Ticket 528 - RFE - get rid of instance specific scripts

RFE Description:  Remove instance specific scripts, and create "global" scripts
                  for /usr/sbin/

Fix Description:  Created the "global" scripts for /usr/sbin, and changed the
                  instance specific scripts(/usr/lib64/dirsrv/slapd-INSTANCE/*)
                  to be wrapper scripts.  The new "global" scripts also have a new
                  option (-Z) to specify the server instance.  The scripts use the
                  server id to grab host/port/rootdn information.  If the -Z is
                  omitted, and there is only one instance installed, then the scripts
                  automatically grab the server identifer.  If there is more than
                  one instance installed, or none, then report an error and list
                  all the available instances.

                  Also revised all the scripts to have a help/usage option.

https://fedorahosted.org/389/ticket/528

Reviewed by: nhosoi & richm(Thanks!)

Makefile.am

@@ -118,6 +118,23 @@ CLEANFILES =  dberrstrs.h ns-slapd.properties \
 	ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \
 	ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \
 	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \
+	ldap/admin/src/scripts/bak2db ldap/admin/src/scripts/db2bak ldap/admin/src/scripts/upgradedb \
+	ldap/admin/src/scripts/db2index ldap/admin/src/scripts/db2ldif \
+	ldap/admin/src/scripts/dn2rdn ldap/admin/src/scripts/ldif2db \
+	ldap/admin/src/scripts/ldif2ldap ldap/admin/src/scripts/monitor \
+	ldap/admin/src/scripts/restart-slapd ldap/admin/src/scripts/restoreconfig \
+	ldap/admin/src/scripts/saveconfig ldap/admin/src/scripts/start-slapd \
+	ldap/admin/src/scripts/stop-slapd ldap/admin/src/scripts/suffix2instance \
+	ldap/admin/src/scripts/upgradednformat ldap/admin/src/scripts/vlvindex \
+	ldap/admin/src/scripts/bak2db.pl ldap/admin/src/scripts/db2bak.pl \
+	ldap/admin/src/scripts/db2index.pl ldap/admin/src/scripts/db2ldif.pl \
+	ldap/admin/src/scripts/fixup-linkedattrs.pl ldap/admin/src/scripts/fixup-memberof.pl \
+	ldap/admin/src/scripts/cleanallruv.pl ldap/admin/src/scripts/ldif2db.pl \
+	ldap/admin/src/scripts/ns-accountstatus.pl ldap/admin/src/scripts/ns-activate.pl \
+	ldap/admin/src/scripts/ns-inactivate.pl ldap/admin/src/scripts/ns-newpwpolicy.pl \
+	ldap/admin/src/scripts/schema-reload.pl ldap/admin/src/scripts/syntax-validate.pl \
+	ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
+	ldap/admin/src/scripts/dbverify \
 	$(POSIX_WINSYNC_PLUGIN_LDIF)
 
 clean-local:
@@ -319,7 +336,41 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
 	ldap/admin/src/scripts/start-dirsrv \
 	ldap/admin/src/scripts/stop-dirsrv \
 	ldap/admin/src/scripts/restart-dirsrv \
-        wrappers/ldap-agent
+	ldap/admin/src/scripts/bak2db \
+	ldap/admin/src/scripts/db2bak \
+	ldap/admin/src/scripts/db2index \
+	ldap/admin/src/scripts/db2ldif \
+	ldap/admin/src/scripts/dn2rdn \
+	ldap/admin/src/scripts/ldif2db \
+	ldap/admin/src/scripts/ldif2ldap \
+	ldap/admin/src/scripts/monitor \
+	ldap/admin/src/scripts/restart-slapd \
+	ldap/admin/src/scripts/restoreconfig \
+	ldap/admin/src/scripts/saveconfig \
+	ldap/admin/src/scripts/start-slapd \
+	ldap/admin/src/scripts/stop-slapd \
+	ldap/admin/src/scripts/suffix2instance \
+	ldap/admin/src/scripts/upgradednformat \
+	ldap/admin/src/scripts/vlvindex \
+	ldap/admin/src/scripts/bak2db.pl \
+	ldap/admin/src/scripts/db2bak.pl \
+	ldap/admin/src/scripts/db2index.pl \
+	ldap/admin/src/scripts/db2ldif.pl \
+	ldap/admin/src/scripts/fixup-linkedattrs.pl \
+	ldap/admin/src/scripts/fixup-memberof.pl \
+	ldap/admin/src/scripts/cleanallruv.pl \
+	ldap/admin/src/scripts/ldif2db.pl \
+	ldap/admin/src/scripts/ns-accountstatus.pl \
+	ldap/admin/src/scripts/ns-activate.pl \
+	ldap/admin/src/scripts/ns-inactivate.pl \
+	ldap/admin/src/scripts/ns-newpwpolicy.pl \
+	ldap/admin/src/scripts/schema-reload.pl \
+	ldap/admin/src/scripts/syntax-validate.pl \
+	ldap/admin/src/scripts/usn-tombstone-cleanup.pl \
+	ldap/admin/src/scripts/verify-db.pl \
+	ldap/admin/src/scripts/dbverify \
+	ldap/admin/src/scripts/upgradedb \
+    wrappers/ldap-agent
 
 bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
 	wrappers/dbscan \

Makefile.in

@@ -1408,6 +1408,23 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
 	ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \
 	ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \
 	ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \
+	ldap/admin/src/scripts/bak2db ldap/admin/src/scripts/db2bak ldap/admin/src/scripts/upgradedb \
+	ldap/admin/src/scripts/db2index ldap/admin/src/scripts/db2ldif \
+	ldap/admin/src/scripts/dn2rdn ldap/admin/src/scripts/ldif2db \
+	ldap/admin/src/scripts/ldif2ldap ldap/admin/src/scripts/monitor \
+	ldap/admin/src/scripts/restart-slapd ldap/admin/src/scripts/restoreconfig \
+	ldap/admin/src/scripts/saveconfig ldap/admin/src/scripts/start-slapd \
+	ldap/admin/src/scripts/stop-slapd ldap/admin/src/scripts/suffix2instance \
+	ldap/admin/src/scripts/upgradednformat ldap/admin/src/scripts/vlvindex \
+	ldap/admin/src/scripts/bak2db.pl ldap/admin/src/scripts/db2bak.pl \
+	ldap/admin/src/scripts/db2index.pl ldap/admin/src/scripts/db2ldif.pl \
+	ldap/admin/src/scripts/fixup-linkedattrs.pl ldap/admin/src/scripts/fixup-memberof.pl \
+	ldap/admin/src/scripts/cleanallruv.pl ldap/admin/src/scripts/ldif2db.pl \
+	ldap/admin/src/scripts/ns-accountstatus.pl ldap/admin/src/scripts/ns-activate.pl \
+	ldap/admin/src/scripts/ns-inactivate.pl ldap/admin/src/scripts/ns-newpwpolicy.pl \
+	ldap/admin/src/scripts/schema-reload.pl ldap/admin/src/scripts/syntax-validate.pl \
+	ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
+	ldap/admin/src/scripts/dbverify \
 	$(POSIX_WINSYNC_PLUGIN_LDIF)
 
 taskdir = $(datadir)@scripttemplatedir@
@@ -1547,7 +1564,41 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
 	ldap/admin/src/scripts/start-dirsrv \
 	ldap/admin/src/scripts/stop-dirsrv \
 	ldap/admin/src/scripts/restart-dirsrv \
-        wrappers/ldap-agent
+	ldap/admin/src/scripts/bak2db \
+	ldap/admin/src/scripts/db2bak \
+	ldap/admin/src/scripts/db2index \
+	ldap/admin/src/scripts/db2ldif \
+	ldap/admin/src/scripts/dn2rdn \
+	ldap/admin/src/scripts/ldif2db \
+	ldap/admin/src/scripts/ldif2ldap \
+	ldap/admin/src/scripts/monitor \
+	ldap/admin/src/scripts/restart-slapd \
+	ldap/admin/src/scripts/restoreconfig \
+	ldap/admin/src/scripts/saveconfig \
+	ldap/admin/src/scripts/start-slapd \
+	ldap/admin/src/scripts/stop-slapd \
+	ldap/admin/src/scripts/suffix2instance \
+	ldap/admin/src/scripts/upgradednformat \
+	ldap/admin/src/scripts/vlvindex \
+	ldap/admin/src/scripts/bak2db.pl \
+	ldap/admin/src/scripts/db2bak.pl \
+	ldap/admin/src/scripts/db2index.pl \
+	ldap/admin/src/scripts/db2ldif.pl \
+	ldap/admin/src/scripts/fixup-linkedattrs.pl \
+	ldap/admin/src/scripts/fixup-memberof.pl \
+	ldap/admin/src/scripts/cleanallruv.pl \
+	ldap/admin/src/scripts/ldif2db.pl \
+	ldap/admin/src/scripts/ns-accountstatus.pl \
+	ldap/admin/src/scripts/ns-activate.pl \
+	ldap/admin/src/scripts/ns-inactivate.pl \
+	ldap/admin/src/scripts/ns-newpwpolicy.pl \
+	ldap/admin/src/scripts/schema-reload.pl \
+	ldap/admin/src/scripts/syntax-validate.pl \
+	ldap/admin/src/scripts/usn-tombstone-cleanup.pl \
+	ldap/admin/src/scripts/verify-db.pl \
+	ldap/admin/src/scripts/dbverify \
+	ldap/admin/src/scripts/upgradedb \
+    wrappers/ldap-agent
 
 bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
 	wrappers/dbscan \

ldap/admin/src/scripts/DSCreate.pm.in

@@ -31,7 +31,7 @@
 # exception. 
 # 
 # 
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
@@ -76,9 +76,11 @@ use strict;
 use SetupLog;
 
 sub get_initconfigdir {
+    my $prefix = shift;
+    
     # determine initconfig_dir
     if (getLogin eq 'root') {
-        return "@initconfigdir@";
+        return "$prefix@initconfigdir@";
     } else {
         return "$ENV{HOME}/.@package_name@";
     }
@@ -290,7 +292,7 @@ sub createInstanceScripts {
     my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL ");
 
     # determine initconfig_dir
-    my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir();
+    my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix});
 
     my %maptable = (
         "DS-ROOT" => $inf->{General}->{prefix},
@@ -513,7 +515,7 @@ sub makeOtherConfigFiles {
     }
 
     # determine initconfig_dir
-    my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir();
+    my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix});
 
     # install instance specific initconfig script
     $src = "$inf->{General}->{prefix}@configdir@/template-initconfig";
@@ -1099,7 +1101,7 @@ sub updateSystemD {
     }
 
     my @errs = ();
-    my $initconfigdir = $inf->{slapd}->{initconfigdir} || get_initconfigdir();
+    my $initconfigdir = $inf->{slapd}->{initconfigdir} || get_initconfigdir($inf->{General}->{prefix});
     debug(1, "updating systemd files in $unitdir and $confdir for all directory server instances in $initconfigdir\n");
     my $pkgname = "@package_name@";
     my $changes = 0;

ldap/admin/src/scripts/DSMigration.pm.in

@@ -31,7 +31,7 @@
 # exception. 
 # 
 # 
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
@@ -1180,7 +1180,7 @@ sub migrateDS {
 
 cleanup:
         if (-d "$mig->{configdir}/$inst") {
-            @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1);
+            @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1, "" ,"", $mig->{inf}->{General}->{prefix} );
             if (@errs) {
                 $mig->msg(@errs);
             }

ldap/admin/src/scripts/DSUtil.pm.in

@@ -42,6 +42,8 @@ use Mozilla::LDAP::Conn;
 use Mozilla::LDAP::Utils qw(normalizeDN);
 use Mozilla::LDAP::API qw(:constant ldap_explode_dn ldap_err2string) ; # Direct access to C API
 use Mozilla::LDAP::LDIF;
+use File::Spec::Functions qw(rel2abs);
+use File::Basename;
 
 require Exporter;
 @ISA       = qw(Exporter);
@@ -1182,6 +1184,63 @@ sub serverIsRunning
     return 0; # no pid file - assume not running
 }
 
+sub libpath_add {
+    my $libpath = shift;
+
+    if ($libpath) {
+        if ($ENV{'LD_LIBRARY_PATH'}) {
+            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        } else {
+            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+        }
+    }
+}
+
+# Get the installation prefix
+sub get_prefix {
+    my $prefix = dirname(rel2abs($0));
+    
+    if ($prefix eq "/usr/sbin"){
+        $prefix = "";
+    } else {
+        $prefix =~ s/\/sbin//;
+    }
+    
+    return $prefix;
+}
+
+# Grab the host, port, and rootDN from the config file of the server instance
+# if the values are missing
+sub get_missing_info {
+    my $prefix = shift;
+    my $servID = shift;
+    my $instances = shift;
+    my $host = shift;
+    my $port = shift; 
+    my $rootdn = shift;
+    
+    unless ( -e "$prefix/etc/dirsrv/slapd-$servID/dse.ldif" ){
+        print (STDERR "Invalid server identifer: $servID\n");
+        print (STDERR "Available instances: $instances\n");
+        exit (1);
+    }
+    
+    open (DSE, "<$prefix/etc/dirsrv/slapd-$servID/dse.ldif") || die "Failed to open config file $prefix/etc/dirsrv/slapd-$servID/dse.ldif $!\n";
+        while(<DSE>){
+        if ($host eq "" && $_ =~ /^nsslapd-localhost: (.*)/){
+                $host = $1;
+        }
+        if ($port eq "" && $_ =~ /^nsslapd-port: (.*)/){
+                $port = $1;
+        }
+        if ($rootdn eq "" && $_ =~ /^nsslapd-rootdn: (.*)/){
+                $rootdn = $1;
+        }
+    }
+    close (DSE);
+    return $host, $port, $rootdn;
+}
+
 1;
 
 # emacs settings

ldap/admin/src/scripts/bak2db.in

@@ -0,0 +1,118 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "@nss_libdir@"
+libpath_add "@libdir@"
+libpath_add "@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+if [ $# -lt 1 ] || [ $# -gt 7 ]
+then
+    echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+    exit 1
+elif [ "$1" == "-*" ]
+then
+    echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+    exit 1
+else
+    archivedir=$1
+    shift
+fi
+
+first="yes"
+args=""      
+while getopts "hn:Z:qd:vi:a:SD:" flag
+do
+    case $flag in
+        h) echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+           exit 0;;
+        Z) servid=$OPTARG;; 
+        n) args=$args" -n $OPTARG";;
+        q) args=$args" -q";;
+        d) args=$args" -d $OPTARG";;
+        v) args=$args" -v";;
+        D) args=$args" -D $OPTARG";;
+        i) args=$args" -i $OPTARG";;
+        a) archivedir=$OPTARG;;
+        S) args=$args" -S";;
+        ?) echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+           exit 1;;
+    esac
+done
+
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done
+
+if [ -z $servid ]
+then
+    # server id not provided, check if there is only one instance
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+if [ 1 = `expr $archivedir : "\/"` ]
+then
+    archivedir=$archivedir
+else
+    # relative
+    archivedir=`pwd`/$archivedir
+fi
+
+cd $server_sbin
+./ns-slapd archive2db -D $configdir -a $archivedir $args

ldap/admin/src/scripts/bak2db.pl.in

@@ -0,0 +1,191 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use File::Spec;
+use DSUtil;
+
+sub usage {
+	print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } -a dirname [-t dbtype]\n");   
+	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
+	print(STDERR "     : -w password - Directory Manager's password\n");
+	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
+	print(STDERR "     : -Z serverID - name of the server instance\n");
+	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
+	print(STDERR "     : -a dirname  - backup directory\n");
+	print(STDERR "     : -t dbtype   - database type (default: ldbm database)\n");
+	print(STDERR "     : -n backend  - name of backend instance to restore\n");
+	print(STDERR "     : -v          - verbose\n");
+}
+
+$taskname = "";
+$archivedir = "";
+$dbtype = "ldbm database";
+$instance = "";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$host = "";
+$port = "";
+$i = 0;
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+	if ("$ARGV[$i]" eq "-a") {	# backup directory
+		$i++; $archivedir = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
+		$i++; $rootdn = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
+		$i++; $passwd = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+		$i++; $passwdfile = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-t") {	# database type
+		$i++; $dbtype = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-n") {	# backend instance name
+		$i++; $instance = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-Z") { # server instance name
+	    $i++; $servid = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-h") { # help
+        &usage; exit(0);
+	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
+		$verbose = 1;
+	} else {
+		&usage; exit(1);
+	}
+	$i++;
+}
+
+if ($archivedir eq ""){
+    &usage;
+    exit(1);
+}
+
+$first = "yes";
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $passwdfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$passwd = <RPASS>;
+	chomp($passwd);
+	close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "restore_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+if ($archivedir eq "") {
+	&usage; exit(1);
+}
+
+$isabs = File::Spec->file_name_is_absolute( $archivedir );
+if (!$isabs) {
+    $archivedir = File::Spec->rel2abs( $archivedir );
+}
+$dn = "dn: cn=$taskname, cn=restore, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+if ($instance ne "") {
+	$nsinstance = "nsInstance: ${instance}\n";
+}
+$nsarchivedir = "nsArchiveDir: $archivedir\n";
+$nsdbtype = "nsDatabaseType: $dbtype\n";
+$entry = "${dn}${misc}${cn}${nsinstance}${nsarchivedir}${nsdbtype}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D $info[2] -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/cleanallruv.pl.in

@@ -0,0 +1,222 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-b basedn | -r rid | -A]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STDERR "     : -Z serverID         - Server instance identifier\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -b basedn           - DN of the replica root you want to clean\n");
+    print(STDERR "     : -r rid              - The replica id that you want to clean\n");
+    print(STDERR "     : -A                  - Abort an existing cleanallruv task(must use with -b and -r args\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn = "";
+$rid = "";
+$abort = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-b")
+    {
+        # Base DN
+        $i++; $basedn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-r")
+    {
+        # rid
+        $i++; $rid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-A")
+    {
+        # abort
+        $abort = "yes";
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # server instance identifer
+        $i++; $servid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    elsif ("$ARGV[$i]" eq "-h") 
+    {    
+        # help
+        &usage; exit(0);
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+    print "Bind Password: ";
+    # Disable console echo
+    system("@sttyexec@ -echo") if -t STDIN;
+    # read the answer
+    $passwd = <STDIN>;
+    # Enable console echo
+    system("@sttyexec@ echo") if -t STDIN;
+    print "\n";
+    chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn eq "" || $rid eq "") 
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+
+if($abort eq ""){
+    # Build the task entry to add
+    $taskname = "cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+    $dn = "dn: cn=$taskname, cn=cleanallruv, cn=tasks, cn=config\n";
+} else {
+    $taskname = "abort_cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+    $dn = "dn: cn=$taskname, cn=abort cleanallruv, cn=tasks, cn=config\n";
+}    
+$misc =   "objectclass: top\nobjectclass: extensibleObject\n";
+$cn =     "cn: $taskname\n";
+$basedn = "replica-base-dn: $basedn\n";
+$rid =    "replica-id: $rid\n";
+
+$entry = "${dn}${misc}${cn}${basedn}${rid}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/db2bak.in

@@ -0,0 +1,118 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+if [ $# -gt 4 ]
+then
+    echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+    exit 1
+fi
+
+first="yes"
+bak_dir=""
+args=""
+cd $server_sbin
+if [ "$#" -gt 0 ]
+then
+  if ["$1" != "-*" ] 
+  then
+    bak_dir=$1
+    shift
+  fi
+
+  while getopts "hqd:Z:vi:a:SD" flag
+  do
+    case $flag in
+        h) echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+           exit 0;;
+        q) args=$args" -g";;
+        v) args=$args" -v";;
+        S) args=$args" -S";;
+        D) args=$args" -D $OPTARG";;
+        i) args=$args" -i $OPTARG";;
+        a) $bakdir=$OPTARG;;
+        d) args=$args" -d $OPTARG";;
+        Z) servid=$OPTARG;;
+        ?) echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+           exit 1;;
+    esac
+  done
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+if [ -z $bak_dir ]
+then
+    bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H_%M_%S`
+fi
+
+echo "Back up directory: $bak_dir"
+./ns-slapd db2archive -D $configdir -a $bak_dir $args

ldap/admin/src/scripts/db2bak.pl.in

@@ -0,0 +1,176 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+	print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-a dirname] [-t dbtype]\n");
+	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
+	print(STDERR "     : -w password - Directory Manager's password\n");
+	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
+	print(STDERR "     : -Z serverID - Server instance identifier\n");
+	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
+	print(STDERR "     : -a dirname  - backup directory\n");
+	print(STDERR "     : -t dbtype   - database type (default: ldbm database)\n");
+	print(STDERR "     : -v          - verbose\n");
+}
+
+$taskname = "";
+$archivedir = "";
+$dbtype = "ldbm database";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+	if ("$ARGV[$i]" eq "-a") {	# backup directory
+		$i++; $archivedir = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
+		$i++; $rootdn = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
+		$i++; $passwd = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+		$i++; $passwdfile = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-t") {	# database type
+		$i++; $dbtype = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-Z") { # Server identifier
+		$i++; $servid = $ARGV[$i];	
+	} elsif ("$ARGV[$i]" eq "-h") { # help
+		&usage; exit(0);
+	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
+		$verbose = 1;
+	} else {
+		&usage; exit(1);
+	}
+	$i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+$mybakdir = "$prefix/var/lib/dirsrv/slapd-$servid/bak";
+
+if ($passwdfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $passwdfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$passwd = <RPASS>;
+	chomp($passwd);
+	close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+if ( $info[2] eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+if ($archivedir eq "") {
+	$archivedir = "${mybakdir}/$servid-${yr}_${mn}_${dy}_${h}_${m}_${s}";
+}
+$dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$nsarchivedir = "nsArchiveDir: $archivedir\n";
+$nsdbtype = "nsDatabaseType: $dbtype\n";
+$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+print("Back up directory: $archivedir host: $info[0] port: $info[1] binddn: $info[2]\n");
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/db2index.in

@@ -0,0 +1,117 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "hZ:n:s:t:T:vd:a:SD:x:" flag
+do
+    case $flag in
+        h) echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
+           exit 0;;
+        Z) servid=$OPTARG;; 
+        n) args=$args" -n $OPTARG"
+           benameopt="set";;
+        s) args=$args" -s $OPTARG"
+           includeSuffix="set";;
+        t) args=$args" -t $OPTARG";;
+        T) args=$args=" -T $OPTARG";;
+        d) args=$args=" -d $OPTARG";;
+        a) args=$args=" -a $OPTARG";;
+        x) args=$args=" -x $OPTARG";;
+        v) args=$args=" -v";;
+        S) args=$args=" -S";;
+        D) args=$args" -D $OPTARG";;
+        ?) echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
+           exit 1;;
+    esac
+done
+
+if [ -z $benameopt ] && [ -z $includeSuffix ]
+then
+    echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
+    exit 1;
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+if [ $# -eq 0 ]
+then
+	bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/reindex_`date +%Y_%m_%d_%H_%M_%S`
+	./ns-slapd upgradedb -D $configdir -a "$bak_dir"
+elif [ $# -lt 2 ]
+then
+	echo "Usage: db2index [-Z instance-name] [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
+	exit 1
+else
+	./ns-slapd db2index -D $configdir $args
+fi

ldap/admin/src/scripts/db2index.pl.in

@@ -0,0 +1,252 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+use Getopt::Std;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+    print(STDERR "        -n instance [-t attributeName[:indextypes[:matchingrules]]]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -Z serverID         - Name of the server instance\n");
+    print(STDERR "     : -n backend name     - instance to be indexed\n");
+    print(STDERR "     : -t attributeName[:indextypes[:matchingrules]]\n");
+    print(STDERR "                           - attributeName: name of the attribute to be indexed\n");
+    print(STDERR "                             If omitted, all the indexes defined \n");
+    print(STDERR "                             for that instance are generated.\n");
+    print(STDERR "                           - indextypes: comma separated index types\n");
+    print(STDERR "                           - matchingrules: comma separated matrules\n");
+    print(STDERR "                           Example: -t foo:eq,pres\n");
+    print(STDERR "     : -T vlvAttributeName - vlvAttributeName: name of the vlv attribute to be indexed\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$opt_v = 0;
+$instance = "";
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$attribute_arg = "";
+$vlvattribute_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+usage() if (!getopts('n:D:w:T:t:j:Z:vh'));
+
+if ($opt_j ne ""){
+    die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
+    $opt_w = <RPASS>;
+    chomp($opt_w);
+    close(RPASS);
+}
+
+if( $opt_w eq "" || $#ARGV ge 0){
+    usage();
+    exit (1);
+}
+if( $opt_h ){
+    usage();
+    exit (0);
+}
+
+$instance = $opt_n;
+$rootdn = $opt_D;
+$passwd = $opt_w;
+$attribute_arg = $opt_t;
+$vlvattribute_arg = $opt_T;
+$verbose = $opt_v;
+$servid = $opt_Z;
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+    print "Bind Password: ";
+    # Disable console echo
+    system("@sttyexec@ -echo") if -t STDIN;
+    # read the answer
+    $passwd = <STDIN>;
+    # Enable console echo
+    system("@sttyexec@ echo") if -t STDIN;
+    print "\n";
+    chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" ) 
+{ 
+    &usage; 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+if ( $instance eq "" )
+{
+    &usage;
+}
+
+# No attribute name has been specified: let's get them from the configuration
+$attribute="";
+$indexes_list="";
+$vlvattribute="";
+$vlvindexes_list="";
+chdir("/usr/bin");
+if ( $attribute_arg eq "" && $vlvattribute_arg eq "" )
+{
+    # Get the list of indexes from the entry
+    $indexes_list="ldapsearch @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -s one " .
+    "-b \"cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"(&(objectclass=*)(nsSystemIndex=false))\" cn";
+    # build the values of the attribute nsIndexAttribute
+    open(LDAP1, "$indexes_list |");
+    while (<LDAP1>) {
+        s/\n //g;
+        if (/^cn: (.*)\n/) {
+            $IndexAttribute="nsIndexAttribute";
+            $attribute="$attribute$IndexAttribute: $1\n";
+        }
+    }
+    close(LDAP1);
+    if ( $attribute eq "" )
+    {
+        # No attribute to index, just exit
+        exit(0);
+    }
+
+    # Get the list of indexes from the entry
+    $vlvindexes_list="ldapsearch @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn";
+
+    # build the values of the attribute nsIndexVlvAttribute
+    open(LDAP1, "$vlvindexes_list |");
+    while (<LDAP1>) {
+        s/\n //g;
+        if (/^cn: (.*)\n/) {
+            $vlvIndexAttribute="nsIndexVlvAttribute";
+            $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n";
+        }
+    }
+    close(LDAP1);
+}
+else
+{
+    if ( $attribute_arg ne "" )
+    {
+        $attribute="nsIndexAttribute: $attribute_arg\n";
+    }
+    if ( $vlvattribute_arg ne "" )
+    {
+        $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n";
+    }
+}
+
+# Build the task entry to add
+
+$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+$nsinstance = "nsInstance: ${instance}\n";
+
+$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/db2ldif.in

@@ -0,0 +1,190 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+make_ldiffile()
+{
+    be=""
+    while [ "$1" != "" ]
+    do
+        if [ "$1" = "-a" ]; then
+            shift
+            echo $1
+            return 1
+        elif [ "$1" = "-n" ]; then
+            shift
+            if [ "$be" = "" ]; then
+                be="$1"
+            else
+                tmpbe="$be"
+                be="${tmpbe}-$1"
+            fi
+        elif [ "$1" = "-s" ]; then
+            shift
+            if [ "$1" != "" ]; then
+                rdn=`echo $1 | awk -F, '{print $1}'`
+                rdnval=`echo $rdn | awk -F= '{print $2}'`
+                if [ "$be" = "" ]; then
+                    be="$rdnval"
+                else
+                    tmpbe="$be"
+                    be="${tmpbe}-$rdnval"
+                fi
+            fi
+        elif [ "$1" = "-M" ]; then
+            be=""
+        fi
+        if [ "$1" != "" ]; then
+            shift
+        fi
+    done
+
+    if [ "$be" = "" ]; then
+        echo $prefix/var/lib/dirsrv/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
+    else
+        echo $prefix/var/lib/dirsrv/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
+    fi
+    return 0
+}
+
+cd $server_sbin
+if [ "$#" -lt 2 ];
+then
+    echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+    echo "               [{-x excludesuffix}*] [-a outputfile]"
+    echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+    echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+    exit 1
+fi
+         
+first="yes"
+args=""      
+while getopts "hZ:n:s:x:a:NrCuUmM1qvd:D:ESt:o" flag
+do
+    case $flag in
+        h) echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+            echo "               [{-x excludesuffix}*] [-a outputfile]"
+            echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+            echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+            exit 0;;
+        Z) servid=$OPTARG;; 
+        n) benameopt="-n $OPTARG"
+           required_param="yes";;
+        s) includeSuffix="-s $OPTARG"
+           required_param="yes";;
+        x) excludeSuffix="-x $OPTARG";;
+        a) outputFile="-a $OPTARG";;
+        d) outputFile="-d $OPTARG";;
+        t) outputFile="-t $OPTARG";;
+        D) args=$args" -D $OPTARG";;
+        N) args=$args" -N";;
+        E) args=$args" -E";;
+        S) args=$args" -S";;
+        v) args=$args" -v";;
+        r) args=$args" -r";;
+        C) args=$args" -C";;
+        u) args=$args" -u";;
+        U) args=$args" -U";;
+        m) args=$args" -m";;
+        M) args=$args" -M";;
+        1) args=$args" -1";;
+        q) args=$args" -q";;        
+        ?) echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+            echo "               [{-x excludesuffix}*] [-a outputfile]"
+            echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+            echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+            exit 1;;
+    esac
+done
+
+if [ "$required_param" != "yes" ]
+then
+    echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+    echo "               [{-x excludesuffix}*] [-a outputfile]"
+    echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+    echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+    exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+        echo "               [{-x excludesuffix}*] [-a outputfile]"
+        echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+ldif_file=`make_ldiffile $@`
+rn=$?
+
+echo "Exported ldif file: $ldif_file"
+if [ $rn -eq 1 ]
+then
+./ns-slapd db2ldif -D $configdir $benameopt $includeSuffix $excludeSuffix $outputFile $args
+else
+./ns-slapd db2ldif -D $configdir $benameopt $includeSuffix $excludeSuffix -a $ldif_file $args
+fi

ldap/admin/src/scripts/db2ldif.pl.in

@@ -0,0 +1,319 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+	print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+	print(STDERR "        {-n instance}* | {-s include}* [{-x exclude}*] \n");
+	print(STDERR "        [-m] [-M] [-u] [-C] [-N] [-U] [-a filename]\n");
+	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
+	print(STDERR "     : -w password - Directory Manager's password\n");
+	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
+	print(STDERR "     : -Z serverID - Server instance identifier\n");
+	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
+	print(STDERR "     : -n instance - instance to be exported\n");
+	print(STDERR "     : -a filename - output ldif file\n");
+	print(STDERR "     : -s include  - included suffix(es)\n");
+	print(STDERR "     : -x exclude  - excluded suffix(es)\n");
+	print(STDERR "     : -m          - minimal base64 encoding\n");
+	print(STDERR "     : -M          - output ldif is stored in multiple files\n");
+	print(STDERR "                     these files are named : <instance>_<filename>\n");
+	print(STDERR "                     by default, all instances are stored in <filename>\n");
+	print(STDERR "     : -r          - export replica\n");
+	print(STDERR "     : -u          - do not export unique id\n");
+	print(STDERR "     : -C          - use main db file only\n");
+	print(STDERR "     : -N          - suppress printing sequential number\n");
+	print(STDERR "     : -U          - output ldif is not folded\n");
+	print(STDERR "     : -E          - Decrypt encrypted data when exporting\n");
+	print(STDERR "     : -1          - do not print version line\n");
+	print(STDERR "     : -v          - verbose\n");
+}
+
+@instances = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+@included = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+@excluded = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+
+$prefix = DSUtil::get_prefix();
+$maxidx = 50;
+$nowrap = 0;
+$nobase64 = 0;
+$noversion = 0;
+$nouniqueid = 0;
+$useid2entry = 0;
+$onefile = 1;
+$printkey = 1;
+$taskname = "";
+$ldiffile = "";
+$doreplica = 0;
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$insti = 0;
+$incli = 0;
+$excli = 0;
+$decrypt_on_export = 0;
+$host = "";
+$port = "";
+$first = "yes";
+
+while ($i <= $#ARGV) {
+	if ( "$ARGV[$i]" eq "-n" ) {	# instances
+		$i++;
+		if ($insti < $maxidx) {
+			$instances[$insti] = $ARGV[$i]; $insti++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-s") {	# included suffix
+		$i++;
+		if ($incli < $maxidx) {
+			$included[$incli] = $ARGV[$i]; $incli++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-x") {	# excluded suffix
+		$i++;
+		if ($excli < $maxidx) {
+			$excluded[$excli] = $ARGV[$i]; $excli++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-a") {	# ldif file
+		$i++; $ldiffile = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
+		$i++; $rootdn = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
+		$i++; $passwd = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+		$i++; $passwdfile = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-M") {	# multiple ldif file
+		$onefile = 0;
+	} elsif ("$ARGV[$i]" eq "-o") {	# one ldif file
+		$onefile = 1;
+	} elsif ("$ARGV[$i]" eq "-u") {	# no dump unique id
+		$nouniqueid = 1;
+	} elsif ("$ARGV[$i]" eq "-C") {	# use id2entry
+		$useid2entry = 1;
+	} elsif ("$ARGV[$i]" eq "-N") {	# does not print key
+		$printkey = 0;
+	} elsif ("$ARGV[$i]" eq "-r") {	# export replica
+		$doreplica = 1;
+	} elsif ("$ARGV[$i]" eq "-m") {	# no base64
+		$nobase64 = 1;
+	} elsif ("$ARGV[$i]" eq "-U") {	# no wrap
+		$nowrap = 1;
+	} elsif ("$ARGV[$i]" eq "-1") {	# no version line
+		$noversion = 1;
+	} elsif ("$ARGV[$i]" eq "-E") {	# decrypt
+		$decrypt_on_export = 1;
+    } elsif ("$ARGV[$i]" eq "-Z") { # server instance
+        $i++; $servid = $ARGV[$i];
+    } elsif ("$ARGV[$i]" eq "-h") { # help
+        &usage; exit(0);
+	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
+		$verbose = 1;
+	} else {
+		&usage; exit(1);
+	}
+	$i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+$ldifdir = "$prefix/var/lib/dirsrv/slapd-$servid/ldif";
+
+if ($passwdfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $passwdfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$passwd = <RPASS>;
+	chomp($passwd);
+	close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+if (($instances[0] eq "" && $included[0] eq "") || $info[2] eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+$dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+$i = 0;
+$be = "";
+$nsinstance = "";
+while ("" ne "$instances[$i]") {
+	$nsinstance = "${nsinstance}nsInstance: $instances[$i]\n";
+	if ( "" eq "$be" ) {
+		$be = "$instances[$i]";
+	} else {
+		$be = "${be}-$instances[$i]";
+	}
+	$i++;
+}
+$i = 0;
+$nsincluded = "";
+while ("" ne "$included[$i]") {
+	$nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
+	my ($rdn, $rest) = split(/,/, $included[$i]);
+	my ($rest, $tmpbe) = split(/=/, $rdn);
+	if ( "" eq "$be" ) {
+		$be = "$tmpbe";
+	} else {
+		$be = "${be}-$tmpbe";
+	}
+	$i++;
+}
+$i = 0;
+$nsexcluded = "";
+while ("" ne "$excluded[$i]") {
+	$nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
+	$i++;
+}
+if ($ldiffile eq "") {
+	if ($onefile == 0) {
+		$ldiffile = "${ldifdir}/${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
+	} else {
+		$ldiffile = "${ldifdir}/${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
+	}
+}
+$nsreplica = "";
+if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; }
+$nsnobase64 = "";
+if ($nobase64 != 0) { $nsnobase64 = "nsMinimalEncoding: true\n"; }
+$nsnowrap = "";
+if ($nowrap != 0) { $nsnowrap = "nsNoWrap: true\n"; }
+$nsnoversion = "";
+if ($noversion != 0) { $nsnoversion = "nsNoVersionLine: true\n"; }
+$nsnouniqueid = "";
+if ($nouniqueid != 0) { $nsnouniqueid = "nsDumpUniqId: false\n"; }
+$nsuseid2entry = "";
+if ($useid2entry != 0) { $nsuseid2entry = "nsUseId2Entry: true\n"; }
+$nsonefile = "";
+if ($onefile != 0) { $nsonefile = "nsUseOneFile: true\n"; }
+if ($onefile == 0) { $nsonefile = "nsUseOneFile: false\n"; }
+$nsexportdecrypt = "";
+if ($decrypt_on_export != 0) { $nsexportdecrypt = "nsExportDecrypt: true\n"; }
+$nsprintkey = "";
+if ($printkey == 0) { $nsprintkey = "nsPrintKey: false\n"; }
+$nsldiffile = "nsFilename: ${ldiffile}\n";
+$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsreplica}${nsnobase64}${nsnowrap}${nsnoversion}${nsnouniqueid}${nsuseid2entry}${nsonefile}${nsexportdecrypt}${nsprintkey}${nsldiffile}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+print("Exporting to ldif file: ${ldiffile}\n");
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/dbverify.in

@@ -0,0 +1,112 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+PATH=$PATH:/bin
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:n:hVfd:n:D:" flag
+do
+    case $flag in
+        h)  echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+            echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+            echo "  -Z : Server instance identifier"
+            echo "  -V : verbose"
+            exit 0;;
+        Z) servid=$OPTARG;;
+        n) args=$args" -n $OPTARG";;
+        d) args=$args" -d $OPTARG";;
+        V) args=$args" -V";;
+        v) args=$args" -v";;
+        f) args=$args" -f";;
+        D) args=$args" -D $OPTARG";;
+        ?) echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+           echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+           echo "  -Z : Server instance identifier"
+           echo "  -V : verbose"
+           exit 1;;
+    esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+        echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+        echo "  -Z : Server instance identifier"
+        echo "  -V : verbose"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+./ns-slapd dbverify -D $configdir $args
+if [ $? -eq 0 ]; then
+    echo "DB verify: Passed"
+    exit 0
+else
+    echo "DB verify: Failed"
+    exit 1
+fi

ldap/admin/src/scripts/dn2rdn.in

@@ -0,0 +1,95 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+      
+first="yes"
+arg=""         
+while getopts "Z:d:ha:vfr:D:" flag
+do
+    case $flag in
+        h) echo "Usage: db2rdn [-Z serverID]"
+           exit 0;;
+        Z) servid=$OPTARG;;
+        d) arg=$arg" -d $OPTARG";;
+        a) arg=$arg" -a $OPTARG";;
+        v) arg=$arg" -v";;
+        f) arg=$arg" -f";;
+        r) arg=$arg" -r";;
+        D) arg=$arg" -D $OPTARG";;
+        ?) echo "Usage: db2rdn [-Z serverID]"
+           exit 1;;
+    esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done
+
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: db2rdn [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/reindex_`date +%Y_%m_%d_%H_%M_%S`
+./ns-slapd upgradedb -D $configdir -r -a "$bak_dir" $arg

ldap/admin/src/scripts/fixup-linkedattrs.pl.in

@@ -0,0 +1,207 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-l linkDN]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STRERR "     : -Z serverID         - Server instance identifier\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -l linkDN           - DN of link config entry that you want to fix\n");
+    print(STDERR "                             up the links for.  If omitted, all configured\n");
+    print(STDERR "                             linked attributes will be fixed up.\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$linkdn_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-l")
+    {
+        # link DN
+        $i++; $linkdn_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # Server instance identifier
+        $i++; $servid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-h") 
+    { 
+        # help
+        &usage; exit(0);
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" ) 
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "linked_attrs_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=fixup linked attributes, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+if ($linkdn_arg ne "")
+{
+    $linkdn = "linkdn: $linkdn_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${linkdn}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/fixup-memberof.pl.in

@@ -0,0 +1,219 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+    print(STDERR "        -b baseDN [-f filter]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STDERR "     : -Z serverID         - Server instance identifier\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -b baseDN           - Base DN that contains entries to fix up.\n");
+    print(STDERR "     : -f filter           - Filter for entries to fix up\n");
+    print(STDERR "                             If omitted, all entries under the specified\n");
+    print(STDERR "                             base will have their memberOf attribute\n");
+    print(STDERR "                             regenerated.\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn_arg = "";
+$filter_arg = "";
+$filter = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-b")
+    {
+        # base DN
+        $i++; $basedn_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-f")
+    {    
+        # filter 
+        $i++; $filter_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # server instance identifier
+        $i++; $servid = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-h") 
+    { 
+        # help
+        &usage; exit(0);
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }            
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn_arg eq "" ) 
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "memberOf_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=memberOf task, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+$basedn = "basedn: $basedn_arg\n";
+
+if ( $filter_arg ne "" )
+{
+    $filter = "filter: $filter_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/ldif2db.in

@@ -0,0 +1,144 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+usage()
+{
+    echo "Usage: ldif2db [-Z serverID] -n backend_instance | {-s includesuffix}* [{-x excludesuffix}*]"
+    echo "               {-i ldiffile}* [-O] [-q]"
+    echo "Note: either \"-Z serverID\", \"-n backend_instance\", \"-s includesuffix\" and \"-i ldiffile\" are required."
+}
+
+handleopts()
+{
+    while [ "$1" != "" ]
+    do
+        if [ "$1" = "-q" ]; then
+            return 1
+        elif [ "$1" = "-Z" ]; then
+            shift
+            servid=$1
+        elif [ "$1" = "-h" ]; then
+            usage
+            exit 0
+        fi
+        shift
+    done
+    return 0
+}
+
+first="yes"
+args=""
+while getopts "Z:vd:i:g:G:n:s:x:NOCc:St:D:Eq" flag
+do
+    case $flag in
+        h) usage
+           exit 0;;
+        Z) servid=$OPTARG;;
+        n) args=$args" -n $OPTARG";;
+        i) args=$args" -i $OPTARG";;
+        s) args=$args" -s $OPTARG";;
+        x) args=$args" -x $OPTARG";;
+        c) args=$args" -c $OPTARG";;
+        d) args=$args" -d $OPTARG";;
+        g) args=$args" -g $OPTARG";;
+        G) args=$args" -G $OPTARG";;
+        t) args=$args" -t $OPTARG";;
+        D) args=$args" -D $OPTARG";;
+        E) args=$args" -E";;
+        v) args=$args" -v";;
+        N) args=$args" -N";;
+        C) args=$args" -C";;
+        S) args=$args" -S";;
+        O) args=$args" -O";;
+        q) args=$args" -q";;
+        ?) usage
+           exit 1;;
+    esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        usage
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 5 ]
+then
+    usage
+    exit 1
+fi
+
+handleopts $@
+quiet=$?
+
+if [ $quiet -eq 0 ]; then
+    echo importing data ...
+fi
+./ns-slapd ldif2db -D $configdir $args 2>&1
+exit $?

ldap/admin/src/scripts/ldif2db.pl.in

@@ -0,0 +1,277 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+	print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+	print(STDERR "        -n instance | {-s include}* [{-x exclude}*] [-O] [-c]\n");
+	print(STDERR "        [-g [string]] [-G namespace_id] {-i filename}*\n");
+	print(STDERR " Opts: -D rootdn     - Directory Manager\n");
+	print(STDERR "     : -w password   - Directory Manager's password\n");
+	print(STDERR "     : -w -          - Prompt for Directory Manager's password\n");
+	print(STDERR "     : -Z serverID   - Server instance identifier\n");
+	print(STDERR "     : -j filename   - Read Directory Manager's password from file\n");
+	print(STDERR "     : -n instance   - instance to be imported to\n");
+	print(STDERR "     : -i filename   - input ldif file(s)\n");
+	print(STDERR "     : -s include    - included suffix\n");
+	print(STDERR "     : -x exclude    - excluded suffix(es)\n");
+	print(STDERR "     : -O            - only create core db, no attr indexes\n");
+	print(STDERR "     : -c size       - merge chunk size\n");
+	print(STDERR "     : -g [string]   - string is \"none\" or \"deterministic\"\n");
+	print(STDERR "     :          none - unique id is not generated\n");
+	print(STDERR "     : deterministic - generate name based unique id (-G name)\n");
+	print(STDERR "     :    by default - generate time based unique id\n");
+	print(STDERR "     : -G name       - namespace id for name based uniqueid (-g deterministic)\n");
+	print(STDERR "     : -E            - Encrypt data when importing\n");
+	print(STDERR "     : -v            - verbose\n");
+}
+
+@ldiffiles = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+@included = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+@excluded = (
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	"", "", "", "", "", "", "", "", "", "",
+	""
+);
+$maxidx = 50;
+$instance = "";
+$noattrindexes = 0;
+$mergechunksiz = 0;
+$genuniqid = "time";
+$uniqidname = "";
+$taskname = "";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$ldifi = 0;
+$incli = 0;
+$excli = 0;
+$encrypt_on_import = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+	if ( "$ARGV[$i]" eq "-i" ) {	# ldiffiles
+		$i++;
+		if ($ldifi < $maxidx) {
+			$ldiffiles[$ldifi] = $ARGV[$i]; $ldifi++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-s") {	# included suffix
+		$i++;
+		if ($incli < $maxidx) {
+			$included[$incli] = $ARGV[$i]; $incli++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-x") {	# excluded suffix
+		$i++;
+		if ($excli < $maxidx) {
+			$excluded[$excli] = $ARGV[$i]; $excli++;
+		} else {
+			&usage; exit(1);
+		}
+	} elsif ("$ARGV[$i]" eq "-n") {	# instance
+		$i++; $instance = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
+		$i++; $rootdn = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
+		$i++; $passwd = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+		$i++; $passwdfile = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-O") {	# no attr indexes
+		$noattrindexes = 1;
+	} elsif ("$ARGV[$i]" eq "-c") {	# merge chunk size
+		$i++; $mergechunksiz = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-g") {	# generate uniqueid
+		if (("$ARGV[$i+1]" ne "") && !("$ARGV[$i+1]" =~ /^-/)) {
+			$i++;
+			if ("$ARGV[$i]" eq "none") {
+				$genuniqid = $ARGV[$i];
+			} elsif ("$ARGV[$i]" eq "deterministic") {
+				$genuniqid = $ARGV[$i];
+			}
+		}
+	} elsif ("$ARGV[$i]" eq "-G") {	# namespace id
+		$i++; $uniqidname = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-Z") { # server id
+        $i++; $servid = $ARGV[$i];
+	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
+		$verbose = 1;
+	} elsif ("$ARGV[$i]" eq "-h") { # help
+        &usage; exit(0);
+	} elsif ("$ARGV[$i]" eq "-E") {	# encrypt on import
+		$encrypt_on_import = 1;
+	} else {
+		&usage; exit(1);
+	}
+	$i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print (STDERR "You must supply a server instance identifier.  Use -Z to specify instance name\n");
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $passwdfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$passwd = <RPASS>;
+	chomp($passwd);
+	close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" || $info[2] eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "import_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+$dn = "dn: cn=$taskname, cn=import, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+if ($instance ne "") {
+	$nsinstance = "nsInstance: ${instance}\n";
+}
+$i = 0;
+$nsldiffiles = "";
+while ("" ne "$ldiffiles[$i]") {
+	$nsldiffiles = "${nsldiffiles}nsFilename: $ldiffiles[$i]\n";
+	$i++;
+}
+$i = 0;
+$nsincluded = "";
+while ("" ne "$included[$i]") {
+	$nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
+	$i++;
+}
+$i = 0;
+$nsexcluded = "";
+while ("" ne "$excluded[$i]") {
+	$nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
+	$i++;
+}
+$nsnoattrindexes = "";
+if ($noattrindexes != 0) { $nsnoattrindexes = "nsImportIndexAttrs: false\n"; }
+$nsimportencrypt = "";
+if ($encrypt_on_import != 0) { $nsimportencrypt = "nsImportEncrypt: true\n"; }
+$nsmergechunksiz = "nsImportChunkSize: ${mergechunksiz}\n"; 
+$nsgenuniqid = "nsUniqueIdGenerator: ${genuniqid}\n"; 
+$nsuniqidname = "";
+if ($uniqidname ne "") { $nsuniqidname = "nsUniqueIdGeneratorNamespace: ${uniqidname}\n"; }
+$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsldiffiles}${nsnoattrindexes}${nsimportencrypt}${nsmergechunksiz}${nsgenuniqid}${nsuniqidname}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/ldif2ldap.in

@@ -0,0 +1,106 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$prefix@ldapsdk_libdir@"
+libpath_add "@ldapsdk_libdir@"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$server_dir"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+PATH=$PATH:$prefix@ldaptool_bindir@:@ldaptool_bindir@
+
+first="yes"
+args=""
+while getopts "Z:D:w:f:h" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        D) args=$args" -D $OPTARG"
+           binddn=$OPTARG;;
+        w) args=$args" -w $OPTARG"
+           passwd=$OPTARG;;
+        f) args=$args" -f $OPTARG"
+           input_file=$OPTARG;;
+        h) echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f <file>"
+           exit 0;;
+        ?) echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f <file>"
+           exit 1;;
+    esac
+done
+
+if [ "$binddn" == "" ] || [ "$passwd" == "" ] || [ "$input_file" == "" ]
+then 
+    echo "Usage: ldif2ldap -D <bind dn> -w <password> -f <file>"
+    exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f <file>"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+port=$(grep 'nsslapd-port' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print $2}' )
+host=$(grep 'nsslapd-localhost' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print $2}' )
+
+ldapmodify @ldaptool_opts@ -a -p $port -h $host $args

ldap/admin/src/scripts/monitor.in

@@ -0,0 +1,98 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@ldapsdk_libdir@"
+libpath_add "@ldapsdk_libdir@"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@nss_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+PATH=$PATH:$prefix@ldaptool_bindir@:@ldaptool_bindir@
+
+while getopts "Z:b:h" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        b) MDN=$OPTARG;;
+        h) echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+           exit 0;;
+        ?) echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+           exit 1;;
+    esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+port=$(grep 'nsslapd-port' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print $2}' )
+host=$(grep 'nsslapd-localhost' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print $2}' )
+
+if [ -z $MDN ]
+then
+    MDN="cn=monitor";
+fi
+
+ldapsearch @ldaptool_opts@ -LLL -p $port -h $host -b "$MDN" -s base "objectClass=*"

ldap/admin/src/scripts/ns-accountstatus.pl.in

@@ -0,0 +1,879 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+$prefix = DSUtil::get_prefix();
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+	print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
+	print (STDERR "May be used to $operation a user or a domain of users\n\n");
+	print (STDERR "Arguments:\n");
+	print (STDERR "          -?                   - help\n");
+	print (STDERR "          -D rootdn            - Provide a Directory Manager DN\n");
+	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
+	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
+	print (STDERR "          -Z serverID          - Server instance identifier\n");
+	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
+	print (STDERR "          -p port              - Provide a port\n");
+	print (STDERR "          -h host              - Provide a host name\n");
+	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
+}
+
+sub debug
+{
+#	print " ==> @_";
+}
+
+sub out
+{
+	print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# 	* it is the same as the entry
+# 	* the entry is member of role (==has nsroledn attributes), compare each of
+#		them with the nsroledn of nsdisabledrole
+#	* if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+	# For recursivity, file handler must be local
+	my $L_filehandle=$_[0];
+	$L_filehandle++;
+
+	my $L_entry=$_[1];
+	# Remove useless space
+    my @L_intern=split /([,])/,$L_entry;
+    my $L_result="";
+    foreach $L_part (@L_intern)
+    {
+        $L_part=~s/^ +//;
+        $L_part=~ tr/A-Z/a-z/;
+        $L_result="$L_result$L_part";
+    }
+    $L_entry=$L_result;
+
+	my $L_base=$_[2];
+	my $L_search;
+	my $L_currentrole;
+	my $L_retCode;
+	my $L_local;
+
+    `$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null 2>&1 `;
+    $retCode=$?;
+    if ( $retCode != 0 )
+    {
+        $retCode=$?>>8;
+        return 1;
+    }
+
+	# Check if the role is a nested role
+	@L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
+	# L_isNested == 1 means that we are going through a nested role, so for each member of that
+	# nested role, check that the member is below the scope of the nested
+	$L_isNested=@L_Nested;
+
+	# Not Direct Lock, Go through roles if any
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
+
+	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
+
+	unless (open ($L_filehandle, "$L_search |")) 
+	{
+		out("Can't open file $L_filehandle\n");
+		exit;
+	}
+	while (<$L_filehandle>) {
+
+		s/\n //g;
+		if (/^nsroledn: (.*)\n/) {
+			$L_currentrole = $1;
+
+			# Remove useless space
+			my @L_intern=split /([,])/,$L_currentrole;
+			my $L_result="";
+			foreach $L_part (@L_intern)
+			{
+				$L_part=~s/^ +//;
+				$L_part=~ tr/A-Z/a-z/;
+				$L_result="$L_result$L_part";
+			}
+			$L_currentrole=$L_result;
+
+			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
+			if ( $L_isNested == 1 )
+			{
+				if ( checkScope($L_currentrole, $L_base) == 0 )
+				{
+					# Scope problem probably a bad conf, skip the currentrole
+					next;	
+				}
+			}
+
+			if ( $L_currentrole eq $L_entry )
+			{
+				# the entry is a role that is directly locked
+				# i.e, nsroledn of nsdisabledrole contains the entry
+				$throughRole=$L_base;
+				$throughRole=~ tr/A-Z/a-z/;
+
+				# skipDisabled means that we've just found that the entry (which is a role)
+				# is locked directly (==its DN is part of nsroledn attributes)
+				# we just want to know now, if it is locked through another role
+				# at least, one
+				if ( $skipDisabled == 1 )
+				{
+					# direct inactivation
+					$directLocked=1;
+					# just go through that test once
+					$skipDisabled=0;
+					next;
+				}
+				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			$L_retCode=memberOf($L_currentrole, $L_entry);
+			if ( $L_retCode == 0 && $single == 1 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				if ( $skipManaged == 1 )
+				{
+					if ( $L_currentrole eq $nsManagedDisabledRole)
+					{
+						# Try next nsroledn
+						$directLocked=1;
+						$skipManaged=0;
+						next;
+					}
+				} 
+				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			# Only for the first iteration
+			# the first iteration is with nsdisabledrole as base, other
+			# loops are deeper
+			$L_local=$skipDisabled;
+			$skipDisabled=0;
+	
+			# the current nsroledn may be a complex role, just go through
+			# its won nsroledn
+			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+			# Because of recursivity, to keep the initial value for the first level
+			$skipDisabled=$L_local;
+
+			if ( $L_retCode == 0 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+				return 0;
+			}
+		}
+	}
+
+	close($L_filehandle);
+
+	debug("\t<--indirectLock: no more nsroledn to process\n");
+	return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+	my $L_nsroledn=$_[0];
+	$L_nsroledn=~ tr/A-Z/a-z/;
+
+	my $L_entry=$_[1];
+
+	my $L_search;
+	my $L_currentrole;
+
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
+
+	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
+
+	open (LDAP2, "$L_search |");
+	while (<LDAP2>) {
+		s/\n //g;
+		if (/^nsrole: (.*)\n/) {
+			$L_currentrole = $1;
+			$L_currentrole=~ tr/A-Z/a-z/;
+			if ( $L_currentrole eq $L_nsroledn )
+			{
+				# the parm is part of the $L_entry nsroledn
+				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+				return 0;
+			}
+		}
+	}
+	close(LDAP2);
+
+	# the parm is not part of the $L_entry nsroledn
+	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+	return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+    $L_entry=$_[0];
+
+    @L_entryToTest=split /([,])/,$L_entry;
+    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+    $newDN="";
+    $removeRDN=1;
+    foreach $part (@L_entryToTest)
+    {
+        $part=~ s/^ +//;
+        $part=~ tr/A-Z/a-z/;
+        if ( $removeRDN <= 2 )
+        {
+            $removeRDN=$removeRDN+1;
+        }
+        else
+        {
+            $newDN="$newDN$part";
+        }
+    }
+
+    debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of 
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+    $L_current=$_[0];
+    $L_nestedRole=$_[1];
+
+    debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+    removeRdn($L_nestedRole);
+    $L_nestedRoleSuffix=$newDN;
+    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
+
+    $cont=1;
+    while ( ($cont == 1) && ($L_current ne "") )
+    {
+        removeRdn($L_current);
+        $currentDn=$newDN;
+        debug("checkScope: current DN to check: $currentDn\n");
+ 
+        if ( $currentDn eq $L_nestedRoleSuffix )
+        {
+            debug("checkScope: DN match!!!\n");
+            $cont = 0;
+        }
+        else
+        {
+            $L_current=$currentDn;
+        }
+    }
+ 
+    if ( $cont == 1 )
+    {
+        debug("checkScope: $_[0] and $_[1] are not compatible\n");
+        return 0;
+    }
+    else
+    {
+        debug("checkScope: $_[0] and $_[1] are compatible\n");
+        return 1;
+    }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+	$cmd="ns-inactivate.pl";
+	$operation="inactivate";
+	$state="inactivated";
+	$modrole="add";
+	$already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+	$cmd="ns-activate.pl";
+	$operation="activate";
+	$state="activated";
+	$modrole="delete";
+	$already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+	$cmd="ns-accountstatus.pl";
+	$operation="get status of";
+	$state="activated";
+	# no need for $modrole as no operation is performed
+	$already="";
+
+}
+else
+{
+	out("$0: unknown command\n");
+	exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$port = "";
+$host = "";
+$rootpw = "";
+$pwfile = "";
+$entry = "";
+$single = 0;
+$role = 0;
+$first = "yes";
+
+# Process the command line arguments
+while( $arg = shift)
+{
+    if($arg eq "-?")
+    {
+        usage();
+        exit 0
+    }
+    elsif($arg eq "-D")
+    {
+        $rootdn= shift @ARGV;
+    }
+    elsif($arg eq "-w")
+    {
+        $rootpw= shift @ARGV;
+    }
+    elsif($arg eq "-j")
+    {
+        $pwfile= shift @ARGV;
+    }
+    elsif($arg eq "-p")
+    {
+        $port= shift @ARGV;
+    }
+    elsif($arg eq "-h")
+    {
+        $host= shift @ARGV;
+    }
+    elsif($arg eq "-I")
+    {
+        $entry= shift @ARGV;
+    }
+    elsif($arg eq "-Z")
+    {
+        $servid= shift @ARGV;
+    }
+	else
+	{
+		print "$arg: Unknown command line argument.\n";
+		usage();
+		exit 1
+	}
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($pwfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $pwfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$rootpw = <RPASS>;
+	chomp($rootpw);
+	close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$rootpw = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+	usage();
+	exit 1;
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
+$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+	$retCode1=$?>>8;
+	exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
+$nbLineRole=@isRole;
+$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+	$retCode2=$?>>8;
+	exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+	debug("Groups of users\n");
+	$role=1;
+}
+else
+{
+	debug("Single user\n");
+	$single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+	$searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
+	open (LDAP1, "$searchAccountLock |");
+	while (<LDAP1>) {
+		s/\n //g;
+		if (/^nsaccountlock: (.*)\n/) {
+			$L_currentvalue = $1;
+			$L_currentvalue=~ tr/A-Z/a-z/;
+			if ( $L_currentvalue eq "true")
+			{
+				$isLocked=1;
+			}
+			elsif ( $L_currentvalue eq "false" )
+			{
+				$isLocked=0;
+			}
+		}
+	}
+	close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+#	-I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+	$part=~s/^ +//;
+	$part=~ tr/A-Z/a-z/;
+	$result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+	# Look if suffix is the suffix of the entry
+	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
+	#
+	debug("\tSuffix from the entry: #@suffixN#\n");
+	@mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
+
+	$retCode=$?;
+	if ( $retCode != 0 )
+	{
+		$retCode=$?>>8;
+		exit $retCode;
+	}
+
+	# If we get a result, remove the dn:
+	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
+	#	cn: "o=sun.com"
+	#
+	shift @mapping;
+
+	foreach $res (@mapping)
+	{
+		# Break the string cn: "o=sun.com" into pieces
+		@cn= split(/ /,$res);
+
+		# And remove the cn: part
+		shift @cn;
+
+		# Now compare the suffix we extract from the mapping tree 
+		# with the suffix derived from the entry
+		debug("\tSuffix from mapping tree: #@cn#\n");
+		if ( @cn eq @suffixN ) {
+			debug("Found matching suffix\n");
+			$cont=1;
+		}
+	}
+
+	if ( $cont == 0 )
+	{
+		# Remove the current rdn to try another suffix
+		shift @suffix;
+
+		$result="";
+		foreach $part (@suffix)
+		{
+			$part=~ s/^ +//;
+			$part=~ tr/A-Z/a-z/;
+			$result="$result$part";
+		}
+		@suffixN=$result;
+
+		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+		$len=@suffix;
+		if ( $len == 0 )
+		{
+			debug("Can not find suffix. Problem\n");
+			$cont=2;
+		}
+	}
+}
+if ( $cont == 2)
+{
+	out("Can not find suffix for entry $entry\n");
+	exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+	#
+	# Now that we have the suffix and we know if we deal with a single entry or
+	# a role, just try to create the COS and roles associated.
+	#
+	@base=(
+		"cn=nsManagedDisabledRole,@suffixN",
+		"cn=nsDisabledRole,@suffixN",
+		"cn=nsAccountInactivationTmp,@suffixN",
+		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+		"cn=nsAccountInactivation_cos,@suffixN" );
+
+	$addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c -a >> /dev/null 2>&1 ";
+	@role1=(
+		"dn: cn=nsManagedDisabledRole,@suffixN\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsSimpleRoleDefinition\n",
+		"objectclass: nsManagedRoleDefinition\n",
+		"cn: nsManagedDisabledRole\n\n" );
+	@role2=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsComplexRoleDefinition\n",
+		"objectclass: nsNestedRoleDefinition\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+		"cn: nsDisabledRole\n\n" );
+	@cos1=(
+		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: nsContainer\n\n" );
+	@cos2=(
+		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: extensibleObject\n",
+		"objectclass: costemplate\n",
+		"objectclass: ldapsubentry\n",
+		"cosPriority: 1\n",
+		"nsAccountLock: true\n\n" );
+	@cos3=(
+		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: cosSuperDefinition\n",
+		"objectclass: cosClassicDefinition\n",
+		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"cosSpecifier: nsRole\n",
+		"cosAttribute: nsAccountLock operational\n\n" );
+
+	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+	$i=0;
+
+	foreach $current (@base)
+	{
+		debug("Creating $current ??\n");
+		open(FD,"| $addrolescos ");
+		print FD @{$all[$i]};
+		close(FD);
+		if ( $? != 0 )
+		{
+			$retCode=$?>>8;
+			if ( $retCode == 68 )
+			{
+				debug("Entry $current already exists, ignore error\n");
+			}
+			else
+			{
+				# Probably a more serious problem.
+				# Exit with LDAP error
+				exit $retCode;
+			}
+		}
+		else
+		{
+			debug("Entry $current created\n");
+		}
+		$i=$i+1;
+	}
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+	# Go through all the roles part of nsdisabledrole to check if the entry
+	# is a member of one of those roles
+	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+	if ( $ret == 0 )
+	{
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			# indirect lock
+			out("$entry already $state through $throughRole.\n");
+		}
+		else
+		{
+			# direct lock
+			out("$entry already $state.\n");
+		}
+		exit 100;
+	}
+	elsif ( $isLocked == 1 )
+	{
+		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+		out("$entry already $state (probably directly).\n");
+		exit 103;
+	}
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+	$skipManaged=$single;
+	$skipDisabled=$role;
+
+	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+	if ( $ret == 0 )
+	{
+		# undirectly locked
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			if ( $operation eq "activate" )
+			{
+				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
+				exit 100;
+			}
+			else
+			{
+				out("$entry inactivated through $throughRole.\n");
+				exit 104;
+			}
+		}
+		debug("$entry locked individually\n");
+
+		if ( $operation ne "activate" )
+		{
+			out("$entry inactivated.\n");
+			exit 103;
+		}
+	}
+	elsif ( $directLocked == 0 )
+	{
+		if ( $operation eq "activate" && $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 100;
+		}
+		elsif ( $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 102;
+		}
+		else
+		{
+			# not locked using our schema, but nsaccountlock is probably present
+			out("$entry inactivated (probably directly).\n");
+			exit 103;
+		}
+	}
+	elsif ( $operation ne "activate" )
+	{
+		out("$entry inactivated.\n");
+		exit 103;
+	}
+	# else Locked directly, juste unlock it!
+	debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> /dev/null 2>&1";
+if ( $single == 1 )
+{
+	@record=(
+		"dn: $entry\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+	@record=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+	$retCode=$?>>8;
+	exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;

ldap/admin/src/scripts/ns-activate.pl.in

@@ -0,0 +1,884 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+	print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
+	print (STDERR "May be used to $operation a user or a domain of users\n\n");
+	print (STDERR "Arguments:\n");
+	print (STDERR "          -?                   - help\n");
+	print (STDERR "          -D rootdn            - Provide a Directory Manager DN\n");
+	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
+	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
+	print (STDERR "          -Z serverID          - Server instance identifier\n");
+	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
+	print (STDERR "          -p port              - Provide a port\n");
+	print (STDERR "          -h host              - Provide a host name'\n");
+	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
+}
+
+sub debug
+{
+#	print " ==> @_";
+}
+
+sub out
+{
+	print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# 	* it is the same as the entry
+# 	* the entry is member of role (==has nsroledn attributes), compare each of
+#		them with the nsroledn of nsdisabledrole
+#	* if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+	# For recursivity, file handler must be local
+	my $L_filehandle=$_[0];
+	$L_filehandle++;
+
+	my $L_entry=$_[1];
+	# Remove useless space
+    my @L_intern=split /([,])/,$L_entry;
+    my $L_result="";
+    foreach $L_part (@L_intern)
+    {
+        $L_part=~s/^ +//;
+        $L_part=~ tr/A-Z/a-z/;
+        $L_result="$L_result$L_part";
+    }
+    $L_entry=$L_result;
+
+	my $L_base=$_[2];
+	
+	my $L_search;
+	my $L_currentrole;
+	my $L_retCode;
+
+	my $L_local;
+
+`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null 2>&1 `;
+$retCode=$?;
+if ( $retCode != 0 )
+{
+    $retCode=$?>>8;
+    return 1;
+}
+
+	# Check if the role is a nested role
+	@L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
+	# L_isNested == 1 means that we are going through a nested role, so for each member of that
+	# nested role, check that the member is below the scope of the nested
+	$L_isNested=@L_Nested;
+
+	# Not Direct Lock, Go through roles if any
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
+
+	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
+
+	unless (open ($L_filehandle, "$L_search |")) 
+	{
+		out("Can't open file $L_filehandle\n");
+		exit;
+	}
+	while (<$L_filehandle>) {
+
+		s/\n //g;
+		if (/^nsroledn: (.*)\n/) {
+			$L_currentrole = $1;
+
+			# Remove useless space
+			my @L_intern=split /([,])/,$L_currentrole;
+			my $L_result="";
+			foreach $L_part (@L_intern)
+			{
+				$L_part=~s/^ +//;
+				$L_part=~ tr/A-Z/a-z/;
+				$L_result="$L_result$L_part";
+			}
+			$L_currentrole=$L_result;
+
+			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
+			if ( $L_isNested == 1 )
+			{
+				if ( checkScope($L_currentrole, $L_base) == 0 )
+				{
+					# Scope problem probably a bad conf, skip the currentrole
+					next;	
+				}
+			}
+
+			if ( $L_currentrole eq $L_entry )
+			{
+				# the entry is a role that is directly locked
+				# i.e, nsroledn of nsdisabledrole contains the entry
+				$throughRole=$L_base;
+				$throughRole=~ tr/A-Z/a-z/;
+
+				# skipDisabled means that we've just found that the entry (which is a role)
+				# is locked directly (==its DN is part of nsroledn attributes)
+				# we just want to know now, if it is locked through another role
+				# at least, one
+				if ( $skipDisabled == 1 )
+				{
+					# direct inactivation
+					$directLocked=1;
+					# just go through that test once
+					$skipDisabled=0;
+					next;
+				}
+				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			$L_retCode=memberOf($L_currentrole, $L_entry);
+			if ( $L_retCode == 0 && $single == 1 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				if ( $skipManaged == 1 )
+				{
+					if ( $L_currentrole eq $nsManagedDisabledRole)
+					{
+						# Try next nsroledn
+						$directLocked=1;
+						$skipManaged=0;
+						next;
+					}
+				} 
+				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			# Only for the first iteration
+			# the first iteration is with nsdisabledrole as base, other
+			# loops are deeper
+			$L_local=$skipDisabled;
+			$skipDisabled=0;
+	
+			# the current nsroledn may be a complex role, just go through
+			# its won nsroledn
+			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+			# Because of recursivity, to keep the initial value for the first level
+			$skipDisabled=$L_local;
+
+			if ( $L_retCode == 0 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+				return 0;
+			}
+		}
+	}
+
+	close($L_filehandle);
+
+	debug("\t<--indirectLock: no more nsroledn to process\n");
+	return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+	my $L_nsroledn=$_[0];
+	$L_nsroledn=~ tr/A-Z/a-z/;
+
+	my $L_entry=$_[1];
+
+	my $L_search;
+	my $L_currentrole;
+
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
+
+	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
+
+	open (LDAP2, "$L_search |");
+	while (<LDAP2>) {
+		s/\n //g;
+		if (/^nsrole: (.*)\n/) {
+			$L_currentrole = $1;
+			$L_currentrole=~ tr/A-Z/a-z/;
+			if ( $L_currentrole eq $L_nsroledn )
+			{
+				# the parm is part of the $L_entry nsroledn
+				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+				return 0;
+			}
+		}
+	}
+	close(LDAP2);
+
+	# the parm is not part of the $L_entry nsroledn
+	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+	return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+    $L_entry=$_[0];
+
+    @L_entryToTest=split /([,])/,$L_entry;
+    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+    $newDN="";
+    $removeRDN=1;
+    foreach $part (@L_entryToTest)
+    {
+        $part=~ s/^ +//;
+        $part=~ tr/A-Z/a-z/;
+        if ( $removeRDN <= 2 )
+        {
+            $removeRDN=$removeRDN+1;
+        }
+        else
+        {
+            $newDN="$newDN$part";
+        }
+    }
+
+    debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of 
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+    $L_current=$_[0];
+    $L_nestedRole=$_[1];
+
+    debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+    removeRdn($L_nestedRole);
+    $L_nestedRoleSuffix=$newDN;
+    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
+
+    $cont=1;
+    while ( ($cont == 1) && ($L_current ne "") )
+    {
+        removeRdn($L_current);
+        $currentDn=$newDN;
+        debug("checkScope: current DN to check: $currentDn\n");
+ 
+        if ( $currentDn eq $L_nestedRoleSuffix )
+        {
+            debug("checkScope: DN match!!!\n");
+            $cont = 0;
+        }
+        else
+        {
+            $L_current=$currentDn;
+        }
+    }
+ 
+    if ( $cont == 1 )
+    {
+        debug("checkScope: $_[0] and $_[1] are not compatible\n");
+        return 0;
+    }
+    else
+    {
+        debug("checkScope: $_[0] and $_[1] are compatible\n");
+        return 1;
+    }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Generated variable
+$prefix = DSUtil::get_prefix();
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+	$cmd="ns-inactivate.pl";
+	$operation="inactivate";
+	$state="inactivated";
+	$modrole="add";
+	$already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+	$cmd="ns-activate.pl";
+	$operation="activate";
+	$state="activated";
+	$modrole="delete";
+	$already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+	$cmd="ns-accountstatus.pl";
+	$operation="get status of";
+	$state="activated";
+	# no need for $modrole as no operation is performed
+	$already="";
+
+}
+else
+{
+	out("$0: unknown command\n");
+	exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$port = "";
+$host = "";
+$rootpw = "";
+$pwfile = "";
+$entry = "";
+$first = "yes";
+$single = 0;
+$role = 0;
+
+# Process the command line arguments
+while( $arg = shift)
+{
+    if($arg eq "-?")
+    {
+        usage();
+        exit(0);
+    }
+    elsif($arg eq "-D")
+    {
+        $rootdn= shift @ARGV;
+    }
+    elsif($arg eq "-w")
+    {
+        $rootpw= shift @ARGV;
+    }
+    elsif($arg eq "-j")
+    {
+        $pwfile= shift @ARGV;
+    }
+    elsif($arg eq "-p")
+    {
+        $port= shift @ARGV;
+    }
+    elsif($arg eq "-h")
+    {
+        $host= shift @ARGV;
+    }
+    elsif($arg eq "-I")
+    {
+        $entry= shift @ARGV;
+    }
+    elsif($arg eq "-Z")
+    {
+        $servid= shift @ARGV;
+    }
+	else
+	{
+		print "$arg: Unknown command line argument.\n";
+		usage();
+		exit(1);
+	}
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($pwfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $pwfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$rootpw = <RPASS>;
+	chomp($rootpw);
+	close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$rootpw = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+	usage();
+	exit(1);
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
+$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+	$retCode1=$?>>8;
+	exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
+$nbLineRole=@isRole;
+$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+	$retCode2=$?>>8;
+	exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+	debug("Groups of users\n");
+	$role=1;
+}
+else
+{
+	debug("Single user\n");
+	$single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+	$searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
+	open (LDAP1, "$searchAccountLock |");
+	while (<LDAP1>) {
+		s/\n //g;
+		if (/^nsaccountlock: (.*)\n/) {
+			$L_currentvalue = $1;
+			$L_currentvalue=~ tr/A-Z/a-z/;
+			if ( $L_currentvalue eq "true")
+			{
+				$isLocked=1;
+			}
+			elsif ( $L_currentvalue eq "false" )
+			{
+				$isLocked=0;
+			}
+		}
+	}
+	close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+#	-I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+	$part=~s/^ +//;
+	$part=~ tr/A-Z/a-z/;
+	$result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+	# Look if suffix is the suffix of the entry
+	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
+	#
+	debug("\tSuffix from the entry: #@suffixN#\n");
+	@mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
+
+	$retCode=$?;
+	if ( $retCode != 0 )
+	{
+		$retCode=$?>>8;
+		exit $retCode;
+	}
+
+	# If we get a result, remove the dn:
+	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
+	#	cn: "o=sun.com"
+	#
+	shift @mapping;
+
+	foreach $res (@mapping)
+	{
+		# Break the string cn: "o=sun.com" into pieces
+		@cn= split(/ /,$res);
+
+		# And remove the cn: part
+		shift @cn;
+
+		# Now compare the suffix we extract from the mapping tree 
+		# with the suffix derived from the entry
+		debug("\tSuffix from mapping tree: #@cn#\n");
+		if ( @cn eq @suffixN ) {
+			debug("Found matching suffix\n");
+			$cont=1;
+		}
+	}
+
+	if ( $cont == 0 )
+	{
+		# Remove the current rdn to try another suffix
+		shift @suffix;
+
+		$result="";
+		foreach $part (@suffix)
+		{
+			$part=~ s/^ +//;
+			$part=~ tr/A-Z/a-z/;
+			$result="$result$part";
+		}
+		@suffixN=$result;
+
+		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+		$len=@suffix;
+		if ( $len == 0 )
+		{
+			debug("Can not find suffix. Problem\n");
+			$cont=2;
+		}
+	}
+}
+if ( $cont == 2)
+{
+	out("Can not find suffix for entry $entry\n");
+	exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+	#
+	# Now that we have the suffix and we know if we deal with a single entry or
+	# a role, just try to create the COS and roles associated.
+	#
+	@base=(
+		"cn=nsManagedDisabledRole,@suffixN",
+		"cn=nsDisabledRole,@suffixN",
+		"cn=nsAccountInactivationTmp,@suffixN",
+		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+		"cn=nsAccountInactivation_cos,@suffixN" );
+
+	$addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c -a >> /dev/null 2>&1 ";
+	@role1=(
+		"dn: cn=nsManagedDisabledRole,@suffixN\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsSimpleRoleDefinition\n",
+		"objectclass: nsManagedRoleDefinition\n",
+		"cn: nsManagedDisabledRole\n\n" );
+	@role2=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsComplexRoleDefinition\n",
+		"objectclass: nsNestedRoleDefinition\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+		"cn: nsDisabledRole\n\n" );
+	@cos1=(
+		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: nsContainer\n\n" );
+	@cos2=(
+		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: extensibleObject\n",
+		"objectclass: costemplate\n",
+		"objectclass: ldapsubentry\n",
+		"cosPriority: 1\n",
+		"nsAccountLock: true\n\n" );
+	@cos3=(
+		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: cosSuperDefinition\n",
+		"objectclass: cosClassicDefinition\n",
+		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"cosSpecifier: nsRole\n",
+		"cosAttribute: nsAccountLock operational\n\n" );
+
+	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+	$i=0;
+
+	foreach $current (@base)
+	{
+		debug("Creating $current ??\n");
+		open(FD,"| $addrolescos ");
+		print FD @{$all[$i]};
+		close(FD);
+		if ( $? != 0 )
+		{
+			$retCode=$?>>8;
+			if ( $retCode == 68 )
+			{
+				debug("Entry $current already exists, ignore error\n");
+			}
+			else
+			{
+				# Probably a more serious problem.
+				# Exit with LDAP error
+				exit $retCode;
+			}
+		}
+		else
+		{
+			debug("Entry $current created\n");
+		}
+		$i=$i+1;
+	}
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+	# Go through all the roles part of nsdisabledrole to check if the entry
+	# is a member of one of those roles
+	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+	if ( $ret == 0 )
+	{
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			# indirect lock
+			out("$entry already $state through $throughRole.\n");
+		}
+		else
+		{
+			# direct lock
+			out("$entry already $state.\n");
+		}
+		exit 100;
+	}
+	elsif ( $isLocked == 1 )
+	{
+		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+		out("$entry already $state (probably directly).\n");
+		exit 103;
+	}
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+	$skipManaged=$single;
+	$skipDisabled=$role;
+
+	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+	if ( $ret == 0 )
+	{
+		# undirectly locked
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			if ( $operation eq "activate" )
+			{
+				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
+				exit 100;
+			}
+			else
+			{
+				out("$entry inactivated through $throughRole.\n");
+				exit 104;
+			}
+		}
+		debug("$entry locked individually\n");
+
+		if ( $operation ne "activate" )
+		{
+			out("$entry inactivated.\n");
+			exit 103;
+		}
+	}
+	elsif ( $directLocked == 0 )
+	{
+		if ( $operation eq "activate" && $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 100;
+		}
+		elsif ( $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 102;
+		}
+		else
+		{
+			# not locked using our schema, but nsaccountlock is probably present
+			out("$entry inactivated (probably directly).\n");
+			exit 103;
+		}
+	}
+	elsif ( $operation ne "activate" )
+	{
+		out("$entry inactivated.\n");
+		exit 103;
+	}
+	# else Locked directly, juste unlock it!
+	debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> /dev/null 2>&1";
+if ( $single == 1 )
+{
+	@record=(
+		"dn: $entry\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+	@record=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+	$retCode=$?>>8;
+	exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;

ldap/admin/src/scripts/ns-inactivate.pl.in

@@ -0,0 +1,884 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+	print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
+	print (STDERR "May be used to $operation a user or a domain of users\n\n");
+	print (STDERR "Arguments:\n");
+	print (STDERR "          -?                   - help\n");
+	print (STDERR "          -D rootdn            - Provide a Directory Manager DN\n");
+	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
+	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
+	print (STDERR "          -Z serverID          - Server instance identifier\n");
+	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
+	print (STDERR "          -p port              - Provide a port\n");
+	print (STDERR "          -h host              - Provide a host name\n");
+	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
+}
+
+sub debug
+{
+#	print " ==> @_";
+}
+
+sub out
+{
+	print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# 	* it is the same as the entry
+# 	* the entry is member of role (==has nsroledn attributes), compare each of
+#		them with the nsroledn of nsdisabledrole
+#	* if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+	# For recursivity, file handler must be local
+	my $L_filehandle=$_[0];
+	$L_filehandle++;
+
+	my $L_entry=$_[1];
+	# Remove useless space
+    my @L_intern=split /([,])/,$L_entry;
+    my $L_result="";
+    foreach $L_part (@L_intern)
+    {
+        $L_part=~s/^ +//;
+        $L_part=~ tr/A-Z/a-z/;
+        $L_result="$L_result$L_part";
+    }
+    $L_entry=$L_result;
+
+	my $L_base=$_[2];
+	
+	my $L_search;
+	my $L_currentrole;
+	my $L_retCode;
+
+	my $L_local;
+
+`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null 2>&1 `;
+$retCode=$?;
+if ( $retCode != 0 )
+{
+    $retCode=$?>>8;
+    return 1;
+}
+
+	# Check if the role is a nested role
+	@L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
+	# L_isNested == 1 means that we are going through a nested role, so for each member of that
+	# nested role, check that the member is below the scope of the nested
+	$L_isNested=@L_Nested;
+
+	# Not Direct Lock, Go through roles if any
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
+
+	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
+
+	unless (open ($L_filehandle, "$L_search |")) 
+	{
+		out("Can't open file $L_filehandle\n");
+		exit;
+	}
+	while (<$L_filehandle>) {
+
+		s/\n //g;
+		if (/^nsroledn: (.*)\n/) {
+			$L_currentrole = $1;
+
+			# Remove useless space
+			my @L_intern=split /([,])/,$L_currentrole;
+			my $L_result="";
+			foreach $L_part (@L_intern)
+			{
+				$L_part=~s/^ +//;
+				$L_part=~ tr/A-Z/a-z/;
+				$L_result="$L_result$L_part";
+			}
+			$L_currentrole=$L_result;
+
+			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
+			if ( $L_isNested == 1 )
+			{
+				if ( checkScope($L_currentrole, $L_base) == 0 )
+				{
+					# Scope problem probably a bad conf, skip the currentrole
+					next;	
+				}
+			}
+
+			if ( $L_currentrole eq $L_entry )
+			{
+				# the entry is a role that is directly locked
+				# i.e, nsroledn of nsdisabledrole contains the entry
+				$throughRole=$L_base;
+				$throughRole=~ tr/A-Z/a-z/;
+
+				# skipDisabled means that we've just found that the entry (which is a role)
+				# is locked directly (==its DN is part of nsroledn attributes)
+				# we just want to know now, if it is locked through another role
+				# at least, one
+				if ( $skipDisabled == 1 )
+				{
+					# direct inactivation
+					$directLocked=1;
+					# just go through that test once
+					$skipDisabled=0;
+					next;
+				}
+				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			$L_retCode=memberOf($L_currentrole, $L_entry);
+			if ( $L_retCode == 0 && $single == 1 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				if ( $skipManaged == 1 )
+				{
+					if ( $L_currentrole eq $nsManagedDisabledRole)
+					{
+						# Try next nsroledn
+						$directLocked=1;
+						$skipManaged=0;
+						next;
+					}
+				} 
+				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
+				return 0;
+			}
+
+			# Only for the first iteration
+			# the first iteration is with nsdisabledrole as base, other
+			# loops are deeper
+			$L_local=$skipDisabled;
+			$skipDisabled=0;
+	
+			# the current nsroledn may be a complex role, just go through
+			# its won nsroledn
+			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+			# Because of recursivity, to keep the initial value for the first level
+			$skipDisabled=$L_local;
+
+			if ( $L_retCode == 0 )
+			{
+				$throughRole=$L_currentrole;
+				$throughRole=~ tr/A-Z/a-z/;
+				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+				return 0;
+			}
+		}
+	}
+
+	close($L_filehandle);
+
+	debug("\t<--indirectLock: no more nsroledn to process\n");
+	return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+	my $L_nsroledn=$_[0];
+	$L_nsroledn=~ tr/A-Z/a-z/;
+
+	my $L_entry=$_[1];
+
+	my $L_search;
+	my $L_currentrole;
+
+	$L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
+
+	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
+
+	open (LDAP2, "$L_search |");
+	while (<LDAP2>) {
+		s/\n //g;
+		if (/^nsrole: (.*)\n/) {
+			$L_currentrole = $1;
+			$L_currentrole=~ tr/A-Z/a-z/;
+			if ( $L_currentrole eq $L_nsroledn )
+			{
+				# the parm is part of the $L_entry nsroledn
+				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+				return 0;
+			}
+		}
+	}
+	close(LDAP2);
+
+	# the parm is not part of the $L_entry nsroledn
+	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+	return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+    $L_entry=$_[0];
+
+    @L_entryToTest=split /([,])/,$L_entry;
+    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+    $newDN="";
+    $removeRDN=1;
+    foreach $part (@L_entryToTest)
+    {
+        $part=~ s/^ +//;
+        $part=~ tr/A-Z/a-z/;
+        if ( $removeRDN <= 2 )
+        {
+            $removeRDN=$removeRDN+1;
+        }
+        else
+        {
+            $newDN="$newDN$part";
+        }
+    }
+
+    debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of 
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+    $L_current=$_[0];
+    $L_nestedRole=$_[1];
+
+    debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+    removeRdn($L_nestedRole);
+    $L_nestedRoleSuffix=$newDN;
+    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
+
+    $cont=1;
+    while ( ($cont == 1) && ($L_current ne "") )
+    {
+        removeRdn($L_current);
+        $currentDn=$newDN;
+        debug("checkScope: current DN to check: $currentDn\n");
+ 
+        if ( $currentDn eq $L_nestedRoleSuffix )
+        {
+            debug("checkScope: DN match!!!\n");
+            $cont = 0;
+        }
+        else
+        {
+            $L_current=$currentDn;
+        }
+    }
+ 
+    if ( $cont == 1 )
+    {
+        debug("checkScope: $_[0] and $_[1] are not compatible\n");
+        return 0;
+    }
+    else
+    {
+        debug("checkScope: $_[0] and $_[1] are compatible\n");
+        return 1;
+    }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Generated variable
+$prefix = DSUtil::get_prefix();
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+	$cmd="ns-inactivate.pl";
+	$operation="inactivate";
+	$state="inactivated";
+	$modrole="add";
+	$already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+	$cmd="ns-activate.pl";
+	$operation="activate";
+	$state="activated";
+	$modrole="delete";
+	$already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+	$cmd="ns-accountstatus.pl";
+	$operation="get status of";
+	$state="activated";
+	# no need for $modrole as no operation is performed
+	$already="";
+
+}
+else
+{
+	out("$0: unknown command\n");
+	exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$rootpw = "";
+$pwfile = "";
+$host = "";
+$port = "";
+$entry = "";
+$first = "yes";
+$single = 0;
+$role = 0;
+
+# Process the command line arguments
+while( $arg = shift)
+{
+    if($arg eq "-?")
+    {
+        usage();
+        exit(0);
+    }
+    elsif($arg eq "-D")
+    {
+        $rootdn= shift @ARGV;
+    }
+    elsif($arg eq "-w")
+    {
+        $rootpw= shift @ARGV;
+    }
+    elsif($arg eq "-j")
+    {
+        $pwfile= shift @ARGV;
+    }
+    elsif($arg eq "-p")
+    {
+        $port= shift @ARGV;
+    }
+    elsif($arg eq "-h")
+    {
+        $host= shift @ARGV;
+    }
+    elsif($arg eq "-I")
+    {
+        $entry= shift @ARGV;
+    }
+    elsif($arg eq "-Z")
+    {
+        $servid= shift @ARGV;
+    }
+	else
+	{
+		print "$arg: Unknown command line argument.\n";
+		usage();
+		exit(1);
+	}
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($pwfile ne ""){
+# Open file and get the password
+	unless (open (RPASS, $pwfile)) {
+		die "Error, cannot open password file $passwdfile\n";
+	}
+	$rootpw = <RPASS>;
+	chomp($rootpw);
+	close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$rootpw = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+	usage();
+	exit(1);
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
+$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+	$retCode1=$?>>8;
+	exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
+$nbLineRole=@isRole;
+$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+	$retCode2=$?>>8;
+	exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+	debug("Groups of users\n");
+	$role=1;
+}
+else
+{
+	debug("Single user\n");
+	$single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+	$searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
+	open (LDAP1, "$searchAccountLock |");
+	while (<LDAP1>) {
+		s/\n //g;
+		if (/^nsaccountlock: (.*)\n/) {
+			$L_currentvalue = $1;
+			$L_currentvalue=~ tr/A-Z/a-z/;
+			if ( $L_currentvalue eq "true")
+			{
+				$isLocked=1;
+			}
+			elsif ( $L_currentvalue eq "false" )
+			{
+				$isLocked=0;
+			}
+		}
+	}
+	close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+#	-I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+	$part=~s/^ +//;
+	$part=~ tr/A-Z/a-z/;
+	$result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+	# Look if suffix is the suffix of the entry
+	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
+	#
+	debug("\tSuffix from the entry: #@suffixN#\n");
+	@mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
+
+	$retCode=$?;
+	if ( $retCode != 0 )
+	{
+		$retCode=$?>>8;
+		exit $retCode;
+	}
+
+	# If we get a result, remove the dn:
+	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
+	#	cn: "o=sun.com"
+	#
+	shift @mapping;
+
+	foreach $res (@mapping)
+	{
+		# Break the string cn: "o=sun.com" into pieces
+		@cn= split(/ /,$res);
+
+		# And remove the cn: part
+		shift @cn;
+
+		# Now compare the suffix we extract from the mapping tree 
+		# with the suffix derived from the entry
+		debug("\tSuffix from mapping tree: #@cn#\n");
+		if ( @cn eq @suffixN ) {
+			debug("Found matching suffix\n");
+			$cont=1;
+		}
+	}
+
+	if ( $cont == 0 )
+	{
+		# Remove the current rdn to try another suffix
+		shift @suffix;
+
+		$result="";
+		foreach $part (@suffix)
+		{
+			$part=~ s/^ +//;
+			$part=~ tr/A-Z/a-z/;
+			$result="$result$part";
+		}
+		@suffixN=$result;
+
+		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+		$len=@suffix;
+		if ( $len == 0 )
+		{
+			debug("Can not find suffix. Problem\n");
+			$cont=2;
+		}
+	}
+}
+if ( $cont == 2)
+{
+	out("Can not find suffix for entry $entry\n");
+	exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+	#
+	# Now that we have the suffix and we know if we deal with a single entry or
+	# a role, just try to create the COS and roles associated.
+	#
+	@base=(
+		"cn=nsManagedDisabledRole,@suffixN",
+		"cn=nsDisabledRole,@suffixN",
+		"cn=nsAccountInactivationTmp,@suffixN",
+		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+		"cn=nsAccountInactivation_cos,@suffixN" );
+
+	$addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c -a >> /dev/null 2>&1 ";
+	@role1=(
+		"dn: cn=nsManagedDisabledRole,@suffixN\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsSimpleRoleDefinition\n",
+		"objectclass: nsManagedRoleDefinition\n",
+		"cn: nsManagedDisabledRole\n\n" );
+	@role2=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: nsRoleDefinition\n",
+		"objectclass: nsComplexRoleDefinition\n",
+		"objectclass: nsNestedRoleDefinition\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+		"cn: nsDisabledRole\n\n" );
+	@cos1=(
+		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: nsContainer\n\n" );
+	@cos2=(
+		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: extensibleObject\n",
+		"objectclass: costemplate\n",
+		"objectclass: ldapsubentry\n",
+		"cosPriority: 1\n",
+		"nsAccountLock: true\n\n" );
+	@cos3=(
+		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
+		"objectclass: top\n",
+		"objectclass: LDAPsubentry\n",
+		"objectclass: cosSuperDefinition\n",
+		"objectclass: cosClassicDefinition\n",
+		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+		"cosSpecifier: nsRole\n",
+		"cosAttribute: nsAccountLock operational\n\n" );
+
+	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+	$i=0;
+
+	foreach $current (@base)
+	{
+		debug("Creating $current ??\n");
+		open(FD,"| $addrolescos ");
+		print FD @{$all[$i]};
+		close(FD);
+		if ( $? != 0 )
+		{
+			$retCode=$?>>8;
+			if ( $retCode == 68 )
+			{
+				debug("Entry $current already exists, ignore error\n");
+			}
+			else
+			{
+				# Probably a more serious problem.
+				# Exit with LDAP error
+				exit $retCode;
+			}
+		}
+		else
+		{
+			debug("Entry $current created\n");
+		}
+		$i=$i+1;
+	}
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+	# Go through all the roles part of nsdisabledrole to check if the entry
+	# is a member of one of those roles
+	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+	if ( $ret == 0 )
+	{
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			# indirect lock
+			out("$entry already $state through $throughRole.\n");
+		}
+		else
+		{
+			# direct lock
+			out("$entry already $state.\n");
+		}
+		exit 100;
+	}
+	elsif ( $isLocked == 1 )
+	{
+		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+		out("$entry already $state (probably directly).\n");
+		exit 103;
+	}
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+	$skipManaged=$single;
+	$skipDisabled=$role;
+
+	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+	if ( $ret == 0 )
+	{
+		# undirectly locked
+		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+		{
+			if ( $operation eq "activate" )
+			{
+				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
+				exit 100;
+			}
+			else
+			{
+				out("$entry inactivated through $throughRole.\n");
+				exit 104;
+			}
+		}
+		debug("$entry locked individually\n");
+
+		if ( $operation ne "activate" )
+		{
+			out("$entry inactivated.\n");
+			exit 103;
+		}
+	}
+	elsif ( $directLocked == 0 )
+	{
+		if ( $operation eq "activate" && $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 100;
+		}
+		elsif ( $isLocked != 1 )
+		{
+			out("$entry $already $state.\n");
+			exit 102;
+		}
+		else
+		{
+			# not locked using our schema, but nsaccountlock is probably present
+			out("$entry inactivated (probably directly).\n");
+			exit 103;
+		}
+	}
+	elsif ( $operation ne "activate" )
+	{
+		out("$entry inactivated.\n");
+		exit 103;
+	}
+	# else Locked directly, juste unlock it!
+	debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> /dev/null 2>&1";
+if ( $single == 1 )
+{
+	@record=(
+		"dn: $entry\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+	@record=(
+		"dn: cn=nsDisabledRole,@suffixN\n",
+		"changetype: modify\n",
+		"$modrole: nsRoleDN\n",
+		"nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+	$retCode=$?>>8;
+	exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;

ldap/admin/src/scripts/ns-newpwpolicy.pl.in

@@ -0,0 +1,330 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+# enable the use of our bundled perldap with our bundled ldapsdk libraries
+# all of this nonsense can be omitted if the mozldapsdk and perldap are
+# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5)
+$prefix = DSUtil::get_prefix();
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+# Add new password policy specific entries
+
+#############################################################################
+# enable the use of Perldap functions
+require DynaLoader;
+
+use Getopt::Std;
+use Mozilla::LDAP::Conn;
+use Mozilla::LDAP::Utils qw(:all);
+use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API
+
+#############################################################################
+# Default values of the variables
+
+$opt_D = "";
+$opt_p = "";
+$opt_h = "";
+$opt_Z = "";
+$opt_v = 0;
+
+# Variables
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+#############################################################################
+
+sub usage {
+	print (STDERR "ns-newpwpolicy.pl [-Z serverID] [-v] [-D rootdn] { -w password | -j filename } \n");
+	print (STDERR "                  [-p port] [-h host] -U UserDN -S SuffixDN\n\n");
+
+	print (STDERR "Arguments:\n");
+	print (STDERR " -?          - help\n");
+	print (STDERR " -Z serverID - Server instance identifier\n");
+	print (STDERR " -v          - verbose output\n");
+	print (STDERR " -D rootdn   - Directory Manager DN\n");
+	print (STDERR " -w rootpw   - password for the Directory Manager DN\n");
+	print (STDERR " -j filename - Read the Directory Manager's password from file\n");
+	print (STDERR " -p port     - port\n");
+	print (STDERR " -h host     - host name\n");
+	print (STDERR " -U userDN   - User entry DN\n");
+	print (STDERR " -S suffixDN	- Suffix entry DN\n");
+	exit 1;
+}
+
+# Process the command line arguments
+{
+	usage() if (!getopts('vD:w:j:p:h:U:S:Z:'));
+
+	$first = "yes";
+
+    opendir(DIR, "$prefix/etc/sysconfig");
+    @files = readdir(DIR);
+    foreach $file (@files){
+        if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+            $instance_count++;
+            if($file =~ /dirsrv-(.*)/){
+                if($first eq "yes"){
+                    $instances=$1;
+                    $first = "no";
+                } else {
+                    $instances=$instances . ", $1";
+                }
+                $name = $1;
+            }
+        }    
+    }
+        
+    if($opt_Z eq ""){
+        if ($instance_count == 1){
+            $opt_Z = $name;
+        } else {
+            print (STDERR "You must supply a server instance identifier.  Use -Z to specify instance name\n");
+            print "Available instances: $instances\n";
+            exit (1);
+        }
+    } elsif ($opt_Z =~ /^dirsrv-/){
+        # strip off "dirsrv-"
+        $opt_Z =~ s/^dirsrv-//;
+    } elsif ($opt_Z =~ /^slapd-/){
+        # strip off "slapd-"
+        $opt_Z =~ s/^slapd-//;
+    }
+    @info = DSUtil::get_missing_info($prefix, $opt_Z, $instances, $opt_h, $opt_p, $opt_D);
+    
+	if ($opt_j ne ""){
+		die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
+		$opt_w = <RPASS>;
+		chomp($opt_w);
+		close(RPASS);
+	} 
+	
+	usage() if( $opt_w eq "" );
+	if ($opt_U eq "" && $opt_S eq "") {
+		print (STDERR "Please provide at least -S or -U option.\n\n");
+	}
+
+	# Now, check if the user/group exists
+
+	if ($opt_S) {
+		my $esc_opt_S = $opt_S;
+ 		$esc_opt_S =~ s/,/\\,/g;
+ 		$esc_opt_S =~ s/=/\\=/g;
+		print (STDERR "host = $info[0], port = $info[1], suffixDN = \"$opt_S\"\n\n") if $opt_v;
+		@base=(
+			"cn=nsPwPolicyContainer,$opt_S",
+			"cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
+			"cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
+			"cn=nsPwPolicy_cos,$opt_S"
+		);
+
+		$ldapadd="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c -a 2>&1";
+		$modifyCfg="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c 2>&1";
+
+		@container=(
+			"dn: cn=nsPwPolicyContainer,$opt_S\n",
+			"objectclass: top\n",
+			"objectclass: nsContainer\n\n" );
+		@pwpolicy=(
+			"dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+			"objectclass: top\n",
+			"objectclass: ldapsubentry\n",
+			"objectclass: passwordpolicy\n\n" );
+		@template=(
+			"dn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+			"objectclass: top\n",
+			"objectclass: extensibleObject\n",
+			"objectclass: costemplate\n",
+			"objectclass: ldapsubentry\n",
+			"cosPriority: 1\n",
+			"pwdpolicysubentry: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n" );
+		@cos=(
+			"dn: cn=nsPwPolicy_cos,$opt_S\n",
+			"objectclass: top\n",
+			"objectclass: LDAPsubentry\n",
+			"objectclass: cosSuperDefinition\n",
+			"objectclass: cosPointerDefinition\n",
+			"cosTemplateDn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+			"cosAttribute: pwdpolicysubentry default operational-default\n\n" );
+
+		@all=(\@container, \@pwpolicy, \@template, \@cos);
+
+        $i=0;
+
+        foreach $current (@base)
+        {
+			open(FD,"| $ldapadd");
+			print FD @{$all[$i]};
+			close(FD);
+			if ( $? != 0 ) {
+				$retCode=$?>>8;
+				if ( $retCode == 68 ) {
+					print( STDERR "Entry \"$current\" already exists. Please ignore the error\n\n");
+				}
+				else {
+					# Probably a more serious problem.
+					# Exit with LDAP error
+					print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
+					exit $retCode;
+				}
+			}
+			else {
+				print( STDERR "Entry \"$current\" created\n\n") if $opt_v;
+			}
+			$i=$i+1;
+		}
+
+		$modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n";
+		open(FD,"| $modifyCfg ");
+		print(FD $modConfig);
+		close(FD);
+		$retcode = $?;
+		if ( $retcode != 0 ) {
+			print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
+			exit ($retcode);
+		}
+		else {
+			print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
+		}
+	} # end of $opt_S
+
+	if ($opt_U) {
+		my $norm_opt_U = normalizeDN($opt_U);
+		my $esc_opt_U = $norm_opt_U;
+		$esc_opt_U =~ s/,/\\,/g;
+		$esc_opt_U =~ s/=/\\=/g;
+		print (STDERR "host = $info[0], port = $info[1], userDN = \"$norm_opt_U\"\n\n") if $opt_v;
+		$retcode = `$ldapsearch -h $info[0] -p $info[1] -b \"$norm_opt_U\" -s base \"\"`;
+		if ($retcode != 0 ) {
+			print( STDERR "the user entry $norm_opt_U does not exist. Exiting.\n");
+			exit ($retcode);
+		}
+		
+		print( STDERR "the user entry $norm_opt_U found..\n\n") if $opt_v;
+		
+		# Now, get the parentDN 
+		@rdns = ldap_explode_dn($norm_opt_U, 0);
+		shift @rdns;
+		$parentDN = join(',', @rdns);
+
+		print (STDERR "parentDN is $parentDN\n\n") if $opt_v;
+
+		@base=(
+			"cn=nsPwPolicyContainer,$parentDN",
+			"cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"
+		);
+
+		$ldapadd="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c -a 2>&1";
+		$modifyCfg="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c 2>&1";
+
+		@container=(
+			"dn: cn=nsPwPolicyContainer,$parentDN\n",
+			"objectclass: top\n",
+			"objectclass: nsContainer\n\n" );
+		@pwpolicy=(
+			"dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n",
+			"objectclass: top\n",
+			"objectclass: ldapsubentry\n",
+			"objectclass: passwordpolicy\n\n" );
+
+		@all=(\@container, \@pwpolicy);
+
+        $i=0;
+
+        foreach $current (@base)
+        {
+			open(FD,"| $ldapadd ");
+			print FD @{$all[$i]};
+			close(FD);
+			if ( $? != 0 ) {
+				$retCode=$?>>8;
+				if ( $retCode == 68 ) {
+					print( STDERR "Entry $current already exists. Please ignore the error\n\n");
+				}
+				else {
+					# Probably a more serious problem.
+					# Exit with LDAP error
+					print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
+					exit $retCode;
+				}
+			}
+			else {
+				print( STDERR "Entry $current created\n\n") if $opt_v;
+			}
+			$i=$i+1;
+		}
+
+		$target = "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN";
+		$modConfig = "dn: $norm_opt_U\nchangetype: modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n";
+		open(FD,"| $modifyCfg ");
+		print(FD $modConfig);
+		close(FD);
+		$retcode = $?;
+		if ( $retcode != 0 ) {
+			print( STDERR "Error $retcode while modifing $norm_opt_U. Exiting.\n" );
+			exit ($retcode);
+		}
+		else {
+			print( STDERR "Entry \"$norm_opt_U\" modified\n\n") if $opt_v;
+		}
+
+		$modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n";
+		open(FD,"| $modifyCfg ");
+		print(FD $modConfig);
+		close(FD);
+		$retcode = $?;
+		if ( $retcode != 0 ) {
+			print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
+			exit ($retcode);
+		}
+		else {
+			print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
+		}
+	} # end of $opt_U
+}

ldap/admin/src/scripts/remove-ds.pl.in

@@ -12,19 +12,15 @@
 # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
 # Place, Suite 330, Boston, MA 02111-1307 USA.
 # 
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-use lib qw(@perlpath@);
-
 use strict;
 
-use File::Basename;
-use File::Path;
+use lib qw(@perlpath@);
 use Getopt::Long;
-use DSUtil;
 use Resource;
 use DSCreate qw(removeDSInstance);
 
@@ -45,7 +41,7 @@ my $instname = "";
 my $initconfig_dir = "";
 my $all = "";
 
-GetOptions('help|h|?' => sub { &usage; exit(1); },
+GetOptions('help|h|?' => sub { &usage; exit(0); },
            'debug|d+' => \$DSUtil::debuglevel,
            'instance|i=s' => \$instname,
            'initconfig_dir|c=s' => \$initconfig_dir,

ldap/admin/src/scripts/restart-slapd.in

@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Script that restarts the ns-slapd server.
+# Exit status can be:
+#       0: Server restarted successfully
+#       1: Server could not be started
+#       2: Server started successfully (was not running)
+#       3: Server could not be stopped
+
+first="yes"
+args=""
+while getopts "Z:SvVhi:d:w:" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        d) args=$args" -d $OPTARG";;
+        v) args=$args" -v";;
+        V) args=$args" -V";;
+        i) args=$args" -i $OPTARG";;
+        w) args=$args" -w $OPTARG";;
+        S) args=$args" -S";; 
+        h) echo "Usage: restart-slapd [-Z serverID]"
+           exit 0;;
+        ?) echo "Usage: restart-slapd [-Z serverID]"
+           exit 1;;
+    esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: restart-slapd [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+@sbindir@/restart-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+    echo Sucessfully restarted instance $servid
+else
+    echo Failed to restart instance $servid
+fi
+exit $?

ldap/admin/src/scripts/restoreconfig.in

@@ -0,0 +1,101 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+while getopts "Z:h" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        h) echo "Usage: restoreconfig [-Z serverID]"
+           echo "   -Z      - Server instance identifier"
+           exit 0;;
+        ?) echo "Usage: restoreconfig [-Z serverID]"
+           echo "   -Z      - Server instance identifier"
+           exit 1;;
+           
+    esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: restoreconfig [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+conf_ldif=`ls -1t $prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-*.ldif 2>/dev/null | head -1 `
+if [ -z "$conf_ldif" ]
+then
+    echo No configuration to restore in $prefix/var/lib/dirsrv/slapd-$servid/bak/ ; exit 1
+fi
+echo Restoring $conf_ldif...
+./ns-slapd ldif2db -D $configdir -i $conf_ldif -n NetscapeRoot 2>&1
+exit $?

ldap/admin/src/scripts/saveconfig.in

@@ -0,0 +1,101 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+while getopts "Z:h" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        h) echo "Usage: saveconfig [-Z serverID]"
+           echo "   -Z      - Server instance identifier"
+           exit 0;;
+        ?) echo "Usage: saveconfig [-Z serverID]"
+           echo "   -Z      - Server instance identifier"
+           exit 1;;
+    esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: saveconfig [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+echo saving configuration...
+conf_ldif=$prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
+./ns-slapd db2ldif -N -D $configdir -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1
+if [ "$?" -ge 1 ] 
+then
+    echo Error occurred while saving configuration
+    exit 1
+fi
+exit 0

ldap/admin/src/scripts/schema-reload.pl.in

@@ -0,0 +1,206 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+    print(STDERR "        [-d schemadir]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STDERR "     : -Z serverID         - Server instance identifier\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -d schemadir        - Directory where schema files are located\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$schemadir = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-d")
+    {
+        # schemadir
+        $i++; $schemadir = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # server instance identifier
+        $i++; $servid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-h") 
+    { 
+        # help
+        &usage; exit(0);
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "schema_reload_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=schema reload task, cn=tasks, cn=config\n";
+$misc = "objectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+if ( $schemadir ne "" )
+{
+    $schemadir = "schemadir: $schemadir\n";
+}
+$entry = "${dn}${misc}${cn}${schemadir}";
+
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/setup-ds.pl.in

@@ -32,7 +32,7 @@
 # exception. 
 # 
 # 
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #

ldap/admin/src/scripts/start-dirsrv.in

@@ -41,6 +41,7 @@ start_instance() {
     DS_CONFIG_DIR=$CONFIG_DIR
     export DS_CONFIG_DIR
     PIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.pid
+    
     STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
     if test -f $STARTPIDFILE ; then
         PID=`cat $STARTPIDFILE`

ldap/admin/src/scripts/start-slapd.in

@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Script that starts the ns-slapd server.
+# Exit status can be:
+#       0: Server started successfully
+#       1: Server could not be started
+#       2: Server already running
+
+args=""
+while getopts "Z:SvVhi:d:w:" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        d) args=$args" -d $OPTARG";;
+        v) args=$args" -v";;
+        V) args=$args" -V";;
+        i) args=$args" -i $OPTARG";;
+        w) args=$args" -w $OPTARG";;
+        S) args=$args" -S";;
+        h) echo "Usage: start-slapd [-Z serverID]"
+           exit 0;;
+        ?) echo "Usage: start-slapd [-Z serverID]"
+           exit 1;;
+    esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+first="yes"
+if [ -z $servid ]
+then
+    # server id not provided, check if there is only one instance
+    inst_count=0
+    for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+    do
+        if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+        then
+            inst_count=`expr $inst_count + 1`
+            id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+            if  [ $first == "yes" ]
+            then
+                instances=$id
+                first="no"
+            else
+                instances=$instances", $id"
+            fi
+            name=$id
+        fi
+    done 
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: start-slapd [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+@sbindir@/start-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+    echo Sucessfully started instance $servid
+else
+    echo Failed to start instance $servid
+fi
+exit $?

ldap/admin/src/scripts/stop-dirsrv.in

@@ -6,6 +6,11 @@
 #       1: Server could not be stopped
 #       2: Server was not running
 
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
 stop_instance() {
     SERV_ID=$1
 

ldap/admin/src/scripts/stop-slapd.in

@@ -0,0 +1,83 @@
+#!/bin/sh
+
+# Script that stops the ns-slapd server.
+# Exit status can be:
+#       0: Server stopped successfully
+#       1: Server could not be stopped
+#       2: Server was not running
+
+while getopts "Z:SvVhi:d:w:" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        d) args=$args" -d $OPTARG";;
+        v) args=$args" -v";;
+        V) args=$args" -V";;
+        i) args=$args" -i $OPTARG";;
+        w) args=$args" -w $OPTARG";;
+        S) args=$args" -S";;
+        h) echo "Usage: stop-slapd [-Z serverID]"
+           exit 0;;
+        ?) echo "Usage: stop-slapd [-Z serverID]"
+           exit 1;;
+    esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+first="yes"
+if [ -z $servid ]
+then
+    # server id not provided, check if there is only one instance
+    inst_count=0
+    for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+    do
+        if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+        then
+            inst_count=`expr $inst_count + 1`
+            id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+            if  [ $first == "yes" ]
+            then
+                instances=$id
+                first="no"
+            else
+                instances=$instances", $id"
+            fi
+            name=$id
+        fi
+    done 
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: stop-slapd [-Z serverID]"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+
+@sbindir@/stop-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+    echo Sucessfully stopped instance $servid
+else
+    echo Failed to stop instance $servid
+fi
+
+exit $?

ldap/admin/src/scripts/suffix2instance.in

@@ -0,0 +1,104 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:s:h" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        s) args=$args" -s $OPTARG";;
+        h) echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+           exit 0;;
+        ?) echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+           exit 1;;
+    esac
+done
+
+if [ "$args" == "" ]
+then
+    echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+    exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 2 ]
+then
+	echo Usage: suffix2instance [-Z serverID] {-s includesuffix}*
+	exit 1
+fi
+
+./ns-slapd suffix2instance -D $configdir $args 2>&1

ldap/admin/src/scripts/syntax-validate.pl.in

@@ -0,0 +1,216 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n");
+    print(STDERR "        -b baseDN [-f filter]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager.\n");
+    print(STDERR "     : -w password         - Directory Manager's password.\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password.\n");
+    print(STDERR "     : -Z serverID         - Server instance identifier.\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file.\n");
+    print(STDERR "     : -b baseDN           - Base DN that contains entries to validate.\n");
+    print(STDERR "     : -f filter           - Filter for entries to validate.\n");
+    print(STDERR "                             If omitted, all entries under the specified\n");
+    print(STDERR "                             base will have their attribute values\n");
+    print(STDERR "                             validated.\n");
+    print(STDERR "     : -v                  - Verbose.\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn_arg = "";
+$filter_arg = "";
+$filter = "";
+$first = "yes";
+$verbose = 0;
+$prefix = DSUtil::get_prefix();
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-b")
+    {
+        # base DN
+        $i++; $basedn_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-f")
+    {    
+        # filter 
+        $i++; $filter_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # Server instance identifier
+        $i++; $servid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-h") 
+    { 
+        # help
+        &usage; exit(0);
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn_arg eq "" ) 
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+$basedn = "basedn: $basedn_arg\n";
+
+if ( $filter_arg ne "" )
+{
+    $filter = "filter: $filter_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/template-bak2db.in

@@ -1,61 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-if [ $# -lt 1 ] || [ $# -gt 6 ]
-then
-    echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
-    exit 1
-elif [ "$1" = "-h" ]
-then
-    echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
-    exit 0
-else
-    archivedir=$1
-    shift
-fi
-benameopt=""
-dlevel=0
-quiet=0
-while getopts "hn:qd:" flag
-do
-    case $flag in
-        h) echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
-           exit 1;;
-        n) benameopt="-n $OPTARG";;
-        q) quiet=1;;
-        d) dlevel=$OPTARG;;
-    esac
-done
-
-if [ 1 = `expr $archivedir : "\/"` ]
-then
-    archivedir=$archivedir
-else
-    # relative
-    archivedir=`pwd`/$archivedir
-fi
-
 cd {{SERVERBIN-DIR}}
-if [ $quiet -eq 0 ]; then
-    ./ns-slapd archive2db -D {{CONFIG-DIR}} -a $archivedir $benameopt -d $dlevel
-else
-    ./ns-slapd archive2db -D {{CONFIG-DIR}} -a $archivedir $benameopt -d $dlevel -q
-fi
+./bak2db "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-bak2db.pl.in

@@ -34,116 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-	print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-	print(STDERR "     :    -a dirname [-t dbtype]\n");
-	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
-	print(STDERR "     : -w password - Directory Manager's password\n");
-	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
-	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
-	print(STDERR "     : -a dirname  - backup directory\n");
-	print(STDERR "     : -t dbtype   - database type (default: ldbm database)\n");
-	print(STDERR "     : -n backend  - name of backend instance to restore\n");
-	print(STDERR "     : -v          - verbose\n");
-}
-$taskname = "";
-$archivedir = "";
-$dbtype = "ldbm database";
-$instance = "";
-$prefix = "{{DS-ROOT}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
 while ($i <= $#ARGV) {
-	if ("$ARGV[$i]" eq "-a") {	# backup directory
-		$i++; $archivedir = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
-		$i++; $rootdn = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
-		$i++; $passwd = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
-		$i++; $passwdfile = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-t") {	# database type
-		$i++; $dbtype = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-n") {	# backend instance name
-		$i++; $instance = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
-		$verbose = 1;
-	} else {
-		&usage; exit(1);
-	}
-	$i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $passwdfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$passwd = <RPASS>;
-	chomp($passwd);
-	close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "restore_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-if ($archivedir eq "") {
-	&usage; exit(1);
-}
-use File::Spec;
-$isabs = File::Spec->file_name_is_absolute( $archivedir );
-if (!$isabs) {
-    $archivedir = File::Spec->rel2abs( $archivedir );
-}
-$dn = "dn: cn=$taskname, cn=restore, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-if ($instance ne "") {
-	$nsinstance = "nsInstance: ${instance}\n";
-}
-$nsarchivedir = "nsArchiveDir: $archivedir\n";
-$nsdbtype = "nsDatabaseType: $dbtype\n";
-$entry = "${dn}${misc}${cn}${nsinstance}${nsarchivedir}${nsdbtype}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-cleanallruv.pl.in

@@ -34,153 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2012 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        [-b basedn | -r rid | -A]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -b basedn           - DN of the replica root you want to clean\n");
-    print(STDERR "     : -r rid              - The replica id that you want to clean\n");
-    print(STDERR "     : -A                  - Abort an existing cleanallruv task(must use with -b and -r args\n");
-    print(STDERR "     : -v                  - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn = "";
-$rid = "";
-$abort = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-b")
-    {
-        # Base DN
-        $i++; $basedn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-r")
-    {
-        # rid
-        $i++; $rid = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-A")
-    {
-        # abort
-        $abort = "yes";
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-    print "Bind Password: ";
-    # Disable console echo
-    system("@sttyexec@ -echo") if -t STDIN;
-    # read the answer
-    $passwd = <STDIN>;
-    # Enable console echo
-    system("@sttyexec@ echo") if -t STDIN;
-    print "\n";
-    chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn eq "" || $rid eq "") 
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-
-if($abort eq ""){
-    # Build the task entry to add
-    $taskname = "cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-    $dn = "dn: cn=$taskname, cn=cleanallruv, cn=tasks, cn=config\n";
-} else {
-    $taskname = "abort_cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-    $dn = "dn: cn=$taskname, cn=abort cleanallruv, cn=tasks, cn=config\n";
-}    
-$misc =   "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =     "cn: $taskname\n";
-$basedn = "replica-base-dn: $basedn\n";
-$rid =    "replica-id: $rid\n";
-
-
-$entry = "${dn}${misc}${cn}${basedn}${rid}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
 
+exec "{{SERVERBIN-DIR}}/cleanallruv.pl @wrapperArgs -Z {{SERV-ID}}"

ldap/admin/src/scripts/template-db2bak.in

@@ -1,55 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-if [ $# -gt 4 ]
-then
-    echo "Usage: db2bak [archivedir] [-q] [-h]"
-    exit 1
-fi
-
-bak_dir={{BAK-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H_%M_%S`
-dlevel=0
-quiet=0
 cd {{SERVERBIN-DIR}}
-if [ "$#" -gt 0 ]
-then
-  if [ "$1" != "-q" ] && [ "$1" != "-d" ] && [ "$1" != "-h" ]
-  then
-    bak_dir=$1
-    shift
-  fi
-  while getopts "hqd:" flag
-  do
-    case $flag in
-        h) echo "Usage: db2bak [archivedir] [-q] [-h]"
-           exit 0;;
-        q) quiet=1;;
-        d) dlevel=$OPTARG;;
-    esac
-  done
-fi
-
-echo "Back up directory: $bak_dir"
-if [ $quiet -eq 0 ]; then
-    ./ns-slapd db2archive -D {{CONFIG-DIR}} -a $bak_dir -d $dlevel
-else
-    ./ns-slapd db2archive -D {{CONFIG-DIR}} -a $bak_dir -d $dlevel -q
-fi
+./db2bak "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-db2bak.pl.in

@@ -34,106 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-	print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-	print(STDERR "          [-a dirname] [-t dbtype]\n");
-	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
-	print(STDERR "     : -w password - Directory Manager's password\n");
-	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
-	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
-	print(STDERR "     : -a dirname  - backup directory\n");
-	print(STDERR "     : -t dbtype   - database type (default: ldbm database)\n");
-	print(STDERR "     : -v          - verbose\n");
-}
-$taskname = "";
-$archivedir = "";
-$dbtype = "ldbm database";
-$prefix = "{{DS-ROOT}}";
-$mybakdir = "{{BAK-DIR}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
 while ($i <= $#ARGV) {
-	if ("$ARGV[$i]" eq "-a") {	# backup directory
-		$i++; $archivedir = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
-		$i++; $rootdn = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
-		$i++; $passwd = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
-		$i++; $passwdfile = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-t") {	# database type
-		$i++; $dbtype = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
-		$verbose = 1;
-	} else {
-		&usage; exit(1);
-	}
-	$i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $passwdfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$passwd = <RPASS>;
-	chomp($passwd);
-	close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-if ($archivedir eq "") {
-	$archivedir = "${mybakdir}{{SEP}}{{SERV-ID}}-${yr}_${mn}_${dy}_${h}_${m}_${s}";
-}
-$dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$nsarchivedir = "nsArchiveDir: $archivedir\n";
-$nsdbtype = "nsDatabaseType: $dbtype\n";
-$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-print("Back up directory: $archivedir\n");
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-db2index.in

@@ -1,33 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-if [ $# -eq 0 ]
-then
-	bak_dir={{BAK-DIR}}/reindex_`date +%Y_%m_%d_%H_%M_%S`
-	./ns-slapd upgradedb -D {{CONFIG-DIR}} -f -a "$bak_dir"
-elif [ $# -lt 2 ]
-then
-	echo "Usage: db2index [-n backend_instance | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]"
-	exit 1
-else
-	./ns-slapd db2index -D {{CONFIG-DIR}} "$@"
-fi
-
+./db2index "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-db2index.pl.in

@@ -34,191 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-use Getopt::Std;
-
-$opt_D = "{{ROOT-DN}}";
-$opt_p = "{{SERVER-PORT}}";
-$opt_h = "{{SERVER-NAME}}";
-$opt_v = 0;
-
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        -n instance [-t attributeName[:indextypes[:matchingrules]]]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -n instance         - instance to be indexed\n");
-    print(STDERR "     : -t attributeName[:indextypes[:matchingrules]]\n");
-    print(STDERR "                           - attributeName: name of the attribute to be indexed\n");
-    print(STDERR "                             If omitted, all the indexes defined \n");
-    print(STDERR "                             for that instance are generated.\n");
-    print(STDERR "                           - indextypes: comma separated index types\n");
-    print(STDERR "                           - matchingrules: comma separated matrules\n");
-    print(STDERR "                           Example: -t foo:eq,pres\n");
-    print(STDERR "     : -T vlvAttributeName - vlvAttributeName: name of the vlv attribute to be indexed\n");
-    print(STDERR "     : -v                  - verbose\n");
-
-    exit 1;
-}
-
-$instance = "";
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$attribute_arg = "";
-$vlvattribute_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-usage() if (!getopts('n:D:w:T:t:j:v'));
-
-if ($opt_j ne ""){
-    die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
-    $opt_w = <RPASS>;
-    chomp($opt_w);
-    close(RPASS);
-}
-
-usage() if( $opt_w eq "" );
-usage() if( $#ARGV ge 0 );
-
-$instance = $opt_n;
-$rootdn = $opt_D;
-$passwd = $opt_w;
-$attribute_arg = $opt_t;
-$vlvattribute_arg = $opt_T;
-$verbose = $opt_v;
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-    print "Bind Password: ";
-    # Disable console echo
-    system("@sttyexec@ -echo") if -t STDIN;
-    # read the answer
-    $passwd = <STDIN>;
-    # Enable console echo
-    system("@sttyexec@ echo") if -t STDIN;
-    print "\n";
-    chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" ) 
-{ 
-    &usage; 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-if ( $instance eq "" )
-{
-    &usage;
-}
-
-# No attribute name has been specified: let's get them from the configuration
-$attribute="";
-$indexes_list="";
-$vlvattribute="";
-$vlvindexes_list="";
-chdir("$prefix{{SEP}}usr{{SEP}}bin");
-if ( $attribute_arg eq "" && $vlvattribute_arg eq "" )
-{
-    # Get the list of indexes from the entry
-    $indexes_list="ldapsearch @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s one " .
-    "-b \"cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"(&(objectclass=*)(nsSystemIndex=false))\" cn";
-    # build the values of the attribute nsIndexAttribute
-    open(LDAP1, "$indexes_list |");
-    while (<LDAP1>) {
-        s/\n //g;
-        if (/^cn: (.*)\n/) {
-            $IndexAttribute="nsIndexAttribute";
-            $attribute="$attribute$IndexAttribute: $1\n";
-        }
-    }
-    close(LDAP1);
-    if ( $attribute eq "" )
-    {
-        # No attribute to index, just exit
-        exit(0);
-    }
-
-    # Get the list of indexes from the entry
-    $vlvindexes_list="ldapsearch @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn";
-
-    # build the values of the attribute nsIndexVlvAttribute
-    open(LDAP1, "$vlvindexes_list |");
-    while (<LDAP1>) {
-        s/\n //g;
-        if (/^cn: (.*)\n/) {
-            $vlvIndexAttribute="nsIndexVlvAttribute";
-            $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n";
-        }
-    }
-    close(LDAP1);
-}
-else
-{
-    if ( $attribute_arg ne "" )
-    {
-        $attribute="nsIndexAttribute: $attribute_arg\n";
-    }
-    if ( $vlvattribute_arg ne "" )
-    {
-        $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n";
-    }
-}
-
-# Build the task entry to add
-
-$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-$nsinstance = "nsInstance: ${instance}\n";
-
-$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-db2ldif.in

@@ -1,86 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-make_ldiffile()
-{
-    be=""
-    while [ "$1" != "" ]
-    do
-        if [ "$1" = "-a" ]; then
-            shift
-            echo $1
-            return 1
-        elif [ "$1" = "-n" ]; then
-            shift
-            if [ "$be" = "" ]; then
-                be="$1"
-            else
-                tmpbe="$be"
-                be="${tmpbe}-$1"
-            fi
-        elif [ "$1" = "-s" ]; then
-            shift
-            if [ "$1" != "" ]; then
-                rdn=`echo $1 | awk -F, '{print $1}'`
-                rdnval=`echo $rdn | awk -F= '{print $2}'`
-                if [ "$be" = "" ]; then
-                    be="$rdnval"
-                else
-                    tmpbe="$be"
-                    be="${tmpbe}-$rdnval"
-                fi
-            fi
-        elif [ "$1" = "-M" ]; then
-            be=""
-        fi
-        if [ "$1" != "" ]; then
-            shift
-        fi
-    done
-
-    if [ "$be" = "" ]; then
-        echo {{LDIF-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif
-    else
-        echo {{LDIF-DIR}}/{{SERV-ID}}-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
-    fi
-    return 0
-}
-
 cd {{SERVERBIN-DIR}}
-if [ "$#" -lt 2 ];
-then
-    echo "Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*"
-    echo "               [{-x excludesuffix}*] [-a outputfile]"
-    echo "               [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
-    echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
-    exit 1
-fi
-
-ldif_file=`make_ldiffile $@`
-rn=$?
-
-echo "Exported ldif file: $ldif_file"
-if [ $rn -eq 1 ]
-then
-./ns-slapd db2ldif -D {{CONFIG-DIR}} "$@"
-else
-./ns-slapd db2ldif -D {{CONFIG-DIR}} -a $ldif_file "$@"
-fi
+./db2ldif "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-db2ldif.pl.in

@@ -34,250 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-	print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-	print(STDERR "        {-n instance}* | {-s include}* [{-x exclude}*] \n");
-	print(STDERR "        [-m] [-M] [-u] [-C] [-N] [-U] [-a filename]\n");
-	print(STDERR " Opts: -D rootdn   - Directory Manager\n");
-	print(STDERR "     : -w password - Directory Manager's password\n");
-	print(STDERR "     : -w -        - Prompt for Directory Manager's password\n");
-	print(STDERR "     : -j filename - Read Directory Manager's password from file\n");
-	print(STDERR "     : -n instance - instance to be exported\n");
-	print(STDERR "     : -a filename - output ldif file\n");
-	print(STDERR "     : -s include  - included suffix(es)\n");
-	print(STDERR "     : -x exclude  - excluded suffix(es)\n");
-	print(STDERR "     : -m          - minimal base64 encoding\n");
-	print(STDERR "     : -M          - output ldif is stored in multiple files\n");
-	print(STDERR "                     these files are named : <instance>_<filename>\n");
-	print(STDERR "                     by default, all instances are stored in <filename>\n");
-	print(STDERR "     : -r          - export replica\n");
-	print(STDERR "     : -u          - do not export unique id\n");
-	print(STDERR "     : -C          - use main db file only\n");
-	print(STDERR "     : -N          - suppress printing sequential number\n");
-	print(STDERR "     : -U          - output ldif is not folded\n");
-	print(STDERR "     : -E          - Decrypt encrypted data when exporting\n");
-	print(STDERR "     : -1          - do not print version line\n");
-	print(STDERR "     : -v          - verbose\n");
-}
-
-@instances = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-@included = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-@excluded = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-$maxidx = 50;
-$nowrap = 0;
-$nobase64 = 0;
-$noversion = 0;
-$nouniqueid = 0;
-$useid2entry = 0;
-$onefile = 1;
-$printkey = 1;
-$taskname = "";
-$ldiffile = "";
-$doreplica = 0;
-$prefix = "{{DS-ROOT}}";
-$ldifdir = "{{LDIF-DIR}}";
-$servid = "{{SERV-ID}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
-$insti = 0;
-$incli = 0;
-$excli = 0;
-$decrypt_on_export = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
 while ($i <= $#ARGV) {
-	if ( "$ARGV[$i]" eq "-n" ) {	# instances
-		$i++;
-		if ($insti < $maxidx) {
-			$instances[$insti] = $ARGV[$i]; $insti++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-s") {	# included suffix
-		$i++;
-		if ($incli < $maxidx) {
-			$included[$incli] = $ARGV[$i]; $incli++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-x") {	# excluded suffix
-		$i++;
-		if ($excli < $maxidx) {
-			$excluded[$excli] = $ARGV[$i]; $excli++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-a") {	# ldif file
-		$i++; $ldiffile = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
-		$i++; $rootdn = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
-		$i++; $passwd = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
-		$i++; $passwdfile = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-M") {	# multiple ldif file
-		$onefile = 0;
-	} elsif ("$ARGV[$i]" eq "-o") {	# one ldif file
-		$onefile = 1;
-	} elsif ("$ARGV[$i]" eq "-u") {	# no dump unique id
-		$nouniqueid = 1;
-	} elsif ("$ARGV[$i]" eq "-C") {	# use id2entry
-		$useid2entry = 1;
-	} elsif ("$ARGV[$i]" eq "-N") {	# does not print key
-		$printkey = 0;
-	} elsif ("$ARGV[$i]" eq "-r") {	# export replica
-		$doreplica = 1;
-	} elsif ("$ARGV[$i]" eq "-m") {	# no base64
-		$nobase64 = 1;
-	} elsif ("$ARGV[$i]" eq "-U") {	# no wrap
-		$nowrap = 1;
-	} elsif ("$ARGV[$i]" eq "-1") {	# no version line
-		$noversion = 1;
-	} elsif ("$ARGV[$i]" eq "-E") {	# decrypt
-		$decrypt_on_export = 1;
-	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
-		$verbose = 1;
-	} else {
-		&usage; exit(1);
-	}
-	$i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $passwdfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$passwd = <RPASS>;
-	chomp($passwd);
-	close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-if (($instances[0] eq "" && $included[0] eq "") || $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-$dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-$i = 0;
-$be = "";
-$nsinstance = "";
-while ("" ne "$instances[$i]") {
-	$nsinstance = "${nsinstance}nsInstance: $instances[$i]\n";
-	if ( "" eq "$be" ) {
-		$be = "$instances[$i]";
-	} else {
-		$be = "${be}-$instances[$i]";
-	}
-	$i++;
-}
-$i = 0;
-$nsincluded = "";
-while ("" ne "$included[$i]") {
-	$nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
-	my ($rdn, $rest) = split(/,/, $included[$i]);
-	my ($rest, $tmpbe) = split(/=/, $rdn);
-	if ( "" eq "$be" ) {
-		$be = "$tmpbe";
-	} else {
-		$be = "${be}-$tmpbe";
-	}
-	$i++;
-}
-$i = 0;
-$nsexcluded = "";
-while ("" ne "$excluded[$i]") {
-	$nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
-	$i++;
-}
-if ($ldiffile eq "") {
-	if ($onefile == 0) {
-		$ldiffile = "${ldifdir}{{SEP}}${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
-	} else {
-		$ldiffile = "${ldifdir}{{SEP}}${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
-	}
-}
-$nsreplica = "";
-if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; }
-$nsnobase64 = "";
-if ($nobase64 != 0) { $nsnobase64 = "nsMinimalEncoding: true\n"; }
-$nsnowrap = "";
-if ($nowrap != 0) { $nsnowrap = "nsNoWrap: true\n"; }
-$nsnoversion = "";
-if ($noversion != 0) { $nsnoversion = "nsNoVersionLine: true\n"; }
-$nsnouniqueid = "";
-if ($nouniqueid != 0) { $nsnouniqueid = "nsDumpUniqId: false\n"; }
-$nsuseid2entry = "";
-if ($useid2entry != 0) { $nsuseid2entry = "nsUseId2Entry: true\n"; }
-$nsonefile = "";
-if ($onefile != 0) { $nsonefile = "nsUseOneFile: true\n"; }
-if ($onefile == 0) { $nsonefile = "nsUseOneFile: false\n"; }
-$nsexportdecrypt = "";
-if ($decrypt_on_export != 0) { $nsexportdecrypt = "nsExportDecrypt: true\n"; }
-$nsprintkey = "";
-if ($printkey == 0) { $nsprintkey = "nsPrintKey: false\n"; }
-$nsldiffile = "nsFilename: ${ldiffile}\n";
-$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsreplica}${nsnobase64}${nsnowrap}${nsnoversion}${nsnouniqueid}${nsuseid2entry}${nsonefile}${nsexportdecrypt}${nsprintkey}${nsldiffile}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-print("Exporting to ldif file: ${ldiffile}\n");
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/db2ldif.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-dbverify.in

@@ -1,49 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-args=""
-while [ "$1" != "" ]
-do
-    if [ "$1" = "-n" ]; then
-        args=$args" "$1
-        shift
-        args=$args" "$1
-    elif [ "$1" = "-V" ]; then
-        args=$args" "$1
-    else
-        echo "Usage: dbverify [-n backend_instance] [-V]"
-        echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
-        echo "  -V : verbose"
-        exit 1
-    fi
-    shift
-done
-
-
 cd {{SERVERBIN-DIR}}
-./ns-slapd dbverify -D {{CONFIG-DIR}} $args
-if [ $? -eq 0 ]; then
-    echo "DB verify: Passed"
-    exit 0
-else
-    echo "DB verify: Failed"
-    exit 1
-fi
+./dbverify "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-dn2rdn.in

@@ -1,23 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-bak_dir={{BAK-DIR}}/reindex_`date +%Y_%m_%d_%H_%M_%S`
-./ns-slapd upgradedb -D {{CONFIG-DIR}} -r -a "$bak_dir" "$@"
+./dn2rdn "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in

@@ -34,136 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        [-l linkDN]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -l linkDN           - DN of link config entry that you want to fix\n");
-    print(STDERR "                             up the links for.  If omitted, all configured\n");
-    print(STDERR "                             linked attributes will be fixed up.\n");
-    print(STDERR "     : -v                  - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$linkdn_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-l")
-    {
-        # link DN
-        $i++; $linkdn_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" ) 
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "linked_attrs_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=fixup linked attributes, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-if ($linkdn_arg ne "")
-{
-    $linkdn = "linkdn: $linkdn_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${linkdn}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/fixup-linkedattrs.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-fixup-memberof.pl.in

@@ -34,147 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2008 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        -b baseDN [-f filter]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -b baseDN           - Base DN that contains entries to fix up.\n");
-    print(STDERR "     : -f filter           - Filter for entries to fix up\n");
-    print(STDERR "                             If omitted, all entries under the specified\n");
-    print(STDERR "                             base will have their memberOf attribute\n");
-    print(STDERR "                             regenerated.\n");
-    print(STDERR "     : -v                  - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn_arg = "";
-$filter_arg = "";
-$filter = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-b")
-    {
-        # base DN
-        $i++; $basedn_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-f")
-    {    
-        # filter 
-        $i++; $filter_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" ) 
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "memberOf_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=memberOf task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-$basedn = "basedn: $basedn_arg\n";
-
-if ( $filter_arg ne "" )
-{
-    $filter = "filter: $filter_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${filter}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/fixup-memberof.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-ldif2db.in

@@ -1,58 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-usage()
-{
-    echo "Usage: ldif2db -n backend_instance | {-s includesuffix}* [{-x excludesuffix}*]"
-    echo "               {-i ldiffile}* [-O] [-q]"
-    echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" and \"-i ldiffile\" are required."
-}
-
-handleopts()
-{
-    while [ "$1" != "" ]
-    do
-        if [ "$1" = "-q" ]; then
-            return 1
-        elif [ "$1" = "-h" ]; then
-            usage
-            exit 1
-        fi
-        shift
-    done
-    return 0
-}
-
 cd {{SERVERBIN-DIR}}
-if [ $# -lt 4 ]
-then
-    usage
-    exit 1
-fi
-
-handleopts $@
-quiet=$?
-
-if [ $quiet -eq 0 ]; then
-    echo importing data ...
-fi
-./ns-slapd ldif2db -D {{CONFIG-DIR}} "$@" 2>&1
+./ldif2db "$@" -Z {{SERV-ID}}
 exit $?

ldap/admin/src/scripts/template-ldif2db.pl.in

@@ -34,208 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-	print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-	print(STDERR "        -n instance | {-s include}* [{-x exclude}*] [-O] [-c]\n");
-	print(STDERR "        [-g [string]] [-G namespace_id] {-i filename}*\n");
-	print(STDERR " Opts: -D rootdn     - Directory Manager\n");
-	print(STDERR "     : -w password   - Directory Manager's password\n");
-	print(STDERR "     : -w -          - Prompt for Directory Manager's password\n");
-	print(STDERR "     : -j filename   - Read Directory Manager's password from file\n");
-	print(STDERR "     : -n instance   - instance to be imported to\n");
-	print(STDERR "     : -i filename   - input ldif file(s)\n");
-	print(STDERR "     : -s include    - included suffix\n");
-	print(STDERR "     : -x exclude    - excluded suffix(es)\n");
-	print(STDERR "     : -O            - only create core db, no attr indexes\n");
-	print(STDERR "     : -c size       - merge chunk size\n");
-	print(STDERR "     : -g [string]   - string is \"none\" or \"deterministic\"\n");
-	print(STDERR "     :          none - unique id is not generated\n");
-	print(STDERR "     : deterministic - generate name based unique id (-G name)\n");
-	print(STDERR "     :    by default - generate time based unique id\n");
-	print(STDERR "     : -G name       - namespace id for name based uniqueid (-g deterministic)\n");
-	print(STDERR "     : -E            - Encrypt data when importing\n");
-	print(STDERR "     : -v            - verbose\n");
-}
-
-@ldiffiles = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-@included = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-@excluded = (
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	"", "", "", "", "", "", "", "", "", "",
-	""
-);
-$maxidx = 50;
-$instance = "";
-$noattrindexes = 0;
-$mergechunksiz = 0;
-$genuniqid = "time";
-$uniqidname = "";
-$taskname = "";
-$prefix = "{{DS-ROOT}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
-$ldifi = 0;
-$incli = 0;
-$excli = 0;
-$encrypt_on_import = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
 while ($i <= $#ARGV) {
-	if ( "$ARGV[$i]" eq "-i" ) {	# ldiffiles
-		$i++;
-		if ($ldifi < $maxidx) {
-			$ldiffiles[$ldifi] = $ARGV[$i]; $ldifi++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-s") {	# included suffix
-		$i++;
-		if ($incli < $maxidx) {
-			$included[$incli] = $ARGV[$i]; $incli++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-x") {	# excluded suffix
-		$i++;
-		if ($excli < $maxidx) {
-			$excluded[$excli] = $ARGV[$i]; $excli++;
-		} else {
-			&usage; exit(1);
-		}
-	} elsif ("$ARGV[$i]" eq "-n") {	# instance
-		$i++; $instance = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-D") {	# Directory Manager
-		$i++; $rootdn = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-w") {	# Directory Manager's password
-		$i++; $passwd = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
-		$i++; $passwdfile = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-O") {	# no attr indexes
-		$noattrindexes = 1;
-	} elsif ("$ARGV[$i]" eq "-c") {	# merge chunk size
-		$i++; $mergechunksiz = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-g") {	# generate uniqueid
-		if (("$ARGV[$i+1]" ne "") && !("$ARGV[$i+1]" =~ /^-/)) {
-			$i++;
-			if ("$ARGV[$i]" eq "none") {
-				$genuniqid = $ARGV[$i];
-			} elsif ("$ARGV[$i]" eq "deterministic") {
-				$genuniqid = $ARGV[$i];
-			}
-		}
-	} elsif ("$ARGV[$i]" eq "-G") {	# namespace id
-		$i++; $uniqidname = $ARGV[$i];
-	} elsif ("$ARGV[$i]" eq "-v") {	# verbose
-		$verbose = 1;
-	} elsif ("$ARGV[$i]" eq "-E") {	# encrypt on import
-		$encrypt_on_import = 1;
-	} else {
-		&usage; exit(1);
-	}
-	$i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $passwdfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$passwd = <RPASS>;
-	chomp($passwd);
-	close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" || $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "import_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-$dn = "dn: cn=$taskname, cn=import, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-if ($instance ne "") {
-	$nsinstance = "nsInstance: ${instance}\n";
-}
-$i = 0;
-$nsldiffiles = "";
-while ("" ne "$ldiffiles[$i]") {
-	$nsldiffiles = "${nsldiffiles}nsFilename: $ldiffiles[$i]\n";
-	$i++;
-}
-$i = 0;
-$nsincluded = "";
-while ("" ne "$included[$i]") {
-	$nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
-	$i++;
-}
-$i = 0;
-$nsexcluded = "";
-while ("" ne "$excluded[$i]") {
-	$nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
-	$i++;
-}
-$nsnoattrindexes = "";
-if ($noattrindexes != 0) { $nsnoattrindexes = "nsImportIndexAttrs: false\n"; }
-$nsimportencrypt = "";
-if ($encrypt_on_import != 0) { $nsimportencrypt = "nsImportEncrypt: true\n"; }
-$nsmergechunksiz = "nsImportChunkSize: ${mergechunksiz}\n"; 
-$nsgenuniqid = "nsUniqueIdGenerator: ${genuniqid}\n"; 
-$nsuniqidname = "";
-if ($uniqidname ne "") { $nsuniqidname = "nsUniqueIdGeneratorNamespace: ${uniqidname}\n"; }
-$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsldiffiles}${nsnoattrindexes}${nsimportencrypt}${nsmergechunksiz}${nsgenuniqid}${nsuniqidname}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-ldif2ldap.in

@@ -1,25 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix@ldapsdk_libdir@"
-libpath_add "@ldapsdk_libdir@"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-PATH=$prefix@ldaptool_bindir@:@ldaptool_bindir@
-
-ldapmodify @ldaptool_opts@ -a -p {{SERVER-PORT}} -D "$1" -w "$2" -f $3
+cd {{SERVERBIN-DIR}}
+./ldif2ldap "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-monitor.in

@@ -1,24 +1,5 @@
 #!/bin/sh
 
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix@ldapsdk_libdir@"
-libpath_add "@ldapsdk_libdir@"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-PATH=$prefix@ldaptool_bindir@:@ldaptool_bindir@
-
-if [ "x$1" != "x" ];
-then MDN="$1";
-else MDN="cn=monitor";
- fi
-ldapsearch @ldaptool_opts@ -p {{SERVER-PORT}} -b "$MDN" -s base "objectClass=*"
+cd {{SERVERBIN-DIR}}
+./monitor "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-ns-accountstatus.pl.in

@@ -34,828 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
-	print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
-	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
-	print (STDERR "May be used to $operation a user or a domain of users\n\n");
-	print (STDERR "Arguments:\n");
-	print (STDERR "          -?                   - help\n");
-	print (STDERR "          -D rootdn            - Provide a Directory Manager DN. Default= '$defrootdn'\n");
-	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
-	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
-	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
-	print (STDERR "          -p port              - Provide a port. Default= '$defport'\n");
-	print (STDERR "          -h host              - Provide a host name. Default= '$defhost'\n");
-	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
-	exit 100;
-}
-
-sub debug
-{
-#	print " ==> @_";
-}
-
-sub out
-{
-	print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# 	* it is the same as the entry
-# 	* the entry is member of role (==has nsroledn attributes), compare each of
-#		them with the nsroledn of nsdisabledrole
-#	* if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
-	# For recursivity, file handler must be local
-	my $L_filehandle=$_[0];
-	$L_filehandle++;
-
-	my $L_entry=$_[1];
-	# Remove useless space
-    my @L_intern=split /([,])/,$L_entry;
-    my $L_result="";
-    foreach $L_part (@L_intern)
-    {
-        $L_part=~s/^ +//;
-        $L_part=~ tr/A-Z/a-z/;
-        $L_result="$L_result$L_part";
-    }
-    $L_entry=$L_result;
-
-	my $L_base=$_[2];
-	
-	my $L_search;
-	my $L_currentrole;
-	my $L_retCode;
-
-	my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> {{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
-    $retCode=$?>>8;
-    return 1;
-}
-
-	# Check if the role is a nested role
-	@L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
-	# L_isNested == 1 means that we are going through a nested role, so for each member of that
-	# nested role, check that the member is below the scope of the nested
-	$L_isNested=@L_Nested;
-
-	# Not Direct Lock, Go through roles if any
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
-
-	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
-
-	unless (open ($L_filehandle, "$L_search |")) 
-	{
-		out("Can't open file $L_filehandle\n");
-		exit;
-	}
-	while (<$L_filehandle>) {
-
-		s/\n //g;
-		if (/^nsroledn: (.*)\n/) {
-			$L_currentrole = $1;
-
-			# Remove useless space
-			my @L_intern=split /([,])/,$L_currentrole;
-			my $L_result="";
-			foreach $L_part (@L_intern)
-			{
-				$L_part=~s/^ +//;
-				$L_part=~ tr/A-Z/a-z/;
-				$L_result="$L_result$L_part";
-			}
-			$L_currentrole=$L_result;
-
-			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
-			if ( $L_isNested == 1 )
-			{
-				if ( checkScope($L_currentrole, $L_base) == 0 )
-				{
-					# Scope problem probably a bad conf, skip the currentrole
-					next;	
-				}
-			}
-
-			if ( $L_currentrole eq $L_entry )
-			{
-				# the entry is a role that is directly locked
-				# i.e, nsroledn of nsdisabledrole contains the entry
-				$throughRole=$L_base;
-				$throughRole=~ tr/A-Z/a-z/;
-
-				# skipDisabled means that we've just found that the entry (which is a role)
-				# is locked directly (==its DN is part of nsroledn attributes)
-				# we just want to know now, if it is locked through another role
-				# at least, one
-				if ( $skipDisabled == 1 )
-				{
-					# direct inactivation
-					$directLocked=1;
-					# just go through that test once
-					$skipDisabled=0;
-					next;
-				}
-				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			$L_retCode=memberOf($L_currentrole, $L_entry);
-			if ( $L_retCode == 0 && $single == 1 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				if ( $skipManaged == 1 )
-				{
-					if ( $L_currentrole eq $nsManagedDisabledRole)
-					{
-						# Try next nsroledn
-						$directLocked=1;
-						$skipManaged=0;
-						next;
-					}
-				} 
-				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			# Only for the first iteration
-			# the first iteration is with nsdisabledrole as base, other
-			# loops are deeper
-			$L_local=$skipDisabled;
-			$skipDisabled=0;
-	
-			# the current nsroledn may be a complex role, just go through
-			# its won nsroledn
-			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
-			# Because of recursivity, to keep the initial value for the first level
-			$skipDisabled=$L_local;
-
-			if ( $L_retCode == 0 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
-				return 0;
-			}
-		}
-	}
-
-	close($L_filehandle);
-
-	debug("\t<--indirectLock: no more nsroledn to process\n");
-	return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
-	my $L_nsroledn=$_[0];
-	$L_nsroledn=~ tr/A-Z/a-z/;
-
-	my $L_entry=$_[1];
-
-	my $L_search;
-	my $L_currentrole;
-
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
-
-	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
-
-	open (LDAP2, "$L_search |");
-	while (<LDAP2>) {
-		s/\n //g;
-		if (/^nsrole: (.*)\n/) {
-			$L_currentrole = $1;
-			$L_currentrole=~ tr/A-Z/a-z/;
-			if ( $L_currentrole eq $L_nsroledn )
-			{
-				# the parm is part of the $L_entry nsroledn
-				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
-				return 0;
-			}
-		}
-	}
-	close(LDAP2);
-
-	# the parm is not part of the $L_entry nsroledn
-	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
-	return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
-    $L_entry=$_[0];
-
-    @L_entryToTest=split /([,])/,$L_entry;
-    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
-    $newDN="";
-    $removeRDN=1;
-    foreach $part (@L_entryToTest)
-    {
-        $part=~ s/^ +//;
-        $part=~ tr/A-Z/a-z/;
-        if ( $removeRDN <= 2 )
-        {
-            $removeRDN=$removeRDN+1;
-        }
-        else
-        {
-            $newDN="$newDN$part";
-        }
-    }
-
-    debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of 
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
-    $L_current=$_[0];
-    $L_nestedRole=$_[1];
-
-    debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
-    removeRdn($L_nestedRole);
-    $L_nestedRoleSuffix=$newDN;
-    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
-
-    $cont=1;
-    while ( ($cont == 1) && ($L_current ne "") )
-    {
-        removeRdn($L_current);
-        $currentDn=$newDN;
-        debug("checkScope: current DN to check: $currentDn\n");
- 
-        if ( $currentDn eq $L_nestedRoleSuffix )
-        {
-            debug("checkScope: DN match!!!\n");
-            $cont = 0;
-        }
-        else
-        {
-            $L_current=$currentDn;
-        }
-    }
- 
-    if ( $cont == 1 )
-    {
-        debug("checkScope: $_[0] and $_[1] are not compatible\n");
-        return 0;
-    }
-    else
-    {
-        debug("checkScope: $_[0] and $_[1] are compatible\n");
-        return 1;
-    }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
-	$cmd="ns-inactivate.pl";
-	$operation="inactivate";
-	$state="inactivated";
-	$modrole="add";
-	$already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
-	$cmd="ns-activate.pl";
-	$operation="activate";
-	$state="activated";
-	$modrole="delete";
-	$already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
-	$cmd="ns-accountstatus.pl";
-	$operation="get status of";
-	$state="activated";
-	# no need for $modrole as no operation is performed
-	$already="";
-
-}
-else
-{
-	out("$0: unknown command\n");
-	exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
- 
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
-    if($arg eq "-?")
-    {
-        usage_and_exit();
-    }
-    elsif($arg eq "-D")
-    {
-        $rootdn= shift @ARGV;
-    }
-    elsif($arg eq "-w")
-    {
-        $rootpw= shift @ARGV;
-    }
-    elsif($arg eq "-j")
-    {
-        $pwfile= shift @ARGV;
-    }
-    elsif($arg eq "-p")
-    {
-        $port= shift @ARGV;
-    }
-    elsif($arg eq "-h")
-    {
-        $host= shift @ARGV;
-    }
-    elsif($arg eq "-I")
-    {
-        $entry= shift @ARGV;
-    }
-	else
-	{
-		print "$arg: Unknown command line argument.\n";
-		usage_and_exit();
-	}
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $pwfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$rootpw = <RPASS>;
-	chomp($rootpw);
-	close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$rootpw = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
-	usage_and_exit();
-}
-
-if( $entry eq "" )
-{
-	usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
-	$retCode1=$?>>8;
-	exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
-	$retCode2=$?>>8;
-	exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
-	debug("Groups of users\n");
-	$role=1;
-}
-else
-{
-	debug("Single user\n");
-	$single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
-	$searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
-	open (LDAP1, "$searchAccountLock |");
-	while (<LDAP1>) {
-		s/\n //g;
-		if (/^nsaccountlock: (.*)\n/) {
-			$L_currentvalue = $1;
-			$L_currentvalue=~ tr/A-Z/a-z/;
-			if ( $L_currentvalue eq "true")
-			{
-				$isLocked=1;
-			}
-			elsif ( $L_currentvalue eq "false" )
-			{
-				$isLocked=0;
-			}
-		}
-	}
-	close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-#	-I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
-	$part=~s/^ +//;
-	$part=~ tr/A-Z/a-z/;
-	$result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
-	# Look if suffix is the suffix of the entry
-	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
-	#
-	debug("\tSuffix from the entry: #@suffixN#\n");
-	@mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
-	$retCode=$?;
-	if ( $retCode != 0 )
-	{
-		$retCode=$?>>8;
-		exit $retCode;
-	}
-
-	# If we get a result, remove the dn:
-	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
-	#	cn: "o=sun.com"
-	#
-	shift @mapping;
-
-	foreach $res (@mapping)
-	{
-		# Break the string cn: "o=sun.com" into pieces
-		@cn= split(/ /,$res);
-
-		# And remove the cn: part
-		shift @cn;
-
-		# Now compare the suffix we extract from the mapping tree 
-		# with the suffix derived from the entry
-		debug("\tSuffix from mapping tree: #@cn#\n");
-		if ( @cn eq @suffixN ) {
-			debug("Found matching suffix\n");
-			$cont=1;
-		}
-	}
-
-	if ( $cont == 0 )
-	{
-		# Remove the current rdn to try another suffix
-		shift @suffix;
-
-		$result="";
-		foreach $part (@suffix)
-		{
-			$part=~ s/^ +//;
-			$part=~ tr/A-Z/a-z/;
-			$result="$result$part";
-		}
-		@suffixN=$result;
-
-		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
-		$len=@suffix;
-		if ( $len == 0 )
-		{
-			debug("Can not find suffix. Problem\n");
-			$cont=2;
-		}
-	}
-}
-if ( $cont == 2)
-{
-	out("Can not find suffix for entry $entry\n");
-	exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
-	#
-	# Now that we have the suffix and we know if we deal with a single entry or
-	# a role, just try to create the COS and roles associated.
-	#
-	@base=(
-		"cn=nsManagedDisabledRole,@suffixN",
-		"cn=nsDisabledRole,@suffixN",
-		"cn=nsAccountInactivationTmp,@suffixN",
-		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
-		"cn=nsAccountInactivation_cos,@suffixN" );
-
-	$addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> {{DEV-NULL}} 2>&1 ";
-	@role1=(
-		"dn: cn=nsManagedDisabledRole,@suffixN\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsSimpleRoleDefinition\n",
-		"objectclass: nsManagedRoleDefinition\n",
-		"cn: nsManagedDisabledRole\n\n" );
-	@role2=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsComplexRoleDefinition\n",
-		"objectclass: nsNestedRoleDefinition\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
-		"cn: nsDisabledRole\n\n" );
-	@cos1=(
-		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: nsContainer\n\n" );
-	@cos2=(
-		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: extensibleObject\n",
-		"objectclass: costemplate\n",
-		"objectclass: ldapsubentry\n",
-		"cosPriority: 1\n",
-		"nsAccountLock: true\n\n" );
-	@cos3=(
-		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: cosSuperDefinition\n",
-		"objectclass: cosClassicDefinition\n",
-		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"cosSpecifier: nsRole\n",
-		"cosAttribute: nsAccountLock operational\n\n" );
-
-	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
-	$i=0;
-
-	foreach $current (@base)
-	{
-		debug("Creating $current ??\n");
-		open(FD,"| $addrolescos ");
-		print FD @{$all[$i]};
-		close(FD);
-		if ( $? != 0 )
-		{
-			$retCode=$?>>8;
-			if ( $retCode == 68 )
-			{
-				debug("Entry $current already exists, ignore error\n");
-			}
-			else
-			{
-				# Probably a more serious problem.
-				# Exit with LDAP error
-				exit $retCode;
-			}
-		}
-		else
-		{
-			debug("Entry $current created\n");
-		}
-		$i=$i+1;
-	}
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
-	# Go through all the roles part of nsdisabledrole to check if the entry
-	# is a member of one of those roles
-	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
-	if ( $ret == 0 )
-	{
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			# indirect lock
-			out("$entry already $state through $throughRole.\n");
-		}
-		else
-		{
-			# direct lock
-			out("$entry already $state.\n");
-		}
-		exit 100;
-	}
-	elsif ( $isLocked == 1 )
-	{
-		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
-		out("$entry already $state (probably directly).\n");
-		exit 103;
-	}
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
-	$skipManaged=$single;
-	$skipDisabled=$role;
-
-	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
-	if ( $ret == 0 )
-	{
-		# undirectly locked
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			if ( $operation eq "activate" )
-			{
-				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
-				exit 100;
-			}
-			else
-			{
-				out("$entry inactivated through $throughRole.\n");
-				exit 104;
-			}
-		}
-		debug("$entry locked individually\n");
-
-		if ( $operation ne "activate" )
-		{
-			out("$entry inactivated.\n");
-			exit 103;
-		}
-	}
-	elsif ( $directLocked == 0 )
-	{
-		if ( $operation eq "activate" && $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 100;
-		}
-		elsif ( $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 102;
-		}
-		else
-		{
-			# not locked using our schema, but nsaccountlock is probably present
-			out("$entry inactivated (probably directly).\n");
-			exit 103;
-		}
-	}
-	elsif ( $operation ne "activate" )
-	{
-		out("$entry inactivated.\n");
-		exit 103;
-	}
-	# else Locked directly, juste unlock it!
-	debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> {{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
-	@record=(
-		"dn: $entry\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
-	@record=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
-	$retCode=$?>>8;
-	exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/ns-accountstatus.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-ns-activate.pl.in

@@ -34,828 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
-	print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
-	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
-	print (STDERR "May be used to $operation a user or a domain of users\n\n");
-	print (STDERR "Arguments:\n");
-	print (STDERR "          -?                   - help\n");
-	print (STDERR "          -D rootdn            - Provide a Directory Manager DN. Default= '$defrootdn'\n");
-	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
-	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
-	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
-	print (STDERR "          -p port              - Provide a port. Default= '$defport'\n");
-	print (STDERR "          -h host              - Provide a host name. Default= '$defhost'\n");
-	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
-	exit 100;
-}
-
-sub debug
-{
-#	print " ==> @_";
-}
-
-sub out
-{
-	print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# 	* it is the same as the entry
-# 	* the entry is member of role (==has nsroledn attributes), compare each of
-#		them with the nsroledn of nsdisabledrole
-#	* if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
-	# For recursivity, file handler must be local
-	my $L_filehandle=$_[0];
-	$L_filehandle++;
-
-	my $L_entry=$_[1];
-	# Remove useless space
-    my @L_intern=split /([,])/,$L_entry;
-    my $L_result="";
-    foreach $L_part (@L_intern)
-    {
-        $L_part=~s/^ +//;
-        $L_part=~ tr/A-Z/a-z/;
-        $L_result="$L_result$L_part";
-    }
-    $L_entry=$L_result;
-
-	my $L_base=$_[2];
-	
-	my $L_search;
-	my $L_currentrole;
-	my $L_retCode;
-
-	my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> {{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
-    $retCode=$?>>8;
-    return 1;
-}
-
-	# Check if the role is a nested role
-	@L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
-	# L_isNested == 1 means that we are going through a nested role, so for each member of that
-	# nested role, check that the member is below the scope of the nested
-	$L_isNested=@L_Nested;
-
-	# Not Direct Lock, Go through roles if any
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
-
-	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
-
-	unless (open ($L_filehandle, "$L_search |")) 
-	{
-		out("Can't open file $L_filehandle\n");
-		exit;
-	}
-	while (<$L_filehandle>) {
-
-		s/\n //g;
-		if (/^nsroledn: (.*)\n/) {
-			$L_currentrole = $1;
-
-			# Remove useless space
-			my @L_intern=split /([,])/,$L_currentrole;
-			my $L_result="";
-			foreach $L_part (@L_intern)
-			{
-				$L_part=~s/^ +//;
-				$L_part=~ tr/A-Z/a-z/;
-				$L_result="$L_result$L_part";
-			}
-			$L_currentrole=$L_result;
-
-			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
-			if ( $L_isNested == 1 )
-			{
-				if ( checkScope($L_currentrole, $L_base) == 0 )
-				{
-					# Scope problem probably a bad conf, skip the currentrole
-					next;	
-				}
-			}
-
-			if ( $L_currentrole eq $L_entry )
-			{
-				# the entry is a role that is directly locked
-				# i.e, nsroledn of nsdisabledrole contains the entry
-				$throughRole=$L_base;
-				$throughRole=~ tr/A-Z/a-z/;
-
-				# skipDisabled means that we've just found that the entry (which is a role)
-				# is locked directly (==its DN is part of nsroledn attributes)
-				# we just want to know now, if it is locked through another role
-				# at least, one
-				if ( $skipDisabled == 1 )
-				{
-					# direct inactivation
-					$directLocked=1;
-					# just go through that test once
-					$skipDisabled=0;
-					next;
-				}
-				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			$L_retCode=memberOf($L_currentrole, $L_entry);
-			if ( $L_retCode == 0 && $single == 1 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				if ( $skipManaged == 1 )
-				{
-					if ( $L_currentrole eq $nsManagedDisabledRole)
-					{
-						# Try next nsroledn
-						$directLocked=1;
-						$skipManaged=0;
-						next;
-					}
-				} 
-				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			# Only for the first iteration
-			# the first iteration is with nsdisabledrole as base, other
-			# loops are deeper
-			$L_local=$skipDisabled;
-			$skipDisabled=0;
-	
-			# the current nsroledn may be a complex role, just go through
-			# its won nsroledn
-			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
-			# Because of recursivity, to keep the initial value for the first level
-			$skipDisabled=$L_local;
-
-			if ( $L_retCode == 0 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
-				return 0;
-			}
-		}
-	}
-
-	close($L_filehandle);
-
-	debug("\t<--indirectLock: no more nsroledn to process\n");
-	return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
-	my $L_nsroledn=$_[0];
-	$L_nsroledn=~ tr/A-Z/a-z/;
-
-	my $L_entry=$_[1];
-
-	my $L_search;
-	my $L_currentrole;
-
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
-
-	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
-
-	open (LDAP2, "$L_search |");
-	while (<LDAP2>) {
-		s/\n //g;
-		if (/^nsrole: (.*)\n/) {
-			$L_currentrole = $1;
-			$L_currentrole=~ tr/A-Z/a-z/;
-			if ( $L_currentrole eq $L_nsroledn )
-			{
-				# the parm is part of the $L_entry nsroledn
-				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
-				return 0;
-			}
-		}
-	}
-	close(LDAP2);
-
-	# the parm is not part of the $L_entry nsroledn
-	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
-	return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
-    $L_entry=$_[0];
-
-    @L_entryToTest=split /([,])/,$L_entry;
-    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
-    $newDN="";
-    $removeRDN=1;
-    foreach $part (@L_entryToTest)
-    {
-        $part=~ s/^ +//;
-        $part=~ tr/A-Z/a-z/;
-        if ( $removeRDN <= 2 )
-        {
-            $removeRDN=$removeRDN+1;
-        }
-        else
-        {
-            $newDN="$newDN$part";
-        }
-    }
-
-    debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of 
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
-    $L_current=$_[0];
-    $L_nestedRole=$_[1];
-
-    debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
-    removeRdn($L_nestedRole);
-    $L_nestedRoleSuffix=$newDN;
-    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
-
-    $cont=1;
-    while ( ($cont == 1) && ($L_current ne "") )
-    {
-        removeRdn($L_current);
-        $currentDn=$newDN;
-        debug("checkScope: current DN to check: $currentDn\n");
- 
-        if ( $currentDn eq $L_nestedRoleSuffix )
-        {
-            debug("checkScope: DN match!!!\n");
-            $cont = 0;
-        }
-        else
-        {
-            $L_current=$currentDn;
-        }
-    }
- 
-    if ( $cont == 1 )
-    {
-        debug("checkScope: $_[0] and $_[1] are not compatible\n");
-        return 0;
-    }
-    else
-    {
-        debug("checkScope: $_[0] and $_[1] are compatible\n");
-        return 1;
-    }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
-	$cmd="ns-inactivate.pl";
-	$operation="inactivate";
-	$state="inactivated";
-	$modrole="add";
-	$already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
-	$cmd="ns-activate.pl";
-	$operation="activate";
-	$state="activated";
-	$modrole="delete";
-	$already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
-	$cmd="ns-accountstatus.pl";
-	$operation="get status of";
-	$state="activated";
-	# no need for $modrole as no operation is performed
-	$already="";
-
-}
-else
-{
-	out("$0: unknown command\n");
-	exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
- 
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
-    if($arg eq "-?")
-    {
-        usage_and_exit();
-    }
-    elsif($arg eq "-D")
-    {
-        $rootdn= shift @ARGV;
-    }
-    elsif($arg eq "-w")
-    {
-        $rootpw= shift @ARGV;
-    }
-    elsif($arg eq "-j")
-    {
-        $pwfile= shift @ARGV;
-    }
-    elsif($arg eq "-p")
-    {
-        $port= shift @ARGV;
-    }
-    elsif($arg eq "-h")
-    {
-        $host= shift @ARGV;
-    }
-    elsif($arg eq "-I")
-    {
-        $entry= shift @ARGV;
-    }
-	else
-	{
-		print "$arg: Unknown command line argument.\n";
-		usage_and_exit();
-	}
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $pwfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$rootpw = <RPASS>;
-	chomp($rootpw);
-	close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$rootpw = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
-	usage_and_exit();
-}
-
-if( $entry eq "" )
-{
-	usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
-	$retCode1=$?>>8;
-	exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
-	$retCode2=$?>>8;
-	exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
-	debug("Groups of users\n");
-	$role=1;
-}
-else
-{
-	debug("Single user\n");
-	$single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
-	$searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
-	open (LDAP1, "$searchAccountLock |");
-	while (<LDAP1>) {
-		s/\n //g;
-		if (/^nsaccountlock: (.*)\n/) {
-			$L_currentvalue = $1;
-			$L_currentvalue=~ tr/A-Z/a-z/;
-			if ( $L_currentvalue eq "true")
-			{
-				$isLocked=1;
-			}
-			elsif ( $L_currentvalue eq "false" )
-			{
-				$isLocked=0;
-			}
-		}
-	}
-	close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-#	-I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
-	$part=~s/^ +//;
-	$part=~ tr/A-Z/a-z/;
-	$result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
-	# Look if suffix is the suffix of the entry
-	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
-	#
-	debug("\tSuffix from the entry: #@suffixN#\n");
-	@mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
-	$retCode=$?;
-	if ( $retCode != 0 )
-	{
-		$retCode=$?>>8;
-		exit $retCode;
-	}
-
-	# If we get a result, remove the dn:
-	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
-	#	cn: "o=sun.com"
-	#
-	shift @mapping;
-
-	foreach $res (@mapping)
-	{
-		# Break the string cn: "o=sun.com" into pieces
-		@cn= split(/ /,$res);
-
-		# And remove the cn: part
-		shift @cn;
-
-		# Now compare the suffix we extract from the mapping tree 
-		# with the suffix derived from the entry
-		debug("\tSuffix from mapping tree: #@cn#\n");
-		if ( @cn eq @suffixN ) {
-			debug("Found matching suffix\n");
-			$cont=1;
-		}
-	}
-
-	if ( $cont == 0 )
-	{
-		# Remove the current rdn to try another suffix
-		shift @suffix;
-
-		$result="";
-		foreach $part (@suffix)
-		{
-			$part=~ s/^ +//;
-			$part=~ tr/A-Z/a-z/;
-			$result="$result$part";
-		}
-		@suffixN=$result;
-
-		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
-		$len=@suffix;
-		if ( $len == 0 )
-		{
-			debug("Can not find suffix. Problem\n");
-			$cont=2;
-		}
-	}
-}
-if ( $cont == 2)
-{
-	out("Can not find suffix for entry $entry\n");
-	exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
-	#
-	# Now that we have the suffix and we know if we deal with a single entry or
-	# a role, just try to create the COS and roles associated.
-	#
-	@base=(
-		"cn=nsManagedDisabledRole,@suffixN",
-		"cn=nsDisabledRole,@suffixN",
-		"cn=nsAccountInactivationTmp,@suffixN",
-		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
-		"cn=nsAccountInactivation_cos,@suffixN" );
-
-	$addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> {{DEV-NULL}} 2>&1 ";
-	@role1=(
-		"dn: cn=nsManagedDisabledRole,@suffixN\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsSimpleRoleDefinition\n",
-		"objectclass: nsManagedRoleDefinition\n",
-		"cn: nsManagedDisabledRole\n\n" );
-	@role2=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsComplexRoleDefinition\n",
-		"objectclass: nsNestedRoleDefinition\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
-		"cn: nsDisabledRole\n\n" );
-	@cos1=(
-		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: nsContainer\n\n" );
-	@cos2=(
-		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: extensibleObject\n",
-		"objectclass: costemplate\n",
-		"objectclass: ldapsubentry\n",
-		"cosPriority: 1\n",
-		"nsAccountLock: true\n\n" );
-	@cos3=(
-		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: cosSuperDefinition\n",
-		"objectclass: cosClassicDefinition\n",
-		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"cosSpecifier: nsRole\n",
-		"cosAttribute: nsAccountLock operational\n\n" );
-
-	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
-	$i=0;
-
-	foreach $current (@base)
-	{
-		debug("Creating $current ??\n");
-		open(FD,"| $addrolescos ");
-		print FD @{$all[$i]};
-		close(FD);
-		if ( $? != 0 )
-		{
-			$retCode=$?>>8;
-			if ( $retCode == 68 )
-			{
-				debug("Entry $current already exists, ignore error\n");
-			}
-			else
-			{
-				# Probably a more serious problem.
-				# Exit with LDAP error
-				exit $retCode;
-			}
-		}
-		else
-		{
-			debug("Entry $current created\n");
-		}
-		$i=$i+1;
-	}
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
-	# Go through all the roles part of nsdisabledrole to check if the entry
-	# is a member of one of those roles
-	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
-	if ( $ret == 0 )
-	{
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			# indirect lock
-			out("$entry already $state through $throughRole.\n");
-		}
-		else
-		{
-			# direct lock
-			out("$entry already $state.\n");
-		}
-		exit 100;
-	}
-	elsif ( $isLocked == 1 )
-	{
-		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
-		out("$entry already $state (probably directly).\n");
-		exit 103;
-	}
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
-	$skipManaged=$single;
-	$skipDisabled=$role;
-
-	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
-	if ( $ret == 0 )
-	{
-		# undirectly locked
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			if ( $operation eq "activate" )
-			{
-				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
-				exit 100;
-			}
-			else
-			{
-				out("$entry inactivated through $throughRole.\n");
-				exit 104;
-			}
-		}
-		debug("$entry locked individually\n");
-
-		if ( $operation ne "activate" )
-		{
-			out("$entry inactivated.\n");
-			exit 103;
-		}
-	}
-	elsif ( $directLocked == 0 )
-	{
-		if ( $operation eq "activate" && $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 100;
-		}
-		elsif ( $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 102;
-		}
-		else
-		{
-			# not locked using our schema, but nsaccountlock is probably present
-			out("$entry inactivated (probably directly).\n");
-			exit 103;
-		}
-	}
-	elsif ( $operation ne "activate" )
-	{
-		out("$entry inactivated.\n");
-		exit 103;
-	}
-	# else Locked directly, juste unlock it!
-	debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> {{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
-	@record=(
-		"dn: $entry\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
-	@record=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
-	$retCode=$?>>8;
-	exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/ns-activate.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-ns-inactivate.pl.in

@@ -34,828 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
-	print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
-	print (STDERR "     [-p port] [-h host] -I DN-to-$operation\n\n");
-	print (STDERR "May be used to $operation a user or a domain of users\n\n");
-	print (STDERR "Arguments:\n");
-	print (STDERR "          -?                   - help\n");
-	print (STDERR "          -D rootdn            - Provide a Directory Manager DN. Default= '$defrootdn'\n");
-	print (STDERR "          -w password          - Provide a password for the Directory Manager DN\n");
-	print (STDERR "          -w -                 - Prompt for the Directory Manager's password\n");
-	print (STDERR "          -j filename          - Read the Directory Manager's password from file\n");
-	print (STDERR "          -p port              - Provide a port. Default= '$defport'\n");
-	print (STDERR "          -h host              - Provide a host name. Default= '$defhost'\n");
-	print (STDERR "          -I DN-to-$operation  - Single entry DN or role DN to $operation\n");
-	exit 100;
-}
-
-sub debug
-{
-#	print " ==> @_";
-}
-
-sub out
-{
-	print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# 	* it is the same as the entry
-# 	* the entry is member of role (==has nsroledn attributes), compare each of
-#		them with the nsroledn of nsdisabledrole
-#	* if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
-	# For recursivity, file handler must be local
-	my $L_filehandle=$_[0];
-	$L_filehandle++;
-
-	my $L_entry=$_[1];
-	# Remove useless space
-    my @L_intern=split /([,])/,$L_entry;
-    my $L_result="";
-    foreach $L_part (@L_intern)
-    {
-        $L_part=~s/^ +//;
-        $L_part=~ tr/A-Z/a-z/;
-        $L_result="$L_result$L_part";
-    }
-    $L_entry=$L_result;
-
-	my $L_base=$_[2];
-	
-	my $L_search;
-	my $L_currentrole;
-	my $L_retCode;
-
-	my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> {{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
-    $retCode=$?>>8;
-    return 1;
-}
-
-	# Check if the role is a nested role
-	@L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\"  ";
-	# L_isNested == 1 means that we are going through a nested role, so for each member of that
-	# nested role, check that the member is below the scope of the nested
-	$L_isNested=@L_Nested;
-
-	# Not Direct Lock, Go through roles if any
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn ";
-
-	debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n");
-
-	unless (open ($L_filehandle, "$L_search |")) 
-	{
-		out("Can't open file $L_filehandle\n");
-		exit;
-	}
-	while (<$L_filehandle>) {
-
-		s/\n //g;
-		if (/^nsroledn: (.*)\n/) {
-			$L_currentrole = $1;
-
-			# Remove useless space
-			my @L_intern=split /([,])/,$L_currentrole;
-			my $L_result="";
-			foreach $L_part (@L_intern)
-			{
-				$L_part=~s/^ +//;
-				$L_part=~ tr/A-Z/a-z/;
-				$L_result="$L_result$L_part";
-			}
-			$L_currentrole=$L_result;
-
-			debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n");
-			if ( $L_isNested == 1 )
-			{
-				if ( checkScope($L_currentrole, $L_base) == 0 )
-				{
-					# Scope problem probably a bad conf, skip the currentrole
-					next;	
-				}
-			}
-
-			if ( $L_currentrole eq $L_entry )
-			{
-				# the entry is a role that is directly locked
-				# i.e, nsroledn of nsdisabledrole contains the entry
-				$throughRole=$L_base;
-				$throughRole=~ tr/A-Z/a-z/;
-
-				# skipDisabled means that we've just found that the entry (which is a role)
-				# is locked directly (==its DN is part of nsroledn attributes)
-				# we just want to know now, if it is locked through another role
-				# at least, one
-				if ( $skipDisabled == 1 )
-				{
-					# direct inactivation
-					$directLocked=1;
-					# just go through that test once
-					$skipDisabled=0;
-					next;
-				}
-				debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			$L_retCode=memberOf($L_currentrole, $L_entry);
-			if ( $L_retCode == 0 && $single == 1 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				if ( $skipManaged == 1 )
-				{
-					if ( $L_currentrole eq $nsManagedDisabledRole)
-					{
-						# Try next nsroledn
-						$directLocked=1;
-						$skipManaged=0;
-						next;
-					}
-				} 
-				debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n");
-				return 0;
-			}
-
-			# Only for the first iteration
-			# the first iteration is with nsdisabledrole as base, other
-			# loops are deeper
-			$L_local=$skipDisabled;
-			$skipDisabled=0;
-	
-			# the current nsroledn may be a complex role, just go through
-			# its won nsroledn
-			$L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
-			# Because of recursivity, to keep the initial value for the first level
-			$skipDisabled=$L_local;
-
-			if ( $L_retCode == 0 )
-			{
-				$throughRole=$L_currentrole;
-				$throughRole=~ tr/A-Z/a-z/;
-				debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
-				return 0;
-			}
-		}
-	}
-
-	close($L_filehandle);
-
-	debug("\t<--indirectLock: no more nsroledn to process\n");
-	return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
-	my $L_nsroledn=$_[0];
-	$L_nsroledn=~ tr/A-Z/a-z/;
-
-	my $L_entry=$_[1];
-
-	my $L_search;
-	my $L_currentrole;
-
-	$L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole";
-
-	debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n");
-
-	open (LDAP2, "$L_search |");
-	while (<LDAP2>) {
-		s/\n //g;
-		if (/^nsrole: (.*)\n/) {
-			$L_currentrole = $1;
-			$L_currentrole=~ tr/A-Z/a-z/;
-			if ( $L_currentrole eq $L_nsroledn )
-			{
-				# the parm is part of the $L_entry nsroledn
-				debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
-				return 0;
-			}
-		}
-	}
-	close(LDAP2);
-
-	# the parm is not part of the $L_entry nsroledn
-	debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
-	return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
-    $L_entry=$_[0];
-
-    @L_entryToTest=split /([,])/,$L_entry;
-    debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
-    $newDN="";
-    $removeRDN=1;
-    foreach $part (@L_entryToTest)
-    {
-        $part=~ s/^ +//;
-        $part=~ tr/A-Z/a-z/;
-        if ( $removeRDN <= 2 )
-        {
-            $removeRDN=$removeRDN+1;
-        }
-        else
-        {
-            $newDN="$newDN$part";
-        }
-    }
-
-    debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of 
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
-    $L_current=$_[0];
-    $L_nestedRole=$_[1];
-
-    debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
-    removeRdn($L_nestedRole);
-    $L_nestedRoleSuffix=$newDN;
-    debug("checkScope: nested role based:  $L_nestedRoleSuffix\n");
-
-    $cont=1;
-    while ( ($cont == 1) && ($L_current ne "") )
-    {
-        removeRdn($L_current);
-        $currentDn=$newDN;
-        debug("checkScope: current DN to check: $currentDn\n");
- 
-        if ( $currentDn eq $L_nestedRoleSuffix )
-        {
-            debug("checkScope: DN match!!!\n");
-            $cont = 0;
-        }
-        else
-        {
-            $L_current=$currentDn;
-        }
-    }
- 
-    if ( $cont == 1 )
-    {
-        debug("checkScope: $_[0] and $_[1] are not compatible\n");
-        return 0;
-    }
-    else
-    {
-        debug("checkScope: $_[0] and $_[1] are compatible\n");
-        return 1;
-    }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
-	$cmd="ns-inactivate.pl";
-	$operation="inactivate";
-	$state="inactivated";
-	$modrole="add";
-	$already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
-	$cmd="ns-activate.pl";
-	$operation="activate";
-	$state="activated";
-	$modrole="delete";
-	$already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
-	$cmd="ns-accountstatus.pl";
-	$operation="get status of";
-	$state="activated";
-	# no need for $modrole as no operation is performed
-	$already="";
-
-}
-else
-{
-	out("$0: unknown command\n");
-	exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
- 
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
-    if($arg eq "-?")
-    {
-        usage_and_exit();
-    }
-    elsif($arg eq "-D")
-    {
-        $rootdn= shift @ARGV;
-    }
-    elsif($arg eq "-w")
-    {
-        $rootpw= shift @ARGV;
-    }
-    elsif($arg eq "-j")
-    {
-        $pwfile= shift @ARGV;
-    }
-    elsif($arg eq "-p")
-    {
-        $port= shift @ARGV;
-    }
-    elsif($arg eq "-h")
-    {
-        $host= shift @ARGV;
-    }
-    elsif($arg eq "-I")
-    {
-        $entry= shift @ARGV;
-    }
-	else
-	{
-		print "$arg: Unknown command line argument.\n";
-		usage_and_exit();
-	}
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
-	unless (open (RPASS, $pwfile)) {
-		die "Error, cannot open password file $passwdfile\n";
-	}
-	$rootpw = <RPASS>;
-	chomp($rootpw);
-	close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$rootpw = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
-	usage_and_exit();
-}
-
-if( $entry eq "" )
-{
-	usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
-	$retCode1=$?>>8;
-	exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
-	$retCode2=$?>>8;
-	exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
-	debug("Groups of users\n");
-	$role=1;
-}
-else
-{
-	debug("Single user\n");
-	$single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
-	$searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
-	open (LDAP1, "$searchAccountLock |");
-	while (<LDAP1>) {
-		s/\n //g;
-		if (/^nsaccountlock: (.*)\n/) {
-			$L_currentvalue = $1;
-			$L_currentvalue=~ tr/A-Z/a-z/;
-			if ( $L_currentvalue eq "true")
-			{
-				$isLocked=1;
-			}
-			elsif ( $L_currentvalue eq "false" )
-			{
-				$isLocked=0;
-			}
-		}
-	}
-	close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-#	-I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
-	$part=~s/^ +//;
-	$part=~ tr/A-Z/a-z/;
-	$result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
-	# Look if suffix is the suffix of the entry
-	#	ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\""
-	#
-	debug("\tSuffix from the entry: #@suffixN#\n");
-	@mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
-	$retCode=$?;
-	if ( $retCode != 0 )
-	{
-		$retCode=$?>>8;
-		exit $retCode;
-	}
-
-	# If we get a result, remove the dn:
-	#	dn: cn="o=sun.com",cn=mapping tree,cn=config
-	#	cn: "o=sun.com"
-	#
-	shift @mapping;
-
-	foreach $res (@mapping)
-	{
-		# Break the string cn: "o=sun.com" into pieces
-		@cn= split(/ /,$res);
-
-		# And remove the cn: part
-		shift @cn;
-
-		# Now compare the suffix we extract from the mapping tree 
-		# with the suffix derived from the entry
-		debug("\tSuffix from mapping tree: #@cn#\n");
-		if ( @cn eq @suffixN ) {
-			debug("Found matching suffix\n");
-			$cont=1;
-		}
-	}
-
-	if ( $cont == 0 )
-	{
-		# Remove the current rdn to try another suffix
-		shift @suffix;
-
-		$result="";
-		foreach $part (@suffix)
-		{
-			$part=~ s/^ +//;
-			$part=~ tr/A-Z/a-z/;
-			$result="$result$part";
-		}
-		@suffixN=$result;
-
-		debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
-		$len=@suffix;
-		if ( $len == 0 )
-		{
-			debug("Can not find suffix. Problem\n");
-			$cont=2;
-		}
-	}
-}
-if ( $cont == 2)
-{
-	out("Can not find suffix for entry $entry\n");
-	exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
-	#
-	# Now that we have the suffix and we know if we deal with a single entry or
-	# a role, just try to create the COS and roles associated.
-	#
-	@base=(
-		"cn=nsManagedDisabledRole,@suffixN",
-		"cn=nsDisabledRole,@suffixN",
-		"cn=nsAccountInactivationTmp,@suffixN",
-		"\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
-		"cn=nsAccountInactivation_cos,@suffixN" );
-
-	$addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> {{DEV-NULL}} 2>&1 ";
-	@role1=(
-		"dn: cn=nsManagedDisabledRole,@suffixN\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsSimpleRoleDefinition\n",
-		"objectclass: nsManagedRoleDefinition\n",
-		"cn: nsManagedDisabledRole\n\n" );
-	@role2=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: nsRoleDefinition\n",
-		"objectclass: nsComplexRoleDefinition\n",
-		"objectclass: nsNestedRoleDefinition\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
-		"cn: nsDisabledRole\n\n" );
-	@cos1=(
-		"dn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: nsContainer\n\n" );
-	@cos2=(
-		"dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: extensibleObject\n",
-		"objectclass: costemplate\n",
-		"objectclass: ldapsubentry\n",
-		"cosPriority: 1\n",
-		"nsAccountLock: true\n\n" );
-	@cos3=(
-		"dn: cn=nsAccountInactivation_cos,@suffixN\n",
-		"objectclass: top\n",
-		"objectclass: LDAPsubentry\n",
-		"objectclass: cosSuperDefinition\n",
-		"objectclass: cosClassicDefinition\n",
-		"cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
-		"cosSpecifier: nsRole\n",
-		"cosAttribute: nsAccountLock operational\n\n" );
-
-	@all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
-	$i=0;
-
-	foreach $current (@base)
-	{
-		debug("Creating $current ??\n");
-		open(FD,"| $addrolescos ");
-		print FD @{$all[$i]};
-		close(FD);
-		if ( $? != 0 )
-		{
-			$retCode=$?>>8;
-			if ( $retCode == 68 )
-			{
-				debug("Entry $current already exists, ignore error\n");
-			}
-			else
-			{
-				# Probably a more serious problem.
-				# Exit with LDAP error
-				exit $retCode;
-			}
-		}
-		else
-		{
-			debug("Entry $current created\n");
-		}
-		$i=$i+1;
-	}
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
-	# Go through all the roles part of nsdisabledrole to check if the entry
-	# is a member of one of those roles
-	$ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
-	if ( $ret == 0 )
-	{
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			# indirect lock
-			out("$entry already $state through $throughRole.\n");
-		}
-		else
-		{
-			# direct lock
-			out("$entry already $state.\n");
-		}
-		exit 100;
-	}
-	elsif ( $isLocked == 1 )
-	{
-		# the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
-		out("$entry already $state (probably directly).\n");
-		exit 103;
-	}
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
-	$skipManaged=$single;
-	$skipDisabled=$role;
-
-	$ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
-	if ( $ret == 0 )
-	{
-		# undirectly locked
-		if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
-		{
-			if ( $operation eq "activate" )
-			{
-				out("$entry inactivated through $throughRole. Can not activate it individually.\n");
-				exit 100;
-			}
-			else
-			{
-				out("$entry inactivated through $throughRole.\n");
-				exit 104;
-			}
-		}
-		debug("$entry locked individually\n");
-
-		if ( $operation ne "activate" )
-		{
-			out("$entry inactivated.\n");
-			exit 103;
-		}
-	}
-	elsif ( $directLocked == 0 )
-	{
-		if ( $operation eq "activate" && $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 100;
-		}
-		elsif ( $isLocked != 1 )
-		{
-			out("$entry $already $state.\n");
-			exit 102;
-		}
-		else
-		{
-			# not locked using our schema, but nsaccountlock is probably present
-			out("$entry inactivated (probably directly).\n");
-			exit 103;
-		}
-	}
-	elsif ( $operation ne "activate" )
-	{
-		out("$entry inactivated.\n");
-		exit 103;
-	}
-	# else Locked directly, juste unlock it!
-	debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> {{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
-	@record=(
-		"dn: $entry\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
-	@record=(
-		"dn: cn=nsDisabledRole,@suffixN\n",
-		"changetype: modify\n",
-		"$modrole: nsRoleDN\n",
-		"nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
-	$retCode=$?>>8;
-	exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/ns-inactivate.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in

@@ -34,271 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-use lib qw(@perlpath@);
-
-# enable the use of our bundled perldap with our bundled ldapsdk libraries
-# all of this nonsense can be omitted if the mozldapsdk and perldap are
-# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5)
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-# Add new password policy specific entries
-
-#############################################################################
-# enable the use of Perldap functions
-require DynaLoader;
-
-use Getopt::Std;
-use Mozilla::LDAP::Conn;
-use Mozilla::LDAP::Utils qw(:all);
-use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API
-
-#############################################################################
-# Default values of the variables
-
-$opt_D = "{{ROOT-DN}}";
-$opt_p = "{{SERVER-PORT}}";
-$opt_h = "{{SERVER-NAME}}";
-$opt_v = 0;
-
-# Variables
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
-
-#############################################################################
-
-sub usage {
-	print (STDERR "ns-newpwpolicy.pl [-v] [-D rootdn] { -w password | -j filename } \n");
-	print (STDERR "                  [-p port] [-h host] -U UserDN -S SuffixDN\n\n");
-
-	print (STDERR "Arguments:\n");
-	print (STDERR "	-?		- help\n");
-	print (STDERR "	-v		- verbose output\n");
-	print (STDERR "	-D rootdn	- Directory Manager DN. Default= '$opt_D'\n");
-	print (STDERR "	-w rootpw	- password for the Directory Manager DN\n");
-	print (STDERR "	-j filename	- Read the Directory Manager's password from file\n");
-	print (STDERR "	-p port		- port. Default= $opt_p\n");
-	print (STDERR "	-h host		- host name. Default= '$opt_h'\n");
-	print (STDERR "	-U userDN	- User entry DN\n");
-	print (STDERR "	-S suffixDN	- Suffix entry DN\n");
-	exit 100;
-}
-
-# Process the command line arguments
-{
-	usage() if (!getopts('vD:w:j:p:h:U:S:'));
-
-	if ($opt_j ne ""){
-		die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
-		$opt_w = <RPASS>;
-		chomp($opt_w);
-		close(RPASS);
-	} 
-
-	usage() if( $opt_w eq "" );
-	if ($opt_U eq "" && $opt_S eq "") {
-		print (STDERR "Please provide at least -S or -U option.\n\n");
-	}
-
-	# Now, check if the user/group exists
-
-	if ($opt_S) {
-		my $esc_opt_S = $opt_S;
- 		$esc_opt_S =~ s/,/\\,/g;
- 		$esc_opt_S =~ s/=/\\=/g;
-		print (STDERR "host = $opt_h, port = $opt_p, suffixDN = \"$opt_S\"\n\n") if $opt_v;
-		@base=(
-			"cn=nsPwPolicyContainer,$opt_S",
-			"cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
-			"cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
-			"cn=nsPwPolicy_cos,$opt_S"
-		);
-
-		$ldapadd="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c -a 2>&1";
-		$modifyCfg="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c 2>&1";
-
-		@container=(
-			"dn: cn=nsPwPolicyContainer,$opt_S\n",
-			"objectclass: top\n",
-			"objectclass: nsContainer\n\n" );
-		@pwpolicy=(
-			"dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
-			"objectclass: top\n",
-			"objectclass: ldapsubentry\n",
-			"objectclass: passwordpolicy\n\n" );
-		@template=(
-			"dn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
-			"objectclass: top\n",
-			"objectclass: extensibleObject\n",
-			"objectclass: costemplate\n",
-			"objectclass: ldapsubentry\n",
-			"cosPriority: 1\n",
-			"pwdpolicysubentry: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n" );
-		@cos=(
-			"dn: cn=nsPwPolicy_cos,$opt_S\n",
-			"objectclass: top\n",
-			"objectclass: LDAPsubentry\n",
-			"objectclass: cosSuperDefinition\n",
-			"objectclass: cosPointerDefinition\n",
-			"cosTemplateDn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
-			"cosAttribute: pwdpolicysubentry default operational-default\n\n" );
-
-		@all=(\@container, \@pwpolicy, \@template, \@cos);
-
-        $i=0;
-
-        foreach $current (@base)
-        {
-			open(FD,"| $ldapadd");
-			print FD @{$all[$i]};
-			close(FD);
-			if ( $? != 0 ) {
-				$retCode=$?>>8;
-				if ( $retCode == 68 ) {
-					print( STDERR "Entry \"$current\" already exists. Please ignore the error\n\n");
-				}
-				else {
-					# Probably a more serious problem.
-					# Exit with LDAP error
-					print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
-					exit $retCode;
-				}
-			}
-			else {
-				print( STDERR "Entry \"$current\" created\n\n") if $opt_v;
-			}
-			$i=$i+1;
-		}
-
-		$modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n";
-		open(FD,"| $modifyCfg ");
-		print(FD $modConfig);
-		close(FD);
-		$retcode = $?;
-		if ( $retcode != 0 ) {
-			print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
-			exit ($retcode);
-		}
-		else {
-			print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
-		}
-	} # end of $opt_S
-
-	if ($opt_U) {
-		my $norm_opt_U = normalizeDN($opt_U);
-		my $esc_opt_U = $norm_opt_U;
-		$esc_opt_U =~ s/,/\\,/g;
-		$esc_opt_U =~ s/=/\\=/g;
-		print (STDERR "host = $opt_h, port = $opt_p, userDN = \"$norm_opt_U\"\n\n") if $opt_v;
-		$retcode = `$ldapsearch -h $opt_h -p $opt_p -b \"$norm_opt_U\" -s base \"\"`;
-		if ($retcode != 0 ) {
-			print( STDERR "the user entry $norm_opt_U does not exist. Exiting.\n");
-			exit ($retcode);
-		}
-		
-		print( STDERR "the user entry $norm_opt_U found..\n\n") if $opt_v;
-		
-		# Now, get the parentDN 
-		@rdns = ldap_explode_dn($norm_opt_U, 0);
-		shift @rdns;
-		$parentDN = join(',', @rdns);
-
-		print (STDERR "parentDN is $parentDN\n\n") if $opt_v;
-
-		@base=(
-			"cn=nsPwPolicyContainer,$parentDN",
-			"cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"
-		);
-
-		$ldapadd="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c -a 2>&1";
-		$modifyCfg="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c 2>&1";
-
-		@container=(
-			"dn: cn=nsPwPolicyContainer,$parentDN\n",
-			"objectclass: top\n",
-			"objectclass: nsContainer\n\n" );
-		@pwpolicy=(
-			"dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n",
-			"objectclass: top\n",
-			"objectclass: ldapsubentry\n",
-			"objectclass: passwordpolicy\n\n" );
-
-		@all=(\@container, \@pwpolicy);
-
-        $i=0;
-
-        foreach $current (@base)
-        {
-			open(FD,"| $ldapadd ");
-			print FD @{$all[$i]};
-			close(FD);
-			if ( $? != 0 ) {
-				$retCode=$?>>8;
-				if ( $retCode == 68 ) {
-					print( STDERR "Entry $current already exists. Please ignore the error\n\n");
-				}
-				else {
-					# Probably a more serious problem.
-					# Exit with LDAP error
-					print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
-					exit $retCode;
-				}
-			}
-			else {
-				print( STDERR "Entry $current created\n\n") if $opt_v;
-			}
-			$i=$i+1;
-		}
-
-		$target = "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN";
-		$modConfig = "dn: $norm_opt_U\nchangetype: modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n";
-		open(FD,"| $modifyCfg ");
-		print(FD $modConfig);
-		close(FD);
-		$retcode = $?;
-		if ( $retcode != 0 ) {
-			print( STDERR "Error $retcode while modifing $norm_opt_U. Exiting.\n" );
-			exit ($retcode);
-		}
-		else {
-			print( STDERR "Entry \"$norm_opt_U\" modified\n\n") if $opt_v;
-		}
-
-		$modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n";
-		open(FD,"| $modifyCfg ");
-		print(FD $modConfig);
-		close(FD);
-		$retcode = $?;
-		if ( $retcode != 0 ) {
-			print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
-			exit ($retcode);
-		}
-		else {
-			print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
-		}
-	} # end of $opt_U
-}
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/ns-newpwpolicy.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-restart-slapd.in

@@ -1,11 +1,5 @@
 #!/bin/sh
 
-# Script that restarts the ns-slapd server.
-# Exit status can be:
-#       0: Server restarted successfully
-#       1: Server could not be started
-#       2: Server started successfully (was not running)
-#       3: Server could not be stopped
-
-@sbindir@/restart-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
-exit $?
+cd {{SERVERBIN-DIR}}
+./restart-slapd "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-restoreconfig.in

@@ -1,28 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-conf_ldif=`ls -1t {{BAK-DIR}}/{{SERV-ID}}-*.ldif | head -1`
-if [ -z "$conf_ldif" ]
-then
-    echo No configuration to restore in {{BAK-DIR}} ; exit 1
-fi
-echo Restoring $conf_ldif
-./ns-slapd ldif2db -D {{CONFIG-DIR}} -i $conf_ldif -n NetscapeRoot 2>&1
-exit $?
+./restoreconfig "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-saveconfig.in

@@ -1,29 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-echo saving configuration ...
-conf_ldif={{BAK-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif
-./ns-slapd db2ldif -N -D {{CONFIG-DIR}} -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1
-if [ "$?" -ge 1 ] 
-then
-    echo Error occurred while saving configuration
-    exit 1
-fi
-exit 0
+./saveconfig "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-schema-reload.pl.in

@@ -34,136 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2008 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        [-d schemadir]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -d schemadir        - Directory where schema files are located\n");
-    print(STDERR "     : -v                  - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$schemadir = "";
-$schemadir_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-d")
-    {
-        # schemadir
-        $i++; $schemadir_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "schema_reload_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=schema reload task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-
-if ( $schemadir_arg ne "" )
-{
-    $schemadir = "schemadir: $schemadir_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${schemadir}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/schema-reload.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-start-slapd.in

@@ -1,11 +1,5 @@
 #!/bin/sh
 
-# Script that starts the ns-slapd server.
-# Exit status can be:
-#       0: Server started successfully
-#       1: Server could not be started
-#       2: Server already running
-INSTANCE={{SERV-ID}}
-
-@sbindir@/start-dirsrv -d {{INITCONFIG-DIR}} $INSTANCE "$@"
+cd {{SERVERBIN-DIR}}
+./start-slapd "$@" -Z {{SERV-ID}}
 exit $?

ldap/admin/src/scripts/template-stop-slapd.in

@@ -1,10 +1,5 @@
 #!/bin/sh
 
-# Script that stops the ns-slapd server.
-# Exit status can be:
-#       0: Server stopped successfully
-#       1: Server could not be stopped
-#       2: Server was not running
-
-@sbindir@/stop-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
+cd {{SERVERBIN-DIR}}
+./stop-slapd "$@" -Z {{SERV-ID}}
 exit $?

ldap/admin/src/scripts/template-suffix2instance.in

@@ -1,27 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-if [ $# -lt 2 ]
-then
-	echo Usage: suffix2instance {-s includesuffix}*
-	exit 1
-fi
-
-./ns-slapd suffix2instance -D {{CONFIG-DIR}} "$@" 2>&1
+./suffix2instance "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-syntax-validate.pl.in

@@ -34,147 +34,19 @@
 # 
 # 
 # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
-    print(STDERR "        -b baseDN [-f filter]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager.\n");
-    print(STDERR "     : -w password         - Directory Manager's password.\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password.\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file.\n");
-    print(STDERR "     : -b baseDN           - Base DN that contains entries to validate.\n");
-    print(STDERR "     : -f filter           - Filter for entries to validate.\n");
-    print(STDERR "                             If omitted, all entries under the specified\n");
-    print(STDERR "                             base will have their attribute values\n");
-    print(STDERR "                             validated.\n");
-    print(STDERR "     : -v                  - Verbose.\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn_arg = "";
-$filter_arg = "";
-$filter = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-b")
-    {
-        # base DN
-        $i++; $basedn_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-f")
-    {    
-        # filter 
-        $i++; $filter_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" ) 
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-$basedn = "basedn: $basedn_arg\n";
-
-if ( $filter_arg ne "" )
-{
-    $filter = "filter: $filter_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${filter}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/syntax-validate.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-upgradedb.in

@@ -1,29 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-if [ "$#" -eq 1 ]
-then
-	bak_dir=$1
-else
-	bak_dir={{BAK-DIR}}/upgradedb_`date +%Y_%m_%d_%H_%M_%S`
-fi
-
-echo upgrade index files ...
-./ns-slapd upgradedb -D {{CONFIG-DIR}} -a $bak_dir
+./upgradedb "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-upgradednformat.in

@@ -1,63 +1,5 @@
 #!/bin/sh
 
-# upgradednformat -- upgrade DN format to the new style (RFC 4514)
-# Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
-#        -N: dryrun
-#            exit code: 0 -- needs upgrade; 1 -- no need to upgrade; -1 -- error
-#        -n backend_instance -- instance name to be examined or upgraded
-#        -a db_instance_directory -- full path to the db instance dir
-#                                    e.g., /var/lib/dirsrv/slapd-ID/db/userRoot
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
-    prefix=""
-fi
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-
-dir=""
-be=""
-dryrun=0
-while [ "$1" != "" ]
-do
-    if [ "$1" = "-a" ]; then
-        shift
-        dir="$1"
-    elif [ "$1" = "-n" ]; then
-        shift
-        be="$1"
-    elif [ "$1" = "-N" ]; then
-        dryrun=1
-    fi
-    if [ "$1" != "" ]; then
-        shift
-    fi
-done
-
-if [ "$be" = "" ] || [ "$dir" = "" ]; then
-        echo "be: $be"
-        echo "dir: $dir"
-    echo "Usage: $0 [-N] -n backend_instance -a db_instance_directory"
-    exit 1
-fi
-
-if [ $dryrun -eq 0 ]; then
-    ./ns-slapd upgradednformat -D {{CONFIG-DIR}} -a $dir -n $be
-else
-    ./ns-slapd upgradednformat -D {{CONFIG-DIR}} -a $dir -n $be -N
-fi
-rc=$?
-exit $rc
+./upgradednformat "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in

@@ -33,165 +33,19 @@
 # exception. 
 # 
 # 
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage {
-    print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } -s suffix | -n backend [ -m maxusn_to_delete ]\n");
-    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
-    print(STDERR "     : -w password         - Directory Manager's password\n");
-    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
-    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
-    print(STDERR "     : -s suffix           - Suffix where USN tombstone entries are cleaned up\n");
-    print(STDERR "     : -n backend          - Backend instance in which USN tombstone entries \n");
-	print(STDERR "                             are cleaned up (alternative to suffix)\n");
-    print(STDERR "     : -m maxusn_to_delete - USN tombstone entries are deleted up to \n");
-    print(STDERR "                             the entry with maxusn_to_delete\n");
-    print(STDERR "     : -v                  - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$args = "";
-$suffix_arg = "";
-$backend_arg = "";
-$maxusn_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV) 
-{
-    if ("$ARGV[$i]" eq "-s")
-    {
-        # suffix
-        $i++; $suffix_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-n")
-    {
-        # backend
-        $i++; $backend_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-m")
-    {
-        # max usn
-        $i++; $maxusn_arg = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-D") 
-    {    
-        # Directory Manager
-        $i++; $rootdn = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-w") 
-    {    
-        # Directory Manager's password
-        $i++; $passwd = $ARGV[$i];
-    } 
-    elsif ("$ARGV[$i]" eq "-j")
-    {
-         # Read Directory Manager's password from a file
-        $i++; $passwdfile = $ARGV[$i];
-    }
-    elsif ("$ARGV[$i]" eq "-v") 
-    {    
-        # verbose
-        $verbose = 1;
-    }
-    else
-    {
-        &usage; exit(1);
-    }
-    $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
-    unless (open (RPASS, $passwdfile)) {
-        die "Error, cannot open password file $passwdfile\n";
-    }
-    $passwd = <RPASS>;
-    chomp($passwd);
-    close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
-	print "Bind Password: ";
-	# Disable console echo
-	system("@sttyexec@ -echo") if -t STDIN;
-	# read the answer
-	$passwd = <STDIN>;
-	# Enable console echo
-	system("@sttyexec@ echo") if -t STDIN;
-	print "\n";
-	chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{ 
-    &usage; 
-    exit(1); 
-}
-
-$vstr = "";
-if ($verbose != 0) 
-{ 
-    $vstr = "-v"; 
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "usn_cleanup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=USN tombstone cleanup task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn =  "cn: $taskname\n";
-
-if ( $suffix_arg eq "" && $backend_arg eq "" )
-{
-    &usage; 
-    exit(1); 
-}
-elsif ( $suffix_arg ne "" )
-{
-    $args = "suffix: $suffix_arg\n";
-}
-else
-{
-    $args = "backend: $backend_arg\n";
-}
-
-if ( $maxusn_arg ne "" )
-{
-    $args = $args . "maxusn_to_delete: $maxusn_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${args}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/usn-tombstone-cleanup.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-verify-db.pl.in

@@ -33,241 +33,19 @@
 # exception. 
 # 
 # 
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
 # All rights reserved.
 # END COPYRIGHT BLOCK
 #
 
-sub usage
-{
-  print "Usage: $0 [ -a <fullpath_to_db_dir> ]\n";
-}
-
-# getDbDir checks up to 4 levels of db dirs
-# e.g., <server_inst_dir>/db/<backend_instance_dir>/<subdir>
-sub getDbDir
-{
-  (my $here) = @_;
-  my @dbdirs = ();
-
-  opendir(DIR0, $here) or die "can't opendir $here : $!";
-  while (defined(my $file0 = readdir(DIR0)))
-  {
-    if ( "$file0" eq "\." || "$file0" eq "\.\." ) 
-    {
-      ;
-    }
-    elsif ( "$file0" eq "DBVERSION" )
-    {
-      $#dbdirs++;
-      $dbdirs[$#dbdirs] = $here;
-    }
-    elsif ( -d $here . "{{SEP}}" . $file0 )
-    {
-      opendir(DIR1, $here . "{{SEP}}" . $file0) or die "can't opendir $file0 : $!";
-      while (defined(my $file1 = readdir(DIR1)))
-      {
-        if ( "$file1" eq "\." || "$file1" eq "\.\." ) 
-        {
-          ;
-        }
-        elsif ( "$file1" eq "DBVERSION" )
-        {
-          $#dbdirs++;
-          $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0;
-        }
-        elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 )
-        {
-          opendir(DIR2, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1) or die "can't opendir $file1 : $!";
-          while (defined(my $file2 = readdir(DIR2)))
-          {
-            if ( "$file2" eq "\." || "$file2" eq "\.\." ) 
-            {
-              ;
-            }
-            elsif ("$file2" eq "DBVERSION")
-            {
-              $#dbdirs++;
-              $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1;
-            }
-            elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2 )
-            {
-              opendir(DIR3, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2) or die "can't opendir $file1 : $!";
-              while (defined(my $file3 = readdir(DIR3)))
-              {
-                if ( "$file3" eq "\." || "$file3" eq "\.\." ) 
-                {
-                  ;
-                }
-                elsif ("$file3" eq "DBVERSION")
-                {
-                  $#dbdirs++;
-                  $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . $file2;
-                }
-              }
-              closedir(DIR3);
-            }
-          }
-          closedir(DIR2);
-        }
-      }
-      closedir(DIR1);
-    }
-  }
-  closedir(DIR0);
-
-  return \@dbdirs;
-}
-
-sub getLastLogfile
-{
-  (my $here) = @_;
-  my $logfile = "";
-
-  opendir(DIR, $here) or die "can't opendir $here : $!";
-  while (defined($file = readdir(DIR)))
-  {
-    if ($file =~ /log./)
-    {
-      $logfile = $file;
-    }
-  }
-  closedir(DIR);
-
-  return \$logfile;
-}
-
-$isWin = -d '\\';
-if ($isWin) {
-  $NULL = "nul";
-} else {
-  $NULL = "/dev/null";
-}
-
-my $i = 0;
-$startpoint = "";
+# We lose args that are quoted when passing ARGV to a wrapper
 while ($i <= $#ARGV) {
-  if ( "$ARGV[$i]" eq "-a" ) {  # path to search the db files
-    $i++; $startpoint = $ARGV[$i];
-  } else {
-    &usage; exit(1);
-  }
-  $i++;
-}
-
-print("*****************************************************************\n");
-print("verify-db: This tool should only be run if recovery start fails\n" .
-      "and the server is down.  If you run this tool while the server is\n" .
-      "running, you may get false reports of corrupted files or other\n" .
-      "false errors.\n");
-print("*****************************************************************\n");
-
-if ( "$startpoint" eq "" ) {
-  $startpoint = "{{DB-DIR}}";
-}
-# get dirs having DBVERSION
-my $dbdirs = getDbDir($startpoint);
-my $prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "{{INST-DIR}}:$prefix@db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
-
-libpath_add("@db_libdir@");
-libpath_add("@libdir@");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-# Check transaction logs by db_printlog
-for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
-{
-  my $logfile = getLastLogfile($$dbdirs[$i]);
-
-  if ( "$$logfile" ne "" )
-  {
-    # run db_printlog -h <dbdir> for each <dbdir>
-    print "Verify log files in $$dbdirs[$i] ... ";
-    open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |");
-    sleep 1;
-    my $haserr = 0;
-    while ($l = <PRINTLOG>)
-    {
-      if ("$l" ne "")
-      {
-        if ($haserr == 0)
-        {
-          print "\n";
-        }
-        print "LOG ERROR: $l";
-        $haserr++;
-      }
-    }
-    close(PRINTLOG);
-    if ($haserr == 0 && $? == 0)
-    {
-      print "Good\n";
-    }
-    else
-    {
-      print "Log file(s) in $$dbdirs[$i] could be corrupted.\n";
-      print "Please delete a log file $$logfile, and try restarting the server.\n";
-    }
-  }
-}
-
-# Check db files by db_verify
-print "Verify db files ... ";
-open(DBVERIFY, "dbverify $thisdb 2>&1 1> $NULL |");
-sleep 1;
-my $bad_index = 0;
-my $bad_id2entry = 0;
-my $isfirst = 1;
-while ($l = <DBVERIFY>)
-{
-    if ($isfirst)
-    {
-        print "\n";
-        $isfirst = 0;
-    }
-    if ("$l" =~ /verify failed/)
-    {
-        if ("$l" =~ /id2entry.db/)
-        {
-            $bad_id2entry++;
-        }
-        else
-        {
-            $bad_index++;
-        }
-    }
-    print "$l";
-}
-close(DBVERIFY);
-
-if ($bad_id2entry > 0)
-{
-    print "\nFound the db was corrupted\n";
-    print "Please restore your backup and recover the database.\n";
-    exit(1);
-}
-elsif ($bad_index > 0)
-{
-    print "\nFound the index file(s) was corrupted\n";
-    print "Please run db2index on the corrupted index\n";
-    exit(1);
-}
-else
-{
-    print "Good\n";
-    exit(0);
-}
-
-sub libpath_add {
-    my $libpath = shift;
-
-    if ($libpath) {
-        if ($ENV{'LD_LIBRARY_PATH'}) {
-            $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+        if($ARGV[$i] =~ /^-/){
+                $wrapperArgs[$i] = $ARGV[$i];
         } else {
-            $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+                $wrapperArgs[$i] = "\"$ARGV[$i]\"";
         }
-    }
+        $i++;
 }
+
+exec "{{SERVERBIN-DIR}}/verify-db.pl @wrapperArgs -Z {{SERV-ID}}";

ldap/admin/src/scripts/template-vlvindex.in

@@ -1,28 +1,5 @@
 #!/bin/sh
 
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
-    [ -z "$1" ] && return
-    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
 cd {{SERVERBIN-DIR}}
-if [ $# -lt 4 ]
-then
-	echo "Usage: vlvindex -n backend_instance | {-s includesuffix}* -T attribute"
-	echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are required.
-	exit 1
-fi
-
-./ns-slapd db2index -D {{CONFIG-DIR}} "$@"
+./vlvindex "$@" -Z {{SERV-ID}}
+exit $?

ldap/admin/src/scripts/upgradedb.in

@@ -0,0 +1,100 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:vfrd:" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        v) args=$args" -v";;
+        f) args=$args" -f";;
+        r) args=$args" -r";;
+        d) args=$args" -d $OPTARG";;
+        a) args=$args" -a $OPTARG";;
+        D) args=$args" -D $OPTARG";;
+    esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+if [ "$#" -eq 1 ]
+then
+	bak_dir=$1
+else
+	bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/upgradedb_`date +%Y_%m_%d_%H_%M_%S`
+fi
+
+echo upgrade index files ...
+./ns-slapd upgradedb -D $configdir -a $bak_dir $args

ldap/admin/src/scripts/upgradednformat.in

@@ -0,0 +1,121 @@
+#!/bin/sh
+
+# upgradednformat -- upgrade DN format to the new style (RFC 4514)
+# Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
+#        -N: dryrun
+#            exit code: 0 -- needs upgrade; 1 -- no need to upgrade; -1 -- error
+#        -n backend_instance -- instance name to be examined or upgraded
+#        -a db_instance_directory -- full path to the db instance dir
+#                                    e.g., /var/lib/dirsrv/slapd-ID/db/userRoot
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+cd $server_sbin
+
+dir=""
+be=""
+servid=""
+dryrun=0
+
+first="yes"
+args=""        
+while getopts "vhd:a:n:D:N" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        v) args=$args" -v";;
+        N) args=$args" -N";;
+        d) args=$args" -d $OPTARG";;
+        a) args=$args" -a $OPTARG"
+           dir="set";;
+        n) args=$args" -n $OPTARG"
+           be="set";;
+        h) echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a db_instance_directory"
+           exit 0;;
+        D) args=$args" -D $OPTARG";;
+        ?) echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a db_instance_directory"
+           exit 1;;
+    esac
+done
+
+if [ "$be" = "" ] || [ "$dir" = "" ]; then
+    echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a db_instance_directory"
+    exit 1
+fi
+
+
+    # server id not provided, check if there is only one instance
+    inst_count=0
+    for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+    do
+        if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+        then
+            inst_count=`expr $inst_count + 1`
+            id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+            if  [ $first == "yes" ]
+            then
+                instances=$id
+                first="no"
+            else
+                instances=$instances", $id"
+            fi
+            name=$id
+        fi
+    done 
+    
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a db_instance_directory"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+./ns-slapd upgradednformat -D $configdir $args
+
+rc=$?
+exit $rc

ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in

@@ -0,0 +1,237 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+    print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } -s suffix | -n backend [ -m maxusn_to_delete ]\n");
+    print(STDERR " Opts: -D rootdn           - Directory Manager\n");
+    print(STDERR "     : -w password         - Directory Manager's password\n");
+    print(STDERR "     : -w -                - Prompt for Directory Manager's password\n");
+    print(STDERR "     : -Z serverID         - Server instance identifier\n");
+    print(STDERR "     : -j filename         - Read Directory Manager's password from file\n");
+    print(STDERR "     : -s suffix           - Suffix where USN tombstone entries are cleaned up\n");
+    print(STDERR "     : -n backend          - Backend instance in which USN tombstone entries \n");
+	print(STDERR "                             are cleaned up (alternative to suffix)\n");
+    print(STDERR "     : -m maxusn_to_delete - USN tombstone entries are deleted up to \n");
+    print(STDERR "                             the entry with maxusn_to_delete\n");
+    print(STDERR "     : -v                  - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$args = "";
+$suffix_arg = "";
+$backend_arg = "";
+$maxusn_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV) 
+{
+    if ("$ARGV[$i]" eq "-s")
+    {
+        # suffix
+        $i++; $suffix_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-n")
+    {
+        # backend
+        $i++; $backend_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-m")
+    {
+        # max usn
+        $i++; $maxusn_arg = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-D") 
+    {    
+        # Directory Manager
+        $i++; $rootdn = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-w") 
+    {    
+        # Directory Manager's password
+        $i++; $passwd = $ARGV[$i];
+    } 
+    elsif ("$ARGV[$i]" eq "-j")
+    {
+        # Read Directory Manager's password from a file
+        $i++; $passwdfile = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-Z")
+    {
+        # Server instance identifier
+        $i++; $servid = $ARGV[$i];
+    }
+    elsif ("$ARGV[$i]" eq "-h") 
+    { 
+        # help
+        &usage; exit(0);
+    }
+    elsif ("$ARGV[$i]" eq "-v") 
+    {    
+        # verbose
+        $verbose = 1;
+    }
+    else
+    {
+        &usage; exit(1);
+    }
+    $i++;
+}
+
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+    if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+        $instance_count++;
+        if($file =~ /dirsrv-(.*)/){
+            if($first eq "yes"){
+                $instances=$1;
+                $first = "no";
+            } else {
+                $instances=$instances . ", $1";
+            }
+            $name = $1;
+        }
+    }
+}
+    
+if($servid eq ""){
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, $rootdn);
+
+if ($passwdfile ne ""){
+# Open file and get the password
+    unless (open (RPASS, $passwdfile)) {
+        die "Error, cannot open password file $passwdfile\n";
+    }
+    $passwd = <RPASS>;
+    chomp($passwd);
+    close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+	print "Bind Password: ";
+	# Disable console echo
+	system("@sttyexec@ -echo") if -t STDIN;
+	# read the answer
+	$passwd = <STDIN>;
+	# Enable console echo
+	system("@sttyexec@ echo") if -t STDIN;
+	print "\n";
+	chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{ 
+    &usage; 
+    exit(1); 
+}
+
+$vstr = "";
+if ($verbose != 0) 
+{ 
+    $vstr = "-v"; 
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "usn_cleanup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=USN tombstone cleanup task, cn=tasks, cn=config\n";
+$misc = "objectclass: top\nobjectclass: extensibleObject\n";
+$cn =  "cn: $taskname\n";
+
+if ( $suffix_arg eq "" && $backend_arg eq "" )
+{
+    &usage; 
+    exit(1); 
+}
+elsif ( $suffix_arg ne "" )
+{
+    $args = "suffix: $suffix_arg\n";
+}
+else
+{
+    $args = "backend: $backend_arg\n";
+}
+
+if ( $maxusn_arg ne "" )
+{
+    $args = $args . "maxusn_to_delete: $maxusn_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${args}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);

ldap/admin/src/scripts/verify-db.pl.in

@@ -0,0 +1,303 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage
+{
+  print "Usage: $0 [-Z serverID] [ -a <fullpath_to_db_dir> ]\n";
+}
+
+# getDbDir checks up to 4 levels of db dirs
+# e.g., <server_inst_dir>/db/<backend_instance_dir>/<subdir>
+sub getDbDir
+{
+  (my $here) = @_;
+  my @dbdirs = ();
+
+  opendir(DIR0, $here) or die "can't opendir $here : $!";
+  while (defined(my $file0 = readdir(DIR0)))
+  {
+    if ( "$file0" eq "\." || "$file0" eq "\.\." ) 
+    {
+      ;
+    }
+    elsif ( "$file0" eq "DBVERSION" )
+    {
+      $#dbdirs++;
+      $dbdirs[$#dbdirs] = $here;
+    }
+    elsif ( -d $here . "/" . $file0 )
+    {
+      opendir(DIR1, $here . "/" . $file0) or die "can't opendir $file0 : $!";
+      while (defined(my $file1 = readdir(DIR1)))
+      {
+        if ( "$file1" eq "\." || "$file1" eq "\.\." ) 
+        {
+          ;
+        }
+        elsif ( "$file1" eq "DBVERSION" )
+        {
+          $#dbdirs++;
+          $dbdirs[$#dbdirs] = $here . "/" . $file0;
+        }
+        elsif ( -d $here . "/" . $file0 . "/" . $file1 )
+        {
+          opendir(DIR2, $here . "/" . $file0 . "/" . $file1) or die "can't opendir $file1 : $!";
+          while (defined(my $file2 = readdir(DIR2)))
+          {
+            if ( "$file2" eq "\." || "$file2" eq "\.\." ) 
+            {
+              ;
+            }
+            elsif ("$file2" eq "DBVERSION")
+            {
+              $#dbdirs++;
+              $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1;
+            }
+            elsif ( -d $here . "/" . $file0 . "/" . $file1 . "/" . $file2 )
+            {
+              opendir(DIR3, $here . "/" . $file0 . "/" . $file1 . "/" . $file2) or die "can't opendir $file1 : $!";
+              while (defined(my $file3 = readdir(DIR3)))
+              {
+                if ( "$file3" eq "\." || "$file3" eq "\.\." ) 
+                {
+                  ;
+                }
+                elsif ("$file3" eq "DBVERSION")
+                {
+                  $#dbdirs++;
+                  $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1 . "/" . $file2;
+                }
+              }
+              closedir(DIR3);
+            }
+          }
+          closedir(DIR2);
+        }
+      }
+      closedir(DIR1);
+    }
+  }
+  closedir(DIR0);
+
+  return \@dbdirs;
+}
+
+sub getLastLogfile
+{
+  (my $here) = @_;
+  my $logfile = "";
+
+  opendir(DIR, $here) or die "can't opendir $here : $!";
+  while (defined($file = readdir(DIR)))
+  {
+    if ($file =~ /log./)
+    {
+      $logfile = $file;
+    }
+  }
+  closedir(DIR);
+
+  return \$logfile;
+}
+
+$isWin = -d '\\';
+if ($isWin) {
+  $NULL = "nul";
+} else {
+  $NULL = "/dev/null";
+}
+
+my $i = 0;
+$startpoint = "";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+  if ( "$ARGV[$i]" eq "-a" ) {  # path to search the db files
+    $i++; $startpoint = $ARGV[$i];
+  } elsif ( "$ARGV[$i]" eq "-Z" ) {  # server instance identifier
+    $i++; $servid = $ARGV[$i];
+  } elsif ("$ARGV[$i]" eq "-h") { # help
+    &usage; exit(0);
+  } else {
+    &usage; exit(1);
+  }
+  $i++;
+}
+
+$first = "yes";
+if($servid eq ""){
+    opendir(DIR, "$prefix/etc/sysconfig");
+    @files = readdir(DIR);
+    foreach $file (@files){
+        if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+            $instance_count++;
+            if($file =~ /dirsrv-(.*)/){
+                if($first eq "yes"){
+                    $instances=$1;
+                    $first = "no";
+                } else {
+                    $instances=$instances . ", $1";
+                }
+                $name = $1;
+            }
+        }
+    }
+    if ($instance_count == 1){
+        $servid = $name;
+    } else {
+        &usage;
+        print "You must supply a server instance identifier.  Use -Z to specify instance name\n";
+        print "Available instances: $instances\n";
+        exit (1);
+    }
+} elsif ($servid =~ /^dirsrv-/){
+    # strip off "dirsrv-"
+    $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+    # strip off "slapd-"
+    $servid =~ s/^slapd-//;
+}
+
+print("*****************************************************************\n");
+print("verify-db: This tool should only be run if recovery start fails\n" .
+      "and the server is down.  If you run this tool while the server is\n" .
+      "running, you may get false reports of corrupted files or other\n" .
+      "false errors.\n");
+print("*****************************************************************\n");
+
+if ( "$startpoint" eq "" ) {
+  $startpoint = "$prefix/var/lib/dirsrv/slapd-$servid/db";
+}
+# get dirs having DBVERSION
+my $dbdirs = getDbDir($startpoint);
+
+$ENV{'PATH'} = "@libdir@/dirsrv/slapd-$servid:$prefix@db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
+
+DSUtil::libpath_add("@db_libdir@");
+DSUtil::libpath_add("@libdir@");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+# Check transaction logs by db_printlog
+for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
+{
+  my $logfile = getLastLogfile($$dbdirs[$i]);
+
+  if ( "$$logfile" ne "" )
+  {
+    # run db_printlog -h <dbdir> for each <dbdir>
+    print "Verify log files in $$dbdirs[$i] ... ";
+    open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |");
+    sleep 1;
+    my $haserr = 0;
+    while ($l = <PRINTLOG>)
+    {
+      if ("$l" ne "")
+      {
+        if ($haserr == 0)
+        {
+          print "\n";
+        }
+        print "LOG ERROR: $l";
+        $haserr++;
+      }
+    }
+    close(PRINTLOG);
+    if ($haserr == 0 && $? == 0)
+    {
+      print "Good\n";
+    }
+    else
+    {
+      print "Log file(s) in $$dbdirs[$i] could be corrupted.\n";
+      print "Please delete a log file $$logfile, and try restarting the server.\n";
+    }
+  }
+}
+
+# Check db files by db_verify
+print "Verify db files ... ";
+open(DBVERIFY, "dbverify -Z $servid 2>&1 1> $NULL |");
+sleep 1;
+my $bad_index = 0;
+my $bad_id2entry = 0;
+my $isfirst = 1;
+while ($l = <DBVERIFY>)
+{
+    if ($isfirst)
+    {
+        print "\n";
+        $isfirst = 0;
+    }
+    if ("$l" =~ /verify failed/)
+    {
+        if ("$l" =~ /id2entry.db/)
+        {
+            $bad_id2entry++;
+        }
+        else
+        {
+            $bad_index++;
+        }
+    }
+    print "$l";
+}
+close(DBVERIFY);
+
+if ($bad_id2entry > 0)
+{
+    print "\nFound the db was corrupted\n";
+    print "Please restore your backup and recover the database.\n";
+    exit(1);
+}
+elsif ($bad_index > 0)
+{
+    print "\nFound the index file(s) was corrupted\n";
+    print "Please run db2index on the corrupted index\n";
+    exit(1);
+}
+else
+{
+    print "Good\n";
+    exit(0);
+}

ldap/admin/src/scripts/vlvindex.in

@@ -0,0 +1,110 @@
+#!/bin/sh
+
+libpath_add() {
+    [ -z "$1" ] && return
+    LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+    server_sbin="/usr/sbin"
+else
+    prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+    server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:vd:a:t:T:Sn:s:x:hD:" flag
+do
+    case $flag in
+        Z) servid=$OPTARG;;
+        v) args=$args" -v";;
+        s) args=$args" -s $OPTARG";;
+        d) args=$args" -d $OPTARG";;
+        a) args=$args" -a $OPTARG";;
+        t) args=$args" -t $OPTARG";;
+        T) args=$args" -T $OPTARG";;
+        S) args=$args" -S";;
+        n) args=$args" -n $OPTARG";;
+        x) args=$args" -x $OPTARG";;
+        D) args=$args" -D $OPTARG";;
+        h) echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s includesuffix}* -T attribute"
+           echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are required.
+           exit 0;;
+        ?) echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s includesuffix}* -T attribute"
+           echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are required.
+           exit 1;;
+    esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+    if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+    then
+        inst_count=`expr $inst_count + 1`
+        id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+        if  [ $first == "yes" ]
+        then
+            instances=$id
+            first="no"
+        else
+            instances=$instances", $id"
+        fi
+        name=$id
+    fi
+done
+     
+if [ -z $servid ]
+then
+    if [ $inst_count -eq 1 ]
+    then
+        servid=$name
+    else 
+        # error
+        echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s includesuffix}* -T attribute"
+        echo "You must supply a server instance identifier.  Use -Z to specify instance name"
+        echo "Available instances: $instances"
+        exit 1
+    fi
+elif [ $servid == slapd-* ]
+then
+    servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+    servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+    echo "Invalid server identifier: $servid"
+    echo "Available instances: $instances"
+    exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 4 ]
+then
+	echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s includesuffix}* -T attribute"
+	echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are required.
+	exit 1
+fi
+
+./ns-slapd db2index -D $configdir $args

ldap/servers/slapd/entry.c

@@ -4108,8 +4108,8 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **curr_entries,
             slapi_entry_clear_flag(*cep, SLAPI_ENTRY_FLAG_DIFF_IN_BOTH);
         } else {
             rval = 1;
-                          
-            LDAPDebug(LDAP_DEBUG_ANY, "Del %sEntry %s\n", 
+
+            LDAPDebug(LDAP_DEBUG_ANY, "Del %sEntry %s\n",
                       my_logging_prestr, slapi_entry_get_dn_const(*cep), 0);
 
             if (testall)