif /* META_BACK_PRINT_CONNTREE */
 			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 			if ( lerr == -1 ) {
-				meta_clear_candidates( op, mc );
-
 				/* we can do this because mc_refcnt == 1 */
+				assert( mc->mc_refcnt == 1 );
 				mc->mc_refcnt = 0;
 				meta_back_conn_free( mc );
 				mc = NULL;
@@ -229,7 +273,7 @@
 	}
 
 	if ( mc != NULL ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	/*
@@ -260,92 +304,78 @@
 	return LDAP_SUCCESS;
 }
 
-/*
- * meta_back_single_bind
- *
- * attempts to perform a bind with creds
- */
-int
-meta_back_single_bind(
+static int
+meta_back_bind_op_result(
 	Operation		*op,
 	SlapReply		*rs,
 	metaconn_t		*mc,
 	int			candidate,
-	int			massage )
+	int			msgid,
+	ldap_back_send_t	sendok )
 {
 	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
-	metatarget_t		*mt = &mi->mi_targets[ candidate ];
-	struct berval		mdn = BER_BVNULL;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
 	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
-	int			msgid,
-				rebinding = 0;
+	LDAPMessage		*res;
+	struct timeval		tv;
+	int			rc;
+	int			nretries = mt->mt_nretries;
+	char			buf[ SLAP_TEXT_BUFLEN ];
 
-	
-	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
-		ch_free( msc->msc_bound_ndn.bv_val );
-		BER_BVZERO( &msc->msc_bound_ndn );
-	}
+	Debug( LDAP_DEBUG_TRACE,
+		">>> %s meta_back_bind_op_result[%d]\n",
+		op->o_log_prefix, candidate, 0 );
 
-	if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &msc->msc_cred ) ) {
-		/* destroy sensitive data */
-		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
-		ch_free( msc->msc_cred.bv_val );
-		BER_BVZERO( &msc->msc_cred );
-	}
+	if ( rs->sr_err == LDAP_SUCCESS ) {
+		time_t		stoptime = (time_t)(-1),
+				timeout;
+		int		timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+		const char	*timeout_text = "Operation timed out";
+		slap_op_t	opidx = slap_req2op( op->o_tag );
 
-	/*
-	 * Rewrite the bind dn if needed
-	 */
-	if ( massage ) {
-		dncookie		dc;
+		/* since timeout is not specified, compute and use
+		 * the one specific to the ongoing operation */
+		if ( opidx == LDAP_REQ_SEARCH ) {
+			if ( op->ors_tlimit <= 0 ) {
+				timeout = 0;
 
-		dc.target = mt;
-		dc.conn = op->o_conn;
-		dc.rs = rs;
-		dc.ctx = "bindDN";
+			} else {
+				timeout = op->ors_tlimit;
+				timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+				timeout_text = NULL;
+			}
 
-		if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
-			rs->sr_text = "DN rewrite error";
-			rs->sr_err = LDAP_OTHER;
-			return rs->sr_err;
+		} else {
+			timeout = mt->mt_timeout[ opidx ];
 		}
 
-	} else {
-		mdn = op->o_req_dn;
-	}
+		/* better than nothing :) */
+		if ( timeout == 0 ) {
+			if ( mi->mi_idle_timeout ) {
+				timeout = mi->mi_idle_timeout;
 
-	/* FIXME: this fixes the bind problem right now; we need
-	 * to use the asynchronous version to get the "matched"
-	 * and more in case of failure ... */
-	/* FIXME: should we check if at least some of the op->o_ctrls
-	 * can/should be passed? */
-rebind:;
-	rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
-			LDAP_SASL_SIMPLE, &op->orb_cred,
-			op->o_ctrls, NULL, &msgid );
-	if ( rs->sr_err == LDAP_SUCCESS ) {
-		LDAPMessage	*res;
-		struct timeval	tv;
-		int		rc;
-		int		nretries = mt->mt_nretries;
-		char		buf[ SLAP_TEXT_BUFLEN ];
+			} else if ( mi->mi_conn_ttl ) {
+				timeout = mi->mi_conn_ttl;
+			}
+		}
 
+		if ( timeout ) {
+			stoptime = op->o_time + timeout;
+		}
+
 		LDAP_BACK_TV_SET( &tv );
 
 		/*
 		 * handle response!!!
 		 */
 retry:;
-		switch ( ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) ) {
+		rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+		switch ( rc ) {
 		case 0:
-			snprintf( buf, sizeof( buf ),
-				"ldap_result=0 nretries=%d%s",
-				nretries, rebinding ? " rebinding" : "" );
-			Debug( LDAP_DEBUG_ANY,
-				"%s meta_back_single_bind[%d]: %s.\n",
-				op->o_log_prefix, candidate, buf );
-
-			if ( nretries != META_RETRY_NEVER ) {
+			if ( nretries != META_RETRY_NEVER 
+				|| ( timeout && slap_get_time() <= stoptime ) )
+			{
 				ldap_pvt_thread_yield();
 				if ( nretries > 0 ) {
 					nretries--;
@@ -354,50 +384,43 @@
 				goto retry;
 			}
 
-			rs->sr_err = LDAP_BUSY;
-			if ( rebinding ) {
-				ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
-				break;
-			}
+			/* don't let anyone else use this handler,
+			 * because there's a pending bind that will not
+			 * be acknowledged */
+			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+			assert( LDAP_BACK_CONN_BINDING( msc ) );
 
-			/* FIXME: some times the request times out
-			 * while the other party is not willing to
-			 * send a response any more.  Give it a second
-			 * chance with a freshly bound connection */
-			rebinding = 1;
-			nretries = mt->mt_nretries;
-			/* fallthru */
+#ifdef DEBUG_205
+			Debug( LDAP_DEBUG_ANY, "### %s meta_back_bind_op_result ldap_unbind_ext[%d] ld=%p\n",
+				op->o_log_prefix, candidate, (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
 
+			meta_clear_one_candidate( op, mc, candidate );
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+			rs->sr_err = timeout_err;
+			rs->sr_text = timeout_text;
+			break;
+
 		case -1:
-			ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_NUMBER,
+			ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
 				&rs->sr_err );
 
-			if ( rebinding ) {
-				ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
-			}
-
 			snprintf( buf, sizeof( buf ),
 				"err=%d (%s) nretries=%d",
 				rs->sr_err, ldap_err2string( rs->sr_err ), nretries );
 			Debug( LDAP_DEBUG_ANY,
-				"### %s meta_back_single_bind[%d]: %s.\n",
+				"### %s meta_back_bind_op_result[%d]: %s.\n",
 				op->o_log_prefix, candidate, buf );
+			break;
 
-			rc = slap_map_api2result( rs );
-			if ( rs->sr_err == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
-				rc = meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_DONTSEND );
-				if ( rc ) {
-					if ( nretries > 0 ) {
-						nretries--;
-					}
-					ldap_pvt_thread_yield();
-					goto rebind;
-				}
-				goto return_results;
+		default:
+			/* only touch when activity actually took place... */
+			if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+				msc->msc_time = op->o_time;
 			}
-			break;
 
-		default:
+			/* FIXME: matched? referrals? response controls? */
 			rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
 					NULL, NULL, NULL, NULL, 1 );
 			if ( rc != LDAP_SUCCESS ) {
@@ -407,22 +430,102 @@
 		}
 	}
 
+	rs->sr_err = slap_map_api2result( rs );
+
+	Debug( LDAP_DEBUG_TRACE,
+		"<<< %s meta_back_bind_op_result[%d] err=%d\n",
+		op->o_log_prefix, candidate, rs->sr_err );
+
+	return rs->sr_err;
+}
+
+/*
+ * meta_back_single_bind
+ *
+ * attempts to perform a bind with creds
+ */
+static int
+meta_back_single_bind(
+	Operation		*op,
+	SlapReply		*rs,
+	metaconn_t		*mc,
+	int			candidate )
+{
+	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	struct berval		mdn = BER_BVNULL;
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+	int			msgid;
+	dncookie		dc;
+	
+	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+		ch_free( msc->msc_bound_ndn.bv_val );
+		BER_BVZERO( &msc->msc_bound_ndn );
+	}
+
+	if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+		/* destroy sensitive data */
+		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+		ch_free( msc->msc_cred.bv_val );
+		BER_BVZERO( &msc->msc_cred );
+	}
+
+	/*
+	 * Rewrite the bind dn if needed
+	 */
+	dc.target = mt;
+	dc.conn = op->o_conn;
+	dc.rs = rs;
+	dc.ctx = "bindDN";
+
+	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+		rs->sr_text = "DN rewrite error";
+		rs->sr_err = LDAP_OTHER;
+		return rs->sr_err;
+	}
+
+	/* FIXME: this fixes the bind problem right now; we need
+	 * to use the asynchronous version to get the "matched"
+	 * and more in case of failure ... */
+	/* FIXME: should we check if at least some of the op->o_ctrls
+	 * can/should be passed? */
+	rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
+			LDAP_SASL_SIMPLE, &op->orb_cred,
+			op->o_ctrls, NULL, &msgid );
+	meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
-		rs->sr_err = slap_map_api2result( rs );
 		goto return_results;
 	}
 
-	ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_dn );
+	/* If defined, proxyAuthz will be used also when
+	 * back-ldap is the authorizing backend; for this
+	 * purpose, a successful bind is followed by a
+	 * bind with the configured identity assertion */
+	/* NOTE: use with care */
+	if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+		meta_back_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR );
+		if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) {
+			goto return_results;
+		}
+		goto cache_refresh;
+	}
+
+	ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_ndn );
 	LDAP_BACK_CONN_ISBOUND_SET( msc );
 	mc->mc_authz_target = candidate;
 
 	if ( LDAP_BACK_SAVECRED( mi ) ) {
+		if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+			memset( msc->msc_cred.bv_val, 0,
+				msc->msc_cred.bv_len );
+		}
 		ber_bvreplace( &msc->msc_cred, &op->orb_cred );
-		ldap_set_rebind_proc( msc->msc_ld, meta_back_rebind_f, msc );
+		ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
 	}
 
+cache_refresh:;
 	if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED
-			&& op->o_req_ndn.bv_len != 0 )
+			&& !BER_BVISEMPTY( &op->o_req_ndn ) )
 	{
 		( void )meta_dncache_update_entry( &mi->mi_cache,
 				&op->o_req_ndn, candidate );
@@ -433,6 +536,10 @@
 		free( mdn.bv_val );
 	}
 
+	if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+		meta_back_quarantine( op, rs, candidate );
+	}
+
 	return rs->sr_err;
 }
 
@@ -450,181 +557,54 @@
 	int			dolock )
 {
 	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
-	metatarget_t		*mt = &mi->mi_targets[ candidate ];
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
 	metaconn_t		*mc = *mcp;
 	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
-	int			rc;
 	static struct berval	cred = BER_BVC( "" );
-	int			msgid,
-				rebinding = 0,
-				save_nretries = nretries;
+	int			msgid;
 
 	assert( !LDAP_BACK_CONN_ISBOUND( msc ) );
 
-	/*
-	 * meta_back_single_dobind() calls meta_back_single_bind()
-	 * if required.
-	 */
-	if ( be_isroot( op ) && !BER_BVISNULL( &mi->mi_targets[ candidate ].mt_pseudorootdn ) )
+	/* NOTE: this obsoletes pseudorootdn */
+	if ( op->o_conn != NULL &&
+		!op->o_do_not_cache &&
+		( BER_BVISNULL( &msc->msc_bound_ndn ) ||
+			BER_BVISEMPTY( &msc->msc_bound_ndn ) ||
+			( LDAP_BACK_CONN_ISPRIV( mc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||
+			( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
 	{
-		Operation	op2 = *op;
+		(void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok );
 
-		op2.o_tag = LDAP_REQ_BIND;
-		op2.o_req_dn = mi->mi_targets[ candidate ].mt_pseudorootdn;
-		op2.o_req_ndn = mi->mi_targets[ candidate ].mt_pseudorootdn;
-		op2.orb_cred = mi->mi_targets[ candidate ].mt_pseudorootpw;
-		op2.orb_method = LDAP_AUTH_SIMPLE;
+	} else {
 
-		rc = meta_back_single_bind( &op2, rs, *mcp, candidate, 0 );
-		goto done;
+		/* FIXME: should we check if at least some of the op->o_ctrls
+		 * can/should be passed? */
+		rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+			"", LDAP_SASL_SIMPLE, &cred,
+			NULL, NULL, &msgid );
+		rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
 	}
 
-	/*
-	 * Otherwise an anonymous bind is performed
-	 * (note: if the target was already bound, the anonymous
-	 * bind clears the previous bind).
-	 */
-	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
-		ber_memfree( msc->msc_bound_ndn.bv_val );
-		BER_BVZERO( &msc->msc_bound_ndn );
-	}
-		
-	if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &msc->msc_cred ) ) {
-		/* destroy sensitive data */
-		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
-		ber_memfree( msc->msc_cred.bv_val );
-		BER_BVZERO( &msc->msc_cred );
-	}
-
-	/* FIXME: should we check if at least some of the op->o_ctrls
-	 * can/should be passed? */
-rebind:;
-	rc = ldap_sasl_bind( msc->msc_ld, "", LDAP_SASL_SIMPLE, &cred,
-			NULL, NULL, &msgid );
-	if ( rc == LDAP_SUCCESS ) {
-		LDAPMessage	*res;
-		struct timeval	tv;
-		char		buf[ SLAP_TEXT_BUFLEN ];
-
-		LDAP_BACK_TV_SET( &tv );
-
-		/*
-		 * handle response!!!
-		 */
-retry:;
-		switch ( ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) ) {
-		case 0:
-			snprintf( buf, sizeof( buf ),
-				"ldap_result=0 nretries=%d%s",
-				nretries, rebinding ? " rebinding" : "" );
-			Debug( LDAP_DEBUG_ANY,
-				"%s meta_back_single_dobind[%d]: %s.\n",
-				op->o_log_prefix, candidate, buf );
-
-			if ( nretries != META_RETRY_NEVER ) {
-				ldap_pvt_thread_yield();
-				if ( nretries > 0 ) {
-					nretries--;
-				}
-				tv = mt->mt_bind_timeout;
-				goto retry;
-			}
-
-			rc = LDAP_BUSY;
-			if ( rebinding ) {
-				ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
-				break;
-			}
-
-			/* FIXME: some times the request times out
-			 * while the other party is not willing to
-			 * send a response any more.  Give it a second
-			 * chance with a freshly bound connection */
-			rebinding = 1;
-			nretries = save_nretries;
-			/* fallthru */
-
-		case -1:
-			ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_NUMBER,
-				&rs->sr_err );
-
-			if ( rebinding ) {
-				ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
-			}
-
-			snprintf( buf, sizeof( buf ),
-				"err=%d (%s) nretries=%d",
-				rs->sr_err, ldap_err2string( rs->sr_err ), nretries );
-			Debug( LDAP_DEBUG_ANY,
-				"### %s meta_back_single_dobind[%d]: %s.\n",
-				op->o_log_prefix, candidate, buf );
-
-			rc = slap_map_api2result( rs );
-			if ( rc == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
-				if ( dolock ) {
-					ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-				}
-
-				if ( mc->mc_refcnt == 1 ) {
-					meta_clear_one_candidate( msc );
-				        LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
-
-					( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
-
-				        /* mc here must be the regular mc,
-					 * reset and ready for init */
-				        rc = meta_back_init_one_conn( op, rs,
-						mt, mc, candidate,
-						LDAP_BACK_CONN_ISPRIV( mc ),
-						LDAP_BACK_DONTSEND );
-				        LDAP_BACK_CONN_BINDING_SET( msc );
-
-				} else {
-					/* can't do anything about it */
-					rc = LDAP_UNAVAILABLE;
-				}
-
-				if ( dolock ) {
-					ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-				}
-
-				if ( rc == LDAP_SUCCESS ) {
-					ldap_pvt_thread_yield();
-					if ( nretries > 0 ) {
-						nretries--;
-					}
-					goto rebind;
-				}
-			}
-			break;
-
-		default:
-			rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
-					NULL, NULL, NULL, NULL, 1 );
-			if ( rc == LDAP_SUCCESS ) {
-				rc = slap_map_api2result( rs );
-			}
-			break;
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		if ( dolock ) {
+			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
 		}
-
-	} else {
-		rs->sr_err = rc;
-		rc = slap_map_api2result( rs );
-	}
-
-done:;
-	rs->sr_err = rc;
-	if ( rc != LDAP_SUCCESS && META_BACK_ONERR_STOP( mi ) ) {
 	        LDAP_BACK_CONN_BINDING_CLEAR( msc );
-		meta_back_release_conn_lock( op, mc, 1, dolock );
-		*mcp = NULL;
-
-		if ( sendok & LDAP_BACK_SENDERR ) {
-			send_ldap_result( op, rs );
+		if ( META_BACK_ONERR_STOP( mi ) ) {
+	        	LDAP_BACK_CONN_TAINTED_SET( mc );
+			meta_back_release_conn_lock( mi, mc, 0 );
+			*mcp = NULL;
 		}
+		if ( dolock ) {
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+		}
 	}
 
-	return rc;
+	if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+		meta_back_quarantine( op, rs, candidate );
+	}
+
+	return rs->sr_err;
 }
 
 /*
@@ -652,7 +632,7 @@
 	Debug( LDAP_DEBUG_TRACE,
 		"%s meta_back_dobind: conn=%ld%s\n",
 		op->o_log_prefix,
-		LDAP_BACK_PCONN_ID( mc->mc_conn ),
+		LDAP_BACK_PCONN_ID( mc ),
 		isroot ? " (isroot)" : "" );
 
 	/*
@@ -664,15 +644,14 @@
 	}
 
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
-		metatarget_t		*mt = &mi->mi_targets[ i ];
+		metatarget_t		*mt = mi->mi_targets[ i ];
 		metasingleconn_t	*msc = &mc->mc_conns[ i ];
-		int			rc, do_retry = 1;
-		char			*rootdn = NULL;
+		int			rc;
 
 		/*
 		 * Not a candidate
 		 */
-		if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
+		if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
 			continue;
 		}
 
@@ -684,22 +663,25 @@
 
 retry_binding:;
 		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-		if ( LDAP_BACK_CONN_ISBOUND( msc ) || LDAP_BACK_CONN_ISANON( msc ) ) {
+		if ( LDAP_BACK_CONN_ISBOUND( msc )
+			|| ( LDAP_BACK_CONN_ISANON( msc )
+				&& mt->mt_idassert_authmethod == LDAP_AUTH_NONE ) )
+		{
 			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 			++bound;
 			continue;
 
-		} else if ( LDAP_BACK_CONN_BINDING( msc ) ) {
+		} else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) )
+		{
 			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 			ldap_pvt_thread_yield();
 			goto retry_binding;
 
-		} else {
-			LDAP_BACK_CONN_BINDING_SET( msc );
-			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-		} 
+		}
 
-retry:;
+		LDAP_BACK_CONN_BINDING_SET( msc );
+		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
 		rc = meta_back_single_dobind( op, rs, &mc, i,
 			LDAP_BACK_DONTSEND, mt->mt_nretries, 1 );
 		/*
@@ -716,15 +698,20 @@
 			}
 
 
-			if ( rc == LDAP_UNAVAILABLE && do_retry ) {
-				do_retry = 0;
+			if ( rc == LDAP_UNAVAILABLE ) {
+				/* FIXME: meta_back_retry() already re-calls
+				 * meta_back_single_dobind() */
 				if ( meta_back_retry( op, rs, &mc, i, sendok ) ) {
-					goto retry;
+					goto retry_ok;
 				}
-				ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-				LDAP_BACK_CONN_BINDING_CLEAR( msc );
-				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
+				if ( mc != NULL ) {
+					ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+					LDAP_BACK_CONN_BINDING_CLEAR( msc );
+					ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+					meta_back_release_conn( mi, mc );
+				}
+
 				return 0;
 			}
 
@@ -734,7 +721,7 @@
 
 			snprintf( buf, sizeof( buf ),
 				"meta_back_dobind[%d]: (%s) err=%d (%s).",
-				i, rootdn ? rootdn : "anonymous",
+				i, isroot ? op->o_bd->be_rootdn.bv_val : "anonymous",
 				rc, ldap_err2string( rc ) );
 			Debug( LDAP_DEBUG_ANY,
 				"%s %s\n",
@@ -756,16 +743,17 @@
 
 			continue;
 		} /* else */
-		
+
+retry_ok:;
 		Debug( LDAP_DEBUG_TRACE,
 			"%s meta_back_dobind[%d]: "
 			"(%s)\n",
 			op->o_log_prefix, i,
-			rootdn ? rootdn : "anonymous" );
+			isroot ? op->o_bd->be_rootdn.bv_val : "anonymous" );
 
 		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
 		LDAP_BACK_CONN_BINDING_CLEAR( msc );
-		if ( rootdn ) {
+		if ( isroot ) {
 			LDAP_BACK_CONN_ISBOUND_SET( msc );
 		} else {
 			LDAP_BACK_CONN_ISANON_SET( msc );
@@ -777,10 +765,10 @@
 done:;
 	Debug( LDAP_DEBUG_TRACE,
 		"%s meta_back_dobind: conn=%ld bound=%d\n",
-		op->o_log_prefix, LDAP_BACK_PCONN_ID( mc->mc_conn ), bound );
+		op->o_log_prefix, LDAP_BACK_PCONN_ID( mc ), bound );
 
 	if ( bound == 0 ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 
 send_err:;
 		if ( sendok & LDAP_BACK_SENDERR ) {
@@ -802,7 +790,7 @@
  * This is a callback used for chasing referrals using the same
  * credentials as the original user on this session.
  */
-static int 
+int 
 meta_back_default_rebind(
 	LDAP			*ld,
 	LDAP_CONST char		*url,
@@ -817,68 +805,240 @@
 			NULL, NULL, NULL );
 }
 
+int
+meta_back_cancel(
+	metaconn_t		*mc,
+	Operation		*op,
+	SlapReply		*rs,
+	ber_int_t		msgid,
+	int			candidate,
+	ldap_back_send_t	sendok )
+{
+	metainfo_t		*mi = (metainfo_t *)op->o_bd->be_private;
+
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+
+	int			rc = LDAP_OTHER;
+
+	Debug( LDAP_DEBUG_TRACE, ">>> %s meta_back_cancel[%d] msgid=%d\n",
+		op->o_log_prefix, candidate, msgid );
+
+	/* default behavior */
+	if ( META_BACK_TGT_ABANDON( mt ) ) {
+		rc = ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
+
+	} else if ( META_BACK_TGT_CANCEL( mt ) ) {
+		rc = ldap_cancel_s( msc->msc_ld, msgid, NULL, NULL );
+
+	} else {
+		assert( 0 );
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "<<< %s meta_back_cancel[%d] err=%d\n",
+		op->o_log_prefix, candidate, rc );
+
+	return rc;
+}
+
+
+
 /*
  * FIXME: error return must be handled in a cleaner way ...
  */
 int
 meta_back_op_result(
-	metaconn_t	*mc,
-	Operation	*op,
-	SlapReply	*rs,
-	int		candidate )
+	metaconn_t		*mc,
+	Operation		*op,
+	SlapReply		*rs,
+	int			candidate,
+	ber_int_t		msgid,
+	time_t			timeout,
+	ldap_back_send_t	sendok )
 {
-	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
 
-	int			i,
-				rerr = LDAP_SUCCESS;
-	char			*rmsg = NULL,
-				*rmatch = NULL;
-	const char		*save_rmsg = NULL,
-				*save_rmatch = NULL;
-	void			*rmatch_ctx = NULL;
+	const char	*save_text = rs->sr_text,
+			*save_matched = rs->sr_matched;
+	BerVarray	save_ref = rs->sr_ref;
+	LDAPControl	**save_ctrls = rs->sr_ctrls;
+	void		*matched_ctx = NULL;
 
+	char		*matched = NULL;
+	char		*text = NULL;
+	char		**refs = NULL;
+	LDAPControl	**ctrls = NULL;
+
+	assert( mc != NULL );
+
+	rs->sr_text = NULL;
+	rs->sr_matched = NULL;
+	rs->sr_ref = NULL;
+	rs->sr_ctrls = NULL;
+
 	if ( candidate != META_TARGET_NONE ) {
+		metatarget_t		*mt = mi->mi_targets[ candidate ];
 		metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
 
-		rs->sr_err = LDAP_SUCCESS;
+#define	ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
 
-		ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err );
-		if ( rs->sr_err != LDAP_SUCCESS ) {
-			/*
-			 * better check the type of error. In some cases
-			 * (search ?) it might be better to return a
-			 * success if at least one of the targets gave
-			 * positive result ...
-			 */
-			ldap_get_option( msc->msc_ld,
-					LDAP_OPT_ERROR_STRING, &rmsg );
-			if ( rmsg != NULL && rmsg[ 0 ] == '\0' ) {
-				ldap_memfree( rmsg );
-				rmsg = NULL;
+		if ( ERR_OK( rs->sr_err ) ) {
+			int		rc;
+			struct timeval	tv;
+			LDAPMessage	*res = NULL;
+			time_t		stoptime = (time_t)(-1);
+			int		timeout_err = op->o_protocol >= LDAP_VERSION3 ?
+						LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+			const char	*timeout_text = "Operation timed out";
+
+			/* if timeout is not specified, compute and use
+			 * the one specific to the ongoing operation */
+			if ( timeout == (time_t)(-1) ) {
+				slap_op_t	opidx = slap_req2op( op->o_tag );
+
+				if ( opidx == SLAP_OP_SEARCH ) {
+					if ( op->ors_tlimit <= 0 ) {
+						timeout = 0;
+
+					} else {
+						timeout = op->ors_tlimit;
+						timeout_err = LDAP_TIMELIMIT_EXCEEDED;
+						timeout_text = NULL;
+					}
+
+				} else {
+					timeout = mt->mt_timeout[ opidx ];
+				}
 			}
 
-			ldap_get_option( msc->msc_ld,
-					LDAP_OPT_MATCHED_DN, &rmatch );
-			if ( rmatch != NULL && rmatch[ 0 ] == '\0' ) {
-				ldap_memfree( rmatch );
-				rmatch = NULL;
+			/* better than nothing :) */
+			if ( timeout == 0 ) {
+				if ( mi->mi_idle_timeout ) {
+					timeout = mi->mi_idle_timeout;
+
+				} else if ( mi->mi_conn_ttl ) {
+					timeout = mi->mi_conn_ttl;
+				}
 			}
 
-			rerr = rs->sr_err = slap_map_api2result( rs );
+			if ( timeout ) {
+				stoptime = op->o_time + timeout;
+			}
 
-			Debug(LDAP_DEBUG_ANY,
-					"==> meta_back_op_result: target"
-					" <%d> sending msg \"%s\""
-					" (matched \"%s\")\n", 
-					candidate, ( rmsg ? rmsg : "" ),
-					( rmatch ? rmatch : "" ) );
+			LDAP_BACK_TV_SET( &tv );
+
+retry:;
+			rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
+			switch ( rc ) {
+			case 0:
+				if ( timeout && slap_get_time() > stoptime ) {
+					(void)meta_back_cancel( mc, op, rs, msgid, candidate, sendok );
+					rs->sr_err = timeout_err;
+					rs->sr_text = timeout_text;
+					break;
+				}
+
+				LDAP_BACK_TV_SET( &tv );
+				ldap_pvt_thread_yield();
+				goto retry;
+
+			case -1:
+				ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
+						&rs->sr_err );
+				break;
+
+
+			/* otherwise get the result; if it is not
+			 * LDAP_SUCCESS, record it in the reply
+			 * structure (this includes 
+			 * LDAP_COMPARE_{TRUE|FALSE}) */
+			default:
+				/* only touch when activity actually took place... */
+				if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+					msc->msc_time = op->o_time;
+				}
+
+				rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
+						&matched, &text, &refs, &ctrls, 1 );
+				res = NULL;
+				rs->sr_text = text;
+				if ( rc != LDAP_SUCCESS ) {
+					rs->sr_err = rc;
+				}
+
+				/* RFC 4511: referrals can only appear
+				 * if result code is LDAP_REFERRAL */
+				if ( refs != NULL
+					&& refs[ 0 ] != NULL
+					&& refs[ 0 ][ 0 ] != '\0' )
+				{
+					if ( rs->sr_err != LDAP_REFERRAL ) {
+						Debug( LDAP_DEBUG_ANY,
+							"%s meta_back_op_result[%d]: "
+							"got referrals with err=%d\n",
+							op->o_log_prefix,
+							candidate, rs->sr_err );
+
+					} else {
+						int	i;
+	
+						for ( i = 0; refs[ i ] != NULL; i++ )
+							/* count */ ;
+						rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
+							op->o_tmpmemctx );
+						for ( i = 0; refs[ i ] != NULL; i++ ) {
+							ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
+						}
+						BER_BVZERO( &rs->sr_ref[ i ] );
+					}
+
+				} else if ( rs->sr_err == LDAP_REFERRAL ) {
+					Debug( LDAP_DEBUG_ANY,
+						"%s meta_back_op_result[%d]: "
+						"got err=%d with null "
+						"or empty referrals\n",
+						op->o_log_prefix,
+						candidate, rs->sr_err );
+
+					rs->sr_err = LDAP_NO_SUCH_OBJECT;
+				}
+
+				if ( ctrls != NULL ) {
+					rs->sr_ctrls = ctrls;
+				}
+			}
+
+			assert( res == NULL );
 		}
 
+		/* if the error in the reply structure is not
+		 * LDAP_SUCCESS, try to map it from client 
+		 * to server error */
+		if ( !ERR_OK( rs->sr_err ) ) {
+			rs->sr_err = slap_map_api2result( rs );
+
+			/* internal ops ( op->o_conn == NULL ) 
+			 * must not reply to client */
+			if ( op->o_conn && !op->o_do_not_cache && matched ) {
+
+				/* record the (massaged) matched
+				 * DN into the reply structure */
+				rs->sr_matched = matched;
+			}
+		}
+
+		if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+			meta_back_quarantine( op, rs, candidate );
+		}
+
 	} else {
+		int	i,
+			err = rs->sr_err;
+
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
 			metasingleconn_t	*msc = &mc->mc_conns[ i ];
-			char			*msg = NULL;
-			char			*match = NULL;
+			char			*xtext = NULL;
+			char			*xmatched = NULL;
 
 			rs->sr_err = LDAP_SUCCESS;
 
@@ -891,89 +1051,417 @@
 				 * positive result ...
 				 */
 				ldap_get_option( msc->msc_ld,
-						LDAP_OPT_ERROR_STRING, &msg );
-				if ( msg != NULL && msg[ 0 ] == '\0' ) {
-					ldap_memfree( msg );
-					msg = NULL;
+						LDAP_OPT_ERROR_STRING, &xtext );
+				if ( xtext != NULL && xtext [ 0 ] == '\0' ) {
+					ldap_memfree( xtext );
+					xtext = NULL;
 				}
 
 				ldap_get_option( msc->msc_ld,
-						LDAP_OPT_MATCHED_DN, &match );
-				if ( match != NULL && match[ 0 ] == '\0' ) {
-					ldap_memfree( match );
-					match = NULL;
+						LDAP_OPT_MATCHED_DN, &xmatched );
+				if ( xmatched != NULL && xmatched[ 0 ] == '\0' ) {
+					ldap_memfree( xmatched );
+					xmatched = NULL;
 				}
 
 				rs->sr_err = slap_map_api2result( rs );
 	
-				Debug(LDAP_DEBUG_ANY,
-						"==> meta_back_op_result: target"
-						" <%d> sending msg \"%s\""
-						" (matched \"%s\")\n", 
-						i, ( msg ? msg : "" ),
-						( match ? match : "" ) );
-	
+				if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+					char	buf[ SLAP_TEXT_BUFLEN ];
+
+					snprintf( buf, sizeof( buf ),
+						"meta_back_op_result[%d] "
+						"err=%d text=\"%s\" matched=\"%s\"", 
+						i, rs->sr_err,
+						( xtext ? xtext : "" ),
+						( xmatched ? xmatched : "" ) );
+					Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+						op->o_log_prefix, buf, 0 );
+				}
+
 				/*
 				 * FIXME: need to rewrite "match" (need rwinfo)
 				 */
 				switch ( rs->sr_err ) {
 				default:
-					rerr = rs->sr_err;
-					if ( msg != NULL ) {
-						if ( rmsg ) {
-							ldap_memfree( rmsg );
+					err = rs->sr_err;
+					if ( xtext != NULL ) {
+						if ( text ) {
+							ldap_memfree( text );
 						}
-						rmsg = msg;
-						msg = NULL;
+						text = xtext;
+						xtext = NULL;
 					}
-					if ( match != NULL ) {
-						if ( rmatch ) {
-							ldap_memfree( rmatch );
+					if ( xmatched != NULL ) {
+						if ( matched ) {
+							ldap_memfree( matched );
 						}
-						rmatch = match;
-						match = NULL;
+						matched = xmatched;
+						xmatched = NULL;
 					}
 					break;
 				}
 
-				if ( msg ) {
-					ldap_memfree( msg );
+				if ( xtext ) {
+					ldap_memfree( xtext );
 				}
 	
-				if ( match ) {
-					ldap_memfree( match );
+				if ( xmatched ) {
+					ldap_memfree( xmatched );
 				}
 			}
+
+			if ( META_BACK_TGT_QUARANTINE( mi->mi_targets[ i ] ) ) {
+				meta_back_quarantine( op, rs, i );
+			}
 		}
+
+		if ( err != LDAP_SUCCESS ) {
+			rs->sr_err = err;
+		}
 	}
-	
-	rs->sr_err = rerr;
-	if ( rmsg != NULL ) {
-		save_rmsg = rs->sr_text;
-		rs->sr_text = rmsg;
-	}
-	if ( rmatch != NULL ) {
+
+	if ( matched != NULL ) {
 		struct berval	dn, pdn;
 
-		ber_str2bv( rmatch, 0, 0, &dn );
+		ber_str2bv( matched, 0, 0, &dn );
 		if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
-			ldap_memfree( rmatch );
-			rmatch_ctx = op->o_tmpmemctx;
-			rmatch = pdn.bv_val;
+			ldap_memfree( matched );
+			matched_ctx = op->o_tmpmemctx;
+			matched = pdn.bv_val;
 		}
-		save_rmatch = rs->sr_matched;
-		rs->sr_matched = rmatch;
+		rs->sr_matched = matched;
 	}
-	send_ldap_result( op, rs );
-	if ( rmsg != NULL ) {
-		ber_memfree( rmsg );
-		rs->sr_text = save_rmsg;
+
+	if ( op->o_conn &&
+		( ( sendok & LDAP_BACK_SENDOK ) 
+			|| ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+	{
+		send_ldap_result( op, rs );
 	}
-	if ( rmatch != NULL ) {
-		ber_memfree_x( rmatch, rmatch_ctx );
-		rs->sr_matched = save_rmatch;
+	if ( matched ) {
+		op->o_tmpfree( (char *)rs->sr_matched, matched_ctx );
 	}
+	if ( text ) {
+		ldap_memfree( text );
+	}
+	if ( rs->sr_ref ) {
+		op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
+		rs->sr_ref = NULL;
+	}
+	if ( refs ) {
+		ber_memvfree( (void **)refs );
+	}
+	if ( ctrls ) {
+		assert( rs->sr_ctrls != NULL );
+		ldap_controls_free( ctrls );
+	}
 
-	return ( ( rerr == LDAP_SUCCESS ) ? 0 : -1 );
+	rs->sr_text = save_text;
+	rs->sr_matched = save_matched;
+	rs->sr_ref = save_ref;
+	rs->sr_ctrls = save_ctrls;
+
+	return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
 }
 
+/*
+ * meta_back_proxy_authz_cred()
+ *
+ * prepares credentials & method for meta_back_proxy_authz_bind();
+ * or, if method is SASL, performs the SASL bind directly.
+ */
+int
+meta_back_proxy_authz_cred(
+	metaconn_t		*mc,
+	int			candidate,
+	Operation		*op,
+	SlapReply		*rs,
+	ldap_back_send_t	sendok,
+	struct berval		*binddn,
+	struct berval		*bindcred,
+	int			*method )
+{
+	metainfo_t		*mi = (metainfo_t *)op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+	struct berval		ndn;
+	int			dobind = 0;
+
+	/* don't proxyAuthz if protocol is not LDAPv3 */
+	switch ( mt->mt_version ) {
+	case LDAP_VERSION3:
+		break;
+
+	case 0:
+		if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+			break;
+		}
+		/* fall thru */
+
+	default:
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		if ( sendok & LDAP_BACK_SENDERR ) {
+			send_ldap_result( op, rs );
+		}
+		LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+		goto done;
+	}
+
+	if ( op->o_tag == LDAP_REQ_BIND ) {
+		ndn = op->o_req_ndn;
+
+	} else if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+		ndn = op->o_conn->c_ndn;
+
+	} else {
+		ndn = op->o_ndn;
+	}
+
+	/*
+	 * FIXME: we need to let clients use proxyAuthz
+	 * otherwise we cannot do symmetric pools of servers;
+	 * we have to live with the fact that a user can
+	 * authorize itself as any ID that is allowed
+	 * by the authzTo directive of the "proxyauthzdn".
+	 */
+	/*
+	 * NOTE: current Proxy Authorization specification
+	 * and implementation do not allow proxy authorization
+	 * control to be provided with Bind requests
+	 */
+	/*
+	 * if no bind took place yet, but the connection is bound
+	 * and the "proxyauthzdn" is set, then bind as 
+	 * "proxyauthzdn" and explicitly add the proxyAuthz 
+	 * control to every operation with the dn bound 
+	 * to the connection as control value.
+	 */
+
+	/* bind as proxyauthzdn only if no idassert mode
+	 * is requested, or if the client's identity
+	 * is authorized */
+	switch ( mt->mt_idassert_mode ) {
+	case LDAP_BACK_IDASSERT_LEGACY:
+		if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
+			if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) && !BER_BVISEMPTY( &mt->mt_idassert_authcDN ) )
+			{
+				*binddn = mt->mt_idassert_authcDN;
+				*bindcred = mt->mt_idassert_passwd;
+				dobind = 1;
+			}
+		}
+		break;
+
+	default:
+		/* NOTE: rootdn can always idassert */
+		if ( BER_BVISNULL( &ndn )
+			&& mt->mt_idassert_authz == NULL
+			&& !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+		{
+			if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+				rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+				if ( sendok & LDAP_BACK_SENDERR ) {
+					send_ldap_result( op, rs );
+				}
+				LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+				goto done;
+
+			}
+
+			rs->sr_err = LDAP_SUCCESS;
+			*binddn = slap_empty_bv;
+			*bindcred = slap_empty_bv;
+			break;
+
+		} else if ( mt->mt_idassert_authz && !be_isroot( op ) ) {
+			struct berval authcDN;
+
+			if ( BER_BVISNULL( &ndn ) ) {
+				authcDN = slap_empty_bv;
+
+			} else {
+				authcDN = ndn;
+			}	
+			rs->sr_err = slap_sasl_matches( op, mt->mt_idassert_authz,
+					&authcDN, &authcDN );
+			if ( rs->sr_err != LDAP_SUCCESS ) {
+				if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+					if ( sendok & LDAP_BACK_SENDERR ) {
+						send_ldap_result( op, rs );
+					}
+					LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+					goto done;
+				}
+
+				rs->sr_err = LDAP_SUCCESS;
+				*binddn = slap_empty_bv;
+				*bindcred = slap_empty_bv;
+				break;
+			}
+		}
+
+		*binddn = mt->mt_idassert_authcDN;
+		*bindcred = mt->mt_idassert_passwd;
+		dobind = 1;
+		break;
+	}
+
+	if ( dobind && mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+		void		*defaults = NULL;
+		struct berval	authzID = BER_BVNULL;
+		int		freeauthz = 0;
+
+		/* if SASL supports native authz, prepare for it */
+		if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
+				( mt->mt_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
+		{
+			switch ( mt->mt_idassert_mode ) {
+			case LDAP_BACK_IDASSERT_OTHERID:
+			case LDAP_BACK_IDASSERT_OTHERDN:
+				authzID = mt->mt_idassert_authzID;
+				break;
+
+			case LDAP_BACK_IDASSERT_ANONYMOUS:
+				BER_BVSTR( &authzID, "dn:" );
+				break;
+
+			case LDAP_BACK_IDASSERT_SELF:
+				if ( BER_BVISNULL( &ndn ) ) {
+					/* connection is not authc'd, so don't idassert */
+					BER_BVSTR( &authzID, "dn:" );
+					break;
+				}
+				authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
+				authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx );
+				AC_MEMCPY( authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
+				AC_MEMCPY( authzID.bv_val + STRLENOF( "dn:" ),
+						ndn.bv_val, ndn.bv_len + 1 );
+				freeauthz = 1;
+				break;
+
+			default:
+				break;
+			}
+		}
+
+		if ( mt->mt_idassert_secprops != NULL ) {
+			rs->sr_err = ldap_set_option( msc->msc_ld,
+				LDAP_OPT_X_SASL_SECPROPS,
+				(void *)mt->mt_idassert_secprops );
+
+			if ( rs->sr_err != LDAP_OPT_SUCCESS ) {
+				rs->sr_err = LDAP_OTHER;
+				if ( sendok & LDAP_BACK_SENDERR ) {
+					send_ldap_result( op, rs );
+				}
+				LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+				goto done;
+			}
+		}
+
+		defaults = lutil_sasl_defaults( msc->msc_ld,
+				mt->mt_idassert_sasl_mech.bv_val,
+				mt->mt_idassert_sasl_realm.bv_val,
+				mt->mt_idassert_authcID.bv_val,
+				mt->mt_idassert_passwd.bv_val,
+				authzID.bv_val );
+
+		rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val,
+				mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
+				LDAP_SASL_QUIET, lutil_sasl_interact,
+				defaults );
+
+		rs->sr_err = slap_map_api2result( rs );
+		if ( rs->sr_err != LDAP_SUCCESS ) {
+			LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+			if ( sendok & LDAP_BACK_SENDERR ) {
+				send_ldap_result( op, rs );
+			}
+
+		} else {
+			LDAP_BACK_CONN_ISBOUND_SET( msc );
+		}
+
+		lutil_sasl_freedefs( defaults );
+		if ( freeauthz ) {
+			slap_sl_free( authzID.bv_val, op->o_tmpmemctx );
+		}
+
+		goto done;
+#endif /* HAVE_CYRUS_SASL */
+	}
+
+	*method = mt->mt_idassert_authmethod;
+	switch ( mt->mt_idassert_authmethod ) {
+	case LDAP_AUTH_NONE:
+		BER_BVSTR( binddn, "" );
+		BER_BVSTR( bindcred, "" );
+		/* fallthru */
+
+	case LDAP_AUTH_SIMPLE:
+		break;
+
+	default:
+		/* unsupported! */
+		LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+		rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+		if ( sendok & LDAP_BACK_SENDERR ) {
+			send_ldap_result( op, rs );
+		}
+		break;
+	}
+
+done:;
+	return rs->sr_err;
+}
+
+static int
+meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+{
+	metainfo_t		*mi = (metainfo_t *)op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+	struct berval		binddn = BER_BVC( "" ),
+				cred = BER_BVC( "" );
+	int			method = LDAP_AUTH_NONE,
+				rc;
+
+	rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, sendok, &binddn, &cred, &method );
+	if ( rc == LDAP_SUCCESS && !LDAP_BACK_CONN_ISBOUND( msc ) ) {
+		int	msgid;
+
+		switch ( method ) {
+		case LDAP_AUTH_NONE:
+		case LDAP_AUTH_SIMPLE:
+			rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+					binddn.bv_val, LDAP_SASL_SIMPLE,
+					&cred, NULL, NULL, &msgid );
+			rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
+			if ( rc == LDAP_SUCCESS ) {
+				/* set rebind stuff in case of successful proxyAuthz bind,
+				 * so that referral chasing is attempted using the right
+				 * identity */
+				LDAP_BACK_CONN_ISBOUND_SET( msc );
+				ber_bvreplace( &msc->msc_bound_ndn, &binddn );
+
+				if ( LDAP_BACK_SAVECRED( mi ) ) {
+					if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+						memset( msc->msc_cred.bv_val, 0,
+							msc->msc_cred.bv_len );
+					}
+					ber_bvreplace( &msc->msc_cred, &cred );
+					ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
+				}
+			}
+			break;
+
+		default:
+			assert( 0 );
+			break;
+		}
+	}
+
+	return LDAP_BACK_CONN_ISBOUND( msc );
+}

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/candidates.c,v 1.12.2.13 2006/04/04 22:34:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/candidates.c,v 1.12.2.15 2007/01/05 09:47:10 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -59,40 +59,38 @@
  */
 int 
 meta_back_is_candidate(
-	struct berval	*nsuffix,
-	int		suffixscope,
-	BerVarray	subtree_exclude,
+	metatarget_t	*mt,
 	struct berval	*ndn,
 	int		scope )
 {
-	if ( dnIsSuffix( ndn, nsuffix ) ) {
-		if ( subtree_exclude ) {
+	if ( dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
+		if ( mt->mt_subtree_exclude ) {
 			int	i;
 
-			for ( i = 0; !BER_BVISNULL( &subtree_exclude[ i ] ); i++ ) {
-				if ( dnIsSuffix( ndn, &subtree_exclude[ i ] ) ) {
+			for ( i = 0; !BER_BVISNULL( &mt->mt_subtree_exclude[ i ] ); i++ ) {
+				if ( dnIsSuffix( ndn, &mt->mt_subtree_exclude[ i ] ) ) {
 					return META_NOT_CANDIDATE;
 				}
 			}
 		}
 
-		switch ( suffixscope ) {
+		switch ( mt->mt_scope ) {
 		case LDAP_SCOPE_SUBTREE:
 		default:
 			return META_CANDIDATE;
 
 		case LDAP_SCOPE_SUBORDINATE:
-			if ( ndn->bv_len > nsuffix->bv_len ) {
+			if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
 				return META_CANDIDATE;
 			}
 			break;
 
 		/* nearly useless; not allowed by config */
 		case LDAP_SCOPE_ONELEVEL:
-			if ( ndn->bv_len > nsuffix->bv_len ) {
+			if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
 				struct berval	rdn = *ndn;
 
-				rdn.bv_len -= nsuffix->bv_len
+				rdn.bv_len -= mt->mt_nsuffix.bv_len
 					+ STRLENOF( "," );
 				if ( dnIsOneLevelRDN( &rdn ) ) {
 					return META_CANDIDATE;
@@ -102,7 +100,7 @@
 
 		/* nearly useless; not allowed by config */
 		case LDAP_SCOPE_BASE:
-			if ( ndn->bv_len == nsuffix->bv_len ) {
+			if ( ndn->bv_len == mt->mt_nsuffix.bv_len ) {
 				return META_CANDIDATE;
 			}
 			break;
@@ -111,7 +109,7 @@
 		return META_NOT_CANDIDATE;
 	}
 
-	if ( scope == LDAP_SCOPE_SUBTREE && dnIsSuffix( nsuffix, ndn ) ) {
+	if ( scope == LDAP_SCOPE_SUBTREE && dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
 		/*
 		 * suffix longer than dn, but common part matches
 		 */
@@ -136,12 +134,10 @@
 {
 	int	i, candidate = META_TARGET_NONE;
 
-	for ( i = 0; i < mi->mi_ntargets; ++i ) {
-		if ( meta_back_is_candidate( &mi->mi_targets[ i ].mt_nsuffix,
-				mi->mi_targets[ i ].mt_scope,
-				mi->mi_targets[ i ].mt_subtree_exclude,
-				ndn, LDAP_SCOPE_BASE ) )
-		{
+	for ( i = 0; i < mi->mi_ntargets; i++ ) {
+		metatarget_t	*mt = mi->mi_targets[ i ];
+
+		if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
 			if ( candidate == META_TARGET_NONE ) {
 				candidate = i;
 
@@ -172,7 +168,7 @@
 		if ( i == candidate ) {
 			continue;
 		}
-		candidates[ i ].sr_tag = META_NOT_CANDIDATE;
+		META_CANDIDATE_RESET( &candidates[ i ] );
 	}
 
 	return 0;
@@ -185,9 +181,23 @@
  */
 int
 meta_clear_one_candidate(
-	metasingleconn_t	*msc )
+	Operation	*op,
+	metaconn_t	*mc,
+	int		candidate )
 {
-	if ( msc->msc_ld ) {
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+
+	if ( msc->msc_ld != NULL ) {
+
+#ifdef DEBUG_205
+		char	buf[ BUFSIZ ];
+
+		snprintf( buf, sizeof( buf ), "meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p",
+			candidate, (void *)mc, (void *)msc->msc_ld );
+		Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+			op ? op->o_log_prefix : "", buf, 0 );
+#endif /* DEBUG_205 */
+
 		ldap_unbind_ext( msc->msc_ld, NULL, NULL );
 		msc->msc_ld = NULL;
 	}
@@ -203,25 +213,8 @@
 		BER_BVZERO( &msc->msc_cred );
 	}
 
-	return 0;
-}
+	msc->msc_mscflags = 0;
 
-/*
- * meta_clear_candidates
- *
- * clears all candidates
- */
-int
-meta_clear_candidates( Operation *op, metaconn_t *mc )
-{
-	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
-	int		c;
-
-	for ( c = 0; c < mi->mi_ntargets; c++ ) {
-		if ( mc->mc_conns[ c ].msc_ld != NULL ) {
-			meta_clear_one_candidate( &mc->mc_conns[ c ] );
-		}
-	}
-
 	return 0;
 }
+

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/compare.c,v 1.30.2.13 2006/01/03 22:16:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/compare.c,v 1.30.2.16 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -34,296 +34,122 @@
 int
 meta_back_compare( Operation *op, SlapReply *rs )
 {
-	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
-	metaconn_t		*mc = NULL;
-	char			*match = NULL,
-				*err = NULL;
-	struct berval		mmatch = BER_BVNULL;
-	int			ncandidates = 0,
-				last = 0,
-				i,
-				count = 0,
-				rc,
-       				cres = LDAP_SUCCESS,
-				rres = LDAP_SUCCESS,
-				*msgid;
-	dncookie		dc;
+	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t	*mt;
+	metaconn_t	*mc;
+	int		rc = 0;
+	int		candidate = -1;
+	struct berval	mdn = BER_BVNULL;
+	dncookie	dc;
+	struct berval	mapped_attr = op->orc_ava->aa_desc->ad_cname;
+	struct berval	mapped_value = op->orc_ava->aa_value;
+	int		msgid;
+	int		do_retry = 1;
+	LDAPControl	**ctrls = NULL;
 
-	SlapReply		*candidates = meta_back_candidates_get( op );
-
-	mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_SENDERR );
+	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
 	if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}
-	
-	msgid = ch_calloc( sizeof( int ), mi->mi_ntargets );
-	if ( msgid == NULL ) {
-		send_ldap_error( op, rs, LDAP_OTHER, NULL );
-		rc = LDAP_OTHER;
-		goto done;
-	}
 
+	assert( mc->mc_conns[ candidate ].msc_ld != NULL );
+
 	/*
-	 * start an asynchronous compare for each candidate target
+	 * Rewrite the modify dn, if needed
 	 */
+	mt = mi->mi_targets[ candidate ];
+	dc.target = mt;
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 	dc.ctx = "compareDN";
 
-	for ( i = 0; i < mi->mi_ntargets; i++ ) {
-		struct berval		mdn = BER_BVNULL;
-		struct berval		mapped_attr = op->orc_ava->aa_desc->ad_cname;
-		struct berval		mapped_value = op->orc_ava->aa_value;
+	switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+	case LDAP_UNWILLING_TO_PERFORM:
+		rc = 1;
+		goto cleanup;
 
-		if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
-			msgid[ i ] = -1;
-			continue;
-		}
+	default:
+		break;
+	}
 
-		/*
-		 * Rewrite the compare dn, if needed
-		 */
-		dc.target = &mi->mi_targets[ i ];
+	/*
+	 * if attr is objectClass, try to remap the value
+	 */
+	if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
+		ldap_back_map( &mt->mt_rwmap.rwm_oc,
+				&op->orc_ava->aa_value,
+				&mapped_value, BACKLDAP_MAP );
 
-		switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
-		case LDAP_UNWILLING_TO_PERFORM:
-			rc = 1;
-			goto finish;
-
-		default:
-			break;
+		if ( BER_BVISNULL( &mapped_value ) || BER_BVISEMPTY( &mapped_value ) ) {
+			goto cleanup;
 		}
 
-		/*
-		 * if attr is objectClass, try to remap the value
-		 */
-		if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
-			ldap_back_map( &mi->mi_targets[ i ].mt_rwmap.rwm_oc,
-					&op->orc_ava->aa_value,
-					&mapped_value, BACKLDAP_MAP );
-
-			if ( BER_BVISNULL( &mapped_value ) || mapped_value.bv_val[0] == '\0' ) {
-				continue;
-			}
-		/*
-		 * else try to remap the attribute
-		 */
-		} else {
-			ldap_back_map( &mi->mi_targets[ i ].mt_rwmap.rwm_at,
-				&op->orc_ava->aa_desc->ad_cname,
-				&mapped_attr, BACKLDAP_MAP );
-			if ( BER_BVISNULL( &mapped_attr ) || mapped_attr.bv_val[0] == '\0' ) {
-				continue;
-			}
-
-			if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
-			{
-				dc.ctx = "compareAttrDN";
-
-				switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
-				{
-				case LDAP_UNWILLING_TO_PERFORM:
-					rc = 1;
-					goto finish;
-
-				default:
-					break;
-				}
-			}
-		}
-		
-		/*
-		 * the compare op is spawned across the targets and the first
-		 * that returns determines the result; a constraint on unicity
-		 * of the result ought to be enforced
-		 */
-		 rc = ldap_compare_ext( mc->mc_conns[ i ].msc_ld, mdn.bv_val,
-				mapped_attr.bv_val, &mapped_value,
-				op->o_ctrls, NULL, &msgid[ i ] );
-
-		if ( mdn.bv_val != op->o_req_dn.bv_val ) {
-			free( mdn.bv_val );
-			BER_BVZERO( &mdn );
-		}
-
-		if ( mapped_attr.bv_val != op->orc_ava->aa_desc->ad_cname.bv_val ) {
-			free( mapped_attr.bv_val );
-			BER_BVZERO( &mapped_attr );
-		}
-
-		if ( mapped_value.bv_val != op->orc_ava->aa_value.bv_val ) {
-			free( mapped_value.bv_val );
-			BER_BVZERO( &mapped_value );
-		}
-
-		if ( rc != LDAP_SUCCESS ) {
-			/* FIXME: what should we do with the error? */
-			continue;
-		}
-
-		++ncandidates;
-	}
-
 	/*
-	 * wait for replies
+	 * else try to remap the attribute
 	 */
-	for ( rc = 0, count = 0; ncandidates > 0; ) {
+	} else {
+		ldap_back_map( &mt->mt_rwmap.rwm_at,
+			&op->orc_ava->aa_desc->ad_cname,
+			&mapped_attr, BACKLDAP_MAP );
+		if ( BER_BVISNULL( &mapped_attr ) || BER_BVISEMPTY( &mapped_attr ) ) {
+			goto cleanup;
+		}
 
-		/*
-		 * FIXME: should we check for abandon?
-		 */
-		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			metasingleconn_t	*msc = &mc->mc_conns[ i ];
-			int			lrc;
-			LDAPMessage		*res = NULL;
-			struct timeval		tv;
+		if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+		{
+			dc.ctx = "compareAttrDN";
 
-			LDAP_BACK_TV_SET( &tv );
+			switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
+			{
+			case LDAP_UNWILLING_TO_PERFORM:
+				rc = 1;
+				goto cleanup;
 
-			if ( msgid[ i ] == -1 ) {
-				continue;
-			}
-
-			lrc = ldap_result( msc->msc_ld, msgid[ i ],
-					LDAP_MSG_ALL, &tv, &res );
-
-			if ( lrc == 0 ) {
-				assert( res == NULL );
-				continue;
-
-			} else if ( lrc == -1 ) {
-				/* we do not retry in this case;
-				 * only for unique operations... */
-				ldap_get_option( msc->msc_ld,
-					LDAP_OPT_ERROR_NUMBER, &rs->sr_err );
-				rres = slap_map_api2result( rs );
-				rres = rc;
-				rc = -1;
-				goto finish;
-
-			} else if ( lrc == LDAP_RES_COMPARE ) {
-				if ( count > 0 ) {
-					rres = LDAP_OTHER;
-					rc = -1;
-					goto finish;
-				}
-
-				rc = ldap_parse_result( msc->msc_ld, res,
-						&rs->sr_err,
-						NULL, NULL, NULL, NULL, 1 );
-				if ( rc != LDAP_SUCCESS ) {
-					rres = rc;
-					rc = -1;
-					goto finish;
-				}
-				
-				switch ( rs->sr_err ) {
-				case LDAP_COMPARE_TRUE:
-				case LDAP_COMPARE_FALSE:
-
-					/*
-					 * true or false, got it;
-					 * sending to cache ...
-					 */
-					if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
-						( void )meta_dncache_update_entry( &mi->mi_cache, &op->o_req_ndn, i );
-					}
-
-					count++;
-					rc = 0;
-					break;
-
-				default:
-					rres = slap_map_api2result( rs );
-
-					if ( err != NULL ) {
-						free( err );
-					}
-					ldap_get_option( msc->msc_ld,
-						LDAP_OPT_ERROR_STRING, &err );
-
-					if ( match != NULL ) {
-						free( match );
-					}
-					ldap_get_option( msc->msc_ld,
-						LDAP_OPT_MATCHED_DN, &match );
-					
-					last = i;
-					break;
-				}
-				msgid[ i ] = -1;
-				--ncandidates;
-
-			} else {
-				msgid[ i ] = -1;
-				--ncandidates;
-				if ( res ) {
-					ldap_msgfree( res );
-				}
+			default:
 				break;
 			}
 		}
 	}
 
-finish:;
+retry:;
+	ctrls = op->o_ctrls;
+	rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+	if ( rc != LDAP_SUCCESS ) {
+		send_ldap_result( op, rs );
+		goto cleanup;
+	}
 
-	/*
-	 * Rewrite the matched portion of the search base, if required
-	 * 
-	 * FIXME: only the last one gets caught!
-	 */
-	if ( count == 1 ) {
-		if ( match != NULL ) {
-			free( match );
-			match = NULL;
-		}
-		
-		/*
-		 * the result of the compare is assigned to the res code
-		 * that will be returned
-		 */
-		rres = cres;
-		
-		/*
-		 * At least one compare failed with matched portion,
-		 * and none was successful
-		 */
-	} else if ( match != NULL && match[ 0 ] != '\0' ) {
-		struct berval matched, pmatched;
+	rs->sr_err = ldap_compare_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+			mapped_attr.bv_val, &mapped_value,
+			ctrls, NULL, &msgid );
 
-		ber_str2bv( match, 0, 0, &matched );
-
-		dc.ctx = "matchedDN";
-		ldap_back_dn_massage( &dc, &matched, &mmatch );
-		if ( dnPretty( NULL, &mmatch, &pmatched, NULL ) == LDAP_SUCCESS ) {
-			if ( mmatch.bv_val != match ) {
-				free( mmatch.bv_val );
-			}
-			mmatch = pmatched;
+	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+		mt->mt_timeout[ SLAP_OP_COMPARE ], LDAP_BACK_SENDRESULT );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+		do_retry = 0;
+		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+			goto retry;
 		}
 	}
 
-	if ( rres != LDAP_SUCCESS ) {
-		rs->sr_err = rres;
+cleanup:;
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
+	if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+		free( mdn.bv_val );
 	}
-	rs->sr_matched = mmatch.bv_val;
-	send_ldap_result( op, rs );
-	rs->sr_matched = NULL;
 
-	if ( match != NULL ) {
-		if ( mmatch.bv_val != match ) {
-			free( mmatch.bv_val );
-		}
-		free( match );
+	if ( op->orc_ava->aa_value.bv_val != mapped_value.bv_val ) {
+		free( mapped_value.bv_val );
 	}
 
-	if ( msgid ) {
-		free( msgid );
+	if ( mc ) {
+		meta_back_release_conn( mi, mc );
 	}
 
-done:;
-	meta_back_release_conn( op, mc );
-
-	return rc;
+	return rs->sr_err;
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.21 2006/05/09 20:00:37 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.24 2007/01/27 23:56:43 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -36,19 +36,21 @@
 
 static int
 meta_back_new_target( 
-	metatarget_t	*mt )
+	metatarget_t	**mtp )
 {
-        struct ldapmapping	*mapping;
 	char			*rargv[ 3 ];
+	metatarget_t		*mt;
 
-	memset( mt, 0, sizeof( metatarget_t ) );
+	*mtp = NULL;
 
+	mt = ch_calloc( sizeof( metatarget_t ), 1 );
+
 	mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
 	if ( mt->mt_rwmap.rwm_rw == NULL ) {
-                return -1;
+		ch_free( mt );
+		return -1;
 	}
 
-
 	/*
 	 * the filter rewrite as a string must be disabled
 	 * by default; it can be re-enabled by adding rules;
@@ -64,8 +66,17 @@
 	rargv[ 2 ] = NULL;
 	rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
 
-	ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
+	ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
 
+	mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+	mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
+	mt->mt_idassert_tls = SB_TLS_DEFAULT;
+
+	/* by default, use proxyAuthz control on each operation */
+	mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+	*mtp = mt;
+
 	return 0;
 }
 
@@ -107,6 +118,8 @@
 		struct berval	dn;
 		int		rc;
 		int		c;
+
+		metatarget_t	*mt;
 		
 		switch ( argc ) {
 		case 1:
@@ -136,8 +149,8 @@
 		
 		++mi->mi_ntargets;
 
-		mi->mi_targets = ( metatarget_t * )ch_realloc( mi->mi_targets, 
-			sizeof( metatarget_t ) * mi->mi_ntargets );
+		mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets, 
+			sizeof( metatarget_t * ) * mi->mi_ntargets );
 		if ( mi->mi_targets == NULL ) {
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: out of memory while storing server name"
@@ -154,19 +167,29 @@
 			return 1;
 		}
 
-		mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
-		mi->mi_targets[ i ].mt_flags = mi->mi_flags;
-		mi->mi_targets[ i ].mt_version = mi->mi_version;
-		mi->mi_targets[ i ].mt_network_timeout = mi->mi_network_timeout;
-		mi->mi_targets[ i ].mt_bind_timeout = mi->mi_bind_timeout;
-		for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
-			mi->mi_targets[ i ].mt_timeout[ c ] = mi->mi_timeout[ c ];
+		mt = mi->mi_targets[ i ];
+
+		mt->mt_rebind_f = mi->mi_rebind_f;
+		mt->mt_urllist_p = mt;
+
+		mt->mt_nretries = mi->mi_nretries;
+		mt->mt_quarantine = mi->mi_quarantine;
+		if ( META_BACK_QUARANTINE( mi ) ) {
+			ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
 		}
+		mt->mt_flags = mi->mi_flags;
+		mt->mt_version = mi->mi_version;
+		mt->mt_network_timeout = mi->mi_network_timeout;
+		mt->mt_bind_timeout = mi->mi_bind_timeout;
+		for ( c = 0; c < SLAP_OP_LAST; c++ ) {
+			mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
+		}
 
 		/*
 		 * uri MUST be legal!
 		 */
-		if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS ) {
+		if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS )
+		{
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: unable to parse URI"
 	" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@@ -206,8 +229,8 @@
 		 * copies and stores uri and suffix
 		 */
 		ber_str2bv( ludp->lud_dn, 0, 0, &dn );
-		rc = dnPrettyNormal( NULL, &dn, &mi->mi_targets[ i ].mt_psuffix,
-			&mi->mi_targets[ i ].mt_nsuffix, NULL );
+		rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
+			&mt->mt_nsuffix, NULL );
 		if( rc != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
 				"target \"%s\" DN is invalid\n",
@@ -219,12 +242,12 @@
 
 		switch ( ludp->lud_scope ) {
 		case LDAP_SCOPE_DEFAULT:
-			mi->mi_targets[ i ].mt_scope = LDAP_SCOPE_SUBTREE;
+			mt->mt_scope = LDAP_SCOPE_SUBTREE;
 			break;
 
 		case LDAP_SCOPE_SUBTREE:
 		case LDAP_SCOPE_SUBORDINATE:
-			mi->mi_targets[ i ].mt_scope = ludp->lud_scope;
+			mt->mt_scope = ludp->lud_scope;
 			break;
 
 		default:
@@ -246,9 +269,9 @@
 			}
 		}
 
-		mi->mi_targets[ i ].mt_uri = ldap_url_list2urls( ludp );
+		mt->mt_uri = ldap_url_list2urls( ludp );
 		ldap_free_urllist( ludp );
-		if ( mi->mi_targets[ i ].mt_uri == NULL) {
+		if ( mt->mt_uri == NULL) {
 			Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
 				fname, lineno, 0 );
 			return( 1 );
@@ -258,7 +281,7 @@
 		 * uri MUST be a branch of suffix!
 		 */
 #if 0 /* too strict a constraint */
-		if ( select_backend( &mi->mi_targets[ i ].suffix, 0, 0 ) != be ) {
+		if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: <naming context> of URI does not refer to current backend"
 	" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@@ -269,7 +292,7 @@
 		/*
 		 * uri MUST be a branch of a suffix!
 		 */
-		if ( select_backend( &mi->mi_targets[ i ].mt_nsuffix, 0, 0 ) == NULL ) {
+		if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: <naming context> of URI does not resolve to a backend"
 	" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@@ -317,7 +340,7 @@
 			return( 1 );
 		}
 
-		if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ].mt_nsuffix ) ) {
+		if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
 			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
 					"subtree-exclude DN=\"%s\" "
 					"must be subtree of target\n",
@@ -326,12 +349,12 @@
 			return( 1 );
 		}
 
-		if ( mi->mi_targets[ i ].mt_subtree_exclude != NULL ) {
+		if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
 			int		j;
 
-			for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ].mt_subtree_exclude[ j ] ); j++ )
+			for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
 			{
-				if ( dnIsSuffix( &mi->mi_targets[ i ].mt_subtree_exclude[ j ], &ndn ) ) {
+				if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
 					Debug( LDAP_DEBUG_ANY, "%s: line %d: "
 							"subtree-exclude DN=\"%s\" "
 							"is suffix of another subtree-exclude\n",
@@ -341,7 +364,7 @@
 					ber_memfree( ndn.bv_val );
 					return( 1 );
 
-				} else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ].mt_subtree_exclude[ j ] ) ) {
+				} else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
 					Debug( LDAP_DEBUG_ANY, "%s: line %d: "
 							"another subtree-exclude is suffix of "
 							"subtree-exclude DN=\"%s\"\n",
@@ -352,7 +375,7 @@
 			}
 		}
 
-		ber_bvarray_add( &mi->mi_targets[ i ].mt_subtree_exclude, &ndn );
+		ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
 
 	/* default target directive */
 	} else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
@@ -423,7 +446,7 @@
 	} else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
 		unsigned long	t;
 		time_t		*tp = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_network_timeout
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
 				: &mi->mi_network_timeout;
 
 		if ( argc != 2 ) {
@@ -505,7 +528,7 @@
 	} else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
 		unsigned long	t;
 		struct timeval	*tp = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_bind_timeout
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
 				: &mi->mi_bind_timeout;
 
 		switch ( argc ) {
@@ -564,7 +587,7 @@
 		}
 
 		ber_str2bv( argv[ 1 ], 0, 0, &dn );
-		if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ].mt_binddn,
+		if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
 			NULL ) != LDAP_SUCCESS )
 		{
 			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
@@ -601,7 +624,7 @@
 			/* FIXME: some day we'll need to throw an error */
 		}
 
-		ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_bindpw );
+		ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
 		
 	/* save bind creds for referral rebinds? */
 	} else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
@@ -638,7 +661,7 @@
 
 	} else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
 		unsigned	*flagsp = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
 				: &mi->mi_flags;
 
 		if ( argc != 2 ) {
@@ -667,7 +690,7 @@
 	
 	} else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
 		unsigned	*flagsp = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
 				: &mi->mi_flags;
 
 		if ( argc != 2 ) {
@@ -704,7 +727,7 @@
 
 	} else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
 		unsigned	*flagsp = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
 				: &mi->mi_flags;
 
 		if ( argc != 2 ) {
@@ -716,16 +739,16 @@
 
 		switch ( check_true_false( argv[ 1 ] ) ) {
 		case 0:
-			*flagsp &= ~(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER);
+			*flagsp &= ~LDAP_BACK_F_T_F_MASK2;
 			break;
 
 		case 1:
-			*flagsp |= LDAP_BACK_F_SUPPORT_T_F;
+			*flagsp |= LDAP_BACK_F_T_F;
 			break;
 
 		default:
 			if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
-				*flagsp |= LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
+				*flagsp |= LDAP_BACK_F_T_F_DISCOVER;
 
 			} else {
 				Debug( LDAP_DEBUG_ANY,
@@ -740,29 +763,34 @@
 	} else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
 		if ( argc != 2 ) {
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
+	"%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
 				fname, lineno, 0 );
 			return( 1 );
 		}
 
 		if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
-			mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
+			mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
 
 		} else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
 			mi->mi_flags |= META_BACK_F_ONERR_STOP;
 
+		} else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
+			mi->mi_flags |= META_BACK_F_ONERR_REPORT;
+
 		} else {
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
+	"%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
 				fname, lineno, argv[ 1 ] );
 			return 1;
 		}
 
 	/* bind-defer? */
-	} else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0 ) {
+	} else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
+		|| strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
+	{
 		if ( argc != 2 ) {
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\" takes 1 argument\n",
+	"%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
 				fname, lineno, 0 );
 			return( 1 );
 		}
@@ -778,21 +806,148 @@
 
 		default:
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
+	"%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
 				fname, lineno, argv[ 1 ] );
 			return 1;
 		}
 
+	/* single-conn? */
+	} else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		if ( mi->mi_ntargets > 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"single-conn\" must appear before target definitions\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		switch ( check_true_false( argv[ 1 ] ) ) {
+		case 0:
+			mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
+			break;
+
+		case 1:
+			mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
+			break;
+
+		default:
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
+				fname, lineno, argv[ 1 ] );
+			return 1;
+		}
+
+	/* use-temporaries? */
+	} else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		if ( mi->mi_ntargets > 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		switch ( check_true_false( argv[ 1 ] ) ) {
+		case 0:
+			mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+			break;
+
+		case 1:
+			mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+			break;
+
+		default:
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
+				fname, lineno, argv[ 1 ] );
+			return 1;
+		}
+
+	/* privileged connections pool max size ? */
+	} else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		if ( mi->mi_ntargets > 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
+			|| mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
+			|| mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
+		{
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
+				fname, lineno, argv[ 1 ] );
+			return 1;
+		}
+
+	} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
+		unsigned 	flag = 0;
+		unsigned	*flagsp = mi->mi_ntargets ?
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+				: &mi->mi_flags;
+
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
+			flag = LDAP_BACK_F_CANCEL_ABANDON;
+
+#if 0	/* needs ldap_int_discard(), 2.4 */
+		} else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
+			flag = LDAP_BACK_F_CANCEL_IGNORE;
+#endif
+
+		} else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
+			flag = LDAP_BACK_F_CANCEL_EXOP;
+
+		} else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
+			flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
+
+		} else {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
+				fname, lineno, argv[ 1 ] );
+			return( 1 );
+		}
+
+		*flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
+		*flagsp |= flag;
+
 	} else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
 		char	*sep;
 		time_t	*tv = mi->mi_ntargets ?
-				mi->mi_targets[ mi->mi_ntargets - 1 ].mt_timeout
+				mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
 				: mi->mi_timeout;
 		int	c;
 
 		if ( argc < 2 ) {
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"timeout [{add|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
+	"%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
 				fname, lineno, 0 );
 			return( 1 );
 		}
@@ -805,19 +960,31 @@
 			if ( sep != NULL ) {
 				size_t	len = sep - argv[ c ];
 
-				if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
-					t = &tv[ LDAP_BACK_OP_ADD ];
+				if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
+					t = &tv[ SLAP_OP_BIND ];
+				/* unbind makes little sense */
+				} else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
+					t = &tv[ SLAP_OP_ADD ];
 				} else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
-					t = &tv[ LDAP_BACK_OP_DELETE ];
+					t = &tv[ SLAP_OP_DELETE ];
+				} else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
+					t = &tv[ SLAP_OP_MODRDN ];
 				} else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
-					t = &tv[ LDAP_BACK_OP_MODIFY ];
-				} else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
-					t = &tv[ LDAP_BACK_OP_MODRDN ];
+					t = &tv[ SLAP_OP_MODIFY ];
+				} else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
+					t = &tv[ SLAP_OP_COMPARE ];
+				} else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
+					t = &tv[ SLAP_OP_SEARCH ];
+				/* abandon makes little sense */
+#if 0				/* not implemented yet */
+				} else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
+					t = &tv[ SLAP_OP_EXTENDED ];
+#endif
 				} else {
 					char	buf[ SLAP_TEXT_BUFLEN ];
 					snprintf( buf, sizeof( buf ),
-						"unknown operation \"%s\" for timeout #%d",
-						argv[ c ], c );
+						"unknown/unhandled operation \"%s\" for timeout #%d",
+						argv[ c ], c - 1 );
 					Debug( LDAP_DEBUG_ANY,
 						"%s: line %d: %s.\n",
 						fname, lineno, buf );
@@ -842,7 +1009,7 @@
 			} else {
 				int	i;
 	
-				for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+				for ( i = 0; i < SLAP_OP_LAST; i++ ) {
 					tv[ i ] = (time_t)val;
 				}
 			}
@@ -851,7 +1018,6 @@
 	/* name to use as pseudo-root dn */
 	} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
 		int 		i = mi->mi_ntargets - 1;
-		struct berval	dn;
 
 		if ( i < 0 ) {
 			Debug( LDAP_DEBUG_ANY,
@@ -867,15 +1033,74 @@
 			return 1;
 		}
 
-		dn.bv_val = argv[ 1 ];
-		dn.bv_len = strlen( argv[ 1 ] );
-		if ( dnNormalize( 0, NULL, NULL, &dn,
-			&mi->mi_targets[ i ].mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
+		/*
+		 * exact replacement:
+		 *
+
+idassert-bind	bindmethod=simple
+		binddn=<pseudorootdn>
+		credentials=<pseudorootpw>
+		mode=none
+		flags=non-prescriptive
+idassert-authzFrom	"dn:<rootdn>"
+
+		 * so that only when authc'd as <rootdn> the proxying occurs
+		 * rebinding as the <pseudorootdn> without proxyAuthz.
+		 */
+
+		Debug( LDAP_DEBUG_ANY,
+			"%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
+			"use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
+			fname, lineno, 0 );
+
 		{
-			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
-					"pseudoroot DN '%s' is invalid\n",
-					fname, lineno, argv[ 1 ] );
-			return( 1 );
+			char	binddn[ SLAP_TEXT_BUFLEN ];
+			char	*cargv[] = {
+				"idassert-bind",
+				"bindmethod=simple",
+				NULL,
+				"mode=none",
+				"flags=non-prescriptive",
+				NULL
+			};
+			int	cargc = 5;
+			int	rc;
+
+			if ( BER_BVISNULL( &be->be_rootndn ) ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
+					fname, lineno, 0 );
+				return 1;
+			}
+
+			if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
+					fname, lineno, 0 );
+				return 1;
+			}
+			cargv[ 2 ] = binddn;
+
+			rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+			if ( rc == 0 ) {
+				struct berval	bv;
+
+				if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
+					Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
+						fname, lineno, 0 );
+					ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
+					mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
+				}
+
+				assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
+
+				bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
+				bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+				AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
+				AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
+
+				ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
+			}
+
+			return rc;
 		}
 
 	/* password to use as pseudo-root */
@@ -895,7 +1120,121 @@
 			    fname, lineno, 0 );
 			return 1;
 		}
-		ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_pseudorootpw );
+
+		Debug( LDAP_DEBUG_ANY,
+			"%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
+			"use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
+			fname, lineno, 0 );
+
+		if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
+			Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
+			memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
+				mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
+			ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
+		}
+		ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
+
+	/* idassert-bind */
+	} else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
+		if ( mi->mi_ntargets == 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: \"idassert-bind\" "
+				"must appear inside a target specification.\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+
+	/* idassert-authzFrom */
+	} else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
+		if ( mi->mi_ntargets == 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: \"idassert-bind\" "
+				"must appear inside a target specification.\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		switch ( argc ) {
+		case 2:
+			break;
+
+		case 1:
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
+				fname, lineno, 0 );
+			return 1;
+
+		default:
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+
+	/* quarantine */
+	} else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
+		char			buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+		slap_retry_info_t	*ri = mi->mi_ntargets ?
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
+				: &mi->mi_quarantine;
+
+		if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
+			|| ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
+		{
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: quarantine already defined.\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		switch ( argc ) {
+		case 2:
+			break;
+
+		case 1:
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
+				fname, lineno, 0 );
+			return 1;
+
+		default:
+			Debug( LDAP_DEBUG_ANY,
+				"%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
+				fname, lineno, 0 );
+			return 1;
+		}
+
+		if ( ri != &mi->mi_quarantine ) {
+			ri->ri_interval = NULL;
+			ri->ri_num = NULL;
+		}
+
+		if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
+			ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
+		}
+
+		if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s line %d: %s.\n",
+				fname, lineno, buf );
+			return 1;
+		}
+
+		if ( mi->mi_ntargets ) {
+			mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
+
+		} else {
+			mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
+		}
 	
 	/* dn massaging */
 	} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
@@ -978,7 +1317,7 @@
 		 * FIXME: no extra rewrite capabilities should be added
 		 * to the database
 		 */
-	 	rc = suffix_massage_config( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
+	 	rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
 				&pvnc, &nvnc, &prnc, &nrnc );
 
 		free( pvnc.bv_val );
@@ -999,7 +1338,7 @@
 			return 1;
 		}
 		
- 		return rewrite_parse( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
+ 		return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
 				fname, lineno, argc, argv );
 
 	/* objectclass/attribute mapping */
@@ -1013,8 +1352,8 @@
 			return 1;
 		}
 
-		return ldap_back_map_config( &mi->mi_targets[ i ].mt_rwmap.rwm_oc, 
-				&mi->mi_targets[ i ].mt_rwmap.rwm_at,
+		return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc, 
+				&mi->mi_targets[ i ]->mt_rwmap.rwm_at,
 				fname, lineno, argc, argv );
 
 	} else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
@@ -1047,12 +1386,12 @@
 			mi->mi_nretries = nretries;
 
 		} else {
-			mi->mi_targets[ i ].mt_nretries = nretries;
+			mi->mi_targets[ i ]->mt_nretries = nretries;
 		}
 
 	} else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
 		int	*version = mi->mi_ntargets ?
-				&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_version
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
 				: &mi->mi_version;
 
 		if ( argc != 2 ) {
@@ -1122,7 +1461,7 @@
 	if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
 		if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
 			map->drop_missing = ( argc < 4 );
-			return 0;
+			goto success_return;
 		}
 		src = dst = argv[ 3 ];
 
@@ -1136,7 +1475,7 @@
 	}
 
 	if ( ( map == at_map )
-			&& ( strcasecmp( src, "objectclass" ) == 0
+		&& ( strcasecmp( src, "objectclass" ) == 0
 			|| strcasecmp( dst, "objectclass" ) == 0 ) )
 	{
 		Debug( LDAP_DEBUG_ANY,
@@ -1264,6 +1603,12 @@
 	avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
 				mapping_cmp, mapping_dup );
 
+success_return:;
+	if ( !is_oc && map->map == NULL ) {
+		/* only init if required */
+		ldap_back_map_init( map, &mapping );
+	}
+
 	return 0;
 
 error_return:;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.22 2006/05/09 20:00:37 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.28 2007/01/27 23:56:43 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -35,11 +35,6 @@
 #include "back-meta.h"
 
 /*
- * Set PRINT_CONNTREE larger than 0 to dump the connection tree (debug only)
- */
-#define PRINT_CONNTREE 0
-
-/*
  * meta_back_conndn_cmp
  *
  * compares two struct metaconn based on the value of the conn pointer
@@ -143,46 +138,79 @@
 /*
  * Debug stuff (got it from libavl)
  */
-#if PRINT_CONNTREE > 0
+#if META_BACK_PRINT_CONNTREE > 0
 static void
-ravl_print( Avlnode *root, int depth )
+meta_back_ravl_print( Avlnode *root, int depth )
 {
 	int     	i;
-	metaconn_t	*mc = (metaconn_t *)root->avl_data;
+	metaconn_t	*mc;
 	
 	if ( root == 0 ) {
 		return;
 	}
 	
-	ravl_print( root->avl_right, depth + 1 );
+	meta_back_ravl_print( root->avl_right, depth + 1 );
 	
 	for ( i = 0; i < depth; i++ ) {
-		printf( "    " );
+		fprintf( stderr, "-" );
 	}
 
-	printf( "c(%d%s%s) %d\n",
-		LDAP_BACK_PCONN_ID( mc->mc_conn ),
-		BER_BVISNULL( &mc->mc_local_ndn ) ? "" : ": ",
-		BER_BVISNULL( &mc->mc_local_ndn ) ? "" : mc->mc_local_ndn.bv_val,
-		root->avl_bf );
+	mc = (metaconn_t *)root->avl_data;
+	fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d%s\n",
+		(void *)mc,
+		mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+		(void *)mc->mc_conn,
+		avl_bf2str( root->avl_bf ), mc->mc_refcnt,
+		LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "" );
 	
-	ravl_print( root->avl_left, depth + 1 );
+	meta_back_ravl_print( root->avl_left, depth + 1 );
 }
 
-static void
-myprint( Avlnode *root )
+/* NOTE: duplicate from back-ldap/bind.c */
+static char* priv2str[] = {
+	"privileged",
+	"privileged/TLS",
+	"anonymous",
+	"anonymous/TLS",
+	"bind",
+	"bind/TLS",
+	NULL
+};
+
+void
+meta_back_print_conntree( metainfo_t *mi, char *msg )
 {
-	printf( "********\n" );
+	int	c;
+
+	fprintf( stderr, "========> %s\n", msg );
 	
-	if ( root == 0 ) {
-		printf( "\tNULL\n" );
+	for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+		int		i = 0;
+		metaconn_t	*mc;
+
+		fprintf( stderr, "  %s[%d]\n", priv2str[ c ], mi->mi_conn_priv[ c ].mic_num );
+
+		LDAP_TAILQ_FOREACH( mc, &mi->mi_conn_priv[ c ].mic_priv, mc_q )
+		{
+			fprintf( stderr, "    [%d] mc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+				i,
+				(void *)mc,
+				mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+				(void *)mc->mc_conn, mc->mc_refcnt, mc->msc_mscflags );
+			i++;
+		}
+	}
+	
+	if ( mi->mi_conninfo.lai_tree == NULL ) {
+		fprintf( stderr, "\t(empty)\n" );
+
 	} else {
-		ravl_print( root, 0 );
+		meta_back_ravl_print( mi->mi_conninfo.lai_tree, 0 );
 	}
 	
-	printf( "********\n" );
+	fprintf( stderr, "<======== %s\n", msg );
 }
-#endif /* PRINT_CONNTREE */
+#endif /* META_BACK_PRINT_CONNTREE */
 /*
  * End of debug stuff
  */
@@ -198,51 +226,25 @@
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
 	metaconn_t	*mc;
-	int		i, ntargets = mi->mi_ntargets;
+	int		ntargets = mi->mi_ntargets;
 
 	assert( ntargets > 0 );
 
 	/* malloc all in one */
-	mc = ( metaconn_t * )ch_malloc( sizeof( metaconn_t )
-			+ sizeof( metasingleconn_t ) * ntargets );
+	mc = ( metaconn_t * )ch_calloc( 1, sizeof( metaconn_t )
+		+ sizeof( metasingleconn_t ) * ( ntargets - 1 ) );
 	if ( mc == NULL ) {
 		return NULL;
 	}
 
-	for ( i = 0; i < ntargets; i++ ) {
-		mc->mc_conns[ i ].msc_ld = NULL;
-		BER_BVZERO( &mc->mc_conns[ i ].msc_bound_ndn );
-		BER_BVZERO( &mc->mc_conns[ i ].msc_cred );
-		mc->mc_conns[ i ].msc_mscflags = 0;
-		mc->mc_conns[ i ].msc_info = mi;
-	}
+	mc->mc_info = mi;
 
-	BER_BVZERO( &mc->mc_local_ndn );
-	mc->msc_mscflags = 0;
 	mc->mc_authz_target = META_BOUND_NONE;
 	mc->mc_refcnt = 1;
 
 	return mc;
 }
 
-static void
-meta_back_freeconn(
-	Operation	*op,
-	metaconn_t	*mc )
-{
-	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
-
-	assert( mc != NULL );
-
-	ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-
-	if ( --mc->mc_refcnt == 0 ) {
-		meta_back_conn_free( mc );
-	}
-
-	ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-}
-
 /*
  * meta_back_init_one_conn
  * 
@@ -252,31 +254,134 @@
 meta_back_init_one_conn(
 	Operation		*op,
 	SlapReply		*rs,
-	metatarget_t		*mt, 
 	metaconn_t		*mc,
 	int			candidate,
 	int			ispriv,
-	ldap_back_send_t	sendok )
+	ldap_back_send_t	sendok,
+	int			dolock )
 {
 	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
 	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
 	int			version;
 	dncookie		dc;
 	int			isauthz = ( candidate == mc->mc_authz_target );
+	int			do_return = 0;
+#ifdef HAVE_TLS
+	int			is_ldaps = 0;
+#endif /* HAVE_TLS */
 
+	/* if the server is quarantined, and
+	 * - the current interval did not expire yet, or
+	 * - no more retries should occur,
+	 * don't return the connection */
+	if ( mt->mt_isquarantined ) {
+		slap_retry_info_t	*ri = &mt->mt_quarantine;
+		int			dont_retry = 1;
+
+		if ( mt->mt_quarantine.ri_interval ) {
+			ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+			if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
+				dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+					|| slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+				if ( !dont_retry ) {
+					if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+						char	buf[ SLAP_TEXT_BUFLEN ];
+
+						snprintf( buf, sizeof( buf ),
+							"meta_back_init_one_conn[%d]: quarantine "
+							"retry block #%d try #%d",
+							candidate, ri->ri_idx, ri->ri_count );
+						Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+							op->o_log_prefix, buf, 0 );
+					}
+				}
+
+				mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
+			}
+			ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
+		}
+
+		if ( dont_retry ) {
+			rs->sr_err = LDAP_UNAVAILABLE;
+			if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+				rs->sr_text = "Target is quarantined";
+				send_ldap_result( op, rs );
+			}
+			return rs->sr_err;
+		}
+	}
+
+retry_lock:;
+	if ( dolock ) {
+		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+	}
+
 	/*
 	 * Already init'ed
 	 */
-	if ( msc->msc_ld != NULL ) {
-		return rs->sr_err = LDAP_SUCCESS;
+	if ( LDAP_BACK_CONN_ISBOUND( msc )
+		|| LDAP_BACK_CONN_ISANON( msc ) )
+	{
+		assert( msc->msc_ld != NULL );
+		rs->sr_err = LDAP_SUCCESS;
+		do_return = 1;
+
+	} else if ( META_BACK_CONN_CREATING( msc )
+		|| LDAP_BACK_CONN_BINDING( msc ) )
+	{
+		if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+			if ( dolock ) {
+				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+			}
+
+			ldap_pvt_thread_yield();
+			goto retry_lock;
+		}
+
+		/* sounds more appropriate */
+		rs->sr_err = LDAP_BUSY;
+		rs->sr_text = "No connections to target are available";
+		do_return = 1;
+
+	} else if ( META_BACK_CONN_INITED( msc ) ) {
+		assert( msc->msc_ld != NULL );
+		rs->sr_err = LDAP_SUCCESS;
+		do_return = 1;
+
+	} else {
+		/*
+		 * creating...
+		 */
+		META_BACK_CONN_CREATING_SET( msc );
 	}
 
-	msc->msc_mscflags = 0;
+	if ( dolock ) {
+		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+	}
+
+	if ( do_return ) {
+		if ( rs->sr_err != LDAP_SUCCESS
+			&& op->o_conn
+			&& ( sendok & LDAP_BACK_SENDERR ) )
+		{
+			send_ldap_result( op, rs );
+		}
+
+		return rs->sr_err;
+	}
+
+	assert( msc->msc_ld == NULL );
        
 	/*
 	 * Attempts to initialize the connection to the target ds
 	 */
+	ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
 	rs->sr_err = ldap_initialize( &msc->msc_ld, mt->mt_uri );
+#ifdef HAVE_TLS
+	is_ldaps = ldap_is_ldaps_url( mt->mt_uri );
+#endif /* HAVE_TLS */
+	ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		goto error_return;
 	}
@@ -302,8 +407,10 @@
 
 #ifdef HAVE_TLS
 	/* start TLS ("tls [try-]{start|propagate}" statement) */
-	if ( ( LDAP_BACK_USE_TLS( mi ) || ( op->o_conn->c_is_tls && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
-			&& !ldap_is_ldaps_url( mt->mt_uri ) )
+	if ( ( LDAP_BACK_USE_TLS( mi )
+		|| ( op->o_conn->c_is_tls
+			&& LDAP_BACK_PROPAGATE_TLS( mi ) ) )
+		&& !is_ldaps )
 	{
 #ifdef SLAP_STARTTLS_ASYNCHRONOUS
 		/*
@@ -322,10 +429,12 @@
 
 retry:;
 			rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
-			if ( rc < 0 ) {
+			switch ( rc ) {
+			case -1:
 				rs->sr_err = LDAP_OTHER;
+				break;
 
-			} else if ( rc == 0 ) {
+			case 0:
 				if ( nretries != 0 ) {
 					if ( nretries > 0 ) {
 						nretries--;
@@ -334,17 +443,28 @@
 					goto retry;
 				}
 				rs->sr_err = LDAP_OTHER;
+				break;
 
-			} else if ( rc == LDAP_RES_EXTENDED ) {
+			default:
+				/* only touch when activity actually took place... */
+				if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
+					msc->msc_time = op->o_time;
+				}
+				break;
+			}
+
+			if ( rc == LDAP_RES_EXTENDED ) {
 				struct berval	*data = NULL;
 
-				rs->sr_err = ldap_parse_extended_result( msc->msc_ld, res,
-						NULL, &data, 0 );
+				/* NOTE: right now, data is unused, so don't get it */
+				rs->sr_err = ldap_parse_extended_result( msc->msc_ld,
+					res, NULL, NULL /* &data */ , 0 );
 				if ( rs->sr_err == LDAP_SUCCESS ) {
 					int		err;
 
-					rs->sr_err = ldap_parse_result( msc->msc_ld, res,
-						&err, NULL, NULL, NULL, NULL, 1 );
+					/* FIXME: matched? referrals? response controls? */
+					rs->sr_err = ldap_parse_result( msc->msc_ld,
+						res, &err, NULL, NULL, NULL, NULL, 1 );
 					res = NULL;
 
 					if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -359,15 +479,14 @@
 						ldap_install_tls( msc->msc_ld );
 
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
+						/* FIXME: LDAP_OPERATIONS_ERROR? */
 						rs->sr_err = LDAP_OTHER;
-						rs->sr_text = "unwilling to chase referral returned by Start TLS exop";
+						rs->sr_text = "Unwilling to chase referral "
+							"returned by Start TLS exop";
 					}
 
 					if ( data ) {
-						if ( data->bv_val ) {
-							ber_memfree( data->bv_val );
-						}
-						ber_memfree( data );
+						ber_bvfree( data );
 					}
 				}
 
@@ -391,9 +510,20 @@
 		 * of misconfiguration, but also when used in the chain 
 		 * overlay, where the "uri" can be parsed out of a referral */
 		if ( rs->sr_err == LDAP_SERVER_DOWN
-				|| ( rs->sr_err != LDAP_SUCCESS && LDAP_BACK_TLS_CRITICAL( mi ) ) )
+			|| ( rs->sr_err != LDAP_SUCCESS
+				&& LDAP_BACK_TLS_CRITICAL( mi ) ) )
 		{
-			ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
+
+#ifdef DEBUG_205
+			Debug( LDAP_DEBUG_ANY,
+				"### %s meta_back_init_one_conn(TLS) "
+				"ldap_unbind_ext[%d] ld=%p\n",
+				op->o_log_prefix, candidate,
+				(void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+			/* need to trash a failed Start TLS */
+			meta_clear_one_candidate( op, mc, candidate );
 			goto error_return;
 		}
 	}
@@ -417,21 +547,30 @@
 	 */
 
 	if ( ispriv ) {
-		if ( !BER_BVISNULL( &mt->mt_pseudorootdn ) ) {
-			ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
-			if ( !BER_BVISNULL( &mt->mt_pseudorootpw ) ) {
-				ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
+		if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
+			ber_bvreplace( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN );
+			if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+					memset( msc->msc_cred.bv_val, 0,
+						msc->msc_cred.bv_len );
+				}
+				ber_bvreplace( &msc->msc_cred, &mt->mt_idassert_passwd );
 			}
 
 		} else {
-			ber_str2bv( "", 0, 1, &msc->msc_bound_ndn );
+			ber_bvreplace( &msc->msc_bound_ndn, &slap_empty_bv );
 		}
 
-		LDAP_BACK_CONN_ISPRIV_SET( msc );
-
 	} else {
-		BER_BVZERO( &msc->msc_cred );
-		BER_BVZERO( &msc->msc_bound_ndn );
+		if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+			memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+			ber_memfree_x( msc->msc_cred.bv_val, NULL );
+			BER_BVZERO( &msc->msc_cred );
+		}
+		if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+			ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
+			BER_BVZERO( &msc->msc_bound_ndn );
+		}
 		if ( !BER_BVISEMPTY( &op->o_ndn )
 			&& SLAP_IS_AUTHZ_BACKEND( op )
 			&& isauthz )
@@ -447,34 +586,54 @@
 			if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
 						&msc->msc_bound_ndn ) )
 			{
-				ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
+
+#ifdef DEBUG_205
+				Debug( LDAP_DEBUG_ANY,
+					"### %s meta_back_init_one_conn(rewrite) "
+					"ldap_unbind_ext[%d] ld=%p\n",
+					op->o_log_prefix, candidate,
+					(void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+				/* need to trash a connection not fully established */
+				meta_clear_one_candidate( op, mc, candidate );
 				goto error_return;
 			}
 			
-			/* copy the DN idf needed */
+			/* copy the DN if needed */
 			if ( msc->msc_bound_ndn.bv_val == op->o_conn->c_dn.bv_val ) {
 				ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
 			}
 
+			assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+
 		} else {
-			ber_str2bv( "", 0, 1, &msc->msc_bound_ndn );
+			ber_dupbv( &msc->msc_bound_ndn, (struct berval *)&slap_empty_bv );
 		}
 	}
 
 	assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
 
 error_return:;
+	if ( dolock ) {
+		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+	}
+	META_BACK_CONN_CREATING_CLEAR( msc );
 	if ( rs->sr_err == LDAP_SUCCESS ) {
 		/*
 		 * Sets a cookie for the rewrite session
 		 */
 		( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn );
+		META_BACK_CONN_INITED_SET( msc );
+	}
+	if ( dolock ) {
+		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+	}
 
-	} else {
+	if ( rs->sr_err != LDAP_SUCCESS ) {
 		rs->sr_err = slap_map_api2result( rs );
 		if ( sendok & LDAP_BACK_SENDERR ) {
 			send_ldap_result( op, rs );
-			rs->sr_text = NULL;
 		}
 	}
 
@@ -495,61 +654,147 @@
 	ldap_back_send_t	sendok )
 {
 	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
-	metatarget_t		*mt = &mi->mi_targets[ candidate ];
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
 	metaconn_t		*mc = *mcp;
 	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
 	int			rc = LDAP_UNAVAILABLE,
-				binding = LDAP_BACK_CONN_BINDING( msc );
+				binding,
+				quarantine = 1;
 
 	ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
 
+	assert( !META_BACK_CONN_CREATING( msc ) );
+	binding = LDAP_BACK_CONN_BINDING( msc );
+	LDAP_BACK_CONN_BINDING_CLEAR( msc );
+
 	assert( mc->mc_refcnt > 0 );
 	if ( mc->mc_refcnt == 1 ) {
-		char	buf[ SLAP_TEXT_BUFLEN ];
+		if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+			char	buf[ SLAP_TEXT_BUFLEN ];
 
-		snprintf( buf, sizeof( buf ),
-			"retrying URI=\"%s\" DN=\"%s\"",
-			mt->mt_uri,
-			BER_BVISNULL( &msc->msc_bound_ndn ) ?
-				"" : msc->msc_bound_ndn.bv_val );
-		Debug( LDAP_DEBUG_ANY,
-			"%s meta_back_retry[%d]: %s.\n",
-			op->o_log_prefix, candidate, buf );
+			/* this lock is required; however,
+			 * it's invoked only when logging is on */
+			ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+			snprintf( buf, sizeof( buf ),
+				"retrying URI=\"%s\" DN=\"%s\"",
+				mt->mt_uri,
+				BER_BVISNULL( &msc->msc_bound_ndn ) ?
+					"" : msc->msc_bound_ndn.bv_val );
+			ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
 
-		meta_clear_one_candidate( msc );
+			Debug( LDAP_DEBUG_ANY,
+				"%s meta_back_retry[%d]: %s.\n",
+				op->o_log_prefix, candidate, buf );
+		}
+
+		meta_clear_one_candidate( op, mc, candidate );
 		LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
 
 		( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
 
 		/* mc here must be the regular mc, reset and ready for init */
-		rc = meta_back_init_one_conn( op, rs, mt, mc, candidate,
-			LDAP_BACK_CONN_ISPRIV( mc ), sendok );
+		rc = meta_back_init_one_conn( op, rs, mc, candidate,
+			LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
+
+		/* restore the "binding" flag, in case */
 		if ( binding ) {
 			LDAP_BACK_CONN_BINDING_SET( msc );
 		}
 
 		if ( rc == LDAP_SUCCESS ) {
+			quarantine = 0;
 			rc = meta_back_single_dobind( op, rs, mcp, candidate,
 				sendok, mt->mt_nretries, 0 );
+
+			Debug( LDAP_DEBUG_ANY,
+				"%s meta_back_retry[%d]: "
+				"meta_back_single_dobind=%d\n",
+				op->o_log_prefix, candidate, rc );
+			if ( rc == LDAP_SUCCESS ) {
+				if ( !BER_BVISNULL( &msc->msc_bound_ndn ) &&
+					!BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+				{
+					LDAP_BACK_CONN_ISBOUND_SET( msc );
+
+				} else {
+					LDAP_BACK_CONN_ISANON_SET( msc );
+				}
+
+				/* when bound, dispose of the "binding" flag */
+				if ( binding ) {
+					LDAP_BACK_CONN_BINDING_CLEAR( msc );
+				}
+			}
         	}
+
+		/* don't send twice */
+		sendok &= ~LDAP_BACK_SENDERR;
 	}
 
 	if ( rc != LDAP_SUCCESS ) {
+		SlapReply		*candidates = meta_back_candidates_get( op );
+
+		candidates[ candidate ].sr_err = rc;
+
 		if ( *mcp != NULL ) {
-			if ( binding ) {
-				LDAP_BACK_CONN_BINDING_CLEAR( msc );
+			if ( mc->mc_refcnt == 1 ) {
+				if ( binding ) {
+					LDAP_BACK_CONN_BINDING_CLEAR( msc );
+				}
+				(void)meta_clear_one_candidate( op, mc, candidate );
 			}
-			meta_back_release_conn_lock( op, mc, 1, 0 );
-			*mcp = NULL;
+
+			LDAP_BACK_CONN_TAINTED_SET( mc );
+			/* only release if mandatory; otherwise
+			 * let the caller do what's best before
+			 * releasing */
+			if ( META_BACK_ONERR_STOP( mi ) ) {
+				meta_back_release_conn_lock( mi, mc, 0 );
+				*mcp = NULL;
+
+			} else {
+#if META_BACK_PRINT_CONNTREE > 0
+				meta_back_print_conntree( mi, ">>> meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+				/* FIXME: could be done better, reworking meta_back_release_conn_lock() */
+				if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+					if ( mc->mc_q.tqe_prev != NULL ) {
+						assert( LDAP_BACK_CONN_CACHED( mc ) );
+						assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+						LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+							mc, mc_q );
+						mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+						LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+					} else {
+						assert( !LDAP_BACK_CONN_CACHED( mc ) );
+					}
+
+				} else {
+					/* FIXME: check if in tree, for consistency? */
+					(void)avl_delete( &mi->mi_conninfo.lai_tree,
+						( caddr_t )mc, meta_back_conndnmc_cmp );
+				}
+				LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+				meta_back_print_conntree( mi, "<<< meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
+			}
 		}
 
-		if ( sendok ) {
-			rs->sr_err = LDAP_UNAVAILABLE;
-			rs->sr_text = NULL;
+		if ( sendok & LDAP_BACK_SENDERR ) {
+			rs->sr_err = rc;
+			rs->sr_text = "Unable to retry";
 			send_ldap_result( op, rs );
 		}
 	}
 
+	if ( quarantine && META_BACK_TGT_QUARANTINE( mt ) ) {
+		meta_back_quarantine( op, rs, candidate );
+	}
+
 	ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
 	return rc == LDAP_SUCCESS ? 1 : 0;
@@ -600,7 +845,7 @@
 	 */
 	if ( candidate == META_TARGET_NONE ) {
 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
-		rs->sr_text = "no suitable candidate target found";
+		rs->sr_text = "No suitable candidate target found";
 
 	} else if ( candidate == META_TARGET_MULTIPLE ) {
 		Filter		f = { 0 };
@@ -644,9 +889,7 @@
 			 * and a default target is defined, and it is
 			 * a candidate, try using it (FIXME: YMMV) */
 			if ( mi->mi_defaulttarget != META_DEFAULT_TARGET_NONE
-				&& meta_back_is_candidate( &mi->mi_targets[ mi->mi_defaulttarget ].mt_nsuffix,
-						mi->mi_targets[ mi->mi_defaulttarget ].mt_scope,
-						mi->mi_targets[ mi->mi_defaulttarget ].mt_subtree_exclude,
+				&& meta_back_is_candidate( mi->mi_targets[ mi->mi_defaulttarget ],
 						ndn, op->o_tag == LDAP_REQ_SEARCH ? op->ors_scope : LDAP_SCOPE_BASE ) )
 			{
 				candidate = mi->mi_defaulttarget;
@@ -655,7 +898,7 @@
 
 			} else {
 				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-				rs->sr_text = "cannot select unique candidate target";
+				rs->sr_text = "Unable to select unique candidate target";
 			}
 			break;
 		}
@@ -716,9 +959,11 @@
 	} else if ( mc->mc_ntargets < mi->mi_ntargets ) {
 		/* NOTE: in the future, may want to allow back-config
 		 * to add/remove targets from back-meta... */
+		mc->mc_candidates = ch_realloc( mc->mc_candidates,
+				sizeof( SlapReply ) * mi->mi_ntargets );
+		memset( &mc->mc_candidates[ mc->mc_ntargets ], 0,
+			sizeof( SlapReply ) * ( mi->mi_ntargets - mc->mc_ntargets ) );
 		mc->mc_ntargets = mi->mi_ntargets;
-		mc->mc_candidates = ch_realloc( mc->mc_candidates,
-				sizeof( SlapReply ) * mc->mc_ntargets );
 	}
 
 	return mc->mc_candidates;
@@ -779,58 +1024,143 @@
 		META_DNTYPE_ENTRY,
 		META_DNTYPE_PARENT,
 		META_DNTYPE_NEWPARENT
-			} dn_type = META_DNTYPE_ENTRY;
+	}		dn_type = META_DNTYPE_ENTRY;
 	struct berval	ndn = op->o_req_ndn,
 			pndn;
 
 	SlapReply	*candidates = meta_back_candidates_get( op );
 
 	/* Internal searches are privileged and shared. So is root. */
-	/* FIXME: there seem to be concurrency issues */
-	if ( op->o_do_not_cache || be_isroot( op ) ) {
+	if ( ( !BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ALWAYS( mi ) )
+		|| ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ANON( mi ) )
+		|| op->o_do_not_cache || be_isroot( op ) )
+	{
+		LDAP_BACK_CONN_ISPRIV_SET( &mc_curr );
 		mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
-		LDAP_BACK_CONN_ISPRIV_SET( &mc_curr );
-		mc_curr.mc_conn = LDAP_BACK_PCONN_SET( op );
+		LDAP_BACK_PCONN_ROOTDN_SET( &mc_curr, op );
 
+	} else if ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_NOANON( mi ) )
+	{
+		LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+		BER_BVSTR( &mc_curr.mc_local_ndn, "" );
+		LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
+
 	} else {
 		mc_curr.mc_local_ndn = op->o_ndn;
 
 		/* Explicit binds must not be shared */
-		if ( op->o_tag == LDAP_REQ_BIND || SLAP_IS_AUTHZ_BACKEND( op ) ) {
+		if ( !BER_BVISEMPTY( &op->o_ndn )
+			|| op->o_tag == LDAP_REQ_BIND
+			|| SLAP_IS_AUTHZ_BACKEND( op ) )
+		{
 			mc_curr.mc_conn = op->o_conn;
 	
 		} else {
-			mc_curr.mc_conn = LDAP_BACK_PCONN_SET( op );
+			LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+			LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
 		}
 	}
 
 	/* Explicit Bind requests always get their own conn */
-	if ( !( sendok & LDAP_BACK_BINDING ) ) {
+	if ( sendok & LDAP_BACK_BINDING ) {
+		mc_curr.mc_conn = op->o_conn;
+
+	} else {
 		/* Searches for a metaconn in the avl tree */
-retry_lock:
+retry_lock:;
 		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-		mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree, 
-			(caddr_t)&mc_curr, meta_back_conndn_cmp );
-		if ( mc ) {
-			if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
-				|| ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+		if ( LDAP_BACK_PCONN_ISPRIV( &mc_curr ) ) {
+			/* lookup a conn that's not binding */
+			LDAP_TAILQ_FOREACH( mc,
+				&mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv,
+				mc_q )
 			{
-				/* don't let anyone else use this expired connection */
-				(void)avl_delete( &mi->mi_conninfo.lai_tree,
-					(caddr_t)mc, meta_back_conndnmc_cmp );
+				if ( !LDAP_BACK_CONN_BINDING( mc ) && mc->mc_refcnt == 0 ) {
+					break;
+				}
+			}
 
-				Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired.\n",
-					op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc->mc_conn ) );
+			if ( mc != NULL ) {
+				if ( mc != LDAP_TAILQ_LAST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+					metaconn_t, mc_q ) )
+				{
+					LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+						mc, mc_q );
+					LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+					LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+						mc, mc_q );
+				}
+
+			} else if ( !LDAP_BACK_USE_TEMPORARIES( mi )
+				&& mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_num == mi->mi_conn_priv_max )
+			{
+				mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv );
 			}
+			
 
-			/* Don't reuse connections while they're still binding */
+		} else {
+			mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree, 
+				(caddr_t)&mc_curr, meta_back_conndn_cmp );
+		}
+
+		if ( mc ) {
+			/* catch taint errors */
+			assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
+			/* Don't reuse connections while they're still binding
+			 * NOTE: only makes sense for binds */
 			if ( LDAP_BACK_CONN_BINDING( mc ) ) {
-				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-				ldap_pvt_thread_yield();
-				goto retry_lock;
+				if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+					ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+					ldap_pvt_thread_yield();
+					goto retry_lock;
+				}
+
+				/* release conn, and create a temporary */
+				mc = NULL;
+
+			} else {
+				if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+					|| ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+				{
+#if META_BACK_PRINT_CONNTREE > 0
+					meta_back_print_conntree( mi,
+						">>> meta_back_getconn(expired)" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+					/* don't let anyone else use this expired connection */
+					if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+						if ( mc->mc_q.tqe_prev != NULL ) {
+							assert( LDAP_BACK_CONN_CACHED( mc ) );
+							assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+							LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+								mc, mc_q );
+							mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+							LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+						} else {
+							assert( !LDAP_BACK_CONN_CACHED( mc ) );
+						}
+
+					} else {
+						(void)avl_delete( &mi->mi_conninfo.lai_tree,
+							(caddr_t)mc, meta_back_conndnmc_cmp );
+					}
+
+#if META_BACK_PRINT_CONNTREE > 0
+					meta_back_print_conntree( mi,
+						"<<< meta_back_getconn(expired)" );
+#endif /* META_BACK_PRINT_CONNTREE */
+					LDAP_BACK_CONN_TAINTED_SET( mc );
+					LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+					Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired (tainted).\n",
+						op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+				}
+
+				mc->mc_refcnt++;
 			}
-
-			mc->mc_refcnt++;
 		}
 		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 	}
@@ -859,12 +1189,12 @@
 		}
 		break;
 
+	case LDAP_REQ_COMPARE:
 	case LDAP_REQ_DELETE:
 	case LDAP_REQ_MODIFY:
 		/* just a unique candidate */
 		break;
 
-	case LDAP_REQ_COMPARE:
 	case LDAP_REQ_SEARCH:
 		/* allow multiple candidates for the searchBase */
 		op_type = META_OP_ALLOW_MULTIPLE;
@@ -882,6 +1212,7 @@
 
 		/* Looks like we didn't get a bind. Open a new session... */
 		if ( mc == NULL ) {
+			assert( new_conn == 0 );
 			mc = metaconn_alloc( op );
 			mc->mc_conn = mc_curr.mc_conn;
 			ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
@@ -889,20 +1220,28 @@
 			if ( sendok & LDAP_BACK_BINDING ) {
 				LDAP_BACK_CONN_BINDING_SET( mc );
 			}
+			if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+				LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+			} else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+				LDAP_BACK_CONN_ISANON_SET( mc );
+			}
+
+		} else if ( 0 ) {
+			/* TODO: if any of the connections is binding,
+			 * release mc and create a new one */
 		}
 
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			metatarget_t		*mt = &mi->mi_targets[ i ];
-
 			/*
 			 * The target is activated; if needed, it is
 			 * also init'd
 			 */
 			candidates[ i ].sr_err = meta_back_init_one_conn( op,
-				rs, mt, mc, i,
-				LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
+				rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+				LDAP_BACK_DONTSEND, !new_conn );
 			if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
-				candidates[ i ].sr_tag = META_CANDIDATE;
+				META_CANDIDATE_SET( &candidates[ i ] );
 				ncandidates++;
 	
 			} else {
@@ -912,7 +1251,7 @@
 				 * be init'd, should the other ones
 				 * be tried?
 				 */
-				candidates[ i ].sr_tag = META_NOT_CANDIDATE;
+				META_CANDIDATE_RESET( &candidates[ i ] );
 				err = candidates[ i ].sr_err;
 				continue;
 			}
@@ -920,10 +1259,11 @@
 
 		if ( ncandidates == 0 ) {
 			if ( new_conn ) {
-				meta_back_freeconn( op, mc );
+				mc->mc_refcnt = 0;
+				meta_back_conn_free( mc );
 
 			} else {
-				meta_back_release_conn( op, mc );
+				meta_back_release_conn( mi, mc );
 			}
 
 			rs->sr_err = LDAP_NO_SUCH_OBJECT;
@@ -934,7 +1274,6 @@
 					rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
 				}
 				send_ldap_result( op, rs );
-				rs->sr_text = NULL;
 				rs->sr_matched = NULL;
 			}
 
@@ -958,7 +1297,7 @@
 		int			j;
 
 		for ( j = 0; j < mi->mi_ntargets; j++ ) {
-			candidates[ j ].sr_tag = META_NOT_CANDIDATE;
+			META_CANDIDATE_RESET( &candidates[ j ] );
 		}
 
 		/*
@@ -974,7 +1313,7 @@
 	
 			if ( i < 0 || rs->sr_err != LDAP_SUCCESS ) {
 				if ( mc != NULL ) {
-					meta_back_release_conn( op, mc );
+					meta_back_release_conn( mi, mc );
 				}
 
 				if ( sendok & LDAP_BACK_SENDERR ) {
@@ -982,7 +1321,6 @@
 						rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
 					}
 					send_ldap_result( op, rs );
-					rs->sr_text = NULL;
 					rs->sr_matched = NULL;
 				}
 			
@@ -993,14 +1331,13 @@
 		if ( dn_type == META_DNTYPE_NEWPARENT && meta_back_get_candidate( op, rs, op->orr_nnewSup ) != i )
 		{
 			if ( mc != NULL ) {
-				meta_back_release_conn( op, mc );
+				meta_back_release_conn( mi, mc );
 			}
 
 			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-			rs->sr_text = "cross-target rename not supported";
+			rs->sr_text = "Cross-target rename not supported";
 			if ( sendok & LDAP_BACK_SENDERR ) {
 				send_ldap_result( op, rs );
-				rs->sr_text = NULL;
 			}
 
 			return NULL;
@@ -1020,20 +1357,31 @@
 				mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree, 
 					(caddr_t)&mc_curr, meta_back_conndn_cmp );
 				if ( mc != NULL ) {
+					/* catch taint errors */
+					assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
 					/* Don't reuse connections while they're still binding */
-					if ( LDAP_BACK_CONN_BINDING( mc ) ) {
-						ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-						ldap_pvt_thread_yield();
-						goto retry_lock2;
+					if ( META_BACK_CONN_CREATING( &mc->mc_conns[ i ] )
+						|| LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) )
+					{
+						if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+							ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+							ldap_pvt_thread_yield();
+							goto retry_lock2;
+						}
+
+						mc = NULL;
+
+					} else {
+						mc->mc_refcnt++;
 					}
-
-					mc->mc_refcnt++;
 				}
 				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 			}
 
 			/* Looks like we didn't get a bind. Open a new session... */
 			if ( mc == NULL ) {
+				assert( new_conn == 0 );
 				mc = metaconn_alloc( op );
 				mc->mc_conn = mc_curr.mc_conn;
 				ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
@@ -1041,6 +1389,12 @@
 				if ( sendok & LDAP_BACK_BINDING ) {
 					LDAP_BACK_CONN_BINDING_SET( mc );
 				}
+				if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+					LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+				} else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+					LDAP_BACK_CONN_ISANON_SET( mc );
+				}
 			}
 		}
 
@@ -1049,7 +1403,7 @@
 		 */
 		( void )meta_clear_unused_candidates( op, i );
 
-		mt = &mi->mi_targets[ i ];
+		mt = mi->mi_targets[ i ];
 		msc = &mc->mc_conns[ i ];
 
 		/*
@@ -1057,27 +1411,27 @@
 		 * also init'd. In case of error, meta_back_init_one_conn
 		 * sends the appropriate result.
 		 */
-		err = meta_back_init_one_conn( op, rs, mt, mc, i,
-			LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
+		err = meta_back_init_one_conn( op, rs, mc, i,
+			LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok, !new_conn );
 		if ( err != LDAP_SUCCESS ) {
 			/*
 			 * FIXME: in case one target cannot
 			 * be init'd, should the other ones
 			 * be tried?
 			 */
-			candidates[ i ].sr_tag = META_NOT_CANDIDATE;
+			META_CANDIDATE_RESET( &candidates[ i ] );
  			if ( new_conn ) {
-				(void)meta_clear_one_candidate( msc );
-				meta_back_freeconn( op, mc );
+				mc->mc_refcnt = 0;
+				meta_back_conn_free( mc );
 
 			} else {
-				meta_back_release_conn( op, mc );
+				meta_back_release_conn( mi, mc );
 			}
 			return NULL;
 		}
 
 		candidates[ i ].sr_err = LDAP_SUCCESS;
-		candidates[ i ].sr_tag = META_CANDIDATE;
+		META_CANDIDATE_SET( &candidates[ i ] );
 		ncandidates++;
 
 		if ( candidate ) {
@@ -1091,43 +1445,51 @@
 
 		/* Looks like we didn't get a bind. Open a new session... */
 		if ( mc == NULL ) {
+			assert( new_conn == 0 );
 			mc = metaconn_alloc( op );
 			mc->mc_conn = mc_curr.mc_conn;
 			ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
 			new_conn = 1;
-			if ( sendok & LDAP_BACK_BINDING ) {
-				LDAP_BACK_CONN_BINDING_SET( mc );
+			if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+				LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+			} else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+				LDAP_BACK_CONN_ISANON_SET( mc );
 			}
 		}
 
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			metatarget_t		*mt = &mi->mi_targets[ i ];
-			metasingleconn_t	*msc = &mc->mc_conns[ i ];
+			metatarget_t		*mt = mi->mi_targets[ i ];
 
+			META_CANDIDATE_RESET( &candidates[ i ] );
+
 			if ( i == cached 
-				|| meta_back_is_candidate( &mt->mt_nsuffix,
-						mt->mt_scope,
-						mt->mt_subtree_exclude,
-						&op->o_req_ndn,
-						LDAP_SCOPE_SUBTREE ) )
+				|| meta_back_is_candidate( mt, &op->o_req_ndn,
+					LDAP_SCOPE_SUBTREE ) )
 			{
 
 				/*
 				 * The target is activated; if needed, it is
 				 * also init'd
 				 */
-				int lerr = meta_back_init_one_conn( op, rs,
-						mt, mc, i,
-						LDAP_BACK_CONN_ISPRIV( &mc_curr ),
-						sendok );
+				int lerr = meta_back_init_one_conn( op, rs, mc, i,
+					LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+					LDAP_BACK_DONTSEND, !new_conn );
+				candidates[ i ].sr_err = lerr;
 				if ( lerr == LDAP_SUCCESS ) {
-					candidates[ i ].sr_tag = META_CANDIDATE;
-					candidates[ i ].sr_err = LDAP_SUCCESS;
+					META_CANDIDATE_SET( &candidates[ i ] );
 					ncandidates++;
 
 					Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
 						op->o_log_prefix, i, 0 );
 
+				} else if ( lerr == LDAP_UNAVAILABLE && !META_BACK_ONERR_STOP( mi ) ) {
+					META_CANDIDATE_SET( &candidates[ i ] );
+
+					Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] %s\n",
+						op->o_log_prefix, i,
+						mt->mt_isquarantined != LDAP_BACK_FQ_NO ? "quarantined" : "unavailable" );
+
 				} else {
 				
 					/*
@@ -1136,43 +1498,64 @@
 					 * be tried?
 					 */
 					if ( new_conn ) {
-						( void )meta_clear_one_candidate( msc );
+						( void )meta_clear_one_candidate( op, mc, i );
 					}
 					/* leave the target candidate, but record the error for later use */
-					candidates[ i ].sr_err = lerr;
 					err = lerr;
 
-					Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed: %d\n",
-						op->o_log_prefix, i, lerr );
+					if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
+						Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] quarantined err=%d\n",
+							op->o_log_prefix, i, lerr );
 
+					} else {
+						Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed err=%d\n",
+							op->o_log_prefix, i, lerr );
+					}
+
+					if ( META_BACK_ONERR_STOP( mi ) ) {
+						if ( sendok & LDAP_BACK_SENDERR ) {
+							send_ldap_result( op, rs );
+						}
+						if ( new_conn ) {
+							mc->mc_refcnt = 0;
+							meta_back_conn_free( mc );
+
+						} else {
+							meta_back_release_conn( mi, mc );
+						}
+
+						return NULL;
+					}
+
 					continue;
 				}
 
 			} else {
 				if ( new_conn ) {
-					( void )meta_clear_one_candidate( msc );
+					( void )meta_clear_one_candidate( op, mc, i );
 				}
-				candidates[ i ].sr_tag = META_NOT_CANDIDATE;
 			}
 		}
 
 		if ( ncandidates == 0 ) {
 			if ( new_conn ) {
-				meta_back_freeconn( op, mc );
+				mc->mc_refcnt = 0;
+				meta_back_conn_free( mc );
 
 			} else {
-				meta_back_release_conn( op, mc );
+				meta_back_release_conn( mi, mc );
 			}
 
-			rs->sr_err = LDAP_NO_SUCH_OBJECT;
-			rs->sr_text = "Unable to select valid candidates";
+			if ( rs->sr_err == LDAP_SUCCESS ) {
+				rs->sr_err = LDAP_NO_SUCH_OBJECT;
+				rs->sr_text = "Unable to select valid candidates";
+			}
 
 			if ( sendok & LDAP_BACK_SENDERR ) {
 				if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
 					rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
 				}
 				send_ldap_result( op, rs );
-				rs->sr_text = NULL;
 				rs->sr_matched = NULL;
 			}
 
@@ -1191,7 +1574,6 @@
 	}
 
 	if ( new_conn ) {
-		
 		if ( mi->mi_conn_ttl ) {
 			mc->mc_create_time = op->o_time;
 		}
@@ -1200,61 +1582,94 @@
 		 * Inserts the newly created metaconn in the avl tree
 		 */
 		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-		err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
+#if META_BACK_PRINT_CONNTREE > 0
+		meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+		if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+			if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
+				LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+				mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num++;
+				LDAP_BACK_CONN_CACHED_SET( mc );
+
+			} else {
+				LDAP_BACK_CONN_TAINTED_SET( mc );
+			}
+			rs->sr_err = 0;
+
+		} else {
+			err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
 			       	meta_back_conndn_cmp, meta_back_conndn_dup );
+			LDAP_BACK_CONN_CACHED_SET( mc );
+		}
 
-#if PRINT_CONNTREE > 0
-		myprint( mi->mi_conninfo.lai_tree );
-#endif /* PRINT_CONNTREE */
-		
+#if META_BACK_PRINT_CONNTREE > 0
+		meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+#endif /* META_BACK_PRINT_CONNTREE */
 		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
-		/*
-		 * Err could be -1 in case a duplicate metaconn is inserted
-		 *
-		 * FIXME: what if the same client issues more than one
-		 * asynchronous operations?
-		 */
-		if ( err != 0 ) {
-			Debug( LDAP_DEBUG_ANY,
-				"%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
-				op->o_log_prefix, ncandidates,
-				LDAP_BACK_PCONN_ID( mc->mc_conn ) );
-		
-			rs->sr_err = LDAP_OTHER;
-			rs->sr_text = "Internal server error";
-			meta_back_freeconn( op, mc );
-			if ( sendok & LDAP_BACK_SENDERR ) {
-				send_ldap_result( op, rs );
-				rs->sr_text = NULL;
+		if ( !LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+			/*
+			 * Err could be -1 in case a duplicate metaconn is inserted
+			 */
+			switch ( err ) {
+			case 0:
+				break;
+
+			case -1:
+				LDAP_BACK_CONN_CACHED_CLEAR( mc );
+				/* duplicate: free and try to get the newly created one */
+				if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+					mc->mc_refcnt = 0;	
+					meta_back_conn_free( mc );
+	
+					new_conn = 0;
+					goto retry_lock;
+				}
+
+				LDAP_BACK_CONN_TAINTED_SET( mc );
+				break;
+
+			default:
+				LDAP_BACK_CONN_CACHED_CLEAR( mc );
+				Debug( LDAP_DEBUG_ANY,
+					"%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
+					op->o_log_prefix, ncandidates,
+					LDAP_BACK_PCONN_ID( mc ) );
+	
+				mc->mc_refcnt = 0;	
+				meta_back_conn_free( mc );
+
+				rs->sr_err = LDAP_OTHER;
+				rs->sr_text = "Proxy bind collision";
+				if ( sendok & LDAP_BACK_SENDERR ) {
+					send_ldap_result( op, rs );
+				}
+				return NULL;
 			}
-			return NULL;
 		}
 
 		Debug( LDAP_DEBUG_TRACE,
 			"%s meta_back_getconn: candidates=%d conn=%ld inserted\n",
 			op->o_log_prefix, ncandidates,
-			LDAP_BACK_PCONN_ID( mc->mc_conn ) );
+			LDAP_BACK_PCONN_ID( mc ) );
 
 	} else {
 		Debug( LDAP_DEBUG_TRACE,
 			"%s meta_back_getconn: candidates=%d conn=%ld fetched\n",
 			op->o_log_prefix, ncandidates,
-			LDAP_BACK_PCONN_ID( mc->mc_conn ) );
+			LDAP_BACK_PCONN_ID( mc ) );
 	}
-	
+
 	return mc;
 }
 
 void
 meta_back_release_conn_lock(
-       	Operation 		*op,
+       	metainfo_t		*mi,
 	metaconn_t		*mc,
-	int			dofree,
 	int			dolock )
 {
-	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
-
 	assert( mc != NULL );
 
 	if ( dolock ) {
@@ -1262,21 +1677,133 @@
 	}
 	assert( mc->mc_refcnt > 0 );
 	mc->mc_refcnt--;
-	LDAP_BACK_CONN_BINDING_CLEAR( mc );
-	if ( dofree
-		|| ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
-		|| ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
-	{
-		Debug( LDAP_DEBUG_TRACE, "%s meta_back_release_conn: mc=%p conn=%ld expired.\n",
-			op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc->mc_conn ) );
-		(void)avl_delete( &mi->mi_conninfo.lai_tree,
-			( caddr_t )mc, meta_back_conndnmc_cmp );
+	/* NOTE: the connection is removed if either it is tainted
+	 * or if it is shared and no one else is using it.  This needs
+	 * to occur because for intrinsic reasons cached connections
+	 * that are not privileged would live forever and pollute
+	 * the connection space (and eat up resources).  Maybe this
+	 * should be configurable... */
+	if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
+#if META_BACK_PRINT_CONNTREE > 0
+		meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+		if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+			if ( mc->mc_q.tqe_prev != NULL ) {
+				assert( LDAP_BACK_CONN_CACHED( mc ) );
+				assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+				LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+				mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+				LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+			} else {
+				assert( !LDAP_BACK_CONN_CACHED( mc ) );
+			}
+
+		} else {
+			metaconn_t	*tmpmc;
+
+			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,
+				( caddr_t )mc, meta_back_conndnmc_cmp );
+
+			/* Overparanoid, but useful... */
+			assert( tmpmc == NULL || tmpmc == mc );
+		}
+
+		LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+		meta_back_print_conntree( mi, "<<< meta_back_release_conn" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
 		if ( mc->mc_refcnt == 0 ) {
-			meta_clear_candidates( op, mc );
 			meta_back_conn_free( mc );
+			mc = NULL;
 		}
 	}
+
+	if ( mc != NULL && LDAP_BACK_CONN_BINDING( mc ) ) {
+		LDAP_BACK_CONN_BINDING_CLEAR( mc );
+	}
+
 	if ( dolock ) {
 		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 	}
 }
+
+void
+meta_back_quarantine(
+	Operation	*op,
+	SlapReply	*rs,
+	int		candidate )
+{
+	metainfo_t		*mi = (metainfo_t *)op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+
+	slap_retry_info_t	*ri = &mt->mt_quarantine;
+
+	ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+
+	if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+		time_t	new_last = slap_get_time();
+
+		switch ( mt->mt_isquarantined ) {
+		case LDAP_BACK_FQ_NO:
+			if ( ri->ri_last == new_last ) {
+				goto done;
+			}
+
+			Debug( LDAP_DEBUG_ANY,
+				"%s meta_back_quarantine[%d]: enter.\n",
+				op->o_log_prefix, candidate, 0 );
+
+			ri->ri_idx = 0;
+			ri->ri_count = 0;
+			break;
+
+		case LDAP_BACK_FQ_RETRYING:
+			if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+				char	buf[ SLAP_TEXT_BUFLEN ];
+
+				snprintf( buf, sizeof( buf ),
+					"meta_back_quarantine[%d]: block #%d try #%d failed",
+					candidate, ri->ri_idx, ri->ri_count );
+				Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+					op->o_log_prefix, buf, 0 );
+			}
+
+			++ri->ri_count;
+			if ( ri->ri_num[ ri->ri_idx ] != SLAP_RETRYNUM_FOREVER
+				&& ri->ri_count == ri->ri_num[ ri->ri_idx ] )
+			{
+				ri->ri_count = 0;
+				++ri->ri_idx;
+			}
+			break;
+
+		default:
+			break;
+		}
+
+		mt->mt_isquarantined = LDAP_BACK_FQ_YES;
+		ri->ri_last = new_last;
+
+	} else if ( mt->mt_isquarantined == LDAP_BACK_FQ_RETRYING ) {
+		Debug( LDAP_DEBUG_ANY,
+			"%s meta_back_quarantine[%d]: exit.\n",
+			op->o_log_prefix, candidate, 0 );
+
+		if ( mi->mi_quarantine_f ) {
+			(void)mi->mi_quarantine_f( mi, candidate,
+				mi->mi_quarantine_p );
+		}
+
+		ri->ri_count = 0;
+		ri->ri_idx = 0;
+		mt->mt_isquarantined = LDAP_BACK_FQ_NO;
+	}
+
+done:;
+	ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
+}
+

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/delete.c,v 1.19.2.12 2006/04/05 21:27:52 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/delete.c,v 1.19.2.15 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -35,13 +35,14 @@
 meta_back_delete( Operation *op, SlapReply *rs )
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t	*mt;
 	metaconn_t	*mc = NULL;
 	int		candidate = -1;
 	struct berval	mdn = BER_BVNULL;
 	dncookie	dc;
 	int		msgid;
 	int		do_retry = 1;
-	int		maperr = 1;
+	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
 	if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
@@ -53,84 +54,49 @@
 	/*
 	 * Rewrite the compare dn, if needed
 	 */
-	dc.target = &mi->mi_targets[ candidate ];
+	mt = mi->mi_targets[ candidate ];
+	dc.target = mt;
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 	dc.ctx = "deleteDN";
 
 	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
 		send_ldap_result( op, rs );
-		goto done;
+		goto cleanup;
 	}
 
 retry:;
+	ctrls = op->o_ctrls;
+	if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+	{
+		send_ldap_result( op, rs );
+		goto cleanup;
+	}
+
 	rs->sr_err = ldap_delete_ext( mc->mc_conns[ candidate ].msc_ld,
-			mdn.bv_val, op->o_ctrls, NULL, &msgid );
+			mdn.bv_val, ctrls, NULL, &msgid );
+	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+		mt->mt_timeout[ SLAP_OP_DELETE ], LDAP_BACK_SENDRESULT );
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
-		goto cleanup;
-
-	} else if ( rs->sr_err == LDAP_SUCCESS ) {
-		struct timeval	tv, *tvp = NULL;
-		LDAPMessage	*res = NULL;
-		int		rc;
-
-		if ( mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_DELETE ] != 0 ) {
-			tv.tv_sec = mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_DELETE ];
-			tv.tv_usec = 0;
-			tvp = &tv;
-		}
-
-		rs->sr_err = LDAP_OTHER;
-		maperr = 0;
-		rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
-			msgid, LDAP_MSG_ALL, tvp, &res );
-		switch ( rc ) {
-		case -1:
-			rs->sr_err = LDAP_OTHER;
-			break;
-
-		case 0:
-			ldap_abandon_ext( mc->mc_conns[ candidate ].msc_ld,
-				msgid, NULL, NULL );
-			rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
-				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR;
-			break;
-
-		case LDAP_RES_DELETE:
-			rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld,
-				res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-			if ( rc != LDAP_SUCCESS ) {
-				rs->sr_err = rc;
-			}
-			maperr = 1;
-			break;
-
-		default:
-			ldap_msgfree( res );
-			break;
-		}
 	}
 
-	if ( maperr ) {
-		rs->sr_err = meta_back_op_result( mc, op, rs, candidate );
-
-	} else {
-		send_ldap_result( op, rs );
-	}
-
 cleanup:;
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
 	if ( mdn.bv_val != op->o_req_dn.bv_val ) {
 		free( mdn.bv_val );
 		BER_BVZERO( &mdn );
 	}
 	
-done:;
 	if ( mc ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	return rs->sr_err;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/dncache.c,v 1.10.2.6 2006/01/03 22:16:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/dncache.c,v 1.10.2.7 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/init.c,v 1.37.2.12 2006/04/05 21:27:29 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/init.c,v 1.37.2.16 2007/01/26 22:05:36 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -76,6 +76,7 @@
 	Backend		*be )
 {
 	metainfo_t	*mi;
+	int		i;
 
 	mi = ch_calloc( 1, sizeof( metainfo_t ) );
 	if ( mi == NULL ) {
@@ -90,12 +91,20 @@
 	mi->mi_bind_timeout.tv_sec = 0;
 	mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
 
+	mi->mi_rebind_f = meta_back_default_rebind;
+
 	ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
 	ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
 
 	/* safe default */
 	mi->mi_nretries = META_RETRY_DEFAULT;
 	mi->mi_version = LDAP_VERSION3;
+
+	for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+		mi->mi_conn_priv[ i ].mic_num = 0;
+		LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
+	}
+	mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
 	
 	be->be_private = mi;
 
@@ -108,48 +117,115 @@
 {
 	metainfo_t	*mi = (metainfo_t *)be->be_private;
 
-	int		i, rc;
+	int		i,
+			not_always = 0,
+			not_always_anon_proxyauthz = 0,
+			not_always_anon_non_prescriptive = 0,
+			rc;
 
+	if ( mi->mi_ntargets == 0 ) {
+		Debug( LDAP_DEBUG_ANY,
+			"meta_back_db_open: no targets defined\n",
+			0, 0, 0 );
+		return 1;
+	}
+
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
-		if ( mi->mi_targets[ i ].mt_flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER )
-		{
-			mi->mi_targets[ i ].mt_flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
-			rc = slap_discover_feature( mi->mi_targets[ i ].mt_uri,
-					mi->mi_targets[ i ].mt_version,
+		metatarget_t	*mt = mi->mi_targets[ i ];
+
+		if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
+			rc = slap_discover_feature( mt->mt_uri, mt->mt_version,
 					slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
 					LDAP_FEATURE_ABSOLUTE_FILTERS );
 			if ( rc == LDAP_COMPARE_TRUE ) {
-				mi->mi_targets[ i ].mt_flags |= LDAP_BACK_F_SUPPORT_T_F;
+				mt->mt_flags |= LDAP_BACK_F_T_F;
 			}
 		}
+
+		if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
+			rc = slap_discover_feature( mt->mt_uri, mt->mt_version,
+					slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+					LDAP_EXOP_CANCEL );
+			if ( rc == LDAP_COMPARE_TRUE ) {
+				mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
+			}
+		}
+
+		if ( not_always == 0 ) {
+			if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
+				|| mt->mt_idassert_authz != NULL )
+			{
+				not_always = 1;
+			}
+		}
+
+		if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
+			&& !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+		{
+			Debug( LDAP_DEBUG_ANY, "meta_back_db_open(%s): "
+				"target #%d inconsistent idassert configuration "
+				"(likely authz=\"*\" used with \"non-prescriptive\" flag)\n",
+				be->be_suffix[ 0 ].bv_val, i, 0 );
+			return 1;
+		}
+
+		if ( not_always_anon_proxyauthz == 0 ) {
+			if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+			{
+				not_always_anon_proxyauthz = 1;
+			}
+		}
+
+		if ( not_always_anon_non_prescriptive == 0 ) {
+			if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+			{
+				not_always_anon_non_prescriptive = 1;
+			}
+		}
 	}
 
+	if ( not_always == 0 ) {
+		mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ALWAYS;
+	}
+
+	if ( not_always_anon_proxyauthz == 0 ) {
+		mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ANON;
+
+	} else if ( not_always_anon_non_prescriptive == 0 ) {
+		mi->mi_flags |= META_BACK_F_PROXYAUTHZ_NOANON;
+	}
+
 	return 0;
 }
 
+/*
+ * meta_back_conn_free()
+ *
+ * actually frees a connection; the reference count must be 0,
+ * and it must not (or no longer) be in the cache.
+ */
 void
 meta_back_conn_free( 
 	void 		*v_mc )
 {
 	metaconn_t		*mc = v_mc;
-	int			i, ntargets;
+	int			ntargets;
 
 	assert( mc != NULL );
 	assert( mc->mc_refcnt == 0 );
 
+	/* at least one must be present... */
+	ntargets = mc->mc_info->mi_ntargets;
+	assert( ntargets > 0 );
+
+	for ( ; ntargets--; ) {
+		(void)meta_clear_one_candidate( NULL, mc, ntargets );
+	}
+
 	if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
 		free( mc->mc_local_ndn.bv_val );
 	}
 
-	assert( mc->mc_conns != NULL );
-
-	/* at least one must be present... */
-	ntargets = mc->mc_conns[ 0 ].msc_info->mi_ntargets;
-
-	for ( i = 0; i < ntargets; i++ ) {
-		(void)meta_clear_one_candidate( &mc->mc_conns[ i ] );
-	}
-
 	free( mc );
 }
 
@@ -180,6 +256,7 @@
 {
 	if ( mt->mt_uri ) {
 		free( mt->mt_uri );
+		ldap_pvt_thread_mutex_destroy( &mt->mt_uri_mutex );
 	}
 	if ( mt->mt_subtree_exclude ) {
 		ber_bvarray_free( mt->mt_subtree_exclude );
@@ -196,12 +273,27 @@
 	if ( !BER_BVISNULL( &mt->mt_bindpw ) ) {
 		free( mt->mt_bindpw.bv_val );
 	}
-	if ( !BER_BVISNULL( &mt->mt_pseudorootdn ) ) {
-		free( mt->mt_pseudorootdn.bv_val );
+	if ( !BER_BVISNULL( &mt->mt_idassert_authcID ) ) {
+		ch_free( mt->mt_idassert_authcID.bv_val );
 	}
-	if ( !BER_BVISNULL( &mt->mt_pseudorootpw ) ) {
-		free( mt->mt_pseudorootpw.bv_val );
+	if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
+		ch_free( mt->mt_idassert_authcDN.bv_val );
 	}
+	if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+		ch_free( mt->mt_idassert_passwd.bv_val );
+	}
+	if ( !BER_BVISNULL( &mt->mt_idassert_authzID ) ) {
+		ch_free( mt->mt_idassert_authzID.bv_val );
+	}
+	if ( !BER_BVISNULL( &mt->mt_idassert_sasl_mech ) ) {
+		ch_free( mt->mt_idassert_sasl_mech.bv_val );
+	}
+	if ( !BER_BVISNULL( &mt->mt_idassert_sasl_realm ) ) {
+		ch_free( mt->mt_idassert_sasl_realm.bv_val );
+	}
+	if ( mt->mt_idassert_authz != NULL ) {
+		ber_bvarray_free( mt->mt_idassert_authz );
+	}
 	if ( mt->mt_rwmap.rwm_rw ) {
 		rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
 	}
@@ -209,6 +301,8 @@
 	avl_free( mt->mt_rwmap.rwm_oc.map, mapping_free );
 	avl_free( mt->mt_rwmap.rwm_at.remap, mapping_dst_free );
 	avl_free( mt->mt_rwmap.rwm_at.map, mapping_free );
+
+	free( mt );
 }
 
 int
@@ -230,14 +324,33 @@
 		if ( mi->mi_conninfo.lai_tree ) {
 			avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
 		}
+		for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+			while ( !LDAP_TAILQ_EMPTY( &mi->mi_conn_priv[ i ].mic_priv ) ) {
+				metaconn_t	*mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ i ].mic_priv );
 
+				LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ i ].mic_priv, mc, mc_q );
+				meta_back_conn_free( mc );
+			}
+		}
+
 		/*
 		 * Destroy the per-target stuff (assuming there's at
 		 * least one ...)
 		 */
 		if ( mi->mi_targets != NULL ) {
 			for ( i = 0; i < mi->mi_ntargets; i++ ) {
-				target_free( &mi->mi_targets[ i ] );
+				metatarget_t	*mt = mi->mi_targets[ i ];
+
+				if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+					if ( mt->mt_quarantine.ri_num != mi->mi_quarantine.ri_num )
+					{
+						slap_retry_info_destroy( &mt->mt_quarantine );
+					}
+
+					ldap_pvt_thread_mutex_destroy( &mt->mt_quarantine_mutex );
+				}
+
+				target_free( mt );
 			}
 
 			free( mi->mi_targets );
@@ -257,6 +370,10 @@
 		if ( mi->mi_candidates != NULL ) {
 			ber_memfree_x( mi->mi_candidates, NULL );
 		}
+
+		if ( META_BACK_QUARANTINE( mi ) ) {
+			slap_retry_info_destroy( &mi->mi_quarantine );
+		}
 	}
 
 	free( be->be_private );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/map.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/map.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* map.c - ldap backend mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.11 2006/01/03 22:16:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.14 2007/02/26 19:40:12 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -90,19 +90,19 @@
 	assert( m != NULL );
 
 	*m = NULL;
-	
+
 	mapping = (struct ldapmapping *)ch_calloc( 2, 
 			sizeof( struct ldapmapping ) );
 	if ( mapping == NULL ) {
 		return;
 	}
 
-	ber_str2bv( "objectclass", sizeof("objectclass")-1, 1, &mapping->src);
-	ber_dupbv( &mapping->dst, &mapping->src );
-	mapping[1].src = mapping->src;
-	mapping[1].dst = mapping->dst;
+	ber_str2bv( "objectclass", STRLENOF("objectclass"), 1, &mapping[0].src);
+	ber_dupbv( &mapping[0].dst, &mapping[0].src );
+	mapping[1].src = mapping[0].src;
+	mapping[1].dst = mapping[0].dst;
 
-	avl_insert( &lm->map, (caddr_t)mapping, 
+	avl_insert( &lm->map, (caddr_t)&mapping[0], 
 			mapping_cmp, mapping_dup );
 	avl_insert( &lm->remap, (caddr_t)&mapping[1], 
 			mapping_cmp, mapping_dup );
@@ -120,6 +120,7 @@
 
 	if ( remap == BACKLDAP_REMAP ) {
 		tree = map->remap;
+
 	} else {
 		tree = map->map;
 	}
@@ -139,6 +140,13 @@
 {
 	struct ldapmapping *mapping;
 
+	/* map->map may be NULL when mapping is configured,
+	 * but map->remap can't */
+	if ( map->remap == NULL ) {
+		*bv = *s;
+		return;
+	}
+
 	BER_BVZERO( bv );
 	( void )ldap_back_mapping( map, s, &mapping, remap );
 	if ( mapping != NULL ) {
@@ -297,6 +305,9 @@
 			ber_bvnone = BER_BVC( "(?=none)" );
 	ber_len_t	len;
 
+	assert( fstr != NULL );
+	BER_BVZERO( fstr );
+
 	if ( f == NULL ) {
 		ber_dupbv( fstr, &ber_bvnone );
 		return LDAP_OTHER;
@@ -315,7 +326,7 @@
 		fstr->bv_val = malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ber_memfree( vtmp.bv_val );
 		break;
@@ -332,7 +343,7 @@
 		fstr->bv_val = malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ber_memfree( vtmp.bv_val );
 		break;
@@ -349,7 +360,7 @@
 		fstr->bv_val = malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ber_memfree( vtmp.bv_val );
 		break;
@@ -366,7 +377,7 @@
 		fstr->bv_val = malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ber_memfree( vtmp.bv_val );
 		break;
@@ -396,7 +407,7 @@
 
 			snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
 				/* "(attr=" */ "%s*)",
-				vtmp.bv_val );
+				vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ber_memfree( vtmp.bv_val );
 		}
@@ -411,7 +422,7 @@
 
 				snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
 					/* "(attr=[init]*[any*]" */ "%s*)",
-					vtmp.bv_val );
+					vtmp.bv_len ? vtmp.bv_val : "" );
 				ber_memfree( vtmp.bv_val );
 			}
 		}
@@ -426,7 +437,7 @@
 
 			snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
 				/* "(attr=[init*][any*]" */ "%s)",
-				vtmp.bv_val );
+				vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ber_memfree( vtmp.bv_val );
 		}
@@ -471,7 +482,7 @@
 			fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
 
 			snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, 
-				/*"("*/ "%s)", vtmp.bv_val );
+				/*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ch_free( vtmp.bv_val );
 		}
@@ -503,7 +514,7 @@
 			f->f_mr_dnattrs ? ":dn" : "",
 			!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
 			!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
-			vtmp.bv_val );
+			vtmp.bv_len ? vtmp.bv_val : "" );
 		ber_memfree( vtmp.bv_val );
 		break;
 
@@ -513,7 +524,7 @@
 		/* FIXME: treat UNDEFINED as FALSE */
 		case SLAPD_COMPARE_UNDEFINED:
 computed:;
-			if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
+			if ( META_BACK_TGT_T_F( dc->target ) ) {
 				tmp = &ber_bvtf_false;
 				break;
 			}
@@ -521,7 +532,7 @@
 			break;
 
 		case LDAP_COMPARE_TRUE:
-			if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
+			if ( META_BACK_TGT_T_F( dc->target ) ) {
 				tmp = &ber_bvtf_true;
 				break;
 			}

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modify.c,v 1.29.2.13 2006/04/04 22:55:21 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modify.c,v 1.29.2.16 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -35,9 +35,9 @@
 meta_back_modify( Operation *op, SlapReply *rs )
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t	*mt;
 	metaconn_t	*mc;
 	int		rc = 0;
-	int		maperr = 1;
 	LDAPMod		**modv = NULL;
 	LDAPMod		*mods = NULL;
 	Modifications	*ml;
@@ -48,6 +48,7 @@
 	dncookie	dc;
 	int		msgid;
 	int		do_retry = 1;
+	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
 	if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
@@ -59,13 +60,14 @@
 	/*
 	 * Rewrite the modify dn, if needed
 	 */
-	dc.target = &mi->mi_targets[ candidate ];
+	mt = mi->mi_targets[ candidate ];
+	dc.target = mt;
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 	dc.ctx = "modifyDN";
 
 	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
-		maperr = 0;
+		send_ldap_result( op, rs );
 		goto cleanup;
 	}
 
@@ -74,14 +76,14 @@
 
 	mods = ch_malloc( sizeof( LDAPMod )*i );
 	if ( mods == NULL ) {
-		rs->sr_err = LDAP_NO_MEMORY;
-		maperr = 0;
+		rs->sr_err = LDAP_OTHER;
+		send_ldap_result( op, rs );
 		goto cleanup;
 	}
 	modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
 	if ( modv == NULL ) {
-		rs->sr_err = LDAP_NO_MEMORY;
-		maperr = 0;
+		rs->sr_err = LDAP_OTHER;
+		send_ldap_result( op, rs );
 		goto cleanup;
 	}
 
@@ -102,7 +104,7 @@
 			mapped = ml->sml_desc->ad_cname;
 
 		} else {
-			ldap_back_map( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
+			ldap_back_map( &mt->mt_rwmap.rwm_at,
 					&ml->sml_desc->ad_cname, &mapped,
 					BACKLDAP_MAP );
 			if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
@@ -129,11 +131,11 @@
 				for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
 					struct ldapmapping	*mapping;
 
-					ldap_back_mapping( &mi->mi_targets[ candidate ].mt_rwmap.rwm_oc,
+					ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
 							&ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
 
 					if ( mapping == NULL ) {
-						if ( mi->mi_targets[ candidate ].mt_rwmap.rwm_oc.drop_missing ) {
+						if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
 							continue;
 						}
 						mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
@@ -175,66 +177,30 @@
 	modv[ i ] = 0;
 
 retry:;
+	ctrls = op->o_ctrls;
+	rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+	if ( rc != LDAP_SUCCESS ) {
+		send_ldap_result( op, rs );
+		goto cleanup;
+	}
+
 	rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
-			modv, op->o_ctrls, NULL, &msgid );
+			modv, ctrls, NULL, &msgid );
+	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+		mt->mt_timeout[ SLAP_OP_MODIFY ], LDAP_BACK_SENDRESULT );
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
-		goto done;
-
-	} else if ( rs->sr_err == LDAP_SUCCESS ) {
-		struct timeval	tv, *tvp = NULL;
-		LDAPMessage	*res = NULL;
-
-		if ( mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODIFY ] != 0 ) {
-			tv.tv_sec = mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODIFY ];
-			tv.tv_usec = 0;
-			tvp = &tv;
-		}
-
-		rs->sr_err = LDAP_OTHER;
-		rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
-			msgid, LDAP_MSG_ALL, tvp, &res );
-		switch ( rc ) {
-		case -1:
-			maperr = 0;
-			break;
-
-		case 0:
-			ldap_abandon_ext( mc->mc_conns[ candidate ].msc_ld,
-				msgid, NULL, NULL );
-			rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
-				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR;
-			maperr = 0;
-			break;
-
-		case LDAP_RES_MODIFY:
-			rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld,
-				res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-			if ( rc != LDAP_SUCCESS ) {
-				rs->sr_err = rc;
-			}
-			maperr = 1;
-			break;
-
-		default:
-			maperr = 0;
-			ldap_msgfree( res );
-			break;
-		}
 	}
 
 cleanup:;
-	if ( maperr ) {
-		rc = meta_back_op_result( mc, op, rs, candidate );
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 
-	} else {
-		send_ldap_result( op, rs );
-	}
-
-done:;
 	if ( mdn.bv_val != op->o_req_dn.bv_val ) {
 		free( mdn.bv_val );
 		BER_BVZERO( &mdn );
@@ -248,7 +214,7 @@
 	free( modv );
 
 	if ( mc ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	return rs->sr_err;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modrdn.c,v 1.19.2.13 2006/05/09 20:00:37 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modrdn.c,v 1.19.2.16 2007/01/13 11:19:07 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -35,6 +35,7 @@
 meta_back_modrdn( Operation *op, SlapReply *rs )
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t	*mt;
 	metaconn_t	*mc;
 	int		candidate = -1;
 	struct berval	mdn = BER_BVNULL,
@@ -42,7 +43,7 @@
 	dncookie	dc;
 	int		msgid;
 	int		do_retry = 1;
-	int		maperr = 1;
+	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
 	if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
@@ -51,6 +52,8 @@
 
 	assert( mc->mc_conns[ candidate ].msc_ld != NULL );
 
+	mt = mi->mi_targets[ candidate ];
+	dc.target = mt;
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 
@@ -76,7 +79,7 @@
 		 */
 
 		/* needs LDAPv3 */
-		switch ( mi->mi_targets[ candidate ].mt_version ) {
+		switch ( mt->mt_version ) {
 		case LDAP_VERSION3:
 			break;
 
@@ -90,18 +93,17 @@
 			/* op->o_protocol cannot be anything but LDAPv3,
 			 * otherwise wouldn't be here */
 			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-			maperr = 0;
+			send_ldap_result( op, rs );
 			goto cleanup;
 		}
 		
 		/*
 		 * Rewrite the new superior, if defined and required
 	 	 */
-		dc.target = &mi->mi_targets[ candidate ];
 		dc.ctx = "newSuperiorDN";
 		if ( ldap_back_dn_massage( &dc, op->orr_newSup, &mnewSuperior ) ) {
 			rs->sr_err = LDAP_OTHER;
-			maperr = 0;
+			send_ldap_result( op, rs );
 			goto cleanup;
 		}
 	}
@@ -109,76 +111,40 @@
 	/*
 	 * Rewrite the modrdn dn, if required
 	 */
-	dc.target = &mi->mi_targets[ candidate ];
 	dc.ctx = "modrDN";
 	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
 		rs->sr_err = LDAP_OTHER;
-		maperr = 0;
+		send_ldap_result( op, rs );
 		goto cleanup;
 	}
 
 retry:;
+	ctrls = op->o_ctrls;
+	if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+	{
+		send_ldap_result( op, rs );
+		goto cleanup;
+	}
+
 	rs->sr_err = ldap_rename( mc->mc_conns[ candidate ].msc_ld,
 			mdn.bv_val, op->orr_newrdn.bv_val,
 			mnewSuperior.bv_val, op->orr_deleteoldrdn,
-			op->o_ctrls, NULL, &msgid );
+			ctrls, NULL, &msgid );
+	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+		mt->mt_timeout[ SLAP_OP_MODRDN ], LDAP_BACK_SENDRESULT );
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
-		goto done;
-
-	} else if ( rs->sr_err == LDAP_SUCCESS ) {
-		struct timeval	tv, *tvp = NULL;
-		LDAPMessage	*res = NULL;
-		int		rc;
-
-		if ( mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODRDN ] != 0 ) {
-			tv.tv_sec = mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODRDN ];
-			tv.tv_usec = 0;
-			tvp = &tv;
-		}
-
-		rs->sr_err = LDAP_OTHER;
-		rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
-			msgid, LDAP_MSG_ALL, tvp, &res );
-		maperr = 0;
-		switch ( rc ) {
-		case -1:
-			break;
-
-		case 0:
-			ldap_abandon_ext( mc->mc_conns[ candidate ].msc_ld,
-				msgid, NULL, NULL );
-			rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
-				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR;
-			break;
-
-		case LDAP_RES_RENAME:
-			rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld,
-				res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-			if ( rc != LDAP_SUCCESS ) {
-				rs->sr_err = rc;
-			}
-			maperr = 1;
-			break;
-
-		default:
-			ldap_msgfree( res );
-			break;
-		}
 	}
 
 cleanup:;
-	if ( maperr ) {
-		meta_back_op_result( mc, op, rs, candidate );
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 
-	} else {
-		send_ldap_result( op, rs );
-	}
-
-done:;
 	if ( mdn.bv_val != op->o_req_dn.bv_val ) {
 		free( mdn.bv_val );
 		BER_BVZERO( &mdn );
@@ -192,7 +158,7 @@
 	}
 
 	if ( mc ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	return rs->sr_err;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/proto-meta.h,v 1.2.2.4 2006/01/03 22:16:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/proto-meta.h,v 1.2.2.5 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.84.2.25 2006/10/14 07:31:09 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.84.2.32 2007/03/14 00:07:56 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -28,6 +28,7 @@
 #include <ac/string.h>
 #include <ac/time.h>
 
+#include "lutil.h"
 #include "slap.h"
 #include "../back-ldap/back-ldap.h"
 #include "back-meta.h"
@@ -35,6 +36,13 @@
 #include "ldap_log.h"
 #include "../../../libraries/libldap/ldap-int.h"
 
+/* IGNORE means that target does not (no longer) participate
+ * in the search;
+ * NOTREADY means the search on that target has not been initialized yet
+ */
+#define	META_MSGID_IGNORE	(-1)
+#define	META_MSGID_NEED_BIND	(-2)
+
 static int
 meta_send_entry(
 	Operation 	*op,
@@ -44,50 +52,395 @@
 	LDAPMessage 	*e );
 
 typedef enum meta_search_candidate_t {
+	META_SEARCH_UNDEFINED = -2,
 	META_SEARCH_ERR = -1,
 	META_SEARCH_NOT_CANDIDATE,
-	META_SEARCH_CANDIDATE
+	META_SEARCH_CANDIDATE,
+	META_SEARCH_BINDING,
+	META_SEARCH_NEED_BIND
 } meta_search_candidate_t;
 
+/*
+ * meta_search_dobind_init()
+ *
+ * initiates bind for a candidate target of a search.
+ */
 static meta_search_candidate_t
+meta_search_dobind_init(
+	Operation		*op,
+	SlapReply		*rs,
+	metaconn_t		**mcp,
+	int			candidate,
+	SlapReply		*candidates )
+{
+	metaconn_t		*mc = *mcp;
+	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+
+	struct berval		binddn = msc->msc_bound_ndn,
+				cred = msc->msc_cred;
+	int			method;
+
+	int			rc;
+
+	meta_search_candidate_t	retcode;
+
+	Debug( LDAP_DEBUG_TRACE, "%s >>> meta_search_dobind_init[%d]\n",
+		op->o_log_prefix, candidate, 0 );
+
+	/*
+	 * all the targets are already bound as pseudoroot
+	 */
+	if ( mc->mc_authz_target == META_BOUND_ALL ) {
+		return META_SEARCH_CANDIDATE;
+	}
+
+	retcode = META_SEARCH_BINDING;
+	ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+	if ( LDAP_BACK_CONN_ISBOUND( msc ) || LDAP_BACK_CONN_ISANON( msc ) ) {
+		/* already bound (or anonymous) */
+
+#ifdef DEBUG_205
+		char	buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+		int	bound = 0;
+
+		if ( LDAP_BACK_CONN_ISBOUND( msc ) ) {
+			bound = 1;
+		}
+
+		snprintf( buf, sizeof( buf ), " mc=%p ld=%p%s DN=\"%s\"",
+			(void *)mc, (void *)msc->msc_ld,
+			bound ? " bound" : " anonymous",
+			bound == 0 ? "" : msc->msc_bound_ndn.bv_val );
+		Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+			op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+		retcode = META_SEARCH_CANDIDATE;
+
+	} else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) ) {
+		/* another thread is binding the target for this conn; wait */
+
+#ifdef DEBUG_205
+		char	buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+		snprintf( buf, sizeof( buf ), " mc=%p ld=%p needbind",
+			(void *)mc, (void *)msc->msc_ld );
+		Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+			op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+		candidates[ candidate ].sr_msgid = META_MSGID_NEED_BIND;
+		retcode = META_SEARCH_NEED_BIND;
+
+	} else {
+		/* we'll need to bind the target for this conn */
+
+#ifdef DEBUG_205
+		char buf[ SLAP_TEXT_BUFLEN ];
+
+		snprintf( buf, sizeof( buf ), " mc=%p ld=%p binding",
+			(void *)mc, (void *)msc->msc_ld );
+		Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+			op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+		if ( msc->msc_ld == NULL ) {
+			/* for some reason (e.g. because formerly in "binding"
+			 * state, with eventual connection expiration or invalidation)
+			 * it was not initialized as expected */
+
+			Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p ld=NULL\n",
+				op->o_log_prefix, candidate, (void *)mc );
+
+			rc = meta_back_init_one_conn( op, rs, *mcp, candidate,
+				LDAP_BACK_CONN_ISPRIV( *mcp ), LDAP_BACK_DONTSEND, 0 );
+			switch ( rc ) {
+			case LDAP_SUCCESS:
+				assert( msc->msc_ld != NULL );
+				break;
+
+			case LDAP_SERVER_DOWN:
+			case LDAP_UNAVAILABLE:
+				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+				goto down;
+	
+			default:
+				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+				goto other;
+			}
+		}
+
+		LDAP_BACK_CONN_BINDING_SET( msc );
+	}
+
+	ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+	if ( retcode != META_SEARCH_BINDING ) {
+		return retcode;
+	}
+
+	/* NOTE: this obsoletes pseudorootdn */
+	if ( op->o_conn != NULL &&
+		!op->o_do_not_cache &&
+		( BER_BVISNULL( &msc->msc_bound_ndn ) ||
+			BER_BVISEMPTY( &msc->msc_bound_ndn ) ||
+			( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
+	{
+		rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, LDAP_BACK_DONTSEND, &binddn, &cred, &method );
+		if ( rc != LDAP_SUCCESS ) {
+			goto down;
+		}
+
+		/* NOTE: we copy things here, even if bind didn't succeed yet,
+		 * because the connection is not shared until bind is over */
+		if ( !BER_BVISNULL( &binddn ) ) {
+			ber_bvreplace( &msc->msc_bound_ndn, &binddn );
+			if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &cred ) ) {
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+					memset( msc->msc_cred.bv_val, 0,
+						msc->msc_cred.bv_len );
+				}
+				ber_bvreplace( &msc->msc_cred, &cred );
+			}
+		}
+
+		if ( LDAP_BACK_CONN_ISBOUND( msc ) ) {
+			/* apparently, idassert was configured with SASL bind,
+			 * so bind occurred inside meta_back_proxy_authz_cred() */
+			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+			LDAP_BACK_CONN_BINDING_CLEAR( msc );
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+			return META_SEARCH_CANDIDATE;
+		}
+
+		/* paranoid */
+		switch ( method ) {
+		case LDAP_AUTH_NONE:
+		case LDAP_AUTH_SIMPLE:
+			/* do a simple bind with binddn, cred */
+			break;
+
+		default:
+			assert( 0 );
+			break;
+		}
+	}
+
+	assert( msc->msc_ld != NULL );
+
+retry:;
+	rc = ldap_sasl_bind( msc->msc_ld, binddn.bv_val, LDAP_SASL_SIMPLE, &cred,
+			NULL, NULL, &candidates[ candidate ].sr_msgid );
+
+#ifdef DEBUG_205
+	{
+		char buf[ SLAP_TEXT_BUFLEN ];
+
+		snprintf( buf, sizeof( buf ), "meta_search_dobind_init[%d] mc=%p ld=%p rc=%d",
+			candidate, (void *)mc, (void *)mc->mc_conns[ candidate ].msc_ld, rc );
+		Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+			op->o_log_prefix, buf, 0 );
+	}
+#endif /* DEBUG_205 */
+
+	switch ( rc ) {
+	case LDAP_SUCCESS:
+		assert( candidates[ candidate ].sr_msgid >= 0 );
+		META_BINDING_SET( &candidates[ candidate ] );
+		return META_SEARCH_BINDING;
+
+	case LDAP_SERVER_DOWN:
+down:;
+		/* This is the worst thing that could happen:
+		 * the search will wait until the retry is over. */
+		if ( !META_IS_RETRYING( &candidates[ candidate ] ) ) {
+			META_RETRYING_SET( &candidates[ candidate ] );
+
+			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+			assert( mc->mc_refcnt > 0 );
+			if ( StatslogTest( LDAP_DEBUG_ANY ) ) {
+				char	buf[ SLAP_TEXT_BUFLEN ];
+
+				/* this lock is required; however,
+				 * it's invoked only when logging is on */
+				ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+				snprintf( buf, sizeof( buf ),
+					"retrying URI=\"%s\" DN=\"%s\"",
+					mt->mt_uri,
+					BER_BVISNULL( &msc->msc_bound_ndn ) ?
+						"" : msc->msc_bound_ndn.bv_val );
+				ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
+
+				Debug( LDAP_DEBUG_ANY,
+					"%s meta_search_dobind_init[%d]: %s.\n",
+					op->o_log_prefix, candidate, buf );
+			}
+
+			meta_clear_one_candidate( op, mc, candidate );
+			LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+
+			( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
+
+			/* mc here must be the regular mc, reset and ready for init */
+			rc = meta_back_init_one_conn( op, rs, mc, candidate,
+				LDAP_BACK_CONN_ISPRIV( mc ), LDAP_BACK_DONTSEND, 0 );
+
+			if ( rc == LDAP_SUCCESS ) {
+				LDAP_BACK_CONN_BINDING_SET( msc );
+			}
+
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+			if ( rc == LDAP_SUCCESS ) {
+				candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+				goto retry;
+			}
+		}
+
+		if ( *mcp == NULL ) {
+			retcode = META_SEARCH_ERR;
+			rs->sr_err = LDAP_UNAVAILABLE;
+			candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+			break;
+		}
+		/* fall thru */
+
+	default:
+other:;
+		rs->sr_err = rc;
+		rc = slap_map_api2result( rs );
+
+		ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+		meta_clear_one_candidate( op, mc, candidate );
+		candidates[ candidate ].sr_err = rc;
+		if ( META_BACK_ONERR_STOP( mi ) ) {
+			LDAP_BACK_CONN_TAINTED_SET( mc );
+			meta_back_release_conn_lock( mi, mc, 0 );
+			*mcp = NULL;
+			rs->sr_err = rc;
+
+			retcode = META_SEARCH_ERR;
+
+		} else {
+			retcode = META_SEARCH_NOT_CANDIDATE;
+		}
+		candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+		ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+		break;
+	}
+
+	return retcode;
+}
+
+static meta_search_candidate_t
+meta_search_dobind_result(
+	Operation		*op,
+	SlapReply		*rs,
+	metaconn_t		**mcp,
+	int			candidate,
+	SlapReply		*candidates,
+	LDAPMessage		*res )
+{
+	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metaconn_t		*mc = *mcp;
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+
+	meta_search_candidate_t	retcode = META_SEARCH_NOT_CANDIDATE;
+	int			rc;
+
+	assert( msc->msc_ld != NULL );
+
+	/* FIXME: matched? referrals? response controls? */
+	rc = ldap_parse_result( msc->msc_ld, res,
+		&candidates[ candidate ].sr_err,
+		NULL, NULL, NULL, NULL, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		candidates[ candidate ].sr_err = rc;
+
+	} else {
+		rc = slap_map_api2result( &candidates[ candidate ] );
+	}
+
+	ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+	LDAP_BACK_CONN_BINDING_CLEAR( msc );
+	if ( rc != LDAP_SUCCESS ) {
+		meta_clear_one_candidate( op, mc, candidate );
+		candidates[ candidate ].sr_err = rc;
+		if ( META_BACK_ONERR_STOP( mi ) ) {
+	        	LDAP_BACK_CONN_TAINTED_SET( mc );
+			meta_back_release_conn_lock( mi, mc, 0 );
+			*mcp = NULL;
+			retcode = META_SEARCH_ERR;
+			rs->sr_err = rc;
+		}
+
+	} else {
+		/* FIXME: check if bound as idassert authcDN! */
+		if ( BER_BVISNULL( &msc->msc_bound_ndn )
+			|| BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+		{
+			LDAP_BACK_CONN_ISANON_SET( msc );
+
+		} else {
+			LDAP_BACK_CONN_ISBOUND_SET( msc );
+		}
+		retcode = META_SEARCH_CANDIDATE;
+	}
+
+	candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+	META_BINDING_CLEAR( &candidates[ candidate ] );
+
+	ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+	return retcode;
+}
+
+static meta_search_candidate_t
 meta_back_search_start(
 	Operation		*op,
 	SlapReply		*rs,
 	dncookie		*dc,
-	metasingleconn_t	*msc,
+	metaconn_t		**mcp,
 	int			candidate,
-	SlapReply		*candidates
-)
+	SlapReply		*candidates )
 {
-	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
-	struct berval	realbase = op->o_req_dn;
-	int		realscope = op->ors_scope;
-	ber_len_t	suffixlen = 0;
-	struct berval	mbase = BER_BVNULL; 
-	struct berval	mfilter = BER_BVNULL;
-	char		**mapped_attrs = NULL;
-	int		rc;
+	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
+	metatarget_t		*mt = mi->mi_targets[ candidate ];
+	metasingleconn_t	*msc = &(*mcp)->mc_conns[ candidate ];
+	struct berval		realbase = op->o_req_dn;
+	int			realscope = op->ors_scope;
+	struct berval		mbase = BER_BVNULL; 
+	struct berval		mfilter = BER_BVNULL;
+	char			**mapped_attrs = NULL;
+	int			rc;
 	meta_search_candidate_t	retcode;
-	struct timeval	tv, *tvp = NULL;
+	struct timeval		tv, *tvp = NULL;
+	int			nretries = 1;
+	LDAPControl		**ctrls = NULL;
 
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
-				( void * )&op->ors_deref );
+	/* this should not happen; just in case... */
+	if ( msc->msc_ld == NULL ) {
+		Debug( LDAP_DEBUG_ANY,
+			"%s: meta_back_search_start candidate=%d ld=NULL%s.\n",
+			op->o_log_prefix, candidate,
+			META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
+		candidates[ candidate ].sr_err = LDAP_OTHER;
+		if ( META_BACK_ONERR_STOP( mi ) ) {
+			return META_SEARCH_ERR;
+		}
+		candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+		return META_SEARCH_NOT_CANDIDATE;
 	}
 
-	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
-		tv.tv_sec = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
-		tvp = &tv;
-	}
+	Debug( LDAP_DEBUG_TRACE, "%s >>> meta_back_search_start[%d]\n", op->o_log_prefix, candidate, 0 );
 
-	dc->target = &mi->mi_targets[ candidate ];
-
 	/*
 	 * modifies the base according to the scope, if required
 	 */
-	suffixlen = mi->mi_targets[ candidate ].mt_nsuffix.bv_len;
-	if ( suffixlen > op->o_req_ndn.bv_len ) {
+	if ( mt->mt_nsuffix.bv_len > op->o_req_ndn.bv_len ) {
 		switch ( op->ors_scope ) {
 		case LDAP_SCOPE_SUBTREE:
 			/*
@@ -98,11 +451,9 @@
 			 * the requested searchBase already passed
 			 * thru the candidate analyzer...
 			 */
-			if ( dnIsSuffix( &mi->mi_targets[ candidate ].mt_nsuffix,
-					&op->o_req_ndn ) )
-			{
-				realbase = mi->mi_targets[ candidate ].mt_nsuffix;
-				if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+			if ( dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) ) {
+				realbase = mt->mt_nsuffix;
+				if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
 					realscope = LDAP_SCOPE_SUBORDINATE;
 				}
 
@@ -110,26 +461,27 @@
 				/*
 				 * this target is no longer candidate
 				 */
-				return META_SEARCH_NOT_CANDIDATE;
+				retcode = META_SEARCH_NOT_CANDIDATE;
+				goto doreturn;
 			}
 			break;
 
 		case LDAP_SCOPE_SUBORDINATE:
 		case LDAP_SCOPE_ONELEVEL:
 		{
-			struct berval	rdn = mi->mi_targets[ candidate ].mt_nsuffix;
+			struct berval	rdn = mt->mt_nsuffix;
 			rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
 			if ( dnIsOneLevelRDN( &rdn )
-					&& dnIsSuffix( &mi->mi_targets[ candidate ].mt_nsuffix, &op->o_req_ndn ) )
+					&& dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) )
 			{
 				/*
 				 * if there is exactly one level,
 				 * make the target suffix the new
 				 * base, and make scope "base"
 				 */
-				realbase = mi->mi_targets[ candidate ].mt_nsuffix;
+				realbase = mt->mt_nsuffix;
 				if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
-					if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+					if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
 						realscope = LDAP_SCOPE_SUBORDINATE;
 					} else {
 						realscope = LDAP_SCOPE_SUBTREE;
@@ -145,13 +497,24 @@
 			/*
 			 * this target is no longer candidate
 			 */
-			return META_SEARCH_NOT_CANDIDATE;
+			retcode = META_SEARCH_NOT_CANDIDATE;
+			goto doreturn;
 		}
 	}
 
+	/* initiate dobind */
+	retcode = meta_search_dobind_init( op, rs, mcp, candidate, candidates );
+
+	Debug( LDAP_DEBUG_TRACE, "%s <<< meta_search_dobind_init[%d]=%d\n", op->o_log_prefix, candidate, retcode );
+
+	if ( retcode != META_SEARCH_CANDIDATE ) {
+		goto doreturn;
+	}
+
 	/*
 	 * Rewrite the search base, if required
 	 */
+	dc->target = mt;
 	dc->ctx = "searchBase";
 	switch ( ldap_back_dn_massage( dc, &realbase, &mbase ) ) {
 	case LDAP_SUCCESS:
@@ -161,14 +524,16 @@
 		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 		rs->sr_text = "Operation not allowed";
 		send_ldap_result( op, rs );
-		return META_SEARCH_ERR;
+		retcode = META_SEARCH_ERR;
+		goto doreturn;
 
 	default:
 
 		/*
 		 * this target is no longer candidate
 		 */
-		return META_SEARCH_NOT_CANDIDATE;
+		retcode = META_SEARCH_NOT_CANDIDATE;
+		goto doreturn;
 	}
 
 	/*
@@ -192,7 +557,7 @@
 	/*
 	 * Maps required attributes
 	 */
-	rc = ldap_back_map_attrs( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
+	rc = ldap_back_map_attrs( &mt->mt_rwmap.rwm_at,
 			op->ors_attrs, BACKLDAP_MAP, &mapped_attrs );
 	if ( rc != LDAP_SUCCESS ) {
 		/*
@@ -202,23 +567,67 @@
 		goto done;
 	}
 
+	/* should we check return values? */
+	if ( op->ors_deref != -1 ) {
+		assert( msc->msc_ld != NULL );
+		(void)ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
+				( void * )&op->ors_deref );
+	}
+
+	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+		tv.tv_sec = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
+		tv.tv_usec = 0;
+		tvp = &tv;
+	}
+
+retry:;
+	ctrls = op->o_ctrls;
+	if ( ldap_back_proxy_authz_ctrl( &msc->msc_bound_ndn,
+		mt->mt_version, &mt->mt_idassert, op, rs, &ctrls )
+		!= LDAP_SUCCESS )
+	{
+		candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+		retcode = META_SEARCH_NOT_CANDIDATE;
+		goto done;
+	}
+
 	/*
 	 * Starts the search
 	 */
+	assert( msc->msc_ld != NULL );
 	rc = ldap_search_ext( msc->msc_ld,
 			mbase.bv_val, realscope, mfilter.bv_val,
 			mapped_attrs, op->ors_attrsonly,
-			op->o_ctrls, NULL, tvp, op->ors_slimit,
+			ctrls, NULL, tvp, op->ors_slimit,
 			&candidates[ candidate ].sr_msgid ); 
-	if ( rc == LDAP_SUCCESS ) {
+	switch ( rc ) {
+	case LDAP_SUCCESS:
 		retcode = META_SEARCH_CANDIDATE;
+		break;
+	
+	case LDAP_SERVER_DOWN:
+		if ( nretries && meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) {
+			nretries = 0;
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+			goto retry;
+		}
 
-	} else {
-		candidates[ candidate ].sr_msgid = -1;
+		if ( *mcp == NULL ) {
+			retcode = META_SEARCH_ERR;
+			candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+			break;
+		}
+		/* fall thru */
+
+	default:
+		candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
 		retcode = META_SEARCH_NOT_CANDIDATE;
 	}
 
 done:;
+	(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+
 	if ( mapped_attrs ) {
 		free( mapped_attrs );
 	}
@@ -229,6 +638,9 @@
 		free( mbase.bv_val );
 	}
 
+doreturn:;
+	Debug( LDAP_DEBUG_TRACE, "%s <<< meta_back_search_start[%d]=%d\n", op->o_log_prefix, candidate, retcode );
+
 	return retcode;
 }
 
@@ -237,13 +649,17 @@
 {
 	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
 	metaconn_t	*mc;
-	struct timeval	tv = { 0, 0 };
-	time_t		stoptime = (time_t)-1;
-	LDAPMessage	*res = NULL, *e;
+	struct timeval	save_tv = { 0, 0 },
+			tv;
+	time_t		stoptime = (time_t)(-1),
+			lastres_time = slap_get_time(),
+			timeout = 0;
 	int		rc = 0, sres = LDAP_SUCCESS;
 	char		*matched = NULL;
 	int		last = 0, ncandidates = 0,
-			initial_candidates = 0, candidate_match = 0;
+			initial_candidates = 0, candidate_match = 0,
+			needbind = 0;
+	ldap_back_send_t	sendok = LDAP_BACK_SENDERR;
 	long		i;
 	dncookie	dc;
 	int		is_ok = 0;
@@ -256,8 +672,9 @@
 	 * FIXME: in case of values return filter, we might want
 	 * to map attrs and maybe rewrite value
 	 */
-	mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_SENDERR );
-	if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
+getconn:;
+	mc = meta_back_getconn( op, rs, NULL, sendok );
+	if ( !mc ) {
 		return rs->sr_err;
 	}
 
@@ -268,56 +685,125 @@
 	 * Inits searches
 	 */
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
-		metasingleconn_t	*msc = &mc->mc_conns[ i ];
+		/* reset sr_msgid; it is used in most loops
+		 * to check if that target is still to be considered */
+		candidates[ i ].sr_msgid = META_MSGID_IGNORE;
 
-		candidates[ i ].sr_msgid = -1;
+		/* a target is marked as candidate by meta_back_getconn();
+		 * if for any reason (an error, it's over or so) it is
+		 * no longer active, sr_msgid is set to META_MSGID_IGNORE
+		 * but it remains candidate, which means it has been active
+		 * at some point during the operation.  This allows to 
+		 * use its response code and more to compute the final
+		 * response */
+		if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+			continue;
+		}
+
 		candidates[ i ].sr_matched = NULL;
 		candidates[ i ].sr_text = NULL;
 		candidates[ i ].sr_ref = NULL;
 		candidates[ i ].sr_ctrls = NULL;
 
-		if ( candidates[ i ].sr_tag != META_CANDIDATE
+		/* get largest timeout among candidates */
+		if ( mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ]
+			&& mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ] > timeout )
+		{
+			timeout = mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ];
+		}
+	}
+
+	for ( i = 0; i < mi->mi_ntargets; i++ ) {
+		if ( !META_IS_CANDIDATE( &candidates[ i ] )
 			|| candidates[ i ].sr_err != LDAP_SUCCESS )
 		{
 			continue;
 		}
 
-		switch ( meta_back_search_start( op, rs, &dc, msc, i, candidates ) )
+		switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
 		{
 		case META_SEARCH_NOT_CANDIDATE:
+			candidates[ i ].sr_msgid = META_MSGID_IGNORE;
 			break;
 
+		case META_SEARCH_NEED_BIND:
+			++needbind;
+			/* fallthru */
+
 		case META_SEARCH_CANDIDATE:
+		case META_SEARCH_BINDING:
 			candidates[ i ].sr_type = REP_INTERMEDIATE;
 			++ncandidates;
 			break;
 
 		case META_SEARCH_ERR:
+			savepriv = op->o_private;
+			op->o_private = (void *)i;
+			send_ldap_result( op, rs );
+			op->o_private = savepriv;
 			rc = -1;
 			goto finish;
+
+		default:
+			assert( 0 );
+			break;
 		}
 	}
 
+	if ( ncandidates > 0 && needbind == ncandidates ) {
+		/*
+		 * give up the second time...
+		 *
+		 * NOTE: this should not occur the second time, since a fresh
+		 * connection has ben created; however, targets may also
+		 * need bind because the bind timed out or so.
+		 */
+		if ( sendok & LDAP_BACK_BINDING ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s meta_back_search: unable to initialize conn\n",
+				op->o_log_prefix, 0, 0 );
+			rs->sr_err = LDAP_UNAVAILABLE;
+			rs->sr_text = "unable to initialize connection to remote targets";
+			send_ldap_result( op, rs );
+			rc = -1;
+			goto finish;
+		}
+
+		/* FIXME: better create a separate connection? */
+		sendok |= LDAP_BACK_BINDING;
+
+#ifdef DEBUG_205
+		Debug( LDAP_DEBUG_ANY, "*** %s drop mc=%p create new connection\n",
+			op->o_log_prefix, (void *)mc, 0 );
+#endif /* DEBUG_205 */
+
+		meta_back_release_conn( mi, mc );
+		mc = NULL;
+
+		needbind = 0;
+		ncandidates = 0;
+
+		goto getconn;
+	}
+
 	initial_candidates = ncandidates;
 
-#if 0
-	{
-		char	cnd[BUFSIZ];
-		int	i;
+	if ( StatslogTest( LDAP_DEBUG_TRACE ) ) {
+		char	cnd[ SLAP_TEXT_BUFLEN ];
+		int	c;
 
-		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			if ( candidates[ i ].sr_tag == META_CANDIDATE ) {
-				cnd[ i ] = '*';
+		for ( c = 0; c < mi->mi_ntargets; c++ ) {
+			if ( META_IS_CANDIDATE( &candidates[ c ] ) ) {
+				cnd[ c ] = '*';
 			} else {
-				cnd[ i ] = ' ';
+				cnd[ c ] = ' ';
 			}
 		}
-		cnd[ i ] = '\0';
+		cnd[ c ] = '\0';
 
-		Debug( LDAP_DEBUG_ANY, "%s meta_back_search: ncandidates=%d "
+		Debug( LDAP_DEBUG_TRACE, "%s meta_back_search: ncandidates=%d "
 			"cnd=\"%s\"\n", op->o_log_prefix, ncandidates, cnd );
 	}
-#endif
 
 	if ( initial_candidates == 0 ) {
 		/* NOTE: here we are not sending any matchedDN;
@@ -337,7 +823,7 @@
 		 * maybe we should pick the worst... */
 		rc = LDAP_NO_SUCH_OBJECT;
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			if ( candidates[ i ].sr_tag == META_CANDIDATE
+			if ( META_IS_CANDIDATE( &candidates[ i ] )
 				&& candidates[ i ].sr_err != LDAP_SUCCESS )
 			{
 				rc = candidates[ i ].sr_err;
@@ -366,19 +852,149 @@
 	 * among the candidates
 	 */
 	for ( rc = 0; ncandidates > 0; ) {
-		int	gotit = 0, doabandon = 0;
+		int	gotit = 0,
+			doabandon = 0,
+			alreadybound = ncandidates;
 
+		/* check timeout */
+		if ( timeout && lastres_time > 0
+			&& ( slap_get_time() - lastres_time ) > timeout )
+		{
+			doabandon = 1;
+			rs->sr_text = "Operation timed out";
+			rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+				LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+			savepriv = op->o_private;
+			op->o_private = (void *)i;
+			send_ldap_result( op, rs );
+			op->o_private = savepriv;
+			goto finish;
+		}
+
+		/* check time limit */
+		if ( op->ors_tlimit != SLAP_NO_LIMIT
+				&& slap_get_time() > stoptime )
+		{
+			doabandon = 1;
+			rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+			savepriv = op->o_private;
+			op->o_private = (void *)i;
+			send_ldap_result( op, rs );
+			op->o_private = savepriv;
+			goto finish;
+		}
+
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
+			meta_search_candidate_t	retcode = META_SEARCH_UNDEFINED;
 			metasingleconn_t	*msc = &mc->mc_conns[ i ];
+			LDAPMessage		*res = NULL, *msg;
 
-			if ( candidates[ i ].sr_msgid == -1 ) {
+			/* if msgid is invalid, don't ldap_result() */
+			if ( candidates[ i ].sr_msgid == META_MSGID_IGNORE ) {
 				continue;
 			}
 
+			/* if target still needs bind, retry */
+			if ( candidates[ i ].sr_msgid == META_MSGID_NEED_BIND ) {
+				/* initiate dobind */
+				retcode = meta_search_dobind_init( op, rs, &mc, i, candidates );
+
+				Debug( LDAP_DEBUG_TRACE, "%s <<< meta_search_dobind_init[%ld]=%d\n",
+					op->o_log_prefix, i, retcode );
+
+				switch ( retcode ) {
+				case META_SEARCH_NEED_BIND:
+					alreadybound--;
+					/* fallthru */
+
+				case META_SEARCH_BINDING:
+					break;
+
+				case META_SEARCH_ERR:
+					candidates[ i ].sr_err = rs->sr_err;
+					if ( META_BACK_ONERR_STOP( mi ) ) {
+						savepriv = op->o_private;
+						op->o_private = (void *)i;
+						send_ldap_result( op, rs );
+						op->o_private = savepriv;
+						goto finish;
+					}
+					/* fallthru */
+
+				case META_SEARCH_NOT_CANDIDATE:
+					/*
+					 * When no candidates are left,
+					 * the outer cycle finishes
+					 */
+					candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+					assert( ncandidates > 0 );
+					--ncandidates;
+					break;
+
+				case META_SEARCH_CANDIDATE:
+					candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+					switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
+					{
+					case META_SEARCH_CANDIDATE:
+						assert( candidates[ i ].sr_msgid >= 0 );
+						break;
+
+					case META_SEARCH_ERR:
+						candidates[ i ].sr_err = rs->sr_err;
+						if ( META_BACK_ONERR_STOP( mi ) ) {
+							savepriv = op->o_private;
+							op->o_private = (void *)i;
+							send_ldap_result( op, rs );
+							op->o_private = savepriv;
+							goto finish;
+						}
+						/* fallthru */
+
+					case META_SEARCH_NOT_CANDIDATE:
+						/* means that meta_back_search_start()
+						 * failed but onerr == continue */
+						candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+						assert( ncandidates > 0 );
+						--ncandidates;
+						break;
+
+					default:
+						/* impossible */
+						assert( 0 );
+						break;
+					}
+					break;
+
+				default:
+					/* impossible */
+					assert( 0 );
+					break;
+				}
+				continue;
+			}
+
 			/* check for abandon */
-			if ( op->o_abandon ) {
+			if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
 				break;
 			}
+
+#ifdef DEBUG_205
+			if ( msc->msc_ld == NULL ) {
+				char	buf[ SLAP_TEXT_BUFLEN ];
+
+				ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+				snprintf( buf, sizeof( buf ),
+					"%s meta_back_search[%ld] mc=%p msgid=%d%s%s%s\n",
+					op->o_log_prefix, (long)i, (void *)mc,
+					candidates[ i ].sr_msgid,
+					META_IS_BINDING( &candidates[ i ] ) ? " binding" : "",
+					LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ? " connbinding" : "",
+					META_BACK_CONN_CREATING( &mc->mc_conns[ i ] ) ? " conncreating" : "" );
+				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+					
+				Debug( LDAP_DEBUG_ANY, "!!! %s\n", buf, 0, 0 );
+			}
+#endif /* DEBUG_205 */
 			
 			/*
 			 * FIXME: handle time limit as well?
@@ -387,230 +1003,235 @@
 			 * get a LDAP_TIMELIMIT_EXCEEDED from
 			 * one of them ...
 			 */
-get_result:;
+			tv = save_tv;
 			rc = ldap_result( msc->msc_ld, candidates[ i ].sr_msgid,
-					LDAP_MSG_ONE, &tv, &res );
-
-			if ( rc == 0 ) {
+					LDAP_MSG_RECEIVED, &tv, &res );
+			switch ( rc ) {
+			case 0:
 				/* FIXME: res should not need to be freed */
 				assert( res == NULL );
-
-				/* check time limit */
-				if ( op->ors_tlimit != SLAP_NO_LIMIT
-						&& slap_get_time() > stoptime )
-				{
-					doabandon = 1;
-					rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
-					savepriv = op->o_private;
-					op->o_private = (void *)i;
-					send_ldap_result( op, rs );
-					op->o_private = savepriv;
-					goto finish;
-				}
-
 				continue;
 
-			} else if ( rc == -1 ) {
+			case -1:
 really_bad:;
 				/* something REALLY bad happened! */
 				if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
 					candidates[ i ].sr_type = REP_RESULT;
 
 					if ( meta_back_retry( op, rs, &mc, i, LDAP_BACK_DONTSEND ) ) {
-						switch ( meta_back_search_start( op, rs, &dc, msc, i, candidates ) )
+						candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+						switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
 						{
+							/* means that failed but onerr == continue */
+						case META_SEARCH_NOT_CANDIDATE:
+							candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+
+							assert( ncandidates > 0 );
+							--ncandidates;
+
+							candidates[ i ].sr_err = rs->sr_err;
+							if ( META_BACK_ONERR_STOP( mi ) ) {
+								savepriv = op->o_private;
+								op->o_private = (void *)i;
+								send_ldap_result( op, rs );
+								op->o_private = savepriv;
+								goto finish;
+							}
+							/* fall thru */
+
 						case META_SEARCH_CANDIDATE:
-							goto get_result;
+							/* get back into business... */
+							continue;
 
+						case META_SEARCH_BINDING:
+						case META_SEARCH_NEED_BIND:
+						case META_SEARCH_UNDEFINED:
+							assert( 0 );
+
 						default:
+							/* unrecoverable error */
+							candidates[ i ].sr_msgid = META_MSGID_IGNORE;
 							rc = rs->sr_err = LDAP_OTHER;
 							goto finish;
 						}
 					}
 
-					savepriv = op->o_private;
-					op->o_private = (void *)i;
-					send_ldap_result( op, rs );
-					op->o_private = savepriv;
-					goto finish;
+					candidates[ i ].sr_err = rs->sr_err;
+					if ( META_BACK_ONERR_STOP( mi ) ) {
+						savepriv = op->o_private;
+						op->o_private = (void *)i;
+						send_ldap_result( op, rs );
+						op->o_private = savepriv;
+						goto finish;
+					}
 				}
 
 				/*
 				 * When no candidates are left,
 				 * the outer cycle finishes
 				 */
-				candidates[ i ].sr_msgid = -1;
+				candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+				assert( ncandidates > 0 );
 				--ncandidates;
-				rs->sr_err = candidates[ i ].sr_err = LDAP_OTHER;
-				rs->sr_text = "remote server unavailable";
+				rs->sr_err = candidates[ i ].sr_err;
+				continue;
 
-			} else if ( rc == LDAP_RES_SEARCH_ENTRY ) {
-				if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
-					/* don't retry any more... */
-					candidates[ i ].sr_type = REP_RESULT;
+			default:
+				lastres_time = slap_get_time();
+
+				/* only touch when activity actually took place... */
+				if ( mi->mi_idle_timeout != 0 && msc->msc_time < lastres_time ) {
+					msc->msc_time = lastres_time;
 				}
+				break;
+			}
 
-				is_ok++;
+			for ( msg = ldap_first_message( msc->msc_ld, res );
+				msg != NULL;
+				msg = ldap_next_message( msc->msc_ld, msg ) )
+			{
+				rc = ldap_msgtype( msg );
+				if ( rc == LDAP_RES_SEARCH_ENTRY ) {
+					LDAPMessage	*e;
 
-				e = ldap_first_entry( msc->msc_ld, res );
-				savepriv = op->o_private;
-				op->o_private = (void *)i;
-				rs->sr_err = meta_send_entry( op, rs, mc, i, e );
-				ldap_msgfree( res );
-				res = NULL;
+					if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+						/* don't retry any more... */
+						candidates[ i ].sr_type = REP_RESULT;
+					}
 
-				switch ( rs->sr_err ) {
-				case LDAP_SIZELIMIT_EXCEEDED:
+					is_ok++;
+
+					e = ldap_first_entry( msc->msc_ld, msg );
 					savepriv = op->o_private;
 					op->o_private = (void *)i;
-					send_ldap_result( op, rs );
-					op->o_private = savepriv;
-					rs->sr_err = LDAP_SUCCESS;
-					goto finish;
+					rs->sr_err = meta_send_entry( op, rs, mc, i, e );
 
-				case LDAP_UNAVAILABLE:
-					rs->sr_err = LDAP_OTHER;
-					goto finish;
-				}
-				op->o_private = savepriv;
+					switch ( rs->sr_err ) {
+					case LDAP_SIZELIMIT_EXCEEDED:
+						savepriv = op->o_private;
+						op->o_private = (void *)i;
+						send_ldap_result( op, rs );
+						op->o_private = savepriv;
+						rs->sr_err = LDAP_SUCCESS;
+						ldap_msgfree( res );
+						res = NULL;
+						goto finish;
 
-				/* don't wait any longer... */
-				gotit = 1;
-				tv.tv_sec = 0;
-				tv.tv_usec = 0;
+					case LDAP_UNAVAILABLE:
+						rs->sr_err = LDAP_OTHER;
+						ldap_msgfree( res );
+						res = NULL;
+						goto finish;
+					}
+					op->o_private = savepriv;
 
-#if 0
-				/*
-				 * If scope is BASE, we need to jump out
-				 * as soon as one entry is found; if
-				 * the target pool is properly crafted,
-				 * this should correspond to the sole
-				 * entry that has the base DN
-				 */
-				/* FIXME: this defeats the purpose of
-				 * doing a search with scope == base and
-				 * sizelimit = 1 to determine if a
-				 * candidate is actually unique */
-				if ( op->ors_scope == LDAP_SCOPE_BASE
-						&& rs->sr_nentries > 0 )
-				{
-					doabandon = 1;
-					ncandidates = 0;
-					sres = LDAP_SUCCESS;
-					break;
-				}
-#endif
+					/* don't wait any longer... */
+					gotit = 1;
+					save_tv.tv_sec = 0;
+					save_tv.tv_usec = 0;
 
-			} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
-				char		**references = NULL;
-				int		cnt;
+				} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
+					char		**references = NULL;
+					int		cnt;
 
-				if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
-					/* don't retry any more... */
-					candidates[ i ].sr_type = REP_RESULT;
-				}
+					if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+						/* don't retry any more... */
+						candidates[ i ].sr_type = REP_RESULT;
+					}
+	
+					is_ok++;
+	
+					rc = ldap_parse_reference( msc->msc_ld, msg,
+							&references, &rs->sr_ctrls, 0 );
+	
+					if ( rc != LDAP_SUCCESS ) {
+						continue;
+					}
+	
+					if ( references == NULL ) {
+						continue;
+					}
 
-				is_ok++;
-
-				rc = ldap_parse_reference( msc->msc_ld, res,
-						&references, &rs->sr_ctrls, 1 );
-				res = NULL;
-
-				if ( rc != LDAP_SUCCESS ) {
-					continue;
-				}
-
-				if ( references == NULL ) {
-					continue;
-				}
-
 #ifdef ENABLE_REWRITE
-				dc.ctx = "referralDN";
+					dc.ctx = "referralDN";
 #else /* ! ENABLE_REWRITE */
-				dc.tofrom = 0;
-				dc.normalized = 0;
+					dc.tofrom = 0;
+					dc.normalized = 0;
 #endif /* ! ENABLE_REWRITE */
 
-				/* FIXME: merge all and return at the end */
+					/* FIXME: merge all and return at the end */
+	
+					for ( cnt = 0; references[ cnt ]; cnt++ )
+						;
+	
+					rs->sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+	
+					for ( cnt = 0; references[ cnt ]; cnt++ ) {
+						ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
+					}
+					BER_BVZERO( &rs->sr_ref[ cnt ] );
+	
+					( void )ldap_back_referral_result_rewrite( &dc, rs->sr_ref );
 
-				for ( cnt = 0; references[ cnt ]; cnt++ )
-					;
+					if ( rs->sr_ref != NULL && !BER_BVISNULL( &rs->sr_ref[ 0 ] ) ) {
+						/* ignore return value by now */
+						savepriv = op->o_private;
+						op->o_private = (void *)i;
+						( void )send_search_reference( op, rs );
+						op->o_private = savepriv;
+	
+						ber_bvarray_free( rs->sr_ref );
+						rs->sr_ref = NULL;
+					}
 
-				rs->sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+					/* cleanup */
+					if ( references ) {
+						ber_memvfree( (void **)references );
+					}
 
-				for ( cnt = 0; references[ cnt ]; cnt++ ) {
-					ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
-				}
-				BER_BVZERO( &rs->sr_ref[ cnt ] );
+					if ( rs->sr_ctrls ) {
+						ldap_controls_free( rs->sr_ctrls );
+						rs->sr_ctrls = NULL;
+					}
 
-				( void )ldap_back_referral_result_rewrite( &dc, rs->sr_ref );
+				} else if ( rc == LDAP_RES_SEARCH_RESULT ) {
+					char		buf[ SLAP_TEXT_BUFLEN ];
+					char		**references = NULL;
 
-				if ( rs->sr_ref != NULL && !BER_BVISNULL( &rs->sr_ref[ 0 ] ) ) {
-					/* ignore return value by now */
-					savepriv = op->o_private;
-					op->o_private = (void *)i;
-					( void )send_search_reference( op, rs );
-					op->o_private = savepriv;
+					if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+						/* don't retry any more... */
+						candidates[ i ].sr_type = REP_RESULT;
+					}
+	
+					/* NOTE: ignores response controls
+					 * (and intermediate response controls
+					 * as well, except for those with search
+					 * references); this may not be correct,
+					 * but if they're not ignored then
+					 * back-meta would need to merge them
+					 * consistently (think of pagedResults...)
+					 */
+					/* FIXME: response controls? */
+					rs->sr_err = ldap_parse_result( msc->msc_ld,
+						msg,
+						&candidates[ i ].sr_err,
+						(char **)&candidates[ i ].sr_matched,
+						NULL /* (char **)&candidates[ i ].sr_text */ ,
+						&references,
+						NULL /* &candidates[ i ].sr_ctrls (unused) */ ,
+						0 );
+					if ( rs->sr_err != LDAP_SUCCESS ) {
+						sres = slap_map_api2result( &candidates[ i ] );
+						candidates[ i ].sr_type = REP_RESULT;
+						ldap_msgfree( res );
+						res = NULL;
+						goto really_bad;
+					}
 
-					ber_bvarray_free( rs->sr_ref );
-					rs->sr_ref = NULL;
-				}
+					rs->sr_err = candidates[ i ].sr_err;
 
-				/* cleanup */
-				if ( references ) {
-					ber_memvfree( (void **)references );
-				}
-
-				if ( rs->sr_ctrls ) {
-					ldap_controls_free( rs->sr_ctrls );
-					rs->sr_ctrls = NULL;
-				}
-
-			} else if ( rc == LDAP_RES_SEARCH_RESULT ) {
-				char		buf[ SLAP_TEXT_BUFLEN ];
-				char		**references = NULL;
-
-				if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
-					/* don't retry any more... */
-					candidates[ i ].sr_type = REP_RESULT;
-				}
-
-				/* NOTE: ignores response controls
-				 * (and intermediate response controls
-				 * as well, except for those with search
-				 * references); this may not be correct,
-				 * but if they're not ignored then
-				 * back-meta would need to merge them
-				 * consistently (think of pagedResults...)
-				 */
-				rs->sr_err = ldap_parse_result( msc->msc_ld,
-							res,
-							&candidates[ i ].sr_err,
-							(char **)&candidates[ i ].sr_matched,
-							NULL /* (char **)&candidates[ i ].sr_text */ ,
-							&references,
-							NULL /* &candidates[ i ].sr_ctrls (unused) */ ,
-							1 );
-				res = NULL;
-				if ( rs->sr_err != LDAP_SUCCESS ) {
-					ldap_get_option( msc->msc_ld,
-							LDAP_OPT_ERROR_NUMBER,
-							&rs->sr_err );
-					sres = slap_map_api2result( rs );
-					candidates[ i ].sr_type = REP_RESULT;
-					goto really_bad;
-				}
-
-				/* massage matchedDN if need be */
-				if ( candidates[ i ].sr_matched != NULL ) {
-#ifndef LDAP_NULL_IS_NULL
-					if ( candidates[ i ].sr_matched[ 0 ] == '\0' ) {
-						ldap_memfree( (char *)candidates[ i ].sr_matched );
-						candidates[ i ].sr_matched = NULL;
-
-					} else
-#endif /* LDAP_NULL_IS_NULL */
-					{
+					/* massage matchedDN if need be */
+					if ( candidates[ i ].sr_matched != NULL ) {
 						struct berval	match, mmatch;
 
 						ber_str2bv( candidates[ i ].sr_matched,
@@ -618,10 +1239,11 @@
 						candidates[ i ].sr_matched = NULL;
 
 						dc.ctx = "matchedDN";
-						dc.target = &mi->mi_targets[ i ];
+						dc.target = mi->mi_targets[ i ];
 						if ( !ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
 							if ( mmatch.bv_val == match.bv_val ) {
-								candidates[ i ].sr_matched = ch_strdup( mmatch.bv_val );
+								candidates[ i ].sr_matched
+									= ch_strdup( mmatch.bv_val );
 
 							} else {
 								candidates[ i ].sr_matched = mmatch.bv_val;
@@ -631,156 +1253,262 @@
 						} 
 						ldap_memfree( match.bv_val );
 					}
-				}
 
-#ifndef LDAP_NULL_IS_NULL
-				/* just get rid of the error message, if any */
-				if ( candidates[ i ].sr_text && candidates[ i ].sr_text[ 0 ] == '\0' )
-				{
-					ldap_memfree( (char *)candidates[ i ].sr_text );
-					candidates[ i ].sr_text = NULL;
-				}
-#endif /* LDAP_NULL_IS_NULL */
+					/* add references to array */
+					/* RFC 4511: referrals can only appear
+					 * if result code is LDAP_REFERRAL */
+					if ( references != NULL
+						&& references[ 0 ] != NULL
+						&& references[ 0 ][ 0 ] != '\0' )
+					{
+						if ( rs->sr_err != LDAP_REFERRAL ) {
+							Debug( LDAP_DEBUG_ANY,
+								"%s meta_back_search[%ld]: "
+								"got referrals with err=%d\n",
+								op->o_log_prefix,
+								i, rs->sr_err );
 
-				/* add references to array */
-				if ( references ) {
-					BerVarray	sr_ref;
-					int		cnt;
+						} else {
+							BerVarray	sr_ref;
+							int		cnt;
+	
+							for ( cnt = 0; references[ cnt ]; cnt++ )
+								;
+	
+							sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+	
+							for ( cnt = 0; references[ cnt ]; cnt++ ) {
+								ber_str2bv( references[ cnt ], 0, 1, &sr_ref[ cnt ] );
+							}
+							BER_BVZERO( &sr_ref[ cnt ] );
+	
+							( void )ldap_back_referral_result_rewrite( &dc, sr_ref );
+					
+							if ( rs->sr_v2ref == NULL ) {
+								rs->sr_v2ref = sr_ref;
 
-					for ( cnt = 0; references[ cnt ]; cnt++ )
-						;
+							} else {
+								for ( cnt = 0; !BER_BVISNULL( &sr_ref[ cnt ] ); cnt++ ) {
+									ber_bvarray_add( &rs->sr_v2ref, &sr_ref[ cnt ] );
+								}
+								ber_memfree( sr_ref );
+							}
+						}
 
-					sr_ref = ch_calloc( sizeof( struct berval ), cnt + 1 );
+					} else if ( rs->sr_err == LDAP_REFERRAL ) {
+						Debug( LDAP_DEBUG_ANY,
+							"%s meta_back_search[%ld]: "
+							"got err=%d with null "
+							"or empty referrals\n",
+							op->o_log_prefix,
+							i, rs->sr_err );
 
-					for ( cnt = 0; references[ cnt ]; cnt++ ) {
-						ber_str2bv( references[ cnt ], 0, 1, &sr_ref[ cnt ] );
+						rs->sr_err = LDAP_NO_SUCH_OBJECT;
 					}
-					BER_BVZERO( &sr_ref[ cnt ] );
 
-					( void )ldap_back_referral_result_rewrite( &dc, sr_ref );
-				
 					/* cleanup */
 					ber_memvfree( (void **)references );
-
-					if ( rs->sr_v2ref == NULL ) {
-						rs->sr_v2ref = sr_ref;
-
-					} else {
-						for ( cnt = 0; !BER_BVISNULL( &sr_ref[ cnt ] ); cnt++ ) {
-							ber_bvarray_add( &rs->sr_v2ref, &sr_ref[ cnt ] );
+	
+					sres = slap_map_api2result( rs );
+	
+					if ( StatslogTest( LDAP_DEBUG_TRACE | LDAP_DEBUG_ANY ) ) {
+						snprintf( buf, sizeof( buf ),
+							"%s meta_back_search[%ld] "
+							"match=\"%s\" err=%ld",
+							op->o_log_prefix, i,
+							candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
+							(long) candidates[ i ].sr_err );
+						if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+							Debug( LDAP_DEBUG_TRACE, "%s.\n", buf, 0, 0 );
+	
+						} else {
+							Debug( LDAP_DEBUG_ANY, "%s (%s).\n",
+								buf, ldap_err2string( candidates[ i ].sr_err ), 0 );
 						}
-						ber_memfree( sr_ref );
 					}
-				}
-
-				rs->sr_err = candidates[ i ].sr_err;
-				sres = slap_map_api2result( rs );
-
-				if ( StatslogTest( LDAP_DEBUG_TRACE | LDAP_DEBUG_ANY ) ) {
-					snprintf( buf, sizeof( buf ),
-						"%s meta_back_search[%ld] "
-						"match=\"%s\" err=%ld",
-						op->o_log_prefix, i,
-						candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
-						(long) candidates[ i ].sr_err );
-					if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
-						Debug( LDAP_DEBUG_TRACE, "%s.\n", buf, 0, 0 );
-
-					} else {
-						Debug( LDAP_DEBUG_ANY, "%s (%s).\n",
-							buf, ldap_err2string( candidates[ i ].sr_err ), 0 );
+	
+					switch ( sres ) {
+					case LDAP_NO_SUCH_OBJECT:
+						/* is_ok is touched any time a valid
+						 * (even intermediate) result is
+						 * returned; as a consequence, if
+						 * a candidate returns noSuchObject
+						 * it is ignored and the candidate
+						 * is simply demoted. */
+						if ( is_ok ) {
+							sres = LDAP_SUCCESS;
+						}
+						break;
+	
+					case LDAP_SUCCESS:
+					case LDAP_REFERRAL:
+						is_ok++;
+						break;
+	
+					case LDAP_SIZELIMIT_EXCEEDED:
+						/* if a target returned sizelimitExceeded
+						 * and the entry count is equal to the
+						 * proxy's limit, the target would have
+						 * returned more, and the error must be
+						 * propagated to the client; otherwise,
+						 * the target enforced a limit lower
+						 * than what requested by the proxy;
+						 * ignore it */
+						candidates[ i ].sr_err = rs->sr_err;
+						if ( rs->sr_nentries == op->ors_slimit
+							|| META_BACK_ONERR_STOP( mi ) )
+						{
+							savepriv = op->o_private;
+							op->o_private = (void *)i;
+							send_ldap_result( op, rs );
+							op->o_private = savepriv;
+							ldap_msgfree( res );
+							res = NULL;
+							goto finish;
+						}
+						break;
+	
+					default:
+						candidates[ i ].sr_err = rs->sr_err;
+						if ( META_BACK_ONERR_STOP( mi ) ) {
+							savepriv = op->o_private;
+							op->o_private = (void *)i;
+							send_ldap_result( op, rs );
+							op->o_private = savepriv;
+							ldap_msgfree( res );
+							res = NULL;
+							goto finish;
+						}
+						break;
 					}
-				}
-
-				switch ( sres ) {
-				case LDAP_NO_SUCH_OBJECT:
-					/* is_ok is touched any time a valid
-					 * (even intermediate) result is
-					 * returned; as a consequence, if
-					 * a candidate returns noSuchObject
-					 * it is ignored and the candidate
-					 * is simply demoted. */
-					if ( is_ok ) {
-						sres = LDAP_SUCCESS;
+	
+					last = i;
+					rc = 0;
+	
+					/*
+					 * When no candidates are left,
+					 * the outer cycle finishes
+					 */
+					candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+					assert( ncandidates > 0 );
+					--ncandidates;
+	
+				} else if ( rc == LDAP_RES_BIND ) {
+					meta_search_candidate_t	retcode;
+	
+					retcode = meta_search_dobind_result( op, rs, &mc, i, candidates, msg );
+					if ( retcode == META_SEARCH_CANDIDATE ) {
+						candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+						retcode = meta_back_search_start( op, rs, &dc, &mc, i, candidates );
 					}
-					break;
-
-				case LDAP_SUCCESS:
-				case LDAP_REFERRAL:
-					is_ok++;
-					break;
-
-				case LDAP_SIZELIMIT_EXCEEDED:
-					/* if a target returned sizelimitExceeded
-					 * and the entry count is equal to the
-					 * proxy's limit, the target would have
-					 * returned more, and the error must be
-					 * propagated to the client; otherwise,
-					 * the target enforced a limit lower
-					 * than what requested by the proxy;
-					 * ignore it */
-					if ( rs->sr_nentries == op->ors_slimit
-						|| META_BACK_ONERR_STOP( mi ) )
-					{
-						savepriv = op->o_private;
-						op->o_private = (void *)i;
-						send_ldap_result( op, rs );
-						op->o_private = savepriv;
-						goto finish;
+	
+					switch ( retcode ) {
+					case META_SEARCH_CANDIDATE:
+						break;
+	
+						/* means that failed but onerr == continue */
+					case META_SEARCH_NOT_CANDIDATE:
+					case META_SEARCH_ERR:
+						candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+						assert( ncandidates > 0 );
+						--ncandidates;
+	
+						candidates[ i ].sr_err = rs->sr_err;
+						if ( META_BACK_ONERR_STOP( mi ) ) {
+							savepriv = op->o_private;
+							op->o_private = (void *)i;
+							send_ldap_result( op, rs );
+							op->o_private = savepriv;
+							ldap_msgfree( res );
+							res = NULL;
+							goto finish;
+						}
+						goto free_message;
+	
+					default:
+						assert( 0 );
+						break;
 					}
-					break;
-
-				default:
-					if ( META_BACK_ONERR_STOP( mi ) ) {
-						savepriv = op->o_private;
-						op->o_private = (void *)i;
-						send_ldap_result( op, rs );
-						op->o_private = savepriv;
-						goto finish;
-					}
-					break;
+	
+				} else {
+					assert( 0 );
+					ldap_msgfree( res );
+					res = NULL;
+					goto really_bad;
 				}
+			}
 
-				last = i;
-				rc = 0;
-
-				/*
-				 * When no candidates are left,
-				 * the outer cycle finishes
-				 */
-				candidates[ i ].sr_msgid = -1;
-				--ncandidates;
-
-			} else {
-				assert( 0 );
-				goto really_bad;
-			}
+free_message:;
+			ldap_msgfree( res );
+			res = NULL;
 		}
 
 		/* check for abandon */
-		if ( op->o_abandon || doabandon ) {
+		if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
 			for ( i = 0; i < mi->mi_ntargets; i++ ) {
-				metasingleconn_t	*msc = &mc->mc_conns[ i ];
+				if ( candidates[ i ].sr_msgid >= 0 ) {
+					if ( META_IS_BINDING( &candidates[ i ] ) ) {
+						ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+						if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
+							/* if still binding, destroy */
 
-				if ( candidates[ i ].sr_msgid != -1 ) {
-					ldap_abandon_ext( msc->msc_ld,
-						candidates[ i ].sr_msgid,
-						NULL, NULL );
-					candidates[ i ].sr_msgid = -1;
+#ifdef DEBUG_205
+							char buf[ SLAP_TEXT_BUFLEN ];
+
+							snprintf( buf, sizeof( buf), "%s meta_back_search(abandon) "
+								"ldap_unbind_ext[%ld] mc=%p ld=%p",
+								op->o_log_prefix, i, (void *)mc,
+								(void *)mc->mc_conns[i].msc_ld );
+
+							Debug( LDAP_DEBUG_ANY, "### %s\n", buf, 0, 0 );
+#endif /* DEBUG_205 */
+
+							meta_clear_one_candidate( op, mc, i );
+						}
+						ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+						META_BINDING_CLEAR( &candidates[ i ] );
+						
+					} else {
+						(void)meta_back_cancel( mc, op, rs,
+							candidates[ i ].sr_msgid, i,
+							LDAP_BACK_DONTSEND );
+					}
+
+					candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+					assert( ncandidates > 0 );
+					--ncandidates;
 				}
 			}
 
 			if ( op->o_abandon ) {
 				rc = SLAPD_ABANDON;
-				goto finish;
 			}
+
+			/* let send_ldap_result play cleanup handlers (ITS#4645) */
+			break;
 		}
 
 		/* if no entry was found during this loop,
 		 * set a minimal timeout */
-		if ( gotit == 0 ) {
-			LDAP_BACK_TV_SET( &tv );
-                        ldap_pvt_thread_yield();
+		if ( ncandidates > 0 && gotit == 0 ) {
+			if ( save_tv.tv_sec == 0 && save_tv.tv_usec == 0 ) {
+				save_tv.tv_usec = LDAP_BACK_RESULT_UTIMEOUT/initial_candidates;
+
+				/* arbitrarily limit to something between 1 and 2 minutes */
+			} else if ( ( stoptime == -1 && save_tv.tv_sec < 60 )
+				|| save_tv.tv_sec < ( stoptime - slap_get_time() ) / ( 2 * ncandidates ) )
+			{
+				/* double the timeout */
+				lutil_timermul( &save_tv, 2, &save_tv );
+			}
+
+			if ( alreadybound == 0 ) {
+				tv = save_tv;
+				(void)select( 0, NULL, NULL, NULL, &tv );
+
+			} else {
+				ldap_pvt_thread_yield();
+			}
 		}
 	}
 
@@ -788,7 +1516,13 @@
 		/*
 		 * FIXME: need a better strategy to handle errors
 		 */
-		rc = meta_back_op_result( mc, op, rs, META_TARGET_NONE );
+		if ( mc ) {
+			rc = meta_back_op_result( mc, op, rs, META_TARGET_NONE,
+				-1, stoptime != -1 ? (stoptime - slap_get_time()) : 0,
+				LDAP_BACK_SENDERR );
+		} else {
+			rc = rs->sr_err;
+		}
 		goto finish;
 	}
 
@@ -804,7 +1538,7 @@
 
 		/* we use the first one */
 		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			if ( candidates[ i ].sr_tag == META_CANDIDATE
+			if ( META_IS_CANDIDATE( &candidates[ i ] )
 					&& candidates[ i ].sr_matched != NULL )
 			{
 				struct berval	bv, pbv;
@@ -816,7 +1550,7 @@
 				 * ignore the matchedDN */
 				if ( sres == LDAP_SUCCESS
 					&& candidates[ i ].sr_err == LDAP_NO_SUCH_OBJECT
-					&& op->o_req_ndn.bv_len > mi->mi_targets[ i ].mt_nsuffix.bv_len )
+					&& op->o_req_ndn.bv_len > mi->mi_targets[ i ]->mt_nsuffix.bv_len )
 				{
 					free( (char *)candidates[ i ].sr_matched );
 					candidates[ i ].sr_matched = NULL;
@@ -858,39 +1592,38 @@
 		matched = op->o_bd->be_suffix[ 0 ].bv_val;
 	}
 
-#if 0
-	{
-		char	buf[BUFSIZ];
-		char	cnd[BUFSIZ];
-		int	i;
+	/*
+	 * In case we returned at least one entry, we return LDAP_SUCCESS
+	 * otherwise, the latter error code we got
+	 */
 
-		for ( i = 0; i < mi->mi_ntargets; i++ ) {
-			if ( candidates[ i ].sr_tag == META_CANDIDATE ) {
-				cnd[ i ] = '*';
-			} else {
-				cnd[ i ] = ' ';
-			}
+	if ( sres == LDAP_SUCCESS ) {
+		if ( rs->sr_v2ref ) {
+			sres = LDAP_REFERRAL;
 		}
-		cnd[ i ] = '\0';
 
-		snprintf( buf, sizeof( buf ), "%s meta_back_search: is_scope=%d is_ok=%d cnd=\"%s\"\n",
-			op->o_log_prefix, initial_candidates, is_ok, cnd );
+		if ( META_BACK_ONERR_REPORT( mi ) ) {
+			/*
+			 * Report errors, if any
+			 *
+			 * FIXME: we should handle error codes and return the more 
+			 * important/reasonable
+			 */
+			for ( i = 0; i < mi->mi_ntargets; i++ ) {
+				if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+					continue;
+				}
 
-		Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
+				if ( candidates[ i ].sr_err != LDAP_SUCCESS
+					&& candidates[ i ].sr_err != LDAP_NO_SUCH_OBJECT )
+				{
+					sres = candidates[ i ].sr_err;
+					break;
+				}
+			}
+		}
 	}
-#endif
 
-	/*
-	 * In case we returned at least one entry, we return LDAP_SUCCESS
-	 * otherwise, the latter error code we got
-	 *
-	 * FIXME: we should handle error codes and return the more 
-	 * important/reasonable
-	 */
-
-	if ( sres == LDAP_SUCCESS && rs->sr_v2ref ) {
-		sres = LDAP_REFERRAL;
-	}
 	rs->sr_err = sres;
 	rs->sr_matched = matched;
 	rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL );
@@ -909,10 +1642,29 @@
 	}
 
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
-		if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
+		if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
 			continue;
 		}
 
+		if ( mc && META_IS_BINDING( &candidates[ i ] ) ) {
+			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+			if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
+				assert( candidates[ i ].sr_msgid >= 0 );
+				assert( mc->mc_conns[ i ].msc_ld != NULL );
+
+#ifdef DEBUG_205
+				Debug( LDAP_DEBUG_ANY, "### %s meta_back_search(cleanup) "
+					"ldap_unbind_ext[%ld] ld=%p\n",
+					op->o_log_prefix, i, (void *)mc->mc_conns[i].msc_ld );
+#endif /* DEBUG_205 */
+
+				/* if still binding, destroy */
+				meta_clear_one_candidate( op, mc, i );
+			}
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+			META_BINDING_CLEAR( &candidates[ i ] );
+		}
+
 		if ( candidates[ i ].sr_matched ) {
 			free( (char *)candidates[ i ].sr_matched );
 			candidates[ i ].sr_matched = NULL;
@@ -932,10 +1684,27 @@
 			ldap_controls_free( candidates[ i ].sr_ctrls );
 			candidates[ i ].sr_ctrls = NULL;
 		}
+
+		if ( META_BACK_TGT_QUARANTINE( mi->mi_targets[ i ] ) ) {
+			meta_back_quarantine( op, &candidates[ i ], i );
+		}
+
+		/* only in case of timelimit exceeded, if the timelimit exceeded because
+		 * one contacted target never responded, invalidate the connection
+		 * NOTE: should we quarantine the target as well?  right now, the connection
+		 * is invalidated; the next time it will be recreated and the target
+		 * will be quarantined if it cannot be contacted */
+		if ( mi->mi_idle_timeout != 0
+			&& rs->sr_err == LDAP_TIMELIMIT_EXCEEDED
+			&& op->o_time > mc->mc_conns[ i ].msc_time )
+		{
+			/* don't let anyone else use this expired connection */
+			LDAP_BACK_CONN_TAINTED_SET( mc );
+		}
 	}
 
 	if ( mc ) {
-		meta_back_release_conn( op, mc );
+		meta_back_release_conn( mi, mc );
 	}
 
 	return rs->sr_err;
@@ -967,7 +1736,7 @@
 	/*
 	 * Rewrite the dn of the result, if needed
 	 */
-	dc.target = &mi->mi_targets[ target ];
+	dc.target = mi->mi_targets[ target ];
 	dc.conn = op->o_conn;
 	dc.rs = rs;
 	dc.ctx = "searchResult";
@@ -1011,7 +1780,7 @@
 		slap_syntax_validate_func	*validate;
 		slap_syntax_transform_func	*pretty;
 
-		ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at, 
+		ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_at, 
 				&a, &mapped, BACKLDAP_REMAP );
 		if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
 			( void )ber_scanf( &ber, "x" /* [W] */ );
@@ -1086,7 +1855,7 @@
 			struct berval 	*bv;
 
 			for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
-				ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_oc,
+				ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_oc,
 						bv, &mapped, BACKLDAP_REMAP );
 				if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0') {
 					free( bv->bv_val );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* suffixmassage.c - massages ldap backend dns */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/suffixmassage.c,v 1.1.2.6 2006/01/03 22:16:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/suffixmassage.c,v 1.1.2.7 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/unbind.c,v 1.11.2.11 2006/02/16 22:21:27 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/unbind.c,v 1.11.2.14 2007/01/17 23:03:20 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -51,23 +51,37 @@
 	mc_curr.mc_conn = conn;
 	
 	ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+#if META_BACK_PRINT_CONNTREE > 0
+	meta_back_print_conntree( mi, ">>> meta_back_conn_destroy" );
+#endif /* META_BACK_PRINT_CONNTREE */
 	while ( ( mc = avl_delete( &mi->mi_conninfo.lai_tree, ( caddr_t )&mc_curr, meta_back_conn_cmp ) ) != NULL )
 	{
 		Debug( LDAP_DEBUG_TRACE,
-			"=>meta_back_conn_destroy: destroying conn %ld\n",
-			LDAP_BACK_PCONN_ID( mc->mc_conn ), 0, 0 );
+			"=>meta_back_conn_destroy: destroying conn %ld "
+			"refcnt=%d flags=0x%08x\n",
+			LDAP_BACK_PCONN_ID( mc ),
+			mc->mc_refcnt, mc->msc_mscflags );
 		
-		assert( mc->mc_refcnt == 0 );
+		if ( mc->mc_refcnt > 0 ) {
+			/* someone else might be accessing the connection;
+			 * mark for deletion */
+			LDAP_BACK_CONN_CACHED_CLEAR( mc );
+			LDAP_BACK_CONN_TAINTED_SET( mc );
 
-		meta_back_conn_free( mc );
+		} else {
+			meta_back_conn_free( mc );
+		}
 	}
+#if META_BACK_PRINT_CONNTREE > 0
+	meta_back_print_conntree( mi, "<<< meta_back_conn_destroy" );
+#endif /* META_BACK_PRINT_CONNTREE */
 	ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
 	/*
 	 * Cleanup rewrite session
 	 */
 	for ( i = 0; i < mi->mi_ntargets; ++i ) {
-		rewrite_session_delete( mi->mi_targets[ i ].mt_rwmap.rwm_rw, conn );
+		rewrite_session_delete( mi->mi_targets[ i ]->mt_rwmap.rwm_rw, conn );
 	}
 
 	return 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-monitor
-# $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/Makefile.in,v 1.18.2.2 2006/01/03 22:16:21 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/Makefile.in,v 1.18.2.3 2007/01/02 21:44:04 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* back-monitor.h - ldap monitor back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/back-monitor.h,v 1.39.2.6 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/back-monitor.h,v 1.39.2.7 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* backend.c - deals with backend subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/backend.c,v 1.33.2.4 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/backend.c,v 1.33.2.5 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - monitor backend bind routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/bind.c,v 1.14.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/bind.c,v 1.14.2.4 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/cache.c,v 1.19.2.5 2006/04/04 22:34:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/cache.c,v 1.19.2.6 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - monitor backend compare routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.20.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.20.2.4 2007/01/02 21:44:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* conn.c - deal with connection subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.56.2.5 2006/01/06 19:03:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.56.2.7 2007/01/23 00:34:13 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -401,8 +401,10 @@
 			c->c_dn.bv_len ? c->c_dn.bv_val : SLAPD_ANONYMOUS,
 			
 			c->c_listener_url.bv_val,
-			c->c_peer_domain.bv_val,
-			c->c_peer_name.bv_val,
+			BER_BVISNULL( &c->c_peer_domain )
+				? "" : c->c_peer_domain.bv_val,
+			BER_BVISNULL( &c->c_peer_name )
+				? "" : c->c_peer_name.bv_val,
 			c->c_sock_name.bv_val,
 			
 			buf2,

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* database.c - deals with database subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.61.2.8 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.61.2.10 2007/01/05 09:47:11 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -383,7 +383,7 @@
 			int		t;
 
 			for ( t = 0; t < mi->mi_ntargets; t++ ) {
-				char		**urls = ldap_str2charray( mi->mi_targets[ t ].mt_uri, " " );
+				char		**urls = ldap_str2charray( mi->mi_targets[ t ]->mt_uri, " " );
 				int		u;
 
 				for ( u = 0; urls[ u ] != NULL; u++ ) {

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* entry.c - monitor backend entry handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/entry.c,v 1.14.2.6 2006/08/05 14:42:04 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/entry.c,v 1.14.2.7 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize monitor backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/init.c,v 1.89.2.16 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/init.c,v 1.89.2.18 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -644,6 +644,7 @@
 	Connection	conn = { 0 };
 	OperationBuffer	opbuf;
 	Operation	*op;
+	void	*thrctx;
 	SlapReply	rs = { 0 };
 	slap_callback	cb = { NULL, monitor_filter2ndn_cb, NULL, NULL };
 	int		rc;
@@ -655,18 +656,11 @@
 	}
 
 	op = (Operation *) &opbuf;
-	connection_fake_init( &conn, op, &conn );
+	thrctx = ldap_pvt_thread_pool_context();
+	connection_fake_init( &conn, op, thrctx );
 
 	op->o_tag = LDAP_REQ_SEARCH;
 
-	/* use global malloc for now */
-	if ( op->o_tmpmemctx ) {
-		/* FIXME: connection_fake_init() calls slap_sl_mem_create, so we destroy it for now */
-		slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
-		op->o_tmpmemctx = NULL;
-	}
-	op->o_tmpmfuncs = &ch_mfuncs;
-
 	op->o_bd = be_monitor;
 	if ( base == NULL || BER_BVISNULL( base ) ) {
 		ber_dupbv_x( &op->o_req_dn, &op->o_bd->be_suffix[ 0 ],
@@ -704,8 +698,8 @@
 
 	filter_free_x( op, op->ors_filter );
 	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
-	op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
 	op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+	op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
 
 	if ( rc != 0 ) {
 		return rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* listener.c - deals with listener subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/listener.c,v 1.27.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/listener.c,v 1.27.2.4 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* log.c - deal with log subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/log.c,v 1.45.2.6 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/log.c,v 1.45.2.7 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modify.c - monitor backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/modify.c,v 1.17.2.5 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/modify.c,v 1.17.2.6 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* operation.c - deal with operation subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.36.2.5 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.36.2.6 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* operational.c - monitor backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operational.c,v 1.14.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operational.c,v 1.14.2.4 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* overlay.c - deals with overlay subsystem */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/proto-back-monitor.h,v 1.25.2.6 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/proto-back-monitor.h,v 1.25.2.7 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* readw.c - deal with read waiters subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.26.2.5 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.26.2.6 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - monitor backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/search.c,v 1.32.2.6 2006/09/08 22:15:11 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/search.c,v 1.32.2.7 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* sent.c - deal with data sent subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.33.2.4 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.33.2.5 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* thread.c - deal with thread subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/thread.c,v 1.29.2.5 2006/01/10 01:07:32 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/thread.c,v 1.29.2.6 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* time.c - deal with time subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/time.c,v 1.29.2.4 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/time.c,v 1.29.2.5 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-null
-# $OpenLDAP: pkg/ldap/servers/slapd/back-null/Makefile.in,v 1.7.2.2 2006/01/03 22:16:21 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-null/Makefile.in,v 1.7.2.3 2007/01/02 21:44:05 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-null/null.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-null/null.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-null/null.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* null.c - the null backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-null/null.c,v 1.12.2.4 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-null/null.c,v 1.12.2.5 2007/01/02 21:44:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-passwd
-# $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/Makefile.in,v 1.18.2.2 2006/01/03 22:16:21 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/Makefile.in,v 1.18.2.3 2007/01/02 21:44:05 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/back-passwd.h,v 1.5.2.2 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/back-passwd.h,v 1.5.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - passwd backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/config.c,v 1.12.2.2 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/config.c,v 1.12.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize passwd backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/init.c,v 1.29.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/init.c,v 1.29.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/proto-passwd.h,v 1.2.2.3 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/proto-passwd.h,v 1.2.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - /etc/passwd backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/search.c,v 1.70.2.6 2006/01/03 22:16:21 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/search.c,v 1.70.2.7 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-perl
-# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/Makefile.in,v 1.18.2.2 2006/01/03 22:16:22 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/Makefile.in,v 1.18.2.3 2007/01/02 21:44:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## Portions Copyright 1999 John C. Quillan.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # This is a sample Perl module for the OpenLDAP server slapd.
-# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/SampleLDAP.pm,v 1.8.2.2 2006/01/03 22:16:22 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/SampleLDAP.pm,v 1.8.2.3 2007/01/02 21:44:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## Portions Copyright 1999 John C. Quillan.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/add.c,v 1.18.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/add.c,v 1.18.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -26,6 +26,9 @@
 	int len;
 	int count;
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
 	ldap_pvt_thread_mutex_lock( &entry2str_mutex );
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/asperl_undefs.h,v 1.5.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/asperl_undefs.h,v 1.5.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/bind.c,v 1.22.2.3 2006/09/20 17:47:46 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/bind.c,v 1.22.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/close.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/close.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.14.2.3 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.14.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/compare.c,v 1.23.2.3 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/compare.c,v 1.23.2.5 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -41,6 +41,9 @@
 		op->orc_ava->aa_desc->ad_cname.bv_val ), "=" ),
 		op->orc_ava->aa_value.bv_val );
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );	
 
 	{

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/config.c,v 1.20.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/config.c,v 1.20.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/delete.c,v 1.18.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/delete.c,v 1.18.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -25,6 +25,9 @@
 	PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
 	int count;
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );	
 
 	{

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.40.2.4 2006/09/20 17:47:46 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.40.2.5 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modify.c,v 1.21.2.3 2006/09/20 17:43:25 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modify.c,v 1.21.2.5 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -27,6 +27,9 @@
 	int count;
 	int i;
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
 
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );	
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modrdn.c,v 1.20.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modrdn.c,v 1.20.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -25,6 +25,10 @@
 	PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
 	int count;
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );	
 
 	{

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/perl_back.h,v 1.13.2.2 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/perl_back.h,v 1.13.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/proto-perl.h,v 1.2.2.4 2006/09/20 17:47:46 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/proto-perl.h,v 1.2.2.5 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/search.c,v 1.25.2.3 2006/01/03 22:16:22 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/search.c,v 1.25.2.5 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.
@@ -34,6 +34,9 @@
 	char *buf;
 	int i;
 
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+	PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
 	ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );	
 
 	{
@@ -84,8 +87,6 @@
 						send_entry = 1;
 
 					if (send_entry) {
-						int	rc;
-
 						rs->sr_entry = e;
 						rs->sr_attrs = op->ors_attrs;
 						rs->sr_flags = REP_ENTRY_MODIFIABLE;

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 # Makefile.in for back-relay
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* back-relay.h - relay backend header file */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* config.c - relay backend configuration file routine */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* init.c - initialize relay backend */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/op.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/op.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* op.c - relay backend operations */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-shell
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/Makefile.in,v 1.20.2.2 2006/01/03 22:16:23 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/Makefile.in,v 1.20.2.3 2007/01/02 21:44:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* add.c - shell backend add function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/add.c,v 1.24.2.3 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/add.c,v 1.24.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - shell backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.25.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.25.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* compare.c - shell backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/compare.c,v 1.26.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/compare.c,v 1.26.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - shell backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/config.c,v 1.16.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/config.c,v 1.16.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* delete.c - shell backend delete function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/delete.c,v 1.23.2.3 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/delete.c,v 1.23.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* fork.c - fork and exec a process, connecting stdin/out w/pipes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/fork.c,v 1.15.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/fork.c,v 1.15.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize shell backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/init.c,v 1.35.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/init.c,v 1.35.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modify.c - shell backend modify function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modify.c,v 1.31.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modify.c,v 1.31.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* modrdn.c - shell backend modrdn function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modrdn.c,v 1.25.2.3 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modrdn.c,v 1.25.2.4 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/proto-shell.h,v 1.2.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/proto-shell.h,v 1.2.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/result.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/result.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* result.c - shell backend result reading function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/result.c,v 1.21.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/result.c,v 1.21.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* search.c - shell backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/search.c,v 1.27.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/search.c,v 1.27.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.conf,v 1.8.2.2 2006/01/03 22:16:23 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.conf,v 1.8.2.3 2007/01/02 21:44:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.sh,v 1.7.2.2 2006/01/03 22:16:23 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.sh,v 1.7.2.3 2007/01/02 21:44:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* shell.h - shell backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/shell.h,v 1.22.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/shell.h,v 1.22.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* unbind.c - shell backend unbind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/unbind.c,v 1.21.2.2 2006/01/03 22:16:23 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/unbind.c,v 1.21.2.3 2007/01/02 21:44:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for back-sql
-# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/Makefile.in,v 1.14.2.2 2006/01/03 22:16:24 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/Makefile.in,v 1.14.2.3 2007/01/02 21:44:07 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/add.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/add.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/add.c,v 1.20.2.12 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/add.c,v 1.20.2.13 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/api.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/api.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/api.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/back-sql.h,v 1.30.2.9 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/back-sql.h,v 1.30.2.10 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Mararati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/bind.c,v 1.28.2.4 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/bind.c,v 1.28.2.5 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/compare.c,v 1.10.2.4 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/compare.c,v 1.10.2.5 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.17.2.6 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.17.2.7 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/delete.c,v 1.15.2.8 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/delete.c,v 1.15.2.9 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/entry-id.c,v 1.46.2.11 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/entry-id.c,v 1.46.2.12 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.12 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.13 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modify.c,v 1.31.2.10 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modify.c,v 1.31.2.11 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modrdn.c,v 1.14.2.9 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modrdn.c,v 1.14.2.10 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/operational.c,v 1.9.2.5 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/operational.c,v 1.9.2.6 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Mararati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-## Copyright 1997-2006 The OpenLDAP Foundation, All Rights Reserved.
+## Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
 ##  COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 
 #

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,4 +1,4 @@
-// Copyright 1997-2006 The OpenLDAP Foundation, All Rights Reserved.
+// Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
 //  COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 
 // (c) Copyright 1999-2001 TimesTen Performance Software. All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/schema-map.c,v 1.44.2.10 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/schema-map.c,v 1.44.2.11 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.81.2.11 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.81.2.13 2007/03/05 18:39:51 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.
@@ -2183,7 +2183,6 @@
 		case LDAP_SCOPE_SUBTREE:
 			/* FIXME: this should never fail... */
 			if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) {
-				assert( 0 );
 				goto next_entry2;
 			}
 			break;

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.7 2006/08/17 17:53:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.8 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/util.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/util.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/util.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.31.2.8 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.31.2.10 2007/01/02 21:44:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.
@@ -252,7 +252,7 @@
 
 #ifdef BACKSQL_TRACE
 	Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): %s=%s\n", 
-		e->e_name.bv_val, ad->ad_cname->bv_val, val->bv_val );
+		e->e_name.bv_val, ad->ad_cname.bv_val, val->bv_val );
 #endif /* BACKSQL_TRACE */
 
 	rc = attr_merge_normalize_one( e, ad, val, memctx );

Modified: openldap/vendor/openldap-release/servers/slapd/backend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backend.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/backend.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* backend.c - routines for dealing with back-end databases */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.288.2.24 2006/09/20 17:11:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.288.2.25 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/backglue.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backglue.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/backglue.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.14 2006/07/28 14:31:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.17 2007/01/03 08:55:03 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -65,7 +65,7 @@
 	glueinfo		*gi = (glueinfo *)on->on_bi.bi_private;
 	int i;
 
-	for (i = 0; i<gi->gi_nodes; i++) {
+	for (i = gi->gi_nodes-1; i >= 0; i--) {
 		assert( gi->gi_n[i].gn_be->be_nsuffix != NULL );
 
 		if (dnIsSuffix(dn, &gi->gi_n[i].gn_be->be_nsuffix[0])) {
@@ -88,6 +88,15 @@
 } glue_state;
 
 static int
+glue_op_cleanup( Operation *op, SlapReply *rs )
+{
+	/* This is not a final result */
+	if (rs->sr_type == REP_RESULT )
+		rs->sr_type = REP_GLUE_RESULT;
+	return SLAP_CB_CONTINUE;
+}
+
+static int
 glue_op_response ( Operation *op, SlapReply *rs )
 {
 	glue_state *gs = op->o_callback->sc_private;
@@ -192,6 +201,7 @@
 	case LDAP_REQ_DELETE: which = op_delete; break;
 	case LDAP_REQ_MODIFY: which = op_modify; break;
 	case LDAP_REQ_MODRDN: which = op_modrdn; break;
+	case LDAP_REQ_EXTENDED: which = op_extended; break;
 	default: assert( 0 ); break;
 	}
 
@@ -199,7 +209,7 @@
 	if ( func[which] )
 		rc = func[which]( op, rs );
 	else
-		rc = SLAP_CB_CONTINUE;
+		rc = SLAP_CB_BYPASS;
 
 	op->o_bd = b0;
 	op->o_bd->bd_info = bi0;
@@ -207,6 +217,19 @@
 }
 
 static int
+glue_response ( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	BackendDB *be = op->o_bd;
+	be = glue_back_select (op->o_bd, &op->o_req_ndn);
+
+	/* If we're on the master backend, let overlay framework handle it.
+	 * Otherwise, bail out.
+	 */
+	return ( op->o_bd == be ) ? SLAP_CB_CONTINUE : SLAP_CB_BYPASS;
+}
+
+static int
 glue_chk_referrals ( Operation *op, SlapReply *rs )
 {
 	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
@@ -303,7 +326,7 @@
 	int i;
 	long stoptime = 0, starttime;
 	glue_state gs = {NULL, NULL, NULL, 0, 0, 0, 0};
-	slap_callback cb = { NULL, glue_op_response, NULL, NULL };
+	slap_callback cb = { NULL, glue_op_response, glue_op_cleanup, NULL };
 	int scope0, tlimit0;
 	struct berval dn, ndn, *pdn;
 
@@ -340,7 +363,7 @@
 		b1 = op->o_bd;
 
 		/*
-		 * Execute in reverse order, most general first 
+		 * Execute in reverse order, most specific first 
 		 */
 		for (i = gi->gi_nodes; i >= 0; i--) {
 			if ( i == gi->gi_nodes ) {
@@ -384,6 +407,9 @@
 				if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
 					gs.err = LDAP_SUCCESS;
 				}
+				op->ors_scope = LDAP_SCOPE_ONELEVEL;
+				op->o_req_dn = dn;
+				op->o_req_ndn = ndn;
 
 			} else if (scope0 == LDAP_SCOPE_SUBTREE &&
 				dn_match(&op->o_bd->be_nsuffix[0], &ndn))
@@ -1003,9 +1029,11 @@
 	glue.on_bi.bi_op_modrdn = glue_op_func;
 	glue.on_bi.bi_op_add = glue_op_func;
 	glue.on_bi.bi_op_delete = glue_op_func;
+	glue.on_bi.bi_extended = glue_op_func;
 
 	glue.on_bi.bi_chk_referrals = glue_chk_referrals;
 	glue.on_bi.bi_chk_controls = glue_chk_controls;
+	glue.on_response = glue_response;
 
 	return overlay_register( &glue );
 }

Modified: openldap/vendor/openldap-release/servers/slapd/backover.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backover.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/backover.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* backover.c - backend overlay routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.18 2006/07/28 14:31:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.20 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -210,9 +210,11 @@
 
 	rc = over_db_func( be, db_destroy );
 
-	for (next = on->on_next; on; on=next) {
-		next = on->on_next;
-		free( on );
+	if ( on ) {
+		for (next = on->on_next; on; on=next) {
+			next = on->on_next;
+			free( on );
+		}
 	}
 	free( oi );
 	return rc;
@@ -235,6 +237,11 @@
 			if ( rc != SLAP_CB_CONTINUE ) break;
 		}
 	}
+	/* Bypass the remaining on_response layers, but allow
+	 * normal execution to continue.
+	 */
+	if ( rc == SLAP_CB_BYPASS )
+		rc = SLAP_CB_CONTINUE;
 	op->o_bd = be;
 	return rc;
 }
@@ -492,6 +499,8 @@
 			if ( rc != SLAP_CB_CONTINUE ) break;
 		}
 	}
+	if ( rc == SLAP_CB_BYPASS )
+		rc = SLAP_CB_CONTINUE;
 
 	func = &oi->oi_orig->bi_op_bind;
 	if ( func[which] && rc == SLAP_CB_CONTINUE ) {

Modified: openldap/vendor/openldap-release/servers/slapd/bconfig.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bconfig.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/bconfig.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bconfig.c - the config backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.48 2006/08/06 10:36:24 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.49 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* bind.c - decode an ldap bind operation and pass it to a backend db */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bind.c,v 1.189.2.10 2006/09/20 17:21:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bind.c,v 1.189.2.11 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/cancel.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/cancel.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/cancel.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* cancel.c - LDAP cancel extended operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.16.2.6 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.16.2.7 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ch_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ch_malloc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/ch_malloc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ch_malloc.c - malloc routines that test returns from malloc and friends */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ch_malloc.c,v 1.25.2.3 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ch_malloc.c,v 1.25.2.4 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/compare.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/compare.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/compare.c,v 1.124.2.10 2006/01/17 19:37:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/compare.c,v 1.124.2.11 2007/01/02 21:43:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/component.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/component.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/component.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* component.c -- Component Filter Match Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/component.c,v 1.13.2.6 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.c,v 1.13.2.7 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 by IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/component.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/component.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/component.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* component.h */
-/* $OpenLDAP: pkg/ldap/servers/slapd/component.h,v 1.1.2.3 2006/01/03 22:16:13 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.h,v 1.1.2.4 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 by IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.c - configuration file handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.22 2006/10/20 16:52:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.25 2007/02/08 12:31:24 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -308,7 +308,8 @@
 		return(0);
 	}
 	if(arg_type & ARG_OFFSET) {
-		if (c->be)
+		if (c->be && (!overlay_is_over(c->be) || 
+			((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
 			ptr = c->be->be_private;
 		else if (c->bi)
 			ptr = c->bi->bi_private;
@@ -399,7 +400,8 @@
 		if ( rc ) return rc;
 	} else {
 		if ( cf->arg_type & ARG_OFFSET ) {
-			if ( c->be )
+			if (c->be && (!overlay_is_over(c->be) || 
+				((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
 				ptr = c->be->be_private;
 			else if ( c->bi )
 				ptr = c->bi->bi_private;
@@ -1028,15 +1030,21 @@
 
 static slap_cf_aux_table bindkey[] = {
 	{ BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
-	{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
-	{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
-	{ BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
+	{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
+	{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
+	{ BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, dnNormalize },
 	{ BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
 	{ BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
 	{ BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
 	{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
+#ifndef SLAP_AUTHZ_SYNTAX
 	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
 	{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+#else /* SLAP_AUTHZ_SYNTAX */
+	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, authzNormalize },
+	{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, authzNormalize },
+#endif /* SLAP_AUTHZ_SYNTAX */
+
 	{ BER_BVNULL, 0, 0, 0, NULL }
 };
 
@@ -1064,26 +1072,39 @@
 
 			case 'b':
 				bptr = (struct berval *)((char *)dst + tab->off);
-				ber_str2bv( val, 0, 1, bptr );
-				break;
+				if ( tab->aux != NULL ) {
+					struct berval	dn;
+					slap_mr_normalize_func *normalize = (slap_mr_normalize_func *)tab->aux;
 
-			case 'd':
-				assert( tab->aux != NULL );
-				iptr = (int *)((char *)dst + tab->off);
+					ber_str2bv( val, 0, 0, &dn );
+					rc = normalize( 0, NULL, NULL, &dn, bptr, NULL );
 
-				rc = 1;
-				for ( j = 0; !BER_BVISNULL( &tab->aux[j].word ); j++ ) {
-					if ( !strcasecmp( val, tab->aux[j].word.bv_val ) ) {
-						*iptr = tab->aux[j].mask;
-						rc = 0;
-					}
+				} else {
+					ber_str2bv( val, 0, 1, bptr );
+					rc = 0;
 				}
 				break;
 
 			case 'i':
 				iptr = (int *)((char *)dst + tab->off);
 
-				rc = lutil_atoix( iptr, val, 0 );
+				if ( tab->aux != NULL ) {
+					slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+					assert( aux != NULL );
+
+					rc = 1;
+					for ( j = 0; !BER_BVISNULL( &aux[j].word ); j++ ) {
+						if ( !strcasecmp( val, aux[j].word.bv_val ) ) {
+							*iptr = aux[j].mask;
+							rc = 0;
+							break;
+						}
+					}
+
+				} else {
+					rc = lutil_atoix( iptr, val, 0 );
+				}
 				break;
 
 			case 'u':
@@ -1139,6 +1160,7 @@
 		case 'b':
 			bptr = (struct berval *)((char *)src + tab->off);
 			cptr = &bptr->bv_val;
+
 		case 's':
 			if ( *cptr ) {
 				*ptr++ = ' ';
@@ -1149,27 +1171,28 @@
 			}
 			break;
 
-		case 'd':
-			assert( tab->aux != NULL );
+		case 'i':
 			iptr = (int *)((char *)src + tab->off);
-		
-			for ( i = 0; !BER_BVISNULL( &tab->aux[i].word ); i++ ) {
-				if ( *iptr == tab->aux[i].mask ) {
-					*ptr++ = ' ';
-					ptr = lutil_strcopy( ptr, tab->key.bv_val );
-					ptr = lutil_strcopy( ptr, tab->aux[i].word.bv_val );
-					break;
+
+			if ( tab->aux != NULL ) {
+				slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+				for ( i = 0; !BER_BVISNULL( &aux[i].word ); i++ ) {
+					if ( *iptr == aux[i].mask ) {
+						*ptr++ = ' ';
+						ptr = lutil_strcopy( ptr, tab->key.bv_val );
+						ptr = lutil_strcopy( ptr, aux[i].word.bv_val );
+						break;
+					}
 				}
+
+			} else {
+				*ptr++ = ' ';
+				ptr = lutil_strcopy( ptr, tab->key.bv_val );
+				ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
 			}
 			break;
 
-		case 'i':
-			iptr = (int *)((char *)src + tab->off);
-			*ptr++ = ' ';
-			ptr = lutil_strcopy( ptr, tab->key.bv_val );
-			ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
-			break;
-
 		case 'u':
 			uptr = (unsigned *)((char *)src + tab->off);
 			*ptr++ = ' ';

Modified: openldap/vendor/openldap-release/servers/slapd/config.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/config.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* config.h - configuration abstraction structure */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.12 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.13 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/connection.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/connection.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/connection.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.296.2.19 2006/11/09 05:47:20 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.296.2.29 2007/01/25 12:52:48 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -196,23 +196,22 @@
 	ber_socket_t i;
 
 	for ( i = 0; i < dtblsize; i++ ) {
-		if( connections[i].c_struct_state != SLAP_C_USED ) {
-			continue;
+		if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
+			ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
+			if( connections[i].c_struct_state == SLAP_C_USED ) {
+
+				/* give persistent clients a chance to cleanup */
+				if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
+					ldap_pvt_thread_pool_submit( &connection_pool,
+					connections[i].c_clientfunc, connections[i].c_clientarg );
+				} else {
+					/* c_mutex is locked */
+					connection_closing( &connections[i], "slapd shutdown" );
+					connection_close( &connections[i] );
+				}
+			}
+			ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
 		}
-		/* give persistent clients a chance to cleanup */
-		if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
-			ldap_pvt_thread_pool_submit( &connection_pool,
-			connections[i].c_clientfunc, connections[i].c_clientarg );
-			continue;
-		}
-
-		ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
-
-		/* c_mutex is locked */
-		connection_closing( &connections[i], "slapd shutdown" );
-		connection_close( &connections[i] );
-
-		ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
 	}
 
 	return 0;
@@ -306,11 +305,20 @@
 	if( c != NULL ) {
 		ber_socket_t	sd;
 
+		ldap_pvt_thread_mutex_lock( &c->c_mutex );
+
 		assert( c->c_struct_state != SLAP_C_UNINITIALIZED );
 
-		ldap_pvt_thread_mutex_lock( &c->c_mutex );
-
 		ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
+#ifdef HAVE_WINSOCK
+		/* Avoid race condition after releasing
+		 * connections_mutex
+		 */
+		if ( sd != s ) {
+			ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+			return NULL;
+		}
+#endif
 		if( c->c_struct_state != SLAP_C_USED ) {
 			/* connection must have been closed due to resched */
 
@@ -738,10 +746,13 @@
 	if ( sd != AC_SOCKET_INVALID ) {
 		slapd_remove( sd, sb, 1, 0, 0 );
 
-		Statslog( LDAP_DEBUG_STATS, (close_reason
-									 ? "conn=%lu fd=%ld closed (%s)\n"
-									 : "conn=%lu fd=%ld closed\n"),
-			connid, (long) sd, close_reason, 0, 0 );
+		if ( close_reason == NULL ) {
+			Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed\n",
+				connid, (long) sd, 0, 0, 0 );
+		} else {
+			Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed (%s)\n",
+				connid, (long) sd, close_reason, 0, 0 );
+		}
 	}
 }
 
@@ -1521,11 +1532,11 @@
 
 		ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
 
+		if ( err != EWOULDBLOCK && err != EAGAIN ) {
+			/* log, close and send error */
 		Debug( LDAP_DEBUG_TRACE,
 			"ber_get_next on fd %d failed errno=%d (%s)\n",
 			sd, err, sock_errstr(err) );
-		if ( err != EWOULDBLOCK && err != EAGAIN ) {
-			/* log, close and send error */
 			ber_free( conn->c_currentber, 1 );
 			conn->c_currentber = NULL;
 
@@ -1753,6 +1764,9 @@
 {
 	op->o_conn->c_sasl_bindop = NULL;
 
+	ch_free( op->o_callback );
+	op->o_callback = NULL;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -1936,6 +1950,36 @@
 	return 0;
 }
 
+#ifdef LDAP_SLAPI
+typedef struct conn_fake_extblock {
+	void *eb_conn;
+	void *eb_op;
+} conn_fake_extblock;
+
+static void
+connection_fake_destroy(
+	void *key,
+	void *data )
+{
+	Connection conn = {0};
+	Operation op = {0};
+	Opheader ohdr = {0};
+
+	conn_fake_extblock *eb = data;
+	
+	op.o_hdr = &ohdr;
+	op.o_hdr->oh_extensions = eb->eb_op;
+	conn.c_extensions = eb->eb_conn;
+	op.o_conn = &conn;
+	conn.c_connid = -1;
+	op.o_connid = -1;
+
+	ber_memfree_x( eb, NULL );
+	slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, &op );
+	slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &conn );
+}
+#endif
+
 void
 connection_fake_init(
 	Connection *conn,
@@ -1966,8 +2010,24 @@
 	connection_init_log_prefix( op );
 
 #ifdef LDAP_SLAPI
-	slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
-	slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+	if ( slapi_plugins_used ) {
+		conn_fake_extblock *eb = NULL;
+
+		/* Use thread keys to make sure these eventually get cleaned up */
+		if ( ldap_pvt_thread_pool_getkey( ctx, connection_fake_init, &eb,
+			NULL )) {
+			eb = ch_malloc( sizeof( *eb ));
+			slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+			slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+			eb->eb_conn = conn->c_extensions;
+			eb->eb_op = op->o_hdr->oh_extensions;
+			ldap_pvt_thread_pool_setkey( ctx, connection_fake_init, eb,
+				connection_fake_destroy );
+		} else {
+			conn->c_extensions = eb->eb_conn;
+			op->o_hdr->oh_extensions = eb->eb_op;
+		}
+	}
 #endif /* LDAP_SLAPI */
 
 	slap_op_time( &op->o_time, &op->o_tincr );

Modified: openldap/vendor/openldap-release/servers/slapd/controls.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/controls.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/controls.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.125.2.20 2006/02/15 21:32:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.125.2.24 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -919,7 +919,6 @@
 	op->o_ndn = dn;
 	ber_dupbv( &op->o_dn, &dn );
 
-
 	Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
 	    op->o_log_prefix, dn.bv_val, 0, 0, 0 );
 
@@ -1255,6 +1254,8 @@
 	rs->sr_err = get_vrFilter( op, ber,
 		(ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text);
 
+	(void) ber_free( ber, 1 );
+
 	if( rs->sr_err != LDAP_SUCCESS ) {
 		if( rs->sr_err == SLAPD_DISCONNECT ) {
 			rs->sr_err = LDAP_PROTOCOL_ERROR;

Modified: openldap/vendor/openldap-release/servers/slapd/cr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/cr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/cr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* cr.c - content rule routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/cr.c,v 1.14.2.4 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cr.c,v 1.14.2.5 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ctxcsn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/ctxcsn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ctxcsn.c -- Context CSN Management Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.31.2.8 2006/08/15 17:11:09 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.31.2.9 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/daemon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/daemon.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/daemon.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.318.2.26 2006/11/07 04:25:01 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.318.2.30 2007/04/01 21:30:02 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -494,6 +494,7 @@
 
 # define SLAP_SOCK_INIT			do { \
 	SLAP_SELECT_CHK_SETSIZE; \
+	FD_ZERO(&slap_daemon.sd_actives); \
 	FD_ZERO(&slap_daemon.sd_readers); \
 	FD_ZERO(&slap_daemon.sd_writers); \
 } while (0)
@@ -1600,7 +1601,7 @@
 #endif /* LDAP_PF_LOCAL */
 
 	Debug( LDAP_DEBUG_TRACE,
-		">>> slap_listener(%s)",
+		">>> slap_listener(%s)\n",
 		sl->sl_url.bv_val, 0, 0 );
 
 	peername[0] = '\0';
@@ -2123,8 +2124,14 @@
 		ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
 
 		if ( rtask && cat.tv_sec ) {
-			time_t diff = difftime( cat.tv_sec, now );
-			if ( diff == 0 ) diff = tdelta;
+			/* NOTE: diff __should__ always be >= 0,
+			 * AFAI understand; however (ITS#4872),
+			 * time_t might be unsigned in some systems,
+			 * while difftime() returns a double */
+			double diff = difftime( cat.tv_sec, now );
+			if ( diff <= 0 ) {
+				diff = tdelta;
+			}
 			if ( tvp == NULL || diff < tv.tv_sec ) {
 				tv.tv_sec = diff;
 				tv.tv_usec = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/delete.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/delete.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/delete.c,v 1.126.2.7 2006/01/17 19:37:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/delete.c,v 1.126.2.8 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/dn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/dn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/dn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dn.c - routines for dealing with distinguished names */
-/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.170.2.9 2006/08/17 15:53:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.170.2.10 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/entry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/entry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* entry.c - routines for dealing with entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.129.2.10 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.129.2.13 2007/02/26 08:53:54 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -132,6 +132,11 @@
 			break;
 		}
 		i++;
+		if (i >= lines) {
+			Debug( LDAP_DEBUG_TRACE,
+				"<= str2entry ran past end of entry\n", 0, 0, 0 );
+			goto fail;
+		}
 
 		rc = ldif_parse_line2( s, type+i, vals+i, &freev );
 		freeval[i] = freev;
@@ -173,6 +178,8 @@
 		goto fail;
 	}
 
+#define bvcasematch(bv1, bv2)	( ((bv1)->bv_len == (bv2)->bv_len) && (strncasecmp((bv1)->bv_val, (bv2)->bv_val, (bv1)->bv_len) == 0) )
+
 	/* Make sure all attributes with multiple values are contiguous */
 	if ( checkvals ) {
 		int j, k;
@@ -181,7 +188,7 @@
 
 		for (i=0; i<lines; i++) {
 			for ( j=i+1; j<lines; j++ ) {
-				if ( bvmatch( type+i, type+j )) {
+				if ( bvcasematch( type+i, type+j )) {
 					/* out of order, move intervening attributes down */
 					if ( j != i+1 ) {
 						bv = vals[j];
@@ -204,7 +211,7 @@
 
 	for ( i=0; i<=lines; i++ ) {
 		ad_prev = ad;
-		if ( !ad || ( i<lines && !bvmatch( type+i, &ad->ad_cname ))) {
+		if ( !ad || ( i<lines && !bvcasematch( type+i, &ad->ad_cname ))) {
 			ad = NULL;
 			rc = slap_bv2ad( type+i, &ad, &text );
 

Modified: openldap/vendor/openldap-release/servers/slapd/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/extended.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/extended.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/extended.c,v 1.78.2.7 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/extended.c,v 1.78.2.8 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/filter.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filter.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/filter.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* filter.c - routines for parsing and dealing with filters */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.8 2006/01/23 23:52:17 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.10 2007/01/02 21:43:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -978,7 +978,7 @@
 	}
 
 	if ( err == LDAP_SUCCESS ) {
-		*filt = ch_malloc( sizeof vrf );
+		*filt = op->o_tmpalloc( sizeof vrf, op->o_tmpmemctx );
 		**filt = vrf;
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/filterentry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filterentry.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/filterentry.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* filterentry.c - apply a filter to an entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.91.2.9 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.91.2.10 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/frontend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/frontend.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/frontend.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* frontend.c - routines for dealing with frontend */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/globals.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/globals.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/globals.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* globals.c - various global variables */
-/* $OpenLDAP: pkg/ldap/servers/slapd/globals.c,v 1.13.2.2 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/globals.c,v 1.13.2.3 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/index.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/index.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/index.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* index.c - index utilities */
-/* $OpenLDAP: pkg/ldap/servers/slapd/index.c,v 1.13.2.4 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/index.c,v 1.13.2.5 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* init.c - initialize various things */
-/* $OpenLDAP: pkg/ldap/servers/slapd/init.c,v 1.81.2.14 2006/10/05 23:31:19 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/init.c,v 1.81.2.16 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -300,6 +300,9 @@
 		ber_bvarray_free( default_referral );
 	}
 
+	/* clear out any thread-keys for the main thread */
+	ldap_pvt_thread_pool_context_reset( ldap_pvt_thread_pool_context());
+
 	rc = backend_destroy();
 
 	slap_sasl_destroy();

Modified: openldap/vendor/openldap-release/servers/slapd/kerberos.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/kerberos.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/kerberos.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* kerberos.c - ldbm backend kerberos bind routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/kerberos.c,v 1.12.2.2 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/kerberos.c,v 1.12.2.4 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,10 @@
 
 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+	if( cred->len > sizeof(ktxt->dat) ) {
+		return LDAP_OTHER;
+	}
+
 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
 	ktxt->length = cred->bv_len;
 

Modified: openldap/vendor/openldap-release/servers/slapd/ldapsync.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ldapsync.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/ldapsync.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* ldapsync.c -- LDAP Content Sync Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.21.2.8 2006/07/28 13:01:36 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.21.2.9 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/limits.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/limits.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/limits.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* limits.c - routines to handle regex-based size and time limits */
-/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.62.2.7 2006/04/07 16:46:02 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.62.2.8 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/lock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/lock.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/lock.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* lock.c - routines to open and apply an advisory lock to a file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/lock.c,v 1.29.2.2 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/lock.c,v 1.29.2.3 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/main.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/main.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/main.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.198.2.20 2006/02/17 07:38:40 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.198.2.22 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -753,6 +753,12 @@
 	}
 #endif
 
+#ifdef HAVE_CYRUS_SASL
+	if( global_host == NULL ) {
+		global_host = ldap_pvt_get_fqdn( NULL );
+	}
+#endif
+
 	(void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake );
 	(void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown );
 

Modified: openldap/vendor/openldap-release/servers/slapd/matchedValues.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/matchedValues.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/matchedValues.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/matchedValues.c,v 1.25.2.3 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/matchedValues.c,v 1.25.2.4 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.24 2006/02/13 19:50:35 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.25 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.146.2.14 2006/01/17 19:37:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.146.2.15 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/mods.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mods.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/mods.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/mods.c,v 1.47.2.9 2006/02/13 20:22:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mods.c,v 1.47.2.10 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/module.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/module.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/module.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.26.2.2 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.26.2.3 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/mr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mr.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/mr.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* mr.c - routines to manage matching rule definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/mr.c,v 1.60.2.3 2006/01/03 22:16:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mr.c,v 1.60.2.4 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/mra.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mra.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/mra.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* mra.c - routines for dealing with extensible matching rule assertions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/mra.c,v 1.40.2.5 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mra.c,v 1.40.2.6 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/nt_svc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/nt_svc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/nt_svc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/nt_svc.c,v 1.25.2.2 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/nt_svc.c,v 1.25.2.3 2007/01/02 21:43:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/oc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/oc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/oc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* oc.c - object class routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/oc.c,v 1.63.2.8 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oc.c,v 1.63.2.9 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/oidm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/oidm.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/oidm.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* oidm.c - object identifier macro routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/oidm.c,v 1.11.2.5 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oidm.c,v 1.11.2.6 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/operation.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/operation.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/operation.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* operation.c - routines to deal with pending ldap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/operation.c,v 1.63.2.7 2006/11/07 04:25:01 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/operation.c,v 1.63.2.9 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -61,6 +61,17 @@
 }
 
 void
+slap_op_groups_free( Operation *op )
+{
+	GroupAssertion *g, *n;
+	for ( g = op->o_groups; g; g = n ) {
+		n = g->ga_next;
+		slap_sl_free( g, op->o_tmpmemctx );
+	}
+	op->o_groups = NULL;
+}
+
+void
 slap_op_free( Operation *op )
 {
 	assert( LDAP_STAILQ_NEXT(op, o_next) == NULL );
@@ -87,13 +98,8 @@
 	}
 #endif
 
-	{
-		GroupAssertion *g, *n;
-		for ( g = op->o_groups; g; g = n ) {
-			n = g->ga_next;
-			slap_sl_free( g, op->o_tmpmemctx );
-		}
-		op->o_groups = NULL;
+	if ( op->o_groups ) {
+		slap_op_groups_free( op );
 	}
 
 #if defined( LDAP_SLAPI )

Modified: openldap/vendor/openldap-release/servers/slapd/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/operational.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/operational.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* operational.c - routines to deal with on-the-fly operational attrs */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for overlays
-# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.15 2006/04/05 21:36:15 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.16 2007/01/02 21:44:08 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2003-2006 The OpenLDAP Foundation.
+## Copyright 2003-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* accesslog.c - log operations for audit/history purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.2.2.21 2006/11/07 03:03:12 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.2.2.23 2007/01/25 12:42:01 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *
@@ -1455,7 +1455,6 @@
 		attrs_free( e->e_attrs );
 		ch_free( e );
 	}
-	ldap_pvt_thread_pool_context_reset( thrctx );
 	return rc;
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* auditlog.c - log modifications for audit/history purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.1.2.6 2006/07/28 13:01:37 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.1.2.8 2007/02/08 12:31:24 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *
@@ -29,6 +29,7 @@
 #include <ac/ctype.h>
 
 #include "slap.h"
+#include "config.h"
 #include "ldif.h"
 
 typedef struct auditlog_data {
@@ -36,6 +37,26 @@
 	char *ad_logfile;
 } auditlog_data;
 
+static ConfigTable auditlogcfg[] = {
+	{ "auditlog", "filename", 2, 2, 0,
+	  ARG_STRING|ARG_OFFSET,
+	  (void *)offsetof(auditlog_data, ad_logfile),
+	  "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
+	  "DESC 'Filename for auditlogging' "
+	  "SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs auditlogocs[] = {
+	{ "( OLcfgOvOc:15.1 "
+	  "NAME 'olcAuditlogConfig' "
+	  "DESC 'Auditlog configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcAuditlogFile ) )",
+	  Cft_Overlay, auditlogcfg },
+	{ NULL, 0, NULL }
+};
+
 static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
 	char *s;
 	if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
@@ -51,14 +72,14 @@
 	FILE *f;
 	Attribute *a;
 	Modifications *m;
-	struct berval *b;
-	char *what, *subop, *suffix, *who = NULL;
+	struct berval *b, *who = NULL;
+	char *what, *suffix;
 	long stamp = slap_get_time();
 	int i;
 
 	if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
 
-	if ( !op->o_bd || !ad->ad_logfile ) return SLAP_CB_CONTINUE;
+	if ( !ad->ad_logfile ) return SLAP_CB_CONTINUE;
 
 /*
 ** add or modify: use modifiersName if present
@@ -71,7 +92,7 @@
 			what = "add";
 			for(a = op->ora_e->e_attrs; a; a = a->a_next)
 				if( a->a_desc == slap_schema.si_ad_modifiersName ) {
-					who = a->a_vals[0].bv_val;
+					who = &a->a_vals[0];
 					break;
 				}
 			break;
@@ -81,7 +102,7 @@
 				if( m->sml_desc == slap_schema.si_ad_modifiersName &&
 					( m->sml_op == LDAP_MOD_ADD ||
 					m->sml_op == LDAP_MOD_REPLACE )) {
-					who = m->sml_values[0].bv_val;
+					who = &m->sml_values[0];
 					break;
 				}
 			break;
@@ -96,7 +117,7 @@
 ** note: this means requestor's dn when modifiersName is null
 */
 	if ( !who )
-		who = op->o_dn.bv_val;
+		who = &op->o_dn;
 
 	ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
 	if((f = fopen(ad->ad_logfile, "a")) == NULL) {
@@ -104,14 +125,20 @@
 		return SLAP_CB_CONTINUE;
 	}
 
-	fprintf(f, "# %s %ld %s%s%s\ndn: %s\nchangetype: %s\n",
-		what, stamp, suffix, who ? " " : "", who ? who : "",
+	fprintf(f, "# %s %ld %s%s%s\n",
+		what, stamp, suffix, who ? " " : "", who ? who->bv_val : "");
+
+	if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) &&
+		(!who || !dn_match( who, &op->o_conn->c_dn )))
+		fprintf(f, "# realdn: %s\n", op->o_conn->c_dn.bv_val );
+
+	fprintf(f, "dn: %s\nchangetype: %s\n",
 		op->o_req_dn.bv_val, what);
 
 	switch(op->o_tag) {
 	  case LDAP_REQ_ADD:
 		for(a = op->ora_e->e_attrs; a; a = a->a_next)
-		    if(b = a->a_vals)
+		  if((b = a->a_vals) != NULL)
 			for(i = 0; b[i].bv_val; i++)
 				fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
 		break;
@@ -128,7 +155,8 @@
 					continue;
 			}
 			fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val);
-			if(b = m->sml_values) for(i = 0; b[i].bv_val; i++)
+			if((b = m->sml_values) != NULL)
+			  for(i = 0; b[i].bv_val; i++)
 				fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
 			fprintf(f, "-\n");
 		}
@@ -220,14 +248,18 @@
 }
 
 int auditlog_initialize() {
+	int rc;
 
 	auditlog.on_bi.bi_type = "auditlog";
 	auditlog.on_bi.bi_db_init = auditlog_db_init;
-	auditlog.on_bi.bi_db_config = auditlog_config;
 	auditlog.on_bi.bi_db_close = auditlog_db_close;
 	auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
 	auditlog.on_response = auditlog_response;
 
+	auditlog.on_bi.bi_cf_ocs = auditlogocs;
+	rc = config_register_schema( auditlogcfg, auditlogocs );
+	if ( rc ) return rc;
+
 	return overlay_register(&auditlog);
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/collect.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/collect.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* collect.c - Demonstration of overlay code */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.2.2.3 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.2.2.4 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/denyop.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/denyop.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/denyop.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* denyop.c - Denies operations */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dyngroup.c - Demonstration of overlay code */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dyngroup.c,v 1.5.2.5 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dyngroup.c,v 1.5.2.6 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Copyright 2003 by Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* dynlist.c - dynamic list overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.5.2.8 2006/11/03 07:36:35 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.5.2.11 2007/03/22 21:31:18 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -289,6 +289,8 @@
 done:;
 	if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
 		entry_free( rs->sr_entry );
+		rs->sr_entry = NULL;
+		rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
 	}
 
 	return 0;
@@ -478,7 +480,8 @@
 		if ( !BER_BVISNULL( &o.o_req_ndn ) ) {
 			op->o_tmpfree( o.o_req_ndn.bv_val, op->o_tmpmemctx );
 		}
-		assert( o.ors_filterstr.bv_val != lud->lud_filter );
+		assert( BER_BVISNULL( &o.ors_filterstr )
+			|| o.ors_filterstr.bv_val != lud->lud_filter );
 		op->o_tmpfree( o.ors_filterstr.bv_val, op->o_tmpmemctx );
 		ldap_free_urldesc( lud );
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/lastmod.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/lastmod.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/lastmod.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* lastmod.c - returns last modification info */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* overlays.c - Static overlay framework */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/overlays.c,v 1.12.2.8 2006/01/03 22:16:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/overlays.c,v 1.12.2.9 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Copyright 2003 by Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.16 2006/02/17 07:38:41 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.17 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * Portions Copyright 2003 Symas Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.31.2.27 2006/11/10 06:47:51 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.31.2.29 2007/02/08 12:31:24 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
  * Portions Copyright 2004 Hewlett-Packard Company.
  * All rights reserved.
@@ -39,6 +39,7 @@
 #include <ac/time.h>
 #include <ac/string.h>
 #include <ac/ctype.h>
+#include "config.h"
 
 #ifndef MODULE_NAME_SZ
 #define MODULE_NAME_SZ 256
@@ -202,6 +203,95 @@
 
 static ldap_pvt_thread_mutex_t chk_syntax_mutex;
 
+enum {
+	PPOLICY_DEFAULT = 1,
+	PPOLICY_HASH_CLEARTEXT,
+	PPOLICY_USE_LOCKOUT
+};
+
+static ConfigDriver ppolicy_cf_default;
+
+static ConfigTable ppolicycfg[] = {
+	{ "ppolicy_default", "policyDN", 2, 2, 0,
+	  ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
+	  "( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
+	  "DESC 'DN of a pwdPolicy object for uncustomized objects' "
+	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+	{ "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
+	  (void *)offsetof(pp_info,hash_passwords),
+	  "( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
+	  "DESC 'Hash passwords on add or modify' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
+	  (void *)offsetof(pp_info,use_lockout),
+	  "( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
+	  "DESC 'Warn clients with AccountLocked' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs ppolicyocs[] = {
+	{ "( OLcfgOvOc:12.1 "
+	  "NAME 'olcPPolicyConfig' "
+	  "DESC 'Password Policy configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
+	  "olcPPolicyUseLockout ) )",
+	  Cft_Overlay, ppolicycfg },
+	{ NULL, 0, NULL }
+};
+
+static int
+ppolicy_cf_default( ConfigArgs *c )
+{
+	slap_overinst *on = (slap_overinst *)c->bi;
+	pp_info *pi = (pp_info *)on->on_bi.bi_private;
+	BackendDB *be = (BackendDB *)c->be;
+	const char *text;
+	int rc = ARG_BAD_CONF;
+
+	assert ( c->type == PPOLICY_DEFAULT );
+	Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0);
+
+	switch ( c->op ) {
+	case SLAP_CONFIG_EMIT:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0);
+		rc = 0;
+		if ( !BER_BVISEMPTY( &pi->def_policy )) {
+			rc = value_add_one( &c->rvalue_vals,
+					    &pi->def_policy );
+			if ( rc ) return rc;
+			rc = value_add_one( &c->rvalue_nvals,
+					    &pi->def_policy );
+		}
+		break;
+	case LDAP_MOD_DELETE:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0);
+		if ( pi->def_policy.bv_val ) {
+			ber_memfree ( pi->def_policy.bv_val );
+			pi->def_policy.bv_val = NULL;
+		}
+		pi->def_policy.bv_len = 0;
+		rc = 0;
+		break;
+	case SLAP_CONFIG_ADD:
+		/* fallthrough to LDAP_MOD_ADD */
+	case LDAP_MOD_ADD:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0);
+		if ( pi->def_policy.bv_val )
+			ber_memfree ( pi->def_policy.bv_val );
+		pi->def_policy = c->value_ndn;
+		rc = 0;
+		break;
+	default:
+		abort ();
+	}
+
+	return rc;
+}
+
 static time_t
 parse_time( char *atm )
 {
@@ -2041,54 +2131,6 @@
 	return 0;
 }
 
-static int
-ppolicy_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
-{
-	slap_overinst *on = (slap_overinst *) be->bd_info;
-	pp_info *pi = on->on_bi.bi_private;
-	struct berval dn;
-	
-
-	if ( strcasecmp( argv[0], "ppolicy_default" ) == 0 ) {
-		if ( argc != 2 ) {
-			fprintf( stderr, "%s: line %d: invalid arguments in \"ppolicy_default"
-				" <policyDN>\n", fname, lineno );
-			return ( 1 );
-		}
-		ber_str2bv( argv[1], 0, 0, &dn );
-		if ( dnNormalize( 0, NULL, NULL, &dn, &pi->def_policy, NULL ) ) {
-			fprintf( stderr, "%s: line %d: policyDN is invalid\n",
-				fname, lineno );
-			return 1;
-		}
-		return 0;
-
-	} else if ( strcasecmp( argv[0], "ppolicy_use_lockout" ) == 0 ) {
-		if ( argc != 1 ) {
-			fprintf( stderr, "%s: line %d: ppolicy_use_lockout "
-				"takes no arguments\n", fname, lineno );
-			return ( 1 );
-		}
-		pi->use_lockout = 1;
-		return 0;
-	} else if ( strcasecmp( argv[0], "ppolicy_hash_cleartext" ) == 0 ) {
-		if ( argc != 1 ) {
-			fprintf( stderr, "%s: line %d: ppolicy_hash_cleartext "
-				"takes no arguments\n", fname, lineno );
-			return ( 1 );
-		}
-		pi->hash_passwords = 1;
-		return 0;
-	}
-	return SLAP_CONF_UNKNOWN;
-}
-
 static char *extops[] = {
 	LDAP_EXOP_MODIFY_PASSWD,
 	NULL
@@ -2140,7 +2182,6 @@
 	ppolicy.on_bi.bi_type = "ppolicy";
 	ppolicy.on_bi.bi_db_init = ppolicy_db_init;
 	ppolicy.on_bi.bi_db_open = ppolicy_db_open;
-	ppolicy.on_bi.bi_db_config = ppolicy_config;
 	ppolicy.on_bi.bi_db_close = ppolicy_close;
 
 	ppolicy.on_bi.bi_op_add = ppolicy_add;
@@ -2151,6 +2192,10 @@
 	ppolicy.on_bi.bi_op_search = ppolicy_restrict;
 	ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy;
 
+	ppolicy.on_bi.bi_cf_ocs = ppolicyocs;
+	code = config_register_schema( ppolicycfg, ppolicyocs );
+	if ( code ) return code;
+
 	return overlay_register( &ppolicy );
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/refint.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/refint.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* refint.c - referential integrity module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.7.2.10 2006/05/11 17:04:27 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.7.2.13 2007/03/20 20:38:55 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Symas Corporation.
  * All rights reserved.
  *
@@ -144,19 +144,19 @@
 			ip->attr = ad;
 			ip->next = id->attrs;
 			id->attrs = ip;
-			Debug(LDAP_DEBUG_ANY, "%s: line %d: new attribute <%s>\n",
+			Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new attribute <%s>\n",
 				fname, lineno, argv[i]);
 		}
 	} else if(!strcasecmp(*argv, "refint_base")) {
 		/* XXX only one basedn (yet) - need validate argument! */
 		if(id->dn.bv_val) ch_free(id->dn.bv_val);
 		ber_str2bv( argv[1], 0, 0, &dn );
-		Debug(LDAP_DEBUG_ANY, "%s: line %d: new baseDN <%s>\n",
-			fname, lineno, argv[1]);
 		if(dnNormalize(0, NULL, NULL, &dn, &id->dn, NULL)) {
 			Debug(LDAP_DEBUG_ANY, "%s: line %d: bad baseDN!\n", fname, lineno, 0);
 			return(1);
 		}
+		Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new baseDN <%s>\n",
+			fname, lineno, argv[1]);
 	} else if(!strcasecmp(*argv, "refint_nothing")) {
 		if(id->nothing.bv_val) ch_free(id->nothing.bv_val);
 		if(id->nnothing.bv_val) ch_free(id->nnothing.bv_val);
@@ -165,7 +165,7 @@
 			Debug(LDAP_DEBUG_ANY, "%s: line %d: bad nothingDN!\n", fname, lineno, 0);
 			return(1);
 		}
-		Debug(LDAP_DEBUG_ANY, "%s: line %d: new nothingDN<%s>\n",
+		Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new nothingDN<%s>\n",
 			fname, lineno, argv[1]);
 	} else {
 		return(SLAP_CONF_UNKNOWN);

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* retcode.c - customizable response for client testing purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/retcode.c,v 1.4.2.8 2006/06/02 13:15:49 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/retcode.c,v 1.4.2.9 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions Copyright 2005 Pierangelo Masarati <ando at sys-net.it>
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.15 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.18 2007/01/05 09:47:11 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -26,9 +26,106 @@
 #include "slap.h"
 #include "rwm.h"
 
+typedef struct rwm_op_state {
+	ber_tag_t r_tag;
+	struct berval ro_dn;
+	struct berval ro_ndn;
+	struct berval r_dn;
+	struct berval r_ndn;
+	OpRequest o_request;
+} rwm_op_state;
+
 static int
-rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
+rwm_db_destroy( BackendDB *be );
+
+typedef struct rwm_op_cb {
+	slap_callback cb;
+	rwm_op_state ros;
+} rwm_op_cb;
+
+static int
+rwm_op_cleanup( Operation *op, SlapReply *rs )
 {
+	slap_callback	*cb = op->o_callback;
+	rwm_op_state *ros = cb->sc_private;
+
+	if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
+		op->o_abandon || rs->sr_err == SLAPD_ABANDON ) {
+
+		op->o_req_dn = ros->ro_dn;
+		op->o_req_ndn = ros->ro_ndn;
+
+		if ( !BER_BVISEMPTY( &ros->r_dn )) ch_free( ros->r_dn.bv_val );
+		if ( !BER_BVISEMPTY( &ros->r_ndn )) ch_free( ros->r_ndn.bv_val );
+
+		switch( ros->r_tag ) {
+		case LDAP_REQ_COMPARE:
+			if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
+				op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
+			op->orc_ava = ros->orc_ava;
+			break;
+		case LDAP_REQ_MODIFY:
+			slap_mods_free( op->orm_modlist, 1 );
+			op->orm_modlist = ros->orm_modlist;
+			break;
+		case LDAP_REQ_MODRDN:
+			if ( op->orr_newSup != ros->orr_newSup ) {
+				ch_free( op->orr_newSup->bv_val );
+				ch_free( op->orr_nnewSup->bv_val );
+				op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+				op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+				op->orr_newSup = ros->orr_newSup;
+				op->orr_nnewSup = ros->orr_nnewSup;
+			}
+			break;
+		case LDAP_REQ_SEARCH:
+			ch_free( op->ors_attrs );
+			filter_free_x( op, op->ors_filter );
+			ch_free( op->ors_filterstr.bv_val );
+			op->ors_attrs = ros->ors_attrs;
+			op->ors_filter = ros->ors_filter;
+			op->ors_filterstr = ros->ors_filterstr;
+			break;
+		case LDAP_REQ_EXTENDED:
+			if ( op->ore_reqdata != ros->ore_reqdata ) {
+				ber_bvfree( op->ore_reqdata );
+				op->ore_reqdata = ros->ore_reqdata;
+			}
+			break;
+		default:	break;
+		}
+		op->o_callback = op->o_callback->sc_next;
+		op->o_tmpfree( cb, op->o_tmpmemctx );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static rwm_op_cb *
+rwm_callback_get( Operation *op, SlapReply *rs )
+{
+	rwm_op_cb	*roc = NULL;
+
+	roc = op->o_tmpalloc( sizeof( struct rwm_op_cb ), op->o_tmpmemctx );
+	roc->cb.sc_cleanup = rwm_op_cleanup;
+	roc->cb.sc_response = NULL;
+	roc->cb.sc_next = op->o_callback;
+	roc->cb.sc_private = &roc->ros;
+	roc->ros.r_tag = op->o_tag;
+	roc->ros.ro_dn = op->o_req_dn;
+	roc->ros.ro_ndn = op->o_req_ndn;
+	roc->ros.o_request = op->o_request;
+	BER_BVZERO( &roc->ros.r_dn );
+	BER_BVZERO( &roc->ros.r_ndn );
+
+	return roc;
+}
+
+
+static int
+rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie,
+	rwm_op_state *ros )
+{
 	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
 	struct ldaprwmap	*rwmap = 
 			(struct ldaprwmap *)on->on_bi.bi_private;
@@ -74,12 +171,12 @@
 	}
 
 	if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
-		op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
 		op->o_req_dn = dn;
+		ros->r_dn  = dn;
 	} else {
 		op->o_req_dn = ndn;
 	}
-	op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+	ros->r_ndn = ndn;
 	op->o_req_ndn = ndn;
 
 	return LDAP_SUCCESS;
@@ -98,11 +195,13 @@
 	char			*olddn = op->o_req_dn.bv_val;
 	int			isupdate;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "addDN" );
+	rc = rwm_op_dn_massage( op, rs, "addDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -222,7 +321,8 @@
 		attr_free( a );
 	}
 
-	/* TODO: map attribute types, values of DN-valued attributes ... */
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -258,11 +358,13 @@
 	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
 	int			rc;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "bindDN" );
+	rc = rwm_op_dn_massage( op, rs, "bindDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -270,6 +372,8 @@
 		return -1;
 	}
 
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -295,14 +399,15 @@
 			(struct ldaprwmap *)on->on_bi.bi_private;
 
 	int			rc;
-	struct berval		mapped_at = BER_BVNULL,
-				mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
+	struct berval mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "compareDN" );
+	rc = rwm_op_dn_massage( op, rs, "compareDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -323,9 +428,9 @@
 			return -1;
 
 		} else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
-			ber_bvreplace_x( &op->orc_ava->aa_value, &mapped_vals[0], op->o_tmpmemctx );
+			ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
+				op->o_tmpmemctx );
 		}
-		mapped_at = op->orc_ava->aa_desc->ad_cname;
 
 	} else {
 		struct ldapmapping	*mapping = NULL;
@@ -373,13 +478,15 @@
 				 * already freed the old value, so now 
 				 * it's invalid */
 				ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
-						op->o_tmpmemctx );
+					op->o_tmpmemctx );
 				ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL );
 			}
 		}
 		op->orc_ava->aa_desc = ad;
 	}
 
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -389,11 +496,13 @@
 	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
 	int			rc;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "deleteDN" );
+	rc = rwm_op_dn_massage( op, rs, "deleteDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -401,6 +510,8 @@
 		return -1;
 	}
 
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -415,11 +526,13 @@
 	Modifications		**mlp;
 	int			rc;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "modifyDN" );
+	rc = rwm_op_dn_massage( op, rs, "modifyDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -433,8 +546,13 @@
 		Modifications		*ml;
 		struct ldapmapping	*mapping = NULL;
 
-		if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass 
-				|| (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
+		/* duplicate the modlist */
+		ml = ch_malloc( sizeof( Modifications ));
+		*ml = **mlp;
+		*mlp = ml;
+
+		if ( ml->sml_desc == slap_schema.si_ad_objectClass 
+				|| ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
 		{
 			is_oc = 1;
 
@@ -446,7 +564,7 @@
 			int			drop_missing;
 
 			drop_missing = rwm_mapping( &rwmap->rwm_at,
-					&(*mlp)->sml_desc->ad_cname,
+					&ml->sml_desc->ad_cname,
 					&mapping, RWM_MAP );
 			if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
 			{
@@ -454,18 +572,36 @@
 			}
 		}
 
-		if ( (*mlp)->sml_values != NULL ) {
+		if ( ml->sml_values != NULL ) {
+			int i, num;
+			struct berval *bva;
+
+			for ( num = 0; !BER_BVISNULL( &ml->sml_values[ num ] ); num++ )
+				/* count values */ ;
+
+			bva = ch_malloc( (num+1) * sizeof( struct berval ));
+			for (i=0; i<num; i++)
+				ber_dupbv( &bva[i], &ml->sml_values[i] );
+			BER_BVZERO( &bva[i] );
+			ml->sml_values = bva;
+
+			if ( ml->sml_nvalues ) {
+				bva = ch_malloc( (num+1) * sizeof( struct berval ));
+				for (i=0; i<num; i++)
+					ber_dupbv( &bva[i], &ml->sml_nvalues[i] );
+				BER_BVZERO( &bva[i] );
+				ml->sml_nvalues = bva;
+			}
+
 			if ( is_oc ) {
 				int	last, j;
 
-				for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
-					/* count values */ ;
-				last--;
+				last = num-1;
 
-				for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
+				for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
 					struct ldapmapping	*oc_mapping = NULL;
 		
-					( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
+					( void )rwm_mapping( &rwmap->rwm_oc, &ml->sml_values[ j ],
 							&oc_mapping, RWM_MAP );
 					if ( oc_mapping == NULL ) {
 						if ( rwmap->rwm_at.drop_missing ) {
@@ -473,47 +609,47 @@
 							 * if the resulting entry is inconsistent, that's
 							 * the relayed database's business...
 							 */
-							ch_free( (*mlp)->sml_values[ j ].bv_val );
 							if ( last > j ) {
-								(*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
+								ch_free( ml->sml_values[ j ].bv_val );
+								ml->sml_values[ j ] = ml->sml_values[ last ];
 							}
-							BER_BVZERO( &(*mlp)->sml_values[ last ] );
+							BER_BVZERO( &ml->sml_values[ last ] );
 							last--;
 							j--;
 						}
 	
 					} else {
-						ch_free( (*mlp)->sml_values[ j ].bv_val );
-						ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
+						ch_free( ml->sml_values[ j ].bv_val );
+						ber_dupbv( &ml->sml_values[ j ], &oc_mapping->m_dst );
 					}
 				}
 
 			} else {
-				if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+				if ( ml->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
 						|| ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
 				{
 #ifdef ENABLE_REWRITE
 					rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
-							(*mlp)->sml_values,
-							(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+							ml->sml_values,
+							ml->sml_nvalues ? &ml->sml_nvalues : NULL );
 #else /* ! ENABLE_REWRITE */
 					rc = 1;
 					rc = rwm_dnattr_rewrite( op, rs, &rc, 
-							(*mlp)->sml_values,
-							(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+							ml->sml_values,
+							ml->sml_nvalues ? &ml->sml_nvalues : NULL );
 #endif /* ! ENABLE_REWRITE */
 
-				} else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
+				} else if ( ml->sml_desc == slap_schema.si_ad_ref ) {
 #ifdef ENABLE_REWRITE
 					rc = rwm_referral_rewrite( op, rs,
 							"referralAttrDN",
-							(*mlp)->sml_values,
-							(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+							ml->sml_values,
+							ml->sml_nvalues ? &ml->sml_nvalues : NULL );
 #else /* ! ENABLE_REWRITE */
 					rc = 1;
 					rc = rwm_referral_rewrite( op, rs, &rc,
-							(*mlp)->sml_values,
-							(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+							ml->sml_values,
+							ml->sml_nvalues ? &ml->sml_nvalues : NULL );
 #endif /* ! ENABLE_REWRITE */
 					if ( rc != LDAP_SUCCESS ) {
 						goto cleanup_mod;
@@ -530,10 +666,10 @@
 		if ( mapping != NULL ) {
 			/* use new attribute description */
 			assert( mapping->m_dst_ad != NULL );
-			(*mlp)->sml_desc = mapping->m_dst_ad;
+			ml->sml_desc = mapping->m_dst_ad;
 		}
 
-		mlp = &(*mlp)->sml_next;
+		mlp = &ml->sml_next;
 		continue;
 
 cleanup_mod:;
@@ -543,6 +679,8 @@
 		free( ml );
 	}
 
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -555,6 +693,8 @@
 	
 	int			rc;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 	if ( op->orr_newSup ) {
 		dncookie	dc;
 		struct berval	nnewSup = BER_BVNULL;
@@ -582,8 +722,10 @@
 		}
 
 		if ( op->orr_newSup->bv_val != newSup.bv_val ) {
-			op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
-			op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
+			op->orr_newSup = op->o_tmpalloc( sizeof( struct berval ),
+				op->o_tmpmemctx );
+			op->orr_nnewSup = op->o_tmpalloc( sizeof( struct berval ),
+				op->o_tmpmemctx );
 			*op->orr_newSup = newSup;
 			*op->orr_nnewSup = nnewSup;
 		}
@@ -593,61 +735,43 @@
 	 * Rewrite the dn, if needed
  	 */
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "renameDN" );
+	rc = rwm_op_dn_massage( op, rs, "renameDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 		send_ldap_error( op, rs, rc, "renameDN massage error" );
+		if ( op->orr_newSup != roc->ros.orr_newSup ) {
+			ch_free( op->orr_newSup->bv_val );
+			ch_free( op->orr_nnewSup->bv_val );
+			op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+			op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+			op->orr_newSup = roc->ros.orr_newSup;
+			op->orr_nnewSup = roc->ros.orr_nnewSup;
+		}
 		return -1;
 	}
 
 	/* TODO: rewrite newRDN, attribute types, 
 	 * values of DN-valued attributes ... */
-	return SLAP_CB_CONTINUE;
-}
 
-static slap_callback	rwm_cb;
+	op->o_callback = &roc->cb;
 
-static void
-rwm_keyfree(
-	void		*key,
-	void		*data )
-{
-	ber_memfree_x( data, NULL );
+	return SLAP_CB_CONTINUE;
 }
 
-static slap_callback *
-rwm_callback_get( Operation *op )
-{
-	void		*data = NULL;
 
-	if ( op->o_threadctx == NULL ) {
-		return &rwm_cb;
-	}
-
-	ldap_pvt_thread_pool_getkey( op->o_threadctx,
-			rwm_keyfree, &data, NULL );
-	if ( data == NULL ) {
-		data = ch_calloc( sizeof( slap_callback ), 1 );
-		ldap_pvt_thread_pool_setkey( op->o_threadctx,
-				rwm_keyfree, data, rwm_keyfree );
-	}
-
-	return (slap_callback *)data;
-}
-
 static int
 rwm_swap_attrs( Operation *op, SlapReply *rs )
 {
 	slap_callback	*cb = op->o_callback;
-	AttributeName	*an = (AttributeName *)cb->sc_private;
+	rwm_op_state *ros = cb->sc_private;
 
-	rs->sr_attrs = an;
+	rs->sr_attrs = ros->ors_attrs;
 	
-	return SLAP_CB_CONTINUE;
+ 	return SLAP_CB_CONTINUE;
 }
 
 static int
@@ -663,19 +787,20 @@
 	struct berval		fstr = BER_BVNULL;
 	Filter			*f = NULL;
 
-	slap_callback		*cb = NULL;
 	AttributeName		*an = NULL;
 
 	char			*text = NULL;
 
+	rwm_op_cb *roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
 	rc = rewrite_session_var_set( rwmap->rwm_rw, op->o_conn,
 		"searchFilter", op->ors_filterstr.bv_val );
 	if ( rc == LDAP_SUCCESS )
-		rc = rwm_op_dn_massage( op, rs, "searchDN" );
+		rc = rwm_op_dn_massage( op, rs, "searchDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		text = "searchDN massage error";
@@ -708,14 +833,6 @@
 		goto error_return;
 	}
 
-	if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
-		ch_free( op->ors_filterstr.bv_val );
-	}
-
-	if( op->ors_filter ) {
-		filter_free_x( op, op->ors_filter );
-	}
-
 	op->ors_filter = f;
 	op->ors_filterstr = fstr;
 
@@ -726,16 +843,11 @@
 		goto error_return;
 	}
 
-	cb = rwm_callback_get( op );
+	op->ors_attrs = an;
+	roc->cb.sc_response = rwm_swap_attrs;
 
-	cb->sc_response = rwm_swap_attrs;
-	cb->sc_cleanup = NULL;
-	cb->sc_private = (void *)op->ors_attrs;
-	cb->sc_next = op->o_callback;
+	op->o_callback = &roc->cb;
 
-	op->o_callback = cb;
-	op->ors_attrs = an;
-
 	return SLAP_CB_CONTINUE;
 
 error_return:;
@@ -751,6 +863,8 @@
 		ch_free( fstr.bv_val );
 	}
 
+	op->oq_search = roc->ros.oq_search;
+
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	send_ldap_error( op, rs, rc, text );
 
@@ -759,16 +873,129 @@
 }
 
 static int
+rwm_exop_passwd( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
+	int			rc;
+	rwm_op_cb *roc;
+
+	struct berval	id = BER_BVNULL,
+			pwold = BER_BVNULL,
+			pwnew = BER_BVNULL;
+	BerElement *ber = NULL;
+
+	if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
+		return LDAP_SUCCESS;
+	}
+
+	if ( !SLAP_ISGLOBALOVERLAY( op->o_bd ) ) {
+		rs->sr_err = LDAP_OTHER;
+		return rs->sr_err;
+	}
+
+	rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
+		&pwold, &pwnew, &rs->sr_text );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return rs->sr_err;
+	}
+
+	if ( !BER_BVISNULL( &id ) ) {
+		rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
+				&op->o_req_ndn, op->o_tmpmemctx );
+		if ( rs->sr_err != LDAP_SUCCESS ) {
+			rs->sr_text = "Invalid DN";
+			return rs->sr_err;
+		}
+
+	} else {
+		ber_dupbv_x( &op->o_req_dn, &op->o_dn, op->o_tmpmemctx );
+		ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx );
+	}
+
+	roc = rwm_callback_get( op, rs );
+
+#ifdef ENABLE_REWRITE
+	rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
+#else /* ! ENABLE_REWRITE */
+	rc = 1;
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
+#endif /* ! ENABLE_REWRITE */
+	if ( rc != LDAP_SUCCESS ) {
+		op->o_bd->bd_info = (BackendInfo *)on->on_info;
+		send_ldap_error( op, rs, rc, "extendedDN massage error" );
+		return -1;
+	}
+
+	ber = ber_alloc_t( LBER_USE_DER );
+	if ( !ber ) {
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "No memory";
+		return rs->sr_err;
+	}
+	ber_printf( ber, "{" );
+	if ( !BER_BVISNULL( &id )) {
+		ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, 
+			&op->o_req_dn );
+	}
+	if ( !BER_BVISNULL( &pwold )) {
+		ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &pwold );
+	}
+	if ( !BER_BVISNULL( &pwnew )) {
+		ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &pwnew );
+	}
+	ber_printf( ber, "N}" );
+	ber_flatten( ber, &op->ore_reqdata );
+	ber_free( ber, 1 );
+
+	op->o_callback = &roc->cb;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static struct exop {
+	struct berval	oid;
+	BI_op_extended	*extended;
+} exop_table[] = {
+	{ BER_BVC(LDAP_EXOP_MODIFY_PASSWD),	rwm_exop_passwd },
+	{ BER_BVNULL, NULL }
+};
+
+static int
 rwm_extended( Operation *op, SlapReply *rs )
 {
 	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
 	int			rc;
+	rwm_op_cb *roc;
 
+	int	i;
+
+	for ( i = 0; exop_table[i].extended != NULL; i++ ) {
+		if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
+		{
+			rc = exop_table[i].extended( op, rs );
+			switch ( rc ) {
+			case LDAP_SUCCESS:
+				break;
+
+			case SLAP_CB_CONTINUE:
+			case SLAPD_ABANDON:
+				return rc;
+
+			default:
+				send_ldap_result( op, rs );
+				return rc;
+			}
+			break;
+		}
+	}
+
+	roc = rwm_callback_get( op, rs );
+
 #ifdef ENABLE_REWRITE
-	rc = rwm_op_dn_massage( op, rs, "extendedDN" );
+	rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
 #else /* ! ENABLE_REWRITE */
 	rc = 1;
-	rc = rwm_op_dn_massage( op, rs, &rc );
+	rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
 #endif /* ! ENABLE_REWRITE */
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -777,6 +1004,8 @@
 	}
 
 	/* TODO: rewrite/map extended data ? ... */
+	op->o_callback = &roc->cb;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -1150,12 +1379,11 @@
 
 static int
 rwm_rw_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
 {
 #ifdef ENABLE_REWRITE
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
@@ -1175,12 +1403,11 @@
 
 static int
 rwm_suffixmassage_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
 {
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
 	struct ldaprwmap	*rwmap = 
@@ -1269,12 +1496,11 @@
 
 static int
 rwm_m_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
 {
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
 	struct ldaprwmap	*rwmap = 
@@ -1301,16 +1527,6 @@
 
 	switch( op->o_tag ) {
 	case LDAP_REQ_SEARCH:
-		/* Note: the operation attrs are remapped */
-		if ( rs->sr_type == REP_RESULT
-				&& op->ors_attrs != NULL
-				&& op->ors_attrs != rs->sr_attrs )
-		{
-			ch_free( op->ors_attrs );
-			op->ors_attrs = rs->sr_attrs;
-		}
-		/* fall thru */
-
 	case LDAP_REQ_BIND:
 	case LDAP_REQ_ADD:
 	case LDAP_REQ_DELETE:
@@ -1352,12 +1568,11 @@
 
 static int
 rwm_db_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
 {
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
 	struct ldaprwmap	*rwmap = 
@@ -1425,23 +1640,22 @@
 
 static int
 rwm_db_init(
-	BackendDB *be
-)
+	BackendDB	*be )
 {
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
-	struct ldapmapping	*mapping = NULL;
 	struct ldaprwmap	*rwmap;
 #ifdef ENABLE_REWRITE
 	char			*rargv[ 3 ];
 #endif /* ENABLE_REWRITE */
+	int			rc = 0;
 
 	rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
 
 #ifdef ENABLE_REWRITE
  	rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
 	if ( rwmap->rwm_rw == NULL ) {
- 		ch_free( rwmap );
- 		return -1;
+ 		rc = -1;
+		goto error_return;
  	}
 
 	/* this rewriteContext by default must be null;
@@ -1457,21 +1671,19 @@
 	rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
 #endif /* ENABLE_REWRITE */
 
-	if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
-			rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
-	{
-		return 1;
+error_return:;
+	on->on_bi.bi_private = (void *)rwmap;
+
+	if ( rc ) {
+		(void)rwm_db_destroy( be );
 	}
 
-	on->on_bi.bi_private = (void *)rwmap;
-
-	return 0;
+	return rc;
 }
 
 static int
 rwm_db_destroy(
-	BackendDB *be
-)
+	BackendDB	*be )
 {
 	slap_overinst	*on = (slap_overinst *) be->bd_info;
 	int		rc = 0;
@@ -1503,8 +1715,11 @@
 
 static slap_overinst rwm = { { NULL } };
 
+#if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
 int
-rwm_initialize(void)
+rwm_initialize( void )
 {
 	memset( &rwm, 0, sizeof( slap_overinst ) );
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* rwm.h - dn rewrite/attribute mapping header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.9.2.4 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.9.2.5 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* rwmconf.c - rewrite/map configuration file routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.16.2.7 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.16.2.9 2007/01/05 09:47:11 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -47,6 +47,7 @@
 	struct ldapmapping	*mapping;
 	char			*src, *dst;
 	int			is_oc = 0;
+	int			rc = 0;
 
 	if ( argc < 3 || argc > 4 ) {
 		fprintf( stderr,
@@ -73,7 +74,7 @@
 	if ( strcmp( argv[2], "*" ) == 0 ) {
 		if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
 			map->drop_missing = ( argc < 4 );
-			return 0;
+			goto success_return;
 		}
 		src = dst = argv[3];
 
@@ -230,8 +231,14 @@
 	avl_insert( &map->remap, (caddr_t)&mapping[1],
 				rwm_mapping_cmp, rwm_mapping_dup );
 
-	return 0;
+success_return:;
+	if ( !is_oc && map->map == NULL ) {
+		/* only init if required */
+		rc = rwm_map_init( map, &mapping ) != LDAP_SUCCESS;
+	}
 
+	return rc;
+
 error_return:;
 	if ( mapping ) {
 		rwm_mapping_free( mapping );

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* rwmdn.c - massages dns */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmdn.c,v 1.11.2.7 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmdn.c,v 1.11.2.8 2007/01/02 21:44:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* rwmmap.c - rewrite/mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.10 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.14 2007/02/26 22:59:55 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -84,6 +84,7 @@
 	/* FIXME: I don't think this is needed any more... */
 	rc = slap_str2ad( "objectClass", &mapping[0].m_src_ad, &text );
 	if ( rc != LDAP_SUCCESS ) {
+		ch_free( mapping );
 		return rc;
 	}
 
@@ -112,6 +113,10 @@
 	Avlnode *tree;
 	struct ldapmapping fmapping;
 
+	if ( map == NULL ) {
+		return 0;
+	}
+
 	assert( m != NULL );
 
 	if ( remap == RWM_REMAP ) {
@@ -137,6 +142,13 @@
 {
 	struct ldapmapping *mapping;
 
+	/* map->map may be NULL when mapping is configured,
+	 * but map->remap can't */
+	if ( map->remap == NULL ) {
+		*bv = *s;
+		return;
+	}
+
 	BER_BVZERO( bv );
 	( void )rwm_mapping( map, s, &mapping, remap );
 	if ( mapping != NULL ) {
@@ -449,6 +461,7 @@
 {
 	int		i;
 	Filter		*p;
+	AttributeDescription *ad;
 	struct berval	atmp,
 			vtmp,
 			*tmp;
@@ -475,7 +488,8 @@
 
 	switch ( f->f_choice ) {
 	case LDAP_FILTER_EQUALITY:
-		if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+		ad = f->f_av_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					&f->f_av_value, &vtmp, RWM_MAP ) )
 		{
 			goto computed;
@@ -485,13 +499,14 @@
 		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ch_free( vtmp.bv_val );
 		break;
 
 	case LDAP_FILTER_GE:
-		if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+		ad = f->f_av_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					&f->f_av_value, &vtmp, RWM_MAP ) )
 		{
 			goto computed;
@@ -501,13 +516,14 @@
 		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ch_free( vtmp.bv_val );
 		break;
 
 	case LDAP_FILTER_LE:
-		if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+		ad = f->f_av_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					&f->f_av_value, &vtmp, RWM_MAP ) )
 		{
 			goto computed;
@@ -517,13 +533,14 @@
 		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ch_free( vtmp.bv_val );
 		break;
 
 	case LDAP_FILTER_APPROX:
-		if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+		ad = f->f_av_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					&f->f_av_value, &vtmp, RWM_MAP ) )
 		{
 			goto computed;
@@ -533,13 +550,14 @@
 		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
-			atmp.bv_val, vtmp.bv_val );
+			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
 
 		ch_free( vtmp.bv_val );
 		break;
 
 	case LDAP_FILTER_SUBSTRINGS:
-		if ( map_attr_value( dc, &f->f_sub_desc, &atmp,
+		ad = f->f_sub_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					NULL, NULL, RWM_MAP ) )
 		{
 			goto computed;
@@ -563,7 +581,7 @@
 
 			snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
 				/* "(attr=" */ "%s*)",
-				vtmp.bv_val );
+				vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ch_free( vtmp.bv_val );
 		}
@@ -578,7 +596,7 @@
 
 				snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
 					/* "(attr=[init]*[any*]" */ "%s*)",
-					vtmp.bv_val );
+					vtmp.bv_len ? vtmp.bv_val : "" );
 				ch_free( vtmp.bv_val );
 			}
 		}
@@ -593,7 +611,7 @@
 
 			snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
 				/* "(attr=[init*][any*]" */ "%s)",
-				vtmp.bv_val );
+				vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ch_free( vtmp.bv_val );
 		}
@@ -601,7 +619,8 @@
 		break;
 
 	case LDAP_FILTER_PRESENT:
-		if ( map_attr_value( dc, &f->f_desc, &atmp,
+		ad = f->f_desc;
+		if ( map_attr_value( dc, &ad, &atmp,
 					NULL, NULL, RWM_MAP ) )
 		{
 			goto computed;
@@ -638,7 +657,7 @@
 			fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
 
 			snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, 
-				/*"("*/ "%s)", vtmp.bv_val );
+				/*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
 
 			ch_free( vtmp.bv_val );
 		}
@@ -647,7 +666,8 @@
 
 	case LDAP_FILTER_EXT: {
 		if ( f->f_mr_desc ) {
-			if ( map_attr_value( dc, &f->f_mr_desc, &atmp,
+			ad = f->f_mr_desc;
+			if ( map_attr_value( dc, &ad, &atmp,
 						&f->f_mr_value, &vtmp, RWM_MAP ) )
 			{
 				goto computed;
@@ -670,7 +690,7 @@
 			f->f_mr_dnattrs ? ":dn" : "",
 			!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
 			!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
-			vtmp.bv_val );
+			vtmp.bv_len ? vtmp.bv_val : "" );
 		ch_free( vtmp.bv_val );
 		break;
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 /* seqmod.c - sequenced modifies */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.38 2006/10/31 18:32:36 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.42 2007/02/07 01:51:36 hyc Exp $ */
 /* syncprov.c - syncrepl provider */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -127,7 +127,7 @@
 	time_t	si_chklast;	/* time of last checkpoint */
 	Avlnode	*si_mods;	/* entries being modified */
 	sessionlog	*si_logs;
-	ldap_pvt_thread_mutex_t	si_csn_mutex;
+	ldap_pvt_thread_rdwr_t	si_csn_rwlock;
 	ldap_pvt_thread_mutex_t	si_ops_mutex;
 	ldap_pvt_thread_mutex_t	si_mods_mutex;
 	char		si_ctxcsnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
@@ -580,7 +580,7 @@
 	char buf[LDAP_LUTIL_CSNSTR_BUFSIZE + STRLENOF("(entryCSN<=)")];
 	char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
 	struct berval maxcsn;
-	Filter cf, af;
+	Filter cf;
 #ifdef LDAP_COMP_MATCH
 	AttributeAssertion eq = { NULL, BER_BVNULL, NULL };
 #else
@@ -652,14 +652,8 @@
 		cb.sc_response = findcsn_cb;
 		break;
 	case FIND_PRESENT:
-		af.f_choice = LDAP_FILTER_AND;
-		af.f_next = NULL;
-		af.f_and = &cf;
-		cf.f_choice = LDAP_FILTER_LE;
-		cf.f_av_value = srs->sr_state.ctxcsn;
-		cf.f_next = op->ors_filter;
-		fop.ors_filter = &af;
-		filter2bv_x( &fop, fop.ors_filter, &fop.ors_filterstr );
+		fop.ors_filter = op->ors_filter;
+		fop.ors_filterstr = op->ors_filterstr;
 		fop.ors_attrsonly = 0;
 		fop.ors_attrs = uuid_anlist;
 		fop.ors_slimit = SLAP_NO_LIMIT;
@@ -703,7 +697,6 @@
 		break;
 	case FIND_PRESENT:
 		op->o_tmpfree( pcookie.uuids, op->o_tmpmemctx );
-		op->o_tmpfree( fop.ors_filterstr.bv_val, op->o_tmpmemctx );
 		break;
 	}
 
@@ -774,7 +767,7 @@
 			rs.sr_flags = REP_ENTRY_MUSTRELEASE;
 		if ( opc->sreference ) {
 			rs.sr_ref = get_entry_referrals( op, rs.sr_entry );
-			send_search_reference( op, &rs );
+			rs.sr_err = send_search_reference( op, &rs );
 			ber_bvarray_free( rs.sr_ref );
 			if ( !rs.sr_entry )
 				*e = NULL;
@@ -786,7 +779,7 @@
 		if ( rs.sr_entry->e_private )
 			rs.sr_flags = REP_ENTRY_MUSTRELEASE;
 		rs.sr_attrs = op->ors_attrs;
-		send_search_entry( op, &rs );
+		rs.sr_err = send_search_entry( op, &rs );
 		if ( !rs.sr_entry )
 			*e = NULL;
 		break;
@@ -798,9 +791,9 @@
 		if ( opc->sreference ) {
 			struct berval bv = BER_BVNULL;
 			rs.sr_ref = &bv;
-			send_search_reference( op, &rs );
+			rs.sr_err = send_search_reference( op, &rs );
 		} else {
-			send_search_entry( op, &rs );
+			rs.sr_err = send_search_entry( op, &rs );
 		}
 		break;
 	default:
@@ -849,7 +842,10 @@
 		if ( sr->s_mode != LDAP_SYNC_DELETE ) {
 			rc = be_entry_get_rw( op, &opc.sndn, NULL, NULL, 0, &e );
 			if ( rc ) {
+				Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
+					"error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
 				ch_free( sr );
+				rc = 0;
 				continue;
 			}
 		}
@@ -878,6 +874,7 @@
 	OperationBuffer opbuf;
 	Operation *op;
 	BackendDB be;
+	int rc;
 
 	op = (Operation *) &opbuf;
 	*op = *so->s_op;
@@ -898,15 +895,20 @@
 	op->o_private = NULL;
 	op->o_callback = NULL;
 
-	(void)syncprov_qplay( op, on, so );
+	rc = syncprov_qplay( op, on, so );
 
 	/* decrement use count... */
 	syncprov_free_syncop( so );
 
 	/* wait until we get explicitly scheduled again */
 	ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
-	ldap_pvt_runqueue_stoptask( &slapd_rq, so->s_qtask );
-	ldap_pvt_runqueue_resched( &slapd_rq, so->s_qtask, 1 );
+	ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+	if ( rc == 0 ) {
+		ldap_pvt_runqueue_resched( &slapd_rq, rtask, 1 );
+	} else {
+		/* bail out on any error */
+		ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+	}
 	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
 
 	return NULL;
@@ -1243,9 +1245,9 @@
 }
 
 static void
-syncprov_checkpoint( Operation *op, SlapReply *rs, slap_overinst *on,
-	struct berval *csn )
+syncprov_checkpoint( Operation *op, SlapReply *rs, slap_overinst *on )
 {
+	syncprov_info_t		*si = on->on_bi.bi_private;
 	Modifications mod;
 	Operation opm;
 	SlapReply rsm = { 0 };
@@ -1253,12 +1255,12 @@
 	slap_callback cb = {0};
 
 	/* If ctxcsn is empty, delete it */
-	if ( BER_BVISEMPTY( csn )) {
+	if ( BER_BVISEMPTY( &si->si_ctxcsn )) {
 		mod.sml_values = NULL;
 	} else {
 		mod.sml_values = bv;
 		bv[1].bv_val = NULL;
-		bv[0] = *csn;
+		bv[0] = si->si_ctxcsn;
 	}
 	mod.sml_nvalues = NULL;
 	mod.sml_desc = slap_schema.si_ad_contextCSN;
@@ -1371,9 +1373,19 @@
 	 * and everything else at the end. Do this first so we can
 	 * unlock the list mutex.
 	 */
+	Debug( LDAP_DEBUG_SYNC, "srs csn %s\n", srs->sr_state.ctxcsn.bv_val, 0, 0 );
 	for ( se=sl->sl_head; se; se=se->se_next ) {
-		if ( ber_bvcmp( &se->se_csn, &srs->sr_state.ctxcsn ) <= 0 ) continue;
-		if ( ber_bvcmp( &se->se_csn, ctxcsn ) > 0 ) break;
+		Debug( LDAP_DEBUG_SYNC, "log csn %s\n", se->se_csn.bv_val, 0, 0 );
+		ndel = ber_bvcmp( &se->se_csn, &srs->sr_state.ctxcsn );
+		if ( ndel <= 0 ) {
+			Debug( LDAP_DEBUG_SYNC, "cmp %d, too old\n", ndel, 0, 0 );
+			continue;
+		}
+		ndel = ber_bvcmp( &se->se_csn, ctxcsn );
+		if ( ndel > 0 ) {
+			Debug( LDAP_DEBUG_SYNC, "cmp %d, too new\n", ndel, 0, 0 );
+			break;
+		}
 		if ( se->se_tag == LDAP_REQ_DELETE ) {
 			j = i;
 			i++;
@@ -1493,11 +1505,11 @@
 	{
 		struct berval maxcsn = BER_BVNULL;
 		char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
-		int do_check = 0;
+		int do_check=0;
 
 		/* Update our context CSN */
 		cbuf[0] = '\0';
-		ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+		ldap_pvt_thread_rdwr_wlock( &si->si_csn_rwlock );
 		slap_get_commit_csn( op, &maxcsn );
 		if ( !BER_BVISNULL( &maxcsn ) ) {
 			strcpy( cbuf, maxcsn.bv_val );
@@ -1510,7 +1522,7 @@
 		/* Don't do any processing for consumer contextCSN updates */
 		if ( SLAP_SYNC_SHADOW( op->o_bd ) && 
 			op->o_msgid == SLAP_SYNC_UPDATE_MSGID ) {
-			ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+			ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
 			return SLAP_CB_CONTINUE;
 		}
 
@@ -1526,15 +1538,17 @@
 				si->si_chklast = op->o_time;
 			}
 		}
-		ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+		ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
 
+		if ( do_check ) {
+			ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+			syncprov_checkpoint( op, rs, on );
+			ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+		}
+
 		opc->sctxcsn.bv_len = maxcsn.bv_len;
 		opc->sctxcsn.bv_val = cbuf;
 
-		if ( do_check ) {
-			syncprov_checkpoint( op, rs, on, &opc->sctxcsn );
-		}
-
 		/* Handle any persistent searches */
 		if ( si->si_ops ) {
 			switch(op->o_tag) {
@@ -1594,7 +1608,7 @@
 		a.a_vals = bv;
 		a.a_nvals = a.a_vals;
 
-		ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+		ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
 
 		rs->sr_err = access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
 			&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
@@ -1623,7 +1637,7 @@
 
 return_results:;
 
-		ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+		ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
 
 		send_ldap_result( op, rs );
 
@@ -1983,10 +1997,10 @@
 	}
 
 	/* snapshot the ctxcsn */
-	ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+	ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
 	strcpy( csnbuf, si->si_ctxcsnbuf );
 	ctxcsn.bv_len = si->si_ctxcsn.bv_len;
-	ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+	ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
 	ctxcsn.bv_val = csnbuf;
 	
 	/* If we have a cookie, handle the PRESENT lookups */
@@ -2143,13 +2157,13 @@
 				*ap = a;
 			}
 
-			ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+			ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
 			if ( !ap ) {
 				strcpy( a->a_vals[0].bv_val, si->si_ctxcsnbuf );
 			} else {
 				ber_dupbv( &a->a_vals[0], &si->si_ctxcsn );
 			}
-			ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+			ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
 		}
 	}
 	return SLAP_CB_CONTINUE;
@@ -2267,27 +2281,31 @@
 	switch ( c->type ) {
 	case SP_CHKPT:
 		if ( lutil_atoi( &si->si_chkops, c->argv[1] ) != 0 ) {
-			sprintf( c->msg, "%s unable to parse checkpoint ops # \"%s\"",
+			snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint ops # \"%s\"",
 				c->argv[0], c->argv[1] );
-			Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+				"%s: %s\n", c->log, c->msg, 0 );
 			return ARG_BAD_CONF;
 		}
 		if ( si->si_chkops <= 0 ) {
-			sprintf( c->msg, "%s invalid checkpoint ops # \"%d\"",
+			snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint ops # \"%d\"",
 				c->argv[0], si->si_chkops );
-			Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+				"%s: %s\n", c->log, c->msg, 0 );
 			return ARG_BAD_CONF;
 		}
 		if ( lutil_atoi( &si->si_chktime, c->argv[2] ) != 0 ) {
-			sprintf( c->msg, "%s unable to parse checkpoint time \"%s\"",
+			snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint time \"%s\"",
 				c->argv[0], c->argv[1] );
-			Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+				"%s: %s\n", c->log, c->msg, 0 );
 			return ARG_BAD_CONF;
 		}
 		if ( si->si_chktime <= 0 ) {
-			sprintf( c->msg, "%s invalid checkpoint time \"%d\"",
+			snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint time \"%d\"",
 				c->argv[0], si->si_chkops );
-			Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+				"%s: %s\n", c->log, c->msg, 0 );
 			return ARG_BAD_CONF;
 		}
 		si->si_chktime *= 60;
@@ -2297,9 +2315,10 @@
 		int size = c->value_int;
 
 		if ( size < 0 ) {
-			sprintf( c->msg, "%s size %d is negative",
+			snprintf( c->msg, sizeof( c->msg ), "%s size %d is negative",
 				c->argv[0], size );
-			Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+				"%s: %s\n", c->log, c->msg, 0 );
 			return ARG_BAD_CONF;
 		}
 		sl = si->si_logs;
@@ -2430,7 +2449,6 @@
 
 out:
 	op->o_bd->bd_info = (BackendInfo *)on;
-	ldap_pvt_thread_pool_context_reset( thrctx );
 	return 0;
 }
 
@@ -2459,8 +2477,7 @@
 		op->o_bd = be;
 		op->o_dn = be->be_rootdn;
 		op->o_ndn = be->be_rootndn;
-		syncprov_checkpoint( op, &rs, on, &si->si_ctxcsn );
-		ldap_pvt_thread_pool_context_reset( thrctx );
+		syncprov_checkpoint( op, &rs, on );
 	}
 
     return 0;
@@ -2474,9 +2491,16 @@
 	slap_overinst	*on = (slap_overinst *)be->bd_info;
 	syncprov_info_t	*si;
 
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Debug( LDAP_DEBUG_ANY,
+			"syncprov must be instantiated within a database.\n",
+			0, 0, 0 );
+		return 1;
+	}
+
 	si = ch_calloc(1, sizeof(syncprov_info_t));
 	on->on_bi.bi_private = si;
-	ldap_pvt_thread_mutex_init( &si->si_csn_mutex );
+	ldap_pvt_thread_rdwr_init( &si->si_csn_rwlock );
 	ldap_pvt_thread_mutex_init( &si->si_ops_mutex );
 	ldap_pvt_thread_mutex_init( &si->si_mods_mutex );
 	si->si_ctxcsn.bv_val = si->si_ctxcsnbuf;
@@ -2514,7 +2538,7 @@
 		}
 		ldap_pvt_thread_mutex_destroy( &si->si_mods_mutex );
 		ldap_pvt_thread_mutex_destroy( &si->si_ops_mutex );
-		ldap_pvt_thread_mutex_destroy( &si->si_csn_mutex );
+		ldap_pvt_thread_rdwr_destroy( &si->si_csn_rwlock );
 		ch_free( si );
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* translucent.c - translucent proxy module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.1.2.11 2006/09/14 22:43:55 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.1.2.13 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2005 Symas Corporation.
  * All rights reserved.
  *
@@ -232,7 +232,7 @@
 	void *private = op->o_bd->be_private;
 	Entry ne, *e = NULL, *re = NULL;
 	Attribute *a, *ax;
-	Modifications *m, *mm;
+	Modifications *m, **mm;
 	int del, rc, erc = 0;
 	slap_callback cb = { 0 };
 
@@ -275,10 +275,14 @@
 
 	if(e && rc == LDAP_SUCCESS) {
 		Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
-		for(m = op->orm_modlist; m; m = m->sml_next) {
+		for(mm = &op->orm_modlist; *mm; ) {
+			m = *mm;
 			for(a = e->e_attrs; a; a = a->a_next)
 				if(a->a_desc == m->sml_desc) break;
-			if(a) continue;		/* found local attr */
+			if(a) {
+				mm = &m->sml_next;
+				continue;		/* found local attr */
+			}
 			if(m->sml_op == LDAP_MOD_DELETE) {
 				for(a = re->e_attrs; a; a = a->a_next)
 					if(a->a_desc == m->sml_desc) break;
@@ -294,14 +298,13 @@
 				Debug(LDAP_DEBUG_TRACE,
 					"=> translucent_modify: silently dropping delete: %s\n",
 					m->sml_desc->ad_cname.bv_val, 0, 0);
-				for(mm = op->orm_modlist; mm->sml_next != m; mm = mm->sml_next);
-				mm->sml_next = m->sml_next;
+				*mm = m->sml_next;
 				m->sml_next = NULL;
 				slap_mods_free(m, 1);
-				m = mm;
 				continue;
 			}
 			m->sml_op = LDAP_MOD_ADD;
+			mm = &m->sml_next;
 		}
 		erc = SLAP_CB_CONTINUE;
 release:

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/unique.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/unique.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/unique.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* unique.c - attribute uniqueness module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/unique.c,v 1.8.2.10 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/unique.c,v 1.8.2.11 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* valsort.c - sort attribute values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.9.2.5 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.9.2.6 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * Portions copyright 2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/passwd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/passwd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/passwd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* passwd.c - password extended operation routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/passwd.c,v 1.95.2.20 2006/10/26 21:49:44 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/passwd.c,v 1.95.2.21 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/phonetic.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/phonetic.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/phonetic.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* phonetic.c - routines to do phonetic matching */
-/* $OpenLDAP: pkg/ldap/servers/slapd/phonetic.c,v 1.19.2.3 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/phonetic.c,v 1.19.2.4 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/proto-slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/proto-slap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/proto-slap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.552.2.39 2006/11/07 04:25:02 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.552.2.41 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1232,6 +1232,7 @@
  */
 LDAP_SLAPD_F (void) slap_op_init LDAP_P(( void ));
 LDAP_SLAPD_F (void) slap_op_destroy LDAP_P(( void ));
+LDAP_SLAPD_F (void) slap_op_groups_free LDAP_P(( Operation *op ));
 LDAP_SLAPD_F (void) slap_op_free LDAP_P(( Operation *op ));
 LDAP_SLAPD_F (void) slap_op_time LDAP_P(( time_t *t, int *n ));
 LDAP_SLAPD_F (Operation *) slap_op_alloc LDAP_P((

Modified: openldap/vendor/openldap-release/servers/slapd/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/referral.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/referral.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* referral.c - muck with referrals */
-/* $OpenLDAP: pkg/ldap/servers/slapd/referral.c,v 1.23.2.3 2006/04/06 19:46:57 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/referral.c,v 1.23.2.4 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/repl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/repl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/repl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* repl.c - log modifications for replication purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/repl.c,v 1.65.2.9 2006/04/05 20:07:02 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/repl.c,v 1.65.2.10 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/result.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/result.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* result.c - routines to send ldap results, errors, and referrals */
-/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.244.2.20 2006/05/15 15:51:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.244.2.22 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1341,11 +1341,15 @@
 	bytes = send_ldap_ber( op->o_conn, ber );
 	ber_free_buf( ber );
 
-	ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
-	ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
-	ldap_pvt_mp_add_ulong( slap_counters.sc_refs, 1 );
-	ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
-	ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
+	if ( bytes < 0 ) {
+		rc = LDAP_UNAVAILABLE;
+	} else {
+		ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
+		ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
+		ldap_pvt_mp_add_ulong( slap_counters.sc_refs, 1 );
+		ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
+		ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
+	}
 #ifdef LDAP_CONNECTIONLESS
 	}
 #endif

Modified: openldap/vendor/openldap-release/servers/slapd/root_dse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/root_dse.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/root_dse.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* root_dse.c - Provides the Root DSA-Specific Entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.95.2.10 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.95.2.11 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/sasl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sasl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/sasl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.15 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.17 2007/01/25 12:42:38 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1103,10 +1103,6 @@
 
 	conn->c_sasl_layers = 0;
 
-	if( global_host == NULL ) {
-		global_host = ldap_pvt_get_fqdn( NULL );
-	}
-
 	/* create new SASL context */
 #if SASL_VERSION_MAJOR >= 2
 	if ( conn->c_sock_name.bv_len != 0 &&

Modified: openldap/vendor/openldap-release/servers/slapd/saslauthz.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/saslauthz.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/saslauthz.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/saslauthz.c,v 1.144.2.16 2006/11/12 01:58:18 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/saslauthz.c,v 1.144.2.19 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -1136,6 +1136,7 @@
 
 		} else {
 			BER_BVSTR( &group_oc, SLAPD_GROUP_CLASS );
+			BER_BVSTR( &member_at, SLAPD_GROUP_ATTR );
 		}
 		group_dn.bv_val++;
 		group_dn.bv_len = uri->bv_len - ( group_dn.bv_val - uri->bv_val );
@@ -1871,14 +1872,18 @@
 	AttributeDescription *ad,
 	struct berval *authc )
 {
-	int rc;
-	BerVarray vals = NULL;
+	int		rc,
+			do_not_cache = op->o_do_not_cache;
+	BerVarray	vals = NULL;
 
 	Debug( LDAP_DEBUG_TRACE,
 	   "==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
 	   assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
 
+	/* ITS#4760: don't cache group access */
+	op->o_do_not_cache = 1;
 	rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH );
+	op->o_do_not_cache = do_not_cache;
 	if( rc != LDAP_SUCCESS ) goto COMPLETE;
 
 	/* Check if the *assertDN matches any *vals */

Modified: openldap/vendor/openldap-release/servers/slapd/schema/README
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/README	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/README	2007-05-23 19:07:37 UTC (rev 797)
@@ -23,7 +23,7 @@
 
 This notice applies to all files in this directory.
 
-Copyright 1998-2006 The OpenLDAP Foundation, Redwood City, California, USA
+Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -66,4 +66,4 @@
 
 
 ---
-$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.23.2.5 2006/08/26 15:19:43 kurt Exp $
+$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.23.2.6 2007/01/02 21:44:09 kurt Exp $

Modified: openldap/vendor/openldap-release/servers/slapd/schema/corba.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/corba.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/corba.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,10 +1,10 @@
 # corba.schema -- Corba Object Schema
 #	depends upon core.schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.2 2006/01/03 22:16:25 kurt Exp $
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/core.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/core.ldif	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/core.ldif	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.4 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.5 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/core.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/core.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/core.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.7 2006/02/13 17:28:43 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.8 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/cosine.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.4 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.3.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.3.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # inetorgperson.schema -- InetOrgPerson (RFC2798)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.16.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.16.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/java.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/java.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/java.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # java.schema -- Java Object Schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/misc.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/misc.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/misc.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # misc.schema -- assorted schema definitions
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.27.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.27.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/nis.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/nis.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/nis.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.10.2.6 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.10.2.7 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.1.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.1.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.19.2.3 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.19.2.4 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema/ppolicy.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.3 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* schema.c - routines to manage schema definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema.c,v 1.100.2.5 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema.c,v 1.100.2.6 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema_check.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_check.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema_check.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* schema_check.c - routines to enforce schema definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.94.2.7 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.94.2.8 2007/01/02 21:43:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema_init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_init.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema_init.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* schema_init.c - init builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.360.2.14 2006/10/05 23:41:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.360.2.17 2007/03/08 20:09:09 ando Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -2080,8 +2080,6 @@
 {
 	ber_len_t i;
 
-	if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
-
 	for(i=0; i < val->bv_len; i++) {
 		if( !LDAP_ASCII(val->bv_val[i]) ) {
 			return LDAP_INVALID_SYNTAX;
@@ -2103,8 +2101,6 @@
 	char *p, *q;
 	int casefold = !SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match);
 
-	assert( !BER_BVISEMPTY( val ) );
-
 	assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
 
 	p = val->bv_val;
@@ -2147,12 +2143,6 @@
 	*q = '\0';
 
 	normalized->bv_len = q - normalized->bv_val;
-	if( BER_BVISEMPTY( normalized ) ) {
-		normalized->bv_val = slap_sl_realloc( normalized->bv_val, 2, ctx );
-		normalized->bv_val[0] = ' ';
-		normalized->bv_val[1] = '\0';
-		normalized->bv_len = 1;
-	}
 
 	return LDAP_SUCCESS;
 }
@@ -3525,13 +3515,13 @@
 };
 char *integerFirstComponentMatchSyntaxes[] = {
 	"1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */,
-	"1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */,
+	"1.3.6.1.4.1.1466.115.121.1.17" /* dITStructureRuleDescription */,
 	NULL
 };
 char *objectIdentifierFirstComponentMatchSyntaxes[] = {
 	"1.3.6.1.4.1.1466.115.121.1.38" /* OID */,
 	"1.3.6.1.4.1.1466.115.121.1.3"  /* attributeTypeDescription */,
-	"1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */,
+	"1.3.6.1.4.1.1466.115.121.1.16" /* dITContentRuleDescription */,
 	"1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */,
 	"1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */,
 	"1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */,

Modified: openldap/vendor/openldap-release/servers/slapd/schema_prep.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_prep.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schema_prep.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* schema_prep.c - load builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.141.2.14 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.141.2.16 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -367,7 +367,7 @@
 	{ "subschema", "( 2.5.20.1 NAME 'subschema' "
 		"DESC 'RFC2252: controlling subschema (sub)entry' "
 		"AUXILIARY "
-		"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
+		"MAY ( dITStructureRules $ nameForms $ dITContentRules $ "
 			"objectClasses $ attributeTypes $ matchingRules $ "
 			"matchingRuleUse ) )",
 		subentryObjectClass, SLAP_OC_OPERATIONAL,
@@ -744,7 +744,7 @@
 		offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) },
 
 	/* subschema subentry attributes */
-	{ "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
+	{ "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
 			"DESC 'RFC2252: DIT structure rules' "
 			"EQUALITY integerFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 "
@@ -753,7 +753,7 @@
 		NULL, NULL,
 		NULL, NULL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_ditStructureRules) },
-	{ "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
+	{ "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
 			"DESC 'RFC2252: DIT content rules' "
 			"EQUALITY objectIdentifierFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )",

Modified: openldap/vendor/openldap-release/servers/slapd/schemaparse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schemaparse.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/schemaparse.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* schemaparse.c - routines to parse config file objectclass definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schemaparse.c,v 1.71.2.6 2006/01/23 19:09:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schemaparse.c,v 1.71.2.7 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/search.c,v 1.168.2.8 2006/01/17 19:37:20 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/search.c,v 1.168.2.9 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/sets.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sets.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/sets.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.3 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.5 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -80,7 +80,7 @@
 		for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ )
 			;
 		newset = cp->set_op->o_tmpcalloc( i + 1,
-				sizeof(struct berval), 
+				sizeof( struct berval ), 
 				cp->set_op->o_tmpmemctx );
 		if ( newset == NULL ) {
 			return NULL;
@@ -121,7 +121,7 @@
 			if ( rset == NULL ) {
 				if ( lset == NULL ) {
 					set = cp->set_op->o_tmpcalloc( 1,
-							sizeof(struct berval),
+							sizeof( struct berval ),
 							cp->set_op->o_tmpmemctx );
 					BER_BVZERO( set );
 					return set;
@@ -137,7 +137,7 @@
 		}
 
 		i = slap_set_size( lset ) + slap_set_size( rset ) + 1;
-		set = cp->set_op->o_tmpcalloc( i, sizeof(struct berval), cp->set_op->o_tmpmemctx );
+		set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
 		if ( set != NULL ) {
 			/* set_chase() depends on this routine to
 			 * keep the first elements of the result
@@ -188,7 +188,7 @@
 		if ( lset == NULL || BER_BVISNULL( lset )
 				|| rset == NULL || BER_BVISNULL( rset ) )
 		{
-			set = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval),
+			set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
 					cp->set_op->o_tmpmemctx );
 			BER_BVZERO( set );
 
@@ -221,7 +221,7 @@
 		i = slap_set_size( rset );
 		j = slap_set_size( lset );
 
-		set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof(struct berval),
+		set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
 				cp->set_op->o_tmpmemctx );
 		if ( set == NULL ) {
 			break;
@@ -265,10 +265,14 @@
 
 done:;
 	if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
+		if ( !( op_flags & SLAP_SET_LREFVAL ))
+			cp->set_op->o_tmpfree( lset->bv_val, cp->set_op->o_tmpmemctx );
 		cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx );
 	}
 
 	if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
+		if ( !( op_flags & SLAP_SET_RREFVAL ))
+			cp->set_op->o_tmpfree( rset->bv_val, cp->set_op->o_tmpmemctx );
 		cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx );
 	}
 
@@ -283,7 +287,7 @@
 	int		i;
 
 	if ( set == NULL ) {
-		set = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval),
+		set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
 				cp->set_op->o_tmpmemctx );
 		BER_BVZERO( set );
 		return set;
@@ -293,13 +297,13 @@
 		return set;
 	}
 
-	nset = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval), cp->set_op->o_tmpmemctx );
+	nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
 	if ( nset == NULL ) {
 		slap_set_dispose( cp, set, 0 );
 		return NULL;
 	}
 	for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
-		vals = (gatherer)( cp, &set[ i ], desc );
+		vals = gatherer( cp, &set[ i ], desc );
 		if ( vals != NULL ) {
 			nset = slap_set_join( cp, nset, '|', vals );
 		}
@@ -308,7 +312,7 @@
 
 	if ( closure ) {
 		for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
-			vals = (gatherer)( cp, &nset[ i ], desc );
+			vals = gatherer( cp, &nset[ i ], desc );
 			if ( vals != NULL ) {
 				nset = slap_set_join( cp, nset, '|', vals );
 				if ( nset == NULL ) {
@@ -329,13 +333,13 @@
 #define STACK_SIZE	64
 #define IS_SET(x)	( (unsigned long)(x) >= 256 )
 #define IS_OP(x)	( (unsigned long)(x) < 256 )
-#define SF_ERROR(x)	do { rc = -1; goto _error; } while (0)
-#define SF_TOP()	( (BerVarray)( (stp < 0) ? 0 : stack[ stp ] ) )
-#define SF_POP()	( (BerVarray)( (stp < 0) ? 0 : stack[ stp-- ] ) )
+#define SF_ERROR(x)	do { rc = -1; goto _error; } while ( 0 )
+#define SF_TOP()	( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp ] ) )
+#define SF_POP()	( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp-- ] ) )
 #define SF_PUSH(x)	do { \
-		if (stp >= (STACK_SIZE - 1)) SF_ERROR(overflow); \
+		if ( stp >= ( STACK_SIZE - 1 ) ) SF_ERROR( overflow ); \
 		stack[ ++stp ] = (BerVarray)(long)(x); \
-	} while (0)
+	} while ( 0 )
 
 	BerVarray	set, lset;
 	BerVarray	stack[ STACK_SIZE ] = { 0 };
@@ -380,7 +384,7 @@
 				SF_POP();
 				set = slap_set_join( cp, lset, op, set );
 				if ( set == NULL ) {
-					SF_ERROR(memory);
+					SF_ERROR( memory );
 				}
 				SF_PUSH( set );
 				set = NULL;
@@ -421,18 +425,18 @@
 			if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
 				SF_ERROR( syntax );
 			}
-			for ( len = 0; ( c = *filter++ ) && (c != /* [ */ ']'); len++ )
+			for ( len = 0; ( c = *filter++ ) && ( c != /* [ */ ']' ); len++ )
 				;
 			if ( c == 0 ) {
-				SF_ERROR(syntax);
+				SF_ERROR( syntax );
 			}
 			
-			set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval),
+			set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
 					cp->set_op->o_tmpmemctx );
 			if ( set == NULL ) {
-				SF_ERROR(memory);
+				SF_ERROR( memory );
 			}
-			set->bv_val = cp->set_op->o_tmpcalloc( len + 1, sizeof(char),
+			set->bv_val = cp->set_op->o_tmpcalloc( len + 1, sizeof( char ),
 					cp->set_op->o_tmpmemctx );
 			if ( BER_BVISNULL( set ) ) {
 				SF_ERROR( memory );
@@ -478,7 +482,7 @@
 				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
 					SF_ERROR( syntax );
 				}
-				set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval),
+				set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
 						cp->set_op->o_tmpmemctx );
 				if ( set == NULL ) {
 					SF_ERROR( memory );
@@ -495,7 +499,7 @@
 				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
 					SF_ERROR( syntax );
 				}
-				set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval),
+				set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
 						cp->set_op->o_tmpmemctx );
 				if ( set == NULL ) {
 					SF_ERROR( memory );

Modified: openldap/vendor/openldap-release/servers/slapd/sets.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sets.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/sets.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.h,v 1.18.2.3 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.h,v 1.18.2.4 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for shell-backends
-# $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/Makefile.in,v 1.12.2.2 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/Makefile.in,v 1.12.2.3 2007/01/02 21:44:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* passwd-shell.c - passwd(5) shell-based backend for slapd(8) */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/passwd-shell.c,v 1.12.2.2 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/passwd-shell.c,v 1.12.2.3 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* shellutil.c - common routines useful when building shell-based backends */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.c,v 1.14.2.3 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.c,v 1.14.2.4 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* shellutil.h */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.h,v 1.9.2.2 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.h,v 1.9.2.3 2007/01/02 21:44:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sl_malloc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/sl_malloc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* sl_malloc.c - malloc routines using a per-thread slab */
-/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.24.2.6 2006/01/03 22:16:15 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.24.2.7 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slap.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slap.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* slap.h - stand alone ldap server include file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.612.2.40 2006/11/07 04:25:02 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.612.2.45 2007/01/03 08:55:03 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1576,7 +1576,7 @@
 	int off;
 	char type;
 	char quote;
-	slap_verbmasks *aux;
+	void *aux;
 } slap_cf_aux_table;
 
 #define SLAP_LIMIT_TIME	1
@@ -1746,6 +1746,7 @@
 #define SLAP_NOLASTMOD(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
 #define SLAP_LASTMOD(be)			(!SLAP_NOLASTMOD(be))
 #define SLAP_ISOVERLAY(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY)
+#define SLAP_ISGLOBALOVERLAY(be)	(SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY)
 #define SLAP_NO_SCHEMA_CHECK(be)	\
 	(SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK)
 #define	SLAP_GLUE_INSTANCE(be)		\
@@ -1941,7 +1942,8 @@
 	REP_EXTENDED,
 	REP_SEARCH,
 	REP_SEARCHREF,
-	REP_INTERMEDIATE
+	REP_INTERMEDIATE,
+	REP_GLUE_RESULT
 } slap_reply_t;
 
 typedef struct rep_sasl_s {
@@ -2260,6 +2262,7 @@
 
 /* Should successive callbacks in a chain be processed? */
 #define	SLAP_CB_FREEME		0x04000
+#define	SLAP_CB_BYPASS		0x08800
 #define	SLAP_CB_CONTINUE	0x08000
 
 /*
@@ -2343,6 +2346,19 @@
 #endif
 } Opheader;
 
+typedef union slap_op_request {
+	req_add_s oq_add;
+	req_bind_s oq_bind;
+	req_compare_s oq_compare;
+	req_modify_s oq_modify;
+	req_modrdn_s oq_modrdn;
+	req_search_s oq_search;
+	req_abandon_s oq_abandon;
+	req_abandon_s oq_cancel;
+	req_extended_s oq_extended;
+	req_pwdexop_s oq_pwdexop;
+} OpRequest;
+
 typedef struct slap_op {
 	Opheader *o_hdr;
 
@@ -2371,18 +2387,7 @@
 	struct berval	o_req_dn;	/* DN of target of request */
 	struct berval	o_req_ndn;
 
-	union o_req_u {
-		req_add_s oq_add;
-		req_bind_s oq_bind;
-		req_compare_s oq_compare;
-		req_modify_s oq_modify;
-		req_modrdn_s oq_modrdn;
-		req_search_s oq_search;
-		req_abandon_s oq_abandon;
-		req_abandon_s oq_cancel;
-		req_extended_s oq_extended;
-		req_pwdexop_s oq_pwdexop;
-	} o_request;
+	OpRequest o_request;
 
 /* short hands for union members */
 #define oq_add o_request.oq_add

Modified: openldap/vendor/openldap-release/servers/slapd/slapacl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapacl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapacl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapadd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapadd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapadd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.11.2.13 2006/02/13 20:37:39 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.11.2.14 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/slapauth.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapauth.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapauth.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapcat.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcat.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapcat.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcat.c,v 1.2.2.4 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcat.c,v 1.2.2.5 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* slapcommon.c - common routine for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.23.2.23 2006/02/17 07:38:41 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.23.2.24 2007/01/02 21:43:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* slapcommon.h - common definitions for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.7.2.4 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.7.2.5 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for SLAPI
-# $OpenLDAP: pkg/ldap/servers/slapd/slapi/Makefile.in,v 1.13.2.3 2006/01/03 22:16:25 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/slapi/Makefile.in,v 1.13.2.4 2007/01/02 21:44:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## Portions Copyright IBM Corp. 1997,2002,2003
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/plugin.c,v 1.26.2.4 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/plugin.c,v 1.26.2.5 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/printmsg.c,v 1.13.2.2 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/printmsg.c,v 1.13.2.3 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/proto-slapi.h,v 1.26.2.5 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/proto-slapi.h,v 1.26.2.6 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi.h,v 1.33.2.4 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi.h,v 1.33.2.5 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_dn.c,v 1.1.2.4 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_dn.c,v 1.1.2.5 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ext.c,v 1.10.2.3 2006/01/03 22:16:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ext.c,v 1.10.2.4 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ops.c,v 1.70.2.9 2006/01/08 16:50:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ops.c,v 1.70.2.10 2007/01/02 21:44:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* slapi_overlay.c - SLAPI overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_overlay.c,v 1.34.2.5 2006/01/08 19:16:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_overlay.c,v 1.34.2.6 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_pblock.c,v 1.27.2.7 2006/02/13 17:28:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_pblock.c,v 1.27.2.8 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.136.2.10 2006/01/23 23:52:18 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.136.2.11 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapindex.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapindex.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slapindex.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapindex.c,v 1.1.4.2 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapindex.c,v 1.1.4.3 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slappasswd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slappasswd.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slappasswd.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slappasswd.c,v 1.2.4.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slappasswd.c,v 1.2.4.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slaptest.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slaptest.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/slaptest.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/starttls.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/starttls.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/starttls.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/starttls.c,v 1.36.2.4 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/starttls.c,v 1.36.2.5 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/str2filter.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/str2filter.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/str2filter.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* str2filter.c - parse an RFC 2554 string filter */
-/* $OpenLDAP: pkg/ldap/servers/slapd/str2filter.c,v 1.40.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/str2filter.c,v 1.40.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/syncrepl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syncrepl.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/syncrepl.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.39 2006/11/13 01:57:20 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.47 2007/04/06 21:49:16 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 by IBM Corporation.
  * Portions Copyright 2003 by Howard Chu, Symas Corporation.
  * All rights reserved.
@@ -427,8 +427,8 @@
 	rc = ldap_initialize( &si->si_ld, si->si_bindconf.sb_uri.bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_ANY,
-			"do_syncrep1: ldap_initialize failed (%s)\n",
-			si->si_bindconf.sb_uri.bv_val, 0, 0 );
+			"do_syncrep1: rid %03d ldap_initialize failed (%s)\n",
+			si->si_rid, si->si_bindconf.sb_uri.bv_val, 0 );
 		return rc;
 	}
 
@@ -441,9 +441,9 @@
 		rc = ldap_start_tls_s( si->si_ld, NULL, NULL );
 		if( rc != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_ANY,
-				"%s: ldap_start_tls failed (%d)\n",
+				"%s: rid %03d ldap_start_tls failed (%d)\n",
 				si->si_bindconf.sb_tls == SB_TLS_CRITICAL ? "Error" : "Warning",
-				rc, 0 );
+				si->si_rid, rc );
 			if( si->si_bindconf.sb_tls == SB_TLS_CRITICAL ) goto done;
 		}
 	}
@@ -457,9 +457,9 @@
 				LDAP_OPT_X_SASL_SECPROPS, si->si_bindconf.sb_secprops);
 
 			if( rc != LDAP_OPT_SUCCESS ) {
-				Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
+				Debug( LDAP_DEBUG_ANY, "Error: rid %03d ldap_set_option "
 					"(%s,SECPROPS,\"%s\") failed!\n",
-					si->si_bindconf.sb_uri.bv_val, si->si_bindconf.sb_secprops, 0 );
+					si->si_rid, si->si_bindconf.sb_uri.bv_val, si->si_bindconf.sb_secprops );
 				goto done;
 			}
 		}
@@ -488,9 +488,9 @@
 		if ( rc != LDAP_SUCCESS ) {
 			static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
 
-			Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
+			Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
 				"ldap_sasl_interactive_bind_s failed (%d)\n",
-				rc, 0, 0 );
+				si->si_rid, rc, 0 );
 
 			/* FIXME (see above comment) */
 			/* if Kerberos credentials cache is not active, retry */
@@ -515,8 +515,8 @@
 			si->si_bindconf.sb_binddn.bv_val, LDAP_SASL_SIMPLE,
 			&si->si_bindconf.sb_cred, NULL, NULL, NULL );
 		if ( rc != LDAP_SUCCESS ) {
-			Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
-				"ldap_sasl_bind_s failed (%d)\n", rc, 0, 0 );
+			Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
+				"ldap_sasl_bind_s failed (%d)\n", si->si_rid, rc, 0 );
 			goto done;
 		}
 	}
@@ -587,8 +587,9 @@
 	rc = ldap_sync_search( si, op->o_tmpmemctx );
 
 	if( rc != LDAP_SUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
-			"ldap_search_ext: %s (%d)\n", ldap_err2string( rc ), rc, 0 );
+		Debug( LDAP_DEBUG_ANY, "do_syncrep1: rid %03d "
+			"ldap_search_ext: %s (%d)\n",
+			si->si_rid, ldap_err2string( rc ), rc );
 	}
 
 done:
@@ -654,7 +655,7 @@
 	ber_init2( ber, NULL, LBER_USE_DER );
 	ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
 
-	Debug( LDAP_DEBUG_TRACE, "=>do_syncrep2\n", 0, 0, 0 );
+	Debug( LDAP_DEBUG_TRACE, "=>do_syncrep2 rid %03d\n", si->si_rid, 0, 0 );
 
 	psub = &si->si_be->be_nsuffix[0];
 
@@ -686,9 +687,9 @@
 				ldap_get_entry_controls( si->si_ld, msg, &rctrls );
 				/* we can't work without the control */
 				if ( !rctrls ) {
-					Debug( LDAP_DEBUG_ANY, "do_syncrep2: "
+					Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d"
 						"got search entry without "
-						"control\n", 0, 0, 0 );
+						"control\n", si->si_rid, 0, 0 );
 					rc = -1;
 					goto done;
 				}
@@ -698,8 +699,8 @@
 				/* FIXME: what if syncUUID is NULL or empty?
 				 * (happens with back-sql...) */
 				if ( BER_BVISEMPTY( &syncUUID ) ) {
-					Debug( LDAP_DEBUG_ANY, "do_syncrep2: "
-						"got empty syncUUID\n", 0, 0, 0 );
+					Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
+						"got empty syncUUID\n", si->si_rid, 0, 0 );
 					ldap_controls_free( rctrls );
 					rc = -1;
 					goto done;
@@ -743,12 +744,14 @@
 
 			case LDAP_RES_SEARCH_REFERENCE:
 				Debug( LDAP_DEBUG_ANY,
-					"do_syncrep2: reference received error\n", 0, 0, 0 );
+					"do_syncrep2: rid %03d reference received error\n",
+					si->si_rid, 0, 0 );
 				break;
 
 			case LDAP_RES_SEARCH_RESULT:
 				Debug( LDAP_DEBUG_SYNC,
-					"do_syncrep2: LDAP_RES_SEARCH_RESULT\n", 0, 0, 0 );
+					"do_syncrep2: rid %03d LDAP_RES_SEARCH_RESULT\n",
+					si->si_rid, 0, 0 );
 				ldap_parse_result( si->si_ld, msg, &err, NULL, NULL, NULL,
 					&rctrls, 0 );
 #ifdef LDAP_X_SYNC_REFRESH_REQUIRED
@@ -839,19 +842,20 @@
 					ber_tag_t tag;
 					case LDAP_TAG_SYNC_NEW_COOKIE:
 						Debug( LDAP_DEBUG_SYNC,
-							"do_syncrep2: %s - %s%s\n", 
+							"do_syncrep2: rid %03d %s - %s\n", 
+							si->si_rid,
 							"LDAP_RES_INTERMEDIATE", 
-							"NEW_COOKIE", "\n" );
+							"NEW_COOKIE" );
 						ber_scanf( ber, "tm", &tag, &cookie );
 						break;
 					case LDAP_TAG_SYNC_REFRESH_DELETE:
 					case LDAP_TAG_SYNC_REFRESH_PRESENT:
 						Debug( LDAP_DEBUG_SYNC,
-							"do_syncrep2: %s - %s%s\n", 
+							"do_syncrep2: rid %03d %s - %s\n", 
+							si->si_rid,
 							"LDAP_RES_INTERMEDIATE", 
 							si_tag == LDAP_TAG_SYNC_REFRESH_PRESENT ?
-							"REFRESH_PRESENT" : "REFRESH_DELETE",
-							"\n" );
+							"REFRESH_PRESENT" : "REFRESH_DELETE" );
 						if ( si_tag == LDAP_TAG_SYNC_REFRESH_DELETE ) {
 							si->si_refreshDelete = 1;
 						} else {
@@ -879,10 +883,10 @@
 						break;
 					case LDAP_TAG_SYNC_ID_SET:
 						Debug( LDAP_DEBUG_SYNC,
-							"do_syncrep2: %s - %s%s\n", 
+							"do_syncrep2: rid %03d %s - %s\n", 
+							si->si_rid,
 							"LDAP_RES_INTERMEDIATE", 
-							"SYNC_ID_SET",
-							"\n" );
+							"SYNC_ID_SET" );
 						ber_scanf( ber, "t{" /*"}"*/, &tag );
 						if ( ber_peek_tag( ber, &len ) ==
 							LDAP_TAG_SYNC_COOKIE )
@@ -923,8 +927,8 @@
 						break;
 					default:
 						Debug( LDAP_DEBUG_ANY,
-							"do_syncrep2 : unknown syncinfo tag (%ld)\n",
-						(long) si_tag, 0, 0 );
+							"do_syncrep2: rid %03d unknown syncinfo tag (%ld)\n",
+							si->si_rid, (long) si_tag, 0 );
 						ldap_memfree( retoid );
 						ber_bvfree( retdata );
 						continue;
@@ -957,9 +961,9 @@
 					break;
 
 				} else {
-					Debug( LDAP_DEBUG_ANY, "do_syncrep2 : "
+					Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
 						"unknown intermediate response (%d)\n",
-						rc, 0, 0 );
+						si->si_rid, rc, 0 );
 					ldap_memfree( retoid );
 					ber_bvfree( retdata );
 					break;
@@ -967,8 +971,8 @@
 				break;
 
 			default:
-				Debug( LDAP_DEBUG_ANY, "do_syncrep2 : "
-					"unknown message\n", 0, 0, 0 );
+				Debug( LDAP_DEBUG_ANY, "do_syncrep2: rid %03d "
+					"unknown message\n", si->si_rid, 0, 0 );
 				break;
 
 			}
@@ -989,7 +993,7 @@
 		errstr = ldap_err2string( rc );
 		
 		Debug( LDAP_DEBUG_ANY,
-			"do_syncrep2 : %s\n", errstr, 0, 0 );
+			"do_syncrep2: rid %03d %s\n", si->si_rid, errstr, 0 );
 	}
 
 done:
@@ -1025,10 +1029,10 @@
 	int rc = LDAP_SUCCESS;
 	int dostop = 0;
 	ber_socket_t s;
-	int i, defer = 1;
+	int i, defer = 1, fail = 0;
 	Backend *be;
 
-	Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl\n", 0, 0, 0 );
+	Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl rid %03d\n", si->si_rid, 0, 0 );
 
 	if ( si == NULL )
 		return NULL;
@@ -1144,18 +1148,36 @@
 
 		if ( !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
 			ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+			fail = RETRYNUM_TAIL;
 		} else if ( RETRYNUM_VALID( si->si_retrynum[i] ) ) {
 			if ( si->si_retrynum[i] > 0 )
 				si->si_retrynum[i]--;
+			fail = si->si_retrynum[i];
 			rtask->interval.tv_sec = si->si_retryinterval[i];
 			ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
 			slap_wake_listener();
 		}
 	}
-	
+
 	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
 	ldap_pvt_thread_mutex_unlock( &si->si_mutex );
 
+	if ( rc ) {
+		if ( fail == RETRYNUM_TAIL ) {
+			Debug( LDAP_DEBUG_ANY,
+				"do_syncrepl: rid %03d quitting\n",
+				si->si_rid, 0, 0 );
+		} else if ( fail > 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"do_syncrepl: rid %03d retrying (%d retries left)\n",
+				si->si_rid, fail, 0 );
+		} else {
+			Debug( LDAP_DEBUG_ANY,
+				"do_syncrepl: rid %03d retrying\n",
+				si->si_rid, 0, 0 );
+		}
+	}
+
 	return NULL;
 }
 
@@ -1268,8 +1290,9 @@
 	int		rc, deleteOldRdn = 0, freeReqDn = 0;
 
 	if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
-		Debug( LDAP_DEBUG_ANY,
-			"Message type should be entry (%d)", ldap_msgtype( msg ), 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+			"Message type should be entry (%d)",
+			si->si_rid, ldap_msgtype( msg ), 0 );
 		return -1;
 	}
 
@@ -1282,7 +1305,8 @@
 
 	if ( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_ANY,
-			"syncrepl_message_to_op : dn get failed (%d)", rc, 0, 0 );
+			"syncrepl_message_to_op: rid %03d dn get failed (%d)",
+			si->si_rid, rc, 0 );
 		return rc;
 	}
 
@@ -1305,8 +1329,8 @@
 			int i = verb_to_mask( bvals[0].bv_val, modops );
 			if ( i < 0 ) {
 				Debug( LDAP_DEBUG_ANY,
-					"syncrepl_message_to_op : unknown op %s",
-					bvals[0].bv_val, 0, 0 );
+					"syncrepl_message_to_op: rid %03d unknown op %s",
+					si->si_rid, bvals[0].bv_val, 0 );
 				ch_free( bvals );
 				rc = -1;
 				goto done;
@@ -1350,8 +1374,9 @@
 		rc = slap_mods_check( modlist, &text, txtbuf, textlen, NULL );
 
 		if ( rc != LDAP_SUCCESS ) {
-			Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: mods check (%s)\n",
-				text, 0, 0 );
+			Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+				"mods check (%s)\n",
+				si->si_rid, text, 0 );
 			goto done;
 		}
 
@@ -1362,21 +1387,23 @@
 			freeReqDn = 0;
 			rc = slap_mods2entry( modlist, &op->ora_e, 1, 0, &text, txtbuf, textlen);
 			if( rc != LDAP_SUCCESS ) {
-				Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: mods2entry (%s)\n",
-					text, 0, 0 );
+				Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: rid %03d "
+				"mods2entry (%s)\n",
+					si->si_rid, text, 0 );
 			} else {
 				rc = op->o_bd->be_add( op, &rs );
 				Debug( LDAP_DEBUG_SYNC,
-					"syncrepl_message_to_op: be_add %s (%d)\n", 
-					op->o_req_dn.bv_val, rc, 0 );
+					"syncrepl_message_to_op: rid %03d be_add %s (%d)\n", 
+					si->si_rid, op->o_req_dn.bv_val, rc );
 			}
 			be_entry_release_w( op, op->ora_e );
 		} else {
 			op->orm_modlist = modlist;
 			rc = op->o_bd->be_modify( op, &rs );
-			Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_message_to_op: be_modify %s (%d)\n", 
-				op->o_req_dn.bv_val, rc, 0 );
+			modlist = op->orm_modlist;
+			Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+				"syncrepl_message_to_op: rid %03d be_modify %s (%d)\n", 
+				si->si_rid, op->o_req_dn.bv_val, rc );
 		}
 		break;
 	case LDAP_REQ_MODRDN:
@@ -1399,15 +1426,15 @@
 		op->orr_nnewrdn = nrdn;
 		op->orr_deleteoldrdn = deleteOldRdn;
 		rc = op->o_bd->be_modrdn( op, &rs );
-		Debug( LDAP_DEBUG_SYNC,
-			"syncrepl_message_to_op: be_modrdn %s (%d)\n", 
-			op->o_req_dn.bv_val, rc, 0 );
+		Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+			"syncrepl_message_to_op: rid %03d be_modrdn %s (%d)\n", 
+			si->si_rid, op->o_req_dn.bv_val, rc );
 		break;
 	case LDAP_REQ_DELETE:
 		rc = op->o_bd->be_delete( op, &rs );
-		Debug( LDAP_DEBUG_SYNC,
-			"syncrepl_message_to_op: be_delete %s (%d)\n", 
-			op->o_req_dn.bv_val, rc, 0 );
+		Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+			"syncrepl_message_to_op: rid %03d be_delete %s (%d)\n", 
+			si->si_rid, op->o_req_dn.bv_val, rc );
 		break;
 	}
 done:
@@ -1454,24 +1481,25 @@
 	char txtbuf[SLAP_TEXT_BUFLEN];
 	size_t textlen = sizeof txtbuf;
 
-	struct berval	bdn = {0, NULL}, dn, ndn;
+	struct berval	bdn = BER_BVNULL, dn, ndn;
 	int		rc;
 
 	*modlist = NULL;
 
 	if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
-		Debug( LDAP_DEBUG_ANY,
-			"Message type should be entry (%d)", ldap_msgtype( msg ), 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d "
+			"Message type should be entry (%d)",
+			si->si_rid, ldap_msgtype( msg ), 0 );
 		return -1;
 	}
 
 	op->o_tag = LDAP_REQ_ADD;
 
 	rc = ldap_get_dn_ber( si->si_ld, msg, &ber, &bdn );
-
 	if ( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_ANY,
-			"syncrepl_message_to_entry : dn get failed (%d)", rc, 0, 0 );
+			"syncrepl_message_to_entry: rid %03d dn get failed (%d)",
+			si->si_rid, rc, 0 );
 		return rc;
 	}
 
@@ -1482,13 +1510,15 @@
 	slap_sl_free( dn.bv_val, op->o_tmpmemctx );
 
 	if ( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_DELETE ) {
-		if ( entry )
-			*entry = NULL;
-		return LDAP_SUCCESS;
+		/* NOTE: this could be done even before decoding the DN,
+		 * although encoding errors wouldn't be detected */
+		rc = LDAP_SUCCESS;
+		goto done;
 	}
 
 	if ( entry == NULL ) {
-		return -1;
+		rc = -1;
+		goto done;
 	}
 
 	e = ( Entry * ) ch_calloc( 1, sizeof( Entry ) );
@@ -1518,8 +1548,8 @@
 	}
 
 	if ( *modlist == NULL ) {
-		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: no attributes\n",
-			0, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d no attributes\n",
+			si->si_rid, 0, 0 );
 		rc = -1;
 		goto done;
 	}
@@ -1527,8 +1557,8 @@
 	rc = slap_mods_check( *modlist, &text, txtbuf, textlen, NULL );
 
 	if ( rc != LDAP_SUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods check (%s)\n",
-			text, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d mods check (%s)\n",
+			si->si_rid, text, 0 );
 		goto done;
 	}
 
@@ -1559,12 +1589,12 @@
 	
 	rc = slap_mods2entry( *modlist, &e, 1, 1, &text, txtbuf, textlen);
 	if( rc != LDAP_SUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods2entry (%s)\n",
-			text, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: rid %03d mods2entry (%s)\n",
+			si->si_rid, text, 0 );
 	}
 
 done:
-	ber_free ( ber, 0 );
+	ber_free( ber, 0 );
 	if ( rc != LDAP_SUCCESS ) {
 		if ( e ) {
 			entry_free( e );
@@ -1641,28 +1671,28 @@
 
 	switch( syncstate ) {
 	case LDAP_SYNC_PRESENT:
-		Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
-					"syncrepl_entry",
+		Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+					si->si_rid,
 					"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_PRESENT)", 0 );
 		break;
 	case LDAP_SYNC_ADD:
-		Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
-					"syncrepl_entry",
+		Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+					si->si_rid,
 					"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)", 0 );
 		break;
 	case LDAP_SYNC_DELETE:
-		Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
-					"syncrepl_entry",
+		Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+					si->si_rid,
 					"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE)", 0 );
 		break;
 	case LDAP_SYNC_MODIFY:
-		Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
-					"syncrepl_entry",
+		Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: rid %03d %s\n",
+					si->si_rid,
 					"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)", 0 );
 		break;
 	default:
-		Debug( LDAP_DEBUG_ANY, "%s: %s\n",
-					"syncrepl_entry",
+		Debug( LDAP_DEBUG_ANY, "syncrepl_entry: rid %03d %s\n",
+					si->si_rid,
 					"LDAP_RES_SEARCH_ENTRY(UNKNOWN syncstate)", 0 );
 	}
 
@@ -1722,8 +1752,8 @@
 	if ( limits_check( op, &rs_search ) == 0 ) {
 		rc = be->be_search( op, &rs_search );
 		Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_entry: %s (%d)\n", 
-				"be_search", rc, 0 );
+				"syncrepl_entry: rid %03d be_search (%d)\n", 
+				si->si_rid, rc, 0 );
 	}
 
 	if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
@@ -1735,12 +1765,12 @@
 
 	if ( entry && !BER_BVISNULL( &entry->e_name ) ) {
 		Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_entry: %s\n",
-				entry->e_name.bv_val, 0, 0 );
+				"syncrepl_entry: rid %03d %s\n",
+				si->si_rid, entry->e_name.bv_val, 0 );
 	} else {
 		Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_entry: %s\n",
-				dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0, 0 );
+				"syncrepl_entry: rid %03d %s\n",
+				si->si_rid, dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0 );
 	}
 
 	if ( syncstate != LDAP_SYNC_DELETE ) {
@@ -1797,8 +1827,8 @@
 
 			rc = be->be_add( op, &rs_add );
 			Debug( LDAP_DEBUG_SYNC,
-					"syncrepl_entry: %s (%d)\n", 
-					"be_add", rc, 0 );
+					"syncrepl_entry: rid %03d be_add (%d)\n", 
+					si->si_rid, rc, 0 );
 			switch ( rs_add.sr_err ) {
 			case LDAP_SUCCESS:
 				be_entry_release_w( op, entry );
@@ -1856,8 +1886,8 @@
 
 			default:
 				Debug( LDAP_DEBUG_ANY,
-					"syncrepl_entry : be_add failed (%d)\n",
-					rs_add.sr_err, 0, 0 );
+					"syncrepl_entry: rid %03d be_add failed (%d)\n",
+					si->si_rid, rs_add.sr_err, 0 );
 				ret = 1;
 				break;
 			}
@@ -1886,8 +1916,8 @@
 			op->orr_deleteoldrdn = 0;
 			rc = be->be_modrdn( op, &rs_modify );
 			Debug( LDAP_DEBUG_SYNC,
-					"syncrepl_entry: %s (%d)\n", 
-					"be_modrdn", rc, 0 );
+					"syncrepl_entry: rid %03d be_modrdn (%d)\n", 
+					si->si_rid, rc, 0 );
 			if ( rs_modify.sr_err == LDAP_SUCCESS ) {
 				op->o_req_dn = entry->e_name;
 				op->o_req_ndn = entry->e_nname;
@@ -1952,12 +1982,12 @@
 
 			rc = be->be_modify( op, &rs_modify );
 			Debug( LDAP_DEBUG_SYNC,
-					"syncrepl_entry: %s (%d)\n", 
-					"be_modify", rc, 0 );
+					"syncrepl_entry: rid %03d be_modify (%d)\n", 
+					si->si_rid, rc, 0 );
 			if ( rs_modify.sr_err != LDAP_SUCCESS ) {
 				Debug( LDAP_DEBUG_ANY,
-					"syncrepl_entry : be_modify failed (%d)\n",
-					rs_modify.sr_err, 0, 0 );
+					"syncrepl_entry: rid %03d be_modify failed (%d)\n",
+					si->si_rid, rs_modify.sr_err, 0 );
 			}
 		}
 		ret = 1;
@@ -1969,8 +1999,8 @@
 			op->o_tag = LDAP_REQ_DELETE;
 			rc = be->be_delete( op, &rs_delete );
 			Debug( LDAP_DEBUG_SYNC,
-					"syncrepl_entry: %s (%d)\n", 
-					"be_delete", rc, 0 );
+					"syncrepl_entry: rid %03d be_delete (%d)\n", 
+					si->si_rid, rc, 0 );
 
 			while ( rs_delete.sr_err == LDAP_SUCCESS
 				&& op->o_delete_glue_parent ) {
@@ -1993,7 +2023,7 @@
 
 	default :
 		Debug( LDAP_DEBUG_ANY,
-			"syncrepl_entry : unknown syncstate\n", 0, 0, 0 );
+			"syncrepl_entry: rid %03d unknown syncstate\n", si->si_rid, 0, 0 );
 		ret = 1;
 		goto done;
 	}
@@ -2129,8 +2159,8 @@
 			op->o_req_ndn = *np_prev->npe_nname;
 			rc = op->o_bd->be_delete( op, &rs_delete );
 			Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_del_nonpresent: be_delete %s (%d)\n", 
-				op->o_req_dn.bv_val, rc, 0 );
+				"syncrepl_del_nonpresent: rid %03d be_delete %s (%d)\n", 
+				si->si_rid, op->o_req_dn.bv_val, rc );
 
 			if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
 				Modifications mod1, mod2;
@@ -2380,7 +2410,8 @@
 
 	if ( rs_modify.sr_err != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_ANY,
-			"be_modify failed (%d)\n", rs_modify.sr_err, 0, 0 );
+			"syncrepl_updateCookie: rid %03d be_modify failed (%d)\n",
+			si->si_rid, rs_modify.sr_err, 0 );
 	}
 
 	slap_graduate_commit_csn( op );
@@ -2401,7 +2432,7 @@
 	if ( rs->sr_type == REP_SEARCH ) {
 		if ( !BER_BVISNULL( &dni->dn ) ) {
 			Debug( LDAP_DEBUG_ANY,
-				"dn_callback : consistency error - "
+				"dn_callback: consistency error - "
 				"entryUUID is not unique\n", 0, 0, 0 );
 		} else {
 			ber_dupbv_x( &dni->dn, &rs->sr_entry->e_name, op->o_tmpmemctx );
@@ -2482,7 +2513,7 @@
 	} else if ( rs->sr_type == REP_RESULT ) {
 		if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
 			Debug( LDAP_DEBUG_ANY,
-				"dn_callback : consistency error - "
+				"dn_callback: consistency error - "
 				"entryUUID is not unique\n", 0, 0, 0 );
 		}
 	}
@@ -2544,7 +2575,7 @@
 		rs->sr_err != LDAP_NOT_ALLOWED_ON_NONLEAF )
 	{
 		Debug( LDAP_DEBUG_ANY,
-			"null_callback : error code 0x%x\n",
+			"null_callback: error code 0x%x\n",
 			rs->sr_err, 0, 0 );
 	}
 	return LDAP_SUCCESS;
@@ -3170,7 +3201,7 @@
 		} else if ( bindconf_parse( c->argv[i], &si->si_bindconf ) ) {
 			snprintf( c->msg, sizeof( c->msg ),
 				"Error: parse_syncrepl_line: "
-				"unknown keyword \"%s\"\n", c->argv[ i ] );
+				"unable to parse \"%s\"\n", c->argv[ i ] );
 			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 			return -1;
 		}

Modified: openldap/vendor/openldap-release/servers/slapd/syntax.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syntax.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/syntax.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* syntax.c - routines to manage syntax definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syntax.c,v 1.40.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syntax.c,v 1.40.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/unbind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/unbind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* unbind.c - decode an ldap unbind operation and pass it to a backend db */
-/* $OpenLDAP: pkg/ldap/servers/slapd/unbind.c,v 1.23.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/unbind.c,v 1.23.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/user.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/user.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/user.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* user.c - set user id, group id and group access list */
-/* $OpenLDAP: pkg/ldap/servers/slapd/user.c,v 1.22.2.3 2006/01/03 22:16:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/user.c,v 1.22.2.4 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 1999 PM Lashley.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/value.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/value.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/value.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* value.c - routines for dealing with values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.13 2006/04/07 00:16:31 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.14 2007/01/02 21:43:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/zn_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/zn_malloc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slapd/zn_malloc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 /* zn_malloc.c - zone-based malloc routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/zn_malloc.c,v 1.3.2.6 2006/02/13 17:28:43 kurt Exp $*/
+/* $OpenLDAP: pkg/ldap/servers/slapd/zn_malloc.c,v 1.3.2.7 2007/01/02 21:43:59 kurt Exp $*/
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for slurpd
-# $OpenLDAP: pkg/ldap/servers/slurpd/Makefile.in,v 1.36.2.3 2006/01/03 22:16:26 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slurpd/Makefile.in,v 1.36.2.4 2007/01/02 21:44:11 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/admin.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/admin.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/admin.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/admin.c,v 1.13.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/admin.c,v 1.13.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/args.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/args.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/args.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/args.c,v 1.29.2.3 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/args.c,v 1.29.2.4 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/ch_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/ch_malloc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/ch_malloc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/ch_malloc.c,v 1.17.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ch_malloc.c,v 1.17.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/config.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/config.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/config.c,v 1.39.2.5 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/config.c,v 1.39.2.6 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Mark Benson.
  * Portions Copyright 2002 John Morrissey.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slurpd/fm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/fm.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/fm.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/fm.c,v 1.28.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/fm.c,v 1.28.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/globals.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/globals.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/globals.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.c,v 1.22.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.c,v 1.22.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/globals.h
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/globals.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/globals.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.h,v 1.17.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/globals.h,v 1.17.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/ldap_op.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/ldap_op.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/ldap_op.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/ldap_op.c,v 1.53.2.4 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ldap_op.c,v 1.53.2.5 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * Portions Copyright 2003 Mark Benson.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slurpd/lock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/lock.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/lock.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/lock.c,v 1.22.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/lock.c,v 1.22.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/main.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/main.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/main.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/main.c,v 1.42.2.5 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/main.c,v 1.42.2.6 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/nt_svc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/nt_svc.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/nt_svc.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/nt_svc.c,v 1.3.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/nt_svc.c,v 1.3.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/proto-slurp.h
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/proto-slurp.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/proto-slurp.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/proto-slurp.h,v 1.16.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/proto-slurp.h,v 1.16.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/re.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/re.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/re.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/re.c,v 1.36.2.5 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/re.c,v 1.36.2.6 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/reject.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/reject.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/reject.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/reject.c,v 1.18.2.3 2006/02/13 17:28:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/reject.c,v 1.18.2.4 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/replica.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/replica.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/replica.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/replica.c,v 1.23.2.3 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/replica.c,v 1.23.2.4 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/replog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/replog.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/replog.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/replog.c,v 1.19.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/replog.c,v 1.19.2.3 2007/01/02 21:44:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/ri.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/ri.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/ri.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/ri.c,v 1.32.2.3 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/ri.c,v 1.32.2.4 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/rq.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/rq.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/rq.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/rq.c,v 1.24.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/rq.c,v 1.24.2.3 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/sanity.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/sanity.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/sanity.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/sanity.c,v 1.13.2.2 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/sanity.c,v 1.13.2.3 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/slurp.h
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/slurp.h	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/slurp.h	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/slurp.h,v 1.37.2.3 2006/01/03 22:16:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/slurp.h,v 1.37.2.4 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slurpd/st.c
===================================================================
--- openldap/vendor/openldap-release/servers/slurpd/st.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/servers/slurpd/st.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slurpd/st.c,v 1.18.2.4 2006/05/09 17:43:12 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slurpd/st.c,v 1.18.2.5 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/tests/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # Makefile.in for tests
-# $OpenLDAP: pkg/ldap/tests/Makefile.in,v 1.54.2.4 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/Makefile.in,v 1.54.2.5 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/ditcontentrules.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/ditcontentrules.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/ditcontentrules.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/tests/data/ditcontentrules.conf,v 1.4.2.2 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/ditcontentrules.conf,v 1.4.2.3 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/retcode.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/retcode.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/retcode.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -2,7 +2,7 @@
 # $Header$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-aci.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-aci.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-aci.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-aci.conf,v 1.1.2.3 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-aci.conf,v 1.1.2.4 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-acl.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-acl.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-acl.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
   kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-chain1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-chain1.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-chain1.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-chain2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-chain2.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-chain2.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-component.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-component.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-component.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2003/12/15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-dn.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dn.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-dn.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-dn.conf,v 1.4.2.6 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dn.conf,v 1.4.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 # stand-alone slapd config -- for testing (with indexing)
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-emptydn.conf,v 1.3.2.5 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-emptydn.conf,v 1.3.2.6 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-ldap.conf,v 1.1.2.5 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-ldap.conf,v 1.1.2.6 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
   kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
   kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
   kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-idassert.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-idassert.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-idassert.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-limits.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-limits.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-limits.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-limits.conf,v 1.9.2.4 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-limits.conf,v 1.9.2.5 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-meta.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-meta.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-meta.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-meta.conf,v 1.4.2.7 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta.conf,v 1.4.2.8 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-meta2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-meta2.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-meta2.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-meta2.conf,v 1.1.2.6 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta2.conf,v 1.1.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-passwd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-passwd.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-passwd.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.6.2.6 2006/08/01 01:03:43 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.6.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-pw.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-pw.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-pw.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-referrals.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-referrals.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-referrals.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-refint.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-refint.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-refint.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-refint.conf,v 1.5.2.4 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-refint.conf,v 1.5.2.5 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-relay.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-relay.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-relay.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-relay.conf,v 1.4.2.8 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-relay.conf,v 1.4.2.9 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-repl-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-repl-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-repl-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-repl-slave.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-repl-slave.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-repl-slave.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-retcode.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-retcode.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-retcode.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -2,7 +2,7 @@
 # $Header$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-schema.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-schema.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-schema.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  :29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-sql-syncrepl-master.conf,v 1.1.2.8 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql-syncrepl-master.conf,v 1.1.2.9 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-sql.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-sql.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-sql.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-sql.conf,v 1.7.2.6 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql.conf,v 1.7.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2003/12/15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2003/12/15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2003/12/15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  2003/12/15 22:05:29 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with translucent overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-local.conf,v 1.1.2.7 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-local.conf,v 1.1.2.8 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with translucent overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-remote.conf,v 1.1.2.5 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-remote.conf,v 1.1.2.6 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-unique.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-unique.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-unique.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with unique overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-unique.conf,v 1.5.2.6 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-unique.conf,v 1.5.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-valsort.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-valsort.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-valsort.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with unique overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-valsort.conf,v 1.1.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-valsort.conf,v 1.1.2.4 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-whoami.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-whoami.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd-whoami.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd.conf,v 1.32.2.6 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd.conf,v 1.32.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd2.conf	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/slapd2.conf	2007-05-23 19:07:37 UTC (rev 797)
@@ -3,7 +3,7 @@
  t Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/test-translucent-data.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/test-translucent-data.ldif	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/test-translucent-data.ldif	2007-05-23 19:07:37 UTC (rev 797)
@@ -5,6 +5,7 @@
 sn: warning
 cn: danger
 businessCategory: backend-opaque
+initials: dw
 carLicense: BACK
 departmentNumber: 7341
 displayName: Warning

Modified: openldap/vendor/openldap-release/tests/data/test-translucent-merged.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/test-translucent-merged.ldif	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/test-translucent-merged.ldif	2007-05-23 19:07:37 UTC (rev 797)
@@ -4,6 +4,7 @@
 sn: danger
 cn: henry
 businessCategory: frontend-override
+initials: dw
 carLicense: LIVID
 departmentNumber: 9999999
 displayName: Warning

Modified: openldap/vendor/openldap-release/tests/data/test.schema
===================================================================
--- openldap/vendor/openldap-release/tests/data/test.schema	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/data/test.schema	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 # OpenLDAP Test schema
-# $OpenLDAP: pkg/ldap/tests/data/test.schema,v 1.1.2.6 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/test.schema,v 1.1.2.7 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/tests/progs/Makefile.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/Makefile.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 ## Makefile.in for test programs
-# $OpenLDAP: pkg/ldap/tests/progs/Makefile.in,v 1.18.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/progs/Makefile.in,v 1.18.2.4 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-addel.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-addel.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-addel.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-addel.c,v 1.27.2.8 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-addel.c,v 1.27.2.9 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-bind.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-bind.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-bind.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.2.2.4 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.2.2.5 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-modify.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-modify.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-modify.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modify.c,v 1.3.2.9 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modify.c,v 1.3.2.10 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.7.2.8 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.7.2.9 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-read.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-read.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-read.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-read.c,v 1.22.2.6 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-read.c,v 1.22.2.7 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-search.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-search.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-search.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.21.2.6 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.21.2.7 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-tester.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-tester.c	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/progs/slapd-tester.c	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-tester.c,v 1.27.2.8 2006/01/03 22:16:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-tester.c,v 1.27.2.9 2007/01/02 21:44:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/run.in
===================================================================
--- openldap/vendor/openldap-release/tests/run.in	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/run.in	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #!/bin/sh
-# $OpenLDAP: pkg/ldap/tests/run.in,v 1.28.2.16 2006/01/03 22:16:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/run.in,v 1.28.2.17 2007/01/02 21:44:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/acfilter.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/acfilter.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/acfilter.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/acfilter.sh,v 1.8.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/acfilter.sh,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/all	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/all	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.23.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.23.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/conf.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/conf.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/conf.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/conf.sh,v 1.32.2.12 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/conf.sh,v 1.32.2.13 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/defines.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/defines.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/defines.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.107.2.18 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.107.2.19 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/passwd-search
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/passwd-search	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/passwd-search	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/passwd-search,v 1.8.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/passwd-search,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/relay
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/relay	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/relay	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/relay,v 1.3.2.8 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/relay,v 1.3.2.9 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-all	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/sql-all	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-all,v 1.2.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-all,v 1.2.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test000-read
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test000-read	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test000-read	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test000-read,v 1.3.2.8 2006/08/17 17:53:16 ando Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test000-read,v 1.3.2.9 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test001-concurrency,v 1.2.4.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test001-concurrency,v 1.2.4.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test900-write
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test900-write	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test900-write	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test900-write,v 1.5.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test900-write,v 1.5.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test901-syncrepl,v 1.2.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test901-syncrepl,v 1.2.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/start-server	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server,v 1.3.2.2 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server-nolog
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server-nolog	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/start-server-nolog	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server-nolog,v 1.3.2.2 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server-nolog,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server2
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server2	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/start-server2	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server2,v 1.3.2.2 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server2-nolog
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server2-nolog	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/start-server2-nolog	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server2-nolog,v 1.3.2.2 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2-nolog,v 1.3.2.3 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/startup_nis_ldap_server.sh,v 1.12.2.2 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/startup_nis_ldap_server.sh,v 1.12.2.3 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test000-rootdse
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test000-rootdse	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test000-rootdse	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test000-rootdse,v 1.22.2.5 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test000-rootdse,v 1.22.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test001-slapadd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test001-slapadd	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test001-slapadd	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test001-slapadd,v 1.39.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test001-slapadd,v 1.39.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test002-populate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test002-populate	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test002-populate	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test002-populate,v 1.36.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test002-populate,v 1.36.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test003-search
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test003-search	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test003-search	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test003-search,v 1.57.2.3 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test003-search,v 1.57.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test004-modify
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test004-modify	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test004-modify	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test004-modify,v 1.53.2.5 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test004-modify,v 1.53.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test005-modrdn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test005-modrdn	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test005-modrdn	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test005-modrdn,v 1.41.2.6 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test005-modrdn,v 1.41.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test006-acls
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test006-acls	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test006-acls	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test006-acls,v 1.47.2.6 2006/07/31 22:38:44 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test006-acls,v 1.47.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test007-replication
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test007-replication	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test007-replication	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test007-replication,v 1.58.2.4 2006/01/03 22:16:28 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test007-replication,v 1.58.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test008-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test008-concurrency	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test008-concurrency	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test008-concurrency,v 1.34.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test008-concurrency,v 1.34.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test009-referral
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test009-referral	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test009-referral	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test009-referral,v 1.33.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test009-referral,v 1.33.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test010-passwd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test010-passwd	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test010-passwd	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test010-passwd,v 1.18.2.6 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test010-passwd,v 1.18.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test011-glue-slapadd,v 1.5.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test011-glue-slapadd,v 1.5.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test012-glue-populate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test012-glue-populate	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test012-glue-populate	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test012-glue-populate,v 1.4.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test012-glue-populate,v 1.4.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test013-language
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test013-language	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test013-language	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test013-language,v 1.12.2.3 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test013-language,v 1.12.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test014-whoami
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test014-whoami	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test014-whoami	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.17.2.6 2006/11/12 02:00:20 hyc Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.17.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test015-xsearch
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test015-xsearch	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test015-xsearch	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test015-xsearch,v 1.17.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test015-xsearch,v 1.17.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test016-subref
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test016-subref	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test016-subref	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test016-subref,v 1.7.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test016-subref,v 1.7.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.24.2.3 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.24.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.25.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.25.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.13.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.13.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test020-proxycache
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test020-proxycache	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test020-proxycache	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test020-proxycache,v 1.11.2.13 2006/05/11 17:04:27 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test020-proxycache,v 1.11.2.14 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test021-certificate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test021-certificate	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test021-certificate	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test021-certificate,v 1.12.2.6 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test021-certificate,v 1.12.2.8 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -77,7 +77,7 @@
 add: objectClass
 objectClass: extensibleObject
 -
-add: cAcertificate
+add: cAcertificate;binary
 cAcertificate;binary::
  MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
  MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
@@ -103,7 +103,7 @@
 add: objectClass
 objectClass: strongAuthenticationUser
 -
-add: userCertificate
+add: userCertificate;binary
 userCertificate;binary::
  MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
  MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
@@ -130,7 +130,7 @@
 add: objectClass
 objectClass: strongAuthenticationUser
 -
-add: userCertificate
+add: userCertificate;binary
 userCertificate;binary::
  MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
  MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg

Modified: openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test022-ppolicy	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test022-ppolicy	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.6.2.9 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.6.2.10 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test023-refint
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test023-refint	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test023-refint	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test023-refint,v 1.3.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test023-refint,v 1.3.2.6 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test024-unique
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test024-unique	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test024-unique	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test024-unique,v 1.3.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test024-unique,v 1.3.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test025-limits
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test025-limits	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test025-limits	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test025-limits,v 1.14.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test025-limits,v 1.14.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test026-dn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test026-dn	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test026-dn	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test027-emptydn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test027-emptydn	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test027-emptydn	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test028-idassert
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test028-idassert	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test028-idassert	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.7.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.7.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test029-ldapglue
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test029-ldapglue	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test029-ldapglue	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test029-ldapglue,v 1.3.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test029-ldapglue,v 1.3.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test030-relay
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test030-relay	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test030-relay	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test030-relay,v 1.5.2.6 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test030-relay,v 1.5.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test031-component-filter
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test031-component-filter	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test031-component-filter	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.7.2.8 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.7.2.9 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test032-chain
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test032-chain	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test032-chain	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test032-chain,v 1.4.2.7 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test032-chain,v 1.4.2.8 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test034-translucent
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test034-translucent	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test034-translucent	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.1.2.5 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.1.2.7 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -577,6 +577,24 @@
 	exit 1
 fi
 
+echo "Testing delete: valid local record, remote attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+        $TESTOUT 2>&1 << EOF_MOD8
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+delete: initials
+EOF_MOD8
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)"
+	grep "$FAILURE" $TESTOUT
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
 echo "Testing modify: valid remote record, combination add-modify-delete..."
 
 $LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \

Modified: openldap/vendor/openldap-release/tests/scripts/test035-meta
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test035-meta	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test035-meta	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test035-meta,v 1.4.2.8 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test035-meta,v 1.4.2.9 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test036-meta-concurrency,v 1.6.2.8 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test036-meta-concurrency,v 1.6.2.9 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test037-manage
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test037-manage	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test037-manage	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test037-manage,v 1.8.2.4 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test037-manage,v 1.8.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test038-retcode
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test038-retcode	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test038-retcode	2007-05-23 19:07:37 UTC (rev 797)
@@ -2,7 +2,7 @@
 # $Header$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test039-glue-ldap-concurrency,v 1.1.2.7 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test039-glue-ldap-concurrency,v 1.1.2.8 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test040-subtree-rename,v 1.1.2.3 2006/01/03 22:16:29 kurt Exp $ */
+# $OpenLDAP: pkg/ldap/tests/scripts/test040-subtree-rename,v 1.1.2.4 2007/01/02 21:44:13 kurt Exp $ */
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test041-aci
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test041-aci	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test041-aci	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test041-aci,v 1.3.2.7 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test041-aci,v 1.3.2.8 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test042-valsort
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test042-valsort	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test042-valsort	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test042-valsort,v 1.1.2.3 2006/01/03 22:16:29 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test042-valsort,v 1.1.2.4 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.1.2.4 2006/11/02 18:15:05 hyc Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.1.2.5 2007/01/02 21:44:13 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test044-dynlist
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test044-dynlist	2007-05-23 19:04:08 UTC (rev 796)
+++ openldap/vendor/openldap-release/tests/scripts/test044-dynlist	2007-05-23 19:07:37 UTC (rev 797)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without




More information about the Pkg-openldap-devel mailing list