Add LDAPI

Makefile.am

@@ -880,6 +880,10 @@ mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSD
 #------------------------
 # ns-slapd
 #------------------------
+if enable_ldapi
+        GETSOCKETPEER=ldap/servers/slapd/getsocketpeer.c
+endif
+
 ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
 	ldap/servers/slapd/auth.c \
 	ldap/servers/slapd/bind.c  \
@@ -912,7 +916,8 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
 	ldap/servers/slapd/strdup.c \
 	ldap/servers/slapd/stubs.c \
 	ldap/servers/slapd/tempnam.c  \
-	ldap/servers/slapd/unbind.c
+	ldap/servers/slapd/unbind.c \
+	$(GETSOCKETPEER)
 
 ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) @sasl_inc@ @ldapsdk_inc@ @nss_inc@ \
 	@nspr_inc@ @svrcore_inc@

Makefile.in

@@ -628,6 +628,26 @@ mmldif_bin_OBJECTS = $(am_mmldif_bin_OBJECTS)
 mmldif_bin_DEPENDENCIES = libslapd.la $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am__ns_slapd_SOURCES_DIST = ldap/servers/slapd/abandon.c \
+	ldap/servers/slapd/auth.c ldap/servers/slapd/bind.c \
+	ldap/servers/slapd/compare.c ldap/servers/slapd/config.c \
+	ldap/servers/slapd/configdse.c ldap/servers/slapd/connection.c \
+	ldap/servers/slapd/conntable.c ldap/servers/slapd/daemon.c \
+	ldap/servers/slapd/detach.c ldap/servers/slapd/extendop.c \
+	ldap/servers/slapd/fedse.c ldap/servers/slapd/fileio.c \
+	ldap/servers/slapd/getopt_ext.c ldap/servers/slapd/globals.c \
+	ldap/servers/slapd/house.c ldap/servers/slapd/init.c \
+	ldap/servers/slapd/lite_entries.c ldap/servers/slapd/main.c \
+	ldap/servers/slapd/monitor.c ldap/servers/slapd/passwd_extop.c \
+	ldap/servers/slapd/protect_db.c ldap/servers/slapd/psearch.c \
+	ldap/servers/slapd/pw_mgmt.c ldap/servers/slapd/rootdse.c \
+	ldap/servers/slapd/sasl_io.c ldap/servers/slapd/saslbind.c \
+	ldap/servers/slapd/search.c \
+	ldap/servers/slapd/start_tls_extop.c \
+	ldap/servers/slapd/strdup.c ldap/servers/slapd/stubs.c \
+	ldap/servers/slapd/tempnam.c ldap/servers/slapd/unbind.c \
+	ldap/servers/slapd/getsocketpeer.c
+@enable_ldapi_TRUE@am__objects_4 = ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT)
 am_ns_slapd_OBJECTS = ldap/servers/slapd/ns_slapd-abandon.$(OBJEXT) \
 	ldap/servers/slapd/ns_slapd-auth.$(OBJEXT) \
 	ldap/servers/slapd/ns_slapd-bind.$(OBJEXT) \
@@ -660,7 +680,7 @@ am_ns_slapd_OBJECTS = ldap/servers/slapd/ns_slapd-abandon.$(OBJEXT) \
 	ldap/servers/slapd/ns_slapd-strdup.$(OBJEXT) \
 	ldap/servers/slapd/ns_slapd-stubs.$(OBJEXT) \
 	ldap/servers/slapd/ns_slapd-tempnam.$(OBJEXT) \
-	ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT)
+	ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT) $(am__objects_4)
 ns_slapd_OBJECTS = $(am_ns_slapd_OBJECTS)
 ns_slapd_DEPENDENCIES = libslapd.la libldaputil.a \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
@@ -752,7 +772,7 @@ DIST_SOURCES = $(libavl_a_SOURCES) $(libldaputil_a_SOURCES) \
 	$(ldap_agent_bin_SOURCES) $(am__ldclt_bin_SOURCES_DIST) \
 	$(ldif_bin_SOURCES) $(makstrdb_SOURCES) \
 	$(migratecred_bin_SOURCES) $(mmldif_bin_SOURCES) \
-	$(ns_slapd_SOURCES) $(pwdhash_bin_SOURCES) \
+	$(am__ns_slapd_SOURCES_DIST) $(pwdhash_bin_SOURCES) \
 	$(rsearch_bin_SOURCES)
 configDATA_INSTALL = $(INSTALL_DATA)
 nodist_propertyDATA_INSTALL = $(INSTALL_DATA)
@@ -837,7 +857,6 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PKG_CONFIG = @PKG_CONFIG@
 RANLIB = @RANLIB@
-SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SOLARIS_FALSE = @SOLARIS_FALSE@
@@ -882,6 +901,8 @@ db_libver = @db_libver@
 debug_defs = @debug_defs@
 enable_dna_FALSE = @enable_dna_FALSE@
 enable_dna_TRUE = @enable_dna_TRUE@
+enable_ldapi_FALSE = @enable_ldapi_FALSE@
+enable_ldapi_TRUE = @enable_ldapi_TRUE@
 enable_pam_passthru_FALSE = @enable_pam_passthru_FALSE@
 enable_pam_passthru_TRUE = @enable_pam_passthru_TRUE@
 exec_prefix = @exec_prefix@
@@ -1749,6 +1770,7 @@ mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSD
 #------------------------
 # ns-slapd
 #------------------------
+@enable_ldapi_TRUE@GETSOCKETPEER = ldap/servers/slapd/getsocketpeer.c
 ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
 	ldap/servers/slapd/auth.c \
 	ldap/servers/slapd/bind.c  \
@@ -1781,7 +1803,8 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
 	ldap/servers/slapd/strdup.c \
 	ldap/servers/slapd/stubs.c \
 	ldap/servers/slapd/tempnam.c  \
-	ldap/servers/slapd/unbind.c
+	ldap/servers/slapd/unbind.c \
+	$(GETSOCKETPEER)
 
 ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) @sasl_inc@ @ldapsdk_inc@ @nss_inc@ \
 	@nspr_inc@ @svrcore_inc@
@@ -3628,6 +3651,9 @@ ldap/servers/slapd/ns_slapd-tempnam.$(OBJEXT):  \
 ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT):  \
 	ldap/servers/slapd/$(am__dirstamp) \
 	ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT):  \
+	ldap/servers/slapd/$(am__dirstamp) \
+	ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
 ns-slapd$(EXEEXT): $(ns_slapd_OBJECTS) $(ns_slapd_DEPENDENCIES) 
 	@rm -f ns-slapd$(EXEEXT)
 	$(ns_slapd_LINK) $(ns_slapd_LDFLAGS) $(ns_slapd_OBJECTS) $(ns_slapd_LDADD) $(LIBS)
@@ -4342,6 +4368,7 @@ mostlyclean-compile:
 	-rm -f ldap/servers/slapd/ns_slapd-fedse.$(OBJEXT)
 	-rm -f ldap/servers/slapd/ns_slapd-fileio.$(OBJEXT)
 	-rm -f ldap/servers/slapd/ns_slapd-getopt_ext.$(OBJEXT)
+	-rm -f ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT)
 	-rm -f ldap/servers/slapd/ns_slapd-globals.$(OBJEXT)
 	-rm -f ldap/servers/slapd/ns_slapd-house.$(OBJEXT)
 	-rm -f ldap/servers/slapd/ns_slapd-init.$(OBJEXT)
@@ -4792,6 +4819,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-fedse.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-fileio.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-getopt_ext.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-globals.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-house.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-init.Po@am__quote@
@@ -8241,6 +8269,20 @@ ldap/servers/slapd/ns_slapd-unbind.obj: ldap/servers/slapd/unbind.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-unbind.obj `if test -f 'ldap/servers/slapd/unbind.c'; then $(CYGPATH_W) 'ldap/servers/slapd/unbind.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/unbind.c'; fi`
 
+ldap/servers/slapd/ns_slapd-getsocketpeer.o: ldap/servers/slapd/getsocketpeer.c
+@am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-getsocketpeer.o -MD -MP -MF "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.o `test -f 'ldap/servers/slapd/getsocketpeer.c' || echo '$(srcdir)/'`ldap/servers/slapd/getsocketpeer.c; \
+@am__fastdepCC_TRUE@	then mv -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po"; else rm -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/slapd/getsocketpeer.c' object='ldap/servers/slapd/ns_slapd-getsocketpeer.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.o `test -f 'ldap/servers/slapd/getsocketpeer.c' || echo '$(srcdir)/'`ldap/servers/slapd/getsocketpeer.c
+
+ldap/servers/slapd/ns_slapd-getsocketpeer.obj: ldap/servers/slapd/getsocketpeer.c
+@am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-getsocketpeer.obj -MD -MP -MF "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.obj `if test -f 'ldap/servers/slapd/getsocketpeer.c'; then $(CYGPATH_W) 'ldap/servers/slapd/getsocketpeer.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/getsocketpeer.c'; fi`; \
+@am__fastdepCC_TRUE@	then mv -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po"; else rm -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ldap/servers/slapd/getsocketpeer.c' object='ldap/servers/slapd/ns_slapd-getsocketpeer.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.obj `if test -f 'ldap/servers/slapd/getsocketpeer.c'; then $(CYGPATH_W) 'ldap/servers/slapd/getsocketpeer.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/getsocketpeer.c'; fi`
+
 ldap/servers/slapd/tools/pwdhash_bin-pwenc.o: ldap/servers/slapd/tools/pwenc.c
 @am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pwdhash_bin_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/tools/pwdhash_bin-pwenc.o -MD -MP -MF "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo" -c -o ldap/servers/slapd/tools/pwdhash_bin-pwenc.o `test -f 'ldap/servers/slapd/tools/pwenc.c' || echo '$(srcdir)/'`ldap/servers/slapd/tools/pwenc.c; \
 @am__fastdepCC_TRUE@	then mv -f "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo" "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Po"; else rm -f "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo"; exit 1; fi

aclocal.m4

@@ -1597,7 +1597,7 @@ linux*)
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
   fi
 
@@ -4305,9 +4305,6 @@ CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
 # Is the compiler the GNU C compiler?
 with_gcc=$_LT_AC_TAGVAR(GCC, $1)
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -4441,11 +4438,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -4457,7 +4454,7 @@ postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -4537,7 +4534,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -6373,7 +6370,6 @@ do
     done
   done
 done
-IFS=$as_save_IFS
 lt_ac_max=0
 lt_ac_count=0
 # Add /usr/xpg4/bin/sed as it is typically found on Solaris
@@ -6406,7 +6402,6 @@ for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
 done
 ])
 SED=$lt_cv_path_SED
-AC_SUBST([SED])
 AC_MSG_RESULT([$SED])
 ])
 

configure

@@ -465,7 +465,7 @@ ac_includes_default="\
 #endif"
 
 ac_default_prefix=/opt/$PACKAGE_NAME
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE enable_ldapi_TRUE enable_ldapi_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -3832,7 +3832,6 @@ do
     done
   done
 done
-IFS=$as_save_IFS
 lt_ac_max=0
 lt_ac_count=0
 # Add /usr/xpg4/bin/sed as it is typically found on Solaris
@@ -3867,7 +3866,6 @@ done
 fi
 
 SED=$lt_cv_path_SED
-
 echo "$as_me:$LINENO: result: $SED" >&5
 echo "${ECHO_T}$SED" >&6
 
@@ -4308,7 +4306,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 4311 "configure"' > conftest.$ac_ext
+  echo '#line 4309 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -5443,7 +5441,7 @@ fi
 
 
 # Provide some information about the compiler.
-echo "$as_me:5446:" \
+echo "$as_me:5444:" \
      "checking for Fortran 77 compiler version" >&5
 ac_compiler=`set X $ac_compile; echo $2`
 { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
@@ -6506,11 +6504,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6509: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6507: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:6513: \$? = $ac_status" >&5
+   echo "$as_me:6511: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -6774,11 +6772,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6777: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6775: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:6781: \$? = $ac_status" >&5
+   echo "$as_me:6779: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -6878,11 +6876,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6881: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6879: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:6885: \$? = $ac_status" >&5
+   echo "$as_me:6883: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -8347,7 +8345,7 @@ linux*)
   libsuff=
   case "$host_cpu" in
   x86_64*|s390x*|powerpc64*)
-    echo '#line 8350 "configure"' > conftest.$ac_ext
+    echo '#line 8348 "configure"' > conftest.$ac_ext
     if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -8366,7 +8364,7 @@ linux*)
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
   fi
 
@@ -9244,7 +9242,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 9247 "configure"
+#line 9245 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -9344,7 +9342,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 9347 "configure"
+#line 9345 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -9675,9 +9673,6 @@ CC=$lt_compiler
 # Is the compiler the GNU C compiler?
 with_gcc=$GCC
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -9811,11 +9806,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_predep_objects | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_predep_objects
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_postdep_objects | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_postdep_objects
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -9827,7 +9822,7 @@ postdeps=$lt_postdeps
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_compiler_lib_search_path | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_compiler_lib_search_path
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -9907,7 +9902,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$link_all_deplibs
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -11687,11 +11682,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:11690: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:11685: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:11694: \$? = $ac_status" >&5
+   echo "$as_me:11689: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -11791,11 +11786,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:11794: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:11789: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:11798: \$? = $ac_status" >&5
+   echo "$as_me:11793: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -12327,7 +12322,7 @@ linux*)
   libsuff=
   case "$host_cpu" in
   x86_64*|s390x*|powerpc64*)
-    echo '#line 12330 "configure"' > conftest.$ac_ext
+    echo '#line 12325 "configure"' > conftest.$ac_ext
     if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -12346,7 +12341,7 @@ linux*)
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
   fi
 
@@ -12731,9 +12726,6 @@ CC=$lt_compiler_CXX
 # Is the compiler the GNU C compiler?
 with_gcc=$GCC_CXX
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -12867,11 +12859,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_predep_objects_CXX
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_postdep_objects_CXX
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -12883,7 +12875,7 @@ postdeps=$lt_postdeps_CXX
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -12963,7 +12955,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$link_all_deplibs_CXX
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -13385,11 +13377,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13388: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13380: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:13392: \$? = $ac_status" >&5
+   echo "$as_me:13384: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -13489,11 +13481,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13492: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13484: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:13496: \$? = $ac_status" >&5
+   echo "$as_me:13488: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -14938,7 +14930,7 @@ linux*)
   libsuff=
   case "$host_cpu" in
   x86_64*|s390x*|powerpc64*)
-    echo '#line 14941 "configure"' > conftest.$ac_ext
+    echo '#line 14933 "configure"' > conftest.$ac_ext
     if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -14957,7 +14949,7 @@ linux*)
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
   fi
 
@@ -15342,9 +15334,6 @@ CC=$lt_compiler_F77
 # Is the compiler the GNU C compiler?
 with_gcc=$GCC_F77
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -15478,11 +15467,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_predep_objects_F77
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_postdep_objects_F77
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -15494,7 +15483,7 @@ postdeps=$lt_postdeps_F77
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_compiler_lib_search_path_F77
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -15574,7 +15563,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$link_all_deplibs_F77
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -15716,11 +15705,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15719: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:15708: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:15723: \$? = $ac_status" >&5
+   echo "$as_me:15712: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -15984,11 +15973,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15987: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:15976: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:15991: \$? = $ac_status" >&5
+   echo "$as_me:15980: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -16088,11 +16077,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16091: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16080: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:16095: \$? = $ac_status" >&5
+   echo "$as_me:16084: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -17557,7 +17546,7 @@ linux*)
   libsuff=
   case "$host_cpu" in
   x86_64*|s390x*|powerpc64*)
-    echo '#line 17560 "configure"' > conftest.$ac_ext
+    echo '#line 17549 "configure"' > conftest.$ac_ext
     if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -17576,7 +17565,7 @@ linux*)
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra"
   fi
 
@@ -17961,9 +17950,6 @@ CC=$lt_compiler_GCJ
 # Is the compiler the GNU C compiler?
 with_gcc=$GCC_GCJ
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -18097,11 +18083,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_predep_objects_GCJ
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_postdep_objects_GCJ
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -18113,7 +18099,7 @@ postdeps=$lt_postdeps_GCJ
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -18193,7 +18179,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$link_all_deplibs_GCJ
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -18445,9 +18431,6 @@ CC=$lt_compiler_RC
 # Is the compiler the GNU C compiler?
 with_gcc=$GCC_RC
 
-gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\`
-gcc_ver=\`gcc -dumpversion\`
-
 # An ERE matcher.
 EGREP=$lt_EGREP
 
@@ -18581,11 +18564,11 @@ striplib=$lt_striplib
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+predep_objects=$lt_predep_objects_RC
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+postdep_objects=$lt_postdep_objects_RC
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -18597,7 +18580,7 @@ postdeps=$lt_postdeps_RC
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+compiler_lib_search_path=$lt_compiler_lib_search_path_RC
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
@@ -18677,7 +18660,7 @@ variables_saved_for_relink="$variables_saved_for_relink"
 link_all_deplibs=$link_all_deplibs_RC
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\`
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
 
 # Run-time system search path for libraries
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
@@ -23005,6 +22988,16 @@ else
 echo "${ECHO_T}no" >&6
 fi
 
+
+if test "$enable_ldapi" = "yes"; then
+  enable_ldapi_TRUE=
+  enable_ldapi_FALSE='#'
+else
+  enable_ldapi_TRUE='#'
+  enable_ldapi_FALSE=
+fi
+
+
 # the default prefix - override with --prefix or --with-fhs
 
 
@@ -25218,6 +25211,13 @@ echo "$as_me: error: conditional \"enable_dna\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
    { (exit 1); exit 1; }; }
 fi
+if test -z "${enable_ldapi_TRUE}" && test -z "${enable_ldapi_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"enable_ldapi\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"enable_ldapi\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
 if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then
   { { echo "$as_me:$LINENO: error: conditional \"WINNT\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
@@ -25826,7 +25826,6 @@ s,@ac_ct_CC@,$ac_ct_CC,;t t
 s,@CCDEPMODE@,$CCDEPMODE,;t t
 s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
 s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
-s,@SED@,$SED,;t t
 s,@EGREP@,$EGREP,;t t
 s,@LN_S@,$LN_S,;t t
 s,@ECHO@,$ECHO,;t t
@@ -25848,6 +25847,8 @@ s,@enable_pam_passthru_TRUE@,$enable_pam_passthru_TRUE,;t t
 s,@enable_pam_passthru_FALSE@,$enable_pam_passthru_FALSE,;t t
 s,@enable_dna_TRUE@,$enable_dna_TRUE,;t t
 s,@enable_dna_FALSE@,$enable_dna_FALSE,;t t
+s,@enable_ldapi_TRUE@,$enable_ldapi_TRUE,;t t
+s,@enable_ldapi_FALSE@,$enable_ldapi_FALSE,;t t
 s,@configdir@,$configdir,;t t
 s,@sampledatadir@,$sampledatadir,;t t
 s,@propertydir@,$propertydir,;t t

configure.ac

@@ -119,6 +119,7 @@ if test "$enable_ldapi" = yes ; then
 else
   AC_MSG_RESULT(no)
 fi
+AM_CONDITIONAL(enable_ldapi,test "$enable_ldapi" = "yes")
 
 # the default prefix - override with --prefix or --with-fhs
 AC_PREFIX_DEFAULT([/opt/$PACKAGE_NAME])

ldap/admin/src/create_instance.c

@@ -2686,6 +2686,20 @@ char *ds_gen_confs(char *sroot, server_config_s *cf, char *cs_path)
     fprintf(f, "nsslapd-return-exact-case: on\n");
     fprintf(f, "nsslapd-ssl-check-hostname: on\n");
     fprintf(f, "nsslapd-port: %s\n", cf->servport);
+#if defined(ENABLE_LDAPI)
+    fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid);
+    fprintf(f, "nsslapd-ldapilisten: on\n");
+#if defined(ENABLE_AUTOBIND)
+    fprintf(f, "nsslapd-ldapiautobind: on\n");
+#endif /* ENABLE_AUTOBIND */
+    fprintf(f, "nsslapd-ldapimaprootdn: cn=Directory Manager\n");
+    fprintf(f, "nsslapd-ldapimaptoentries: off\n");
+    fprintf(f, "nsslapd-ldapiuidnumbertype: uidNumber\n");
+    fprintf(f, "nsslapd-ldapigidnumbertype: gidNumber\n");
+    fprintf(f, "nsslapd-ldapientrysearchbase: dc=example, dc=com\n");
+    fprintf(f, "nsslapd-ldapiautodnsuffix: cn=peercred,cn=external,cn=auth\n");
+#endif /* ENABLE_LDAPI */
+
 #if !defined( XP_WIN32 )
     if (cf->servuser && *(cf->servuser)) {
         fprintf(f, "nsslapd-localuser: %s\n", cf->servuser);

ldap/servers/slapd/back-ldif/close.c

@@ -92,10 +92,10 @@ ldif_back_close( Slapi_PBlock *pb )
 {
   LDIF   *db;
   
-  LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend syncing\n", 0, 0, 0 );
+  LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend syncing\n", 0, 0, 0 );
   slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &db );
   ldif_free_db(db);
-  LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend done syncing\n", 0, 0, 0 );
+  LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend done syncing\n", 0, 0, 0 );
 }
 
 /*
@@ -108,8 +108,8 @@ ldif_back_close( Slapi_PBlock *pb )
 void
 ldif_back_flush( Slapi_PBlock *pb )
 {
-  LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend flushing\n", 0, 0, 0 );
-  LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend done flushing\n", 0, 0, 0 );
+  LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend flushing\n", 0, 0, 0 );
+  LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend done flushing\n", 0, 0, 0 );
   return;
 }
 

ldap/servers/slapd/bind.c

@@ -126,6 +126,7 @@ do_bind( Slapi_PBlock *pb )
     char **supported, **pmech;
     char authtypebuf[256]; /* >26 (strlen(SLAPD_AUTH_SASL)+SASL_MECHNAMEMAX+1) */
     Slapi_Entry *bind_target_entry = NULL;
+    int auto_bind = 0;
 
     LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
 
@@ -250,14 +251,31 @@ do_bind( Slapi_PBlock *pb )
         slapi_pblock_get (pb, SLAPI_PWPOLICY, &pw_response_requested);
     }
 
-    log_bind_access(pb, dn, method, version, saslmech, NULL);
+    PR_Lock( pb->pb_conn->c_mutex );
 
     /* According to RFC2251,
      * "if the bind fails, the connection will be treated as anonymous".
      */
-    PR_Lock( pb->pb_conn->c_mutex );
-    bind_credentials_clear( pb->pb_conn, PR_FALSE, /* conn is already locked */
+    bind_credentials_clear( pb->pb_conn, PR_FALSE, /* do not lock conn */
                             PR_FALSE /* do not clear external creds. */ );
+
+    /* LDAPI might have auto bind on, binding as anon should
+       mean bind as self in this case
+     */
+#if defined(ENABLE_AUTOBIND)
+    if((0 == dn || 0 == dn[0]) && pb->pb_conn->c_unix_local)
+    {
+        slapd_bind_local_user(pb->pb_conn);
+	
+	if(pb->pb_conn->c_dn)
+	{
+            auto_bind = 1; /* flag the bind method */
+	    dn = slapi_ch_strdup(pb->pb_conn->c_dn);
+	    slapi_sdn_init_dn_passin(&sdn,dn);
+	}
+    }
+#endif /* ENABLE_AUTOBIND */
+
     /* Clear the password policy flag that forbid operation
      * other than Bind, Modify, Unbind :
      * With a new bind, the flag should be reset so that the new
@@ -266,6 +284,8 @@ do_bind( Slapi_PBlock *pb )
     pb->pb_conn->c_needpw = 0;
     PR_Unlock( pb->pb_conn->c_mutex );
 
+    log_bind_access(pb, dn, method, version, saslmech, NULL);
+
     switch ( version ) {
     case LDAP_VERSION2:
         if (method == LDAP_AUTH_SIMPLE
@@ -502,22 +522,31 @@ do_bind( Slapi_PBlock *pb )
 			/* get the entry now, so that we can give it to check_account_lock and reslimit_update_from_dn */
             if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
 				bind_target_entry = get_entry(pb,  slapi_sdn_get_ndn(&sdn));
-				rc = check_account_lock ( pb, bind_target_entry, pw_response_requested);
+				rc = check_account_lock ( pb, bind_target_entry, pw_response_requested,0);
             }
 
             slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
             set_db_default_result_handlers(pb);
-            if ( (rc != 1) && (((rc = (*be->be_bind)( pb ))
+            if ( (rc != 1) && (auto_bind || (((rc = (*be->be_bind)( pb ))
                                 == SLAPI_BIND_SUCCESS ) || rc
-                               == SLAPI_BIND_ANONYMOUS )) {
+                               == SLAPI_BIND_ANONYMOUS ))) {
                 long t;
                 {
                     char* authtype = NULL;
+
+                    if(auto_bind)
+                        rc = SLAPI_BIND_SUCCESS;
+
                     switch ( method ) {
                     case LDAP_AUTH_SIMPLE:
                         if (cred.bv_len != 0) {
                             authtype = SLAPD_AUTH_SIMPLE;
                         }
+#if defined(ENABLE_AUTOBIND)
+                        else if(auto_bind) {
+                            authtype = SLAPD_AUTH_OS;
+                        }
+#endif /* ENABLE_AUTOBIND */
                         break;
                     case LDAP_AUTH_SASL:
                         /* authtype = SLAPD_AUTH_SASL && saslmech: */
@@ -529,7 +558,8 @@ do_bind( Slapi_PBlock *pb )
                     }
 
                     if ( rc == SLAPI_BIND_SUCCESS ) {
-                        bind_credentials_set( pb->pb_conn,
+			if(!auto_bind)
+                            bind_credentials_set( pb->pb_conn,
                                               authtype, slapi_ch_strdup(
                                                   slapi_sdn_get_ndn(&sdn)),
                                               NULL, NULL, NULL, bind_target_entry );
@@ -545,7 +575,7 @@ do_bind( Slapi_PBlock *pb )
                     }
                 }
 
-                if ( rc != SLAPI_BIND_ANONYMOUS &&
+                if ( 0 == auto_bind && rc != SLAPI_BIND_ANONYMOUS &&
                      ! slapi_be_is_flag_set(be,
                                             SLAPI_BE_FLAG_REMOTE_DATA)) {
                     /* check if need new password before sending 

ldap/servers/slapd/configdse.c

@@ -65,6 +65,8 @@ static void get_log_max_size(   LDAPMod *mod,
 static const char *requires_restart[] = {
     "cn=config:nsslapd-port",
     "cn=config:nsslapd-secureport",
+    "cn=config:" CONFIG_LDAPI_FILENAME_ATTRIBUTE,
+    "cn=config:" CONFIG_LDAPI_SWITCH_ATTRIBUTE,
     "cn=config:nsslapd-workingdir",
     "cn=config:nsslapd-plugin",
     "cn=config:nsslapd-sslclientauth",

ldap/servers/slapd/connection.c

@@ -511,21 +511,27 @@ connection_dispatch_operation(Connection *conn, Operation *op, Slapi_PBlock *pb)
 	{
 		int i = 1;
 		int ret = 0;
-		/* Set TCP_CORK here */
-		ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i));
-		if (ret < 0) {
-			LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %d\n",conn->c_connid, 0, 0);
+		/* Set TCP_CORK here but only if this is not LDAPI */
+		if(!conn->c_unix_local)
+		{
+			ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i));
+			if (ret < 0) {
+				LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %d\n",conn->c_connid, 0, 0);
+			}
 		}
 #endif
 
 		do_search( pb );
 
 #if defined(LINUX)
-		/* Clear TCP_CORK to flush any unsent data */
+		/* Clear TCP_CORK to flush any unsent data but only if not LDAPI*/
 		i = 0;
-		ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i));
-		if (ret < 0) {
-			LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %d\n",conn->c_connid, 0, 0);
+		if(!conn->c_unix_local)
+		{
+			ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i));
+			if (ret < 0) {
+				LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %d\n",conn->c_connid, 0, 0);
+			}
 		}
 	}
 #endif

ldap/servers/slapd/daemon.c

@@ -92,6 +92,10 @@
 
 #include "fe.h"
 
+#if defined(ENABLE_LDAPI)
+#include "getsocketpeer.h"
+#endif /* ENABLE_LDAPI */
+
 /*
  * Define the backlog number for use in listen() call.
  * We use the same definition as in ldapserver/include/base/systems.h
@@ -125,6 +129,7 @@ static int readsignalpipe = SLAPD_INVALID_SOCKET;
 #define FDS_SIGNAL_PIPE 0
 #define FDS_N_TCPS      1
 #define FDS_S_TCPS      2
+#define FDS_I_UNIX	3
 
 static int get_configured_connection_table_size();
 #ifdef RESOLVER_NEEDS_LOW_FILE_DESCRIPTORS
@@ -135,11 +140,11 @@ static void get_loopback_by_addr( void );
 static int createlistensocket(unsigned short port, const PRNetAddr *listenaddr);
 #endif
 static PRFileDesc *createprlistensocket(unsigned short port,
-	const PRNetAddr *listenaddr, int secure);
+	const PRNetAddr *listenaddr, int secure, int local);
 static const char *netaddr2string(const PRNetAddr *addr, char *addrbuf,
 	size_t addrbuflen);
 static void	set_shutdown (int);
-static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRIntn *num_to_read);
+static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix, PRIntn *num_to_read);
 
 #ifdef HPUX10
 static void* catch_signals();
@@ -274,7 +279,7 @@ syn_scan (int sock)
 
 static int
 accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr, 
-	int addrlen, int secure, PRFileDesc **pr_clonefd)
+	int addrlen, int secure, int local, PRFileDesc **pr_clonefd)
 {
 	int ns = 0;
 
@@ -290,7 +295,7 @@ accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr,
 		return(SLAPD_INVALID_SOCKET);
 	}
 
-	ns = configure_pr_socket( pr_clonefd, secure );
+	ns = configure_pr_socket( pr_clonefd, secure, local );
 
 #else /* Windows */
 	if( secure ) {
@@ -316,7 +321,7 @@ accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr,
 			return(SLAPD_INVALID_SOCKET);
 		}
 
-		ns = configure_pr_socket( pr_clonefd, secure );
+		ns = configure_pr_socket( pr_clonefd, secure, local );
 
 	} else { /* !secure */
 		struct sockaddr *addr; /* NOT IPv6 enabled */
@@ -364,11 +369,11 @@ static void set_timeval_ms(struct timeval *t, int ms);
 #endif
 /* GGOODREPL static void handle_timeout( void ); */
 static void handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll);
-static int handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure );
+static int handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure, int local );
 #ifdef _WIN32
 static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, int n_tcps, PRFileDesc *s_tcps);
 #else
-static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps);
+static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix);
 #endif
 static int write_pid_file();
 static int init_shutdown_detect();
@@ -392,13 +397,13 @@ int daemon_pre_setuid_init(daemon_ports_t *ports)
 											 &ports->n_listenaddr);
 #else
 		ports->n_socket = createprlistensocket(ports->n_port,
-											 &ports->n_listenaddr, 0);
+											 &ports->n_listenaddr, 0, 0);
 #endif
 	}
 
 	if ( config_get_security() && (0 != ports->s_port) ) {
 		ports->s_socket = createprlistensocket((unsigned short)ports->s_port,
-		    &ports->s_listenaddr, 1);
+		    &ports->s_listenaddr, 1, 0);
 #ifdef XP_WIN32
 		ports->s_socket_native = PR_FileDesc2NativeHandle(ports->s_socket);
 #endif
@@ -409,6 +414,15 @@ int daemon_pre_setuid_init(daemon_ports_t *ports)
 #endif
 	}
 
+#ifndef XP_WIN32
+#if defined(ENABLE_LDAPI)
+	/* ldapi */
+	if(0 != ports->i_port) {
+		ports->i_socket = createprlistensocket(1, &ports->i_listenaddr, 0, 1);
+	}
+#endif /* ENABLE_LDAPI */
+#endif
+
 	return( rc );
 }
 
@@ -460,8 +474,8 @@ time_thread(void *nothing)
 
 void slapd_daemon( daemon_ports_t *ports )
 {
-	/* We are passed a pair of ports---one for regular connections, the
-	 * other for SSL connections.
+	/* We are passed some ports---one for regular connections, one
+	 * for SSL connections, one for ldapi connections.
 	 */
 	/* Previously there was a ton of code #defined on NET_SSL. 
 	 * This looked horrible, so now I'm doing it this way:
@@ -475,6 +489,7 @@ void slapd_daemon( daemon_ports_t *ports )
 #else
 	PRFileDesc *n_tcps = NULL; 
 	PRFileDesc *tcps = 0;
+	PRFileDesc *i_unix = 0;
 #endif
 	PRFileDesc *s_tcps = NULL; 
 	PRIntn num_poll = 0;
@@ -504,16 +519,24 @@ void slapd_daemon( daemon_ports_t *ports )
 	s_tcps = ports->s_socket;
 #ifdef XP_WIN32
 	s_tcps_native = ports->s_socket_native;
+#else
+#if defined(ENABLE_LDAPI)
+	i_unix = ports->i_socket;
+#endif /* ENABLE_LDAPI */
 #endif
 	
 	createsignalpipe();
 
 	init_shutdown_detect();
 
+	if (
 #if defined( XP_WIN32 )
-	if ( (n_tcps == SLAPD_INVALID_SOCKET) && 
+		(n_tcps == SLAPD_INVALID_SOCKET) && 
 #else
-	if ( (n_tcps == NULL) && 
+		(n_tcps == NULL) &&
+#if defined(ENABLE_LDAPI)
+		(i_unix == NULL) &&
+#endif /* ENABLE_LDAPI */
 #endif
 	    (s_tcps == NULL) ) {	/* nothing to do */
 	    LDAPDebug( LDAP_DEBUG_ANY,
@@ -521,7 +544,7 @@ void slapd_daemon( daemon_ports_t *ports )
 	    exit( 1 );
 	}
 
-	unfurl_banners(the_connection_table,ports,n_tcps,s_tcps);
+	unfurl_banners(the_connection_table,ports,n_tcps,s_tcps,i_unix);
 	init_op_threads ();
 	detect_timeout_support();
 
@@ -580,6 +603,21 @@ void slapd_daemon( daemon_ports_t *ports )
 		g_set_shutdown( SLAPI_SHUTDOWN_EXIT );
 	}
 
+#if !defined( XP_WIN32 )
+#if defined(ENABLE_LDAPI)
+	if( i_unix != NULL &&
+		PR_Listen(i_unix, DAEMON_LISTEN_SIZE) == PR_FAILURE) {
+		PRErrorCode prerr = PR_GetError();
+		slapi_log_error(SLAPI_LOG_FATAL, "slapd_daemon",
+			"listen() on %s failed: error %d (%s)\n",
+			ports->i_listenaddr.local.path,
+			prerr,
+			slapd_pr_strerror( prerr ));
+		g_set_shutdown( SLAPI_SHUTDOWN_EXIT );
+	}
+#endif /* ENABLE_LDAPI */
+#endif
+
 	/* Now we write the pid file, indicating that the server is finally and listening for connections */
 	write_pid_file();
 
@@ -593,6 +631,8 @@ void slapd_daemon( daemon_ports_t *ports )
 #endif
 		int select_return = 0;
 		int secure = 0; /* is a new connection an SSL one ? */
+		int local = 0; /* is new connection an ldapi one? */
+
 #ifndef _WIN32
 		PRErrorCode prerr;
 #endif
@@ -603,7 +643,7 @@ void slapd_daemon( daemon_ports_t *ports )
 		/* This select needs to timeout to give the server a chance to test for shutdown */
 		select_return = select(connection_table_size, &readfds, NULL, 0, &wakeup_timer);
 #else
-		setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,&num_poll);
+		setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,i_unix,&num_poll);
 		select_return = POLL_FN(the_connection_table->fd, num_poll, pr_timeout);
 #endif
 		switch (select_return) {
@@ -629,11 +669,11 @@ void slapd_daemon( daemon_ports_t *ports )
 #ifdef _WIN32
 			/* If so, then handle a new connection */
 			if ( n_tcps != SLAPD_INVALID_SOCKET && FD_ISSET( n_tcps,&readfds ) ) {
-				handle_new_connection(the_connection_table,n_tcps,NULL,0);
+				handle_new_connection(the_connection_table,n_tcps,NULL,0,0);
 			} 
 			/* If so, then handle a new connection */
 			if ( s_tcps != SLAPD_INVALID_SOCKET && FD_ISSET( s_tcps_native,&readfds ) ) {
-				handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,s_tcps,1);
+				handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,s_tcps,1,0);
 			} 
 			/* handle new data ready */
 			handle_read_ready(the_connection_table,&readfds);
@@ -650,9 +690,17 @@ void slapd_daemon( daemon_ports_t *ports )
 				tcps = s_tcps;
 				secure = 1;
 			}
+#if defined(ENABLE_LDAPI)
+			else if ( i_unix != 0 &&
+				the_connection_table->fd[FDS_I_UNIX].out_flags & SLAPD_POLL_FLAGS ) {
+				tcps = i_unix;
+				local = 1;
+			}
+#endif /* ENABLE_LDAPI */
+
 			/* If so, then handle a new connection */
 			if ( tcps != NULL ) {
-				handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,tcps,secure);
+				handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,tcps,secure,local);
 			}
 			/* handle new data ready */
 			handle_pr_read_ready(the_connection_table, connection_table_size);
@@ -674,11 +722,18 @@ void slapd_daemon( daemon_ports_t *ports )
 #ifdef _WIN32
 	if ( n_tcps != SLAPD_INVALID_SOCKET ) {
 		closesocket( n_tcps );
+	}
 #else
 	if ( n_tcps != NULL ) {
 		PR_Close( n_tcps );
-#endif
 	}
+
+	if ( i_unix != NULL ) {
+		PR_Close( i_unix );
+	}
+
+#endif
+
 	if ( s_tcps != NULL ) {
  		PR_Close( s_tcps );
 	}
@@ -934,7 +989,7 @@ static void setup_read_fds(Connection_Table *ct, fd_set *readfds, int n_tcps, in
 
 static int first_time_setup_pr_read_pds = 1;
 static void
-setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRIntn *num_to_read)
+setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix, PRIntn *num_to_read)
 {
 	Connection *c= NULL;
 	Connection *next= NULL;
@@ -999,7 +1054,19 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps,
         ct->fd[FDS_S_TCPS].fd = NULL;
     }
 
-#if !defined(_WIN32) 
+#if !defined(_WIN32)
+	/* The fds entry for i_unix is always FDS_I_UNIX */
+	if (i_unix != NULL && accept_new_connections)
+	{
+		ct->fd[FDS_I_UNIX].fd = i_unix;
+		ct->fd[FDS_I_UNIX].in_flags = SLAPD_POLL_FLAGS;
+		ct->fd[FDS_I_UNIX].out_flags = 0;
+		LDAPDebug( LDAP_DEBUG_HOUSE,
+			"listening for LDAPI connections on %d\n", socketdesc, 0, 0 );
+	} else {
+		ct->fd[FDS_S_TCPS].fd = NULL;
+	}
+ 
 	/* The fds entry for the signalpipe is always FDS_SIGNAL_PIPE */
 	ct->fd[FDS_SIGNAL_PIPE].fd = signalpipe[0];
 	ct->fd[FDS_SIGNAL_PIPE].in_flags = SLAPD_POLL_FLAGS;
@@ -1013,8 +1080,9 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps,
     /* count is the number of entries we've place in the fds array.
      * we always put n_tcps in slot FDS_N_TCPS, s_tcps in slot
      * FDS_S_TCPS and the signal pipe in slot FDS_SIGNAL_PIPE
-     * so we now set count to 3 */
-    count = 3;
+     * and i_unix in FDS_I_UNIX
+     * so we now set count to 4 */
+    count = 4;
     
     /* Walk down the list of active connections to find 
 	 * out which connections we should poll over.  If a connection
@@ -1798,10 +1866,271 @@ daemon_register_connection()
         connection_type= factory_register_type(SLAPI_EXT_CONNECTION,offsetof(Connection,c_extension));
 	}
 }
-	
+
+#if defined(ENABLE_LDAPI)
+int
+slapd_identify_local_user(Connection *conn)
+{
+	int ret = -1;
+	uid_t uid = 0;
+	gid_t gid = 0;
+
+	if(0 == slapd_get_socket_peer(conn->c_prfd, &uid, &gid))
+	{
+		conn->c_local_uid = uid;
+		conn->c_local_gid = gid;
+
+		ret = 0;
+	}
+
+	return ret;
+}
+
+#if defined(ENABLE_AUTOBIND)
+int
+slapd_bind_local_user(Connection *conn)
+{
+	int ret = -1;
+	uid_t uid = conn->c_local_uid;
+	gid_t gid = conn->c_local_gid;
+
+	/* observe configuration for auto binding */
+	/* bind at all? */
+	if(config_get_ldapi_bind_switch())
+	{
+		/* map users to a dn
+		   root may also map to an entry
+		*/
+
+		/* require real entry? */
+		if(config_get_ldapi_map_entries())
+		{
+			/* get uid type to map to (e.g. uidNumber) */
+			char *utype = config_get_ldapi_uidnumber_type();
+			/* get gid type to map to (e.g. gidNumber) */
+			char *gtype = config_get_ldapi_gidnumber_type();
+			/* get base dn for search */
+			char *base_dn = config_get_ldapi_search_base_dn();
+
+			/* search vars */
+			Slapi_PBlock *search_pb = 0;
+			Slapi_Entry **entries = 0;
+			int result;
+
+			/* filter manipulation vars */
+			char *one_type = 0;
+			char *filter_tpl = 0;
+			char *filter = 0;
+
+			/* create filter, matching whatever is given */
+			if(utype && gtype)
+			{
+				filter_tpl = "(&(%s=%u)(%s=%u))";
+			}
+			else
+			{
+				if(utype || gtype)
+				{
+					filter_tpl = "(%s=%u)";
+					if(utype)
+						one_type = utype;
+					else
+						one_type = gtype;
+				}
+				else
+				{
+					goto entry_map_free;
+				}
+			}
+
+			if(one_type)
+			{
+				if(one_type == utype)
+					filter = slapi_ch_smprintf(filter_tpl,
+						utype, uid);
+				else
+					filter = slapi_ch_smprintf(filter_tpl,
+						gtype, gid);
+			}
+			else
+			{
+				filter = slapi_ch_smprintf(filter_tpl, 
+					utype, uid, gtype, gid);
+			}
+
+			/* search for single entry matching types */
+			search_pb = slapi_pblock_new();
+
+			slapi_search_internal_set_pb(
+				search_pb, 
+				base_dn,
+				LDAP_SCOPE_SUBTREE,
+               			filter, 
+				NULL, 0, NULL, NULL, 
+				(void*)plugin_get_default_component_id(), 
+				0);
+
+			slapi_search_internal_pb(search_pb);
+			slapi_pblock_get(
+				search_pb,
+				SLAPI_PLUGIN_INTOP_RESULT, 
+				&result);
+			if(LDAP_SUCCESS == result)
+				 slapi_pblock_get(
+					search_pb,
+					SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
+					&entries);
+
+			if(entries)
+			{
+				/* zero or multiple entries fail */
+				if(entries[0] && 0 == entries[1])
+				{
+					/* observe account locking */
+					ret = check_account_lock(
+						0,  /* pb not req */
+						entries[0],
+						0, /* no response control */
+						1  /* inactivation only */
+						);
+
+					if(0 == ret)
+					{
+						char *auth_dn = slapi_ch_strdup(
+							slapi_entry_get_ndn(
+								entries[0]));
+
+						auth_dn = slapi_dn_normalize(
+							auth_dn);
+
+						bind_credentials_set_nolock(
+							conn,
+							SLAPD_AUTH_OS,
+							auth_dn,
+							NULL, NULL,
+							NULL , entries[0]);
+
+						ret = 0;
+					}
+				}
+			}
+
+entry_map_free:
+			/* auth_dn consumed by bind creds set */
+			slapi_free_search_results_internal(search_pb);
+			slapi_pblock_destroy(search_pb);
+			slapi_ch_free_string(&filter);
+			slapi_ch_free_string(&utype);
+                        slapi_ch_free_string(&gtype);
+                        slapi_ch_free_string(&base_dn);
+		}
+
+		if(ret && 0 == uid)
+		{
+			/* map unix root (uidNumber:0)? */
+			char *root_dn = config_get_ldapi_root_dn();
+
+			if(root_dn)
+			{
+				Slapi_DN *edn = slapi_sdn_new_dn_byref(
+					 slapi_dn_normalize(root_dn));
+				Slapi_Entry *e = 0;
+
+				/* root might be locked too! :) */
+				ret =  slapi_search_internal_get_entry(
+					edn, 0,
+        				&e,
+					(void*)plugin_get_default_component_id()
+
+					);	
+
+				if(0 == ret && e)
+				{
+					ret = check_account_lock(
+						0, /* pb not req */
+						e,
+						0, /* no response control */
+						1  /* inactivation only */
+						);
+
+					if(1 == ret)
+						/* sorry root,
+						 * just not cool enough
+						*/
+						goto root_map_free;
+				}
+
+				/* it's ok not to find the entry,
+				 * dn doesn't have to have an entry
+				 * e.g. cn=Directory Manager
+				 */
+				bind_credentials_set_nolock( 
+					conn, SLAPD_AUTH_OS, root_dn,
+					NULL, NULL, NULL , e);
+
+root_map_free:
+				/* root_dn consumed by bind creds set */
+				slapi_sdn_free(&edn);
+				slapi_entry_free(e);
+				ret = 0;
+			}
+		}
+
+		if(ret) 
+		{
+			/* create phony auth dn? */
+			char *base = config_get_ldapi_auto_dn_suffix();
+			if(base)
+			{
+				char *tpl = "gidNumber=%u+uidNumber=%u,";
+				int len = 
+				strlen(tpl) + 
+					strlen(base) +
+					51 /* uid,gid,null,w/padding */
+					;
+				char *dn_str = (char*)slapi_ch_malloc(
+					len);
+				char *auth_dn = (char*)slapi_ch_malloc(
+					len);
+
+				dn_str[0] = 0;
+				strcpy(dn_str, tpl);
+				strcat(dn_str, base);
+
+				sprintf(auth_dn, dn_str, gid, uid);
+
+				auth_dn = slapi_dn_normalize(auth_dn);
+
+				bind_credentials_set_nolock(
+					conn,
+					SLAPD_AUTH_OS,
+					auth_dn,
+                               		NULL, NULL, NULL , NULL);
+
+				/* auth_dn consumed by bind creds set */
+				slapi_ch_free_string(&dn_str);
+				slapi_ch_free_string(&base);
+				ret = 0;
+			}
+		}
+	}
+
+bail:
+	/* if all fails, the peer is anonymous */
+	if(conn->c_dn)
+	{
+		/* log the auto bind */
+		slapi_log_access(LDAP_DEBUG_STATS, "conn=%d AUTOBIND dn=\"%s\"\n", conn->c_connid, conn->c_dn);
+	}
+
+	return ret;
+}	
+#endif /* ENABLE_AUTOBIND */
+#endif /* ENABLE_LDAPI */
+
 /* NOTE: this routine is not reentrant */
 static int
-handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure)
+handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure, int local)
 {
 	int ns = 0;
 	Connection *conn = NULL;
@@ -1810,7 +2139,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
 	PRFileDesc *pr_clonefd = NULL;
 
 	if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from,
-		sizeof(from), secure, &pr_clonefd)) == SLAPD_INVALID_SOCKET ) {
+		sizeof(from), secure, local, &pr_clonefd)) == SLAPD_INVALID_SOCKET ) {
 		return -1;
 	}
 
@@ -1935,6 +2264,21 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
 		connection_table_move_connection_on_to_active_list(the_connection_table,conn);
 	}
 
+#if defined(ENABLE_LDAPI)
+#if !defined( XP_WIN32 )
+        /* ldapi */
+        if( local )
+        {
+                conn->c_unix_local = 1;
+		slapd_identify_local_user(conn);
+
+#if defined(ENABLE_AUTOBIND)
+                slapd_bind_local_user(conn);
+#endif /* ENABLE_AUTOBIND */
+        }
+#endif
+#endif /* ENABLE_LDAPI */
+
 	PR_Unlock( conn->c_mutex );
 
 	connection_new_private(conn);
@@ -2019,7 +2363,7 @@ static void
 unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, int n_tcps, PRFileDesc *s_tcps)
 #else
 static void
-unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps)
+unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix)
 #endif
 {
 	slapdFrontendConfig_t	*slapdFrontendConfig = getFrontendConfig();
@@ -2079,6 +2423,18 @@ unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, P
 			netaddr2string(&ports->s_listenaddr, addrbuf, sizeof(addrbuf)),
 		    ports->s_port, 0 );
 	}
+
+#if !defined( XP_WIN32 )
+#if defined(ENABLE_LDAPI)
+	if ( i_unix != NULL ) {                                 /* LDAPI */
+		LDAPDebug( LDAP_DEBUG_ANY,
+			"Listening on %s for LDAPI requests\n",
+			ports->i_listenaddr.local.path,
+			0, 0 );
+	}
+#endif /* ENABLE_LDAPI */
+#endif
+
 }
 
 #if defined( _WIN32 )
@@ -2273,7 +2629,7 @@ suppressed:
 
 static PRFileDesc *
 createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr,
-		int secure)
+		int secure, int local)
 {
 	PRFileDesc			*sock;
 	PRNetAddr			sa_server;
@@ -2281,16 +2637,26 @@ createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr,
 	PRSocketOptionData	pr_socketoption;
 	char				addrbuf[ 256 ];
 	char				*logname = "createprlistensocket";
+	int                             socktype = PR_AF_INET6;
+	char                            *socktype_s = "PR_AF_INET";
 
 	if (!port) goto suppressed;
 
 	PR_ASSERT( listenaddr != NULL );
 
+#if defined(ENABLE_LDAPI)
+	if(local) { /* ldapi */
+		socktype = PR_AF_LOCAL;
+		socktype_s = "PR_AF_LOCAL";
+	}
+#endif /* ENABLE_LDAPI */
+
 	/* create TCP socket */
-	if ((sock = PR_OpenTCPSocket(PR_AF_INET6)) == SLAPD_INVALID_SOCKET) {
+	if ((sock = PR_OpenTCPSocket(socktype)) == SLAPD_INVALID_SOCKET) {
 		prerr = PR_GetError();
 		slapi_log_error(SLAPI_LOG_FATAL, logname,
-		    "PR_OpenTCPSocket(PR_AF_INET6) failed: %s error %d (%s)\n",
+		    "PR_OpenTCPSocket(%s) failed: %s error %d (%s)\n",
+		    socktype_s,
 		    SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr));
 		goto failed;
 	}
@@ -2307,17 +2673,44 @@ createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr,
 
 	/* set up listener address, including port */
 	memcpy(&sa_server, listenaddr, sizeof(sa_server));
-	PRLDAP_SET_PORT( &sa_server, port );
+
+	if(!local)
+		PRLDAP_SET_PORT( &sa_server, port );
 
 	if ( PR_Bind(sock, &sa_server) == PR_FAILURE) {
 		prerr = PR_GetError();
-		slapi_log_error(SLAPI_LOG_FATAL, logname,
+		if(!local)
+		{
+			slapi_log_error(SLAPI_LOG_FATAL, logname,
 				"PR_Bind() on %s port %d failed: %s error %d (%s)\n",
 				netaddr2string(&sa_server, addrbuf, sizeof(addrbuf)), port,
 				SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr));
+		}
+#if defined(ENABLE_LDAPI)
+		else
+		{
+                        slapi_log_error(SLAPI_LOG_FATAL, logname,
+                                "PR_Bind() on %s file %s failed: %s error %d (%s)\n",
+                                netaddr2string(&sa_server, addrbuf, sizeof(addrbuf)),
+				sa_server.local.path,
+                                SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr));
+		}
+#endif /* ENABLE_LDAPI */
+
 		goto failed;	
 	}
 
+#if defined(ENABLE_LDAPI)
+	if(local)
+	{
+		if(chmod(listenaddr->local.path,
+			S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH))
+		{
+			slapi_log_error(SLAPI_LOG_FATAL, logname, "err: %d", errno);
+		}
+	}
+#endif /* ENABLE_LDAPI */
+
 	return( sock );
 
 failed:
@@ -2536,7 +2929,7 @@ PRFileDesc * get_ssl_listener_fd()
 
 
 
-int configure_pr_socket( PRFileDesc **pr_socket, int secure )
+int configure_pr_socket( PRFileDesc **pr_socket, int secure, int local )
 {
 	int ns = 0;
 	int reservedescriptors = config_get_reservedescriptors();
@@ -2617,7 +3010,7 @@ int configure_pr_socket( PRFileDesc **pr_socket, int secure )
 	} /* else (secure) */
 
 
-	if ( !enable_nagle ) {
+	if ( !enable_nagle && !local ) {
 
 		 pr_socketoption.option = PR_SockOpt_NoDelay;
 		 pr_socketoption.value.no_delay = 1;
@@ -2628,7 +3021,7 @@ int configure_pr_socket( PRFileDesc **pr_socket, int secure )
 					SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
 					prerr, slapd_pr_strerror( prerr ), 0 );
 		 }
-	} else {
+	} else if( !local) {
 		 pr_socketoption.option = PR_SockOpt_NoDelay;
 		 pr_socketoption.value.no_delay = 0;
 		 if ( PR_SetSocketOption( *pr_socket, &pr_socketoption ) == PR_FAILURE) {

ldap/servers/slapd/fe.h

@@ -173,7 +173,7 @@ int secure_write_function( int ignore, const void *buffer, int count, struct lex
 int read_function(int ignore, void *buffer,  int count, struct lextiof_socket_private *handle );
 int write_function(int ignore, const void *buffer,  int count, struct lextiof_socket_private *handle );
 PRFileDesc * get_ssl_listener_fd();
-int configure_pr_socket( PRFileDesc **pr_socket, int secure );
+int configure_pr_socket( PRFileDesc **pr_socket, int secure, int local );
 void configure_ns_socket( int * ns );
 
 /*

ldap/servers/slapd/getsocketpeer.c

@@ -0,0 +1,143 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif
+
+#if defined(ENABLE_LDAPI)
+
+#if defined(HAVE_GETPEERUCRED)
+#include <ucred.h>
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/socket.h>
+
+/* nspr secrets - we need to do an end run around nspr
+   in order to do things it does not support
+ */
+#include <private/pprio.h>
+
+int slapd_get_socket_peer(PRFileDesc *nspr_fd, uid_t *uid, gid_t *gid)
+{
+	int ret = -1;
+	int fd = PR_FileDesc2NativeHandle(nspr_fd); /* naughty private func */
+
+#if defined(SO_PEERCRED) /* linux */
+
+	struct ucred creds;
+	socklen_t len = sizeof(creds);
+
+	if(0 == getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void*)&creds, &len ))
+	{
+		if(sizeof(creds) == len)
+		{
+			if(uid)
+				*uid = creds.uid;
+			if(gid)
+				*gid = creds.gid;
+
+			ret = 0;
+		}
+	}
+
+#elif 0 /*defined(HAVE_GETPEERUCRED)*/ /* solaris */
+
+	ucred_t *creds = 0;
+
+	if(0 == getpeerucred(fd, &creds))
+	{
+		if(uid)
+		{
+			uid = ucred_getruid(creds);
+			if(-1 != uid)
+				ret = 0;
+		}
+
+		if(gid)
+		{
+			gid = ucred_getrgid(creds);
+			if(-1 == gid)
+				ret = -1;
+			else
+				ret = 0;
+		}
+
+		ucred_free(creds);
+	}
+
+#elif 0 /* defined(HAVE_GETPEEREID) */ /* osx / some BSDs */
+
+	if(0 == getpeereid(fd, &uid, &gid))
+		ret = 0;
+
+#else 0 /* hpux / some BSDs - file descriptor cooperative auth */
+
+        struct msghdr msg;
+	struct iovec iov;
+	char dummy[8];
+	int fd[2];
+
+	memset(msg, 0, sizeof(msg));
+	
+	iov.iov_base = dummy;
+	iov.iov_len = sizeof(dummy);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_accrights = (char*)fd;
+	msg.msg_accrightslen = sizeof(fd);
+
+        if(recvmsg(fd, &msg, MSG_PEEK) >= 0 && msg.msg_accrightslen == sizeof(int))
+        {
+		struct stat st;
+
+		ret = fstat(fd[0], &st);
+		close(fd[0]);
+
+		if(0 == ret && S_ISFIFO(st.st_mode) &&
+			0 == st.st_mode & (S_IRWXG|S_IRWXO))
+		{
+			if(uid)
+				uid = st.st_uid;
+
+			if(gid)
+				gid = st.st_gid;
+		}
+        }
+
+#endif
+
+	return ret;
+}
+
+#endif /* ENABLE_LDAPI */

ldap/servers/slapd/getsocketpeer.h

@@ -0,0 +1,40 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif
+#if defined(ENABLE_LDAPI)
+#if !defined(GETSOCKETPEER_H)
+#define GETSOCKETPEER_H
+int slapd_get_socket_peer(PRFileDesc *nspr_fd, uid_t *uid, gid_t *gid);
+#endif
+#endif /* ENABLE_LDAPI */

ldap/servers/slapd/libglobs.c

@@ -459,6 +459,33 @@ static struct config_get_and_set {
 	{CONFIG_LISTENHOST_ATTRIBUTE, config_set_listenhost,
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.listenhost, CONFIG_STRING, NULL},
+	{CONFIG_LDAPI_FILENAME_ATTRIBUTE, config_set_ldapi_filename,
+                NULL, 0,
+                (void**)&global_slapdFrontendConfig.ldapi_filename, CONFIG_STRING, NULL},
+        {CONFIG_LDAPI_SWITCH_ATTRIBUTE, config_set_ldapi_switch,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_switch, CONFIG_ON_OFF, NULL},
+        {CONFIG_LDAPI_BIND_SWITCH_ATTRIBUTE, config_set_ldapi_bind_switch,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_bind_switch, CONFIG_ON_OFF, NULL},
+        {CONFIG_LDAPI_ROOT_DN_ATTRIBUTE, config_set_ldapi_root_dn,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_root_dn, CONFIG_STRING, NULL},
+        {CONFIG_LDAPI_MAP_ENTRIES_ATTRIBUTE, config_set_ldapi_map_entries,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_map_entries, CONFIG_ON_OFF, NULL},
+        {CONFIG_LDAPI_UIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_uidnumber_type,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_uidnumber_type, CONFIG_STRING, NULL},
+        {CONFIG_LDAPI_GIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_gidnumber_type,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_gidnumber_type, CONFIG_STRING, NULL},
+        {CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE, config_set_ldapi_search_base_dn,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_search_base_dn, CONFIG_STRING, NULL},
+        {CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE, config_set_ldapi_auto_dn_suffix,
+                NULL, 0,
+		(void**)&global_slapdFrontendConfig.ldapi_auto_dn_suffix, CONFIG_STRING, NULL},
 	{CONFIG_ACCESSLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL,
 		log_set_mindiskspace, SLAPD_ACCESS_LOG,
 		(void**)&global_slapdFrontendConfig.accesslog_minfreespace, CONFIG_INT, NULL},
@@ -750,6 +777,15 @@ FrontendConfig_init () {
 				
   cfg->port = LDAP_PORT;
   cfg->secureport = LDAPS_PORT;
+  cfg->ldapi_filename = slapi_ch_strdup(SLAPD_LDAPI_DEFAULT_FILENAME);
+  cfg->ldapi_switch = LDAP_ON;
+  cfg->ldapi_bind_switch = LDAP_OFF;
+  cfg->ldapi_root_dn = slapi_ch_strdup("cn=Directory Manager");
+  cfg->ldapi_map_entries = LDAP_OFF;
+  cfg->ldapi_uidnumber_type = slapi_ch_strdup("uidNumber");
+  cfg->ldapi_gidnumber_type = slapi_ch_strdup("gidNumber");
+  cfg->ldapi_search_base_dn = slapi_ch_strdup("dc=example, dc=com");
+  cfg->ldapi_auto_dn_suffix = slapi_ch_strdup("cn=peercred,cn=external,cn=auth");
   cfg->threadnumber = SLAPD_DEFAULT_MAX_THREADS;
   cfg->maxthreadsperconn = SLAPD_DEFAULT_MAX_THREADS_PER_CONN;
   cfg->reservedescriptors = SLAPD_DEFAULT_RESERVE_FDS;
@@ -991,7 +1027,7 @@ config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) {
 
   if ( nPort == 0 ) {
         LDAPDebug( LDAP_DEBUG_ANY,
-                           "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 );
+                           "Information: Non-Secure Port Disabled\n", 0, 0, 0 );
   }
   
   if ( apply ) {
@@ -1141,6 +1177,163 @@ config_set_listenhost( const char *attrname, char *value, char *errorbuf, int ap
   return retVal;
 }
 
+int
+config_set_ldapi_filename( const char *attrname, char *value, char *errorbuf, int apply ) {
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_filename) );
+        slapdFrontendConfig->ldapi_filename = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+}
+
+int
+config_set_ldapi_switch( const char *attrname, char *value, char *errorbuf, int apply ) {
+	int retVal = LDAP_SUCCESS;
+	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+	retVal = config_set_onoff(attrname,
+		value,
+		&(slapdFrontendConfig->ldapi_switch),
+		errorbuf,
+		apply);
+
+	return retVal;
+}
+
+int config_set_ldapi_bind_switch( const char *attrname, char *value, char *errorbuf, int apply )
+{
+        int retVal = LDAP_SUCCESS;
+        slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+        retVal = config_set_onoff(attrname,
+                value,
+                &(slapdFrontendConfig->ldapi_bind_switch),
+                errorbuf,
+                apply);
+
+        return retVal;
+}
+
+int config_set_ldapi_root_dn( const char *attrname, char *value, char *errorbuf, int apply )
+{
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_root_dn) );
+        slapdFrontendConfig->ldapi_root_dn = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+}
+
+int config_set_ldapi_map_entries( const char *attrname, char *value, char *errorbuf, int apply )
+{
+	int retVal = LDAP_SUCCESS;
+	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+	retVal = config_set_onoff(attrname,
+		value,
+		&(slapdFrontendConfig->ldapi_map_entries),
+		errorbuf,
+		apply);
+
+	return retVal;
+} 
+
+int config_set_ldapi_uidnumber_type( const char *attrname, char *value, char *errorbuf, int apply )
+{
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_uidnumber_type) );
+        slapdFrontendConfig->ldapi_uidnumber_type = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+} 
+
+int config_set_ldapi_gidnumber_type( const char *attrname, char *value, char *errorbuf, int apply )
+{
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_gidnumber_type) );
+        slapdFrontendConfig->ldapi_gidnumber_type = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+}
+
+int config_set_ldapi_search_base_dn( const char *attrname, char *value, char *errorbuf, int apply )
+{
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_search_base_dn) );
+        slapdFrontendConfig->ldapi_search_base_dn = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+}
+
+int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *errorbuf, int apply )
+{
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+        return LDAP_OPERATIONS_ERROR;
+  }
+
+  if ( apply) {
+        CFG_LOCK_WRITE(slapdFrontendConfig);
+
+        slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_auto_dn_suffix) );
+        slapdFrontendConfig->ldapi_auto_dn_suffix = slapi_ch_strdup ( value );
+         CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
+  return retVal;
+}
+
+
 int
 config_set_securelistenhost( const char *attrname, char *value, char *errorbuf, int apply ) {
   int retVal = LDAP_SUCCESS;
@@ -3065,6 +3258,100 @@ config_get_port(){
 
 }
 
+char *
+config_get_ldapi_filename(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_filename);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+
+int config_get_ldapi_switch(){   
+  int retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); 
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapdFrontendConfig->ldapi_switch;
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+int config_get_ldapi_bind_switch(){
+  int retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapdFrontendConfig->ldapi_bind_switch;
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+char *config_get_ldapi_root_dn(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_root_dn);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+int config_get_ldapi_map_entries(){
+  int retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapdFrontendConfig->ldapi_map_entries;
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+char *config_get_ldapi_uidnumber_type(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_uidnumber_type);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+char *config_get_ldapi_gidnumber_type(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_gidnumber_type);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+char *config_get_ldapi_search_base_dn(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_search_base_dn);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+char *config_get_ldapi_auto_dn_suffix(){
+  char *retVal;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+  CFG_LOCK_READ(slapdFrontendConfig);
+  retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_auto_dn_suffix);
+  CFG_UNLOCK_READ(slapdFrontendConfig);
+
+  return retVal;
+}
+
+
 char *
 config_get_workingdir() {
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();

ldap/servers/slapd/main.c

@@ -453,6 +453,7 @@ usage( char *name, char *extraname )
 static char *extraname;
 static char *myname;
 static int n_port = 0;
+static int i_port = 0;
 static int s_port = 0;
 static char **ldif_file = NULL;
 static int ldif_files = 0;
@@ -612,6 +613,7 @@ write_start_pid_file()
 }
 #endif /* WIN32 */
 
+
 int
 main( int argc, char **argv)
 {
@@ -854,6 +856,19 @@ main( int argc, char **argv)
 			return(1);
 		}
 
+#if defined(ENABLE_LDAPI)
+		if(	config_get_ldapi_switch() &&
+			config_get_ldapi_filename() != 0)
+		{
+			i_port = ports_info.i_port = 1; /* flag ldapi as on */
+			ports_info.i_listenaddr.local.family = PR_AF_LOCAL;
+			PL_strncpyz(ports_info.i_listenaddr.local.path,
+				config_get_ldapi_filename(),
+				sizeof(ports_info.i_listenaddr.local.path));
+			unlink(ports_info.i_listenaddr.local.path);
+		}
+#endif /* ENABLE_LDAPI */
+
 		return_value = daemon_pre_setuid_init(&ports_info);
 		if (0 != return_value) {
 			LDAPDebug( LDAP_DEBUG_ANY, "Failed to init daemon\n",
@@ -1081,6 +1096,7 @@ main( int argc, char **argv)
 		normalize_oc();
 
 		if (n_port) {
+		} else if (i_port) {
 		} else if ( config_get_security()) {
 		} else {
 #ifdef _WIN32	
@@ -1105,6 +1121,10 @@ main( int argc, char **argv)
 				MessageBox(GetDesktopWindow(), szMessage,	" ", MB_ICONEXCLAMATION | MB_OK);
 			}
 #endif
+			LDAPDebug( LDAP_DEBUG_ANY,
+                                "Fatal Error---No ports specified. "
+                                "Exiting now.\n", 0, 0, 0 );
+			
 			exit(1);
 		}
 	}

ldap/servers/slapd/passwd_extop.c

@@ -592,7 +592,7 @@ parse_req_done:
 
 	 if (oldPasswd == NULL || *oldPasswd == '\0') {
      /* If user is authenticated, they already gave their password during
-        the bind operation (or used sasl or client cert auth) */
+        the bind operation (or used sasl or client cert auth or OS creds) */
         slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod);
         if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) {
             errMesg = "User must be authenticated to the directory server.\n";

ldap/servers/slapd/pblock.c

@@ -212,6 +212,8 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
                     (*(char **)value) = SLAPD_AUTH_SIMPLE;
                 } else if (strcasecmp(authtype, SLAPD_AUTH_SSL) == 0) {
                     (*(char **)value) = SLAPD_AUTH_SSL;
+                } else if (strcasecmp(authtype, SLAPD_AUTH_OS) == 0) {
+                    (*(char **)value) = SLAPD_AUTH_OS;
                 } else if (strncasecmp(authtype, SLAPD_AUTH_SASL, 
                                        strlen(SLAPD_AUTH_SASL)) == 0) {
                     (*(char **)value) = SLAPD_AUTH_SASL;
@@ -2932,7 +2934,15 @@ bind_credentials_set( Connection *conn, char *authtype, char *normdn,
 		char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
 {
 	PR_Lock( conn->c_mutex );
+	bind_credentials_set_nolock(conn, authtype, normdn,
+		extauthtype, externaldn, clientcert, bind_target_entry);
+	PR_Unlock( conn->c_mutex );
+}
 
+void
+bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
+                char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
+{
 	/* clear credentials */
 	bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,
 			( extauthtype != NULL ) /* clear external creds. if requested */ );
@@ -2968,6 +2978,4 @@ bind_credentials_set( Connection *conn, char *authtype, char *normdn,
 				reslimit_update_from_entry( conn, bind_target_entry );	
 		}
 	}
-
-	PR_Unlock( conn->c_mutex );
 }

ldap/servers/slapd/proto-slap.h

@@ -239,6 +239,15 @@ int config_set_SSL3ciphers( const char *attrname, char *value, char *errorbuf, i
 int config_set_localhost( const char *attrname, char *value, char *errorbuf, int apply );
 int config_set_listenhost( const char *attrname, char *value, char *errorbuf, int apply );
 int config_set_securelistenhost( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_filename( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_switch( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_bind_switch( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_root_dn( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_map_entries( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_uidnumber_type( const char *attrname, char *value, char *errorbuf, int apply );    
+int config_set_ldapi_gidnumber_type( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_search_base_dn( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *errorbuf, int apply );   
 int config_set_srvtab( const char *attrname, char *value, char *errorbuf, int apply );
 int config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int apply );
 int config_set_lastmod( const char *attrname, char *value, char *errorbuf, int apply );
@@ -334,6 +343,15 @@ char *config_get_SSL3ciphers();
 char *config_get_localhost();
 char *config_get_listenhost();
 char *config_get_securelistenhost();
+char *config_get_ldapi_filename();
+int config_get_ldapi_switch(); 
+int config_get_ldapi_bind_switch();
+char *config_get_ldapi_root_dn(); 
+int config_get_ldapi_map_entries(); 
+char *config_get_ldapi_uidnumber_type(); 
+char *config_get_ldapi_gidnumber_type(); 
+char *config_get_ldapi_search_base_dn(); 
+char *config_get_ldapi_auto_dn_suffix(); 
 char *config_get_srvtab();
 int config_get_sizelimit();
 char *config_get_pw_storagescheme();
@@ -738,7 +756,7 @@ int check_pw_syntax( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 	char **old_pw, Slapi_Entry *e, int mod_op );
 int check_pw_syntax_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 	char **old_pw, Slapi_Entry *e, int mod_op, Slapi_Mods *smods );
-int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req);
+int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
 int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
 void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
 void mod_allowchange_aci(char *val);
@@ -961,6 +979,9 @@ void pblock_init( Slapi_PBlock *pb );
 void pblock_init_common( Slapi_PBlock *pb, Slapi_Backend *be, Connection *conn, Operation *op );
 void pblock_done( Slapi_PBlock *pb );
 void bind_credentials_set( Connection *conn,
+                char *authtype, char *normdn,
+                char *extauthtype, char *externaldn, CERTCertificate *clientcert , Slapi_Entry * binded);
+void bind_credentials_set_nolock( Connection *conn,
 		char *authtype, char *normdn,
 		char *extauthtype, char *externaldn, CERTCertificate *clientcert , Slapi_Entry * binded);
 void bind_credentials_clear( Connection *conn, PRBool lock_conn,

ldap/servers/slapd/pw_mgmt.c

@@ -291,7 +291,7 @@ skip:
 
 /* check_account_lock is called before bind opeation; this could be a pre-op. */
 int
-check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req) {
+check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only) {
 
 	time_t		unlock_time;
 	time_t		cur_time;
@@ -312,8 +312,11 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre
 	if ( bind_target_entry == NULL ) 
 		return -1;
 
-	dn = slapi_entry_get_ndn(bind_target_entry);
-	pwpolicy = new_passwdPolicy(pb, dn);
+	if(!account_inactivation_only)
+	{
+		dn = slapi_entry_get_ndn(bind_target_entry);
+		pwpolicy = new_passwdPolicy(pb, dn);
+	}
 
 	/* kexcoff: account inactivation */
 	/* check if the entry is locked by nsAccountLock attribute - account inactivation feature */
@@ -334,11 +337,12 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre
 			if ( (bvp != NULL) && (strcasecmp(bvp->bv_val, "true") == 0) )
 			{
 				/* account inactivated */
-				if (pwresponse_req) {
+				if (!account_inactivation_only && pwresponse_req) {
 					slapi_pwpolicy_make_response_control ( pb, -1, -1,
 							LDAP_PWPOLICY_ACCTLOCKED );
 				}
-				send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+				if(!account_inactivation_only)
+					send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
 							"Account inactivated. Contact system administrator.",
 							0, NULL );
 				slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
@@ -354,7 +358,7 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre
 	/*
 	 * Check if the password policy has to be checked or not
 	 */
-	if ( pwpolicy->pw_lockout == 0 ) {
+	if ( account_inactivation_only || pwpolicy->pw_lockout == 0 ) {
 		goto notlocked;
 	}
 
@@ -412,11 +416,13 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre
 	}
 
 notlocked:
-	/* account is not locked. */ 
-	delete_passwdPolicy(&pwpolicy);
+	/* account is not locked. */
+        if(!account_inactivation_only)
+		delete_passwdPolicy(&pwpolicy);
 	return ( 0 );	
 locked:
-	delete_passwdPolicy(&pwpolicy);
+	if(!account_inactivation_only)
+		delete_passwdPolicy(&pwpolicy);
 	return (1);
 
 }

ldap/servers/slapd/saslbind.c

@@ -917,7 +917,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
             {
                 break;
             } 
-            if ( check_account_lock(pb, bind_target_entry, pwresponse_requested) == 1) {
+            if ( check_account_lock(pb, bind_target_entry, pwresponse_requested, 0) == 1) {
                 slapi_entry_free(bind_target_entry);
                 break;
             }

ldap/servers/slapd/slap.h

@@ -304,6 +304,10 @@ typedef void	(*VFP0)();
 /* the default schema sub directory of the config sub directory */
 #define SCHEMA_SUBDIR_NAME "schema"
 
+/* LDAPI default configuration */
+#define SLAPD_LDAPI_DEFAULT_FILENAME "/var/run/ldapi"
+#define SLAPD_LDAPI_DEFAULT_STATUS "off"
+
 struct subfilt {
 	char	*sf_type;
 	char	*sf_initial;
@@ -1249,6 +1253,9 @@ typedef struct conn {
     int				c_enable_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */
     int				c_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */
     int				c_sasl_ssf; /* flag to tell us the SASL SSF */
+    int                         c_unix_local; /* flag true for LDAPI */
+    uid_t                         c_local_uid;  /* uid of connecting process */
+    gid_t                         c_local_gid;  /* gid of connecting process */
 } Connection;
 #define CONN_FLAG_SSL	1	/* Is this connection an SSL connection or not ? 
 							 * Used to direct I/O code when SSL is handled differently 
@@ -1456,6 +1463,11 @@ typedef struct daemon_ports_s {
 	int		s_socket_native;
 #else
 	PRFileDesc	*n_socket;
+	/* ldapi */
+	PRNetAddr       i_listenaddr;
+	int             i_port; /* used as a flag only */
+	PRFileDesc      *i_socket;
+
 #endif
 	PRFileDesc	*s_socket;
 } daemon_ports_t;
@@ -1640,6 +1652,15 @@ typedef struct _slapdEntryPoints {
 #define CONFIG_PORT_ATTRIBUTE "nsslapd-port"
 #define CONFIG_WORKINGDIR_ATTRIBUTE "nsslapd-workingdir"
 #define CONFIG_LISTENHOST_ATTRIBUTE "nsslapd-listenhost"
+#define CONFIG_LDAPI_FILENAME_ATTRIBUTE "nsslapd-ldapifilepath"
+#define CONFIG_LDAPI_SWITCH_ATTRIBUTE "nsslapd-ldapilisten"
+#define CONFIG_LDAPI_BIND_SWITCH_ATTRIBUTE "nsslapd-ldapiautobind"
+#define CONFIG_LDAPI_ROOT_DN_ATTRIBUTE "nsslapd-ldapimaprootdn"
+#define CONFIG_LDAPI_MAP_ENTRIES_ATTRIBUTE "nsslapd-ldapimaptoentries"
+#define CONFIG_LDAPI_UIDNUMBER_TYPE_ATTRIBUTE "nsslapd-ldapiuidnumbertype"
+#define CONFIG_LDAPI_GIDNUMBER_TYPE_ATTRIBUTE "nsslapd-ldapigidnumbertype"
+#define CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE "nsslapd-ldapientrysearchbase"
+#define CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE "nsslapd-ldapiautodnsuffix"
 #define CONFIG_SECURITY_ATTRIBUTE "nsslapd-security"
 #define CONFIG_SSL3CIPHERS_ATTRIBUTE "nsslapd-SSL3ciphers"
 #define CONFIG_ACCESSLOG_ATTRIBUTE "nsslapd-accesslog"
@@ -1889,6 +1910,15 @@ typedef struct _slapdFrontendConfig {
   int attrname_exceptions;  /* if true, allow questionable attribute names */
   int rewrite_rfc1274;		/* return attrs for both v2 and v3 names */
   char *schemareplace;		/* see CONFIG_SCHEMAREPLACE_* #defines below */
+  char *ldapi_filename;		/* filename for ldapi socket */
+  int ldapi_switch;             /* switch to turn ldapi on/off */
+  int ldapi_bind_switch;        /* switch to turn ldapi auto binding on/off */
+  char *ldapi_root_dn;          /* DN to map root to over LDAPI */
+  int ldapi_map_entries;        /* turns ldapi entry bind mapping on/off */
+  char *ldapi_uidnumber_type;   /* type that contains uid number */
+  char *ldapi_gidnumber_type;   /* type that contains gid number */
+  char *ldapi_search_base_dn;   /* base dn to search for mapped entries */
+  char *ldapi_auto_dn_suffix;   /* suffix to be appended to auto gen DNs */
 } slapdFrontendConfig_t;
 
 #define SLAPD_FULL	0
@@ -1902,6 +1932,8 @@ typedef struct _slapdFrontendConfig {
  
 slapdFrontendConfig_t *getFrontendConfig();
 
+int slapd_bind_local_user(Connection *conn);
+
 /* LP: NO_TIME cannot be -1, it generates wrong GeneralizedTime
  * And causes some errors on AIX also 
  */

ldap/servers/slapd/slapi-plugin.h

@@ -1367,7 +1367,7 @@ int slapi_reslimit_get_integer_limit( Slapi_Connection *conn, int handle,
 #define SLAPD_AUTH_SIMPLE "simple"
 #define SLAPD_AUTH_SSL    "SSL"
 #define SLAPD_AUTH_SASL   "SASL " /* followed by the mechanism name */
-
+#define SLAPD_AUTH_OS     "OS"
 
 /* Command Line Arguments */
 #define SLAPI_ARGC				147

ldap/servers/slapd/start_tls_extop.c

@@ -275,7 +275,8 @@ start_tls( Slapi_PBlock *pb )
 	 * connection ready. */
 
 	secure = 1;
-	ns = configure_pr_socket( &newsocket, secure );
+	ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ );
+
 
 	/*
 	ber_sockbuf_set_option( conn->c_sb, LBER_SOCKBUF_OPT_DESC, &newsocket );
@@ -417,7 +418,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
 
 #ifndef _WIN32
 	secure = 0;
-	ns = configure_pr_socket( &(c->c_prfd), secure );
+	ns = configure_pr_socket( &(c->c_prfd), secure, 0 /*never local*/ );
 
 	ber_sockbuf_set_option( c->c_sb, LBER_SOCKBUF_OPT_DESC, &(c->c_prfd) );
 

ltmain.sh

@@ -46,16 +46,10 @@ PACKAGE=libtool
 VERSION=1.5.22
 TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
 
-# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE).
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes.
+if test -n "${ZSH_VERSION+set}" ; then
   setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
 fi
 
 # Check that we have a working $echo.
@@ -111,14 +105,12 @@ esac
 # These must not be set unconditionally because not all systems understand
 # e.g. LANG=C (notably SCO).
 # We save the old values to restore during execute mode.
-for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
-do
-  eval "if test \"\${$lt_var+set}\" = set; then
-         save_$lt_var=\$$lt_var
-         $lt_var=C
-         export $lt_var
-       fi"
-done
+if test "${LC_ALL+set}" = set; then
+  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+fi
+if test "${LANG+set}" = set; then
+  save_LANG="$LANG"; LANG=C; export LANG
+fi
 
 # Make sure IFS has a sensible default
 lt_nl='
@@ -144,8 +136,6 @@ duplicate_deps=no
 preserve_args=
 lo2o="s/\\.lo\$/.${objext}/"
 o2lo="s/\\.${objext}\$/.lo/"
-extracted_archives=
-extracted_serial=0
 
 #####################################
 # Shell function definitions:
@@ -337,17 +327,7 @@ func_extract_archives ()
 	*) my_xabs=`pwd`"/$my_xlib" ;;
       esac
       my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
-      my_xlib_u=$my_xlib
-      while :; do
-        case " $extracted_archives " in
-       *" $my_xlib_u "*)
-         extracted_serial=`expr $extracted_serial + 1`
-         my_xlib_u=lt$extracted_serial-$my_xlib ;;
-       *) break ;;
-       esac
-      done
-      extracted_archives="$extracted_archives $my_xlib_u"
-      my_xdir="$my_gentop/$my_xlib_u"
+      my_xdir="$my_gentop/$my_xlib"
 
       $show "${rm}r $my_xdir"
       $run ${rm}r "$my_xdir"
@@ -778,7 +758,6 @@ if test -z "$show_help"; then
     *.f90) xform=f90 ;;
     *.for) xform=for ;;
     *.java) xform=java ;;
-    *.obj) xform=obj ;;
     esac
 
     libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
@@ -1159,9 +1138,8 @@ EOF
     for arg
     do
       case $arg in
-      -all-static | -static | -static-libtool-libs)
-    case $arg in
-    -all-static)
+      -all-static | -static)
+	if test "X$arg" = "X-all-static"; then
 	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
 	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
 	  fi
@@ -1169,20 +1147,12 @@ EOF
 	    dlopen_self=$dlopen_self_static
 	  fi
 	  prefer_static_libs=yes
-	  ;;
-    -static)
+	else
 	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
 	    dlopen_self=$dlopen_self_static
 	  fi
 	  prefer_static_libs=built
-	  ;;
-    -static-libtool-libs)
-      if test -z "$pic_flag" && test -n "$link_static_flag"; then
-        dlopen_self=$dlopen_self_static
-      fi
-      prefer_static_libs=yes
-      ;;
-    esac
+	fi
 	build_libtool_libs=no
 	build_old_libs=yes
 	break
@@ -1742,7 +1712,7 @@ EOF
 	continue
 	;;
 
-      -static | -static-libtool-libs)
+      -static)
 	# The effects of -static are defined in a previous loop.
 	# We used to do the same as -all-static on platforms that
 	# didn't have a PIC flag, but the assumption that the effects
@@ -2520,9 +2490,7 @@ EOF
 
 	if test "$linkmode,$pass" = "prog,link"; then
 	  if test -n "$library_names" &&
-         { { test "$prefer_static_libs" = no ||
-             test "$prefer_static_libs,$installed" = "built,yes"; } ||
-           test -z "$old_library"; }; then
+	     { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
 	    # We need to hardcode the library path
 	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
 	      # Make sure the rpath contains only unique directories.
@@ -3218,7 +3186,7 @@ EOF
 	  # which has an extra 1 added just for fun
 	  #
 	  case $version_type in
-	  darwin|linux|osf|windows|none)
+	  darwin|linux|osf|windows)
 	    current=`expr $number_major + $number_minor`
 	    age="$number_minor"
 	    revision="$number_revision"
@@ -3442,11 +3410,11 @@ EOF
       fi
 
       # Eliminate all temporary directories.
-#      for path in $notinst_path; do
-#	lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
-#	deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
-#	dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
-#      done
+      for path in $notinst_path; do
+	lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
+	deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
+	dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
+      done
 
       if test -n "$xrpath"; then
 	# If the user specified any rpath flags, then add them.
@@ -3547,12 +3515,13 @@ EOF
 	  int main() { return 0; }
 EOF
 	  $rm conftest
-      if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+	  $LTCC $LTCFLAGS -o conftest conftest.c $deplibs
+	  if test "$?" -eq 0 ; then
 	    ldd_output=`ldd conftest`
 	    for i in $deplibs; do
 	      name=`expr $i : '-l\(.*\)'`
 	      # If $name is empty we are operating on a -L argument.
-              if test "$name" != "" && test "$name" != "0"; then
+              if test "$name" != "" && test "$name" -ne "0"; then
 		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
 		  case " $predeps $postdeps " in
 		  *" $i "*)
@@ -3591,7 +3560,9 @@ EOF
 	      # If $name is empty we are operating on a -L argument.
               if test "$name" != "" && test "$name" != "0"; then
 		$rm conftest
-		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+		$LTCC $LTCFLAGS -o conftest conftest.c $i
+		# Did it work?
+		if test "$?" -eq 0 ; then
 		  ldd_output=`ldd conftest`
 		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
 		    case " $predeps $postdeps " in
@@ -3623,7 +3594,7 @@ EOF
 		  droppeddeps=yes
 		  $echo
 		  $echo "*** Warning!  Library $i is needed by this library but I was not able to"
-		  $echo "*** make it link in!  You will probably need to install it or some"
+		  $echo "***  make it link in!  You will probably need to install it or some"
 		  $echo "*** library that it depends on before this library will be fully"
 		  $echo "*** functional.  Installing it before continuing would be even better."
 		fi
@@ -4268,14 +4239,12 @@ EOF
       reload_conv_objs=
       gentop=
       # reload_cmds runs $LD directly, so let us get rid of
-      # -Wl from whole_archive_flag_spec and hope we can get by with
-      # turning comma into space..
+      # -Wl from whole_archive_flag_spec
       wl=
 
       if test -n "$convenience"; then
 	if test -n "$whole_archive_flag_spec"; then
-	  eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
-      reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
 	else
 	  gentop="$output_objdir/${obj}x"
 	  generated="$generated $gentop"
@@ -4723,16 +4692,16 @@ static const void *lt_preloaded_setup() {
           case $host in
           *cygwin* | *mingw* )
             if test -f "$output_objdir/${outputname}.def" ; then
-              compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP`
-              finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP`
+              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
             else
-              compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
-              finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
              fi
             ;;
           * )
-            compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
-            finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+            compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+            finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
             ;;
           esac
 	  ;;
@@ -4747,13 +4716,13 @@ static const void *lt_preloaded_setup() {
 	# really was required.
 
 	# Nullify the symbol file.
-	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP`
-	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP`
+	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
       fi
 
       if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
 	# Replace the output file specification.
-	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP`
+	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
 	link_command="$compile_command$compile_rpath"
 
 	# We have no uninstalled library dependencies, so finalize right now.
@@ -4840,7 +4809,7 @@ static const void *lt_preloaded_setup() {
 	if test "$fast_install" != no; then
 	  link_command="$finalize_var$compile_command$finalize_rpath"
 	  if test "$fast_install" = yes; then
-	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP`
+	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
 	  else
 	    # fast_install is set to needless
 	    relink_command=
@@ -4877,7 +4846,7 @@ static const void *lt_preloaded_setup() {
 	  fi
 	done
 	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP`
+	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
       fi
 
       # Quote $echo for shipping.
@@ -5284,18 +5253,6 @@ EOF
 Xsed='${SED} -e 1s/^X//'
 sed_quote_subst='$sed_quote_subst'
 
-# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE).
-if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '\${1+\"\$@\"}'='\"\$@\"'
-  setopt NO_GLOB_SUBST
-else
-  case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
-fi
-
 # The HP-UX ksh and POSIX shell print the target directory to stdout
 # if CDPATH is set.
 (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
@@ -5438,7 +5395,7 @@ else
 	  ;;
 	esac
 	$echo >> $output "\
-      \$echo \"\$0: cannot exec \$program \$*\"
+      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
       exit $EXIT_FAILURE
     fi
   else
@@ -5624,7 +5581,7 @@ fi\
       done
       # Quote the link command for shipping.
       relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP`
+      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
       if test "$hardcode_automatic" = yes ; then
 	relink_command=
       fi
@@ -5969,9 +5926,9 @@ relink_command=\"$relink_command\""
 
 	  if test -n "$inst_prefix_dir"; then
 	    # Stick the inst_prefix_dir data into the link command.
-	    relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP`
+	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
 	  else
-	    relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP`
+	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
 	  fi
 
 	  $echo "$modename: warning: relinking \`$file'" 1>&2
@@ -6180,7 +6137,7 @@ relink_command=\"$relink_command\""
 	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
 	      outputname="$tmpdir/$file"
 	      # Replace the output file specification.
-	      relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP`
+	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
 
 	      $show "$relink_command"
 	      if $run eval "$relink_command"; then :
@@ -6456,15 +6413,12 @@ relink_command=\"$relink_command\""
       fi
 
       # Restore saved environment variables
-      for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
-      do
-       eval "if test \"\${save_$lt_var+set}\" = set; then
-               $lt_var=\$save_$lt_var; export $lt_var
-             else
-               $lt_unset $lt_var
-             fi"
-      done
-
+      if test "${save_LC_ALL+set}" = set; then
+	LC_ALL="$save_LC_ALL"; export LC_ALL
+      fi
+      if test "${save_LANG+set}" = set; then
+	LANG="$save_LANG"; export LANG
+      fi
 
       # Now prepare to actually exec the command.
       exec_cmd="\$cmd$args"
@@ -6821,9 +6775,9 @@ The following components of LINK-COMMAND are treated specially:
   -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
   -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
   -export-symbols SYMFILE
-                    try to export only the symbols listed in SYMFILE
+		    try to export only the symbols listed in SYMFILE
   -export-symbols-regex REGEX
-                    try to export only the symbols matching REGEX
+		    try to export only the symbols matching REGEX
   -LLIBDIR          search LIBDIR for required installed libraries
   -lNAME            OUTPUT-FILE requires the installed library libNAME
   -module           build a library that can dlopened
@@ -6837,11 +6791,9 @@ The following components of LINK-COMMAND are treated specially:
   -release RELEASE  specify package release information
   -rpath LIBDIR     the created library will eventually be installed in LIBDIR
   -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
-  -static           do not do any dynamic linking of uninstalled libtool libraries
-  -static-libtool-libs
-                    do not do any dynamic linking of libtool libraries
+  -static           do not do any dynamic linking of libtool libraries
   -version-info CURRENT[:REVISION[:AGE]]
-                    specify library version info [each variable defaults to 0]
+		    specify library version info [each variable defaults to 0]
 
 All other options (arguments beginning with \`-') are ignored.