Reduce the number of DN normalization

. Adding SLAPI_TARGET_SDN as well as its macros, SLAPI_SEARCH_TARGET_
  SDN SLAPI_ADD_TARGET_SDN, SLAPI_MODIFY_TARGET_SDN, etc.
. Adding SLAPI_MODRDN_NEWSUPERIOR_SDN.
. SLAPI_TARGET_DN and SLAPI_MODRDN_NEWSUPERIOR are kept for the back-
  ward compatibility.  But they are marked as deprecated.  They are
  pointing dn in SLAPI_TARGET_SDN and SLAPI_MODRDN_NEWSUPERIOR_SDN,
  respectively.
. slapi_pblock_set(.., SLAPI_TARGET_DN/SLAPI_MODRDN_NEWSUPERIOR, dn)
  takes dn string and reset Slapi_DN to SLAPI_TARGET_SDN/SLAPI_MODRDN_
  NEWSUPERIOR_SDN.
. slapi_pblock_get(.., SLAPI_TARGET_DN/SLAPI_MODRDN_NEWSUPERIOR, &dn)
  retrieves dn out of SLAPI_TARGET_SDN/SLAPI_MODRDN_NEWSUPERIOR_SDN.
. Replacing slapi_dn_normalization_ext call with generating Slapi_DN
  APIs (e.g., slapi_sdn_new_dn_...) as much as possible and stash it
  in pblock using SLAPI_TARGET_SDN.
. When a normalized DN string is needed, get it using slapi_sdn_get_[n]dn
  from the stashed Slapi_DN.
. Introduced a new field "udn" to Slapi_DN.
  "udn" is an original DN.
  "dn" is its normalized DN.
  "ndn" is its case-lowered normalized DN.
  Note: slapi_sdn_get_ndn_len represents the length of the normalized
  DN, which is "dn" as well as "ndn".  Thus, instead of calling strlen
  for the normalized dn, using slapi_sdn_get_ndn_len, as much as possible.
. Taking advantage of the knowledge of the stage of the DN, call the
  most efficient DN creating API (e.g., slapi_sdn_new_dn_... vs.
  slapi_sdn_new_normdn_... vs. slapi_sdn_new_ndn_...)

Others
. Replacing inefficient array assignment with memset (acl.c) and
  memcpy (idl_common.c).
. Fixing invalid memory access in LASDnsBuild (lib/libaccess/lasdns.cpp).
. Fixing compiler warnings.

Reviewed by [email protected] (Thank you, Rich!!)

ldap/servers/plugins/acctpolicy/acct_plugin.c

@@ -32,7 +32,7 @@ Hewlett-Packard Development Company, L.P.
   login time plus the limit to decide whether to deny the bind.
 */
 static int
-acct_inact_limit( Slapi_PBlock *pb, char *dn, Slapi_Entry *target_entry, acctPolicy *policy )
+acct_inact_limit( Slapi_PBlock *pb, const char *dn, Slapi_Entry *target_entry, acctPolicy *policy )
 {
 	char *lasttimestr = NULL;
 	time_t lim_t, last_t, cur_t;
@@ -153,7 +153,7 @@ done:
 int
 acct_bind_preop( Slapi_PBlock *pb )
 {
-	char *dn = NULL;
+	const char *dn = NULL;
 	Slapi_DN *sdn = NULL;
 	Slapi_Entry *target_entry = NULL;
 	int rc = 0; /* Optimistic default */
@@ -167,20 +167,19 @@ acct_bind_preop( Slapi_PBlock *pb )
 	plugin_id = get_identity();
 
 	/* This does not give a copy, so don't free it */
-	if( slapi_pblock_get( pb, SLAPI_BIND_TARGET, &dn ) != 0 ) {
+	if( slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn ) != 0 ) {
 		slapi_log_error( SLAPI_LOG_FATAL, PRE_PLUGIN_NAME,
 			"Error retrieving target DN\n" );
 		rc = -1;
 		goto done;
 	}
+	dn = slapi_sdn_get_dn(sdn);
 
 	/* The plugin wouldn't get called for anonymous binds but let's check */
 	if ( dn == NULL ) {
 		goto done;
 	}
 
-	sdn = slapi_sdn_new_dn_byref( dn );
-
 	ldrc = slapi_search_internal_get_entry( sdn, NULL, &target_entry,
 		plugin_id );
 
@@ -222,8 +221,6 @@ done:
 
 	slapi_entry_free( target_entry );
 
-	slapi_sdn_free( &sdn );
-
 	free_acctpolicy( &policy );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,

ldap/servers/plugins/acl/acl.c

@@ -95,8 +95,8 @@ static void print_access_control_summary( char * source,
 									char *attr,
 									const char *edn,
 									aclResultReason_t *acl_reason);
-static int check_rdn_access( Slapi_PBlock *pb,Slapi_Entry *e, char * newrdn,
-						int access);
+static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, 
+                             const char * newrdn, int access);
 
 
 /*
@@ -117,7 +117,9 @@ acl_access_allowed_modrdn(
 	)
 {
 	int retCode ;
-	char *newrdn, *oldrdn;
+	char *newrdn;
+	const char *oldrdn;
+	Slapi_DN *target_sdn = NULL;
 	int deleteoldrdn = 0;
 
 	/*
@@ -134,9 +136,8 @@ acl_access_allowed_modrdn(
 	}
 
 	/* Now get the new rdn attribute name and value */
-
-	slapi_pblock_get( pb, SLAPI_MODRDN_TARGET, &oldrdn );
-    slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
+	slapi_pblock_get( pb, SLAPI_MODRDN_TARGET_SDN, &target_sdn );
+	slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
 
 	/* Check can add the new naming attribute */
 	retCode = check_rdn_access( pb, e, newrdn, ACLPB_SLAPI_ACL_WRITE_ADD) ;
@@ -149,6 +150,7 @@ acl_access_allowed_modrdn(
 	/* Check can delete the new naming attribute--if required */
 	slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &deleteoldrdn );
 	if ( deleteoldrdn ) {
+		oldrdn = slapi_sdn_get_dn(target_sdn);
 		retCode = check_rdn_access( pb, e, oldrdn, ACLPB_SLAPI_ACL_WRITE_DEL) ;
 		if ( retCode != LDAP_SUCCESS ) {
 			slapi_log_error( SLAPI_LOG_ACL, plugin_name,
@@ -164,7 +166,7 @@ acl_access_allowed_modrdn(
  * Test if have access to make the first rdn of dn in entry e.
 */
  
-static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, char *dn,
+static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn,
 						int access) {
 	
 	char **dns;
@@ -320,7 +322,7 @@ acl_access_allowed(
 	TNF_PROBE_0_DEBUG(acl_skipaccess_end,"ACL","");
 
 
-	/* Get the bindDN */
+	/* Get the bindDN (normalized & case-ignored) */
 	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
 
 	/* Initialize aclpb */
@@ -486,7 +488,7 @@ acl_access_allowed(
 		
 		TNF_PROBE_0_DEBUG(acl_aciscan_start,"ACL","");
 		slapi_sdn_done ( aclpb->aclpb_curr_entry_sdn );
-		slapi_sdn_set_dn_byval ( aclpb->aclpb_curr_entry_sdn, n_edn );
+		slapi_sdn_set_ndn_byval ( aclpb->aclpb_curr_entry_sdn, n_edn );
 		acllist_aciscan_update_scan ( aclpb, n_edn ); 
 		TNF_PROBE_0_DEBUG(acl_aciscan_end,"ACL","");
 
@@ -1064,16 +1066,14 @@ acl_read_access_allowed_on_entry (
 				 * which was found in the entry and that attribute is
 				 * now in aclpb_Evalattr
 				*/
-				aclpb->aclpb_state |= 
-					ACLPB_ACCESS_ALLOWED_USERATTR;
+				aclpb->aclpb_state |= ACLPB_ACCESS_ALLOWED_USERATTR;
 			} else {
 #endif /* DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES */
 				/*
 				 * Access was granted to _an_ attribute in the entry and that
 				 * attribute is now in aclpb_Evalattr
 				*/
-				aclpb->aclpb_state |= 
-					ACLPB_ACCESS_ALLOWED_ON_A_ATTR;
+				aclpb->aclpb_state |= ACLPB_ACCESS_ALLOWED_ON_A_ATTR;
 #ifdef DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES
 			}
 #endif /* DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES */
@@ -1084,8 +1084,8 @@ acl_read_access_allowed_on_entry (
 		} else {
 			/* try the next one */
 			attr_type = NULL;
-#ifdef DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES
-			if (attr_index >= 0) { 
+#ifdef DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES 
+			if (attr_index >= 0) {
 				attr_type = attrs[attr_index++];
 			} else {
 #endif /* DETERMINE_ACCESS_BASED_ON_REQUESTED_ATTRIBUTES */
@@ -1546,7 +1546,7 @@ acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change)
 	Slapi_DN		*e_sdn;
 	aclUserGroup	*ugroup = NULL;
 	
-	e_sdn = slapi_sdn_new_ndn_byval ( n_dn );
+	e_sdn = slapi_sdn_new_normdn_byval ( n_dn );
 	/* Before we proceed, Let's first check if we are changing any groups.
 	** If we are, then we need to change the signature
 	*/
@@ -1836,7 +1836,6 @@ acl__scan_for_acis(Acl_PBlock *aclpb, int *err)
 	int				allow_handle;
 	int				gen_allow_handle = ACI_MAX_ELEVEL+1;
 	int				gen_deny_handle = ACI_MAX_ELEVEL+1;
-	int				i;
 	PRUint32		cookie;
 	
 	TNF_PROBE_0_DEBUG(acl__scan_for_acis_start,"ACL","");
@@ -1849,20 +1848,18 @@ acl__scan_for_acis(Acl_PBlock *aclpb, int *err)
 			aclpb->aclpb_handles_index[0] != -1 ) {
 			int kk = 0;
 			while ( kk < ACLPB_MAX_SELECTED_ACLS && aclpb->aclpb_handles_index[kk] != -1 ) {
-				slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Using ACL Cointainer:%d for evaluation\n", kk);
+				slapi_log_error(SLAPI_LOG_ACL, plugin_name, "Using ACL Container:%d for evaluation\n", kk);
 				kk++;
 			}
 	}
-		
+
 	memset (&errp, 0, sizeof(NSErr_t));
 	*err = ACL_FALSE;
 	aclpb->aclpb_num_deny_handles = -1;
 	aclpb->aclpb_num_allow_handles = -1;
-	for (i=0; i <= ACI_MAX_ELEVEL; i++) {
-		aclpb->aclpb_deny_handles [i] = NULL;
-		aclpb->aclpb_allow_handles [i] = NULL;
-	}
-		
+	memset(aclpb->aclpb_deny_handles, 0, sizeof(aci_t *)*(ACI_MAX_ELEVEL+1));
+	memset(aclpb->aclpb_allow_handles, 0, sizeof(aci_t *)*(ACI_MAX_ELEVEL+1));
+
 	/* Check the signature. If it has changed, start fresh */
 	if ( aclpb->aclpb_signature != acl_signature ) {
 		slapi_log_error (SLAPI_LOG_ACL, plugin_name, 
@@ -1873,7 +1870,6 @@ acl__scan_for_acis(Acl_PBlock *aclpb, int *err)
 	attr_matched = ACL_FALSE;
 	deny_handle = 0;
 	allow_handle = 0;
-	i = 0;
 
 	aclpb->aclpb_stat_acllist_scanned++;
 	aci = acllist_get_first_aci ( aclpb, &cookie );

ldap/servers/plugins/acl/acl.h

@@ -838,7 +838,7 @@ void		aclutil_print_resource( struct acl_pblock *aclpb, char *right , char *attr
 char *		aclutil_expand_paramString ( char *str, Slapi_Entry *e );
 
 
-void		acllist_init_scan (Slapi_PBlock *pb, int scope, char *base);
+void		acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base);
 aci_t * 	acllist_get_first_aci (Acl_PBlock *aclpb, PRUint32 *cookie );
 aci_t * 	acllist_get_next_aci ( Acl_PBlock *aclpb, aci_t *curraci, PRUint32 *cookie );
 aci_t *		acllist_get_aci_new ();

ldap/servers/plugins/acl/acl_ext.c

@@ -658,7 +658,7 @@ error:
 
 /* Initializes the aclpb */
 void 
-acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *dn, int copy_from_aclcb)
+acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *ndn, int copy_from_aclcb)
 {
 	struct acl_cblock	*aclcb = NULL;
 	char				*authType;
@@ -685,8 +685,8 @@ acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *dn, int copy_
 	aclpb->aclpb_state = ACLPB_INITIALIZED;
 
 	/* We make an anonymous user a non null dn which is empty */
-	if (dn && *dn != '\0' ) 
-		slapi_sdn_set_ndn_byval ( aclpb->aclpb_authorization_sdn, dn );
+	if (ndn && *ndn != '\0' ) 
+		slapi_sdn_set_ndn_byval ( aclpb->aclpb_authorization_sdn, ndn );
 	else
 		slapi_sdn_set_ndn_byval ( aclpb->aclpb_authorization_sdn, "" );
 
@@ -716,7 +716,7 @@ acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *dn, int copy_
 	slapi_pblock_get ( pb, SLAPI_CONN_CERT, &aclpb->aclpb_clientcert );
 
 	/* See if the we have already a cached info about user's group */
-	aclg_init_userGroup ( aclpb, dn, 0 /* get lock */ );
+	aclg_init_userGroup ( aclpb, ndn, 0 /* get lock */ );
 
 	slapi_pblock_get( pb, SLAPI_BE_MAXNESTLEVEL, &aclpb->aclpb_max_nesting_level );
 	slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit );

ldap/servers/plugins/acl/acleffectiverights.c

@@ -197,7 +197,6 @@ _ger_parse_control (
 	size_t subjectndnlen = 0;
 	char *orig = NULL;
 	char *normed = NULL;
-	int rc = 0;
 
 	if (NULL == subjectndn)
 	{
@@ -268,22 +267,17 @@ _ger_parse_control (
 	}
 
 	/* memmove is safe for overlapping copy */
-	rc = slapi_dn_normalize_ext(orig + 3, 0, &normed, &subjectndnlen);
-	if (rc < 0) {
-		aclutil_str_append ( errbuf, "get-effective-rights: failed to normalize dn: ");
-		aclutil_str_append ( errbuf, orig);
-		slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "%s\n", *errbuf );
+	normed = slapi_create_dn_string("%s", orig + 3);
+	if (NULL == normed) {
+		aclutil_str_append (errbuf, "get-effective-rights: failed to normalize dn: ");
+		aclutil_str_append (errbuf, orig);
+		slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "%s\n", *errbuf);
 		slapi_ch_free_string(&orig);
 		return LDAP_INVALID_SYNTAX;
 	}
-	if (rc == 0) { /* orig+3 is passed in; not terminated */
-		*(normed + subjectndnlen) = '\0';
-		*subjectndn = slapi_ch_strdup(normed);
-		slapi_ch_free_string(&orig);
-	} else {
-		slapi_ch_free_string(&orig);
-		*subjectndn = normed;
-	}
+	slapi_ch_free_string(&orig);
+	*subjectndn = normed;
+	slapi_dn_ignore_case(*subjectndn);
 	return LDAP_SUCCESS;
 }
 
@@ -839,7 +833,8 @@ _ger_generate_template_entry (
 	char *object = NULL;
 	char *superior = NULL;
 	char *p = NULL;
-	char *dn = NULL;
+	const char *dn = NULL;
+	Slapi_DN *sdn = NULL;
 	char *dntype = NULL;
 	int siz = 0;
 	int len = 0;
@@ -856,8 +851,6 @@ _ger_generate_template_entry (
 		rc = LDAP_SUCCESS;
 		goto bailout;
 	}
-	/* get the target dn where the template entry is located */
-	slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn );
 	for (i = 0; gerattrs && gerattrs[i]; i++)
 	{
 		object = strchr(gerattrs[i], '@');
@@ -907,6 +900,9 @@ _ger_generate_template_entry (
 			siz += strlen(attrs[i]) + 4 + 20;
 		}
 	}
+	/* get the target dn where the template entry is located */
+	slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
+	dn = slapi_sdn_get_dn(sdn);
 	if (dn)
 	{
 		/* dn: <attr>=<template_name>,<dn>\n\0 */

ldap/servers/plugins/acl/acllas.c

@@ -671,19 +671,17 @@ DS_LASUserDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
 					break;
 				}
 				if (rc == ACL_ERR) {
-			   		slapi_log_error( SLAPI_LOG_ACL, plugin_name, 
-			    			"DS_LASUserDnEval:Error in matching patteren(%s)\n",
-			     			user);
+					slapi_log_error( SLAPI_LOG_ACL, plugin_name, 
+							"DS_LASUserDnEval:Error in matching patteren(%s)\n",
+							user);
 				}
 				slapi_filter_free(f,1);
 			} else {
 				/* Must be a simple dn then */
-				char *normed = NULL;
-				size_t dnlen = 0;
-				rc = slapi_dn_normalize_ext(user, 0, &normed, &dnlen);
-				if (rc == 0) { /* user passed in; not terminated */
-					*(normed + dnlen) = '\0';
-				} else if (rc < 0) { /* normalization failed, user the original */
+				char *normed = slapi_create_dn_string("%s", user);
+				if (NULL == normed) {
+					slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+						"DS_LASUserDnEval:Error in normalizing dn(%s)\n", user);
 					normed = user;
 				}
 				rc = slapi_utf8casecmp((ACLUCHP)lasinfo.clientDn, (ACLUCHP)normed);
@@ -2375,7 +2373,7 @@ static int
 acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
 {
 	struct eval_info	*info;
- 	Slapi_Attr		*currAttr, *nextAttr;
+	Slapi_Attr		*currAttr, *nextAttr;
 	char			*n_dn = NULL, *attrType;
 	int				n;
 	int				i;
@@ -2383,7 +2381,7 @@ acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
 	info = (struct eval_info *) callback_data;
 	info->result = ACL_FALSE;
  
- 	if (e == NULL) {
+	if (e == NULL) {
 		return 0;
 	}
 
@@ -2397,14 +2395,14 @@ acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
 		Slapi_Value *sval = NULL;
 		const struct berval		*attrVal;
 
- 		if ((strcasecmp (attrType, type_member) == 0) ||
- 				(strcasecmp (attrType, type_uniquemember) == 0 ))  {
+		if ((strcasecmp (attrType, type_member) == 0) ||
+		    (strcasecmp (attrType, type_uniquemember) == 0 ))  {
 
 			i = slapi_attr_first_value ( currAttr,&sval );
 			while ( i != -1 ) {
 				struct member_info	*groupMember = NULL;
 				attrVal = slapi_value_get_berval ( sval );
-				n_dn = slapi_create_dn_string( attrVal->bv_val );
+				n_dn = slapi_create_dn_string( "%s", attrVal->bv_val );
 				if (NULL == n_dn) {
 					slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
 						"acllas__handle_group_entry: Invalid syntax: %s\n",
@@ -3496,7 +3494,6 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
 	Slapi_Filter	*f = NULL;
 	char *rawdn = NULL;
 	char *dn = NULL;
-	size_t dnlen = 0;
 	char *p = NULL;
 	char *normed = NULL;
 	/* ldap(s)://host:port/suffix?attrs?scope?filter */
@@ -3588,26 +3585,22 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
 		/* url has scope and/or filter: ldap(s):///suffix?attr?scope?filter */
 		*p = '\0'; /* null terminate the dn part of rawdn */
 	}
-	rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
-	if (rc < 0) {
+	dn = slapi_create_dn_string("%s", rawdn);
+	if (NULL == dn) {
 		slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
-						 "acllas__client_match_URL: error normalizing dn [%s] part of URL [%s]\n", rawdn, url);
+		                 "acllas__client_match_URL: error normalizing dn [%s] part of URL [%s]\n",
+		                 rawdn, url);
 		goto done;
-	} else if (rc == 0) { /* url is passed in and not terminated with NULL*/
-		*(dn + dnlen) = '\0';
 	}
-	/* else - rawdn normalized in place */
+
 	normed = slapi_ch_smprintf("%s%s%s%s%s", 
-			 (prefix_len==LDAP_URL_prefix_len)?
-			  LDAP_URL_prefix_core:LDAPS_URL_prefix_core,
-							   hostport?hostport:"", dn, p?"?":"",p?p+1:"");
+	                           (prefix_len==LDAP_URL_prefix_len)?
+	                           LDAP_URL_prefix_core:LDAPS_URL_prefix_core,
+	                           hostport?hostport:"", dn, p?"?":"",p?p+1:"");
 	if (p) {
 		*p = Q; /* put the Q back in rawdn which will un-null terminate the DN part */
 	}
-	if (rc > 0) {
-		/* dn was allocated in slapi_dn_normalize_ext */
-		slapi_ch_free_string(&dn);
-	}
+	slapi_ch_free_string(&dn);
 	rc = slapi_ldap_url_parse(normed, &ludp, 1, NULL);
 	if (rc) {
 		slapi_log_error( SLAPI_LOG_FATAL, plugin_name,

ldap/servers/plugins/acl/acllist.c

@@ -597,7 +597,7 @@ static void free_targetattrfilters( Targetattrfilter ***attrFilterArray) {
 
 /* SEARCH */
 void
-acllist_init_scan (Slapi_PBlock *pb, int scope, char *base)
+acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base)
 {
 	Acl_PBlock			*aclpb;
 	int					i;
@@ -625,7 +625,7 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, char *base)
 
 	/* If base is NULL - it means we are going to go thru all the ACLs
 	 * This is needed when we do anonymous profile generation.
- 	 */
+	 */
 	if ( NULL == base ) {
 		return;
 	}
@@ -638,22 +638,28 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, char *base)
 	index = 0;
 	aclpb->aclpb_search_base = slapi_ch_strdup ( base );
 
-	while (basedn ) {
+	while (basedn) {
 		char		*tmp = NULL;
 		
-		slapi_sdn_set_ndn_byref ( aclpb->aclpb_aclContainer->acic_sdn, basedn );
+		slapi_sdn_set_normdn_byref(aclpb->aclpb_aclContainer->acic_sdn, basedn);
 
-		root = (AciContainer *) avl_find( acllistRoot, 
-									(caddr_t) aclpb->aclpb_aclContainer, 
-									(IFP) __acllist_aciContainer_node_cmp);
+		root = (AciContainer *) avl_find(acllistRoot, 
+		                                 (caddr_t) aclpb->aclpb_aclContainer, 
+		                                 (IFP) __acllist_aciContainer_node_cmp);
 		if ( index >= ACLPB_MAX_SELECTED_ACLS -2 ) {
 			aclpb->aclpb_handles_index[0] = -1;
 			slapi_ch_free ( (void **) &basedn);
 			break;
-		} else  if ( NULL != root ) {
+		} else if ( NULL != root ) {
 			aclpb->aclpb_base_handles_index[index++] = root->acic_index;
 			aclpb->aclpb_base_handles_index[index] = -1;
-		} 
+		} else if ( NULL == root ) {
+			/* slapi_dn_parent returns the "parent" dn syntactically.
+			 * Most likely, basedn is above suffix (e.g., dn=com).
+			 * Thus, no need to make it FATAL. */
+			slapi_log_error ( SLAPI_LOG_ACL, plugin_name, 
+			                  "Failed to find root for base: %s \n", basedn );
+		}
 		tmp = slapi_dn_parent ( basedn );
 		slapi_ch_free ( (void **) &basedn);
 		basedn = tmp;
@@ -679,11 +685,12 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, char *base)
  * the given operation.
 */
 
+/* edn is normalized & case-ignored */
 void 
 acllist_aciscan_update_scan (  Acl_PBlock *aclpb, char *edn )
 {
 
-	int		i, index = 0;
+	int		index = 0;
 	char		*basedn = NULL;
 	AciContainer	*root;
 	int is_not_search_base = 1;
@@ -700,15 +707,13 @@ acllist_aciscan_update_scan (  Acl_PBlock *aclpb, char *edn )
 	 * This stuff is only used if it's a search operation.
 	 */
 	if ( aclpb->aclpb_search_base ) {
-	 	while ( aclpb->aclpb_base_handles_index[index] != -1 &&
-				index < ACLPB_MAX_SELECTED_ACLS -2 ) {
-			aclpb->aclpb_handles_index[index] = 
-				aclpb->aclpb_base_handles_index[index];
-			index++;
-		}
 		if ( strcasecmp ( edn, aclpb->aclpb_search_base) == 0) {
 			is_not_search_base = 0;
 		}
+		for (index = 0; (aclpb->aclpb_base_handles_index[index] != -1) && 
+		                (index < ACLPB_MAX_SELECTED_ACLS - 2); index++) ;
+		memcpy(aclpb->aclpb_handles_index, aclpb->aclpb_base_handles_index,
+		       sizeof(*aclpb->aclpb_handles_index) * index);
 	}
 	aclpb->aclpb_handles_index[index] = -1;
 
@@ -760,11 +765,6 @@ acllist_aciscan_update_scan (  Acl_PBlock *aclpb, char *edn )
 	}
 
 	acllist_done_aciContainer ( aclpb->aclpb_aclContainer );
-	i = 0;
-	while ( i < ACLPB_MAX_SELECTED_ACLS && aclpb->aclpb_handles_index[i]  != -1 ) {
-		i++;
-	}
-
 }
 
 aci_t *
@@ -889,6 +889,7 @@ acllist_acicache_WRITE_LOCK( )
 }
 
 /* This routine must be called with the acicache write lock taken */
+/* newdn is normalized & case-ignored */
 int
 acllist_moddn_aci_needsLock ( Slapi_DN *oldsdn, char *newdn )
 {

ldap/servers/plugins/acl/aclparse.c

@@ -533,8 +533,7 @@ __aclp__copy_normalized_str (char *src, char *endsrc, char *start,
 {
 	char *p = NULL;
 	int rc = -1; 
-	char *dn = NULL;
-	size_t dnlen = 0;
+	const char *dn = NULL;
 
 	p = PL_strnstr(src, LDAP_URL_prefix, endsrc - src);
 	if (p) {
@@ -553,6 +552,8 @@ __aclp__copy_normalized_str (char *src, char *endsrc, char *start,
 	rc = 0;
 	if (p && strlen(p) > 0) {
 		size_t len = 0;
+		Slapi_DN sdn;
+		char bak;
 		/* strip the string starting from ? */
 		char *q = PL_strnchr(p, '?', endsrc - p);
 		if (q) {
@@ -560,18 +561,17 @@ __aclp__copy_normalized_str (char *src, char *endsrc, char *start,
 		} else {
 			len = endsrc - p;
 		}
+		bak = *(p + len);
+		*(p + len) = '\0';
 		/* Normalize the value of userdn and append it to ret_str */
-		rc = slapi_dn_normalize_ext(p, len, &dn, &dnlen);
-		if (rc < 0) {
-			return rc;
-		}
+		slapi_sdn_init_dn_byref(&sdn, p);
+		dn = slapi_sdn_get_dn(&sdn);
 		/* append up to ldap(s):/// */
 		aclutil_str_append_ext(dest, destlen, start, p - start);
 		/* append the DN part */
-		aclutil_str_append_ext(dest, destlen, dn, dnlen);
-		if (rc > 0) { /* if rc == 0, p is passed in */
-			slapi_ch_free_string(&dn);
-		}
+		aclutil_str_append_ext(dest, destlen, dn, strlen(dn));
+		slapi_sdn_done(&sdn);
+		*(p + len) = bak;
 		if (q) {
 			/* append the rest from '?' */
 			aclutil_str_append_ext(dest, destlen, q, endsrc - q);

ldap/servers/plugins/acl/aclplugin.c

@@ -135,7 +135,8 @@ static int
 aclplugin_preop_search ( Slapi_PBlock *pb )
 {
 	int 		scope;
-	char		*base = NULL;
+	const char	*base = NULL;
+	Slapi_DN	*sdn = NULL;
 	int			optype;
 	int			isRoot;
 	int			rc = 0;
@@ -151,7 +152,8 @@ aclplugin_preop_search ( Slapi_PBlock *pb )
 		return rc;
 	}
 
-	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &base );
+	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn );
+	base = slapi_sdn_get_dn(sdn);
 	/* For anonymous client  doing search nothing needs to be set up */
 	if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb )  &&
 			! slapi_dn_issuffix( base, "cn=monitor") ) {
@@ -244,7 +246,7 @@ aclplugin_preop_common( Slapi_PBlock *pb )
 		slapi_log_error( SLAPI_LOG_ACL, plugin_name,
 				"proxied authorization dn is (%s)\n", proxy_dn );
 		acl_init_aclpb ( pb, aclpb, proxy_dn, 1 );
-		aclpb = acl_new_proxy_aclpb (pb );
+		aclpb = acl_new_proxy_aclpb ( pb );
 		acl_init_aclpb ( pb, aclpb, dn, 0 );
 		slapi_ch_free ( (void **) &proxy_dn );
 		

ldap/servers/plugins/automember/automember.c

@@ -92,10 +92,10 @@ static void automember_free_config_entry(struct configEntry ** entry);
 /*
  * helpers
  */
-static char *automember_get_dn(Slapi_PBlock * pb);
+static Slapi_DN *automember_get_sdn(Slapi_PBlock *pb);
 static Slapi_DN *automember_get_config_area();
 static void automember_set_config_area(Slapi_DN *sdn);
-static int automember_dn_is_config(char *dn);
+static int automember_dn_is_config(Slapi_DN *sdn);
 static int automember_oktodo(Slapi_PBlock *pb);
 static int automember_isrepl(Slapi_PBlock *pb);
 static void automember_parse_regex_entry(struct configEntry *config, Slapi_Entry *e);
@@ -275,7 +275,7 @@ automember_postop_init(Slapi_PBlock *pb)
 static int
 automember_start(Slapi_PBlock * pb)
 {
-    char *plugindn = NULL;
+    Slapi_DN *plugindn = NULL;
     char *config_area = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
@@ -298,14 +298,14 @@ automember_start(Slapi_PBlock * pb)
     /*
      * Get the plug-in target dn from the system
      * and store it for future use. */
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn);
-    if (NULL == plugindn || 0 == strlen(plugindn)) {
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn);
+    if (NULL == plugindn || 0 == slapi_sdn_get_ndn_len(plugindn)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                         "automember_start: unable to retrieve plugin dn\n");
         return -1;
     }
 
-    automember_set_plugin_sdn(slapi_sdn_new_dn_byref(plugindn));
+    automember_set_plugin_sdn(slapi_sdn_dup(plugindn));
 
     /* Set the alternate config area if one is defined. */
     slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_AREA, &config_area);
@@ -804,28 +804,19 @@ automember_delete_config()
     return;
 }
 
-
-/*
- * Helper functions
- */
-static char *
-automember_get_dn(Slapi_PBlock * pb)
+static Slapi_DN *
+automember_get_sdn(Slapi_PBlock * pb)
 {
-    char *dn = 0;
+    Slapi_DN *sdn = 0;
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                    "--> automember_get_dn\n");
+                    "--> automember_get_sdn\n");
 
-    if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn)) {
-        slapi_log_error(SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                        "automember_get_dn: failed to get dn of changed entry");
-        goto bail;
-    }
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
 
-  bail:
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                    "<-- automember_get_dn\n");
+                    "<-- automember_get_sdn\n");
 
-    return dn;
+    return sdn;
 }
 
 void
@@ -846,20 +837,17 @@ automember_get_config_area()
  * Checks if dn is an auto membership config entry.
  */
 static int
-automember_dn_is_config(char *dn)
+automember_dn_is_config(Slapi_DN *sdn)
 {
     int ret = 0;
-    Slapi_DN *sdn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                     "--> automember_dn_is_config\n");
 
-    if (dn == NULL) {
+    if (sdn == NULL) {
         goto bail;
     }
 
-    sdn = slapi_sdn_new_dn_byref(dn);
-
     /* If an alternate config area is configured, treat it's child
      * entries as config entries.  If the alternate config area is
      * not configured, treat children of the top-level plug-in
@@ -877,7 +865,6 @@ automember_dn_is_config(char *dn)
     }
 
 bail:
-    slapi_sdn_free(&sdn);
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                     "<-- automember_dn_is_config\n");
 
@@ -1579,7 +1566,7 @@ automember_add_member_value(Slapi_Entry *member_e, const char *group_dn,
 static int
 automember_pre_op(Slapi_PBlock * pb, int modop)
 {
-    char *dn = 0;
+    Slapi_DN *sdn = 0;
     Slapi_Entry *e = 0;
     Slapi_Mods *smods = 0;
     LDAPMod **mods;
@@ -1594,10 +1581,10 @@ automember_pre_op(Slapi_PBlock * pb, int modop)
     if (!g_plugin_started)
         goto bail;
 
-    if (0 == (dn = automember_get_dn(pb)))
+    if (0 == (sdn = automember_get_sdn(pb)))
         goto bail;
 
-    if (automember_dn_is_config(dn)) {
+    if (automember_dn_is_config(sdn)) {
         /* Validate config changes, but don't apply them.
          * This allows us to reject invalid config changes
          * here at the pre-op stage.  Applying the config
@@ -1609,10 +1596,8 @@ automember_pre_op(Slapi_PBlock * pb, int modop)
         } else if (LDAP_CHANGETYPE_MODIFY == modop) {
             /* Fetch the entry being modified so we can
              * create the resulting entry for validation. */
-            Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn);
-            if (tmp_dn) {
-                slapi_search_internal_get_entry(tmp_dn, 0, &e, automember_get_plugin_id());
-                slapi_sdn_free(&tmp_dn);
+            if (sdn) {
+                slapi_search_internal_get_entry(sdn, 0, &e, automember_get_plugin_id());
                 free_entry = 1;
             }
 
@@ -1692,7 +1677,7 @@ automember_mod_pre_op(Slapi_PBlock * pb)
 static int
 automember_mod_post_op(Slapi_PBlock *pb)
 {
-    char *dn = NULL;
+    Slapi_DN *sdn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                     "--> automember_mod_post_op\n");
@@ -1702,9 +1687,9 @@ automember_mod_post_op(Slapi_PBlock *pb)
         goto bail;
     }
 
-    if (automember_oktodo(pb) && (dn = automember_get_dn(pb))) {
+    if (automember_oktodo(pb) && (sdn = automember_get_sdn(pb))) {
         /* Check if the config is being modified and reload if so. */
-        if (automember_dn_is_config(dn)) {
+        if (automember_dn_is_config(sdn)) {
             automember_load_config();
         }
     }
@@ -1720,7 +1705,7 @@ static int
 automember_add_post_op(Slapi_PBlock *pb)
 {
     Slapi_Entry *e = NULL;
-    char *dn = NULL;
+    Slapi_DN *sdn = NULL;
     struct configEntry *config = NULL;
     PRCList *list = NULL;
 
@@ -1732,14 +1717,15 @@ automember_add_post_op(Slapi_PBlock *pb)
         return 0;
 
     /* Reload config if a config entry was added. */
-    if ((dn = automember_get_dn(pb))) {
-        if (automember_dn_is_config(dn)) {
+    if ((sdn = automember_get_sdn(pb))) {
+        if (automember_dn_is_config(sdn)) {
             automember_load_config();
         }
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                         "automember_add_post_op: Error "
                         "retrieving dn\n");
+        goto bail;
     }
 
     /* If replication, just bail. */
@@ -1777,7 +1763,7 @@ automember_add_post_op(Slapi_PBlock *pb)
                 config = (struct configEntry *)list;
 
                 /* Does the entry meet scope and filter requirements? */
-                if (slapi_dn_issuffix(dn, config->scope) &&
+                if (slapi_dn_issuffix(slapi_sdn_get_dn(sdn), config->scope) &&
                     (slapi_filter_test_simple(e, config->filter) == 0)) {
                     /* Find out what membership changes are needed and make them. */
                     automember_update_membership(config, e);
@@ -1791,9 +1777,9 @@ automember_add_post_op(Slapi_PBlock *pb)
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                         "automember_add_post_op: Error "
-                        "retrieving post-op entry %s\n", dn);
+                        "retrieving post-op entry %s\n", slapi_sdn_get_dn(sdn));
     }
-
+bail:
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                     "<-- automember_add_post_op\n");
 
@@ -1808,7 +1794,7 @@ automember_add_post_op(Slapi_PBlock *pb)
 static int
 automember_del_post_op(Slapi_PBlock *pb)
 {
-    char *dn = NULL;
+    Slapi_DN *sdn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                     "--> automember_del_post_op\n");
@@ -1819,8 +1805,8 @@ automember_del_post_op(Slapi_PBlock *pb)
     }
 
     /* Reload config if a config entry was deleted. */
-    if ((dn = automember_get_dn(pb))) {
-        if (automember_dn_is_config(dn))
+    if ((sdn = automember_get_sdn(pb))) {
+        if (automember_dn_is_config(sdn))
             automember_load_config();
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
@@ -1843,8 +1829,8 @@ automember_del_post_op(Slapi_PBlock *pb)
 static int
 automember_modrdn_post_op(Slapi_PBlock *pb)
 {
-    char *old_dn = NULL;
-    char *new_dn = NULL;
+    Slapi_DN *old_sdn = NULL;
+    Slapi_DN *new_sdn = NULL;
     Slapi_Entry *post_e = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
@@ -1859,7 +1845,7 @@ automember_modrdn_post_op(Slapi_PBlock *pb)
      * config entries. */
     slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_e);
     if (post_e) {
-        new_dn = slapi_entry_get_ndn(post_e);
+        new_sdn = slapi_entry_get_sdn(post_e);
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
                         "automember_modrdn_post_op: Error "
@@ -1867,8 +1853,8 @@ automember_modrdn_post_op(Slapi_PBlock *pb)
         return 0;
     }
 
-    if ((old_dn = automember_get_dn(pb))) {
-        if (automember_dn_is_config(old_dn) || automember_dn_is_config(new_dn))
+    if ((old_sdn = automember_get_sdn(pb))) {
+        if (automember_dn_is_config(old_sdn) || automember_dn_is_config(new_sdn))
             automember_load_config();
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,

ldap/servers/plugins/chainingdb/cb_add.c

@@ -65,41 +65,44 @@ chaining_back_add ( Slapi_PBlock *pb )
 	char         		**referrals=NULL;
 	LDAPMod			** mods;
 	LDAPMessage		* res;
-	char 			*dn,* matched_msg, *error_msg;
+	char 			* matched_msg, *error_msg;
+	const char		*dn = NULL;
+	Slapi_DN		*sdn = NULL;
 	char			*cnxerrbuf=NULL;
-   	time_t 			endtime;
+	time_t 			endtime;
 	cb_outgoing_conn	*cnx;
 	
 	if ( (rc=cb_forward_operation(pb)) != LDAP_SUCCESS ) {
-               	cb_send_ldap_result( pb, rc, NULL, "Remote data access disabled", 0, NULL );
+		cb_send_ldap_result( pb, rc, NULL, "Remote data access disabled", 0, NULL );
 		return -1;
 	}
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
 	cb = cb_get_instance(be);
 
 	/* Update monitor info */
 	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_ADD);
 
 	/* Check wether the chaining BE is available or not */
-        if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
+	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
 	  return -1;
-        }
+	}
 
+	slapi_pblock_get( pb, SLAPI_ADD_TARGET_SDN, &sdn );
+	slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
 
- 	slapi_pblock_get( pb, SLAPI_ADD_TARGET, &dn );
-        slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
+	dn = slapi_sdn_get_dn(sdn);
 
 	/* Check local access controls */
 	if (cb->local_acl && !cb->associated_be_is_disabled) {
 		char * errbuf=NULL;
-        	rc = cb_access_allowed (pb, e, NULL, NULL, SLAPI_ACL_ADD, &errbuf);
-   		if ( rc != LDAP_SUCCESS ) {
-                	cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-                	slapi_ch_free((void **)&errbuf);
+		rc = cb_access_allowed (pb, e, NULL, NULL, SLAPI_ACL_ADD, &errbuf);
+		if ( rc != LDAP_SUCCESS ) {
+			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
+			slapi_ch_free((void **)&errbuf);
 			return -1;
 		}
-        }
+	}
 
 	/* Build LDAPMod from the SLapi_Entry */
 	cb_eliminate_illegal_attributes(cb,e);

ldap/servers/plugins/chainingdb/cb_bind.c

@@ -47,10 +47,11 @@ cb_free_bervals( struct berval **bvs );
 
 
 static int
-cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
-        struct berval *creds, LDAPControl **reqctrls,
-        char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
-        LDAPControl ***resctrlsp , int * status);
+cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, int method, 
+                     char * mechanism, struct berval *creds, 
+                     LDAPControl **reqctrls, char **matcheddnp, 
+                     char **errmsgp, struct berval ***refurlsp,
+                     LDAPControl ***resctrlsp , int * status);
 
 /*
  * Attempt to chain a bind request off to "srvr." We return an LDAP error
@@ -67,17 +68,18 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
 
 static int
 cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries,
-        char *dn, int method,char * mechanism, struct berval *creds, LDAPControl **reqctrls,
-        char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
-        LDAPControl ***resctrlsp ,int *status) {
-
+               const char *dn, int method,char * mechanism, 
+               struct berval *creds, LDAPControl **reqctrls,
+               char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
+               LDAPControl ***resctrlsp ,int *status)
+{
     int         rc;
  
     do {
          /* check to see if operation has been abandoned...*/
 
-	if (LDAP_AUTH_SIMPLE!=method)
-		return LDAP_AUTH_METHOD_NOT_SUPPORTED;
+    if (LDAP_AUTH_SIMPLE!=method)
+        return LDAP_AUTH_METHOD_NOT_SUPPORTED;
 
         if ( slapi_op_abandoned( pb )) {
             rc = LDAP_USER_CANCELLED;
@@ -91,10 +93,11 @@ cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries,
 }
 
 static int
-cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
-        struct berval *creds, LDAPControl **reqctrls,
-        char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
-        LDAPControl ***resctrlsp , int * status )
+cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, int method, 
+                     char * mechanism, struct berval *creds, 
+                     LDAPControl **reqctrls, char **matcheddnp, 
+                     char **errmsgp, struct berval ***refurlsp,
+                     LDAPControl ***resctrlsp , int * status )
 {
     int                 rc, msgid;
     char                **referrals;
@@ -225,18 +228,20 @@ release_and_return:
 }
 
 int
-chainingdb_bind( Slapi_PBlock *pb ) {
+chainingdb_bind( Slapi_PBlock *pb )
+{
 
 	int 			status=LDAP_SUCCESS;
 	int 			allocated_errmsg;
 	int 			rc=LDAP_SUCCESS;
 	cb_backend_instance 	*cb;
 	Slapi_Backend		*be;
-	char                    *dn;
-        int                     method;
-        struct berval           *creds, **urls;
+	const char      *dn = NULL;
+	Slapi_DN        *sdn = NULL;
+	int                     method;
+	struct berval           *creds, **urls;
 	char 			*matcheddn,*errmsg;
-    	LDAPControl         	**reqctrls, **resctrls, **ctrls;
+	LDAPControl         	**reqctrls, **resctrls, **ctrls;
 	char 			* mechanism;
 	int 			freectrls=1;
 	int 			bind_retry;
@@ -258,16 +263,18 @@ chainingdb_bind( Slapi_PBlock *pb ) {
 	if (ctrls)
 		ldap_controls_free(ctrls);
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-        slapi_pblock_get( pb, SLAPI_BIND_TARGET, &dn );
-        slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn );
+	slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
 	slapi_pblock_get( pb, SLAPI_BIND_SASLMECHANISM, &mechanism);
-        slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds );
-        slapi_pblock_get( pb, SLAPI_REQCONTROLS, &reqctrls );
-        cb = cb_get_instance(be);
+	slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds );
+	slapi_pblock_get( pb, SLAPI_REQCONTROLS, &reqctrls );
+	cb = cb_get_instance(be);
 
-	if ( NULL == dn ) 
-		dn="";
+	if ( NULL == sdn ) {
+		sdn = slapi_sdn_new_ndn_byval("");
+	}
+	dn = slapi_sdn_get_ndn(sdn);
 
         /* always allow noauth simple binds */
         if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) {

ldap/servers/plugins/chainingdb/cb_compare.c

@@ -63,29 +63,33 @@ chaining_back_compare ( Slapi_PBlock *pb )
 	LDAP 			*ld=NULL;
 	char         		**referrals=NULL;
 	LDAPMessage		* res;
-	char 			*type,*dn,* matched_msg, *error_msg;
+	char 			*type, *matched_msg, *error_msg;
+	const char 		*dn = NULL;
+	Slapi_DN		*sdn = NULL; 
 	char 			*cnxerrbuf=NULL;
-   	time_t 			endtime;
+	time_t 			endtime;
 	cb_outgoing_conn	*cnx;
 
-        if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
-        	cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-                return -1;
-        }
+	if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
+		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
+		return -1;
+	}
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
 	cb = cb_get_instance(be);
 
-        cb_update_monitor_info(pb,cb,SLAPI_OPERATION_COMPARE);
+	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_COMPARE);
 
 	/* Check wether the chaining BE is available or not */
-        if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-                return -1;
-        }
+	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
+		return -1;
+	}
+
+	slapi_pblock_get( pb, SLAPI_COMPARE_TARGET_SDN, &sdn );
+	slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type );
+	slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval );
 
-        slapi_pblock_get( pb, SLAPI_COMPARE_TARGET, &dn );
-        slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type );
-        slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval );
+	dn = slapi_sdn_get_dn(sdn);
 
 	/* 
 	 * Check local acls
@@ -96,17 +100,17 @@ chaining_back_compare ( Slapi_PBlock *pb )
 
 	if (checkacl) {
 		char * errbuf=NULL;
-          	Slapi_Entry *te = slapi_entry_alloc();
-          	slapi_entry_set_dn(te,slapi_ch_strdup(dn));
-          	rc = cb_access_allowed (pb, te, type, bval, SLAPI_ACL_COMPARE,&errbuf);
-          	slapi_entry_free(te);
+		Slapi_Entry *te = slapi_entry_alloc();
+		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+		rc = cb_access_allowed (pb, te, type, bval, SLAPI_ACL_COMPARE,&errbuf);
+		slapi_entry_free(te);
 
-   		if ( rc != LDAP_SUCCESS ) {
-                	cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
+		if ( rc != LDAP_SUCCESS ) {
+			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
 			slapi_ch_free((void **) &errbuf);
 			return 1;
 		}
-        }
+	}
 
 	/*
 	 * Grab a connection handle

ldap/servers/plugins/chainingdb/cb_controls.c

@@ -201,9 +201,9 @@ int cb_update_controls( Slapi_PBlock * pb,
                 char * requestorCopy=NULL;
 
                 rootdn=cb_get_rootdn();
-                slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &requestor );
-                requestorCopy=slapi_ch_strdup(requestor);
-                slapi_dn_normalize_case(requestorCopy);
+                slapi_pblock_get( pb, SLAPI_REQUESTOR_NDN, &requestor );
+                requestorCopy = slapi_ch_strdup(requestor);
+                slapi_dn_ignore_case(requestorCopy);
 
                 if (!strcmp( requestorCopy, rootdn )) {    /* UTF8- aware */
                     slapi_log_error( SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,

ldap/servers/plugins/chainingdb/cb_delete.c

@@ -62,27 +62,30 @@ chaining_back_delete ( Slapi_PBlock *pb )
 	LDAP 			*ld=NULL;
 	char         		**referrals=NULL;
 	LDAPMessage		* res;
-	char 			*dn,* matched_msg, *error_msg;
+	const char 		*dn = NULL;
+	Slapi_DN		*sdn = NULL;
+	char 			*matched_msg, *error_msg;
 	char			*cnxerrbuf=NULL;
-   	time_t 			endtime;
+	time_t 			endtime;
 	cb_outgoing_conn	*cnx;
 
-        if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
-                cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-                return -1;
-        }
+	if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
+		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
+		return -1;
+	}
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
 	cb = cb_get_instance(be);
 
-        cb_update_monitor_info(pb,cb,SLAPI_OPERATION_DELETE);
+	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_DELETE);
 
 	/* Check wether the chaining BE is available or not */
-        if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-                return -1;
-        }
+	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
+		return -1;
+	}
 
- 	slapi_pblock_get( pb, SLAPI_DELETE_TARGET, &dn );
+	slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn );
+	dn = slapi_sdn_get_dn(sdn);
 
 	/* 
 	 * Check local acls
@@ -90,17 +93,17 @@ chaining_back_delete ( Slapi_PBlock *pb )
 
 	if (cb->local_acl && !cb->associated_be_is_disabled) {
 		char * errbuf=NULL;
-          	Slapi_Entry *te = slapi_entry_alloc();
-	  	slapi_entry_set_dn(te,slapi_ch_strdup(dn));
-       	  	rc = cb_access_allowed (pb, te, NULL, NULL, SLAPI_ACL_DELETE,&errbuf);
-	  	slapi_entry_free(te);
+		Slapi_Entry *te = slapi_entry_alloc();
+		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+		rc = cb_access_allowed (pb, te, NULL, NULL, SLAPI_ACL_DELETE,&errbuf);
+		slapi_entry_free(te);
 
-   		if ( rc != LDAP_SUCCESS ) {
-                	cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-                	slapi_ch_free((void **)&errbuf);
+		if ( rc != LDAP_SUCCESS ) {
+			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
+			slapi_ch_free((void **)&errbuf);
 			return -1;
 		}
-        }
+	}
 
 	/*
 	 * Grab a connection handle

ldap/servers/plugins/chainingdb/cb_instance.c

@@ -850,9 +850,9 @@ static int cb_instance_binduser_set(void *arg, void *value, char *errorbuf, int
 
 	if (apply) {
 
-	        slapi_rwlock_wrlock(inst->rwl_config_lock);
+		slapi_rwlock_wrlock(inst->rwl_config_lock);
 		if (( phase != CB_CONFIG_PHASE_INITIALIZATION ) &&
-	    		( phase != CB_CONFIG_PHASE_STARTUP )) {
+		    ( phase != CB_CONFIG_PHASE_STARTUP )) {
 
 			/* Dynamic modif   */
 			/* Free user later */
@@ -862,10 +862,11 @@ static int cb_instance_binduser_set(void *arg, void *value, char *errorbuf, int
 			rc=CB_REOPEN_CONN;
 		}
 
-		inst->pool->binddn=slapi_ch_strdup((char *) value);
+		/* normalize and ignore the case */
+		inst->pool->binddn = slapi_create_dn_string_case("%s", (char *)value);
+		/* not normalized */
 		inst->pool->binddn2=slapi_ch_strdup((char *) value);
-		slapi_dn_normalize_case(inst->pool->binddn);
-	        slapi_rwlock_unlock(inst->rwl_config_lock);
+		slapi_rwlock_unlock(inst->rwl_config_lock);
 	} else {
 
 		/* Security check */
@@ -877,19 +878,18 @@ static int cb_instance_binduser_set(void *arg, void *value, char *errorbuf, int
 		char * theValueCopy = NULL;
 
 		if (value) {
-			theValueCopy=slapi_ch_strdup((char *) value);
-			slapi_dn_normalize_case(theValueCopy);
+			theValueCopy = slapi_create_dn_string_case("%s", (char *) value);
 		}
 
 		slapi_rwlock_rdlock(inst->rwl_config_lock);
-                if (inst->impersonate && theValueCopy && 
-                        !strcmp(theValueCopy,rootdn)) {	/* UTF8-aware. See cb_get_dn() */
-                        rc=LDAP_UNWILLING_TO_PERFORM; 
+		if (inst->impersonate && theValueCopy && 
+		    !strcmp(theValueCopy,rootdn)) {	/* UTF8-aware. See cb_get_dn() */
+			rc=LDAP_UNWILLING_TO_PERFORM; 
 			if (errorbuf) {
 				PR_snprintf(errorbuf,SLAPI_DSE_RETURNTEXT_SIZE, "value %s not allowed",rootdn);
 			}
-                }
-                slapi_rwlock_unlock(inst->rwl_config_lock);
+		}
+		slapi_rwlock_unlock(inst->rwl_config_lock);
 
 		slapi_ch_free((void **)&theValueCopy);
 		slapi_ch_free((void **)&rootdn);

ldap/servers/plugins/chainingdb/cb_modify.c

@@ -65,51 +65,54 @@ chaining_back_modify ( Slapi_PBlock *pb )
 	char         		**referrals=NULL;
 	LDAPMod			** mods;
 	LDAPMessage		* res;
-	char 			*dn,* matched_msg, *error_msg;
+	const char 		*dn = NULL;
+	Slapi_DN		*sdn = NULL;
+	char 			*matched_msg, *error_msg;
 	char 			*cnxerrbuf=NULL;
-   	time_t 			endtime;
+	time_t 			endtime;
 	cb_outgoing_conn	*cnx;
 
-        if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
-                cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-                return -1;
-        }
+	if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
+		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
+		return -1;
+	}
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
 	cb = cb_get_instance(be);
 
-        cb_update_monitor_info(pb,cb,SLAPI_OPERATION_MODIFY);
+	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_MODIFY);
 
 	/* Check wether the chaining BE is available or not */
-        if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-                return -1;
-        }
+	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
+		return -1;
+	}
 
- 	slapi_pblock_get( pb, SLAPI_MODIFY_TARGET, &dn );
+	slapi_pblock_get( pb, SLAPI_MODIFY_TARGET_SDN, &sdn );
+	dn = slapi_sdn_get_dn(sdn);
 
 	if (cb_debug_on()) {
-        	slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,"modify: target:<%s>\n",dn);
+		slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,"modify: target:<%s>\n",dn);
 	}
 
 
 	ctrls=serverctrls=NULL;
-        slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
-        slapi_pblock_get( pb, SLAPI_REQCONTROLS, &ctrls );
+	slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
+	slapi_pblock_get( pb, SLAPI_REQCONTROLS, &ctrls );
 
 	/* Check acls				*/
 	
 	if ( cb->local_acl && !cb->associated_be_is_disabled ) {
-                char * errbuf=NULL;
-                Slapi_Entry *te = slapi_entry_alloc();
-                slapi_entry_set_dn(te,slapi_ch_strdup(dn));
-       		rc = slapi_acl_check_mods( pb, te, mods, &errbuf);
-                slapi_entry_free(te);
-
-                if ( rc != LDAP_SUCCESS ) {
-                        cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-                        slapi_ch_free((void **)&errbuf);
-                        return -1;
-                }
+		char * errbuf=NULL;
+		Slapi_Entry *te = slapi_entry_alloc();
+		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+		rc = slapi_acl_check_mods( pb, te, mods, &errbuf);
+		slapi_entry_free(te);
+
+		if ( rc != LDAP_SUCCESS ) {
+			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
+			slapi_ch_free((void **)&errbuf);
+			return -1;
+		}
 	}
 
 

ldap/servers/plugins/chainingdb/cb_modrdn.c

@@ -54,20 +54,25 @@
 int
 chaining_back_modrdn ( Slapi_PBlock *pb )
 {
-
-	Slapi_Backend		* be;
-	cb_backend_instance 	*cb;
-	LDAPControl 		**ctrls, **serverctrls;
-	int 			rc,parse_rc,msgid,i;
-	LDAP 			*ld=NULL;
-	char         		**referrals=NULL;
-	LDAPMessage		* res;
-	char 			* matched_msg, *error_msg,* pdn, *newdn, *dn;
-	int 			deleteoldrdn=0;
-	char 			* newsuperior, *newrdn;
-	char			* cnxerrbuf=NULL;
-   	time_t 			endtime;
-	cb_outgoing_conn	* cnx;
+        Slapi_Backend       * be;
+        cb_backend_instance *cb;
+        LDAPControl         **ctrls, **serverctrls;
+        int                 rc,parse_rc,msgid,i;
+        LDAP                *ld=NULL;
+        char                **referrals=NULL;
+        LDAPMessage         *res;
+        char                *matched_msg, *error_msg;
+        char                *newdn = NULL;
+        const char          *pdn = NULL;
+        char                *ndn = NULL;
+        Slapi_DN            *sdn = NULL;
+        Slapi_DN            *psdn = NULL;
+        int                 deleteoldrdn = 0;
+        Slapi_DN            *newsuperior = NULL;
+        char                *newrdn = NULL;
+        char                * cnxerrbuf=NULL;
+        time_t              endtime;
+        cb_outgoing_conn    *cnx;
 
         if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
                 cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
@@ -75,38 +80,36 @@ chaining_back_modrdn ( Slapi_PBlock *pb )
         }
 
         slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	cb = cb_get_instance(be);
+        cb = cb_get_instance(be);
 
         cb_update_monitor_info(pb,cb,SLAPI_OPERATION_MODRDN);
 
-	/* Check wether the chaining BE is available or not */
+        /* Check wether the chaining BE is available or not */
         if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
                 return -1;
         }
 
-	newsuperior=newdn=newrdn=dn=NULL;
-  	slapi_pblock_get( pb, SLAPI_MODRDN_TARGET, &dn );
+        slapi_pblock_get( pb, SLAPI_MODRDN_TARGET_SDN, &sdn );
         slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
-        slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperior );
+        slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior );
         slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &deleteoldrdn );
 
-	/*
-	 * Construct the new dn
-	 */
+        ndn = (char *)slapi_sdn_get_ndn(sdn);
 
-	dn = slapi_dn_normalize_case(dn);
-        if ( (pdn = slapi_dn_parent( dn )) != NULL ) {
-                /* parent + rdn + separator(s) + null */
-                newdn = (char *) slapi_ch_malloc( strlen( pdn ) + strlen( newrdn ) + 3 );
-                strcpy( newdn, newrdn );
-                strcat( newdn, "," );
-                strcat( newdn, pdn );
-
-        	slapi_ch_free((void **)&pdn );
+        /*
+         * Construct the new dn
+         */
+        psdn = slapi_sdn_new();
+        slapi_sdn_get_parent(sdn, psdn);
+        pdn = slapi_sdn_get_ndn(psdn);
 
+        if ( pdn ) {
+            /* parent + rdn + separator(s) + null */
+            newdn = slapi_ch_smprintf("%s,%s", newrdn, pdn);
         } else {
-                newdn = slapi_ch_strdup( newrdn );
+            newdn = slapi_ch_strdup( newrdn );
         }
+        slapi_sdn_free(&psdn);
 
 	/*
 	 * Make sure the current backend is managing
@@ -119,19 +122,19 @@ chaining_back_modrdn ( Slapi_PBlock *pb )
 
 	if (cb->local_acl && !cb->associated_be_is_disabled) {
 		/* 
-	 	* Check local acls
-	 	* Keep in mind We don't have the entry for acl evaluation
-	 	*/
+		* Check local acls
+		* Keep in mind We don't have the entry for acl evaluation
+		*/
 
 		char * errbuf=NULL;
-          	Slapi_Entry *te = slapi_entry_alloc();
-          	slapi_entry_set_dn(te,slapi_ch_strdup(dn));
-       	  	rc = cb_access_allowed (pb, te, NULL, NULL, SLAPI_ACL_WRITE,&errbuf);
-          	slapi_entry_free(te);
-
-   		if ( rc != LDAP_SUCCESS ) {
-                	cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-                	slapi_ch_free((void **)&errbuf);
+		Slapi_Entry *te = slapi_entry_alloc();
+		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+		rc = cb_access_allowed (pb, te, NULL, NULL, SLAPI_ACL_WRITE,&errbuf);
+		slapi_entry_free(te);
+
+		if ( rc != LDAP_SUCCESS ) {
+			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
+			slapi_ch_free((void **)&errbuf);
 			return -1;
 		}
         }
@@ -183,7 +186,8 @@ chaining_back_modrdn ( Slapi_PBlock *pb )
 	 * Send LDAP operation to the remote host
 	 */
 
-	rc = ldap_rename ( ld,dn,newrdn,newsuperior,deleteoldrdn,ctrls,NULL,&msgid);
+	rc = ldap_rename ( ld, ndn, newrdn, slapi_sdn_get_dn(newsuperior),
+	                   deleteoldrdn, ctrls, NULL, &msgid );
 
 	if ( NULL != ctrls)
                 ldap_controls_free(ctrls);

ldap/servers/plugins/chainingdb/cb_search.c

@@ -58,41 +58,45 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb )
 
 	Slapi_Backend		* be;
 	Slapi_Operation		* op;
-	char 			*target, *filter;
+	char 			*filter;
+	const char		*target = NULL;
+	Slapi_DN		*target_sdn = NULL;
 	int			scope,attrsonly,sizelimit,timelimit,rc,searchreferral;
 	char 			**attrs=NULL;
 	LDAPControl 		**controls=NULL;		
 	LDAPControl 		**ctrls=NULL;		
-        LDAP                    *ld=NULL;
-	cb_backend_instance 	*cb = NULL;
+	LDAP				*ld=NULL;
+	cb_backend_instance	*cb = NULL;
 	cb_searchContext 	*ctx=NULL;
 	struct timeval		timeout;
 	time_t			optime;
 	int 			doit,parse_rc;
- 	LDAPMessage 		*res=NULL;
-        char                    *matched_msg,*error_msg;
-        LDAPControl             **serverctrls=NULL;
-        char                    **referrals=NULL;
+	LDAPMessage 		*res=NULL;
+	char                    *matched_msg,*error_msg;
+	LDAPControl             **serverctrls=NULL;
+	char                    **referrals=NULL;
 	char			*cnxerrbuf=NULL;
 	time_t 			endbefore=0;
 	time_t			endtime;
 	cb_outgoing_conn	*cnx;
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
 	cb = cb_get_instance(be);
 
-        slapi_pblock_get( pb, SLAPI_OPERATION, &op );
-        slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &filter );
-        slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
-        slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
-        slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &target );
+	slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+	slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &filter );
+	slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
+	slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
+	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &target_sdn );
 
-        if ( LDAP_SUCCESS != (parse_rc=cb_forward_operation(pb) )) {
+	target = slapi_sdn_get_dn(target_sdn);
+
+	if ( LDAP_SUCCESS != (parse_rc=cb_forward_operation(pb) )) {
 
 		/* Don't return errors */
 
 		if (cb_debug_on()) {
-        		slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+			slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
 			"local search: base:<%s> scope:<%s> filter:<%s>\n",target,
 			scope==LDAP_SCOPE_SUBTREE?"SUBTREE":scope==LDAP_SCOPE_ONELEVEL ? "ONE-LEVEL" : "BASE" , filter);
 		}
@@ -135,28 +139,28 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb )
 
 	if (( scope != LDAP_SCOPE_BASE ) && ( searchreferral )) {
 
-		int 			i;
-                struct  berval          bv,*bvals[2];
-                Slapi_Entry 		** aciArray=(Slapi_Entry **) slapi_ch_malloc(2*sizeof(Slapi_Entry *));
-		Slapi_Entry 		*anEntry = slapi_entry_alloc();
+		int i;
+		struct berval bv,*bvals[2];
+		Slapi_Entry ** aciArray=(Slapi_Entry **) slapi_ch_malloc(2*sizeof(Slapi_Entry *));
+		Slapi_Entry *anEntry = slapi_entry_alloc();
 
-                slapi_entry_set_dn(anEntry,slapi_ch_strdup(target));
+		slapi_entry_set_sdn(anEntry, target_sdn);
 
-                bvals[1]=NULL;
-                bvals[0]=&bv;
-                bv.bv_val="referral";
+		bvals[1]=NULL;
+		bvals[0]=&bv;
+		bv.bv_val="referral";
 		bv.bv_len=strlen(bv.bv_val);
-                slapi_entry_add_values( anEntry, "objectclass", bvals);
+		slapi_entry_add_values( anEntry, "objectclass", bvals);
 
-        	slapi_rwlock_rdlock(cb->rwl_config_lock);
+		slapi_rwlock_rdlock(cb->rwl_config_lock);
 		for (i=0; cb->url_array && cb->url_array[i]; i++) {
 			char * anUrl = slapi_ch_smprintf("%s%s",cb->url_array[i],target);
-                	bv.bv_val=anUrl;
+			                                 bv.bv_val=anUrl;
 			bv.bv_len=strlen(bv.bv_val);
-                	slapi_entry_attr_merge( anEntry, "ref", bvals);
+			slapi_entry_attr_merge( anEntry, "ref", bvals);
 			slapi_ch_free((void **)&anUrl);
 		}
-        	slapi_rwlock_unlock(cb->rwl_config_lock);
+		slapi_rwlock_unlock(cb->rwl_config_lock);
 		
 		aciArray[0]=anEntry;
 		aciArray[1]=NULL;
@@ -442,12 +446,12 @@ int
 chainingdb_next_search_entry ( Slapi_PBlock *pb )
 { 
 
-	char 			*target;
+	Slapi_DN	*target_sdn = NULL;
 	int			sizelimit, timelimit;
 	int			rc, parse_rc, retcode;
 	int			i, attrsonly;
 	time_t			optime;
- 	LDAPMessage 		*res=NULL;
+	LDAPMessage 		*res=NULL;
 	char 			*matched_msg,*error_msg;
 	cb_searchContext 	*ctx=NULL;
 	Slapi_Entry 		*entry;
@@ -459,13 +463,13 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb )
 
 	matched_msg=error_msg=NULL;
 
-        slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_SET, &ctx );
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-    	slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit );
-        slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &sizelimit );
-        slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &target );
-        slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
-        slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, &attrsonly );
+	slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_SET, &ctx );
+	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+	slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit );
+	slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &sizelimit );
+	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &target_sdn );
+	slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
+	slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, &attrsonly );
 
 	cb = cb_get_instance(be);
 
@@ -656,22 +660,22 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb )
 		case LDAP_RES_SEARCH_REFERENCE:
 
 			/* The server sent a search reference encountered during the 
-            		 * search operation. 
+			 * search operation. 
 			 */
 		
 			/* heart-beat management */
-       			if (cb->max_idle_time>0)
-	       			endtime=current_time() + cb->max_idle_time;
+			if (cb->max_idle_time>0)
+				endtime=current_time() + cb->max_idle_time;
 
 			parse_rc = ldap_parse_reference( ctx->ld, res, &referrals, NULL, 1 );
-         		if ( parse_rc != LDAP_SUCCESS ) {
-	               		cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, 
-					ldap_err2string( parse_rc ), 0, NULL);
+			if ( parse_rc != LDAP_SUCCESS ) {
+				cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, 
+				                     ldap_err2string( parse_rc ), 0, NULL);
 				cb_release_op_connection(cb->pool,ctx->ld,CB_LDAP_CONN_ERROR(parse_rc));
 				slapi_ch_free((void **)&ctx);
 
-        			slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,NULL);
-        			slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,NULL);
+				slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,NULL);
+				slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,NULL);
 				return -1;
 			}
 
@@ -681,27 +685,27 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb )
 
 			{
 
-   				struct  berval          bv;
+				struct  berval          bv;
 				int 			i;
-                		struct  berval          *bvals[2];
-                		Slapi_Entry *anEntry = slapi_entry_alloc();
-                		slapi_entry_set_dn(anEntry,slapi_ch_strdup(target));
+				struct  berval          *bvals[2];
+				Slapi_Entry *anEntry = slapi_entry_alloc();
+				slapi_entry_set_sdn(anEntry, target_sdn);
 
-                		bvals[1]=NULL;
-                		bvals[0]=&bv;
+				bvals[1]=NULL;
+				bvals[0]=&bv;
 
-                		bv.bv_val="referral";
-                		bv.bv_len=strlen(bv.bv_val);
-                		slapi_entry_add_values( anEntry, "objectclass", bvals);
+				bv.bv_val="referral";
+				bv.bv_len=strlen(bv.bv_val);
+				slapi_entry_add_values( anEntry, "objectclass", bvals);
 
 				for (i=0;referrals[i] != NULL; i++) {
-                			bv.bv_val=referrals[i];
+					bv.bv_val=referrals[i];
 					bv.bv_len=strlen(bv.bv_val);
-                			slapi_entry_add_values( anEntry, "ref", bvals);
+					slapi_entry_add_values( anEntry, "ref", bvals);
 				}
 
-        			slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,ctx);
-        			slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,anEntry);
+				slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,ctx);
+				slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,anEntry);
 				cb_set_acl_policy(pb);
 			}
 

ldap/servers/plugins/chainingdb/cb_utils.c

@@ -50,7 +50,7 @@ char * cb_get_rootdn() {
 	if (ret == NULL) 
 		ret = slapi_ch_strdup(CB_DIRECTORY_MANAGER_DN);
 	if (ret)
-		slapi_dn_normalize_case(ret);	/* UTF8-aware */
+		slapi_dn_ignore_case(ret);	/* UTF8-aware */
 	return ret;
 }
 

ldap/servers/plugins/cos/cos_cache.c

@@ -679,57 +679,58 @@ static int cos_cache_build_definition_list(cosDefinitions **pDefs, int *vattr_ca
 	if(pSuffixSearch)
 		slapi_pblock_get( pSuffixSearch, SLAPI_PLUGIN_INTOP_RESULT, &ret);
 
-	if(pSuffixSearch && ret == LDAP_SUCCESS)
+	if(!pSuffixSearch || ret != LDAP_SUCCESS) {
+		LDAPDebug( LDAP_DEBUG_ANY, 
+		           "cos_cache_build_definition_list: failed to find suffixes\n",
+		           0,0,0);
+		ret = -1;
+		goto next;
+	}
+
+	/* iterate through the suffixes and search for cos definitions */
+	slapi_pblock_get( pSuffixSearch, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, 
+	                  &pSuffixList );
+	if(!pSuffixList) {
+		goto next;
+	}
+	while(pSuffixList[suffixIndex])
 	{
-		/* iterate through the suffixes and search for cos definitions */
-		slapi_pblock_get( pSuffixSearch, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &pSuffixList);
-		if(pSuffixList)
+		if(!slapi_entry_first_attr(pSuffixList[suffixIndex], &suffixAttr))
 		{
-			while(pSuffixList[suffixIndex])
+			do
 			{
-				if(!slapi_entry_first_attr(pSuffixList[suffixIndex], &suffixAttr))
+				attrType = 0;
+				slapi_attr_get_type(suffixAttr, &attrType);
+				if(attrType && !slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"namingcontexts"))
 				{
-					do
+					if(!slapi_attr_get_bervals_copy(suffixAttr, &suffixVals))
 					{
-						attrType = 0;
-						slapi_attr_get_type(suffixAttr, &attrType);
-						if(attrType && !slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"namingcontexts"))
+						valIndex = 0;
+
+						if(suffixVals)
 						{
-							if(!slapi_attr_get_bervals_copy(suffixAttr, &suffixVals))
+							while(suffixVals[valIndex])
 							{
-								valIndex = 0;
-
-								if(suffixVals)
-								{
-									while(suffixVals[valIndex])
-									{
-										/* here's a suffix, lets search it... */
-										if(suffixVals[valIndex]->bv_val)
-											if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs, vattr_cacheable))
-												cos_def_available = 1;
-										
-										valIndex++;
-									}
+								/* here's a suffix, lets search it... */
+								if(suffixVals[valIndex]->bv_val)
+									if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs, vattr_cacheable))
+										cos_def_available = 1;
+								
+								valIndex++;
+							}
 
 
-									ber_bvecfree( suffixVals );
-									suffixVals = NULL;
-								}
-							}
+							ber_bvecfree( suffixVals );
+							suffixVals = NULL;
 						}
-
-					} while(!slapi_entry_next_attr(pSuffixList[suffixIndex], suffixAttr, &suffixAttr));
+					}
 				}
-				suffixIndex++;
-			}
+
+			} while(!slapi_entry_next_attr(pSuffixList[suffixIndex], suffixAttr, &suffixAttr));
 		}
+		suffixIndex++;
 	}
-	else
-	{
-		LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_build_definition_list: failed to find suffixes\n",0,0,0);
-		ret = -1;
-	}
-
+next:
 	if(cos_def_available == 0)
 	{
 		if(firstTime)
@@ -768,7 +769,8 @@ struct dn_defs_info {
  * if a particular attempt to add a definition fails: info.ret gets set to
  * zero only if we succed to add a def.
 */
-static int 	cos_dn_defs_cb (Slapi_Entry* e, void *callback_data) {
+static int 	cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
+{
 	struct dn_defs_info *info;
 	cosAttrValue **pSneakyVal = 0;
 	cosAttrValue *pObjectclass = 0;
@@ -793,286 +795,276 @@ static int 	cos_dn_defs_cb (Slapi_Entry* e, void *callback_data) {
 	info->vattr_cacheable = -1;
 
 	cos_cache_add_attrval(&pDn, slapi_entry_get_dn(e));
-	if(!slapi_entry_first_attr(e, &dnAttr))
-	{
-		do
+	if(slapi_entry_first_attr(e, &dnAttr)) {
+		goto bail;
+	}
+
+	do {
+		attrType = 0;		
+		/* we need to fill in the details of the definition now */
+		slapi_attr_get_type(dnAttr, &attrType);		
+		if(!attrType) {
+			continue;
+		}
+		pSneakyVal = 0;
+		if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"objectclass"))
+			pSneakyVal = &pObjectclass;
+		else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosTargetTree"))
+			pSneakyVal = &pCosTargetTree;
+		else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosTemplateDn"))
+			pSneakyVal = &pCosTemplateDn;
+		else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosSpecifier"))
+			pSneakyVal = &pCosSpecifier;
+		else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosAttribute"))
+			pSneakyVal = &pCosAttribute;
+		else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosIndirectSpecifier"))
+			pSneakyVal = &pCosSpecifier;			
+		if(!pSneakyVal) {
+			continue;
+		}
+		/* It's a type we're interested in */
+		if(slapi_attr_get_bervals_copy(dnAttr, &dnVals)) {
+			continue;
+		}
+		valIndex = 0;
+		if(!dnVals) {
+			continue;
+		}
+		for (valIndex = 0; dnVals[valIndex]; valIndex++)
 		{
-			attrType = 0;		
-			/* we need to fill in the details of the definition now */
-			slapi_attr_get_type(dnAttr, &attrType);		
-			if(attrType)
+			if(!dnVals[valIndex]->bv_val) {
+				continue;
+			}
+			/*
+			parse any overide or default values
+			and deal with them
+			*/
+			if(pSneakyVal == &pCosAttribute)
 			{
-				pSneakyVal = 0;
-				if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"objectclass"))
-					pSneakyVal = &pObjectclass;
-				else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosTargetTree"))
-					pSneakyVal = &pCosTargetTree;
-				else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosTemplateDn"))
-					pSneakyVal = &pCosTemplateDn;
-				else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosSpecifier"))
-					pSneakyVal = &pCosSpecifier;
-				else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosAttribute"))
-					pSneakyVal = &pCosAttribute;
-				else if(!slapi_utf8casecmp((unsigned char*)attrType, (unsigned char*)"cosIndirectSpecifier"))
-					pSneakyVal = &pCosSpecifier;			
-				if(pSneakyVal)
+				int qualifier_hit = 0;
+				int op_qualifier_hit = 0;
+				int merge_schemes_qualifier_hit = 0;
+				int override_qualifier_hit =0;
+				int default_qualifier_hit = 0;
+				int operational_default_qualifier_hit = 0;
+				do
 				{
-					/* It's a type we're interested in */
-					if(!slapi_attr_get_bervals_copy(dnAttr, &dnVals))
+					qualifier_hit = 0;
+
+					if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " operational"))
 					{
-						valIndex = 0;						
-						if(dnVals)
-						{
-							while(dnVals[valIndex])
-							{
-								if(dnVals[valIndex]->bv_val)
-								{
-								/*
-								parse any overide or default values
-								and deal with them
-									*/
-									if(pSneakyVal == &pCosAttribute)
-									{
-										int qualifier_hit = 0;
-										int op_qualifier_hit = 0;
-										int merge_schemes_qualifier_hit = 0;
-										int override_qualifier_hit =0;
-										int default_qualifier_hit = 0;
-										int operational_default_qualifier_hit = 0;
-										do
-										{
-											qualifier_hit = 0;
+						/* matched */
+						op_qualifier_hit = 1;
+						qualifier_hit = 1;
+					}
+					
+					if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " merge-schemes"))
+					{
+						/* matched */
+						merge_schemes_qualifier_hit = 1;
+						qualifier_hit = 1;
+					}
 
-											if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " operational"))
-											{
-												/* matched */
-												op_qualifier_hit = 1;
-												qualifier_hit = 1;
-											}
-											
-											if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " merge-schemes"))
-											{
-												/* matched */
-												merge_schemes_qualifier_hit = 1;
-												qualifier_hit = 1;
-											}
+					if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " override"))
+					{
+						/* matched */
+						override_qualifier_hit = 1;
+						qualifier_hit = 1;
+					}
+					
+					if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " default")) {
+						default_qualifier_hit = 1;
+						qualifier_hit = 1;
+					}
 
-											if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " override"))
-											{
-												/* matched */
-												override_qualifier_hit = 1;
-												qualifier_hit = 1;
-											}
-											
-											if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " default")) {
-												default_qualifier_hit = 1;
-												qualifier_hit = 1;
-											}
+					if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " operational-default")) {
+						operational_default_qualifier_hit = 1;
+						qualifier_hit = 1;
+					}
+				}
+				while(qualifier_hit == 1);
 
-											if(cos_cache_backwards_stricmp_and_clip(dnVals[valIndex]->bv_val, " operational-default")) {
-												operational_default_qualifier_hit = 1;
-												qualifier_hit = 1;
-											}
-										}
-										while(qualifier_hit == 1);
-
-										/*
-									 	* At this point, dnVals[valIndex]->bv_val
-									 	* is the value of cosAttribute, stripped of
-									 	* any qualifiers, so add this pure attribute type to
-										* the appropriate lists.
-										*/
-								
-										if ( op_qualifier_hit ) {
-											cos_cache_add_attrval(&pCosOperational,
-													dnVals[valIndex]->bv_val);
-										}
-										if ( merge_schemes_qualifier_hit ) {
-											cos_cache_add_attrval(&pCosMerge,
-													dnVals[valIndex]->bv_val);
-										}
-										if ( override_qualifier_hit ) {
-											cos_cache_add_attrval(&pCosOverrides,
-													dnVals[valIndex]->bv_val);										
-										}
-										if ( default_qualifier_hit ) {
-											/* attr is added below in pSneakyVal, in any case */
-										}
+				/*
+				* At this point, dnVals[valIndex]->bv_val
+				* is the value of cosAttribute, stripped of
+				* any qualifiers, so add this pure attribute type to
+				* the appropriate lists.
+				*/
+		
+				if ( op_qualifier_hit ) {
+					cos_cache_add_attrval(&pCosOperational,
+					                      dnVals[valIndex]->bv_val);
+				}
+				if ( merge_schemes_qualifier_hit ) {
+					cos_cache_add_attrval(&pCosMerge, dnVals[valIndex]->bv_val);
+				}
+				if ( override_qualifier_hit ) {
+					cos_cache_add_attrval(&pCosOverrides,
+					                      dnVals[valIndex]->bv_val);
+				}
+				if ( default_qualifier_hit ) {
+					/* attr is added below in pSneakyVal, in any case */
+				}
 
-										if ( operational_default_qualifier_hit ) {
-											cos_cache_add_attrval(&pCosOpDefault,
-													dnVals[valIndex]->bv_val);
-										}
+				if ( operational_default_qualifier_hit ) {
+					cos_cache_add_attrval(&pCosOpDefault,
+					                      dnVals[valIndex]->bv_val);
+				}
 
-										if(!pCosTargetTree)
-										{
-											/* get the parent of the definition */
-											
-											char *parent = NULL;
-											size_t plen = 0;
-											int rc = 0;
-											char *orig = slapi_dn_parent(pDn->val);
-											rc = slapi_dn_normalize_ext(orig,
-															0, &parent, &plen);
-											if (rc < 0) {
-												LDAPDebug(LDAP_DEBUG_ANY, 
-													"cos_cache_build_definition_list: failed to normalize parent dn %s. Adding the pre normalized dn.\n", orig, 0, 0);
-												parent = orig;
-											} else if (rc == 0) {
-												/* passed in. not terminated */
-												*(parent + plen) = '\0';
-											}
-											
-											cos_cache_add_attrval(&pCosTargetTree, parent);
-											if(!pCosTemplateDn)
-												cos_cache_add_attrval(&pCosTemplateDn, parent);
-											
-											if (orig != parent) {
-												slapi_ch_free_string(&orig);
-											}
-											slapi_ch_free_string(&parent);
-										}
-										
-										slapi_vattrspi_regattr((vattr_sp_handle *)vattr_handle, dnVals[valIndex]->bv_val, NULL, NULL);			
-									} /* if(attrType is cosAttribute) */
-																
-									/*
-									 * Add the attributetype to the appropriate
-									 * list.
-									*/											
-									cos_cache_add_attrval(pSneakyVal,
-												dnVals[valIndex]->bv_val);								
-								}/*if(dnVals[valIndex]->bv_val)*/
-								
-								valIndex++;
-							}/* while(dnVals[valIndex]) */
-							
-							ber_bvecfree( dnVals );
-							dnVals = NULL;
-						}/*if(dnVals)*/
+				if(!pCosTargetTree)
+				{
+					/* get the parent of the definition */
+					char *orig = slapi_dn_parent(pDn->val);
+					Slapi_DN *psdn = slapi_sdn_new_dn_byval(orig);
+					char *parent = (char *)slapi_sdn_get_dn(psdn);
+					if (!parent) {
+						parent = (char *)slapi_sdn_get_udn(psdn);
+						LDAPDebug(LDAP_DEBUG_ANY, 
+						  "cos_cache_build_definition_list: "
+						  "failed to normalize parent dn %s. "
+						  "Adding the pre normalized dn.\n", 
+						  parent, 0, 0);
 					}
-				}/*if(pSneakyVal)*/
-			}/*if(attrType)*/
+					cos_cache_add_attrval(&pCosTargetTree, parent);
+					if (!pCosTemplateDn) {
+						cos_cache_add_attrval(&pCosTemplateDn, parent);
+					}
+					slapi_sdn_free(&psdn);
+				}
+				
+				slapi_vattrspi_regattr((vattr_sp_handle *)vattr_handle,
+				                        dnVals[valIndex]->bv_val, NULL, NULL);
+			} /* if(attrType is cosAttribute) */
+										
+			/*
+			 * Add the attributetype to the appropriate
+			 * list.
+			 */
+			cos_cache_add_attrval(pSneakyVal, dnVals[valIndex]->bv_val);
 			
-		} while(!slapi_entry_next_attr(e, dnAttr, &dnAttr));
+		}/* for (valIndex = 0; dnVals[valIndex]; valIndex++) */
 		
-		/*
-		determine the type of class of service scheme 
-		*/
-		
-		if(pObjectclass)
+		ber_bvecfree( dnVals );
+		dnVals = NULL;
+	} while(!slapi_entry_next_attr(e, dnAttr, &dnAttr));
+	
+	/*
+	determine the type of class of service scheme 
+	*/
+	
+	if(pObjectclass)
+	{
+		if(cos_cache_attrval_exists(pObjectclass, "cosDefinition"))
 		{
-			if(cos_cache_attrval_exists(pObjectclass, "cosDefinition"))
-			{
-				cosType = COSTYPE_CLASSIC;
-			}
-			else if(cos_cache_attrval_exists(pObjectclass, "cosClassicDefinition"))
-			{
-				cosType = COSTYPE_CLASSIC;
-				
-			}
-			else if(cos_cache_attrval_exists(pObjectclass, "cosPointerDefinition"))
-			{
-				cosType = COSTYPE_POINTER;
-				
-			}
-			else if(cos_cache_attrval_exists(pObjectclass, "cosIndirectDefinition"))
-			{
-				cosType = COSTYPE_INDIRECT;
-				
-			}
-			else
-				cosType = COSTYPE_BADTYPE;
+			cosType = COSTYPE_CLASSIC;
 		}
-		
-		/*	
-		we should now have a full definition, 
-		do some sanity checks because we don't
-		want bogus entries in the cache 
-		then ship it
-		*/
-		
-		/* these must exist */
-		if(		pDn &&
-			pObjectclass && 
+		else if(cos_cache_attrval_exists(pObjectclass, "cosClassicDefinition"))
+		{
+			cosType = COSTYPE_CLASSIC;
 			
-			(
-			(cosType == COSTYPE_CLASSIC &&
-			pCosTemplateDn && 
-			pCosSpecifier &&   
-			pCosAttribute ) 
-			||
-			(cosType == COSTYPE_POINTER &&
-			pCosTemplateDn && 
-			pCosAttribute ) 
-			||
-			(cosType == COSTYPE_INDIRECT &&
-			pCosSpecifier &&   
-			pCosAttribute ) 
-			)
-			)
+		}
+		else if(cos_cache_attrval_exists(pObjectclass, "cosPointerDefinition"))
 		{
-			int rc = 0;
-		/*
-		we'll leave the referential integrity stuff
-		up to the referint plug-in and assume all
-		is good - if it's not then we just have a
-		useless definition and we'll nag copiously later.
-			*/
-			char *pTmpDn = slapi_ch_strdup(pDn->val); /* because dn gets hosed on error */
-			char ebuf[ BUFSIZ ];
+			cosType = COSTYPE_POINTER;
 			
-			if(!(rc = cos_cache_add_defn(info->pDefs, &pDn, cosType,
-									&pCosTargetTree, &pCosTemplateDn, 
-									&pCosSpecifier, &pCosAttribute,
-									&pCosOverrides, &pCosOperational,
-									&pCosMerge, &pCosOpDefault))) {
-				info->ret = 0;  /* we have succeeded to add the defn*/
-			} else {
-				/*
-				 * Failed but we will continue the search for other defs
-				 * Don't reset info->ret....it keeps track of any success
-				*/
-				if ( rc == COS_DEF_ERROR_NO_TEMPLATES) {
-					LDAPDebug(LDAP_DEBUG_ANY, "Skipping CoS Definition %s"
-						"--no CoS Templates found, "
-						"which should be added before the CoS Definition.\n",
-						escape_string(pTmpDn, ebuf), 0, 0);
-				} else {
-					LDAPDebug(LDAP_DEBUG_ANY, "Skipping CoS Definition %s\n"
-						"--error(%d)\n",
-						escape_string(pTmpDn, ebuf), rc, 0);
-				}
-			}
+		}
+		else if(cos_cache_attrval_exists(pObjectclass, "cosIndirectDefinition"))
+		{
+			cosType = COSTYPE_INDIRECT;
 			
-			slapi_ch_free_string(&pTmpDn);
 		}
 		else
-		{
-		/* 
-		this definition is brain dead - bail
-		if we have a dn use it to report, if not then *really* bad
-		things are going on
+			cosType = COSTYPE_BADTYPE;
+	}
+	
+	/*	
+	we should now have a full definition, 
+	do some sanity checks because we don't
+	want bogus entries in the cache 
+	then ship it
+	*/
+	
+	/* these must exist */
+	if(		pDn &&
+		pObjectclass && 
+		
+		(
+		(cosType == COSTYPE_CLASSIC &&
+		pCosTemplateDn && 
+		pCosSpecifier &&   
+		pCosAttribute ) 
+		||
+		(cosType == COSTYPE_POINTER &&
+		pCosTemplateDn && 
+		pCosAttribute ) 
+		||
+		(cosType == COSTYPE_INDIRECT &&
+		pCosSpecifier &&   
+		pCosAttribute ) 
+		)
+		)
+	{
+		int rc = 0;
+	/*
+	we'll leave the referential integrity stuff
+	up to the referint plug-in and assume all
+	is good - if it's not then we just have a
+	useless definition and we'll nag copiously later.
+		*/
+		char *pTmpDn = slapi_ch_strdup(pDn->val); /* because dn gets hosed on error */
+		char ebuf[ BUFSIZ ];
+		
+		if(!(rc = cos_cache_add_defn(info->pDefs, &pDn, cosType,
+								&pCosTargetTree, &pCosTemplateDn, 
+								&pCosSpecifier, &pCosAttribute,
+								&pCosOverrides, &pCosOperational,
+								&pCosMerge, &pCosOpDefault))) {
+			info->ret = 0;  /* we have succeeded to add the defn*/
+		} else {
+			/*
+			 * Failed but we will continue the search for other defs
+			 * Don't reset info->ret....it keeps track of any success
 			*/
-			if(pDn)
-			{
-				LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_add_dn_defs: incomplete cos definition detected in %s, discarding from cache.\n",pDn->val,0,0);
+			if ( rc == COS_DEF_ERROR_NO_TEMPLATES) {
+				LDAPDebug(LDAP_DEBUG_ANY, "Skipping CoS Definition %s"
+					"--no CoS Templates found, "
+					"which should be added before the CoS Definition.\n",
+					escape_string(pTmpDn, ebuf), 0, 0);
+			} else {
+				LDAPDebug(LDAP_DEBUG_ANY, "Skipping CoS Definition %s\n"
+					"--error(%d)\n",
+					escape_string(pTmpDn, ebuf), rc, 0);
 			}
-			else
-				LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_add_dn_defs: incomplete cos definition detected, no DN to report, discarding from cache.\n",0,0,0);
-			
-			if(pCosTargetTree)
-				cos_cache_del_attrval_list(&pCosTargetTree);
-			if(pCosTemplateDn)
-				cos_cache_del_attrval_list(&pCosTemplateDn);
-			if(pCosSpecifier)
-				cos_cache_del_attrval_list(&pCosSpecifier);
-			if(pCosAttribute)
-				cos_cache_del_attrval_list(&pCosAttribute);
-			if(pDn)
-				cos_cache_del_attrval_list(&pDn);
 		}
-	}/*if(!slapi_entry_first_attr(e, &dnAttr))*/
+		
+		slapi_ch_free_string(&pTmpDn);
+	}
+	else
+	{
+	/* 
+	this definition is brain dead - bail
+	if we have a dn use it to report, if not then *really* bad
+	things are going on
+		*/
+		if(pDn)
+		{
+			LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_add_dn_defs: incomplete cos definition detected in %s, discarding from cache.\n",pDn->val,0,0);
+		}
+		else
+			LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_add_dn_defs: incomplete cos definition detected, no DN to report, discarding from cache.\n",0,0,0);
+		
+		if(pCosTargetTree)
+			cos_cache_del_attrval_list(&pCosTargetTree);
+		if(pCosTemplateDn)
+			cos_cache_del_attrval_list(&pCosTemplateDn);
+		if(pCosSpecifier)
+			cos_cache_del_attrval_list(&pCosSpecifier);
+		if(pCosAttribute)
+			cos_cache_del_attrval_list(&pCosAttribute);
+		if(pDn)
+			cos_cache_del_attrval_list(&pDn);
+	}
+bail:
 	/* we don't keep the objectclasses, so lets free them */
 	if(pObjectclass) {
 			cos_cache_del_attrval_list(&pObjectclass);
@@ -1544,7 +1536,8 @@ static void cos_cache_del_attrval_list(cosAttrValue **pVal)
 	---------------------
 	adds a value to an attribute value list
 */
-static int cos_cache_add_attrval(cosAttrValue **attrval, char *val)
+static int 
+cos_cache_add_attrval(cosAttrValue **attrval, char *val)
 {
 	int ret = 0;
 	cosAttrValue *theVal;
@@ -1953,36 +1946,28 @@ static int cos_cache_add_tmpl(cosTemplates **pTemplates, cosAttrValue *dn, cosAt
 		char *grade = NULL;
 		int grade_index = 0;
 		int index = 0;
-		int lastindex = 0;
 		int template_default = 0;
-		char *dnval = NULL;
-		size_t dnlen = 0;
-		int rc = 0;
-
-		rc = slapi_dn_normalize_ext(dn->val, 0, &dnval, &dnlen);
-		if (rc < 0) {
+		char *ptr = NULL;
+		char *normed = slapi_create_dn_string("%s", dn->val);
+		if (normed) {
+			slapi_ch_free_string(&dn->val);
+			dn->val = normed;
+		} else {
 			LDAPDebug(LDAP_DEBUG_ANY, 
 				"cos_cache_add_tmpl: failed to normalize dn %s. "
-				"Processing the pre normalized dn.\n", dn->val, 0, 0);
-		} else if (rc == 0) {
-			/* passed in. not terminated */
-			*(dnval + dnlen) = '\0';
-		} else {
-			slapi_ch_free_string(&dn->val);
-			dn->val = dnval;
+				"Processing the pre normalized dn.\n", 
+				dn->val, 0, 0);
 		}
 		grade = (char*)slapi_ch_malloc(strlen(dn->val)+1);
 
 		/* extract the cos grade */
-		while(dn->val[index] != '=' && dn->val[index] != '\0')
-			index++;
-		lastindex = strlen(dn->val) - 1;
-		
-		if(dn->val[index] == '=')
+		ptr = strchr(dn->val, '=');
+
+		if (ptr)
 		{
 			int quotes = 0;
-
-			index++;
+			int lastindex = strlen(dn->val) - 1;
+			index = ptr - dn->val + 1;
 
 			/* copy the grade (supports one level of quote nesting in rdn) */
 			while(dn->val[index] != ',' || dn->val[index-1] == '\\' || quotes == 1)
@@ -2405,21 +2390,15 @@ static int cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context, Sl
 		while((hit == 0 || merge_mode) && pTargetTree)
 		{
 			{
-				int rc = 0;
-				char *tval = NULL;
-				size_t tlen = 0;
-				rc = slapi_dn_normalize_ext(pTargetTree->val, 0, &tval, &tlen);
-				if (rc < 0) {
+				char *normed = slapi_create_dn_string("%s", pTargetTree->val);
+				if (normed) {
+					slapi_ch_free_string(&pTargetTree->val);
+					pTargetTree->val = normed;
+				} else {
 					LDAPDebug(LDAP_DEBUG_ANY, 
 						"cos_cache_query_attr: failed to normalize dn %s. "
 						"Processing the pre normalized dn.\n",
 						pTargetTree->val, 0, 0);
-				} else if (rc == 0) {
-					/* passed in. not terminated */
-					*(tval + tlen) = '\0';
-				} else {
-					slapi_ch_free_string(&pTargetTree->val);
-					pTargetTree->val = tval;
 				}
 			}
 			if(	pTargetTree->val == 0 || 
@@ -2943,22 +2922,15 @@ static int cos_cache_index_all(cosCache *pCache)
 
 				while(pAttrVal)
 				{
-					int rc = 0;
-					char *dnval = NULL;
-					size_t dnlen = 0;
-					rc = slapi_dn_normalize_ext(pAttrVal->val, 0,
-												&dnval, &dnlen);
-					if (rc < 0) {
+					char *normed = slapi_create_dn_string("%s", pAttrVal->val);
+					if (normed) {
+						slapi_ch_free_string(&pAttrVal->val);
+						pAttrVal->val = normed;
+					} else {
 						LDAPDebug(LDAP_DEBUG_ANY, 
 							"cos_cache_index_all: failed to normalize dn %s. "
 							"Processing the pre normalized dn.\n", 
 							pAttrVal->val, 0, 0);
-					} else if (rc == 0) {
-						/* passed in. not terminated */
-						*(dnval + dnlen) = '\0';
-					} else {
-						slapi_ch_free_string(&pAttrVal->val);
-						pAttrVal->val = dnval;
 					}
 					pCache->ppTemplateList[tmpindex] = pAttrVal->val;
 
@@ -3356,7 +3328,8 @@ bail:
 */
 void cos_cache_change_notify(Slapi_PBlock *pb)
 {
-	char *dn;
+	const char *dn;
+	Slapi_DN *sdn = NULL;
 	int do_update = 0;
 	struct slapi_entry *e;
         Slapi_Backend *be=NULL;
@@ -3372,11 +3345,12 @@ void cos_cache_change_notify(Slapi_PBlock *pb)
 		goto bail;
 
 	/* need to work out if a cache rebuild is necessary */
-	if(slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn ))
+	if(slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ))
 	{
 		LDAPDebug( LDAP_DEBUG_ANY, "cos_cache_change_notify: failed to get dn of changed entry",0,0,0);
 		goto bail;
 	}
+	dn = slapi_sdn_get_dn(sdn);
 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &rc);
 	if (0 != rc) {

ldap/servers/plugins/dna/dna.c

@@ -172,7 +172,7 @@ static PRCList *dna_global_config = NULL;
 static Slapi_RWLock *g_dna_cache_lock;
 
 static void *_PluginID = NULL;
-static char *_PluginDN = NULL;
+static const char *_PluginDN = NULL;
 
 static int g_plugin_started = 0;
 
@@ -227,6 +227,7 @@ static int dna_load_host_port();
  *
  */
 static char *dna_get_dn(Slapi_PBlock * pb);
+static Slapi_DN *dna_get_sdn(Slapi_PBlock * pb);
 static int dna_dn_is_config(char *dn);
 static int dna_get_next_value(struct configEntry * config_entry,
                                  char **next_value_ret);
@@ -330,12 +331,12 @@ void *getPluginID()
     return _PluginID;
 }
 
-void setPluginDN(char *pluginDN)
+void setPluginDN(const char *pluginDN)
 {
     _PluginDN = pluginDN;
 }
 
-char *getPluginDN()
+const char *getPluginDN()
 {
     return _PluginDN;
 }
@@ -489,7 +490,8 @@ dna_exop_init(Slapi_PBlock * pb)
 static int
 dna_start(Slapi_PBlock * pb)
 {
-    char *plugindn = NULL;
+    Slapi_DN *pluginsdn = NULL;
+	const char *plugindn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
                     "--> dna_start\n");
@@ -513,12 +515,13 @@ dna_start(Slapi_PBlock * pb)
 	 *	and store it for future use. This should avoid
 	 *	hardcoding of DN's in the code.
 	 */
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn);
-    if (NULL == plugindn || 0 == strlen(plugindn)) {
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &pluginsdn);
+    if (NULL == pluginsdn || 0 == slapi_sdn_get_ndn_len(pluginsdn)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
                         "dna_start: had to use hard coded config dn\n");
         plugindn = DNA_DN;
     } else {
+        plugindn = slapi_sdn_get_dn(pluginsdn);
         slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
                         "dna_start: config at %s\n", plugindn);
 
@@ -857,12 +860,17 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
         Slapi_DN *sdn = NULL;
         char *normdn = NULL;
 
-        sdn = slapi_sdn_new_dn_byref(value);
+        sdn = slapi_sdn_new_dn_passin(value);
 
-        if (sdn) {
-            slapi_search_internal_get_entry(sdn, NULL, &shared_e, getPluginID());
-            slapi_sdn_free(&sdn);
+        if (!sdn) {
+            slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+                            "dna_parse_config_entry: Unable to create "
+                            "slapi_dn (%s)\n", value);
+            ret = DNA_FAILURE;
+            slapi_ch_free_string(&value);
+            goto bail;
         }
+        slapi_search_internal_get_entry(sdn, NULL, &shared_e, getPluginID());
 
         /* Make sure that the shared config entry exists. */
         if (!shared_e) {
@@ -872,23 +880,23 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
                             "dna_parse_config_entry: Unable to locate "
                             "shared configuration entry (%s)\n", value);
             ret = DNA_FAILURE;
-            slapi_ch_free_string(&value);
+            slapi_sdn_free(&sdn);
             goto bail;
         } else {
             slapi_entry_free(shared_e);
             shared_e = NULL;
         }
 
-        normdn = slapi_create_dn_string("%s", value);
+        normdn = (char *)slapi_sdn_get_dn(sdn);
         if (NULL == normdn) {
             slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
                             "dna_parse_config_entry: failed to normalize dn: "
                             "%s\n", value);
             ret = DNA_FAILURE;
-            slapi_ch_free_string(&value);
+            slapi_sdn_free(&sdn);
             goto bail;
         }
-        entry->shared_cfg_base = normdn;
+        entry->shared_cfg_base = slapi_ch_strdup(normdn);
 
         /* We prepend the host & port of this instance as a
          * multi-part RDN for the shared config entry. */
@@ -900,7 +908,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
                             "%s=%s+%s=%s,%s", DNA_HOSTNAME,
                             hostname, DNA_PORTNUM, portnum, value);
             ret = DNA_FAILURE;
-            slapi_ch_free_string(&value);
+            slapi_sdn_free(&sdn);
             goto bail;
         }
         entry->shared_cfg_dn = normdn;
@@ -908,7 +916,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
         slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
                         "----------> %s [%s]\n", DNA_SHARED_CFG_DN,
                         entry->shared_cfg_base);
-        slapi_ch_free_string(&value);
+        slapi_sdn_free(&sdn);
     }
 
     value = slapi_entry_attr_get_charptr(e, DNA_THRESHOLD);
@@ -1725,11 +1733,11 @@ bail:
 
 static char *dna_get_dn(Slapi_PBlock * pb)
 {
-    char *dn = 0;
+    Slapi_DN *sdn = 0;
     slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
                     "--> dna_get_dn\n");
 
-    if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn)) {
+    if (slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn)) {
         slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
                         "dna_get_dn: failed to get dn of changed entry");
         goto bail;
@@ -1739,7 +1747,20 @@ static char *dna_get_dn(Slapi_PBlock * pb)
     slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
                     "<-- dna_get_dn\n");
 
-    return dn;
+    return (char *)slapi_sdn_get_dn(sdn);
+}
+
+static Slapi_DN *
+dna_get_sdn(Slapi_PBlock * pb)
+{
+    Slapi_DN *sdn = 0;
+    slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+                    "--> dna_get_sdn\n");
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+                    "<-- dna_get_sdn\n");
+
+    return sdn;
 }
 
 /* config check
@@ -2785,10 +2806,9 @@ static int dna_pre_op(Slapi_PBlock * pb, int modtype)
          *
          slapi_pblock_get( pb, SLAPI_MODIFY_EXISTING_ENTRY, &e);
          */
-        Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn);
+        Slapi_DN *tmp_dn = dna_get_sdn(pb);
         if (tmp_dn) {
             slapi_search_internal_get_entry(tmp_dn, 0, &e, getPluginID());
-            slapi_sdn_free(&tmp_dn);
             free_entry = 1;
         }
 

ldap/servers/plugins/linkedattrs/fixup_task.c

@@ -279,7 +279,7 @@ static int
 linked_attrs_remove_backlinks_callback(Slapi_Entry *e, void *callback_data)
 {
     int rc = 0;
-    char *dn = slapi_entry_get_dn(e);
+    Slapi_DN *sdn = slapi_entry_get_sdn(e);
     char *type = (char *)callback_data;
     Slapi_PBlock *pb = slapi_pblock_new();
     char *val[1];
@@ -298,11 +298,11 @@ linked_attrs_remove_backlinks_callback(Slapi_Entry *e, void *callback_data)
 
     slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
                     "Removing backpointer attribute (%s) from entry (%s)\n",
-                    type, dn);
+                    type, slapi_sdn_get_dn(sdn));
 
     /* Perform the operation. */
-    slapi_modify_internal_set_pb(pb, dn, mods, 0, 0,
-                                 linked_attrs_get_plugin_id(), 0);
+    slapi_modify_internal_set_pb_ext(pb, sdn, mods, 0, 0,
+                                     linked_attrs_get_plugin_id(), 0);
     slapi_modify_internal_pb(pb);
 
     slapi_pblock_destroy(pb);
@@ -339,6 +339,7 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
     for (i = 0; targets && targets[i]; ++i) {
         char *targetdn = (char *)targets[i];
         int perform_update = 0;
+        Slapi_DN *targetsdn = slapi_sdn_new_dn_byref(targetdn);
 
         if (config->scope) {
             /* Check if the target is within the scope. */
@@ -348,14 +349,12 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
              * and see if the target is in the same backend. */
             Slapi_Backend *be = NULL;
             Slapi_DN *linksdn = slapi_sdn_new_dn_byref(linkdn);
-            Slapi_DN *targetsdn = slapi_sdn_new_dn_byref(targetdn);
 
             if ((be = slapi_be_select(linksdn))) {
                 perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0));
             }
 
             slapi_sdn_free(&linksdn);
-            slapi_sdn_free(&targetsdn);
         }
 
         if (perform_update) {
@@ -364,13 +363,14 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
                             linkdn, targetdn);
 
             /* Perform the modify operation. */
-            slapi_modify_internal_set_pb(pb, targetdn, mods, 0, 0,
-                                         linked_attrs_get_plugin_id(), 0);
+            slapi_modify_internal_set_pb_ext(pb, targetsdn, mods, 0, 0,
+                                             linked_attrs_get_plugin_id(), 0);
             slapi_modify_internal_pb(pb);
 
             /* Initialize the pblock so we can reuse it. */
             slapi_pblock_init(pb);
         }
+        slapi_sdn_free(&targetsdn);
     }
 
     slapi_ch_array_free(targets);

ldap/servers/plugins/linkedattrs/linked_attrs.c

@@ -94,6 +94,7 @@ static void linked_attrs_free_config_entry(struct configEntry ** entry);
  * helpers
  */
 static char *linked_attrs_get_dn(Slapi_PBlock * pb);
+static Slapi_DN *linked_attrs_get_sdn(Slapi_PBlock * pb);
 static int linked_attrs_dn_is_config(char *dn);
 static void linked_attrs_find_config(const char *dn, const char *type,
     struct configEntry **config);
@@ -152,9 +153,9 @@ linked_attrs_get_plugin_id()
 }
 
 void
-linked_attrs_set_plugin_dn(char *pluginDN)
+linked_attrs_set_plugin_dn(const char *pluginDN)
 {
-    _PluginDN = pluginDN;
+    _PluginDN = (char *)pluginDN;
 }
 
 char *
@@ -281,7 +282,7 @@ linked_attrs_postop_init(Slapi_PBlock *pb)
 static int
 linked_attrs_start(Slapi_PBlock * pb)
 {
-    char *plugindn = NULL;
+    Slapi_DN *plugindn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
                     "--> linked_attrs_start\n");
@@ -303,14 +304,14 @@ linked_attrs_start(Slapi_PBlock * pb)
     /*
      * Get the plug-in target dn from the system
      * and store it for future use. */
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn);
-    if (NULL == plugindn || 0 == strlen(plugindn)) {
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn);
+    if (NULL == plugindn || 0 == slapi_sdn_get_ndn_len(plugindn)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
                         "linked_attrs_start: unable to retrieve plugin dn\n");
         return -1;
     }
 
-    linked_attrs_set_plugin_dn(plugindn);
+    linked_attrs_set_plugin_dn(slapi_sdn_get_dn(plugindn));
 
     /*
      * Load the config cache
@@ -540,7 +541,7 @@ linked_attrs_parse_config_entry(Slapi_Entry * e, int apply)
         char *syntaxoid = NULL;
         Slapi_Attr *attr = slapi_attr_new();
 
-	/* Set this first so we free it if we encounter an error */
+        /* Set this first so we free it if we encounter an error */
         entry->managedtype = value;
 
         /* Gather some information about this attribute. */
@@ -816,21 +817,36 @@ linked_attrs_delete_config()
 static char *
 linked_attrs_get_dn(Slapi_PBlock * pb)
 {
-    char *dn = 0;
+    const char *dn = 0;
+    Slapi_DN *sdn = NULL;
     slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
                     "--> linked_attrs_get_dn\n");
 
-    if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn)) {
+    if (slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn)) {
         slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM,
                         "linked_attrs_get_dn: failed to get dn of changed entry");
         goto bail;
     }
+    dn = slapi_sdn_get_dn(sdn);
 
   bail:
     slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
                     "<-- linked_attrs_get_dn\n");
 
-    return dn;
+    return (char *)dn;
+}
+
+static Slapi_DN *
+linked_attrs_get_sdn(Slapi_PBlock * pb)
+{
+    Slapi_DN *sdn = 0;
+    slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
+                    "--> linked_attrs_get_sdn\n");
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
+                    "<-- linked_attrs_get_sdn\n");
+
+    return sdn;
 }
 
 /*
@@ -1406,6 +1422,7 @@ linked_attrs_mod_backpointers(char *linkdn, char *type,
     {
         int perform_update = 0;
         const char *targetdn = slapi_value_get_string(targetval);
+        Slapi_DN *targetsdn = slapi_sdn_new_dn_byref(targetdn);
 
         /* If we have a scope, only update the target if it is within
          * the scope.  If we don't have a scope, only update the target
@@ -1415,14 +1432,12 @@ linked_attrs_mod_backpointers(char *linkdn, char *type,
         } else {
             Slapi_Backend *be = NULL;
             Slapi_DN *linksdn = slapi_sdn_new_dn_byref(linkdn);
-            Slapi_DN *targetsdn = slapi_sdn_new_dn_byref(targetdn);
 
             if ((be = slapi_be_select(linksdn))) {
                 perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0));
             }
 
             slapi_sdn_free(&linksdn);
-            slapi_sdn_free(&targetsdn);
         }
 
         if (perform_update) {
@@ -1432,13 +1447,14 @@ linked_attrs_mod_backpointers(char *linkdn, char *type,
                             linkdn, targetdn);
 
             /* Perform the modify operation. */
-            slapi_modify_internal_set_pb(mod_pb, targetdn, mods, 0, 0,
-                                         linked_attrs_get_plugin_id(), 0);
+            slapi_modify_internal_set_pb_ext(mod_pb, targetsdn, mods, 0, 0,
+                                             linked_attrs_get_plugin_id(), 0);
             slapi_modify_internal_pb(mod_pb);
 
             /* Initialize the pblock so we can reuse it. */
             slapi_pblock_init(mod_pb);
         }
+        slapi_sdn_free(&targetsdn);
 
         i = slapi_valueset_next_value(targetvals, i, &targetval);
     }
@@ -1488,10 +1504,10 @@ linked_attrs_pre_op(Slapi_PBlock * pb, int modop)
         } else {
             /* Fetch the entry being modified so we can
              * create the resulting entry for validation. */
-            Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn);
+            /* int free_sdn = 0; */
+            Slapi_DN *tmp_dn = linked_attrs_get_sdn(pb);
             if (tmp_dn) {
                 slapi_search_internal_get_entry(tmp_dn, 0, &e, linked_attrs_get_plugin_id());
-                slapi_sdn_free(&tmp_dn);
                 free_entry = 1;
             }
 

ldap/servers/plugins/linkedattrs/linked_attrs.h

@@ -127,7 +127,7 @@ void linked_attrs_unlock();
  */
 void linked_attrs_set_plugin_id(void *pluginID);
 void *linked_attrs_get_plugin_id();
-void linked_attrs_set_plugin_dn(char *pluginDN);
+void linked_attrs_set_plugin_dn(const char *pluginDN);
 char *linked_attrs_get_plugin_dn();
 
 /*

ldap/servers/plugins/memberof/memberof.c

@@ -494,8 +494,8 @@ int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
 	mod.mod_type = ((memberof_del_dn_data *)callback_data)->type;
 	mod.mod_values = val;
 
-	slapi_modify_internal_set_pb(
-		mod_pb, slapi_entry_get_dn(e),
+	slapi_modify_internal_set_pb_ext(
+		mod_pb, slapi_entry_get_sdn(e),
 		mods, 0, 0,
 		memberof_get_plugin_id(), 0);
 
@@ -752,8 +752,8 @@ int memberof_replace_dn_type_callback(Slapi_Entry *e, void *callback_data)
 	addmod.mod_type = ((replace_dn_data *)callback_data)->type;
 	addmod.mod_values = addval;
 
-	slapi_modify_internal_set_pb(
-		mod_pb, slapi_entry_get_dn(e),
+	slapi_modify_internal_set_pb_ext(
+		mod_pb, slapi_entry_get_sdn(e),
 		mods, 0, 0,
 		memberof_get_plugin_id(), 0);
 
@@ -1051,11 +1051,13 @@ bail:
  */
 char *memberof_getdn(Slapi_PBlock *pb)
 {
-	char *dn = 0;
+	const char *dn = 0;
+	Slapi_DN *sdn = NULL;
 
-	slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
-	
-	return dn;
+	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+	dn = slapi_sdn_get_dn(sdn);	
+
+	return (char *)dn;
 }
 
 /*
@@ -2385,6 +2387,7 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
 {
 	int rc = 0;
 	char *dn = slapi_entry_get_dn(e);
+	Slapi_DN *sdn = slapi_entry_get_sdn(e);
 	struct fix_memberof_callback_data *cb_data = (struct fix_memberof_callback_data *)callback_data;
 	MemberOfConfig *config = cb_data->config;
 	memberof_del_dn_data del_data = {0, config->memberof_attr, cb_data->txn};
@@ -2420,8 +2423,8 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
 		mods[0] = slapi_mod_get_ldapmod_passout(smod);
 		mods[1] = 0;
 
-		slapi_modify_internal_set_pb(
-			mod_pb, dn, mods, 0, 0,
+		slapi_modify_internal_set_pb_ext(
+			mod_pb, sdn, mods, 0, 0,
 			memberof_get_plugin_id(), 0);
 
 		slapi_pblock_set(mod_pb, SLAPI_TXN, cb_data->txn);

ldap/servers/plugins/mep/mep.c

@@ -94,11 +94,11 @@ static void mep_free_config_entry(struct configEntry ** entry);
 /*
  * helpers
  */
-static char *mep_get_dn(Slapi_PBlock * pb);
+static Slapi_DN *mep_get_sdn(Slapi_PBlock * pb);
 static Slapi_DN *mep_get_config_area();
 static void mep_set_config_area(Slapi_DN *sdn);
-static int mep_dn_is_config(char *dn);
-static int mep_dn_is_template(char *dn);
+static int mep_dn_is_config(Slapi_DN *sdn);
+static int mep_dn_is_template(const char *dn);
 static void mep_find_config(Slapi_Entry *e, struct configEntry **config);
 static void mep_find_config_by_template_dn(const char *template_dn,
     struct configEntry **config);
@@ -109,7 +109,7 @@ static Slapi_Entry *mep_create_managed_entry(struct configEntry *config,
 static void mep_add_managed_entry(struct configEntry *config,
     Slapi_Entry *origin);
 static void mep_rename_managed_entry(Slapi_Entry *origin,
-    char *new_dn, char *old_dn);
+    Slapi_DN *new_dn, Slapi_DN *old_dn);
 static Slapi_Mods *mep_get_mapped_mods(struct configEntry *config,
     Slapi_Entry *origin, char **mapped_dn);
 static int mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin,
@@ -289,7 +289,7 @@ mep_postop_init(Slapi_PBlock *pb)
 static int
 mep_start(Slapi_PBlock * pb)
 {
-    char *plugindn = NULL;
+    Slapi_DN *plugindn = NULL;
     char *config_area = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
@@ -312,14 +312,14 @@ mep_start(Slapi_PBlock * pb)
     /*
      * Get the plug-in target dn from the system
      * and store it for future use. */
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &plugindn);
-    if (NULL == plugindn || 0 == strlen(plugindn)) {
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn);
+    if (NULL == plugindn || 0 == slapi_sdn_get_ndn_len(plugindn)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                         "mep_start: unable to retrieve plugin dn\n");
         return -1;
     }
 
-    mep_set_plugin_sdn(slapi_sdn_new_dn_byref(plugindn));
+    mep_set_plugin_sdn(slapi_sdn_dup(plugindn));
 
     /* Set the alternate config area if one is defined. */
     slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_AREA, &config_area);
@@ -434,8 +434,10 @@ mep_load_config()
         /* Find the config entries beneath our plugin entry. */
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                         "mep_load_config: Looking for config entries "
-                        "beneath \"%s\".\n", slapi_sdn_get_ndn(mep_get_plugin_sdn()));
-        slapi_search_internal_set_pb(search_pb, slapi_sdn_get_ndn(mep_get_plugin_sdn()),
+                        "beneath \"%s\".\n",
+                         slapi_sdn_get_ndn(mep_get_plugin_sdn()));
+        slapi_search_internal_set_pb(search_pb,
+                                     slapi_sdn_get_ndn(mep_get_plugin_sdn()),
                                      LDAP_SCOPE_SUBTREE, "objectclass=*",
                                      NULL, 0, NULL, NULL, mep_get_plugin_id(), 0);
     }
@@ -769,24 +771,17 @@ mep_delete_config()
 /*
  * Helper functions
  */
-static char *
-mep_get_dn(Slapi_PBlock * pb)
+static Slapi_DN *
+mep_get_sdn(Slapi_PBlock * pb)
 {
-    char *dn = 0;
+    Slapi_DN *sdn = 0;
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
-                    "--> mep_get_dn\n");
-
-    if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn)) {
-        slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM,
-                        "mep_get_dn: failed to get dn of changed entry");
-        goto bail;
-    }
-
-  bail:
+                    "--> mep_get_sdn\n");
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
-                    "<-- mep_get_dn\n");
+                    "<-- mep_get_sdn\n");
 
-    return dn;
+    return sdn;
 }
 
 static void
@@ -807,20 +802,17 @@ mep_get_config_area()
  * Checks if dn is a managed entries config entry.
  */
 static int
-mep_dn_is_config(char *dn)
+mep_dn_is_config(Slapi_DN *sdn)
 {
     int ret = 0;
-    Slapi_DN *sdn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
                     "--> mep_dn_is_config\n");
 
-    if (dn == NULL) {
+    if (sdn == NULL) {
         goto bail;
     }
 
-    sdn = slapi_sdn_new_dn_byref(dn);
-
     /* If an alternate config area is configured, treat it's child
      * entries as config entries.  If the alternate config area is
      * not configured, treat children of the top-level plug-in
@@ -838,7 +830,6 @@ mep_dn_is_config(char *dn)
     }
 
 bail:
-    slapi_sdn_free(&sdn);
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
                     "<-- mep_dn_is_config\n");
 
@@ -851,7 +842,7 @@ bail:
  * Checks if dn is a managed entries template.
  */
 static int
-mep_dn_is_template(char *dn)
+mep_dn_is_template(const char *dn)
 {
     int ret = 0;
     PRCList *list = NULL;
@@ -1139,7 +1130,7 @@ mep_create_managed_entry(struct configEntry *config, Slapi_Entry *origin)
 
         /* Create the DN using the mapped RDN value
          * and the base specified in the config. */
-        dn = slapi_create_dn_string("%s=%s,%s", rdn_type, rdn_val, config->managed_base);
+        dn = slapi_ch_smprintf("%s=%s,%s", rdn_type, rdn_val, config->managed_base);
 
         slapi_ch_free_string(&rdn_val);
 
@@ -1259,8 +1250,9 @@ mep_add_managed_entry(struct configEntry *config,
             slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                     "Adding %s pointer to \"%s\" in entry \"%s\"\n.",
                     MEP_MANAGED_ENTRY_TYPE, managed_dn, slapi_entry_get_dn(origin));
-            slapi_modify_internal_set_pb(mod_pb, slapi_entry_get_dn(origin),
-                                         mods, 0, 0, mep_get_plugin_id(), 0);
+            slapi_modify_internal_set_pb_ext(mod_pb, 
+                                            slapi_entry_get_sdn(origin),
+                                            mods, 0, 0, mep_get_plugin_id(), 0);
             slapi_modify_internal_pb(mod_pb);
             slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
 
@@ -1283,8 +1275,9 @@ mep_add_managed_entry(struct configEntry *config,
  * Renames a managed entry and updates the pointer in the
  * origin entry.
  */
-static void mep_rename_managed_entry(Slapi_Entry *origin,
-    char *new_dn, char *old_dn)
+static void
+mep_rename_managed_entry(Slapi_Entry *origin,
+                         Slapi_DN *new_dn, Slapi_DN *old_dn)
 {
     Slapi_RDN *srdn = slapi_rdn_new();
     Slapi_PBlock *mep_pb = slapi_pblock_new();
@@ -1299,10 +1292,10 @@ static void mep_rename_managed_entry(Slapi_Entry *origin,
     }
 
     /* Create new RDN */
-    slapi_rdn_set_dn(srdn, new_dn);
+    slapi_rdn_set_dn(srdn, slapi_sdn_get_ndn(new_dn));
 
     /* Rename the managed entry. */
-    slapi_rename_internal_set_pb(mep_pb, old_dn,
+    slapi_rename_internal_set_pb_ext(mep_pb, old_dn,
                                  slapi_rdn_get_rdn(srdn),
                                  NULL, 1, NULL, NULL, mep_get_plugin_id(), 0);
     slapi_modrdn_internal_pb(mep_pb);
@@ -1311,14 +1304,14 @@ static void mep_rename_managed_entry(Slapi_Entry *origin,
     if (result != LDAP_SUCCESS) {
         slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM,
                     "mep_rename_managed_entry: Unable to rename managed "
-                    "entry \"%s\" to \"%s\" (%s).\n", old_dn,
-                    new_dn, ldap_err2string(result));
+                    "entry \"%s\" to \"%s\" (%s).\n", slapi_sdn_get_dn(old_dn),
+                    slapi_sdn_get_dn(new_dn), ldap_err2string(result));
     } else {
         /* Clear out the pblock for reuse. */
         slapi_pblock_init(mep_pb);
 
         /* Update the link to the managed entry in the origin entry. */
-        vals[0] = new_dn;
+        vals[0] = (char *)slapi_sdn_get_dn(new_dn);
         vals[1] = 0;
         mod.mod_op = LDAP_MOD_REPLACE;
         mod.mod_type = MEP_MANAGED_ENTRY_TYPE;
@@ -1331,8 +1324,8 @@ static void mep_rename_managed_entry(Slapi_Entry *origin,
                 "mep_rename_managed_entry: Updating %s pointer to "
                 "\"%s\" in entry \"%s\"\n.", MEP_MANAGED_ENTRY_TYPE,
                 vals[0], slapi_entry_get_dn(origin));
-        slapi_modify_internal_set_pb(mep_pb, slapi_entry_get_dn(origin), mods,
-                                     0, 0, mep_get_plugin_id(), 0);
+        slapi_modify_internal_set_pb_ext(mep_pb, slapi_entry_get_sdn(origin),
+                                         mods, 0, 0, mep_get_plugin_id(), 0);
         slapi_modify_internal_pb(mep_pb);
         slapi_pblock_get(mep_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
 
@@ -1742,7 +1735,7 @@ mep_is_mapped_attr(Slapi_Entry *template, char *type)
 static int
 mep_pre_op(Slapi_PBlock * pb, int modop)
 {
-    char *dn = 0;
+    Slapi_DN *sdn = NULL;
     Slapi_Entry *e = 0;
     Slapi_Mods *smods = 0;
     LDAPMod **mods;
@@ -1762,10 +1755,10 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
     /* See if we're calling ourselves. */
     slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &caller_id);
 
-    if (0 == (dn = mep_get_dn(pb)))
+    if (0 == (sdn = mep_get_sdn(pb)))
         goto bail;
 
-    if (mep_dn_is_config(dn)) {
+    if (mep_dn_is_config(sdn)) {
         /* Validate config changes, but don't apply them.
          * This allows us to reject invalid config changes
          * here at the pre-op stage.  Applying the config
@@ -1777,10 +1770,8 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
         } else if (LDAP_CHANGETYPE_MODIFY == modop) {
             /* Fetch the entry being modified so we can
              * create the resulting entry for validation. */
-            Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn);
-            if (tmp_dn) {
-                slapi_search_internal_get_entry(tmp_dn, 0, &e, mep_get_plugin_id());
-                slapi_sdn_free(&tmp_dn);
+            if (sdn) {
+                slapi_search_internal_get_entry(sdn, 0, &e, mep_get_plugin_id());
                 free_entry = 1;
             }
 
@@ -1829,11 +1820,10 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
             goto bail;
         }
 
-        mep_find_config_by_template_dn(dn, &config);
+        mep_find_config_by_template_dn(slapi_sdn_get_dn(sdn), &config);
         if (config) {
             Slapi_Entry *test_entry = NULL;
             struct configEntry *config_copy = NULL;
-            Slapi_DN *tmp_dn = NULL;
 
             config_copy = (struct configEntry *)slapi_ch_calloc(1, sizeof(struct configEntry));
 
@@ -1860,12 +1850,9 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
                 ret = LDAP_UNWILLING_TO_PERFORM;
                 break;
             case LDAP_CHANGETYPE_MODIFY: 
-                tmp_dn = slapi_sdn_new_dn_byref(dn);
-
                 /* Fetch the existing template entry. */
-                if (tmp_dn) {
-                    slapi_search_internal_get_entry(tmp_dn, 0, &e, mep_get_plugin_id());
-                    slapi_sdn_free(&tmp_dn);
+                if (sdn) {
+                    slapi_search_internal_get_entry(sdn, 0, &e, mep_get_plugin_id());
                     free_entry = 1;
                 }
 
@@ -1920,7 +1907,6 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
          * this plugin. */
         if (((modop == LDAP_CHANGETYPE_DELETE) || (modop == LDAP_CHANGETYPE_MODDN) ||
             (modop == LDAP_CHANGETYPE_MODIFY)) && (caller_id != mep_get_plugin_id())) {
-            Slapi_DN *tmp_dn = slapi_sdn_new_dn_byref(dn);
             Slapi_Entry *origin_e = NULL;
             Slapi_Mod *smod = NULL;
             Slapi_Mod *next_mod = NULL;
@@ -1928,14 +1914,13 @@ mep_pre_op(Slapi_PBlock * pb, int modop)
             Slapi_DN *origin_sdn = NULL;
 
             /* Fetch the target entry. */
-            if (tmp_dn) {
+            if (sdn) {
                 /* Free any existing entry so we don't leak it. */
                 if (e && free_entry) {
                     slapi_entry_free(e);
                 }
 
-                slapi_search_internal_get_entry(tmp_dn, 0, &e, mep_get_plugin_id());
-                slapi_sdn_free(&tmp_dn);
+                slapi_search_internal_get_entry(sdn, 0, &e, mep_get_plugin_id());
                 free_entry = 1;
             }
 
@@ -2070,7 +2055,7 @@ mep_mod_post_op(Slapi_PBlock *pb)
     Slapi_Mods *smods = NULL;
     Slapi_PBlock *mep_pb = NULL;
     Slapi_Entry *e = NULL;
-    char *dn = NULL;
+    Slapi_DN *sdn = NULL;
     char *managed_dn = NULL;
     Slapi_DN *managed_sdn = NULL;
     char *mapped_dn = NULL;
@@ -2085,9 +2070,9 @@ mep_mod_post_op(Slapi_PBlock *pb)
     if (!g_plugin_started)
         return 0;
 
-    if (mep_oktodo(pb) && (dn = mep_get_dn(pb))) {
+    if (mep_oktodo(pb) && (sdn = mep_get_sdn(pb))) {
         /* First check if the config or a template is being modified. */
-        if (mep_dn_is_config(dn) || mep_dn_is_template(dn)) {
+        if (mep_dn_is_config(sdn) || mep_dn_is_template(slapi_sdn_get_dn(sdn))) {
             mep_load_config();
         }
 
@@ -2143,7 +2128,7 @@ mep_mod_post_op(Slapi_PBlock *pb)
                         slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM,
                                     "mep_mod_post_op: Unable to update mapped "
                                     "attributes from origin entry \"%s\" in managed "
-                                    "entry \"%s\" (%s).\n", dn, managed_dn,
+                                    "entry \"%s\" (%s).\n", slapi_sdn_get_dn(sdn), managed_dn,
                                     ldap_err2string(result));
                     }
 
@@ -2157,7 +2142,7 @@ mep_mod_post_op(Slapi_PBlock *pb)
                     managed_sdn = slapi_sdn_new_dn_byref(managed_dn);
 
                     if (slapi_sdn_compare(managed_sdn, mapped_sdn) != 0) {
-                        mep_rename_managed_entry(e, mapped_dn, managed_dn);
+                        mep_rename_managed_entry(e, mapped_sdn, managed_sdn);
                     }
 
                     slapi_sdn_free(&mapped_sdn);
@@ -2166,7 +2151,7 @@ mep_mod_post_op(Slapi_PBlock *pb)
             } else {
                 slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM,
                         "mep_mod_post_op: Unable to find config for origin "
-                        "entry \"%s\".\n", dn);
+                        "entry \"%s\".\n", slapi_sdn_get_dn(sdn));
             }
 
             slapi_ch_free_string(&managed_dn);
@@ -2187,7 +2172,7 @@ static int
 mep_add_post_op(Slapi_PBlock *pb)
 {
     Slapi_Entry *e = NULL;
-    char *dn = NULL;
+    Slapi_DN *sdn = NULL;
     struct configEntry *config = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
@@ -2198,8 +2183,8 @@ mep_add_post_op(Slapi_PBlock *pb)
         return 0;
 
     /* Reload config if a config entry was added. */
-    if ((dn = mep_get_dn(pb))) {
-        if (mep_dn_is_config(dn)) {
+    if ((sdn = mep_get_sdn(pb))) {
+        if (mep_dn_is_config(sdn)) {
             mep_load_config();
         }
     } else {
@@ -2241,7 +2226,7 @@ mep_add_post_op(Slapi_PBlock *pb)
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                         "mep_add_post_op: Error "
-                        "retrieving post-op entry %s\n", dn);
+                        "retrieving post-op entry %s\n", slapi_sdn_get_dn(sdn));
     }
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
@@ -2253,8 +2238,8 @@ mep_add_post_op(Slapi_PBlock *pb)
 static int
 mep_del_post_op(Slapi_PBlock *pb)
 {
-    char *dn = NULL;
     Slapi_Entry *e = NULL;
+    Slapi_DN *sdn = NULL;
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
                     "--> mep_del_post_op\n");
@@ -2265,8 +2250,8 @@ mep_del_post_op(Slapi_PBlock *pb)
     }
 
     /* Reload config if a config entry was deleted. */
-    if ((dn = mep_get_dn(pb))) {
-        if (mep_dn_is_config(dn))
+    if ((sdn = mep_get_sdn(pb))) {
+        if (mep_dn_is_config(sdn))
             mep_load_config();
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
@@ -2299,7 +2284,7 @@ mep_del_post_op(Slapi_PBlock *pb)
             slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                             "mep_del_post_op: Deleting managed entry "
                             "\"%s\" due to deletion of origin entry "
-                            "\"%s\".\n ", managed_dn, dn);
+                            "\"%s\".\n ", managed_dn, slapi_sdn_get_dn(sdn));
             slapi_delete_internal_set_pb(mep_pb, managed_dn, NULL,
                                          NULL, mep_get_plugin_id(), 0);
             slapi_delete_internal_pb(mep_pb);
@@ -2310,7 +2295,7 @@ mep_del_post_op(Slapi_PBlock *pb)
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                         "mep_del_post_op: Error "
-                        "retrieving pre-op entry %s\n", dn);
+                        "retrieving pre-op entry %s\n", slapi_sdn_get_dn(sdn));
     }
 
     slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM,
@@ -2322,8 +2307,9 @@ mep_del_post_op(Slapi_PBlock *pb)
 static int
 mep_modrdn_post_op(Slapi_PBlock *pb)
 {
-    char *old_dn = NULL;
-    char *new_dn = NULL;
+    const char *new_dn = NULL;
+    Slapi_DN *old_sdn = NULL;
+    Slapi_DN *new_sdn = NULL;
     Slapi_Entry *post_e = NULL;
     char *managed_dn = NULL;
     struct configEntry *config = NULL;
@@ -2340,7 +2326,8 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
      * config entries. */
     slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_e);
     if (post_e) {
-        new_dn = slapi_entry_get_ndn(post_e);
+        new_sdn = slapi_entry_get_sdn(post_e);
+        new_dn = slapi_sdn_get_dn(new_sdn);
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                         "mep_modrdn_post_op: Error "
@@ -2348,8 +2335,8 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
         return 0;
     }
 
-    if ((old_dn = mep_get_dn(pb))) {
-        if (mep_dn_is_config(old_dn) || mep_dn_is_config(new_dn))
+    if ((old_sdn = mep_get_sdn(pb))) {
+        if (mep_dn_is_config(old_sdn) || mep_dn_is_config(new_sdn))
             mep_load_config();
     } else {
         slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
@@ -2398,7 +2385,7 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
             slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                     "mep_modrdn_post_op: Removing managed entry \"%s\" "
                     "since origin entry \"%s\" was moved out of scope.\n",
-                    managed_dn, old_dn);
+                    managed_dn, slapi_sdn_get_dn(old_sdn));
             slapi_delete_internal_set_pb (mep_pb, managed_dn, NULL, NULL,
                                           mep_get_plugin_id(), 0);
             slapi_delete_internal_pb(mep_pb);
@@ -2428,8 +2415,8 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
                     "mep_modrdn_post_op: Removing %s pointer and %s "
                     "objectclass from entry \"%s\".\n",
                     MEP_MANAGED_ENTRY_TYPE, MEP_ORIGIN_OC, new_dn);
-            slapi_modify_internal_set_pb(mep_pb, new_dn, mods, 0, 0,
-                                         mep_get_plugin_id(), 0);
+            slapi_modify_internal_set_pb_ext(mep_pb, new_sdn, mods, 0, 0,
+                                             mep_get_plugin_id(), 0);
             slapi_modify_internal_pb(mep_pb);
             slapi_pblock_get(mep_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
 
@@ -2442,7 +2429,7 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
             }
         } else {
             /* Update backlink to new origin DN in managed entry. */
-            vals[0] = new_dn;
+            vals[0] = (char *)new_dn;
             vals[1] = 0;
             mod.mod_op = LDAP_MOD_REPLACE;
             mod.mod_type = MEP_MANAGED_BY_TYPE;
@@ -2498,8 +2485,11 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
                                     "mep_modrdn_post_op: Renaming managed entry "
                                     "\"%s\" to \"%s\" due to rename of origin "
                                     "entry \"%s\".\n ", managed_dn,
-                                    slapi_entry_get_dn(new_managed_entry), old_dn);
-                    mep_rename_managed_entry(post_e, slapi_entry_get_dn(new_managed_entry), managed_dn);
+                                    slapi_entry_get_dn(new_managed_entry),
+                                    slapi_sdn_get_dn(old_sdn));
+                    mep_rename_managed_entry(post_e,
+                                    slapi_entry_get_sdn(new_managed_entry),
+                                    managed_sdn);
                 }
 
                 /* Update all of the mapped attributes
@@ -2513,7 +2503,8 @@ mep_modrdn_post_op(Slapi_PBlock *pb)
                     slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM,
                             "mep_modrdn_post_op: Updating mapped attributes "
                             "in entry \"%s\"\n.", managed_dn);
-                    slapi_modify_internal_set_pb(mep_pb, slapi_entry_get_dn(new_managed_entry),
+                    slapi_modify_internal_set_pb_ext(mep_pb,
+                                    slapi_entry_get_sdn(new_managed_entry),
                                     slapi_mods_get_ldapmods_byref(smods), 0, 0,
                                     mep_get_plugin_id(), 0);
                     slapi_modify_internal_pb(mep_pb);

ldap/servers/plugins/pam_passthru/pam_passthru.h

@@ -129,7 +129,7 @@ void * pam_passthruauth_get_plugin_identity();
  */
 int pam_passthru_config( Slapi_Entry *config_e );
 Pam_PassthruConfig *pam_passthru_get_config( void );
-int pam_passthru_check_suffix(Pam_PassthruConfig *cfg, char *binddn);
+int pam_passthru_check_suffix(Pam_PassthruConfig *cfg, const char *binddn);
 
 /*
  * pam_ptimpl.c

ldap/servers/plugins/pam_passthru/pam_ptconfig.c

@@ -538,7 +538,7 @@ pam_passthru_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent
 }
 
 int
-pam_passthru_check_suffix(Pam_PassthruConfig *cfg, char *binddn)
+pam_passthru_check_suffix(Pam_PassthruConfig *cfg, const char *binddn)
 {
 	Slapi_DN *comp_dn;
 	Pam_PassthruSuffix *try;

ldap/servers/plugins/pam_passthru/pam_ptimpl.c

@@ -91,7 +91,7 @@ struct my_pam_conv_str {
  * Get the PAM identity from the value of the leftmost RDN in the BIND DN.
  */
 static char *
-derive_from_bind_dn(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id)
+derive_from_bind_dn(Slapi_PBlock *pb, const char *binddn, MyStrBuf *pam_id)
 {
 	Slapi_RDN *rdn;
 	char *type = NULL;
@@ -106,7 +106,8 @@ derive_from_bind_dn(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id)
 }
 
 static char *
-derive_from_bind_entry(Slapi_PBlock *pb, char *binddn, MyStrBuf *pam_id, char *map_ident_attr, int *locked)
+derive_from_bind_entry(Slapi_PBlock *pb, const char *binddn, 
+                       MyStrBuf *pam_id, char *map_ident_attr, int *locked)
 {
 	char buf[BUFSIZ];
 	Slapi_Entry *entry = NULL;
@@ -264,7 +265,8 @@ do_one_pam_auth(
 )
 {
 	MyStrBuf pam_id;
-	char *binddn = NULL;
+	const char *binddn = NULL;
+	Slapi_DN *bindsdn = NULL;
 	int rc;
 	int retcode = LDAP_SUCCESS;
 	pam_handle_t *pam_handle;
@@ -274,7 +276,13 @@ do_one_pam_auth(
 	char *errmsg = NULL; /* free with PR_smprintf_free */
 	int locked = 0;
 
-	slapi_pblock_get( pb, SLAPI_BIND_TARGET, &binddn );
+	slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &bindsdn );
+	if (NULL == bindsdn) {
+		errmsg = PR_smprintf("Null bind dn");
+		retcode = LDAP_OPERATIONS_ERROR;
+		goto done; /* skip the pam stuff */
+	}
+	binddn = slapi_sdn_get_dn(bindsdn);
 
 	if (method == PAMPT_MAP_METHOD_RDN) {
 		derive_from_bind_dn(pb, binddn, &pam_id);

ldap/servers/plugins/pam_passthru/pam_ptpreop.c

@@ -165,10 +165,12 @@ static int
 pam_passthru_bindpreop( Slapi_PBlock *pb )
 {
     int rc, method;
-    char *normbinddn, *errmsg = NULL;
+    const char *normbinddn;
+    char *errmsg = NULL;
+    Slapi_DN *bindsdn = NULL;
     Pam_PassthruConfig	*cfg;
     struct berval	*creds;
-	int retcode = PAM_PASSTHRU_OP_NOT_HANDLED;
+    int retcode = PAM_PASSTHRU_OP_NOT_HANDLED;
 
     PAM_PASSTHRU_ASSERT( pb != NULL );
 
@@ -179,12 +181,13 @@ pam_passthru_bindpreop( Slapi_PBlock *pb )
      * retrieve parameters for bind operation
      */
     if ( slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ) != 0 ||
-		 slapi_pblock_get( pb, SLAPI_BIND_TARGET, &normbinddn ) != 0 ||
+		 slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &bindsdn ) != 0 ||
 		 slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds ) != 0 ) {
 		slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
 						 "<= not handled (unable to retrieve bind parameters)\n" );
 		return retcode;
     }
+    normbinddn = slapi_sdn_get_dn(bindsdn);
 
     /*
      * We only handle simple bind requests that include non-NULL binddn and

ldap/servers/plugins/passthru/passthru.h

@@ -136,7 +136,7 @@ typedef struct passthruconfig {
  * ptbind.c:
  */
 int passthru_simple_bind_s( Slapi_PBlock *pb, PassThruServer *srvr, int tries,
-	char *dn, struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
+	const char *dn, struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
 	char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
 	LDAPControl ***resctrlsp );
 
@@ -149,7 +149,7 @@ PassThruConfig *passthru_get_config( void );
 /*
  * ptconn.c:
  */
-int passthru_dn2server( PassThruConfig *cfg, char *normdn,
+int passthru_dn2server( PassThruConfig *cfg, const char *normdn,
 	PassThruServer **srvrp );
 int passthru_get_connection( PassThruServer *srvr, LDAP **ldp );
 void passthru_release_connection( PassThruServer *srvr, LDAP *ld, int dispose );

ldap/servers/plugins/passthru/ptbind.c

@@ -48,7 +48,7 @@
 #include "passthru.h"
 
 static int
-passthru_simple_bind_once_s( PassThruServer *srvr, char *dn,
+passthru_simple_bind_once_s( PassThruServer *srvr, const char *dn,
 	struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
 	char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
 	LDAPControl ***resctrlsp );
@@ -68,7 +68,7 @@ passthru_simple_bind_once_s( PassThruServer *srvr, char *dn,
  */
 int
 passthru_simple_bind_s( Slapi_PBlock *pb, PassThruServer *srvr, int tries,
-	char *dn, struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
+	const char *dn, struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
 	char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
 	LDAPControl ***resctrlsp )
 {
@@ -102,7 +102,7 @@ passthru_simple_bind_s( Slapi_PBlock *pb, PassThruServer *srvr, int tries,
  * like passthru_simple_bind_s() but only makes one attempt.
  */
 static int
-passthru_simple_bind_once_s( PassThruServer *srvr, char *dn,
+passthru_simple_bind_once_s( PassThruServer *srvr, const char *dn,
 	struct berval *creds, LDAPControl **reqctrls, int *lderrnop,
 	char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
 	LDAPControl ***resctrlsp )

ldap/servers/plugins/passthru/ptconn.c

@@ -50,7 +50,7 @@
 /*
  * function prototypes
  */
-static int dn_is_underneath_suffix( PassThruSuffix *suffix, char *normdn,
+static int dn_is_underneath_suffix( PassThruSuffix *suffix, const char *normdn,
     int dnlen );
 static void close_and_dispose_connection( PassThruConnection *conn );
 static void check_for_stale_connections( PassThruServer *srvr );
@@ -107,7 +107,7 @@ static void check_for_stale_connections( PassThruServer *srvr );
  *	LDAP_NO_SUCH_OBJECT	let this server handle the bind.
  */
 int
-passthru_dn2server( PassThruConfig *cfg, char *normdn, PassThruServer **srvrp )
+passthru_dn2server( PassThruConfig *cfg, const char *normdn, PassThruServer **srvrp )
 {
     PassThruServer	*ptsrvr;
     PassThruSuffix	*ptsuffix;
@@ -360,7 +360,7 @@ passthru_close_all_connections( PassThruConfig *cfg )
  * return non-zero value if normdn falls underneath a suffix
  */
 static int
-dn_is_underneath_suffix( PassThruSuffix *suffix, char *normdn, int dnlen )
+dn_is_underneath_suffix( PassThruSuffix *suffix, const char *normdn, int dnlen )
 {
     PASSTHRU_ASSERT( suffix != NULL );
     PASSTHRU_ASSERT( normdn != NULL );
@@ -368,7 +368,7 @@ dn_is_underneath_suffix( PassThruSuffix *suffix, char *normdn, int dnlen )
 
     return ( suffix->ptsuffix_len <= dnlen &&
 	    slapi_UTF8CASECMP( suffix->ptsuffix_normsuffix,
-	    normdn + ( dnlen - suffix->ptsuffix_len )) == 0 );
+	    (char *)normdn + ( dnlen - suffix->ptsuffix_len )) == 0 );
 }
 
 

ldap/servers/plugins/passthru/ptpreop.c

@@ -149,7 +149,9 @@ static int
 passthru_bindpreop( Slapi_PBlock *pb )
 {
     int			rc, method, freeresctrls=1;
-    char		*normbinddn, *matcheddn;
+    char		*matcheddn;
+    const char	*normbinddn = NULL;
+    Slapi_DN	*sdn = NULL;
     char		*libldap_errmsg, *pr_errmsg, *errmsg;
     PassThruConfig	*cfg;
     PassThruServer	*srvr;
@@ -165,14 +167,15 @@ passthru_bindpreop( Slapi_PBlock *pb )
      * retrieve parameters for bind operation
      */
     if ( slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ) != 0 ||
-	    slapi_pblock_get( pb, SLAPI_BIND_TARGET, &normbinddn ) != 0 ||
-	    slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds ) != 0 ) {
-	slapi_log_error( SLAPI_LOG_FATAL, PASSTHRU_PLUGIN_SUBSYSTEM,
-		"<= not handled (unable to retrieve bind parameters)\n" );
-	return( PASSTHRU_OP_NOT_HANDLED );
+        slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn ) != 0 ||
+        slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds ) != 0 ) {
+        slapi_log_error( SLAPI_LOG_FATAL, PASSTHRU_PLUGIN_SUBSYSTEM,
+                     "<= not handled (unable to retrieve bind parameters)\n" );
+        return( PASSTHRU_OP_NOT_HANDLED );
     }
+    normbinddn = slapi_sdn_get_dn(sdn);
     if ( normbinddn == NULL ) {
-	normbinddn = "";
+        normbinddn = "";
     }
 
     /*

ldap/servers/plugins/referint/referint.c

@@ -77,10 +77,10 @@ int referint_postop_del( Slapi_PBlock *pb );
 int referint_postop_modrdn( Slapi_PBlock *pb ); 
 int referint_postop_start( Slapi_PBlock *pb);
 int referint_postop_close( Slapi_PBlock *pb);
-int update_integrity(char **argv, char *origDN, char *newrDN, char *newsuperior, int logChanges, void *txn);
+int update_integrity(char **argv, Slapi_DN *sDN, char *newrDN, Slapi_DN *newsuperior, int logChanges, void *txn);
 void referint_thread_func(void *arg);
 int  GetNextLine(char *dest, int size_dest, PRFileDesc *stream);
-void writeintegritylog(char *logfilename, char *dn, char *newrdn, char *newsuperior);
+void writeintegritylog(char *logfilename, Slapi_DN *sdn, char *newrdn, Slapi_DN *newsuperior);
 int my_fgetc(PRFileDesc *stream);
 
 /* global thread control stuff */
@@ -157,7 +157,7 @@ referint_postop_init( Slapi_PBlock *pb )
 int
 referint_postop_del( Slapi_PBlock *pb )
 {
-	char	*dn;
+	Slapi_DN *sdn = NULL;
 	int rc;
 	int oprc;
 	char **argv;
@@ -168,7 +168,7 @@ referint_postop_del( Slapi_PBlock *pb )
 	void *txn = NULL;
 
 	if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &isrepop ) != 0  ||
-		 slapi_pblock_get( pb, SLAPI_DELETE_TARGET, &dn ) != 0  ||
+		 slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn ) != 0  ||
 	     slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0  ||
 	     slapi_pblock_get(pb, SLAPI_TXN, &txn) != 0) 
         {
@@ -215,10 +215,10 @@ referint_postop_del( Slapi_PBlock *pb )
 		}else if(delay == 0){
 		  /* no delay */
  		  /* call function to update references to entry */
-		  rc = update_integrity(argv, dn, NULL, NULL, logChanges, txn);
+		  rc = update_integrity(argv, sdn, NULL, NULL, logChanges, txn);
 		}else{
 		  /* write the entry to integrity log */
-		  writeintegritylog(argv[1],dn, NULL, NULL);
+		  writeintegritylog(argv[1], sdn, NULL, NULL);
 		  rc = 0;
 		}
 	} else {
@@ -234,9 +234,9 @@ referint_postop_del( Slapi_PBlock *pb )
 int
 referint_postop_modrdn( Slapi_PBlock *pb )
 {
-	char	*dn;
+	Slapi_DN *sdn = NULL;
 	char	*newrdn;
-	char	*newsuperior;
+	Slapi_DN *newsuperior;
 	int oprc;
 	int rc;
 	char **argv;
@@ -247,9 +247,9 @@ referint_postop_modrdn( Slapi_PBlock *pb )
 	void *txn = NULL;
 
 	if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &isrepop ) != 0  ||
-		 slapi_pblock_get( pb, SLAPI_MODRDN_TARGET, &dn ) != 0 ||
+		 slapi_pblock_get( pb, SLAPI_MODRDN_TARGET_SDN, &sdn ) != 0 ||
 		 slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn ) != 0 ||
-		 slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperior ) != 0 ||
+		 slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior ) != 0 ||
 		 slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0 ||
 		 slapi_pblock_get(pb, SLAPI_TXN, &txn) != 0) {
 
@@ -299,11 +299,12 @@ referint_postop_modrdn( Slapi_PBlock *pb )
 	  rc = 0;
 	}else if(delay == 0){
 	  /* no delay */
- 	  /* call function to update references to entry */
-	  rc = update_integrity(argv, dn, newrdn, newsuperior, logChanges, txn);
+	  /* call function to update references to entry */
+	  rc = update_integrity(argv, sdn, newrdn,
+	                        newsuperior, logChanges, txn);
 	}else{
 	  /* write the entry to integrity log */
-	  writeintegritylog(argv[1],dn, newrdn, newsuperior);
+	  writeintegritylog(argv[1], sdn, newrdn, newsuperior);
 	  rc = 0;
 	}
 
@@ -331,7 +332,7 @@ int isFatalSearchError(int search_result)
 }
 
 static int
-_do_modify(Slapi_PBlock *mod_pb, const char *entryDN, LDAPMod **mods, void *txn)
+_do_modify(Slapi_PBlock *mod_pb, Slapi_DN *entrySDN, LDAPMod **mods, void *txn)
 {
     int rc = 0;
 
@@ -340,8 +341,8 @@ _do_modify(Slapi_PBlock *mod_pb, const char *entryDN, LDAPMod **mods, void *txn)
     slapi_pblock_set(mod_pb, SLAPI_TXN, txn);
 
     /* Use internal operation API */
-    slapi_modify_internal_set_pb(mod_pb, entryDN, mods, NULL, NULL,
-                                 referint_plugin_identity, 0);
+    slapi_modify_internal_set_pb_ext(mod_pb, entrySDN, mods, NULL, NULL,
+                                     referint_plugin_identity, 0);
     slapi_modify_internal_pb(mod_pb);
     slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
     
@@ -352,13 +353,12 @@ _do_modify(Slapi_PBlock *mod_pb, const char *entryDN, LDAPMod **mods, void *txn)
  * update one attribute value per _do_modify
  */
 static int
-_update_one_per_mod(const char *entryDN, /* DN of the searched entry */
-                    Slapi_Attr *attr,    /* referred attribute */
+_update_one_per_mod(Slapi_DN *entrySDN,      /* DN of the searched entry */
+                    Slapi_Attr *attr,        /* referred attribute */
                     char *attrName,
-                    char *origDN,        /* original DN that was modified */
-                    char *norm_origDN,   /* normalized original DN */
-                    char *newRDN,        /* new RDN from modrdn */
-                    char *newsuperior,   /* new superior from modrdn */
+                    const char *origDN,      /* original DN that was modified */
+                    char *newRDN,            /* new RDN from modrdn */
+                    const char *newsuperior, /* new superior from modrdn */
                     Slapi_PBlock *mod_pb, void *txn)
 {
     LDAPMod *list_of_mods[3];
@@ -374,7 +374,7 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
     if (NULL == newRDN && NULL == newsuperior) {
         /* in delete mode */
         /* delete old dn so set that up */
-        values_del[0] = origDN;
+        values_del[0] = (char *)origDN;
         values_del[1] = NULL;
         attribute1.mod_type = attrName;
         attribute1.mod_op = LDAP_MOD_DELETE;
@@ -382,11 +382,11 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
         list_of_mods[0] = &attribute1;
         /* terminate list of mods. */
         list_of_mods[1] = NULL;
-        rc = _do_modify(mod_pb, entryDN, list_of_mods, txn);
+        rc = _do_modify(mod_pb, entrySDN, list_of_mods, txn);
         if (rc) {
             slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                 "_update_one_value: entry %s: deleting \"%s: %s\" failed (%d)"
-                "\n", entryDN, attrName, origDN, rc);
+                "\n", slapi_sdn_get_dn(entrySDN), attrName, origDN, rc);
         }
     } else {
         /* in modrdn mode */
@@ -400,7 +400,7 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
             newRDN = dnParts[0];
         }
         if (newsuperior) {
-            superior = (const char *)newsuperior;
+            superior = newsuperior;
         } else {
             /* no need to free superior */
             superior = slapi_dn_find_parent(origDN);
@@ -443,7 +443,7 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
             }
             /* else: (rc < 0) Ignore the DN normalization error for now. */
 
-            p = PL_strstr(sval, norm_origDN);
+            p = PL_strstr(sval, origDN);
             if (p == sval) {
                 /* (case 1) */
                 values_del[0] = sval;
@@ -460,12 +460,13 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
                 attribute2.mod_values = values_add;
                 list_of_mods[1] = &attribute2;
                 list_of_mods[2] = NULL;
-                rc = _do_modify(mod_pb, entryDN, list_of_mods, txn);
+                rc = _do_modify(mod_pb, entrySDN, list_of_mods, txn);
                 if (rc) {
                     slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                         "_update_one_value: entry %s: replacing \"%s: %s\" "
                         "with \"%s: %s\" failed (%d)\n",
-                        entryDN, attrName, origDN, attrName, newDN, rc);
+                        slapi_sdn_get_dn(entrySDN), attrName, 
+                        origDN, attrName, newDN, rc);
                 }
             } else if (p) {
                 char bak;
@@ -489,12 +490,12 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
                 attribute2.mod_values = values_add;
                 list_of_mods[1] = &attribute2;
                 list_of_mods[2] = NULL;
-                rc = _do_modify(mod_pb, entryDN, list_of_mods, txn);
+                rc = _do_modify(mod_pb, entrySDN, list_of_mods, txn);
                 if (rc) {
                     slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                         "_update_one_value: entry %s: replacing \"%s: %s\" "
                         "with \"%s: %s\" failed (%d)\n",
-                        entryDN, attrName, sval, attrName, newvalue, rc);
+                        slapi_sdn_get_dn(entrySDN), attrName, sval, attrName, newvalue, rc);
                 }
                 slapi_ch_free_string(&newvalue);
             } 
@@ -517,13 +518,12 @@ _update_one_per_mod(const char *entryDN, /* DN of the searched entry */
  * update multiple attribute values per _do_modify
  */
 static int
-_update_all_per_mod(const char *entryDN, /* DN of the searched entry */
-                    Slapi_Attr *attr,    /* referred attribute */
+_update_all_per_mod(Slapi_DN *entrySDN,      /* DN of the searched entry */
+                    Slapi_Attr *attr,        /* referred attribute */
                     char *attrName,
-                    char *origDN,        /* original DN that was modified */
-                    char *norm_origDN,   /* normalized original DN */
-                    char *newRDN,        /* new RDN from modrdn */
-                    char *newsuperior,   /* new superior from modrdn */
+                    const char *origDN,      /* original DN that was modified */
+                    char *newRDN,            /* new RDN from modrdn */
+                    const char *newsuperior, /* new superior from modrdn */
                     Slapi_PBlock *mod_pb, void *txn)
 {
     Slapi_Mods *smods = NULL;
@@ -543,7 +543,7 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
         LDAPMod attribute1;
 
         /* delete old dn so set that up */
-        values_del[0] = origDN;
+        values_del[0] = (char *)origDN;
         values_del[1] = NULL;
         attribute1.mod_type = attrName;
         attribute1.mod_op = LDAP_MOD_DELETE;
@@ -551,11 +551,11 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
         mods[0] = &attribute1;
         /* terminate list of mods. */
         mods[1] = NULL;
-        rc = _do_modify(mod_pb, entryDN, mods, txn);
+        rc = _do_modify(mod_pb, entrySDN, mods, txn);
         if (rc) {
             slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                 "_update_one_value: entry %s: deleting \"%s: %s\" failed (%d)"
-                "\n", entryDN, attrName, origDN, rc);
+                "\n", slapi_sdn_get_dn(entrySDN), attrName, origDN, rc);
         }
     } else {
         /* in modrdn mode */
@@ -569,7 +569,7 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
             newRDN = dnParts[0];
         }
         if (newsuperior) {
-            superior = (const char *)newsuperior;
+            superior = newsuperior;
         } else {
             /* no need to free superior */
             superior = slapi_dn_find_parent(origDN);
@@ -615,7 +615,7 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
             }
             /* else: (rc < 0) Ignore the DN normalization error for now. */
 
-            p = PL_strstr(sval, norm_origDN);
+            p = PL_strstr(sval, origDN);
             if (p == sval) {
                 /* (case 1) */
                 slapi_mods_add_string(smods, LDAP_MOD_DELETE, attrName, sval);
@@ -632,11 +632,11 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
             /* else: value does not include the modified DN.  Ignore it. */
             slapi_ch_free_string(&sval);
         }
-        rc = _do_modify(mod_pb, entryDN, slapi_mods_get_ldapmods_byref(smods), txn);
+        rc = _do_modify(mod_pb, entrySDN, slapi_mods_get_ldapmods_byref(smods), txn);
         if (rc) {
             slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                         "_update_all_value: entry %s failed (%d)\n",
-                        entryDN, rc);
+                        slapi_sdn_get_dn(entrySDN), rc);
         }
 
         /* cleanup memory allocated for dnParts and newDN */
@@ -652,8 +652,9 @@ _update_all_per_mod(const char *entryDN, /* DN of the searched entry */
 }
 
 int
-update_integrity(char **argv, char *origDN,
-                 char *newrDN, char *newsuperior, int logChanges, void *txn)
+update_integrity(char **argv, Slapi_DN *origSDN,
+                 char *newrDN, Slapi_DN *newsuperior, 
+                 int logChanges, void *txn)
 {
     Slapi_PBlock *search_result_pb = NULL;
     Slapi_PBlock *mod_pb = slapi_pblock_new();
@@ -664,9 +665,9 @@ update_integrity(char **argv, char *origDN,
     char *filter = NULL;
     int i, j;
     const char *search_base = NULL;
-    char *norm_origDN = NULL;
-    size_t dnlen = 0;
     int rc;
+    size_t len = slapi_sdn_get_ndn_len(origSDN);
+    const char *origDN = slapi_sdn_get_dn(origSDN);
    
     if ( argv == NULL ) {
         slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
@@ -677,16 +678,6 @@ update_integrity(char **argv, char *origDN,
 
     /* for now, just putting attributes to keep integrity on in conf file,
        until resolve the other timing mode issue */
-  
-    rc = slapi_dn_normalize_case_ext(origDN, 0,  &norm_origDN, &dnlen);
-    if (rc == 0) { /* origDN is passed in; not terminated */
-        *(norm_origDN + dnlen) = '\0';
-        norm_origDN = slapi_ch_strdup(norm_origDN);
-    } else if (rc < 0) {
-        /* Ignore the DN normalization error for now. */
-        norm_origDN = slapi_ch_strdup(origDN);
-    }
-
     search_result_pb = slapi_pblock_new();
 
     /* Search each namingContext in turn */
@@ -698,8 +689,8 @@ update_integrity(char **argv, char *origDN,
         for(i = 3; argv[i] != NULL; i++)
         {
             char buf[BUFSIZ];
-            size_t len = strlen(origDN);
-            filter = slapi_ch_smprintf("(%s=*%s)", argv[i], escape_filter_value(origDN, len, buf));
+            filter = slapi_ch_smprintf("(%s=*%s)", argv[i],
+                                    escape_filter_value(origDN, len, buf));
             if ( filter ) {
                 /* Need only the current attribute and its subtypes */
                 char *attrs[2];
@@ -758,18 +749,16 @@ update_integrity(char **argv, char *origDN,
                                  */
                                 if (nval > 128) {
                                     rc = _update_one_per_mod(
-                                              slapi_entry_get_dn(search_entries[j]),
-                                              attr, attrName,
-                                              origDN, norm_origDN,
-                                              newrDN, newsuperior,
-                                              mod_pb, txn);
+                                         slapi_entry_get_sdn(search_entries[j]),
+                                         attr, attrName, origDN, newrDN, 
+                                         slapi_sdn_get_dn(newsuperior),
+                                         mod_pb, txn);
                                 } else {
                                     rc = _update_all_per_mod(
-                                              slapi_entry_get_dn(search_entries[j]),
-                                              attr, attrName,
-                                              origDN, norm_origDN,
-                                              newrDN, newsuperior,
-                                              mod_pb, txn);
+                                         slapi_entry_get_sdn(search_entries[j]),
+                                         attr, attrName, origDN, newrDN, 
+                                         slapi_sdn_get_dn(newsuperior),
+                                         mod_pb, txn);
                                 }
                                 /* Should we stop if one modify returns an error? */
                             }
@@ -798,8 +787,6 @@ update_integrity(char **argv, char *origDN,
     rc = 0;
 
 free_and_return:
-    slapi_ch_free_string(&norm_origDN);
- 
     /* free filter and search_results_pb */
     slapi_ch_free_string(&filter);
 
@@ -900,7 +887,9 @@ referint_thread_func(void *arg)
     int no_changes;
     char delimiter[]="\t\n";
     char *ptoken;
-    char *tmpdn, *tmprdn, *tmpsuperior;
+	Slapi_DN *sdn = NULL;
+    char *tmprdn;
+    Slapi_DN *tmpsuperior = NULL;
     int logChanges=0;
 	char * iter = NULL;
 
@@ -960,8 +949,7 @@ referint_thread_func(void *arg)
   
 	while( GetNextLine(thisline, MAX_LINE, prfd) ){
 	    ptoken = ldap_utf8strtok_r(thisline, delimiter, &iter);
-	    tmpdn = slapi_ch_calloc(strlen(ptoken) + 1, sizeof(char));
-	    strcpy(tmpdn, ptoken);
+		sdn = slapi_sdn_new_dn_byref(ptoken);
 
 	    ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter);
 	    if(!strcasecmp(ptoken, "NULL")) {
@@ -974,14 +962,15 @@ referint_thread_func(void *arg)
 	    if (!strcasecmp(ptoken, "NULL")) {
 	        tmpsuperior = NULL;
 	    } else {
-	        tmpsuperior = slapi_ch_smprintf("%s", ptoken);
+	        tmpsuperior = slapi_sdn_new_dn_byref(ptoken);
 	    }
       
-	    update_integrity(plugin_argv, tmpdn, tmprdn, tmpsuperior, logChanges, NULL);
+	    update_integrity(plugin_argv, sdn, tmprdn,
+	                     tmpsuperior, logChanges, NULL);
       
-	    slapi_ch_free_string(&tmpdn);
+	    slapi_sdn_free(&sdn);
 	    slapi_ch_free_string(&tmprdn);
-	    slapi_ch_free_string(&tmpsuperior);
+	    slapi_sdn_free(&tmpsuperior);
 	}
 
 	PR_Close(prfd);
@@ -1094,7 +1083,8 @@ GetNextLine(char *dest, int size_dest, PRFileDesc *stream) {
 }
 
 void
-writeintegritylog(char *logfilename, char *dn, char *newrdn, char *newsuperior)
+writeintegritylog(char *logfilename, Slapi_DN *sdn, 
+                  char *newrdn, Slapi_DN *newsuperior)
 {
     PRFileDesc *prfd;
     char buffer[MAX_LINE];
@@ -1123,7 +1113,7 @@ writeintegritylog(char *logfilename, char *dn, char *newrdn, char *newsuperior)
      */
 
 	/* add length of dn +  4(two tabs, a newline, and terminating \0) */
-    len_to_write = strlen(dn) + 4;
+    len_to_write = slapi_sdn_get_ndn_len(sdn) + 4;
 
     if(newrdn == NULL)
     {
@@ -1139,7 +1129,7 @@ writeintegritylog(char *logfilename, char *dn, char *newrdn, char *newsuperior)
         len_to_write += 4;
     }else{
         /* add the length of the newsuperior */
-        len_to_write += strlen(newsuperior);
+        len_to_write += slapi_sdn_get_ndn_len(newsuperior);
     }
 
     if(len_to_write > MAX_LINE )
@@ -1150,9 +1140,10 @@ writeintegritylog(char *logfilename, char *dn, char *newrdn, char *newsuperior)
                          " to update references to this entry.\n");
     }else{
        PR_snprintf(buffer, MAX_LINE, "%s\t%s\t%s\t\n", 
-				   dn,
+				   slapi_sdn_get_dn(sdn),
 				   (newrdn != NULL) ? newrdn : "NULL",
-				   (newsuperior != NULL) ? newsuperior : "NULL");
+				   (newsuperior != NULL) ? slapi_sdn_get_dn(newsuperior) :
+				                           "NULL");
         if (PR_Write(prfd,buffer,strlen(buffer)) < 0){
            slapi_log_error(SLAPI_LOG_FATAL,REFERINT_PLUGIN_SUBSYSTEM,
 	       " writeintegritylog: PR_Write failed : The disk"

ldap/servers/plugins/replication/cl4_api.c

@@ -533,7 +533,7 @@ static int _cl4ResolveTargetDN (Slapi_Entry *entry, Slapi_DN **newTargetDN)
 	if (strcasecmp (changetype, "add") == 0) /* this is add operation - we have rawdn */
 		slapi_sdn_set_dn_byref (targetSDN, targetdn);	
 	else
-		slapi_sdn_set_ndn_byref (targetSDN, targetdn);
+		slapi_sdn_set_normdn_byref (targetSDN, targetdn);
 
 	/* read the entry to which the change was applied */
 	rc = _cl4GetTargetEntry (targetSDN, uniqueid, &targetEntry);

ldap/servers/plugins/replication/cl5_api.c

@@ -1060,7 +1060,7 @@ cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas)
                         "cl5ImportLDIF: "
                         "failed to write operation to the changelog: "
                         "type: %lu, dn: %s\n",
-                        op.operation_type, op.target_address.dn);
+                        op.operation_type, REPL_GET_DN(&op.target_address));
                 slapi_ch_free_string(&replGen);
                 operation_parameters_done (&op);
                 goto done;
@@ -1080,7 +1080,7 @@ cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas)
                         "cl5ImportLDIF: "
                         "failed to write operation to the changelog: "
                         "type: %lu, dn: %s\n",
-                        op.operation_type, op.target_address.dn);
+                        op.operation_type, REPL_GET_DN(&op.target_address));
                 object_release (replica_obj);
                 slapi_ch_free_string(&replGen);
 				operation_parameters_done (&op);
@@ -2150,7 +2150,7 @@ static int _cl5Entry2DBData (const CL5Entry *entry, char **data, PRUint32 *len)
 										}
 										break;
 
-		case SLAPI_OPERATION_MODIFY:	size += strlen (op->target_address.dn) + 1;
+		case SLAPI_OPERATION_MODIFY:	size += REPL_GET_DN_LEN(&op->target_address) + 1;
 										/* Need larger buffer for the encrypted changelog */
 										if (s_cl5Desc.clcrypt_handle) {
 											size += (_cl5GetModsSize (op->p.p_modify.modify_mods) * (1 + BACK_CRYPT_OUTBUFF_EXTLEN));
@@ -2159,11 +2159,11 @@ static int _cl5Entry2DBData (const CL5Entry *entry, char **data, PRUint32 *len)
 										}
 										break;
 
-		case SLAPI_OPERATION_MODRDN:	size += strlen (op->target_address.dn) + 1;
+		case SLAPI_OPERATION_MODRDN:	size += REPL_GET_DN_LEN(&op->target_address) + 1;
 										/* 1 for deleteoldrdn */
 										size += strlen (op->p.p_modrdn.modrdn_newrdn) + 2; 
-										if (op->p.p_modrdn.modrdn_newsuperior_address.dn)
-											size += strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn) + 1;
+										if (REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address))
+											size += REPL_GET_DN_LEN(&op->p.p_modrdn.modrdn_newsuperior_address) + 1;
 										else
 											size ++; /* for NULL char */
 										if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)
@@ -2178,7 +2178,7 @@ static int _cl5Entry2DBData (const CL5Entry *entry, char **data, PRUint32 *len)
 										}
 										break;
 
-		case SLAPI_OPERATION_DELETE:	size += strlen (op->target_address.dn) + 1;
+		case SLAPI_OPERATION_DELETE:	size += REPL_GET_DN_LEN(&op->target_address) + 1;
 										break;
 	}	
 
@@ -2218,20 +2218,20 @@ static int _cl5Entry2DBData (const CL5Entry *entry, char **data, PRUint32 *len)
 										ldap_mods_free (add_mods, 1);
 										break;
 
-		case SLAPI_OPERATION_MODIFY:	_cl5WriteString (op->target_address.dn, &pos);
+		case SLAPI_OPERATION_MODIFY:	_cl5WriteString (REPL_GET_DN(&op->target_address), &pos);
 										_cl5WriteMods (op->p.p_modify.modify_mods, &pos);
 										break;
 
-		case SLAPI_OPERATION_MODRDN:	_cl5WriteString (op->target_address.dn, &pos);
+		case SLAPI_OPERATION_MODRDN:	_cl5WriteString (REPL_GET_DN(&op->target_address), &pos);
 										_cl5WriteString (op->p.p_modrdn.modrdn_newrdn, &pos);
 										*pos = (PRUint8)op->p.p_modrdn.modrdn_deloldrdn;	 
 										pos ++;
-										_cl5WriteString (op->p.p_modrdn.modrdn_newsuperior_address.dn, &pos);
+										_cl5WriteString (REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address), &pos);
 										_cl5WriteString (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid, &pos);
 										_cl5WriteMods (op->p.p_modrdn.modrdn_mods, &pos);
 										break;
 
-		case SLAPI_OPERATION_DELETE:	_cl5WriteString (op->target_address.dn, &pos);
+		case SLAPI_OPERATION_DELETE:	_cl5WriteString (REPL_GET_DN(&op->target_address), &pos);
 										break;
 	}
 	
@@ -2319,27 +2319,31 @@ cl5DBData2Entry (const char *data, PRUint32 len, CL5Entry *entry)
 		case SLAPI_OPERATION_ADD:		_cl5ReadString (&op->p.p_add.parentuniqueid, &pos);
 			/* richm: need to free parentuniqueid */
 										_cl5ReadString (&rawDN, &pos);
-										op->target_address.dn = rawDN;
+										op->target_address.sdn = slapi_sdn_new_dn_passin(rawDN);
 										/* convert mods to entry */
 										rc = _cl5ReadMods (&add_mods, &pos);
 										slapi_mods2entry (&(op->p.p_add.target_entry), rawDN, add_mods);
 										ldap_mods_free (add_mods, 1);
 										break;
 
-		case SLAPI_OPERATION_MODIFY:    _cl5ReadString (&op->target_address.dn, &pos);
+		case SLAPI_OPERATION_MODIFY:    _cl5ReadString (&rawDN, &pos);
+										op->target_address.sdn = slapi_sdn_new_dn_passin(rawDN);
 										rc = _cl5ReadMods (&op->p.p_modify.modify_mods, &pos);
 										break;
 
-		case SLAPI_OPERATION_MODRDN:	_cl5ReadString (&op->target_address.dn, &pos);
+		case SLAPI_OPERATION_MODRDN:	_cl5ReadString (&rawDN, &pos);
+										op->target_address.sdn = slapi_sdn_new_dn_passin(rawDN);
 										_cl5ReadString (&op->p.p_modrdn.modrdn_newrdn, &pos);
 										op->p.p_modrdn.modrdn_deloldrdn = *pos;	 
 										pos ++;
-										_cl5ReadString (&op->p.p_modrdn.modrdn_newsuperior_address.dn, &pos);
+										_cl5ReadString (&rawDN, &pos);
+										op->p.p_modrdn.modrdn_newsuperior_address.sdn = slapi_sdn_new_dn_passin(rawDN);
 										_cl5ReadString (&op->p.p_modrdn.modrdn_newsuperior_address.uniqueid, &pos);
 										rc = _cl5ReadMods (&op->p.p_modrdn.modrdn_mods, &pos);
 										break;
 
-		case SLAPI_OPERATION_DELETE:	_cl5ReadString (&op->target_address.dn, &pos);
+		case SLAPI_OPERATION_DELETE:	_cl5ReadString (&rawDN, &pos);
+										op->target_address.sdn = slapi_sdn_new_dn_passin(rawDN);
 										rc = CL5_SUCCESS;
 										break;
 
@@ -4210,7 +4214,7 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 											"_cl5Operation2LDIF(MODIFY): mods are NULL\n");
 										return CL5_BAD_FORMAT;
 									 }
-									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), REPL_GET_DN_LEN(&op->target_address));
 									 l = make_changes_string(op->p.p_modify.modify_mods, NULL);
 									 len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len);
 									 break;
@@ -4220,15 +4224,15 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 											"_cl5Operation2LDIF(MODRDN): mods are NULL\n");
 										return CL5_BAD_FORMAT;
 									 }
-									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), REPL_GET_DN_LEN(&op->target_address));
 									 len += LDIF_SIZE_NEEDED(strlen (T_NEWRDNSTR), 
 															 strlen (op->p.p_modrdn.modrdn_newrdn));
 									 strDeleteOldRDN = (op->p.p_modrdn.modrdn_deloldrdn ? "true" : "false");
 									 len += LDIF_SIZE_NEEDED(strlen (T_DRDNFLAGSTR),
 															 strlen (strDeleteOldRDN));
-									 if (op->p.p_modrdn.modrdn_newsuperior_address.dn)
+									 if (REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address))
 										len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORDNSTR),
-													strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn));
+													REPL_GET_DN_LEN(&op->p.p_modrdn.modrdn_newsuperior_address));
 									 if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)
 										len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORIDSTR),
 													strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid));
@@ -4236,12 +4240,12 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 									 len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len);
 									 break;		  
 
-		case SLAPI_OPERATION_DELETE: if (NULL == op->target_address.dn) {
+		case SLAPI_OPERATION_DELETE: if (NULL == REPL_GET_DN(&op->target_address)) {
 										slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
 											"_cl5Operation2LDIF(DELETE): target dn is NULL\n");
 										return CL5_BAD_FORMAT;
 									 }
-									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), REPL_GET_DN_LEN(&op->target_address));
 									 break;	
 		
 		default:					 slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
@@ -4277,21 +4281,21 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 										slapi_ch_free ((void**)&rawDN);
 										break;
 
-		case SLAPI_OPERATION_MODIFY:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, 
-																strlen (op->target_address.dn), 0);
+		case SLAPI_OPERATION_MODIFY:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, REPL_GET_DN(&op->target_address), 
+																REPL_GET_DN_LEN(&op->target_address), 0);
 										slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGESTR, l->ls_buf, l->ls_len, 0);
 										break;
 
-		case SLAPI_OPERATION_MODRDN:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, 
-																strlen (op->target_address.dn), 0);
+		case SLAPI_OPERATION_MODRDN:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, REPL_GET_DN(&op->target_address), 
+																REPL_GET_DN_LEN(&op->target_address), 0);
 										slapi_ldif_put_type_and_value_with_options(&buff, T_NEWRDNSTR, op->p.p_modrdn.modrdn_newrdn,
 						  										strlen (op->p.p_modrdn.modrdn_newrdn), 0);
 										slapi_ldif_put_type_and_value_with_options(&buff, T_DRDNFLAGSTR, strDeleteOldRDN, 
 																strlen (strDeleteOldRDN), 0);
-										if (op->p.p_modrdn.modrdn_newsuperior_address.dn)							
+										if (REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address))
 											slapi_ldif_put_type_and_value_with_options(&buff, T_NEWSUPERIORDNSTR, 
-																op->p.p_modrdn.modrdn_newsuperior_address.dn, 
-																strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn), 0);
+																REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address),
+																REPL_GET_DN_LEN(&op->p.p_modrdn.modrdn_newsuperior_address), 0);
 										if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)							
 											slapi_ldif_put_type_and_value_with_options(&buff, T_NEWSUPERIORIDSTR, 
 																op->p.p_modrdn.modrdn_newsuperior_address.uniqueid, 
@@ -4299,8 +4303,8 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 										slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGESTR, l->ls_buf, l->ls_len, 0);
 										break;	
 
-		case SLAPI_OPERATION_DELETE:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, 
-										strlen (op->target_address.dn), 0);
+		case SLAPI_OPERATION_DELETE:	slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, REPL_GET_DN(&op->target_address), 
+										REPL_GET_DN_LEN(&op->target_address), 0);
 										break;	  
 	}
 
@@ -4377,10 +4381,10 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl
 			if (op->operation_type == SLAPI_OPERATION_ADD)
 			{
 				rawDN = slapi_ch_strdup (value.bv_val);
-				op->target_address.dn = slapi_ch_strdup(rawDN);
+				op->target_address.sdn = slapi_sdn_new_dn_byval(rawDN);
 			}
 			else
-				op->target_address.dn = slapi_ch_strdup (value.bv_val);
+				op->target_address.sdn = slapi_sdn_new_dn_byval(value.bv_val);
 		}
 		else if (strncasecmp (type.bv_val, T_PARENTIDSTR, type.bv_len) == 0)
 		{
@@ -4396,7 +4400,7 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl
 		}
 		else if (strncasecmp (type.bv_val, T_NEWSUPERIORDNSTR, type.bv_len) == 0)
 		{
-			op->p.p_modrdn.modrdn_newsuperior_address.dn = slapi_ch_strdup (value.bv_val);
+			op->p.p_modrdn.modrdn_newsuperior_address.sdn = slapi_sdn_new_dn_byval(value.bv_val);
 		}		
 		else if (strncasecmp (type.bv_val, T_NEWSUPERIORIDSTR, type.bv_len) == 0)
 		{
@@ -4507,7 +4511,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
 	{
 		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
 						"_cl5WriteOperationTxn: failed to get db file for target dn (%s)", 
-						op->target_address.dn);
+						REPL_GET_DN(&op->target_address));
 		return CL5_OBJSET_ERROR;
 	}
 
@@ -4907,7 +4911,7 @@ static int _cl5GetOperation (Object *replica, slapi_operation_parameters *op)
 
 		case DB_NOTFOUND:	slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
 									"_cl5GetOperation: operation for csn (%s) is not found in db that should contain dn (%s)\n",
-									csnStr, op->target_address.dn);
+									csnStr, REPL_GET_DN(&op->target_address));
 							rc = CL5_NOTFOUND;
 							goto done;
 
@@ -6151,7 +6155,7 @@ static Object* _cl5GetReplica (const slapi_operation_parameters *op, const char*
 
     PR_ASSERT (op && replGen);
 
-    sdn = slapi_sdn_new_dn_byref(op->target_address.dn);
+    sdn = op->target_address.sdn;
     
     replObj = replica_get_replica_from_dn (sdn);
     if (replObj)
@@ -6169,8 +6173,6 @@ static Object* _cl5GetReplica (const slapi_operation_parameters *op, const char*
 
         slapi_ch_free ((void**)&newGen);
     }
-
-    slapi_sdn_free (&sdn);
     
     return replObj;
 }

ldap/servers/plugins/replication/cl5_test.c

@@ -838,7 +838,7 @@ static int  populateChangelogOp ()
     pb = slapi_pblock_new ();
     cur_time = time (NULL);
     PR_snprintf (newrdn, sizeof(newrdn), "cn=renamed%s", ctime(&cur_time));
-    slapi_rename_internal_set_pb (pb, dn, newrdn, NULL, 1, NULL, NULL,
+    slapi_rename_internal_set_pb_ext (pb, dn, newrdn, NULL, 1, NULL, NULL,
 	 					          repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
     slapi_modrdn_internal_pb (pb);
     slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);

ldap/servers/plugins/replication/legacy_consumer.c

@@ -96,13 +96,14 @@ Slapi_RWLock *legacy_consumer_config_lock = NULL;
 static PRBool
 target_is_a_replica_root(Slapi_PBlock *pb, const Slapi_DN **root)
 {
-	char *dn;
-	Slapi_DN *sdn;
-	PRBool return_value;
+	Slapi_DN *sdn = NULL;
+	PRBool return_value = PR_FALSE;
 	Object *repl_obj;
 
-	slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
-	sdn = slapi_sdn_new_dn_byref(dn);
+	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+	if (NULL == sdn) {
+		return return_value;
+	}
 	repl_obj = replica_get_replica_from_dn(sdn);
 	if (NULL != repl_obj)
 	{
@@ -116,7 +117,6 @@ target_is_a_replica_root(Slapi_PBlock *pb, const Slapi_DN **root)
 		*root = NULL;
 		return_value = PR_FALSE;
 	}
-	slapi_sdn_free(&sdn);
 	return return_value;
 }
 
@@ -492,7 +492,7 @@ legacy_consumer_read_config ()
 
 
 int
-legacy_consumer_is_replicationdn(char *dn)
+legacy_consumer_is_replicationdn(const char *dn)
 {
 	int return_value = 0; /* Assume not */
 

ldap/servers/plugins/replication/repl.h

@@ -405,7 +405,7 @@ int modrdn2reple( Slapi_Entry *e, char *newrdn, int deloldrdn, LDAPMod **ldm );
 
 /* In legacy_consumer.c */
 void process_legacy_cf(Slapi_PBlock *pb);
-int legacy_consumer_is_replicationdn(char *dn);
+int legacy_consumer_is_replicationdn(const char *dn);
 int legacy_consumer_is_replicationpw(struct berval *creds);
 int legacy_consumer_config_init();
 

ldap/servers/plugins/replication/repl5.h

@@ -134,6 +134,9 @@
 #define MAX_NUM_OF_MASTERS		64
 #define REPL_SESSION_ID_SIZE	64
 
+#define REPL_GET_DN(addrp) slapi_sdn_get_dn((addrp)->sdn)
+#define REPL_GET_DN_LEN(addrp) slapi_sdn_get_ndn_len((addrp)->sdn)
+
 /* Attribute names for replication agreement attributes */
 extern const char *type_nsds5ReplicaHost;
 extern const char *type_nsds5ReplicaPort;

ldap/servers/plugins/replication/repl5_agmt.c

@@ -1729,8 +1729,7 @@ agmt_notify_change(Repl_Agmt *agmt, Slapi_PBlock *pb)
 	if (NULL != pb)
 	{
 		/* Is the entry within our replicated area? */
-		char *target_dn;
-		Slapi_DN *target_sdn;
+		Slapi_DN *target_sdn = NULL;
 		int change_is_relevant = 0;
 
 		PR_ASSERT(NULL != agmt);
@@ -1741,8 +1740,11 @@ agmt_notify_change(Repl_Agmt *agmt, Slapi_PBlock *pb)
 			return;
 		}
 
-		slapi_pblock_get(pb, SLAPI_TARGET_DN, &target_dn);
-		target_sdn = slapi_sdn_new_dn_byref(target_dn); /* XXX see if you can avoid allocating this */
+		slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+		if (NULL == target_sdn) {
+			PR_Unlock(agmt->lock);
+			return;
+		}
 
 		if (slapi_sdn_issuffix(target_sdn, agmt->replarea))
 		{
@@ -1799,7 +1801,6 @@ agmt_notify_change(Repl_Agmt *agmt, Slapi_PBlock *pb)
 			}
 		}
 		PR_Unlock(agmt->lock);
-		slapi_sdn_free(&target_sdn);
 		if (change_is_relevant)
 		{
 			/* Notify the protocol that a change has occurred */
@@ -1856,7 +1857,7 @@ agmt_replica_init_done (const Repl_Agmt *agmt)
 	mod.mod_type = (char*)type_nsds5ReplicaInitialize;
     mod.mod_bvalues = NULL;
 	
-    slapi_modify_internal_set_pb(pb, slapi_sdn_get_dn (agmt->dn), mods, NULL/* controls */, 
+    slapi_modify_internal_set_pb_ext(pb, agmt->dn, mods, NULL/* controls */, 
           NULL/* uniqueid */, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0/* flags */);
     slapi_modify_internal_pb (pb);
 
@@ -1949,7 +1950,7 @@ agmt_update_consumer_ruv (Repl_Agmt *ra)
         mods[1] = (LDAPMod *)slapi_mod_get_ldapmod_byref(&smod_last_modified);
         mods[2] = NULL;
 
-        slapi_modify_internal_set_pb (pb, (char*)slapi_sdn_get_dn(ra->dn), mods, NULL, NULL, 
+        slapi_modify_internal_set_pb_ext (pb, ra->dn, mods, NULL, NULL, 
                                       repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
         slapi_modify_internal_pb (pb);
 

ldap/servers/plugins/replication/repl5_agmtlist.c

@@ -184,10 +184,10 @@ agmtlist_add_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *entryAfter,
 
 	rc = add_new_agreement(e);
 	if (0 != rc) {
-		char *dn;
-		slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
+		Slapi_DN *sdn = NULL;
+		slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
 		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmtlist_add_callback: "
-			"Can't start agreement \"%s\"\n", dn);
+			"Can't start agreement \"%s\"\n", slapi_sdn_get_dn(sdn));
 		*returncode = LDAP_UNWILLING_TO_PERFORM;
 		return SLAPI_DSE_CALLBACK_ERROR;
 	}
@@ -200,7 +200,6 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
 	int *returncode, char *returntext, void *arg)
 {
 	int i;
-    char *dn;
 	Slapi_DN *sdn = NULL;
 	int start_initialize = 0, stop_initialize = 0, cancel_initialize = 0;
     int update_the_schedule = 0;	/* do we need to update the repl sched? */
@@ -224,13 +223,18 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
         goto done;
     }
 
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
-	sdn= slapi_sdn_new_dn_byref(dn);
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    if (NULL == sdn) {
+        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, 
+                        "agmtlist_modify_callback: NULL target dn\n");
+        goto done;
+    }
 	agmt = agmtlist_get_by_agmt_name(sdn);
 	if (NULL == agmt)
 	{
 		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmtlist_modify_callback: received "
-			"a modification for unknown replication agreement \"%s\"\n", dn);
+			"a modification for unknown replication agreement \"%s\"\n", 
+			slapi_sdn_get_dn(sdn));
 		goto done;
 	}
 
@@ -277,7 +281,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
             
                 if (strcasecmp (val, "start") == 0)
                 {                        
-			        start_initialize = 1;
+                    start_initialize = 1;
                 }
                 else if (strcasecmp (val, "stop") == 0)
                 {
@@ -528,8 +532,6 @@ done:
 		agmtlist_release_agmt(agmt);
 	}
 
-    if (sdn)
-	    slapi_sdn_free(&sdn);
 	return rc;
 }
 

ldap/servers/plugins/replication/repl5_inc_protocol.c

@@ -1423,7 +1423,7 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
 		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
 			"%s: replay_update: Sending %s operation (dn=\"%s\" csn=%s)\n",
 			agmt_get_long_name(prp->agmt),
-			op2string(op->operation_type), op->target_address.dn, csn_str);
+			op2string(op->operation_type), REPL_GET_DN(&op->target_address), csn_str);
 		/* What type of operation is it? */
 		switch (op->operation_type)
 		{
@@ -1448,7 +1448,7 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
 				{
 					repl5_strip_fractional_mods(prp->agmt,entryattrs);
 				}
-				return_value = conn_send_add(prp->conn, op->target_address.dn,
+				return_value = conn_send_add(prp->conn, REPL_GET_DN(&op->target_address),
 					entryattrs, update_control, message_id);
 				ldap_mods_free(entryattrs, 1);
 			}
@@ -1460,18 +1460,18 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
 			{
 				repl5_strip_fractional_mods(prp->agmt,op->p.p_modify.modify_mods);
 			}
-			return_value = conn_send_modify(prp->conn, op->target_address.dn,
+			return_value = conn_send_modify(prp->conn, REPL_GET_DN(&op->target_address),
 				op->p.p_modify.modify_mods, update_control, message_id);
 			break;
 		case SLAPI_OPERATION_DELETE:
-			return_value = conn_send_delete(prp->conn, op->target_address.dn,
+			return_value = conn_send_delete(prp->conn, REPL_GET_DN(&op->target_address),
 				update_control, message_id);
 			break;
 		case SLAPI_OPERATION_MODRDN:
 			/* XXXggood need to pass modrdn mods in update control! */
-			return_value = conn_send_rename(prp->conn, op->target_address.dn,
+			return_value = conn_send_rename(prp->conn, REPL_GET_DN(&op->target_address),
 				op->p.p_modrdn.modrdn_newrdn,
-				op->p.p_modrdn.modrdn_newsuperior_address.dn,
+				REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address),
 				op->p.p_modrdn.modrdn_deloldrdn,
 				update_control, message_id);
 			break;

ldap/servers/plugins/replication/repl5_init.c

@@ -338,8 +338,8 @@ multimaster_betxnpostop_init( Slapi_PBlock *pb )
 		slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&multimasterbetxnpostopdesc ) != 0 ||
 		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN, (void *) multimaster_betxnpostop_modrdn ) != 0 ||
 		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN, (void *) multimaster_betxnpostop_delete ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_ADD_FN, (void *) multimaster_betxnpostop_modrdn ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN, (void *) multimaster_betxnpostop_delete ) != 0 )
+		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_ADD_FN, (void *) multimaster_betxnpostop_add ) != 0 ||
+		slapi_pblock_set( pb, SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN, (void *) multimaster_betxnpostop_modify ) != 0 )
 	{
 		slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, "multimaster_betxnpostop_init failed\n" );
 		rc= -1;

ldap/servers/plugins/replication/repl5_mtnode_ext.c

@@ -197,20 +197,19 @@ replica_get_replica_from_dn (const Slapi_DN *dn)
 
 Object *replica_get_replica_for_op (Slapi_PBlock *pb)
 {
-    char *dn;
-    Slapi_DN *sdn;
+    Slapi_DN *sdn = NULL;
     Object *repl_obj = NULL;
 
     if (pb)
     {
         /* get replica generation for this operation */
-        slapi_pblock_get (pb, SLAPI_TARGET_DN, &dn);
-        sdn = slapi_sdn_new_dn_byref(dn);
+        slapi_pblock_get (pb, SLAPI_TARGET_SDN, &sdn);
+        if (NULL == sdn) {
+            goto bail;
+        }
         repl_obj = replica_get_replica_from_dn (sdn);
-
-        slapi_sdn_free (&sdn);
     }
-
+bail:
     return repl_obj;
 }
 

ldap/servers/plugins/replication/repl5_plugins.c

@@ -1079,7 +1079,7 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
         		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
 					"write_changelog_and_ruv: can't add a change for "
 					"%s (uniqid: %s, optype: %lu) to changelog csn %s\n",
-					op_params->target_address.dn,
+					REPL_GET_DN(&op_params->target_address),
 					op_params->target_address.uniqueid,
 					op_params->operation_type,
 					csn_as_string(op_params->csn, PR_FALSE, csn_str));

ldap/servers/plugins/replication/repl5_replica.c

@@ -1858,13 +1858,14 @@ static char*
 _replica_get_config_dn (const Slapi_DN *root)
 {
     char *dn;
+    /* "cn=mapping tree,cn=config" */
     const char *mp_base = slapi_get_mapping_tree_config_root ();
 
     PR_ASSERT (root);
 
     /* This function converts the old style DN to the new style. */
-    dn = slapi_create_dn_string("%s,cn=\"%s\",%s", 
-                                REPLICA_RDN, slapi_sdn_get_dn (root), mp_base);
+    dn = slapi_ch_smprintf("%s,cn=\"%s\",%s", 
+                           REPLICA_RDN, slapi_sdn_get_dn (root), mp_base);
     return dn;
 }
 
@@ -2328,9 +2329,9 @@ replica_write_ruv (Replica *r)
 	pb = slapi_pblock_new();
 
     /* replica name never changes so it is ok to reference it outside the lock */
-	slapi_modify_internal_set_pb(
+	slapi_modify_internal_set_pb_ext(
 		pb,
-		slapi_sdn_get_dn(r->repl_root), /* only used to select be */
+		r->repl_root, /* only used to select be */
 		mods,
 		NULL, /* controls */
 		RUV_STORAGE_ENTRY_UNIQUEID,
@@ -3079,11 +3080,11 @@ replica_remove_legacy_attr (const Slapi_DN *repl_root_sdn, const char *attr)
     ctrls[1] = NULL;
     
     /* remove copiedFrom/copyingFrom first */
-    slapi_modify_internal_set_pb (pb, slapi_sdn_get_dn (repl_root_sdn), 
-                                  slapi_mods_get_ldapmods_passout (&smods), ctrls, 
-								  NULL /*uniqueid */, 
-                                  repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION) , 
-                                  0 /* operation_flags */);
+    slapi_modify_internal_set_pb_ext (pb, repl_root_sdn, 
+                                      slapi_mods_get_ldapmods_passout (&smods),
+                                      ctrls, NULL /*uniqueid */, 
+                                      repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION) , 
+                                      0 /* operation_flags */);
  
     slapi_modify_internal_pb (pb);
 	slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
@@ -3120,7 +3121,7 @@ replica_log_ruv_elements_nolock (const Replica *r)
            special target dn */
         memset (&op_params, 0, sizeof (op_params));
         op_params.operation_type = SLAPI_OPERATION_DELETE;
-        op_params.target_address.dn = START_ITERATION_ENTRY_DN;
+        op_params.target_address.sdn = slapi_sdn_new_dn_byval(START_ITERATION_ENTRY_DN);
         op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID;
         op_params.csn = csn;
         repl_gen = ruv_get_replica_generation (ruv);
@@ -3132,6 +3133,7 @@ replica_log_ruv_elements_nolock (const Replica *r)
             rc = -1;
 
         slapi_ch_free ((void**)&repl_gen);
+        slapi_sdn_free(&op_params.target_address.sdn);
         csn_free (&csn);
     }
 
@@ -3221,9 +3223,9 @@ replica_replace_ruv_tombstone(Replica *r)
     mods [2] = NULL;
     pb = slapi_pblock_new();
 
-    slapi_modify_internal_set_pb(
+    slapi_modify_internal_set_pb_ext(
         pb,
-        (char*)slapi_sdn_get_dn (r->repl_root), /* only used to select be */
+        r->repl_root, /* only used to select be */
         mods,
         NULL, /* controls */
         RUV_STORAGE_ENTRY_UNIQUEID,

ldap/servers/plugins/replication/repl5_replica_config.c

@@ -871,6 +871,7 @@ replica_task_done(Replica *replica)
 {
     int rc = LDAP_OPERATIONS_ERROR;
     char *replica_dn = NULL;
+    Slapi_DN *replica_sdn = NULL;
     Slapi_PBlock *pb = NULL;
     LDAPMod *mods [2];
     LDAPMod mod;
@@ -878,13 +879,14 @@ replica_task_done(Replica *replica)
         return rc;
     }
     /* dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config */
-    replica_dn = slapi_create_dn_string("%s,cn=\"%s\",%s",
-                                    REPLICA_RDN,
-                                    slapi_sdn_get_dn(replica_get_root(replica)),
-                                    CONFIG_BASE);
+    replica_dn = slapi_ch_smprintf("%s,cn=\"%s\",%s",
+                                   REPLICA_RDN,
+                                   slapi_sdn_get_dn(replica_get_root(replica)),
+                                   CONFIG_BASE);
     if (NULL == replica_dn) {
         return rc;
     }
+	replica_sdn = slapi_sdn_new_dn_passin(replica_dn);
     pb = slapi_pblock_new();
     mods[0] = &mod;
     mods[1] = NULL;
@@ -892,7 +894,7 @@ replica_task_done(Replica *replica)
     mod.mod_type = (char *)TASK_ATTR;
     mod.mod_bvalues = NULL;
 
-    slapi_modify_internal_set_pb(pb, replica_dn, mods, NULL/* controls */, 
+    slapi_modify_internal_set_pb_ext(pb, replica_sdn, mods, NULL/* controls */, 
                       NULL/* uniqueid */, 
                       repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
                       0/* flags */);
@@ -908,7 +910,7 @@ replica_task_done(Replica *replica)
     }
 
     slapi_pblock_destroy (pb);
-    slapi_ch_free_string(&replica_dn);
+    slapi_sdn_free(&replica_sdn);
 
     return rc;
 }

ldap/servers/plugins/replication/repl5_updatedn_list.c

@@ -208,7 +208,7 @@ static int
 convert_to_string(Slapi_DN *dn, void *arg)
 {
 	struct list_to_string_data *data = (struct list_to_string_data *)arg;
-	int newlen = strlen(slapi_sdn_get_dn(dn)) + strlen(data->delimiter) + 1;
+	int newlen = slapi_sdn_get_ndn_len(dn) + strlen(data->delimiter) + 1;
 	if (data->string) {
 		newlen += strlen(data->string);
 		data->string = slapi_ch_realloc(data->string, newlen);

ldap/servers/plugins/replication/repl_bind.c

@@ -51,13 +51,15 @@ int
 legacy_preop_bind( Slapi_PBlock *pb )
 {
     int return_value = 0;
-	char *dn = NULL;
+	const char *dn = NULL;
+	Slapi_DN *sdn = NULL;
 	struct berval *cred = NULL;
 	int method;
     
 	slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method);
-	slapi_pblock_get(pb, SLAPI_BIND_TARGET, &dn);
+	slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
 	slapi_pblock_get(pb, SLAPI_BIND_CREDENTIALS, &cred);
+	dn = slapi_sdn_get_dn(sdn);
 
 	if (LDAP_AUTH_SIMPLE == method)
 	{

ldap/servers/plugins/replication/repl_compare.c

@@ -48,16 +48,20 @@ int
 legacy_preop_compare( Slapi_PBlock *pb )
 {
 	int is_replicated_operation = 0;
-	char *compare_base = NULL;
 	struct berval **referral = NULL;
 	int return_code = 0;
-	Slapi_DN *basesdn;
+	Slapi_DN *basesdn = NULL;
 
 	slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
-	slapi_pblock_get(pb, SLAPI_COMPARE_TARGET, &compare_base);
-	basesdn= slapi_sdn_new_dn_byref(compare_base);
-    referral = get_data_source(pb, basesdn, 1, NULL);
-	slapi_sdn_free(&basesdn);
+	slapi_pblock_get(pb, SLAPI_COMPARE_TARGET_SDN, &basesdn);
+	if (NULL == basesdn) {
+		slapi_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+				               "Null target DN", 0, NULL );
+
+		return_code = 1;	/* return 1 to prevent further search processing */
+		goto bail;
+	}
+	referral = get_data_source(pb, basesdn, 1, NULL);
 	if (NULL != referral && !is_replicated_operation)
 	{
 		/*
@@ -68,5 +72,6 @@ legacy_preop_compare( Slapi_PBlock *pb )
 		return_code = 1;	/* return 1 to prevent further search processing */
 	}
 	slapi_ch_free((void**)&referral);
+bail:
 	return return_code;
 }

ldap/servers/plugins/replication/repl_connext.c

@@ -97,7 +97,7 @@ void consumer_connection_extension_destructor (void *ext, void *object, void *pa
 				if (NULL != repl_root_sdn)
 				{
 					slapi_pblock_set(pb, SLAPI_CONNECTION, connext->connection);
-					slapi_pblock_set(pb, SLAPI_TARGET_DN, (void*)slapi_sdn_get_dn(repl_root_sdn));
+					slapi_pblock_set(pb, SLAPI_TARGET_SDN, (void*)repl_root_sdn);
 					slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
 					slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
 									"Aborting total update in progress for replicated "

ldap/servers/plugins/replication/repl_extop.c

@@ -947,7 +947,7 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
 		 * But what do we do if mapping tree could not be updated ? */
 
 		/* start the bulk import */
-        slapi_pblock_set (pb, SLAPI_TARGET_DN, repl_root);
+        slapi_pblock_set (pb, SLAPI_TARGET_SDN, repl_root_sdn);
         rc = slapi_start_bulk_import (pb);
         if (rc != LDAP_SUCCESS)
         {
@@ -1090,10 +1090,8 @@ send_response:
 	slapi_ch_free((void **)&replicacsnstr);
 
 	/* repl_root_sdn */
-	if (NULL != repl_root_sdn)
-	{
-		slapi_sdn_free(&repl_root_sdn);
-	}
+	slapi_sdn_free(&repl_root_sdn);
+
 	if (NSDS50_REPL_REPLICA_READY != response)
 	{
 		/*
@@ -1163,6 +1161,7 @@ multimaster_extop_EndNSDS50ReplicationRequest(Slapi_PBlock *pb)
 {
 	int return_value = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED;
 	char *repl_root = NULL;
+	Slapi_DN *repl_root_sdn = NULL;
 	BerElement *resp_bere = NULL;
 	struct berval *resp_bval = NULL;
 	ber_int_t response;
@@ -1208,8 +1207,16 @@ multimaster_extop_EndNSDS50ReplicationRequest(Slapi_PBlock *pb)
 				   enabled again */
 				replica_set_state_flag(r, REPLICA_TOTAL_IN_PROGRESS, PR_TRUE /* clear  flag */);
 
-                slapi_pblock_set (pb, SLAPI_TARGET_DN, repl_root);
-				slapi_stop_bulk_import (pb); 
+                /* slapi_pblock_set (pb, SLAPI_TARGET_DN, repl_root); */
+                /* Verify that repl_root names a valid replicated area */
+                if ((repl_root_sdn = slapi_sdn_new_dn_byref(repl_root)) == NULL)
+                {
+                    response = NSDS50_REPL_INTERNAL_ERROR;
+                    goto send_response;
+                }
+                slapi_pblock_set (pb, SLAPI_TARGET_SDN, repl_root_sdn);
+
+                slapi_stop_bulk_import (pb); 
 
                 /* ONREPL - this is a bit of a hack. Once bulk import is finished,
                    the replication function that responds to backend state change 
@@ -1273,7 +1280,7 @@ multimaster_extop_EndNSDS50ReplicationRequest(Slapi_PBlock *pb)
 			goto free_and_return; 
 		}
 	}
-
+send_response:
 	/* Send the response code */
 	if ((resp_bere = der_alloc()) == NULL)
 	{
@@ -1291,6 +1298,8 @@ free_and_return:
 	/* repl_root */
 	slapi_ch_free((void **)&repl_root);
 
+	slapi_sdn_free(&repl_root_sdn);
+
 	/* BerElement */
 	if (NULL != resp_bere)
 	{

ldap/servers/plugins/replication/replutil.c

@@ -523,7 +523,7 @@ IsValidOperation (const slapi_operation_parameters *op)
         return PR_FALSE;
     }
 
-    if (op->target_address.dn == NULL)
+    if (op->target_address.sdn == NULL)
     {
         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, 
 						"IsValidOperation: NULL entry DN\n");
@@ -1007,7 +1007,7 @@ repl_enable_chain_on_update(Slapi_DN *suffix)
     slapi_mods smods;
 	int operation_result;
 	Slapi_PBlock *pb= slapi_pblock_new();
-	char *mtnnodedn;
+	Slapi_DN *mtnnodesdn;
 
 	slapi_mods_init(&smods,2);
 
@@ -1016,10 +1016,10 @@ repl_enable_chain_on_update(Slapi_DN *suffix)
 	slapi_mods_add_string(&smods, LDAP_MOD_ADD, "nsslapd-distribution-funct", "repl_chain_on_update");
 
 	/* need DN of mapping tree node here */
-	mtnnodedn = slapi_get_mapping_tree_node_configdn(suffix);
-	slapi_modify_internal_set_pb(
+	mtnnodesdn = slapi_get_mapping_tree_node_configsdn(suffix);
+	slapi_modify_internal_set_pb_ext(
 		pb,
-		mtnnodedn,
+		mtnnodesdn,
 		slapi_mods_get_ldapmods_byref(&smods), /* JCM cast */
 		NULL, /*Controls*/
 		NULL, /*uniqueid*/
@@ -1028,7 +1028,7 @@ repl_enable_chain_on_update(Slapi_DN *suffix)
 
 	slapi_modify_internal_pb(pb); 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &operation_result);
-	slapi_ch_free_string(&mtnnodedn);
+	slapi_sdn_free(&mtnnodesdn);
 	slapi_pblock_destroy(pb);
 	switch(operation_result)
 	{
@@ -1051,7 +1051,7 @@ repl_disable_chain_on_update(Slapi_DN *suffix)
     slapi_mods smods;
 	int operation_result;
 	Slapi_PBlock *pb= slapi_pblock_new();
-	char *mtnnodedn;
+	Slapi_DN *mtnnodesdn;
 
 	slapi_mods_init(&smods,2);
 
@@ -1059,10 +1059,10 @@ repl_disable_chain_on_update(Slapi_DN *suffix)
 	slapi_mods_add_modbvps(&smods, LDAP_MOD_DELETE, "nsslapd-distribution-funct", NULL);
 
 	/* need DN of mapping tree node here */
-	mtnnodedn = slapi_get_mapping_tree_node_configdn(suffix);
-	slapi_modify_internal_set_pb(
+	mtnnodesdn = slapi_get_mapping_tree_node_configsdn(suffix);
+	slapi_modify_internal_set_pb_ext(
 		pb,
-		mtnnodedn,
+		mtnnodesdn,
 		slapi_mods_get_ldapmods_byref(&smods), /* JCM cast */
 		NULL, /*Controls*/
 		NULL, /*uniqueid*/
@@ -1071,7 +1071,7 @@ repl_disable_chain_on_update(Slapi_DN *suffix)
 
 	slapi_modify_internal_pb(pb); 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &operation_result);
-	slapi_ch_free_string(&mtnnodedn);
+	slapi_sdn_free(&mtnnodesdn);
 	slapi_pblock_destroy(pb);
 	switch(operation_result)
 	{

ldap/servers/plugins/replication/urp.c

@@ -55,11 +55,10 @@ extern int slapi_log_urp;
 static int urp_add_resolve_parententry (Slapi_PBlock *pb, char *sessionid, Slapi_Entry *entry, Slapi_Entry *parententry, CSN *opcsn);
 static int urp_annotate_dn (char *sessionid, Slapi_Entry *entry, CSN *opcsn, const char *optype);
 static int urp_naming_conflict_removal (Slapi_PBlock *pb, char *sessionid, CSN *opcsn, const char *optype);
-static int mod_namingconflict_attr (const char *uniqueid, const char*entrydn, const char *conflictdn, CSN *opcsn);
+static int mod_namingconflict_attr (const char *uniqueid, const Slapi_DN *entrysdn, const Slapi_DN *conflictsdn, CSN *opcsn);
 static int del_replconflict_attr (Slapi_Entry *entry, CSN *opcsn, int opflags);
 static char *get_dn_plus_uniqueid(char *sessionid,const char *olddn,const char *uniqueid);
 static char *get_rdn_plus_uniqueid(char *sessionid,const char *olddn,const char *uniqueid);
-static void set_pblock_dn (Slapi_PBlock* pb,int pblock_parameter,char *newdn);
 static int is_suffix_entry (Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_DN **parenddn);
 
 /*
@@ -122,7 +121,8 @@ urp_add_operation( Slapi_PBlock *pb )
 	char sessionid[REPL_SESSION_ID_SIZE];
 	int r;
 	int op_result= 0;
-    int rc= 0; /* OK */
+	int rc= 0; /* OK */
+	Slapi_DN *sdn = NULL;
 
 	if ( slapi_op_abandoned(pb) )
 	{
@@ -206,8 +206,14 @@ urp_add_operation( Slapi_PBlock *pb )
 				 */
 				slapi_value_set_string (*vals, buf);
 			}
-			slapi_entry_set_dn (addentry,slapi_ch_strdup(newdn));
-			set_pblock_dn(pb,SLAPI_ADD_TARGET,newdn); /* consumes newdn */
+			/* slapi_pblock_get(pb, SLAPI_ADD_TARGET, &dn); */
+			slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
+			slapi_sdn_free(&sdn);
+
+			slapi_entry_set_normdn(addentry, newdn); /* dn: passin */
+
+			sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(addentry));
+			slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, sdn);
 
 			rdn = slapi_rdn_new_sdn ( slapi_entry_get_sdn_const(addentry) );
 			slapi_log_error (slapi_log_urp, sessionid,
@@ -265,7 +271,6 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 	Slapi_Entry *parent_entry;
     Slapi_Entry *new_parent_entry;
 	Slapi_DN *newsuperior = NULL;
-	char *newsuperiordn;
 	Slapi_DN *parentdn = NULL;
 	Slapi_Entry *target_entry;
     Slapi_Entry *existing_entry;
@@ -273,8 +278,8 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 	CSN *opcsn= NULL;
 	char *op_uniqueid = NULL;
 	const char *existing_uniqueid = NULL;
-	const char *target_dn;
-	const char *existing_dn;
+	const Slapi_DN *target_sdn;
+	const Slapi_DN *existing_sdn;
 	char *newrdn;
 	char sessionid[REPL_SESSION_ID_SIZE];
 	int r;
@@ -314,12 +319,12 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 	}
 
 	/* The DN CSN is older than the Operation CSN. Apply the operation */
-	target_dn = slapi_entry_get_dn_const ( target_entry);
+	target_sdn = slapi_entry_get_sdn_const (target_entry);
 	slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &newrdn);
 	slapi_pblock_get(pb, SLAPI_TARGET_UNIQUEID, &op_uniqueid);
    	slapi_pblock_get(pb, SLAPI_MODRDN_PARENT_ENTRY, &parent_entry);
    	slapi_pblock_get(pb, SLAPI_MODRDN_NEWPARENT_ENTRY, &new_parent_entry);
-	slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperiordn);
+	slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior);
 
 	if ( is_tombstone_entry (target_entry) )
 	{
@@ -366,7 +371,7 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 	     */
 
 		existing_uniqueid = slapi_entry_get_uniqueid (existing_entry);
-		existing_dn = slapi_entry_get_dn_const ( existing_entry);
+		existing_sdn = slapi_entry_get_sdn_const ( existing_entry);
 
 		/*
 		 * Dismiss the operation if the existing entry is the same as the target one.
@@ -412,8 +417,8 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 								  Unique ID already in RDN - Change to Lost and Found entry */
 				goto bailout;
 			}
-			mod_namingconflict_attr (op_uniqueid, target_dn, existing_dn, opcsn);
-			set_pblock_dn (pb, SLAPI_MODRDN_NEWRDN, newrdn_with_uniqueid); 
+			mod_namingconflict_attr (op_uniqueid, target_sdn, existing_sdn, opcsn);
+			slapi_pblock_set(pb, SLAPI_MODRDN_NEWRDN, newrdn_with_uniqueid); 
 			slapi_log_error(slapi_log_urp, sessionid,
 					"Naming conflict MODRDN. Rename target entry to %s\n",
 					newrdn_with_uniqueid );
@@ -474,12 +479,12 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 
 		/* The new superior entry doesn't exist */
 
-		slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperiordn);
-		if(newsuperiordn == NULL)
+		slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior);
+		if(newsuperior == NULL)
 		{
 			/* (new_parent_entry==NULL && newsuperiordn==NULL)
 			 * This is ok - SLAPI_MODRDN_NEWPARENT_ENTRY will
-			 * only be set if SLAPI_MODRDN_NEWSUPERIOR was
+			 * only be set if SLAPI_MODRDN_NEWSUPERIOR_SDN was
 			 * suplied by the client. If it wasn't, we're just
 			 * changing the RDN of the entry. In that case,
 			 * if the entry exists, its parent won't change
@@ -491,10 +496,9 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 			goto bailout;
 		}
 
-		newsuperior= slapi_sdn_new_dn_byval(newsuperiordn);
-
-		if((0 == slapi_sdn_compare (slapi_entry_get_sdn(parent_entry), newsuperior)) || 
-				is_suffix_dn (pb, newsuperior, &parentdn) )
+		if((0 == slapi_sdn_compare(slapi_entry_get_sdn(parent_entry),
+		                           newsuperior)) || 
+		   is_suffix_dn (pb, newsuperior, &parentdn) )
 		{
 			/*
 			 * The new superior is the same as the current one, or
@@ -521,7 +525,8 @@ urp_modrdn_operation( Slapi_PBlock *pb )
 			 * admin intercession
 			 */
 			slapi_log_error( SLAPI_LOG_FATAL, sessionid,
-				 "Parent %s couldn't be found, nor recreated as a glue entry\n", newsuperiordn );
+				 "Parent %s couldn't be found, nor recreated as a glue entry\n",
+				 slapi_sdn_get_dn(newsuperior) );
 			op_result= LDAP_OPERATIONS_ERROR;
 			slapi_pblock_set(pb, SLAPI_RESULT_CODE, &op_result);
 			rc = -1;
@@ -542,8 +547,6 @@ bailout:
 	}
 	if ( parentdn )
 		slapi_sdn_free(&parentdn);
-	if ( newsuperior )
-		slapi_sdn_free(&newsuperior);
     return rc;
 }
 
@@ -761,9 +764,9 @@ urp_fixup_rename_entry (Slapi_Entry *entry, const char *newrdn, int opflags)
 	 * Must mark this operation as replicated,
 	 * so that the frontend doesn't add extra attributes.
 	 */
-	slapi_rename_internal_set_pb (
+	slapi_rename_internal_set_pb_ext (
 					newpb,
-					slapi_entry_get_dn_const (entry),
+					slapi_entry_get_sdn_const (entry),
 					newrdn, /*NewRDN*/
 					NULL, /*NewSuperior*/
 					0, /* !Delete Old RDNS */
@@ -815,7 +818,7 @@ urp_fixup_delete_entry (const char *uniqueid, const char *dn, CSN *opcsn, int op
 }
 
 int
-urp_fixup_modify_entry (const char *uniqueid, const char *dn, CSN *opcsn, Slapi_Mods *smods, int opflags)
+urp_fixup_modify_entry (const char *uniqueid, const Slapi_DN *sdn, CSN *opcsn, Slapi_Mods *smods, int opflags)
 {
 	Slapi_PBlock *newpb;
 	Slapi_Operation *op;
@@ -823,9 +826,9 @@ urp_fixup_modify_entry (const char *uniqueid, const char *dn, CSN *opcsn, Slapi_
 
 	newpb = slapi_pblock_new();
 			
-	slapi_modify_internal_set_pb (
+	slapi_modify_internal_set_pb_ext (
 			newpb,
-			dn,
+			sdn,
 			slapi_mods_get_ldapmods_byref (smods),
 			NULL, /* Controls */
 			uniqueid,
@@ -852,6 +855,7 @@ urp_add_resolve_parententry (Slapi_PBlock *pb, char *sessionid, Slapi_Entry *ent
 	char *newdn = NULL;
 	int ldap_rc;
 	int rc = 0;
+	Slapi_DN *sdn = NULL;
 
 	if( is_suffix_entry (pb, entry, &parentdn) )
 	{
@@ -928,8 +932,15 @@ urp_add_resolve_parententry (Slapi_PBlock *pb, char *sessionid, Slapi_Entry *ent
 	 */
 	add_rdn = slapi_rdn_new_dn(slapi_entry_get_dn_const (entry));
 	newdn = slapi_dn_plus_rdn(slapi_entry_get_dn_const (parententry), slapi_rdn_get_rdn(add_rdn));
-	slapi_entry_set_dn ( entry,slapi_ch_strdup(newdn));
-	set_pblock_dn (pb,SLAPI_ADD_TARGET,newdn); /* consumes newdn */
+	slapi_entry_set_normdn ( entry, newdn );
+
+	/* slapi_pblock_get(pb, SLAPI_ADD_TARGET, &dn); */
+	slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
+	slapi_sdn_free(&sdn);
+
+	sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(entry));
+	slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, sdn);
+
 	slapi_log_error ( slapi_log_urp, sessionid,
 			"Parent was renamed. Renamed the child to %s\n", newdn );
 	rc= slapi_setbit_int(rc,SLAPI_RTN_BIT_FETCH_EXISTING_DN_ENTRY);
@@ -957,15 +968,17 @@ urp_annotate_dn (char *sessionid, Slapi_Entry *entry, CSN *opcsn, const char *op
 	int op_result;
 	char *newrdn;
 	const char *uniqueid;
+	const Slapi_DN *basesdn;
 	const char *basedn;
 	char ebuf[BUFSIZ];
 
 	uniqueid = slapi_entry_get_uniqueid (entry);
-	basedn = slapi_entry_get_ndn (entry);
+	basesdn = slapi_entry_get_sdn_const (entry);
+	basedn = slapi_entry_get_dn_const (entry);
 	newrdn = get_rdn_plus_uniqueid ( sessionid, basedn, uniqueid );
 	if(newrdn!=NULL)
 	{
-		mod_namingconflict_attr (uniqueid, basedn, basedn, opcsn);
+		mod_namingconflict_attr (uniqueid, basesdn, basesdn, opcsn);
 		op_result = urp_fixup_rename_entry ( entry, newrdn, 0 );
 		switch(op_result)
 		{
@@ -1094,7 +1107,7 @@ urp_get_min_naming_conflict_entry ( Slapi_PBlock *pb, char *sessionid, CSN *opcs
 	}
 
 done:
-	slapi_ch_free((void **)&parent_dn);
+	slapi_ch_free_string(&parent_dn);
 	if (filter) {
 		PR_smprintf_free(filter);
 	}
@@ -1240,15 +1253,6 @@ get_rdn_plus_uniqueid(char *sessionid, const char *olddn, const char *uniqueid)
 	return newrdn;
 }
 
-static void
-set_pblock_dn (Slapi_PBlock* pb,int pblock_parameter,char *newdn)
-{
-	char *olddn;
-	slapi_pblock_get( pb, pblock_parameter, &olddn );
-	slapi_ch_free((void**)&olddn);
-	slapi_pblock_set( pb, pblock_parameter, newdn );
-}
-
 static int
 is_suffix_entry ( Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_DN **parentdn )
 {
@@ -1272,15 +1276,18 @@ is_suffix_dn ( Slapi_PBlock *pb, const Slapi_DN *dn, Slapi_DN **parentdn )
 }
 
 static int
-mod_namingconflict_attr (const char *uniqueid, const char *entrydn, const char *conflictdn, CSN *opcsn)
+mod_namingconflict_attr (const char *uniqueid, const Slapi_DN *entrysdn,
+                         const Slapi_DN *conflictsdn, CSN *opcsn)
 {
 	Slapi_Mods smods;
 	char buf[BUFSIZ];
 	int op_result;
 
-	PR_snprintf (buf, sizeof(buf), "%s %s", REASON_ANNOTATE_DN, conflictdn);
+	PR_snprintf (buf, sizeof(buf), "%s %s",
+	             REASON_ANNOTATE_DN, slapi_sdn_get_dn(conflictsdn));
 	slapi_mods_init (&smods, 2);
-	if ( strncmp (entrydn, SLAPI_ATTR_UNIQUEID, strlen(SLAPI_ATTR_UNIQUEID)) != 0 )
+	if ( strncmp (slapi_sdn_get_dn(entrysdn), SLAPI_ATTR_UNIQUEID,
+	     strlen(SLAPI_ATTR_UNIQUEID)) != 0 )
 	{
 		slapi_mods_add (&smods, LDAP_MOD_ADD, ATTR_NSDS5_REPLCONFLICT, strlen(buf), buf);
 	}
@@ -1293,7 +1300,7 @@ mod_namingconflict_attr (const char *uniqueid, const char *entrydn, const char *
 		 */
 		slapi_mods_add (&smods, LDAP_MOD_REPLACE, ATTR_NSDS5_REPLCONFLICT, strlen(buf), buf);
 	}
-	op_result = urp_fixup_modify_entry (uniqueid, entrydn, opcsn, &smods, 0);
+	op_result = urp_fixup_modify_entry (uniqueid, entrysdn, opcsn, &smods, 0);
 	slapi_mods_done (&smods);
 	return op_result;
 }
@@ -1308,13 +1315,13 @@ del_replconflict_attr (Slapi_Entry *entry, CSN *opcsn, int opflags)
 	{
 		Slapi_Mods smods;
 		const char *uniqueid;
-		const char *entrydn;
+		const Slapi_DN *entrysdn;
 
 		uniqueid = slapi_entry_get_uniqueid (entry);
-		entrydn = slapi_entry_get_dn_const (entry);
+		entrysdn = slapi_entry_get_sdn_const (entry);
 		slapi_mods_init (&smods, 2);
 		slapi_mods_add (&smods, LDAP_MOD_DELETE, ATTR_NSDS5_REPLCONFLICT, 0, NULL);
-		op_result = urp_fixup_modify_entry (uniqueid, entrydn, opcsn, &smods, opflags);
+		op_result = urp_fixup_modify_entry (uniqueid, entrysdn, opcsn, &smods, opflags);
 		slapi_mods_done (&smods);
 	}
 	return op_result;

ldap/servers/plugins/replication/urp.h

@@ -60,7 +60,7 @@ int urp_post_modrdn_operation( Slapi_PBlock *pb );
 int urp_fixup_add_entry (Slapi_Entry *e, const char *target_uniqueid, const char *parentuniqueid, CSN *opcsn, int opflags);
 int urp_fixup_delete_entry (const char *uniqueid, const char *dn, CSN *opcsn, int opflags);
 int urp_fixup_rename_entry (Slapi_Entry *entry, const char *newrdn, int opflags);
-int urp_fixup_modify_entry (const char *uniqueid, const char *dn, CSN *opcsn, Slapi_Mods *smods, int opflags);
+int urp_fixup_modify_entry (const char *uniqueid, const Slapi_DN *sdn, CSN *opcsn, Slapi_Mods *smods, int opflags);
 
 int is_suffix_dn (Slapi_PBlock *pb, const Slapi_DN *dn, Slapi_DN **parenddn);
 

ldap/servers/plugins/replication/urp_glue.c

@@ -96,11 +96,13 @@ entry_to_glue(char *sessionid, const Slapi_Entry* entry, const char *reason, CSN
 {
 	int op_result = 0;
 	const char *dn;
+	const Slapi_DN *sdn;
 	char ebuf[BUFSIZ];
     slapi_mods smods;
 	Slapi_Attr *attr;
 
 	dn = slapi_entry_get_dn_const (entry);
+	sdn = slapi_entry_get_sdn_const (entry);
 	slapi_mods_init(&smods, 4);
 	/*
 	  richm: sometimes the entry is already a glue entry (how did that happen?)
@@ -133,7 +135,7 @@ entry_to_glue(char *sessionid, const Slapi_Entry* entry, const char *reason, CSN
 
 	if (slapi_mods_get_num_mods(&smods) > 0)
 	{
-		op_result = urp_fixup_modify_entry (NULL, dn, opcsn, &smods, 0);
+		op_result = urp_fixup_modify_entry (NULL, sdn, opcsn, &smods, 0);
 		if (op_result == LDAP_SUCCESS)
 		{
 			slapi_log_error (slapi_log_urp, repl_plugin_name,

ldap/servers/plugins/replication/urp_tombstone.c

@@ -181,7 +181,7 @@ tombstone_to_glue (
 	 */
 	addingentry = slapi_entry_dup(tombstoneentry);
 	addingdn = slapi_sdn_get_dn(tombstonedn);
-	slapi_entry_set_dn(addingentry,slapi_ch_strdup(addingdn)); /* consumes DN */
+	slapi_entry_set_sdn(addingentry, tombstonedn);
 
 	if (!slapi_entry_attr_hasvalue(addingentry, ATTR_NSDS5_REPLCONFLICT, reason))
 	{
@@ -227,7 +227,9 @@ entry_to_tombstone ( Slapi_PBlock *pb, Slapi_Entry *entry )
 	 */
 	slapi_mods_add ( &smods, LDAP_MOD_DELETE, ATTR_NSDS5_REPLCONFLICT, 0, NULL );
 
-	op_result = urp_fixup_modify_entry (uniqueid, slapi_entry_get_dn_const (entry), opcsn, &smods, 0);
+	op_result = urp_fixup_modify_entry (uniqueid, 
+	                                    slapi_entry_get_sdn_const (entry),
+	                                    opcsn, &smods, 0);
 	slapi_mods_done ( &smods );
 
 	/*

ldap/servers/plugins/replication/windows_connection.c

@@ -552,7 +552,7 @@ windows_LDAPMessage2Entry(Repl_Connection *conn, LDAPMessage * msg, int attrsonl
 		slapi_entry_free(e);
 		return NULL;
 	}
-	slapi_entry_set_dn( rawentry, slapi_ch_strdup(slapi_entry_get_dn(e)) );
+	slapi_entry_set_sdn( rawentry, slapi_entry_get_sdn(e) );
  
 	for ( a = ldap_first_attribute( ld, msg, &ber ); a!=NULL; a=ldap_next_attribute( ld, msg, ber ) ) 
 	{

ldap/servers/plugins/replication/windows_private.c

@@ -772,7 +772,6 @@ windows_private_save_dirsync_cookie(const Repl_Agmt *ra)
 {
 	Dirsync_Private *dp = NULL;
     Slapi_PBlock *pb = NULL;
-    const char* dn = NULL;
 	Slapi_DN* sdn = NULL;
 	int rc = 0;
 	Slapi_Mods *mods = NULL;
@@ -788,12 +787,12 @@ windows_private_save_dirsync_cookie(const Repl_Agmt *ra)
 
 	pb = slapi_pblock_new ();
   
-	mods = windows_private_get_cookie_mod(dp, LDAP_MOD_REPLACE);
-   	sdn = slapi_sdn_dup( agmt_get_dn_byref(ra) );
-	dn = slapi_sdn_get_dn(sdn);
+    mods = windows_private_get_cookie_mod(dp, LDAP_MOD_REPLACE);
+    sdn = slapi_sdn_dup( agmt_get_dn_byref(ra) );
 
-    slapi_modify_internal_set_pb (pb, dn, slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
-                                  repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
+    slapi_modify_internal_set_pb_ext (pb, sdn, 
+            slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
+            repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
     slapi_modify_internal_pb (pb);
 
     slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
@@ -802,8 +801,9 @@ windows_private_save_dirsync_cookie(const Repl_Agmt *ra)
     {	/* try again, but as an add instead */
 		slapi_mods_free(&mods);
 		mods = windows_private_get_cookie_mod(dp, LDAP_MOD_ADD);
-		slapi_modify_internal_set_pb (pb, dn, slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
-                                      repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
+		slapi_modify_internal_set_pb_ext (pb, sdn,
+		        slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
+		        repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
 		slapi_modify_internal_pb (pb);
 	
 		slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);

ldap/servers/plugins/replication/windows_protocol_util.c

@@ -1296,8 +1296,9 @@ process_replay_rename(Private_Repl_Protocol *prp,
 					remote_subtree?remote_subtree:"empty");
 		goto bail;
 	}
+	/* newparent is already normzlized; just ignore the case */
 	norm_newparent = slapi_ch_strdup(newparent);
-	slapi_dn_normalize_case(norm_newparent);
+	slapi_dn_ignore_case(norm_newparent);
 	p = strstr(norm_newparent, local_subtree);
 	if (NULL == p) {
 		slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
@@ -1389,7 +1390,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 		
 	LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_replay_update\n", 0, 0, 0 );
 
-	local_dn = slapi_sdn_new_dn_byref( op->target_address.dn );
+	local_dn = slapi_sdn_dup( op->target_address.sdn );
 
 	/* Since we have the target uniqueid in the op structure, let's
 	 * fetch the local entry here using it. We do not want to search
@@ -1415,7 +1416,8 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 					"%s: windows_replay_update: failed to fetch local entry "
 					"for %s operation dn=\"%s\"\n",
 					agmt_get_long_name(prp->agmt),
-					op2string(op->operation_type), op->target_address.dn);
+					op2string(op->operation_type), 
+					REPL_GET_DN(&op->target_address));
 				goto error;
 			}
 			op->operation_type = SLAPI_OPERATION_DELETE;
@@ -1427,12 +1429,14 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
 					"%s: windows_replay_update: failed to fetch local entry for %s operation dn=\"%s\"\n",
 					agmt_get_long_name(prp->agmt),
-					op2string(op->operation_type), op->target_address.dn);
+					op2string(op->operation_type), 
+					REPL_GET_DN(&op->target_address));
 			} else {
 				slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
 					"%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s)\n",
 					agmt_get_long_name(prp->agmt),
-					op2string(op->operation_type), op->target_address.dn, "ours");
+					op2string(op->operation_type), 
+					REPL_GET_DN(&op->target_address), "ours");
 			}
 			/* Just bail on this change.  We don't want to do any
 			 * further checks since we don't have a local entry. */
@@ -1450,7 +1454,8 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 	slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
 		"%s: windows_replay_update: Looking at %s operation local dn=\"%s\" (%s,%s,%s)\n",
 		agmt_get_long_name(prp->agmt),
-		op2string(op->operation_type), op->target_address.dn, is_ours ? "ours" : "not ours", 
+		op2string(op->operation_type), 
+		REPL_GET_DN(&op->target_address), is_ours ? "ours" : "not ours", 
 		is_user ? "user" : "not user", is_group ? "group" : "not group");
 
 	if (is_ours && (is_user || is_group) ) {
@@ -1463,14 +1468,16 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 				"%s: windows_replay_update: failed map dn for %s operation dn=\"%s\""
 				"rc=%d remote_dn = [%s]\n",
 				agmt_get_long_name(prp->agmt),
-				op2string(op->operation_type), op->target_address.dn,
+				op2string(op->operation_type), 
+				REPL_GET_DN(&op->target_address),
 				rc, remote_dn ? slapi_sdn_get_dn(remote_dn) : "(null)");
 			goto error;
 		}
 		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
 			"%s: windows_replay_update: Processing %s operation local dn=\"%s\" remote dn=\"%s\"\n",
 			agmt_get_long_name(prp->agmt),
-			op2string(op->operation_type), op->target_address.dn, slapi_sdn_get_dn(remote_dn));
+			op2string(op->operation_type), 
+			REPL_GET_DN(&op->target_address), slapi_sdn_get_dn(remote_dn));
 		switch (op->operation_type) {
 		case SLAPI_OPERATION_ADD:
 			return_value = process_replay_add(prp,op->p.p_add.target_entry,local_entry,local_dn,remote_dn,is_user,missing_entry,&password);
@@ -1584,7 +1591,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
 			{
 			return_value = process_replay_rename(prp, local_entry, local_dn,
 								op->p.p_modrdn.modrdn_newrdn,
-								op->p.p_modrdn.modrdn_newsuperior_address.dn,
+								REPL_GET_DN(&op->p.p_modrdn.modrdn_newsuperior_address),
 								op->p.p_modrdn.modrdn_deloldrdn,
 								is_user, is_group);
 			if (CONN_OPERATION_FAILED == return_value) {
@@ -4446,6 +4453,7 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
 	Slapi_PBlock *pb = NULL;
 	int do_modify = 0;
 	char *newsuperior = NULL;
+	Slapi_DN newsuperior_sdn;
 	const char *newrdn = NULL;
 	int is_user = 0, is_group = 0;
 	const char *newdn = NULL;
@@ -4467,8 +4475,8 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
 
 	/* Compare the local and mapped RDNs if it is a group */
 	/* If they don't match, set it to newrdn. */
-	if (is_group && strcmp(slapi_sdn_get_ndn(slapi_entry_get_sdn(local_entry)),
-					slapi_sdn_get_ndn(mapped_sdn))) {
+	if (is_group && strcmp(slapi_entry_get_ndn(local_entry),
+	                       slapi_sdn_get_ndn(mapped_sdn))) {
 		newdn = slapi_sdn_get_dn(mapped_sdn);
 		slapi_rdn_set_dn(&rdn, newdn);
 		newrdn = slapi_rdn_get_rdn(&rdn);
@@ -4494,13 +4502,15 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
 		slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, "renaming entry \"%s\" - "
 				"(newrdn: \"%s\", newsuperior: \"%s\"\n", newdn,
 				newrdn ? newrdn:"NULL", newsuperior ? newsuperior:"NULL");
-		slapi_rename_internal_set_pb (pb,
-				   slapi_sdn_get_dn(slapi_entry_get_sdn(local_entry)),
-				   newrdn, newsuperior, 1 /* delete old RDNS */,
+		slapi_sdn_init_dn_byref(&newsuperior_sdn, newsuperior);
+		slapi_rename_internal_set_pb_ext (pb,
+				   slapi_entry_get_sdn(local_entry),
+				   newrdn, &newsuperior_sdn, 1 /* delete old RDNS */,
 				   NULL /* controls */, NULL /* uniqueid */,
 				   repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
 		slapi_modrdn_internal_pb (pb);
 		slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &retval);
+		slapi_sdn_done(&newsuperior_sdn);
 		slapi_pblock_destroy (pb);
 		if (LDAP_SUCCESS != retval) {
 			slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
@@ -4541,12 +4551,14 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
 		if (pb)
 		{
 			char dnbuf[BUFSIZ];
-			const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+			const char *dn = slapi_entry_get_dn_const(local_entry);
 			slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
 				"modifying entry: %s\n", escape_string(dn, dnbuf));
-			slapi_modify_internal_set_pb (pb, slapi_entry_get_ndn(local_entry), slapi_mods_get_ldapmods_byref(&smods), NULL, NULL,
-					repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
-			slapi_modify_internal_pb (pb);		
+			slapi_modify_internal_set_pb_ext (pb,
+			    slapi_entry_get_sdn(local_entry),
+			    slapi_mods_get_ldapmods_byref(&smods), NULL, NULL,
+			    repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
+			slapi_modify_internal_pb (pb);
 			slapi_pblock_get (pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
 			if (rc) 
 			{
@@ -4564,7 +4576,7 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
 	} else
 	{
 		char dnbuf[BUFSIZ];
-		const char *dn = slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry));
+		const char *dn = slapi_entry_get_dn_const(local_entry);
 		slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
 			"no mods generated for local entry: %s\n", escape_string(dn, dnbuf));
 	}

ldap/servers/plugins/retrocl/retrocl_po.c

@@ -567,7 +567,7 @@ int retrocl_postob (Slapi_PBlock *pb,int optype)
     Slapi_Operation     *op = NULL;
     LDAPMod		**modrdn_mods = NULL;
     char *newrdn = NULL;
-    char *newsuperior = NULL;
+    Slapi_DN *newsuperior = NULL;
     Slapi_Backend *be = NULL;
     time_t curtime;
     int rc;
@@ -641,7 +641,7 @@ int retrocl_postob (Slapi_PBlock *pb,int optype)
     	(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
     	(void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
     	(void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods );
-	(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperior); 
+    	(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior ); 
     	break;
     }
 
@@ -649,9 +649,7 @@ int retrocl_postob (Slapi_PBlock *pb,int optype)
     /* check if we should log change to retro changelog, and
      * if so, do it here */
     write_replog_db( pb, optype, dn, log_m, flag, curtime, te,
-		     newrdn, modrdn_mods, newsuperior );
+		     newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) );
 
     return 0;
 }
-
-

ldap/servers/plugins/roles/roles_cache.c

@@ -785,7 +785,8 @@ static int roles_cache_is_role_entry(struct slapi_entry *entry)
 */
 void roles_cache_change_notify(Slapi_PBlock *pb)
 {
-	char *dn = NULL;
+	const char *dn = NULL;
+	Slapi_DN *sdn = NULL;
 	struct slapi_entry *e = NULL;
 	struct slapi_entry *pre = NULL;
 	struct slapi_entry *entry = NULL;
@@ -814,10 +815,10 @@ void roles_cache_change_notify(Slapi_PBlock *pb)
 		return;
 	}
 
-    slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
-    if( dn == NULL )
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    if( sdn == NULL )
     {
-		return;
+        return;
     }
 
 	slapi_pblock_get (pb, SLAPI_OPERATION, &pb_operation);
@@ -932,6 +933,7 @@ if ( e != NULL )
 
 		if ( top_suffix != NULL )
 		{
+			dn = slapi_sdn_get_dn(sdn);
 			roles_cache_trigger_update_role( slapi_ch_strdup(dn), entry,
 										top_suffix,
 										operation);

ldap/servers/plugins/statechange/statechange.c

@@ -232,7 +232,8 @@ static int statechange_post_op( Slapi_PBlock *pb, int modtype )
 {
 	SCNotify *notify = head; 
 	int execute;
-	char *dn = NULL;
+	Slapi_DN *sdn = NULL;
+	char *ndn = NULL;
 	struct slapi_entry *e_before = NULL;
 	struct slapi_entry *e_after = NULL;
 
@@ -246,13 +247,13 @@ static int statechange_post_op( Slapi_PBlock *pb, int modtype )
 	slapi_lock_mutex(buffer_lock);
 	if(head)
 	{
-		if(slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn ))
-		{
-			slapi_log_error( SLAPI_LOG_FATAL, SCN_PLUGIN_SUBSYSTEM, "statechange_post_op: failed to get dn of changed entry");
+		slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
+		if (NULL == sdn) {
+			slapi_log_error( SLAPI_LOG_FATAL, SCN_PLUGIN_SUBSYSTEM, 
+			         "statechange_post_op: failed to get dn of changed entry" );
 			goto bail;
 		}
-
-		slapi_dn_normalize( dn );
+		ndn = (char *)slapi_sdn_get_ndn(sdn);
 
 		slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e_before );
 		slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e_after );
@@ -264,7 +265,7 @@ static int statechange_post_op( Slapi_PBlock *pb, int modtype )
 			/* first dn */
 			if(notify->dn)
 			{
-				if(0 != slapi_dn_issuffix(dn, notify->dn))
+				if(0 != slapi_dn_issuffix(ndn, notify->dn))
 					execute = 1;
 			}
 			else
@@ -290,9 +291,9 @@ static int statechange_post_op( Slapi_PBlock *pb, int modtype )
 			if(execute)
 			{
 				if(e_after)
-					(notify->func)(e_after, dn, modtype, pb, notify->caller_data);
+					(notify->func)(e_after, ndn, modtype, pb, notify->caller_data);
 				else
-					(notify->func)(e_before, dn, modtype, pb, notify->caller_data);
+					(notify->func)(e_before, ndn, modtype, pb, notify->caller_data);
 			}
 
 			notify = notify->next;

ldap/servers/plugins/uiduniq/7bit.c

@@ -233,13 +233,14 @@ preop_add(Slapi_PBlock *pb)
     int argc;
     char **argv;
     char **attrName;
-    char *dn;
+    const char *dn;
+    Slapi_DN *sdn = NULL;
     Slapi_Entry *e;
     Slapi_Attr *attr;
     char **firstSubtree;
     char **subtreeDN;
     int subtreeCnt;
-	int is_replicated_operation;
+    int is_replicated_operation;
 
     /*
      * Get the arguments
@@ -263,9 +264,11 @@ preop_add(Slapi_PBlock *pb)
     /*
      * Get the target DN for this add operation
      */
-    err = slapi_pblock_get(pb, SLAPI_ADD_TARGET, &dn);
+    err = slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
     if (err) { result = op_error(50); break; }
 
+    dn = slapi_sdn_get_dn(sdn);
+
 #ifdef DEBUG
     slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD target=%s\n", dn);
 #endif
@@ -278,7 +281,7 @@ preop_add(Slapi_PBlock *pb)
     if (err) { result = op_error(51); break; }
 
     for ( firstSubtree = argv; strcmp(*firstSubtree, ",") != 0; 
-	firstSubtree++, argc--) {}
+          firstSubtree++, argc--) {}
     firstSubtree++;
     argc--;
 
@@ -304,7 +307,7 @@ preop_add(Slapi_PBlock *pb)
        * the target DN is a subnode in the tree.
        */
       for( subtreeDN=firstSubtree, subtreeCnt=argc ;subtreeCnt > 0;
-  	subtreeCnt--,subtreeDN++)
+           subtreeCnt--,subtreeDN++)
       {
         /*
          * issuffix determines whether the target is under the
@@ -378,7 +381,8 @@ preop_modify(Slapi_PBlock *pb)
     LDAPMod **mods;
     LDAPMod **firstMods;
     LDAPMod *mod;
-    char *target;
+    const char *target;
+	Slapi_DN *target_sdn = NULL;
     char **firstSubtree;
     char **subtreeDN;
     int subtreeCnt;
@@ -407,9 +411,10 @@ preop_modify(Slapi_PBlock *pb)
     if (err) { result = op_error(10); break; }
 
     /* Get the target DN */
-    err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &target);
+    err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET_SDN, &target_sdn);
     if (err) { result = op_error(11); break; }
 
+    target = slapi_sdn_get_dn(target_sdn);
     /*
      * Look for managed trees that include the target
      * Arguments before "," are the 7-bit clean attribute names.  Arguemnts
@@ -538,14 +543,14 @@ preop_modrdn(Slapi_PBlock *pb)
     int argc;
     char **argv;
     char **attrName;
-    char *target;
-    char *superior;
+    Slapi_DN *target_sdn = NULL;
+    Slapi_DN *superior;
     char *rdn; 
     Slapi_Attr *attr;
     char **firstSubtree;
     char **subtreeDN;
     int subtreeCnt;
-	int is_replicated_operation;
+    int is_replicated_operation;
 
     /*
      * Get the arguments
@@ -567,11 +572,11 @@ preop_modrdn(Slapi_PBlock *pb)
     }
 
     /* Get the DN of the entry being renamed */
-    err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET, &target);
+    err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &target_sdn);
     if (err) { result = op_error(22); break; }
 
     /* Get superior value - unimplemented in 3.0 DS */
-    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR, &superior);
+    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &superior);
     if (err) { result = op_error(20); break; }
 
     /*
@@ -579,7 +584,7 @@ preop_modrdn(Slapi_PBlock *pb)
      * its current level in the tree.  Use the target DN for
      * determining which managed tree this belongs to
      */
-    if (!superior) superior = target;
+    if (!superior) superior = target_sdn;
 
     /* Get the new RDN - this has the attribute values */
     err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &rdn);
@@ -649,7 +654,7 @@ preop_modrdn(Slapi_PBlock *pb)
          * issuffix determines whether the target is under the
          * subtree *subtreeDN
          */
-        if (slapi_dn_issuffix(superior, *subtreeDN))
+        if (slapi_dn_issuffix(slapi_sdn_get_dn(superior), *subtreeDN))
         {
 #ifdef DEBUG
           slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name,
@@ -692,6 +697,7 @@ NS7bitAttr_Init(Slapi_PBlock *pb)
     int argc;
     char **argv;
 
+
     /* Declare plugin version */
     err = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
             SLAPI_PLUGIN_VERSION_01);
@@ -716,8 +722,11 @@ NS7bitAttr_Init(Slapi_PBlock *pb)
     if (argc == 0) { err = -1; break; }
     argv++; argc--;
 
-    for(;argc > 0;argc--, argv++)
-        slapi_dn_normalize_case(*argv);
+    for(;argc > 0;argc--, argv++) {
+        char *normdn = slapi_create_dn_string_case("%s", *argv);
+        slapi_ch_free_string(argv);
+        *argv = normdn;
+    }
 
     /* Provide descriptive information */
     err = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,

ldap/servers/plugins/uiduniq/uid.c

@@ -340,28 +340,18 @@ search_one_berval(const char *baseDN, const char *attrName,
        */
       for(;*entries;entries++)
       {
-        char *dn = slapi_entry_get_dn(*entries);
-
-        /*
-         * DNs are returned in the original value used to insert
-         * the entry.  This must be "normalized" for comparison.
-         *
-         * This normalization is done "in-place" (modifying the value
-         * in the entry).  This is OK, since this is the only user
-         * of this copy of the entry.
-         */
-        slapi_dn_normalize_case(dn);
+        char *ndn = slapi_entry_get_ndn(*entries); /* get the normalized dn */
 
 #ifdef DEBUG
         slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name,
-          "SEARCH entry dn=%s\n", dn);
+          "SEARCH entry dn=%s\n", ndn);
 #endif
 
         /*
          * It is a Constraint Violation if any entry is found, unless
          * the entry is the target entry (if any).
          */
-        if (!target || strcmp(dn, target) != 0)
+        if (!target || strcmp(ndn, target) != 0)
         {
           result = LDAP_CONSTRAINT_VIOLATION;
           break;
@@ -557,7 +547,8 @@ preop_add(Slapi_PBlock *pb)
     int err;
     char *markerObjectClass = NULL;
     char *requiredObjectClass = NULL;
-    char *dn;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
     int isupdatedn;
     Slapi_Entry *e;
     Slapi_Attr *attr;
@@ -582,7 +573,7 @@ preop_add(Slapi_PBlock *pb)
         if (UNTAGGED_PARAMETER == result)
         {
           slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, 
-		"ADD parameter untagged: %s\n", attrName);
+                          "ADD parameter untagged: %s\n", attrName);
           result = LDAP_SUCCESS;
           /* Statically defined subtrees to monitor */
           err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc);
@@ -599,9 +590,11 @@ preop_add(Slapi_PBlock *pb)
     /*
      * Get the target DN for this add operation
      */
-    err = slapi_pblock_get(pb, SLAPI_ADD_TARGET, &dn);
+    err = slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
     if (err) { result = uid_op_error(51); break; }
 
+    dn = slapi_sdn_get_dn(sdn);
+
 #ifdef DEBUG
     slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD target=%s\n", dn);
 #endif
@@ -636,7 +629,7 @@ preop_add(Slapi_PBlock *pb)
         if (NULL != markerObjectClass)
         {
           /* Subtree defined by location of marker object class */
-                result = findSubtreeAndSearch(dn, attrName, attr, NULL,
+                result = findSubtreeAndSearch((char *)dn, attrName, attr, NULL,
                                               requiredObjectClass, dn,
                                               markerObjectClass);
         } else
@@ -710,7 +703,8 @@ preop_modify(Slapi_PBlock *pb)
     int modcount = 0;
     int ii;
     LDAPMod *mod;
-    char *dn;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
     int isupdatedn;
     int argc;
     char **argv = NULL;
@@ -763,53 +757,57 @@ preop_modify(Slapi_PBlock *pb)
     /* find out how many mods meet this criteria */
     for(;*mods;mods++)
     {
-	mod = *mods;
-	if ((slapi_attr_type_cmp(mod->mod_type, attrName, 1) == 0) && /* mod contains target attr */
-	    (mod->mod_op & LDAP_MOD_BVALUES) && /* mod is bval encoded (not string val) */
-	    (mod->mod_bvalues && mod->mod_bvalues[0]) && /* mod actually contains some values */
-	    (SLAPI_IS_MOD_ADD(mod->mod_op) || /* mod is add */
-	     SLAPI_IS_MOD_REPLACE(mod->mod_op))) /* mod is replace */
-	{
-	  addMod(&checkmods, &checkmodsCapacity, &modcount, mod);
-	}
+        mod = *mods;
+        if ((slapi_attr_type_cmp(mod->mod_type, attrName, 1) == 0) && /* mod contains target attr */
+            (mod->mod_op & LDAP_MOD_BVALUES) && /* mod is bval encoded (not string val) */
+            (mod->mod_bvalues && mod->mod_bvalues[0]) && /* mod actually contains some values */
+            (SLAPI_IS_MOD_ADD(mod->mod_op) || /* mod is add */
+             SLAPI_IS_MOD_REPLACE(mod->mod_op))) /* mod is replace */
+        {
+          addMod(&checkmods, &checkmodsCapacity, &modcount, mod);
+        }
     }
     if (modcount == 0) {
-	break; /* no mods to check, we are done */
+        break; /* no mods to check, we are done */
     }
 
     /* Get the target DN */
-    err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET, &dn);
+    err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET_SDN, &sdn);
     if (err) { result = uid_op_error(11); break; }
 
-        /*
-         * Check if it has the required object class
-         */
-        if (requiredObjectClass &&
-                !(spb = dnHasObjectClass(dn, requiredObjectClass))) { break; }
+    dn = slapi_sdn_get_dn(sdn);
+    /*
+     * Check if it has the required object class
+     */
+    if (requiredObjectClass &&
+        !(spb = dnHasObjectClass(dn, requiredObjectClass))) {
+        break;
+    }
 
-        /*
-         * Passed all the requirements - this is an operation we
-         * need to enforce uniqueness on. Now find all parent entries
-         * with the marker object class, and do a search for each one.
-         */
-		/*
-		 * stop checking at first mod that fails the check
-		 */
-		for (ii = 0; (result == 0) && (ii < modcount); ++ii)
-		{
-			mod = checkmods[ii];
-			if (NULL != markerObjectClass)
-			{
-				/* Subtree defined by location of marker object class */
-                result = findSubtreeAndSearch(dn, attrName, NULL, mod->mod_bvalues,
-                                              requiredObjectClass, dn, markerObjectClass);
-			} else
-			{
-				/* Subtrees listed on invocation line */
-				result = searchAllSubtrees(argc, argv, attrName, NULL,
-                                                           mod->mod_bvalues, requiredObjectClass, dn);
-			}
-		}
+    /*
+     * Passed all the requirements - this is an operation we
+     * need to enforce uniqueness on. Now find all parent entries
+     * with the marker object class, and do a search for each one.
+     */
+    /*
+     * stop checking at first mod that fails the check
+     */
+    for (ii = 0; (result == 0) && (ii < modcount); ++ii)
+    {
+        mod = checkmods[ii];
+        if (NULL != markerObjectClass)
+        {
+            /* Subtree defined by location of marker object class */
+            result = findSubtreeAndSearch((char *)dn, attrName, NULL, 
+                                          mod->mod_bvalues, requiredObjectClass,
+                                          dn, markerObjectClass);
+        } else
+        {
+            /* Subtrees listed on invocation line */
+            result = searchAllSubtrees(argc, argv, attrName, NULL,
+                                       mod->mod_bvalues, requiredObjectClass, dn);
+        }
+    }
   END
 
   slapi_ch_free((void **)&checkmods);
@@ -846,7 +844,6 @@ preop_modrdn(Slapi_PBlock *pb)
 {
   int result = LDAP_SUCCESS;
   Slapi_Entry *e = NULL;
-  Slapi_DN *sdn = NULL;
   Slapi_Value *sv_requiredObjectClass = NULL;
   char *errtext = NULL;
   char *attrName = NULL;
@@ -860,8 +857,9 @@ preop_modrdn(Slapi_PBlock *pb)
     int err;
     char *markerObjectClass=NULL;
     char *requiredObjectClass=NULL;
-    char *dn;
-    char *superior;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
+    Slapi_DN *superior;
     char *rdn;
     int deloldrdn = 0;
     int isupdatedn;
@@ -907,14 +905,13 @@ preop_modrdn(Slapi_PBlock *pb)
     }
 
     /* Get the DN of the entry being renamed */
-    err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET, &dn);
+    err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &sdn);
     if (err) { result = uid_op_error(31); break; }
 
-    /* Create a Slapi_DN to use for searching. */
-    sdn = slapi_sdn_new_dn_byref(dn);
+    dn = slapi_sdn_get_dn(sdn);
 
     /* Get superior value - unimplemented in 3.0/4.0/5.0 DS */
-    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR, &superior);
+    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &superior);
     if (err) { result = uid_op_error(32); break; }
 
     /*
@@ -922,7 +919,7 @@ preop_modrdn(Slapi_PBlock *pb)
      * its current level in the tree.  Use the target DN for
      * determining which managed tree this belongs to
      */
-    if (!superior) superior = dn;
+    if (!superior) superior = sdn;
 
     /* Get the new RDN - this has the attribute values */
     err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &rdn);
@@ -949,7 +946,7 @@ preop_modrdn(Slapi_PBlock *pb)
     }
 
     /* Apply the rename operation to the dummy entry. */
-    err = slapi_entry_rename(e, rdn, deloldrdn, superior);
+    err = slapi_entry_rename(e, rdn, deloldrdn, slapi_sdn_get_dn(superior));
     if (err != LDAP_SUCCESS) { result = uid_op_error(36); break; }
 
         /*
@@ -983,7 +980,6 @@ preop_modrdn(Slapi_PBlock *pb)
         }
   END
   /* Clean-up */
-  slapi_sdn_free(&sdn);
   slapi_value_free(&sv_requiredObjectClass);
   if (e) slapi_entry_free(e);
 
@@ -1048,8 +1044,11 @@ NSUniqueAttr_Init(Slapi_PBlock *pb)
     if (argc < 1) { err = -1; break; }
     argv++; argc--;
 
-    for(;argc > 0;argc--, argv++)
-        slapi_dn_normalize_case(*argv);
+    for(;argc > 0;argc--, argv++) {
+        char *normdn = slapi_create_dn_string_case("%s", *argv);
+        slapi_ch_free_string(argv);
+        *argv = normdn;
+    }
 
     /* Provide descriptive information */
     err = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,

ldap/servers/plugins/views/views.c

@@ -1683,6 +1683,7 @@ static int view_search_rewrite_callback(Slapi_PBlock *pb)
 	int scope = 0;
 	int set_scope = LDAP_SCOPE_SUBTREE;
 	viewEntry *theView = 0;
+	Slapi_DN *basesdn = NULL;
 
 #ifdef _VIEW_DEBUG_FILTERS
 	char outFilter_str[1024];
@@ -1711,7 +1712,8 @@ static int view_search_rewrite_callback(Slapi_PBlock *pb)
 		goto end;
 
 	/* if base of the search is a view */
-	slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &base);
+	slapi_pblock_get(pb, SLAPI_SEARCH_TARGET_SDN, &basesdn);
+	base = (char *)slapi_sdn_get_dn(basesdn);
 
 	/* Read lock the cache */
 	views_read_lock();
@@ -1763,8 +1765,11 @@ static int view_search_rewrite_callback(Slapi_PBlock *pb)
 	/* rewrite search scope and base*/
 	slapi_pblock_set(pb, SLAPI_SEARCH_SCOPE, &set_scope);
 
-	base = slapi_ch_strdup(theView->pSearch_base);
-	slapi_pblock_set(pb, SLAPI_SEARCH_TARGET, base);
+	slapi_pblock_get(pb, SLAPI_SEARCH_TARGET_SDN, &basesdn);
+	slapi_sdn_free(&basesdn);
+
+	basesdn = slapi_sdn_new_dn_byval(theView->pSearch_base);
+	slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, basesdn);
 
 	/* concatenate the filters */
 	

ldap/servers/slapd/add.c

@@ -116,8 +116,7 @@ do_add( Slapi_PBlock *pb )
 	/* get the name */
 	{
 		char *rawdn = NULL;
-		char *dn = NULL;
-		size_t dnlen = 0;
+		Slapi_DN mysdn;
 		if ( ber_scanf( ber, "{a", &rawdn ) == LBER_ERROR ) {
 			slapi_ch_free_string(&rawdn);
 			LDAPDebug( LDAP_DEBUG_ANY,
@@ -140,20 +139,20 @@ do_add( Slapi_PBlock *pb )
 				return;
 			}
 		}
-		rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
-		if (rc < 0) {
-			op_shared_log_error_access(pb, "ADD", rawdn?rawdn:"", "invalid dn");
-			send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
-							 NULL, "invalid dn", 0, NULL);
-			slapi_ch_free_string(&rawdn);
+		slapi_sdn_init_dn_passin(&mysdn, rawdn);
+		if (rawdn && (strlen(rawdn) > 0) &&
+		    (NULL == slapi_sdn_get_dn(&mysdn))) {
+			/* normalization failed */
+			op_shared_log_error_access(pb, "ADD", rawdn, "invalid dn");
+			send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
+			                 "invalid dn", 0, NULL);
+			slapi_sdn_done(&mysdn);
 			return;
-		} else if (rc > 0) {
-			slapi_ch_free_string(&rawdn);
-		} else { /* rc == 0; rawdn is passed in; not null terminated */
-			*(dn + dnlen) = '\0';
 		}
 		e = slapi_entry_alloc();
-		slapi_entry_init(e,dn,NULL); /* Responsibility for DN is passed to the Entry. */
+		/* Responsibility for DN is passed to the Entry. */
+		slapi_entry_init_ext(e, &mysdn, NULL);
+		slapi_sdn_done(&mysdn);
 	}
 	LDAPDebug( LDAP_DEBUG_ARGS, "	do_add: dn (%s)\n", slapi_entry_get_dn_const(e), 0, 0 );
 
@@ -338,7 +337,7 @@ slapi_add_entry_internal(Slapi_Entry *e, LDAPControl **controls, int dummy)
 
 /*  This is new style API to issue internal add operation.
 	pblock should contain the following data (can be set via call to slapi_add_internal_set_pb):
-	SLAPI_TARGET_DN		set to dn of the new entry
+	SLAPI_TARGET_SDN	set to sdn of the new entry
 	SLAPI_CONTROLS_ARG	set to request controls if present
 	SLAPI_ADD_ENTRY		set to Slapi_Entry to add
 	Beware: The entry is consumed. */
@@ -458,6 +457,7 @@ static void op_shared_add (Slapi_PBlock *pb)
 	char *proxystr = NULL;
 	int proxy_err = LDAP_SUCCESS;
 	char *errtext = NULL;
+	Slapi_DN *sdn = NULL;
 
 	slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
 	slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
@@ -532,7 +532,7 @@ static void op_shared_add (Slapi_PBlock *pb)
 			goto done;
 		}
 	
-		slapi_pblock_set(pb, SLAPI_TARGET_DN, (void*)slapi_sdn_get_ndn(operation_get_target_spec (operation)));
+		slapi_pblock_set(pb, SLAPI_TARGET_SDN, (void*)operation_get_target_spec (operation));
 		send_referrals_from_entry(pb,referral);
 		slapi_entry_free(referral);
 		goto done;
@@ -547,16 +547,16 @@ static void op_shared_add (Slapi_PBlock *pb)
 			present_values= attr_get_present_values(attr);
 
 			/* Set the backend in the pblock.  The slapi_access_allowed function
-                         * needs this set to work properly. */
-                        slapi_pblock_set( pb, SLAPI_BACKEND, slapi_be_select( slapi_entry_get_sdn_const(e) ) );
+			 * needs this set to work properly. */
+			slapi_pblock_set( pb, SLAPI_BACKEND, slapi_be_select( slapi_entry_get_sdn_const(e) ) );
 
 			/* Check ACI before checking password syntax */
 			if ( (err = slapi_access_allowed(pb, e, SLAPI_USERPWD_ATTR, NULL,
-                                     SLAPI_ACL_ADD)) != LDAP_SUCCESS) {
-                                send_ldap_result(pb, err, NULL,
-                                              "Insufficient 'add' privilege to the "
-                                              "'userPassword' attribute", 0, NULL);
-                                goto done;
+			                                 SLAPI_ACL_ADD)) != LDAP_SUCCESS) {
+			    send_ldap_result(pb, err, NULL,
+			                     "Insufficient 'add' privilege to the "
+			                     "'userPassword' attribute", 0, NULL);
+			    goto done;
 			}
 
 			/* check password syntax */
@@ -657,21 +657,23 @@ static void op_shared_add (Slapi_PBlock *pb)
 	 * plugins.
 	 */
 	
-	slapi_pblock_set(pb, SLAPI_ADD_TARGET, 
-					 (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)));
-	if (plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN : 
-							SLAPI_PLUGIN_PRE_ADD_FN) == 0)
+	sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(e));
+	slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, (void *)sdn);
+	if (plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN :
+	                        SLAPI_PLUGIN_PRE_ADD_FN) == 0)
 	{
 		int	rc;
 		Slapi_Entry	*ec;
-		char *add_target_dn;
+		Slapi_DN *add_target_sdn = NULL;
 
 		slapi_pblock_set(pb, SLAPI_PLUGIN, be->be_database);
 		set_db_default_result_handlers(pb);
 		/* because be_add frees the entry */
 		ec = slapi_entry_dup(e);
-		add_target_dn= slapi_ch_strdup(slapi_sdn_get_ndn(slapi_entry_get_sdn_const(ec)));
-    	slapi_pblock_set(pb, SLAPI_ADD_TARGET, add_target_dn);
+		add_target_sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(ec));
+		slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
+		slapi_sdn_free(&sdn);
+		slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, add_target_sdn);
 		
 		if (be->be_add != NULL)
 		{
@@ -717,9 +719,9 @@ static void op_shared_add (Slapi_PBlock *pb)
 		plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_POST_ADD_FN : 
 							SLAPI_PLUGIN_POST_ADD_FN);
 		slapi_entry_free(ec);
-    	slapi_pblock_get(pb, SLAPI_ADD_TARGET, &add_target_dn);
-		slapi_ch_free((void**)&add_target_dn);
 	}
+	slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
+	slapi_sdn_free(&sdn);
 
 done:
 	if (be)

ldap/servers/slapd/auditlog.c

@@ -57,13 +57,14 @@ char	*attr_deleteoldrdn	= ATTR_DELETEOLDRDN;
 char	*attr_modifiersname = ATTR_MODIFIERSNAME;
 
 /* Forward Declarations */
-static void write_audit_file( int optype, char *dn, void *change, int flag, time_t curtime );
+static void write_audit_file( int optype, const char *dn, void *change, int flag, time_t curtime );
 
 void
 write_audit_log_entry( Slapi_PBlock *pb )
 {
     time_t curtime;
-    char *dn;
+    Slapi_DN *sdn;
+    const char *dn;
     void *change;
 	int flag = 0;
 	Operation *op;
@@ -75,27 +76,13 @@ write_audit_log_entry( Slapi_PBlock *pb )
 	}
 
 	slapi_pblock_get( pb, SLAPI_OPERATION, &op );
-    slapi_pblock_get( pb, SLAPI_TARGET_DN, &dn );
+    slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
+	dn = slapi_sdn_get_dn(sdn);
     switch ( operation_get_type(op) )
 	{
     case SLAPI_OPERATION_MODIFY:
 	    slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
     	break;
-    case SLAPI_OPERATION_ADD:
-	    {
-    	/*
-    	 * For adds, we want the unnormalized dn, so we can preserve
-    	 * spacing, case, when replicating it.
-    	 */
-        Slapi_Entry *te = NULL;
-    	slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &change );
-    	te = (Slapi_Entry *)change;
-    	if ( NULL != te )
-		{
-    	    dn = slapi_entry_get_dn( te );
-    	}
-		}
-    	break;
     case SLAPI_OPERATION_DELETE:
 		{
 		char * deleterDN = NULL;
@@ -129,7 +116,7 @@ write_audit_log_entry( Slapi_PBlock *pb )
 static void
 write_audit_file(
     int			optype,
-    char		*dn,
+    const char	*dn,
     void		*change,
     int			flag,
     time_t		curtime

ldap/servers/slapd/auth.c

@@ -81,30 +81,17 @@ slapu_search_s( LDAP* ld, const char* rawbaseDN, int scope, const char* filter,
     int err = LDAP_NO_SUCH_OBJECT;
     Slapi_PBlock* pb = NULL;
     LDAPControl **ctrls;
-    char *baseDN = slapi_ch_strdup(rawbaseDN);
-    char *normDN = NULL;
-    size_t dnlen = 0;
-
-    err = slapi_dn_normalize_ext(baseDN, 0, &normDN, &dnlen);
-    if (err < 0) {
-        err = LDAP_INVALID_DN_SYNTAX;
-        LDAPDebug (LDAP_DEBUG_TRACE, "<= slapu_search_s %i\n", err, 0, 0);
-        return err;
-    } else if (err == 0) { /* baseDN is passed in; not terminated */
-        *(normDN + dnlen) = '\0';
-    } else {
-        slapi_ch_free_string(&baseDN);
-        baseDN = normDN;
-    }
+    Slapi_DN *sdn = slapi_sdn_new_dn_byval(rawbaseDN);
+    char *baseDN = slapi_sdn_get_dn(sdn);
 
     if (ld != internal_ld) {
         err = ldap_search_ext_s(ld, baseDN, scope, filter, attrs, attrsonly,
                                 NULL, NULL, NULL, -1, result);
-        slapi_ch_free_string(&baseDN);
+        slapi_sdn_free(&sdn);
         return err;
     }
     LDAPDebug (LDAP_DEBUG_TRACE, "=> slapu_search_s (\"%s\", %i, %s)\n",
-	       baseDN, scope, filter);
+               baseDN, scope, filter);
     if (filter == NULL) filter = "objectclass=*";
 
     /* use new internal search API */
@@ -138,7 +125,7 @@ slapu_search_s( LDAP* ld, const char* rawbaseDN, int scope, const char* filter,
 	LDAPDebug (LDAP_DEBUG_ANY, "slapi_search_internal (\"%s\", %i, %s) NULL\n",
 		   escape_string( (char*)baseDN, ebuf ), scope, escape_string( (char*)filter, fbuf ));
     }
-    slapi_ch_free_string(&baseDN);
+    slapi_sdn_free(&sdn);
     *result = (LDAPMessage*)pb;
     LDAPDebug (LDAP_DEBUG_TRACE, "<= slapu_search_s %i\n", err, 0, 0);
     return err;
@@ -534,19 +521,10 @@ handle_handshake_done (PRFileDesc *prfd, void* clientData)
 
     if (clientDN != NULL) {
         char ebuf[ BUFSIZ ];
-        int rc = 0;
-        char *normedDN = NULL;
-        size_t dnlen = 0;
-
-        rc = slapi_dn_normalize_ext(clientDN, 0, &normedDN, &dnlen);
-        if (rc < 0) {
-            /* ignoring the normalization error, use the pre normalized DN */
-        } else if (rc == 0) { /* clientDN is passed in; not terminated */
-            *(normedDN + dnlen) = '\0';
-        } else {
-            slapi_ch_free_string(&clientDN);
-            clientDN = normedDN;
-        }
+        Slapi_DN *sdn = NULL;
+        sdn = slapi_sdn_new_dn_passin(clientDN);
+        clientDN = slapi_ch_strdup(slapi_sdn_get_dn(sdn));
+        slapi_sdn_free(&sdn);
         slapi_log_access (LDAP_DEBUG_STATS, 
                           "conn=%" NSPRIu64 " SSL client bound as %s\n",
                           conn->c_connid, escape_string( clientDN, ebuf ));

ldap/servers/slapd/back-ldbm/ancestorid.c

@@ -717,8 +717,8 @@ static int ldbm_ancestorid_index_update(
 {
     DB *db = NULL;
     int allids = IDL_INSERT_NORMAL;
-    Slapi_DN dn = {0};
-    Slapi_DN nextdn = {0};
+    Slapi_DN sdn;
+    Slapi_DN nextsdn;
     struct attrinfo *ai = NULL;
     ID node_id, sub_id;
     idl_iterator iter;
@@ -733,36 +733,38 @@ static int ldbm_ancestorid_index_update(
         goto out;
     }
 
-    slapi_sdn_copy(low, &dn);
+    slapi_sdn_init(&sdn);
+    slapi_sdn_init(&nextsdn);
+    slapi_sdn_copy(low, &sdn);
 
     if (include_low == 0) {
-        if (slapi_sdn_compare(&dn, high) == 0) {
+        if (slapi_sdn_compare(&sdn, high) == 0) {
             goto out;
         }
         /* Get the next highest DN */
-        slapi_sdn_get_parent(&dn, &nextdn);
-        slapi_sdn_copy(&nextdn, &dn);
+        slapi_sdn_get_parent(&sdn, &nextsdn);
+        slapi_sdn_copy(&nextsdn, &sdn);
     }
 
     /* Iterate up through the tree */
     do {
-        if (slapi_sdn_isempty(&dn)) {
+        if (slapi_sdn_isempty(&sdn)) {
             break;
         }
 
         /* Have we reached the high node? */
-        if (include_high == 0 && slapi_sdn_compare(&dn, high) == 0) {
+        if (include_high == 0 && slapi_sdn_compare(&sdn, high) == 0) {
             break;
         }
 
         /* Get the id for that DN */
         if (entryrdn_get_switch()) { /* subtree-rename: on */
             node_id = 0;
-            err = entryrdn_index_read(be, &dn, &node_id, txn);
+            err = entryrdn_index_read(be, &sdn, &node_id, txn);
             if (err) {
                 if (DB_NOTFOUND != err) {
                     ldbm_nasty(sourcefile,13141,err);
-                    LDAPDebug1Arg(LDAP_DEBUG_ANY, "entryrdn_index_read(%s)\n", slapi_sdn_get_dn(&dn));
+                    LDAPDebug1Arg(LDAP_DEBUG_ANY, "entryrdn_index_read(%s)\n", slapi_sdn_get_dn(&sdn));
                     ret = err;
                 }
                 break;
@@ -770,8 +772,8 @@ static int ldbm_ancestorid_index_update(
         } else {
             IDList *idl = NULL;
             struct berval ndnv;
-            ndnv.bv_val = (void*)slapi_sdn_get_ndn(&dn);
-            ndnv.bv_len = slapi_sdn_get_ndn_len(&dn);
+            ndnv.bv_val = (void*)slapi_sdn_get_ndn(&sdn);
+            ndnv.bv_len = slapi_sdn_get_ndn_len(&sdn);
             err = 0;
             idl = index_read(be, LDBM_ENTRYDN_STR, indextype_EQUALITY, &ndnv, txn, &err);
             if (idl == NULL) {
@@ -807,19 +809,19 @@ static int ldbm_ancestorid_index_update(
         }
 
         /* Have we reached the high node? */
-        if (slapi_sdn_compare(&dn, high) == 0) {
+        if (slapi_sdn_compare(&sdn, high) == 0) {
             break;
         }
 
         /* Get the next highest DN */
-        slapi_sdn_get_parent(&dn, &nextdn);
-        slapi_sdn_copy(&nextdn, &dn);
+        slapi_sdn_get_parent(&sdn, &nextsdn);
+        slapi_sdn_copy(&nextsdn, &sdn);
 
     } while (ret == 0);
 
  out:
-    slapi_sdn_done(&dn);
-    slapi_sdn_done(&nextdn);
+    slapi_sdn_done(&sdn);
+    slapi_sdn_done(&nextsdn);
 
     /* Release the ancestorid file */
     if (db != NULL) {
@@ -856,7 +858,8 @@ int ldbm_ancestorid_index_entry(
  * If common is non-null then the common suffix of left and right
  * is returned in *common.
  */
-int slapi_sdn_suffix_cmp(
+static int 
+_sdn_suffix_cmp(
     const Slapi_DN *left, 
     const Slapi_DN *right, 
     Slapi_DN *common
@@ -870,12 +873,24 @@ int slapi_sdn_suffix_cmp(
     rdns1 = slapi_ldap_explode_dn(slapi_sdn_get_ndn(left), 0);
     rdns2 = slapi_ldap_explode_dn(slapi_sdn_get_ndn(right), 0);
 
-    for(count1 = 0; rdns1[count1]!=NULL; count1++){
+    if (NULL == rdns1) {
+        if (NULL == rdns2) {
+            ret = 0;
+        } else {
+            ret = 1;
+        }
+        goto out;
+    } else {
+        if (NULL == rdns2) {
+            ret = -1;
+            goto out;
+        }
     }
+
+    for(count1 = 0; rdns1[count1]!=NULL; count1++) ;
     count1--;
 
-    for(count2 = 0; rdns2[count2]!=NULL; count2++){
-    }
+    for(count2 = 0; rdns2[count2]!=NULL; count2++) ;
     count2--;
 
     while (count1 >= 0 && count2 >= 0) {
@@ -922,11 +937,11 @@ int slapi_sdn_suffix_cmp(
     LDAPDebug(LDAP_DEBUG_TRACE, "common suffix <%s>\n",
               slapi_sdn_get_dn(common), 0, 0);
 
- out:
+out:
     slapi_ldap_value_free(rdns1);
     slapi_ldap_value_free(rdns2);
 
-    LDAPDebug(LDAP_DEBUG_TRACE, "slapi_sdn_suffix_cmp(<%s>, <%s>) => %d\n",
+    LDAPDebug(LDAP_DEBUG_TRACE, "_sdn_suffix_cmp(<%s>, <%s>) => %d\n",
               slapi_sdn_get_dn(left), slapi_sdn_get_dn(right), ret);
 
     return ret;
@@ -942,15 +957,17 @@ int ldbm_ancestorid_move_subtree(
 )
 {
     int ret = 0;
-    Slapi_DN commondn = {0};
+    Slapi_DN commonsdn;
+
 
+    slapi_sdn_init(&commonsdn);
     /* Determine the common ancestor */
-    (void)slapi_sdn_suffix_cmp(olddn, newdn, &commondn);
+    (void)_sdn_suffix_cmp(olddn, newdn, &commonsdn);
 
     /* Delete from old ancestors */
     ret = ldbm_ancestorid_index_update(be, 
                                        olddn,
-                                       &commondn,
+                                       &commonsdn,
                                        0,
                                        0,
                                        id,
@@ -962,7 +979,7 @@ int ldbm_ancestorid_move_subtree(
     /* Add to new ancestors */
     ret = ldbm_ancestorid_index_update(be, 
                                        newdn,
-                                       &commondn,
+                                       &commonsdn,
                                        0,
                                        0,
                                        id,
@@ -971,7 +988,7 @@ int ldbm_ancestorid_move_subtree(
                                        txn);
 
  out:
-    slapi_sdn_done(&commondn);
+    slapi_sdn_done(&commonsdn);
     return ret;
 }
 

ldap/servers/slapd/back-ldbm/dblayer.c

@@ -2815,7 +2815,6 @@ int
 dblayer_remove_env(struct ldbminfo *li)
 {
     DB_ENV *env = NULL;
-    dblayer_private *priv = NULL;
     char *home_dir = NULL;
     int rc = db_env_create(&env, 0);
     if (rc) {
@@ -2827,7 +2826,6 @@ dblayer_remove_env(struct ldbminfo *li)
         LDAPDebug0Args(LDAP_DEBUG_ANY, "ERROR -- No ldbm info is given\n");
         return -1;
     }
-    priv = (dblayer_private *)li->li_dblayer_private;
 
     home_dir = dblayer_get_home_dir(li, NULL);
     if (home_dir) {

ldap/servers/slapd/back-ldbm/dn2entry.c

@@ -182,13 +182,11 @@ dn2ancestor(
         Slapi_DN ancestorndn;
         const char *ptr;
 
-        /* assign ancestordn to the parent of the given dn - ancestordn will contain
-           the "raw" unnormalized DN from the caller, so we can give back the DN
-           in the same format as we received it */
+        /* assign ancestordn to the parent of the given dn */
         ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn));
         /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns"
            the memory, but ancestordn points to it */
-        slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */
+        slapi_sdn_set_normdn_byref(ancestordn, ptr); /* free any previous contents */
         /* now, do the same for the normalized version */
         /* ancestorndn holds the normalized version for iteration purposes and
            because dn2entry needs the normalized dn */
@@ -221,7 +219,7 @@ dn2ancestor(
                 slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */
                 /* now do the same for the unnormalized one */
                 ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn));
-                slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */
+                slapi_sdn_set_normdn_byref(ancestordn, ptr); /* wipe out the previous contents */
             }
         }
 
@@ -256,17 +254,20 @@ get_copy_of_entry(Slapi_PBlock *pb, const entry_address *addr, back_txn *txn, in
 	}
 	else
 	{
-		Slapi_DN sdn;
-		slapi_sdn_init_dn_byref (&sdn, addr->dn); /* We assume that the DN is not normalized */
-		entry = dn2entry( be, &sdn, txn, &err );
-		slapi_sdn_done (&sdn);
+		if (addr->sdn) {
+			entry = dn2entry( be, addr->sdn, txn, &err );
+		} else {
+			err = 1;
+		}
 	}
 	if ( 0 != err && DB_NOTFOUND != err )
 	{
 		if(must_exist)
 		{
-			LDAPDebug( LDAP_DEBUG_ANY, "Operation error fetching %s (%s), error %d.\n", 
-				       addr->dn, (addr->uniqueid==NULL?"null":addr->uniqueid), err );
+			LDAPDebug( LDAP_DEBUG_ANY,
+			           "Operation error fetching %s (%s), error %d.\n", 
+			           addr->sdn?slapi_sdn_get_dn(addr->sdn):"Null DN",
+			           (addr->uniqueid==NULL?"null":addr->uniqueid), err );
 		}
 		if ( LDAP_INVALID_DN_SYNTAX == err ) {
 			rc = LDAP_INVALID_DN_SYNTAX; /* respect the error */
@@ -280,9 +281,9 @@ get_copy_of_entry(Slapi_PBlock *pb, const entry_address *addr, back_txn *txn, in
 		if(entry!=NULL)
 		{
 			ldbm_instance *inst;
-	    	slapi_pblock_set( pb, plock_parameter, slapi_entry_dup(entry->ep_entry));
+			slapi_pblock_set( pb, plock_parameter, slapi_entry_dup(entry->ep_entry));
 			inst = (ldbm_instance *) be->be_instance_info;
-		    CACHE_RETURN( &inst->inst_cache, &entry );
+			CACHE_RETURN( &inst->inst_cache, &entry );
 		}
 	}
 	/* JCMREPL - Free the backentry? */

ldap/servers/slapd/back-ldbm/findentry.c

@@ -170,14 +170,15 @@ find_entry_internal_dn(
 	 */
 	if (!really_internal) {
 		struct backentry *me;
-		Slapi_DN ancestordn= {0};
-		me= dn2ancestor(pb->pb_backend,sdn,&ancestordn,txn,&err);
+		Slapi_DN ancestorsdn;
+		slapi_sdn_init(&ancestorsdn);
+		me= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,txn,&err);
 		if ( !managedsait && me != NULL ) {
 			/* if the entry is a referral send the referral */
-			if(check_entry_for_referral(pb, me->ep_entry, (char*)slapi_sdn_get_dn(&ancestordn), "find_entry_internal_dn"))
+			if(check_entry_for_referral(pb, me->ep_entry, (char*)slapi_sdn_get_dn(&ancestorsdn), "find_entry_internal_dn"))
 			{
 				CACHE_RETURN( &inst->inst_cache, &me );
-				slapi_sdn_done(&ancestordn);
+				slapi_sdn_done(&ancestorsdn);
 				return( NULL );
 			}
 			/* else fall through to no such object */
@@ -187,8 +188,8 @@ find_entry_internal_dn(
 		slapi_send_ldap_result( pb, ( 0 == err || DB_NOTFOUND == err ) ?
 			LDAP_NO_SUCH_OBJECT : ( LDAP_INVALID_DN_SYNTAX == err ) ?
 			LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
-			(char*)slapi_sdn_get_dn(&ancestordn), NULL, 0, NULL );
-		slapi_sdn_done(&ancestordn);
+			(char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL );
+		slapi_sdn_done(&ancestorsdn);
 		CACHE_RETURN( &inst->inst_cache, &me );
 	}
 
@@ -276,17 +277,21 @@ find_entry_internal(
 	}
 	else
 	{
-		Slapi_DN sdn;
-		struct backentry *entry;
+		struct backentry *entry = NULL;
 
-		slapi_sdn_init_dn_ndn_byref (&sdn, addr->dn); /* normalized by front end */
 		LDAPDebug( LDAP_DEBUG_TRACE, "=> find_entry_internal (dn=%s) lock %d\n",
-				   addr->dn, lock, 0 );
-		entry = find_entry_internal_dn (pb, be, &sdn, lock, txn, really_internal);
-		slapi_sdn_done (&sdn);
+		           slapi_sdn_get_dn(addr->sdn), lock, 0 );
+		if (addr->sdn) {
+			entry = find_entry_internal_dn (pb, be, addr->sdn, 
+			                                lock, txn, really_internal);
+		} else {
+			LDAPDebug0Args( LDAP_DEBUG_ANY,
+			                "find_entry_internal: Null target dn\n" );
+		}
+
+		LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= find_entry_internal\n" );
 		return entry;
 	}
-	
 }
 
 struct backentry *

ldap/servers/slapd/back-ldbm/id2entry.c

@@ -358,40 +358,40 @@ id2entry( backend *be, ID id, back_txn *txn, int *err  )
             /* data.dptr may not include rdn: ..., try "dn: ..." */
             ee = slapi_str2entry( data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN );
         } else {
-            char *dn = NULL;
+            char *normdn = NULL;
             struct backdn *bdn = dncache_find_id(&inst->inst_dncache, id);
             if (bdn) {
-                dn = slapi_ch_strdup(slapi_sdn_get_dn(bdn->dn_sdn));
+                normdn = slapi_ch_strdup(slapi_sdn_get_dn(bdn->dn_sdn));
                 slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
-                                "dncache_find_id returned: %s\n", dn);
+                                "dncache_find_id returned: %s\n", normdn);
                 CACHE_RETURN(&inst->inst_dncache, &bdn);
             } else {
                 Slapi_DN *sdn = NULL;
-                rc = entryrdn_lookup_dn(be, rdn, id, &dn, txn);
+                rc = entryrdn_lookup_dn(be, rdn, id, &normdn, txn);
                 if (rc) {
                     slapi_log_error(SLAPI_LOG_TRACE, ID2ENTRY,
                                     "id2entry: entryrdn look up failed "
                                     "(rdn=%s, ID=%d)\n", rdn, id);
                     /* Try rdn as dn. Could be RUV. */
-                    dn = slapi_ch_strdup(rdn);
+                    normdn = slapi_ch_strdup(rdn);
                 }
-                sdn = slapi_sdn_new_dn_byval((const char *)dn);
+                sdn = slapi_sdn_new_normdn_byval((const char *)normdn);
                 bdn = backdn_init(sdn, id, 0);
                 if (CACHE_ADD( &inst->inst_dncache, bdn, NULL )) {
                     backdn_free(&bdn);
                     slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
-                                    "%s is already in the dn cache\n", dn);
+                                    "%s is already in the dn cache\n", normdn);
                 } else {
                     CACHE_RETURN(&inst->inst_dncache, &bdn);
                     slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
                                     "entryrdn_lookup_dn returned: %s, "
-                                    "and set to dn cache (id %d)\n", dn, id);
+                                    "and set to dn cache (id %d)\n", normdn, id);
                 }
             }
-            ee = slapi_str2entry_ext( (const char *)dn, data.dptr, 
+            ee = slapi_str2entry_ext( (const char *)normdn, data.dptr, 
                                       SLAPI_STR2ENTRY_NO_ENTRYDN );
             slapi_ch_free_string(&rdn);
-            slapi_ch_free_string(&dn);
+            slapi_ch_free_string(&normdn);
         }
     } else {
         ee = slapi_str2entry( data.dptr, 0 );

ldap/servers/slapd/back-ldbm/idl_common.c

@@ -133,7 +133,7 @@ idl_append_extend(IDList **orig_idl, ID id)
 	IDList *idl = *orig_idl;
 
 	if (idl == NULL) {
-		idl = idl_alloc(1);
+		idl = idl_alloc(32); /* used to be 0 */
 		idl_append(idl, id);
 
 		*orig_idl = idl;
@@ -151,9 +151,7 @@ idl_append_extend(IDList **orig_idl, ID id)
 		}
 		/* copy over the existing contents */
 		idl_new->b_nids = idl->b_nids;
-		for (x = 0; x < idl->b_nids;x++) {
-			idl_new->b_ids[x] = idl->b_ids[x];
-		}
+		memcpy(idl_new->b_ids, idl->b_ids, sizeof(ID) * idl->b_nids);
 		idl_free(idl);
 		idl = idl_new;
 	}

ldap/servers/slapd/back-ldbm/import-threads.c

@@ -521,6 +521,7 @@ import_producer(void *param)
         if (!(str2entry_flags & SLAPI_STR2ENTRY_INCLUDE_VERSION_STR) &&
             entryrdn_get_switch()) { /* subtree-rename: on */
             char *dn = NULL;
+            char *normdn = NULL;
             int rc = 0; /* estr should start with "dn: " or "dn:: " */
             if (strncmp(estr, "dn: ", 4) &&
                 NULL == strstr(estr, "\ndn: ") && /* in case comments precedes
@@ -541,8 +542,11 @@ import_producer(void *param)
                 FREE(estr);
                 continue;
             }
-            e = slapi_str2entry_ext(dn, estr, flags|SLAPI_STR2ENTRY_NO_ENTRYDN);
+            normdn = slapi_create_dn_string("%s", dn);
             slapi_ch_free_string(&dn);
+            e = slapi_str2entry_ext(normdn, estr, 
+                                    flags|SLAPI_STR2ENTRY_NO_ENTRYDN);
+            slapi_ch_free_string(&normdn);
         } else {
             e = slapi_str2entry(estr, flags);
         }
@@ -1038,16 +1042,16 @@ index_producer(void *param)
                     }
                 }
             } else {
-                char *dn = NULL;
+                char *normdn = NULL;
                 struct backdn *bdn = 
                                   dncache_find_id(&inst->inst_dncache, temp_id);
                 if (bdn) {
                     /* don't free dn */
-                    dn = (char *)slapi_sdn_get_dn(bdn->dn_sdn);
+                    normdn = (char *)slapi_sdn_get_dn(bdn->dn_sdn);
                     CACHE_RETURN(&inst->inst_dncache, &bdn);
                 } else {
                     Slapi_DN *sdn = NULL;
-                    rc = entryrdn_lookup_dn(be, rdn, temp_id, &dn, NULL);
+                    rc = entryrdn_lookup_dn(be, rdn, temp_id, &normdn, NULL);
                     if (rc) {
                         /* We cannot use the entryrdn index;
                          * Compose dn from the entries in id2entry */
@@ -1090,21 +1094,21 @@ index_producer(void *param)
                                 continue;
                             }
                         }
-                        dn = slapi_ch_smprintf("%s%s%s",
+                        normdn = slapi_ch_smprintf("%s%s%s",
                                                rdn, pdn?",":"", pdn?pdn:"");
                         slapi_ch_free_string(&pdn);
                     }
                     /* dn is not dup'ed in slapi_sdn_new_dn_byref.
                      * It's set to bdn and put in the dn cache. */
-                    sdn = slapi_sdn_new_dn_byref(dn);
+                    sdn = slapi_sdn_new_normdn_byref(normdn);
                     bdn = backdn_init(sdn, temp_id, 0);
                     CACHE_ADD( &inst->inst_dncache, bdn, NULL );
                     CACHE_RETURN(&inst->inst_dncache, &bdn);
                     slapi_log_error(SLAPI_LOG_CACHE, "ldbm2index",
                                     "entryrdn_lookup_dn returned: %s, "
-                                    "and set to dn cache\n", dn);
+                                    "and set to dn cache\n", normdn);
                 }
-                e = slapi_str2entry_ext(dn, data.dptr, 
+                e = slapi_str2entry_ext(normdn, data.dptr, 
                                         SLAPI_STR2ENTRY_NO_ENTRYDN);
                 slapi_ch_free_string(&rdn);
             }
@@ -1283,7 +1287,7 @@ upgradedn_producer(void *param)
     struct upgradedn_attr *ud_ptr = NULL;
     Slapi_Attr *ud_attr = NULL;
     char *ecopy = NULL;
-    char *dn = NULL;
+    const char *normdn = NULL;
 
     /* vars for Berkeley DB */
     DB_ENV *env = NULL;
@@ -1384,7 +1388,7 @@ upgradedn_producer(void *param)
         ecopy = (char *)slapi_ch_malloc(data.dsize + 1);
         memcpy(ecopy, data.dptr, data.dsize);
         *(ecopy + data.dsize) = '\0';
-        dn = NULL;
+        normdn = NULL;
         doit = 0;
         if (entryrdn_get_switch()) {
             char *rdn = NULL;
@@ -1400,10 +1404,11 @@ upgradedn_producer(void *param)
                                   dncache_find_id(&inst->inst_dncache, temp_id);
                 if (bdn) {
                     /* don't free dn */
-                    dn = (char *)slapi_sdn_get_dn(bdn->dn_sdn);
+                    normdn = (char *)slapi_sdn_get_dn(bdn->dn_sdn);
                     CACHE_RETURN(&inst->inst_dncache, &bdn);
                 } else {
-                    rc = entryrdn_lookup_dn(be, rdn, temp_id, &dn, NULL);
+                    rc = entryrdn_lookup_dn(be, rdn, temp_id,
+                                            (char **)&normdn, NULL);
                     if (rc) {
                         /* We cannot use the entryrdn index;
                          * Compose dn from the entries in id2entry */
@@ -1446,21 +1451,21 @@ upgradedn_producer(void *param)
                                 continue;
                             }
                         }
-                        dn = slapi_ch_smprintf("%s%s%s",
+                        normdn = slapi_ch_smprintf("%s%s%s",
                                                rdn, pdn?",":"", pdn?pdn:"");
                         slapi_ch_free_string(&pdn);
                     }
                     /* dn is not dup'ed in slapi_sdn_new_dn_byref.
                      * It's set to bdn and put in the dn cache. */
-                    sdn = slapi_sdn_new_dn_byref(dn);
+                    sdn = slapi_sdn_new_normdn_byref(normdn);
                     bdn = backdn_init(sdn, temp_id, 0);
                     CACHE_ADD( &inst->inst_dncache, bdn, NULL );
                     CACHE_RETURN(&inst->inst_dncache, &bdn);
                     slapi_log_error(SLAPI_LOG_CACHE, "ldbm2index",
                                     "entryrdn_lookup_dn returned: %s, "
-                                    "and set to dn cache\n", dn);
+                                    "and set to dn cache\n", normdn);
                 }
-                e = slapi_str2entry_ext(dn, data.dptr, 
+                e = slapi_str2entry_ext(normdn, data.dptr, 
                                         SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT);
                 slapi_ch_free_string(&rdn);
             }
@@ -1485,23 +1490,13 @@ upgradedn_producer(void *param)
          * SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT
          * -- normalize it with the new format
          */
-        if (!dn) {
-            get_value_from_string((const char *)ecopy, "dn", &dn);
+        if (!normdn) {
+            get_value_from_string((const char *)ecopy, "dn", (char **)&normdn);
         }
-        if (dn) {
-            char *dest = NULL;
-            size_t dest_len = 0;
-
-            rc = slapi_dn_normalize_ext(dn, strlen(dn), &dest, &dest_len);
-            if (rc > 0) {
-                slapi_ch_free_string(&dn);
-                dn = dest;
-            } else {
-                *(dn + dest_len) = '\0'; /* src is passed in; 
-                                             it's possible dn_len < dest_len */
-            }
+        if (normdn) {
             slapi_sdn_done(&(e->e_sdn));
-            slapi_sdn_init_dn_passin(&(e->e_sdn), dn);
+            slapi_sdn_init_dn_passin(&(e->e_sdn), normdn);
+            normdn = slapi_sdn_get_dn(&(e->e_sdn));
         }
 
         /* From here, e != NULL */
@@ -1559,7 +1554,7 @@ upgradedn_producer(void *param)
                 if (rc) {
                     LDAPDebug(LDAP_DEBUG_ANY, "%s: Failed to add rdn values "
                               "to an entry: %s (id %lu)\n",
-                              inst->inst_name, dn, (u_long)temp_id);
+                              inst->inst_name, normdn, (u_long)temp_id);
                     slapi_entry_free(e); e = NULL;
                     continue;
                 }
@@ -1636,7 +1631,7 @@ upgradedn_producer(void *param)
                                 LDAPDebug(LDAP_DEBUG_ANY,
                                           "%s: Failed to add rdn values "
                                           "to an entry: %s (id %lu)\n",
-                                          inst->inst_name, dn, (u_long)temp_id);
+                                          inst->inst_name, normdn, (u_long)temp_id);
                                 slapi_entry_free(e); e = NULL;
                                 continue;
                             }
@@ -2251,12 +2246,11 @@ import_foreman(void *param)
                 char *new_dn = NULL;
                 char *orig_dn = 
                       slapi_ch_strdup(slapi_entry_get_dn(fi->entry->ep_entry));
-                int rc = 0;
                 nsuniqueid = attrlist_find(fi->entry->ep_entry->e_attrs,
                                            "nsuniqueid");
                 if (nsuniqueid) {
                     Slapi_Value *uival = NULL;
-                    rc = slapi_attr_first_value(nsuniqueid, &uival);
+                    slapi_attr_first_value(nsuniqueid, &uival);
                     uuidstr = slapi_value_get_string(uival);
                 } else {
                     import_log_notice(job, "ERROR: Failed to get nsUniqueId "
@@ -3453,9 +3447,8 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info,
 {
     int rc = -1;
     struct backdn *bdn = NULL;
-    struct ldbminfo  *li = NULL;
     Slapi_Entry *e = NULL;
-    char *dn = NULL;
+    char *normdn = NULL;
 
     if (!entryrdn_get_switch()) { /* entryrdn specific function */
         return rc;
@@ -3466,7 +3459,6 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info,
                         NULL==inst?"inst":"srdn");
         return rc;
     }
-    li = inst->inst_li;
 
     /* first, try the dn cache */
     bdn = dncache_find_id(&inst->inst_dncache, id);
@@ -3563,8 +3555,8 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info,
             }
         }
 
-        dn = NULL;
-        rc = slapi_rdn_get_dn(&mysrdn, &dn);
+        normdn = NULL;
+        rc = slapi_rdn_get_dn(&mysrdn, &normdn);
         if (rc) {
             LDAPDebug2Args( LDAP_DEBUG_ANY,
                                 "import_get_and_add_parent_rdns: "
@@ -3572,7 +3564,7 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info,
                                 "from Slapi_RDN\n", rdn, id);
             goto bail;
         }
-        e = slapi_str2entry_ext(dn, data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN);
+        e = slapi_str2entry_ext(normdn, data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN);
         (*curr_entry)++;
         rc = index_set_entry_to_fifo(info, e, id, total_id, *curr_entry);
         if (rc) {

ldap/servers/slapd/back-ldbm/index.c

@@ -874,7 +874,7 @@ index_read_ext_allids(
 		(0 == PL_strcasecmp(basetype, LDBM_ENTRYDN_STR))) {
 		int rc = 0;
 		ID id = 0;
-		Slapi_DN sdn = {0};
+		Slapi_DN sdn;
 
 		/* We don't need these values... */
 		index_free_prefix( prefix );

ldap/servers/slapd/back-ldbm/instance.c

@@ -141,6 +141,7 @@ int ldbm_instance_create(backend *be, char *name)
     goto done;
 
 error:
+    slapi_ch_free_string(&inst->inst_name);
     slapi_ch_free((void**)&inst);
 
 done:

ldap/servers/slapd/back-ldbm/ldbm_add.c

@@ -79,7 +79,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 	backend *be;
 	struct ldbminfo *li;
 	ldbm_instance *inst;
-	char *dn = NULL;
+	const char *dn = NULL;
 	Slapi_Entry	*e = NULL;
 	struct backentry *tombstoneentry = NULL;
 	struct backentry *addingentry = NULL;
@@ -105,7 +105,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 	int addingentry_id_assigned= 0;
 	int addingentry_in_cache= 0;
 	int tombstone_in_cache= 0;
-	Slapi_DN sdn;
+	Slapi_DN *sdn = NULL;
 	Slapi_DN parentsdn;
 	Slapi_Operation *operation;
 	int dblock_acquired= 0;
@@ -134,7 +134,6 @@ ldbm_back_add( Slapi_PBlock *pb )
 	inst = (ldbm_instance *) be->be_instance_info;
 		
 	/* sdn & parentsdn need to be initialized before "goto *_return" */
-	slapi_sdn_init(&sdn);
 	slapi_sdn_init(&parentsdn);
 	
 	/* Get rid of ldbm backend attributes that you are not allowed to specify yourself */
@@ -195,17 +194,21 @@ ldbm_back_add( Slapi_PBlock *pb )
 		{
 			/* Check if an entry with the intended uniqueid already exists. */
 			done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY); /* Could be through this multiple times */
-			addr.dn = addr.udn = NULL;
+			addr.udn = NULL;
+			addr.sdn = NULL;
 			addr.uniqueid = (char*)slapi_entry_get_uniqueid(e); /* jcm -  cast away const */
 			ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_UNIQUEID_ENTRY, !is_replicated_operation);
 		}
 		if(slapi_isbitset_int(rc,SLAPI_RTN_BIT_FETCH_EXISTING_DN_ENTRY))
 		{
-			slapi_pblock_get( pb, SLAPI_ADD_TARGET, &dn );
-			if (NULL == dn)
+			slapi_pblock_get( pb, SLAPI_ADD_TARGET_SDN, &sdn );
+			if (NULL == sdn)
 			{
+				LDAPDebug0Args(LDAP_DEBUG_ANY,
+				               "ldbm_back_add: Null target dn\n");
 				goto error_return;
 			}
+			dn = slapi_sdn_get_dn(sdn);
 			ldap_result_code = slapi_dn_syntax_check(pb, dn, 1);
 			if (ldap_result_code)
 			{
@@ -213,11 +216,10 @@ ldbm_back_add( Slapi_PBlock *pb )
 				slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
 				goto error_return;
 			}
-			slapi_sdn_set_dn_byref(&sdn, dn);
-			slapi_sdn_get_backend_parent(&sdn,&parentsdn,pb->pb_backend);
+			slapi_sdn_get_backend_parent(sdn, &parentsdn, pb->pb_backend);
 			/* Check if an entry with the intended DN already exists. */
 			done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY); /* Could be through this multiple times */
-			addr.dn = dn;
+			addr.sdn = sdn;
 			addr.udn = NULL;
 			addr.uniqueid = NULL;
 			ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation);
@@ -233,7 +235,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 		   slapi_isbitset_int(rc,SLAPI_RTN_BIT_FETCH_PARENT_ENTRY))
 		{
 			done_with_pblock_entry(pb,SLAPI_ADD_PARENT_ENTRY); /* Could be through this multiple times */
-			addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); /* get_copy_of_entry assumes the DN is not normalized */
+			addr.sdn = &parentsdn;
 			addr.udn = NULL;
 			addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
 			ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_PARENT_ENTRY, !is_replicated_operation);
@@ -273,7 +275,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 	 */
 	if(have_parent_address(&parentsdn, operation->o_params.p.p_add.parentuniqueid))
 	{
-		addr.dn = (char*)slapi_sdn_get_dn (&parentsdn);
+		addr.sdn = &parentsdn;
 		addr.udn = NULL;
 		addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
 		parententry = find_entry2modify_only(pb,be,&addr,&txn);
@@ -311,10 +313,11 @@ ldbm_back_add( Slapi_PBlock *pb )
 			if ( !managedsait && !is_tombstone_operation )
 			{
 				int err= 0;
-				Slapi_DN ancestordn= {0};
+				Slapi_DN ancestorsdn;
 				struct backentry *ancestorentry;
-				ancestorentry= dn2ancestor(pb->pb_backend,&sdn,&ancestordn,&txn,&err);
-				slapi_sdn_done(&ancestordn);
+				slapi_sdn_init(&ancestorsdn);
+				ancestorentry= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,&txn,&err);
+				slapi_sdn_done(&ancestorsdn);
 				if ( ancestorentry != NULL )
 				{
 					int sentreferral= check_entry_for_referral(pb, ancestorentry->ep_entry, backentry_get_ndn(ancestorentry), "ldbm_back_add");
@@ -355,7 +358,8 @@ ldbm_back_add( Slapi_PBlock *pb )
 		 * When we resurect a tombstone we must use its UniqueID
 		 * to find the tombstone entry and lock it down in the cache.
 		 */
-		addr.dn = addr.udn = NULL;
+		addr.udn = NULL;
+		addr.sdn = NULL;
 		addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
 		tombstoneentry = find_entry2modify( pb, be, &addr, &txn );
 		if ( tombstoneentry==NULL )
@@ -368,7 +372,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 		addingentry = backentry_dup( tombstoneentry );
 		if ( addingentry==NULL )
 		{
-		   	ldap_result_code= LDAP_OPERATIONS_ERROR;
+			ldap_result_code= LDAP_OPERATIONS_ERROR;
 			goto error_return;
 		}
 		/*
@@ -378,9 +382,12 @@ ldbm_back_add( Slapi_PBlock *pb )
 		 * The entry comes back to life as a Glue entry, so we add the
 		 * magic objectclass.
 		 */
-		slapi_pblock_get( pb, SLAPI_ADD_TARGET, &dn );
-		slapi_sdn_set_dn_byref(&sdn, dn);
-		slapi_entry_set_dn(addingentry->ep_entry, slapi_ch_strdup(dn)); /* The DN is passed into the entry. */
+		if (NULL == sdn) {
+			LDAPDebug0Args(LDAP_DEBUG_ANY, "ldbm_back_add: Null target dn\n");
+			goto error_return;
+		}
+		dn = slapi_sdn_get_dn(sdn);
+		slapi_entry_set_sdn(addingentry->ep_entry, sdn); /* The DN is passed into the entry. */
 		/* LPREPL: the DN is normalized...Somehow who should get a not normalized one */
 		addingentry->ep_id = slapi_entry_attr_get_ulong(addingentry->ep_entry,"entryid");
 		slapi_entry_attr_delete(addingentry->ep_entry, SLAPI_ATTR_VALUE_PARENT_UNIQUEID);
@@ -541,19 +548,20 @@ ldbm_back_add( Slapi_PBlock *pb )
 		{
 			/* Here means that we didn't find the parent */
 			int err = 0;
-			Slapi_DN ancestordn= {0};
+			Slapi_DN ancestorsdn;
 			struct backentry *ancestorentry;
 
 			LDAPDebug( LDAP_DEBUG_TRACE,
 				"parent does not exist, pdn = %s\n",
 				slapi_sdn_get_dn(&parentsdn), 0, 0 );
 
-			ancestorentry = dn2ancestor(be, &parentsdn, &ancestordn, &txn, &err );
+			slapi_sdn_init(&ancestorsdn);
+			ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err );
 			CACHE_RETURN( &inst->inst_cache, &ancestorentry );
 
 			ldap_result_code= LDAP_NO_SUCH_OBJECT;
-			ldap_result_matcheddn= slapi_ch_strdup((char *)slapi_sdn_get_dn(&ancestordn)); /* jcm - cast away const. */
-			slapi_sdn_done(&ancestordn);
+			ldap_result_matcheddn= slapi_ch_strdup((char *)slapi_sdn_get_dn(&ancestorsdn)); /* jcm - cast away const. */
+			slapi_sdn_done(&ancestorsdn);
 			goto error_return;
 		}
 		ldap_result_code = plugin_call_acl_plugin (pb, e, NULL, NULL, SLAPI_ACL_ADD, 
@@ -742,7 +750,11 @@ ldbm_back_add( Slapi_PBlock *pb )
 				}
 				goto error_return; 
 			}
-			retval = index_addordel_string(be,SLAPI_ATTR_NSCP_ENTRYDN,slapi_sdn_get_ndn(&sdn),addingentry->ep_id,BE_INDEX_DEL,&txn);
+			retval = index_addordel_string(be,
+			                               SLAPI_ATTR_NSCP_ENTRYDN,
+			                               slapi_sdn_get_ndn(sdn),
+			                               addingentry->ep_id,
+			                               BE_INDEX_DEL, &txn);
 			if (DB_LOCK_DEADLOCK == retval) {
 				LDAPDebug( LDAP_DEBUG_ARGS, "add 4 DB_LOCK_DEADLOCK\n", 0, 0, 0 );
 				/* Retry txn */
@@ -1011,7 +1023,6 @@ common_return:
 	{
 		slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL );
 	}
-	slapi_sdn_done(&sdn);
 	slapi_sdn_done(&parentsdn);
 	slapi_ch_free( (void**)&ldap_result_matcheddn );
 	slapi_ch_free( (void**)&errbuf );

ldap/servers/slapd/back-ldbm/ldbm_config.c

@@ -1344,20 +1344,21 @@ void ldbm_config_setup_default(struct ldbminfo *li)
     }
 }
 
-void
+int
 ldbm_config_read_instance_entries(struct ldbminfo *li, const char *backend_type)
 {
     Slapi_PBlock *tmp_pb;
     Slapi_Entry **entries = NULL;
     char *basedn = NULL;
+    int rc = 0;
 
     /* Construct the base dn of the subtree that holds the instance entries. */
     basedn = slapi_create_dn_string("cn=%s,cn=plugins,cn=config", backend_type);
     if (NULL == basedn) {
         LDAPDebug1Arg(LDAP_DEBUG_ANY,
                       "ldbm_config_read_instance_entries: "
-                      "failed create backend dn for %s\n", backend_type);
-        return;
+                      "failed to create backend dn for %s\n", backend_type);
+        return 1;
     }
 
     /* Do a search of the subtree containing the instance entries */
@@ -1368,13 +1369,24 @@ ldbm_config_read_instance_entries(struct ldbminfo *li, const char *backend_type)
     if (entries!=NULL) {
         int i;
         for (i=0; entries[i]!=NULL; i++) {
-            ldbm_instance_add_instance_entry_callback(NULL, entries[i], NULL, NULL, NULL, li);
+            rc = ldbm_instance_add_instance_entry_callback(NULL,
+                                             entries[i], NULL, NULL, NULL, li);
+            if (SLAPI_DSE_CALLBACK_ERROR == rc) {
+                LDAPDebug1Arg(LDAP_DEBUG_ANY,
+                      "ldbm_config_read_instance_entries: "
+                      "failed to add instance entry %s\n", 
+                      slapi_entry_get_dn_const(entries[i]));
+                break;
+            }
+            rc = 0;
         }
     }
 
     slapi_free_search_results_internal(tmp_pb);
     slapi_pblock_destroy(tmp_pb);
     slapi_ch_free_string(&basedn);
+
+    return rc;
 }
 
 /* Reads in any config information held in the dse for the ldbm plugin.  
@@ -1453,7 +1465,13 @@ int ldbm_config_load_dse_info(struct ldbminfo *li)
     
     /* Find all the instance entries and create a Slapi_Backend and an
      * ldbm_instance for each */
-    ldbm_config_read_instance_entries(li, li->li_plugin->plg_name);
+    rval = ldbm_config_read_instance_entries(li, li->li_plugin->plg_name);
+    if (rval) {
+        LDAPDebug0Args(LDAP_DEBUG_ANY,
+                       "ldbm_config_load_dse_info: "
+                       "failed to read instance entries\n");
+        goto bail;
+    }
 
     /* setup the dse callback functions for the ldbm backend config entry */
     slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
@@ -1473,7 +1491,7 @@ int ldbm_config_load_dse_info(struct ldbminfo *li)
     if (NULL == dn) {
         LDAPDebug1Arg(LDAP_DEBUG_ANY,
                       "ldbm_config_load_dse_info: "
-                      "failed create monitor dn for %s\n",
+                      "failed to create monitor dn for %s\n",
                       li->li_plugin->plg_name); 
         rval = 1;
         goto bail;

ldap/servers/slapd/back-ldbm/ldbm_delete.c

@@ -76,6 +76,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
 	int ldap_result_code= LDAP_SUCCESS;
 	char *ldap_result_message= NULL;
 	Slapi_DN sdn;
+	Slapi_DN *sdnp = NULL;
 	char *e_uniqueid = NULL;
 	Slapi_DN *nscpEntrySDN = NULL;
 	int dblock_acquired= 0;
@@ -97,13 +98,13 @@ ldbm_back_delete( Slapi_PBlock *pb )
 
 	slapi_pblock_get( pb, SLAPI_BACKEND, &be);
 	slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
-	slapi_pblock_get( pb, SLAPI_DELETE_TARGET, &dn );
+	slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdnp );
 	slapi_pblock_get( pb, SLAPI_TARGET_ADDRESS, &addr);
 	slapi_pblock_get( pb, SLAPI_TXN, (void**)&parent_txn );
 	slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
 	slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
 	
-	/* sdn & parentsdn need to be initialized before "goto *_return */
+	/* sdn needs to be initialized before "goto *_return */
 	slapi_sdn_init(&sdn);
 
 	/* dblayer_txn_init needs to be called before "goto error_return" */
@@ -122,7 +123,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
 		/* retval is -1 */
 		goto error_return;
 	}
-	ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1);
+	ldap_result_code = slapi_dn_syntax_check(pb, slapi_sdn_get_dn(sdnp), 1);
 	if (ldap_result_code)
 	{
 		ldap_result_code = LDAP_INVALID_DN_SYNTAX;
@@ -137,7 +138,10 @@ ldbm_back_delete( Slapi_PBlock *pb )
 	
 	inst = (ldbm_instance *) be->be_instance_info;
 
-	slapi_sdn_init_dn_byref(&sdn,dn);
+	if (NULL == sdnp) {
+		slapi_sdn_init_normdn_byref(&sdn, dn);
+		sdnp = &sdn;
+	}
 
 	/* The dblock serializes writes to the database,
 	 * which reduces deadlocking in the db code,
@@ -318,13 +322,13 @@ ldbm_back_delete( Slapi_PBlock *pb )
 	    Slapi_DN parentsdn;
 
 		slapi_sdn_init(&parentsdn);
-		slapi_sdn_get_backend_parent(&sdn,&parentsdn,pb->pb_backend);
+		slapi_sdn_get_backend_parent(sdnp, &parentsdn, pb->pb_backend);
     	if ( !slapi_sdn_isempty(&parentsdn) )
 		{
     		struct backentry *parent = NULL;
 			entry_address parent_addr;
 
-			parent_addr.dn = (char*)slapi_sdn_get_dn (&parentsdn);
+			parent_addr.sdn = &parentsdn;
 			parent_addr.uniqueid = NULL;
     		parent = find_entry2modify_only(pb,be,&parent_addr,&txn);
     		if (NULL != parent) {

ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c

@@ -445,7 +445,7 @@ entryrdn_rename_subtree(backend *be,
         slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
                 "entryrdn_rename_subtree: Param error: Empty %s\n",
                 NULL==be?"backend":NULL==oldsdn?"old dn":
-                (NULL==mynewsrdn&&NULL==mynewsupsdn)?"new dn and new superior":
+                (NULL==newsrdn&&NULL==newsupsdn)?"new dn and new superior":
                 0==id?"id":"unknown");
         goto bail;
     }
@@ -1015,7 +1015,6 @@ entryrdn_lookup_dn(backend *be,
     char *nrdn = NULL;
     size_t nrdn_len = 0;
     ID workid = id; /* starting from the given id */
-    ID previd = id;
     rdn_elem *elem = NULL;
     int maybesuffix = 0;
 
@@ -1111,7 +1110,6 @@ retry_get1:
         }
     
         /* Iterate over the duplicates to get the direct child's ID */
-        previd = workid;
         workid = 0;
         if (maybesuffix) {
             /* it is a suffix, indeed.  done. */

ldap/servers/slapd/back-ldbm/ldbm_instance_config.c

@@ -773,8 +773,8 @@ ldbm_instance_modify_config_entry_callback(Slapi_PBlock *pb, Slapi_Entry* entryB
             if (strcasecmp(attr_name, CONFIG_INSTANCE_SUFFIX) == 0) {
                 /* naughty naughty, we don't allow this */
                 rc = LDAP_UNWILLING_TO_PERFORM;
-		PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-			"Can't change the root suffix of a backend");
+                PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+                            "Can't change the root suffix of a backend");
                 LDAPDebug(LDAP_DEBUG_ANY,
                           "ldbm: modify attempted to change the root suffix "
                           "of a backend (which is not allowed)\n",
@@ -841,10 +841,13 @@ static int ldbm_instance_generate(struct ldbminfo *li, char *instance_name,
     new_be = slapi_be_new(LDBM_DATABASE_TYPE_NAME /* type */, instance_name, 
                           0 /* public */, 1 /* do log changes */);
     new_be->be_database = li->li_plugin;
-    ldbm_instance_create(new_be, instance_name);
+    rc = ldbm_instance_create(new_be, instance_name);
+    if (rc) {
+        goto bail;
+    }
 
     ldbm_instance_config_load_dse_info(new_be->be_instance_info);
-    rc = ldbm_instance_create_default_indexes(new_be);
+    ldbm_instance_create_default_indexes(new_be);
 
     /* if USN plugin is enabled, set slapi_counter */
     if (plugin_enabled("USN", li->li_identity) && ldbm_back_isinitialized()) {
@@ -867,7 +870,7 @@ static int ldbm_instance_generate(struct ldbminfo *li, char *instance_name,
     if (ret_be != NULL) {
         *ret_be = new_be;
     }
-
+bail:
     return rc;
 }
 
@@ -881,7 +884,13 @@ ldbm_instance_postadd_instance_entry_callback(Slapi_PBlock *pb, Slapi_Entry* ent
     int rval = 0;
 
     parse_ldbm_instance_entry(entryBefore, &instance_name);
-    ldbm_instance_generate(li, instance_name, &be);
+    rval = ldbm_instance_generate(li, instance_name, &be);
+    if (rval) {
+        LDAPDebug(LDAP_DEBUG_ANY,
+            "ldbm_instance_postadd_instance_entry_callback: "
+            "ldbm_instance_generate (%s) failed (%d)\n",
+            instance_name, rval, 0);
+    }
 
     inst = ldbm_instance_find_by_name(li, instance_name);
 

ldap/servers/slapd/back-ldbm/ldbm_modify.c

@@ -244,7 +244,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
 	{
 		goto error_return;
 	}
-	ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1);
+	ldap_result_code = slapi_dn_syntax_check(pb, slapi_sdn_get_dn(addr->sdn), 1);
 	if (ldap_result_code)
 	{
 		ldap_result_code = LDAP_INVALID_DN_SYNTAX;

ldap/servers/slapd/back-ldbm/ldbm_modrdn.c

@@ -90,10 +90,10 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     IDList *children= NULL;
     struct backentry **child_entries = NULL;
     struct backdn **child_dns = NULL;
-    Slapi_DN dn_olddn = {0};
-    Slapi_DN dn_newdn = {0};
-    Slapi_DN dn_newrdn = {0};
-    Slapi_DN dn_newsuperiordn = {0};
+    Slapi_DN *sdn = NULL;
+    Slapi_DN dn_newdn;
+    Slapi_DN dn_newrdn;
+    Slapi_DN *dn_newsuperiordn = NULL;
     Slapi_DN dn_parentdn;
     int rc;
     int isroot;
@@ -109,15 +109,15 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     entry_address *old_addr;
     entry_address oldparent_addr;
     entry_address *newsuperior_addr;
-    char *dn;
     char ebuf[BUFSIZ];
     CSN *opcsn = NULL;
 
     /* sdn & parentsdn need to be initialized before "goto *_return" */
     slapi_sdn_init(&dn_newdn);
+    slapi_sdn_init(&dn_newrdn);
     slapi_sdn_init(&dn_parentdn);
     
-    slapi_pblock_get( pb, SLAPI_MODRDN_TARGET, &dn );
+    slapi_pblock_get( pb, SLAPI_MODRDN_TARGET_SDN, &sdn );
     slapi_pblock_get( pb, SLAPI_BACKEND, &be);
     slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
     slapi_pblock_get( pb, SLAPI_TXN, (void**)&parent_txn );
@@ -127,6 +127,12 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
     is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
 
+    if (NULL == sdn) {
+        slapi_send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL,
+                                "Null target DN", 0, NULL );
+        return( -1 );
+    } 
+
     /* dblayer_txn_init needs to be called before "goto error_return" */
     dblayer_txn_init(li,&txn);
     /* the calls to search for entries require the parent txn if any
@@ -140,23 +146,21 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
 
     inst = (ldbm_instance *) be->be_instance_info;
     {
-        char *newrdn, *newsuperiordn;
+        char *newrdn/* , *newsuperiordn */;
         slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn );
-        slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &newsuperiordn );
-        slapi_sdn_init_dn_byref(&dn_olddn,dn);
-        slapi_sdn_init_dn_byref(&dn_newrdn,newrdn);
-        slapi_sdn_init_dn_byref(&dn_newsuperiordn,newsuperiordn);
-        slapi_sdn_get_parent(&dn_olddn,&dn_parentdn);
+        slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &dn_newsuperiordn );
+        slapi_sdn_init_normdn_byref(&dn_newrdn, newrdn);
+        /* slapi_sdn_init_normdn_byref(&dn_newsuperiordn, newsuperiordn); */
+        slapi_sdn_get_parent(sdn, &dn_parentdn);
     }
     
     /* if old and new superior are equals, newsuperior should not be set
      * Here we have to reset newsuperiordn in order to save processing and 
      * avoid later deadlock when trying to fetch twice the same entry
      */
-    if (slapi_sdn_compare(&dn_newsuperiordn, &dn_parentdn) == 0)
+    if (slapi_sdn_compare(dn_newsuperiordn, &dn_parentdn) == 0)
     {
-        slapi_sdn_done(&dn_newsuperiordn);
-        slapi_sdn_init_dn_byref(&dn_newsuperiordn,NULL);
+        slapi_sdn_done(dn_newsuperiordn);
     }
 
     /* 
@@ -164,7 +168,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
      * Replicated Operations are allowed to change the superior
      */
     if ( !entryrdn_get_switch() &&
-         (!is_replicated_operation && !slapi_sdn_isempty(&dn_newsuperiordn))) 
+         (!is_replicated_operation && !slapi_sdn_isempty(dn_newsuperiordn))) 
     {
         slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
                       "server does not support moving of entries", 0, NULL );
@@ -213,14 +217,15 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
 
             /* see if an entry with the new name already exists */
             done_with_pblock_entry(pb,SLAPI_MODRDN_EXISTING_ENTRY); /* Could be through this multiple times */
-            slapi_sdn_done(&dn_newrdn);
             slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &newrdn);
-            slapi_sdn_init_dn_byref(&dn_newrdn,newrdn);
-            newdn= moddn_get_newdn(pb,&dn_olddn,&dn_newrdn,&dn_newsuperiordn);
+            slapi_sdn_init_normdn_byref(&dn_newrdn, newrdn);
+            newdn= moddn_get_newdn(pb,sdn, &dn_newrdn, dn_newsuperiordn);
             slapi_sdn_set_dn_passin(&dn_newdn,newdn);
-            new_addr.dn = (char*)slapi_sdn_get_ndn (&dn_newdn);
+            new_addr.sdn = &dn_newdn;
+            new_addr.udn = NULL;
             /* check dn syntax on newdn */
-            ldap_result_code = slapi_dn_syntax_check(pb, new_addr.dn, 1);
+            ldap_result_code = slapi_dn_syntax_check(pb,
+                                           (char *)slapi_sdn_get_ndn(&dn_newdn), 1);
             if (ldap_result_code)
             {
                 ldap_result_code = LDAP_INVALID_DN_SYNTAX;
@@ -241,23 +246,22 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         {
             /* find and lock the old parent entry */
             done_with_pblock_entry(pb,SLAPI_MODRDN_PARENT_ENTRY); /* Could be through this multiple times */
-            oldparent_addr.dn = (char*)slapi_sdn_get_ndn (&dn_parentdn);
+            oldparent_addr.sdn = &dn_parentdn;
             oldparent_addr.uniqueid = NULL;            
             ldap_result_code= get_copy_of_entry(pb, &oldparent_addr, &txn, SLAPI_MODRDN_PARENT_ENTRY, !is_replicated_operation);
         }
 
         /* <new superior> */
-        if(slapi_sdn_get_ndn(&dn_newsuperiordn)!=NULL &&
+        if(slapi_sdn_get_ndn(dn_newsuperiordn)!=NULL &&
            slapi_isbitset_int(rc,SLAPI_RTN_BIT_FETCH_NEWPARENT_ENTRY))
         {
             /* find and lock the new parent entry */
             done_with_pblock_entry(pb,SLAPI_MODRDN_NEWPARENT_ENTRY); /* Could be through this multiple times */
             /* Check that this really is a new superior, 
              * and not the same old one. Compare parentdn & newsuperior */
-            if (slapi_sdn_compare(&dn_newsuperiordn, &dn_parentdn) == 0)
+            if (slapi_sdn_compare(dn_newsuperiordn, &dn_parentdn) == 0)
             {
-                slapi_sdn_done(&dn_newsuperiordn);
-                slapi_sdn_init_dn_byref(&dn_newsuperiordn,NULL);
+                slapi_sdn_done(dn_newsuperiordn);
             }
             else
             {
@@ -271,7 +275,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
                 }
                 else
                 {
-                    my_addr.dn = (char *)slapi_sdn_get_ndn (&dn_newsuperiordn);
+                    my_addr.sdn = dn_newsuperiordn;
                     my_addr.uniqueid = NULL;
                     newsuperior_addr = &my_addr;
                 }
@@ -329,7 +333,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         if((entry != NULL) && 
             /* allow modrdn even if the src dn and dest dn are identical */
            (0 != slapi_sdn_compare((const Slapi_DN *)&dn_newdn,
-                                   (const Slapi_DN *)&dn_olddn)))
+                                   (const Slapi_DN *)sdn)))
         {
             ldap_result_code= LDAP_ALREADY_EXISTS;
             goto error_return;
@@ -337,13 +341,13 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     }
 
     /* Fetch and lock the parent of the entry that is moving */
-    oldparent_addr.dn = (char*)slapi_sdn_get_dn (&dn_parentdn);
+    oldparent_addr.sdn = &dn_parentdn;
     oldparent_addr.uniqueid = NULL;            
     parententry = find_entry2modify_only( pb, be, &oldparent_addr, &txn );
     modify_init(&parent_modify_context,parententry);
 
     /* Fetch and lock the new parent of the entry that is moving */            
-    if(slapi_sdn_get_ndn(&dn_newsuperiordn)!=NULL)
+    if(slapi_sdn_get_ndn(dn_newsuperiordn) != NULL)
     {
         slapi_pblock_get (pb, SLAPI_MODRDN_NEWSUPERIOR_ADDRESS, &newsuperior_addr);
         newparententry = find_entry2modify_only( pb, be, newsuperior_addr, &txn );
@@ -376,37 +380,46 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
      * instead.  Otherwise, a ModRDN operation will potentially change an
      * entry's entire DN (at least with respect to case and spacing).
      */
-    slapi_sdn_copy( slapi_entry_get_sdn_const( e->ep_entry ), &dn_olddn );
+    slapi_sdn_copy( slapi_entry_get_sdn_const( e->ep_entry ), sdn );
+    slapi_pblock_set( pb, SLAPI_MODRDN_TARGET_SDN, sdn );
     if (newparententry != NULL) {
         /* don't forget we also want to preserve case of new superior */
-        slapi_sdn_copy(slapi_entry_get_sdn_const(newparententry->ep_entry), &dn_newsuperiordn);
+        if (NULL == dn_newsuperiordn) {
+            dn_newsuperiordn = slapi_sdn_dup(
+                           slapi_entry_get_sdn_const(newparententry->ep_entry));
+        } else {
+            slapi_sdn_copy(slapi_entry_get_sdn_const(newparententry->ep_entry),
+                           dn_newsuperiordn);
+        }
+        slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, dn_newsuperiordn );
     }
     slapi_sdn_set_dn_passin(&dn_newdn,
-            moddn_get_newdn(pb, &dn_olddn, &dn_newrdn, &dn_newsuperiordn));
+                        moddn_get_newdn(pb, sdn, &dn_newrdn, dn_newsuperiordn));
 
     /* Check that we're allowed to add an entry below the new superior */
     if ( newparententry == NULL )
     {
         /* There may not be a new parent because we don't intend there to be one. */
-        if(slapi_sdn_get_ndn(&dn_newsuperiordn)!=NULL)
+        if(slapi_sdn_get_ndn(dn_newsuperiordn)!=NULL)
         {
             /* If the new entry is to be a suffix, and we're root, then it's OK that the new parent doesn't exist */
-            if(!(slapi_dn_isbesuffix(pb,slapi_sdn_get_ndn(&dn_newdn)) && isroot))
+            if (!(slapi_be_issuffix(pb->pb_backend, &dn_newdn)) && isroot)
             {
                 /* Here means that we didn't find the parent */
                 int err = 0;
-                Slapi_DN ancestordn = {0};
+                Slapi_DN ancestorsdn;
                 struct backentry *ancestorentry;
-                ancestorentry= dn2ancestor(be,&dn_newdn,&ancestordn,&txn,&err);
+				slapi_sdn_init(&ancestorsdn);
+                ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err);
                 CACHE_RETURN( &inst->inst_cache, &ancestorentry );
-                ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestordn));
+                ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn));
                 ldap_result_code= LDAP_NO_SUCH_OBJECT;
                 LDAPDebug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: New superior "
                             "does not exist matched %s, newsuperior = %s\n", 
                             ldap_result_matcheddn == NULL ? "NULL" :
                             ldap_result_matcheddn,
-                            slapi_sdn_get_ndn(&dn_newsuperiordn), 0 );
-                slapi_sdn_done(&ancestordn);
+                            slapi_sdn_get_ndn(dn_newsuperiordn), 0 );
+                slapi_sdn_done(&ancestorsdn);
                 goto error_return;
                }
         }
@@ -426,7 +439,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     if ( parententry == NULL )
     {
         /* If the entry a suffix, and we're root, then it's OK that the parent doesn't exist */
-        if(!(slapi_dn_isbesuffix(pb,slapi_sdn_get_ndn(&dn_olddn)) && isroot))
+        if (!(slapi_be_issuffix(pb->pb_backend, sdn)) && isroot)
         {
             /* Here means that we didn't find the parent */
             ldap_result_matcheddn = "NULL";
@@ -485,7 +498,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     if (( cache_add_tentative( &inst->inst_cache, ec, NULL ) != 0 ) &&
         /* allow modrdn even if the src dn and dest dn are identical */
         ( 0 != slapi_sdn_compare((const Slapi_DN *)&dn_newdn,
-                                 (const Slapi_DN *)&dn_olddn)) )
+                                 (const Slapi_DN *)sdn)) )
     {
         /* somebody must've created it between dn2entry() and here */
         /* JCMREPL - Hmm... we can't permit this to happen...? */
@@ -498,7 +511,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     {
         slapi_mods_init(&smods_generated,4);
         slapi_mods_init(&smods_generated_wsi,4);
-        ldap_result_code = moddn_newrdn_mods(pb, slapi_sdn_get_ndn(&dn_olddn),
+        ldap_result_code = moddn_newrdn_mods(pb, slapi_sdn_get_ndn(sdn),
                             ec, &smods_generated_wsi, is_replicated_operation);
         if (ldap_result_code != LDAP_SUCCESS) {
             if (ldap_result_code == LDAP_UNWILLING_TO_PERFORM)
@@ -519,7 +532,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         /*
          * Update parentid if we have a new superior.
          */
-        if(slapi_sdn_get_dn(&dn_newsuperiordn)!=NULL) {
+        if(slapi_sdn_get_dn(dn_newsuperiordn)!=NULL) {
             char buf[40]; /* Enough for an ID */
             
             if (parententry != NULL) {
@@ -619,7 +632,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
      * If the entry has a new superior then the subordinate count
      * of the parents must be updated.
      */    
-    if(slapi_sdn_get_dn(&dn_newsuperiordn)!=NULL)
+    if(slapi_sdn_get_dn(dn_newsuperiordn)!=NULL)
     {
         /* 
          * Update the subordinate count of the parents to reflect the moved child.
@@ -652,12 +665,12 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         /* JCM - This is where the subtree lock will appear */
         if (entryrdn_get_switch()) /* subtree-rename: on */
         {
-            children = moddn_get_children(&txn, pb, be, e, &dn_olddn,
+            children = moddn_get_children(&txn, pb, be, e, sdn,
                                           &child_entries, &child_dns);
         }
         else
         {
-            children = moddn_get_children(&txn, pb, be, e, &dn_olddn,
+            children = moddn_get_children(&txn, pb, be, e, sdn,
                                           &child_entries, NULL);
         }
 
@@ -781,7 +794,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
                 }
             }
         }
-        if (slapi_sdn_get_dn(&dn_newsuperiordn)!=NULL)
+        if (slapi_sdn_get_dn(dn_newsuperiordn)!=NULL)
         {
             /* Push out the db modifications from the parent entry */
             retval = modify_update_all(be, pb, &parent_modify_context, &txn);
@@ -826,8 +839,8 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         /*
          * Update ancestorid index.
          */
-        if (slapi_sdn_get_dn(&dn_newsuperiordn)!=NULL) {
-            retval = ldbm_ancestorid_move_subtree(be, &dn_olddn, &dn_newdn, e->ep_id, children, &txn);
+        if (slapi_sdn_get_dn(dn_newsuperiordn)!=NULL) {
+            retval = ldbm_ancestorid_move_subtree(be, sdn, &dn_newdn, e->ep_id, children, &txn);
             if (retval != 0) {
                 if (retval == DB_LOCK_DEADLOCK) continue;
                 if (retval == DB_RUNRECOVERY || LDBM_OS_ERR_IS_DISKFULL(retval))
@@ -844,9 +857,8 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         {
             Slapi_RDN newsrdn;
             slapi_rdn_init_sdn(&newsrdn, (const Slapi_DN *)&dn_newdn);
-            rc = entryrdn_rename_subtree(be,
-                                         (const Slapi_DN *)&dn_olddn, &newsrdn,
-                                         (const Slapi_DN *)&dn_newsuperiordn,
+            rc = entryrdn_rename_subtree(be, (const Slapi_DN *)sdn, &newsrdn,
+                                         (const Slapi_DN *)dn_newsuperiordn,
                                          e->ep_id, &txn);
             slapi_rdn_done(&newsrdn);
             if (rc) {
@@ -861,7 +873,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
          */
         if (!entryrdn_get_switch() && children) /* subtree-rename: off */
         {
-            retval= moddn_rename_children(&txn, pb, be, children, &dn_olddn,
+            retval= moddn_rename_children(&txn, pb, be, children, sdn,
                                          &dn_newdn, child_entries);
         }
         if (DB_LOCK_DEADLOCK == retval)
@@ -1100,10 +1112,8 @@ common_return:
     if (ldap_result_matcheddn && 0 != strcmp(ldap_result_matcheddn, "NULL"))
         slapi_ch_free((void**)&ldap_result_matcheddn);
     idl_free(children);
-    slapi_sdn_done(&dn_olddn);
     slapi_sdn_done(&dn_newdn);
     slapi_sdn_done(&dn_newrdn);
-    slapi_sdn_done(&dn_newsuperiordn);
     slapi_sdn_done(&dn_parentdn);
     modify_term(&parent_modify_context,be);
     modify_term(&newparent_modify_context,be);
@@ -1118,7 +1128,8 @@ common_return:
     slapi_ch_free((void**)&errbuf);
     if (retval == 0 && opcsn != NULL && !is_fixup_operation)
     {
-        slapi_pblock_set(pb, SLAPI_URP_NAMING_COLLISION_DN, slapi_ch_strdup (dn));
+        slapi_pblock_set(pb, SLAPI_URP_NAMING_COLLISION_DN, 
+                         slapi_ch_strdup(slapi_sdn_get_dn(sdn)));
     }
     if (pb->pb_conn)
     {

ldap/servers/slapd/back-ldbm/ldbm_search.c

@@ -159,7 +159,6 @@ ldbm_back_search_cleanup(Slapi_PBlock *pb,
                          int ldap_result,
                          char* ldap_result_description,
                          int function_result,
-                         Slapi_DN *sdn,
                          struct vlv_request *vlv_request_control,
                          struct backentry *e)
 {
@@ -192,7 +191,6 @@ ldbm_back_search_cleanup(Slapi_PBlock *pb,
             delete_search_result_set(&sr);
         }
     }
-    slapi_sdn_done(sdn);
     if (vlv_request_control)
     {
         berval_done(&vlv_request_control->value);
@@ -218,8 +216,8 @@ ldbm_back_search( Slapi_PBlock *pb )
     struct ldbminfo *li;
     struct backentry *e;
     IDList *candidates= NULL;
-    char *base;
-    Slapi_DN basesdn;
+    const char *base;
+    Slapi_DN *basesdn = NULL;
     int scope;
     LDAPControl **controls = NULL;
     Slapi_Operation *operation;
@@ -254,7 +252,7 @@ ldbm_back_search( Slapi_PBlock *pb )
     slapi_pblock_get( pb, SLAPI_BACKEND, &be );
     slapi_pblock_get( pb, SLAPI_OPERATION, &operation);
     slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
-    slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &base );
+    slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &basesdn );
     slapi_pblock_get( pb, SLAPI_TARGET_ADDRESS, &addr);
     slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
     slapi_pblock_get( pb, SLAPI_REQCONTROLS, &controls );
@@ -263,7 +261,13 @@ ldbm_back_search( Slapi_PBlock *pb )
 
     inst = (ldbm_instance *) be->be_instance_info;
 
-    slapi_sdn_init_dn_ndn_byref(&basesdn,base);  /* normalized by front end*/
+    if (NULL == basesdn) {
+        slapi_send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL,
+                               "Null target DN", 0, NULL );
+        return( -1 );
+    }
+    base = slapi_sdn_get_dn(basesdn);
+
     /* Initialize the result set structure here because we need to use it during search processing */
     /* Beware that if we exit this routine sideways, we might leak this structure */
     sr = new_search_result_set( NULL, 0, 
@@ -285,8 +289,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 /* Badly formed SORT control */
                 return ldbm_back_search_cleanup(pb, li, sort_control, 
                                 LDAP_PROTOCOL_ERROR, "Sort Control", 
-                                SLAPI_FAIL_GENERAL, &basesdn, 
-                                NULL, NULL);
+                                SLAPI_FAIL_GENERAL, NULL, NULL);
             }
             /* set this operation includes the server side sorting */
             operation->o_flags |= OP_FLAG_SERVER_SIDE_SORTING;
@@ -303,8 +306,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 {
                     /* Badly formed VLV control */
                     return ldbm_back_search_cleanup(pb, li, sort_control,
-                                r, "VLV Control", 
-                                SLAPI_FAIL_GENERAL, &basesdn, 
+                                r, "VLV Control", SLAPI_FAIL_GENERAL, 
                                 &vlv_request_control, NULL);
                 }
                 {
@@ -325,8 +327,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                     {
                         /* Client isn't allowed to do this. */
                         return ldbm_back_search_cleanup(pb, li, sort_control, 
-                                    r, "VLV Control", 
-                                    SLAPI_FAIL_GENERAL, &basesdn, 
+                                    r, "VLV Control", SLAPI_FAIL_GENERAL, 
                                     &vlv_request_control, NULL);
                     }
                 }
@@ -341,8 +342,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 /* Can't have a VLV control without a SORT control */
                 return ldbm_back_search_cleanup(pb, li, sort_control, 
                                 LDAP_SORT_CONTROL_MISSING, "VLV Control", 
-                                SLAPI_FAIL_GENERAL, &basesdn, 
-                                &vlv_request_control, NULL);
+                                SLAPI_FAIL_GENERAL, &vlv_request_control, NULL);
             }
         }
     }
@@ -395,15 +395,13 @@ ldbm_back_search( Slapi_PBlock *pb )
             {
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                             LDAP_UNWILLING_TO_PERFORM, ctrlstr,
-                            SLAPI_FAIL_GENERAL, &basesdn, 
-                            &vlv_request_control, NULL);
+                            SLAPI_FAIL_GENERAL, &vlv_request_control, NULL);
             }
             else
             {
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                             LDAP_VIRTUAL_LIST_VIEW_ERROR, ctrlstr,
-                            SLAPI_FAIL_GENERAL, &basesdn, 
-                            &vlv_request_control, NULL);
+                            SLAPI_FAIL_GENERAL, &vlv_request_control, NULL);
             }
         }
         else
@@ -418,8 +416,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 sort_make_sort_response_control(pb, LDAP_UNWILLING_TO_PERFORM, NULL);
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                             LDAP_UNAVAILABLE_CRITICAL_EXTENSION, ctrlstr,
-                            SLAPI_FAIL_GENERAL, &basesdn, 
-                            &vlv_request_control, NULL);
+                            SLAPI_FAIL_GENERAL, &vlv_request_control, NULL);
             }
             else /* vlv and sorting are not critical, so ignore the control */
             {
@@ -453,7 +450,7 @@ ldbm_back_search( Slapi_PBlock *pb )
         {
             /* error or referral sent by find_entry */
             return ldbm_back_search_cleanup(pb, li, sort_control, 
-                            -1, NULL, 1, &basesdn, &vlv_request_control, NULL);
+                            -1, NULL, 1, &vlv_request_control, NULL);
         }
     }
 
@@ -478,21 +475,20 @@ ldbm_back_search( Slapi_PBlock *pb )
          */    
         if ((NULL != controls) && (sort) && (vlv)) {
             /* This candidate list is for vlv, no need for sort only. */
-            switch (vlv_search_build_candidate_list(pb, &basesdn, &vlv_rc,
+            switch (vlv_search_build_candidate_list(pb, basesdn, &vlv_rc,
                                                     sort_control,
                                                     (vlv ? &vlv_request_control : NULL),
                                                     &candidates, &vlv_response_control)) {
             case VLV_ACCESS_DENIED:
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                                                 vlv_rc, "VLV Control",
-                                                SLAPI_FAIL_GENERAL, &basesdn,
+                                                SLAPI_FAIL_GENERAL, 
                                                 &vlv_request_control, e);
             case VLV_BLD_LIST_FAILED:
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                                                 vlv_response_control.result,
                                                 NULL, SLAPI_FAIL_GENERAL,
-                                                &basesdn, &vlv_request_control,
-                                                e);
+                                                &vlv_request_control, e);
                 
             case LDAP_SUCCESS:
                 /* Log to the access log the particulars of this sort request */
@@ -513,7 +509,6 @@ ldbm_back_search( Slapi_PBlock *pb )
                                                     LDAP_OPERATIONS_ERROR,
                                                     "Sort Response Control",
                                                     SLAPI_FAIL_GENERAL,
-                                                    &basesdn,
                                                     &vlv_request_control, e);
                 }
             }
@@ -526,7 +521,7 @@ ldbm_back_search( Slapi_PBlock *pb )
             {
                 /* Error result sent by build_candidate_list */
                 return ldbm_back_search_cleanup(pb, li, sort_control, -1,
-                                                NULL, rc, &basesdn,
+                                                NULL, rc, 
                                                 &vlv_request_control, e);
             }
             /*
@@ -559,7 +554,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 IDList *idl = NULL;
                 Slapi_Filter *filter = NULL;
                 slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, &filter );
-                r = vlv_filter_candidates(be, pb, candidates, &basesdn,
+                r = vlv_filter_candidates(be, pb, candidates, basesdn,
                                           scope, filter, &idl,
                                           lookthrough_limit, time_up);
                 if(r == 0)
@@ -570,7 +565,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 else
                 {
                     return ldbm_back_search_cleanup(pb, li, sort_control,
-                                                    r, NULL, -1, &basesdn,
+                                                    r, NULL, -1, 
                                                     &vlv_request_control, e);
                 }
             }
@@ -589,7 +584,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                     return ldbm_back_search_cleanup(pb, li, sort_control,
                                              LDAP_PROTOCOL_ERROR,
                                              "Sort Response Control", -1,
-                                             &basesdn, &vlv_request_control, e);
+                                             &vlv_request_control, e);
                 }
               }
               else
@@ -630,7 +625,6 @@ ldbm_back_search( Slapi_PBlock *pb )
                     return ldbm_back_search_cleanup(pb, li, sort_control,
                                                     LDAP_PROTOCOL_ERROR,
                                                     "Sort Control", -1,
-                                                    &basesdn,
                                                     &vlv_request_control, e);
                 case LDAP_UNWILLING_TO_PERFORM:  /* Too hard */
                 case LDAP_OPERATIONS_ERROR:  /* Operation error */
@@ -673,7 +667,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                     return ldbm_back_search_cleanup(pb, li, sort_control,
                                              (abandoned?-1:LDAP_PROTOCOL_ERROR),
                                              "Sort Response Control", -1,
-                                             &basesdn, &vlv_request_control, e);
+                                             &vlv_request_control, e);
                 }
               }
             }
@@ -700,7 +694,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                     {
                         return ldbm_back_search_cleanup(pb, li, sort_control,
                                                     vlv_response_control.result,
-                                                    NULL, -1, &basesdn,
+                                                    NULL, -1, 
                                                     &vlv_request_control, e);
                     }
                 }
@@ -720,7 +714,7 @@ ldbm_back_search( Slapi_PBlock *pb )
                 return ldbm_back_search_cleanup(pb, li, sort_control,
                                              (abandoned?-1:LDAP_PROTOCOL_ERROR),
                                              "VLV Response Control", -1,
-                                             &basesdn, &vlv_request_control, e);
+                                             &vlv_request_control, e);
             }
             /* Log the VLV operation */
             vlv_print_access_log(pb,&vlv_request_control,&vlv_response_control);
@@ -783,7 +777,7 @@ ldbm_back_search( Slapi_PBlock *pb )
     /* Fix for bugid #394184, SD, 05 Jul 00 */
     /* tmp_err == -1: no error */
     return ldbm_back_search_cleanup(pb, li, sort_control, tmp_err, tmp_desc,
-                                    (tmp_err  == -1 ? 0 : -1), &basesdn,
+                                    (tmp_err  == -1 ? 0 : -1), 
                                     &vlv_request_control, NULL);
     /* end Fix for bugid #394184 */
 }
@@ -1205,7 +1199,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
     int                    managedsait;
     Slapi_Attr             *attr;
     Slapi_Filter           *filter;
-    char                   *base;
+    const char             *base;
     back_search_result_set *sr;
     ID                     id;
     struct backentry       *e;
@@ -1214,7 +1208,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
     int                    tlimit, llimit, slimit, isroot;
     struct berval          **urls = NULL;
     int                    err;
-    Slapi_DN               basesdn = {0};
+    Slapi_DN               *basesdn = NULL;
     char                   *target_uniqueid;
     int                    rc = 0; 
     int                    estimate = 0; /* estimated search result count */
@@ -1225,7 +1219,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
     slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
     slapi_pblock_get( pb, SLAPI_MANAGEDSAIT, &managedsait );
     slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, &filter );
-    slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &base );
+    slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &basesdn );
     slapi_pblock_get( pb, SLAPI_NENTRIES, &nentries );
     slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &slimit );
     slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit );
@@ -1240,6 +1234,13 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
         goto bail;
     }
 
+    if (NULL == basesdn) {
+        slapi_send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL,
+                               "Null target DN", 0, NULL );
+        return( -1 );
+    }
+    base = slapi_sdn_get_dn(basesdn);
+
     if (sr->sr_current_sizelimit >= 0) {
         /* 
          * sr_current_sizelimit contains the current sizelimit.
@@ -1254,7 +1255,10 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
     
     inst = (ldbm_instance *) be->be_instance_info;
 
-    slapi_sdn_init_dn_ndn_byref(&basesdn,base); /* normalized by front end */
+    if (NULL == basesdn) {
+        basesdn = slapi_sdn_new_normdn_byref(base);
+        slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, basesdn);
+    }
     /* Return to the cache the entry we handed out last time */
     /* If we are using the extension, the front end will tell
      * us when to do this so we don't do it now */
@@ -1399,7 +1403,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
                 char ebuf[ BUFSIZ ];
                 LDAPDebug( LDAP_DEBUG_ANY, "null ref in (%s)\n", escape_string( backentry_get_ndn(e), ebuf ), 0, 0 );
             }
-            else if ( slapi_sdn_scope_test( backentry_get_sdn(e), &basesdn, scope ))
+            else if ( slapi_sdn_scope_test( backentry_get_sdn(e), basesdn, scope ))
             {
                 if ( use_extension ) {
                     slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY_EXT, e );
@@ -1473,7 +1477,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
              * just forget about it, since we don't want to return anything at all. */
          {
              if ( slapi_uniqueIDCompareString(target_uniqueid, e->ep_entry->e_uniqueid) ||
-                  slapi_sdn_scope_test( backentry_get_sdn(e), &basesdn, scope ))
+                  slapi_sdn_scope_test( backentry_get_sdn(e), basesdn, scope ))
              {
                  /* check size limit */
                  if ( slimit >= 0 )
@@ -1540,7 +1544,6 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
         }
     }
 bail:
-    slapi_sdn_done(&basesdn);
     return rc;
 }
 

ldap/servers/slapd/back-ldbm/ldif2ldbm.c

@@ -137,29 +137,18 @@ int ldbm_back_fetch_incl_excl(Slapi_PBlock *pb, char ***include,
                               char ***exclude)
 {
     char **pb_incl, **pb_excl;
-    char subtreeDn[BUFSIZ];
-    char *normSubtreeDn;
-    int i;
 
     slapi_pblock_get(pb, SLAPI_LDIF2DB_INCLUDE, &pb_incl);
     slapi_pblock_get(pb, SLAPI_LDIF2DB_EXCLUDE, &pb_excl);
+    if ((NULL == include) || (NULL == exclude)) {
+        return 0;
+    }
     *include = *exclude = NULL;
 
-    /* normalize */
-    if (pb_excl) {
-        for (i = 0; pb_excl[i]; i++) {
-            PL_strncpyz(subtreeDn, pb_excl[i], sizeof(subtreeDn));
-            normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
-            charray_add(exclude, slapi_ch_strdup(normSubtreeDn));
-        }
-    }
-    if (pb_incl) {
-        for (i = 0; pb_incl[i]; i++) {
-            PL_strncpyz(subtreeDn, pb_incl[i], sizeof(subtreeDn));
-            normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
-            charray_add(include, slapi_ch_strdup(normSubtreeDn));
-        }
-    }
+    /* pb_incl/excl are both normalized */
+    *exclude = slapi_ch_array_dup(pb_excl);
+    *include = slapi_ch_array_dup(pb_incl);
+
     return (pb_incl || pb_excl);
 }
 
@@ -250,7 +239,8 @@ int add_op_attrs(Slapi_PBlock *pb, struct ldbminfo *li, struct backentry *ep,
          * caller via the status parameter.
          */
         if (entryrdn_get_switch()) { /* subtree-rename: on */
-            Slapi_DN sdn = {0};;
+            Slapi_DN sdn;
+            slapi_sdn_init(&sdn);
             slapi_sdn_set_dn_byval(&sdn, pdn);
             err = entryrdn_index_read(be, &sdn, &pid, NULL);
             slapi_sdn_done(&sdn);
@@ -656,8 +646,10 @@ int ldbm_back_ldif2ldbm( Slapi_PBlock *pb )
         /* initialize UniqueID generator - must be done once backends are started
            and event queue is initialized but before plugins are started */
         /* This dn is normalize. */
-        Slapi_DN *sdn = slapi_sdn_new_dn_byval ("cn=uniqueid generator,cn=config");
-        int rc = uniqueIDGenInit (NULL, sdn, 0 /* use single thread mode */);
+        Slapi_DN *sdn = 
+                 slapi_sdn_new_ndn_byref ("cn=uniqueid generator,cn=config");
+        int rc = uniqueIDGenInit (NULL, sdn /*const*/,
+                                  0 /* use single thread mode */);
         slapi_sdn_free (&sdn);
         if (rc != UID_SUCCESS) {
             LDAPDebug( LDAP_DEBUG_ANY,
@@ -783,9 +775,10 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
     IDList *idltotal = NULL, *idltmp;
     back_txn *txn = NULL;
     struct berval bv;
-    Slapi_DN sdn = {0}; /* Valid only if entryrdn_get_switch is true */
+    Slapi_DN sdn; /* Used only if entryrdn_get_switch is true */
 
     *err = 0;
+    slapi_sdn_init(&sdn);
     /* for each subtree spec... */
     for (i = 0; include[i]; i++) {
         IDList *idl = NULL;
@@ -794,6 +787,7 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
         char *nextdn = NULL;
         int matched = 0;
         int issubsuffix = 0;
+
         /*
          * avoid a case that an include suffix is applied to the backend of 
          * its sub suffix 
@@ -848,7 +842,6 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
         if (entryrdn_get_switch()) { /* subtree-rename: on */
             slapi_sdn_set_dn_byval(&sdn, include[i]);
             *err = entryrdn_index_read(be, &sdn, &id, NULL);
-            slapi_sdn_done(&sdn);
             if (*err) {
                 if (DB_NOTFOUND == *err) {
                     LDAPDebug2Args(LDAP_DEBUG_ANY,
@@ -861,6 +854,7 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
                                    "Reading %s failed on entryrdn; %d\n",
                                    include[i], *err );
                 }
+                slapi_sdn_done(&sdn);
                 continue;
             }
         } else {
@@ -895,6 +889,7 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
         } else {
             *err = ldbm_ancestorid_read(be, txn, id, &idl);
         }
+        slapi_sdn_done(&sdn);
         if (idl == NULL) {
             if (DB_NOTFOUND == *err) {
                 LDAPDebug(LDAP_DEBUG_ANY,
@@ -924,7 +919,7 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
             idl_free(idl);
             idltotal = idltmp;
         }
-    }
+    } /* for (i = 0; include[i]; i++) */
     
     return idltotal;
 }
@@ -1423,7 +1418,6 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
         ep = backentry_alloc();
         if (entryrdn_get_switch()) {
             char *rdn = NULL;
-            int rc = 0;
     
             /* rdn is allocated in get_value_from_string */
             rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn);
@@ -1900,9 +1894,9 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
 
         /* create suffix list */
         for (vlvidx = 0; vlvidx < numvlv; vlvidx++) {
-            char *s = slapi_ch_strdup(slapi_sdn_get_dn(vlvIndex_getBase(pvlv[vlvidx])));
-
-            s = slapi_dn_normalize_case(s);
+            char *s = 
+             slapi_ch_strdup(slapi_sdn_get_ndn(vlvIndex_getBase(pvlv[vlvidx])));
+            /* 's' is passed in */
             charray_add(&suffix_list, s);
         }
         idl = ldbm_fetch_subtrees(be, suffix_list, &err);
@@ -3448,8 +3442,7 @@ bail:
  * Update old DN format in entrydn and the leaf attr value to the new one
  *
  * The implementation would be similar to the upgradedb for new idl.
- * Scan each entry, checking the entrydn value with the result of 
- * slapi_dn_normalize_ext_case(dn).
+ * Scan each entry, checking the entrydn value with the normalized dn.
  * If they don't match,
  *   replace the old entrydn value with the new one in the entry 
  *   in id2entry.db4.

ldap/servers/slapd/back-ldbm/misc.c

@@ -425,7 +425,8 @@ ldbm_txn_ruv_modify_context( Slapi_PBlock *pb, modify_context *mc )
 
     slapi_pblock_get( pb, SLAPI_BACKEND, &be);
 
-    bentry_addr.dn = NULL;
+    bentry_addr.sdn = NULL;
+    bentry_addr.udn = NULL;
     bentry_addr.uniqueid = uniqueid;
 
     /* Note: if we find the bentry, it will stay locked until someone calls

ldap/servers/slapd/back-ldbm/vlv_srch.c

@@ -189,7 +189,7 @@ vlvSearch_init(struct vlvSearch* p, Slapi_PBlock *pb, const Slapi_Entry *e, ldbm
             slapi_pblock_set(pb, SLAPI_PLUGIN, inst->inst_be->be_database);
             slapi_pblock_get(pb, SLAPI_TXN, &txn.back_txn_txn);
 
-            addr.dn = (char*)slapi_sdn_get_ndn (p->vlv_base);
+            addr.sdn = p->vlv_base;
             addr.uniqueid = NULL;
             e = find_entry( pb, inst->inst_be, &addr, &txn );
             /* Check to see if the entry is absent. If it is, mark this search

ldap/servers/slapd/bind.c

@@ -124,12 +124,13 @@ do_bind( Slapi_PBlock *pb )
     int		auth_response_requested = 0;
     int		pw_response_requested = 0;
     char		*rawdn = NULL;
-    char		*dn = NULL, *saslmech = NULL;
+    const char	*dn = NULL;
+    char		*saslmech = NULL;
     struct berval	cred = {0};
     Slapi_Backend		*be = NULL;
     ber_tag_t ber_rc;
     int rc = 0;
-    Slapi_DN sdn;
+    Slapi_DN *sdn = NULL;
     Slapi_Entry *referral;
     char errorbuf[BUFSIZ];
     char **supported, **pmech;
@@ -137,8 +138,6 @@ do_bind( Slapi_PBlock *pb )
     Slapi_Entry *bind_target_entry = NULL;
     int auto_bind = 0;
     int minssf = 0;
-    char *test_bind_dn = NULL;
-    size_t dnlen = 0;
 
     LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
 
@@ -174,7 +173,7 @@ do_bind( Slapi_PBlock *pb )
         return;
     }
     /* Check if we should be performing strict validation. */
-    if (config_get_dn_validate_strict()) { 
+    if (rawdn && config_get_dn_validate_strict()) { 
         /* check that the dn is formatted correctly */
         rc = slapi_dn_syntax_check(pb, rawdn, 1);
         if (rc) { /* syntax check failed */
@@ -186,27 +185,21 @@ do_bind( Slapi_PBlock *pb )
             return;
         }
     }
-    rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
-    if (rc < 0) {
-        op_shared_log_error_access(pb, "BIND", rawdn?rawdn:"",
-                                   "invalid bind dn");
-        send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
-                         NULL, "invalid bind dn", 0, NULL);
-        slapi_ch_free_string(&rawdn);
+    sdn = slapi_sdn_new_dn_passin(rawdn);
+    dn = slapi_sdn_get_dn(sdn);
+    if (rawdn && (strlen(rawdn) > 0) && (NULL == dn)) {
+        /* normalization failed */
+        op_shared_log_error_access(pb, "BIND", rawdn, "invalid bind dn");
+        send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
+                         "invalid bind dn", 0, NULL);
+        slapi_sdn_free(&sdn);
         return;
-    } else if (rc > 0) { /* if rc == 0, rawdn is passed in */
-        slapi_ch_free_string(&rawdn);
-    } else { /* rc == 0; rawdn is passed in; not null terminated */
-        *(dn + dnlen) = '\0';
     }
-
-    slapi_sdn_init_dn_passin(&sdn, dn);
-
     LDAPDebug( LDAP_DEBUG_TRACE, "BIND dn=\"%s\" method=%d version=%d\n",
-               dn, method, version );
+               dn?dn:"empty", method, version );
 
     /* target spec is used to decide which plugins are applicable for the operation */
-    operation_set_target_spec (pb->pb_op, &sdn);
+    operation_set_target_spec (pb->pb_op, sdn);
 
     switch ( method ) {
     case LDAP_AUTH_SASL:
@@ -214,7 +207,7 @@ do_bind( Slapi_PBlock *pb )
             LDAPDebug( LDAP_DEBUG_ANY,
                        "got SASL credentials from LDAPv2 client\n",
                        0, 0, 0 );
-            log_bind_access (pb, slapi_sdn_get_dn (&sdn), method, version, saslmech, "SASL credentials only in LDAPv3");
+            log_bind_access (pb, dn?dn:"empty", method, version, saslmech, "SASL credentials only in LDAPv3");
             send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
                               "SASL credentials only in LDAPv3", 0, NULL );
             goto free_and_return;
@@ -243,7 +236,7 @@ do_bind( Slapi_PBlock *pb )
                 "LDAPv2-style kerberos authentication received "
                 "on LDAPv3 connection.";
             LDAPDebug( LDAP_DEBUG_ANY, kmsg, 0, 0, 0 );
-            log_bind_access (pb, slapi_sdn_get_dn (&sdn), method, version, saslmech, kmsg);
+            log_bind_access (pb, dn?dn:"empty", method, version, saslmech, kmsg);
             send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
                               kmsg, 0, NULL );
             goto free_and_return;
@@ -256,7 +249,7 @@ do_bind( Slapi_PBlock *pb )
         }
         break;
     default:
-        log_bind_access (pb, slapi_sdn_get_dn (&sdn), method, version, saslmech, "Unknown bind method");
+        log_bind_access (pb, dn?dn:"empty", method, version, saslmech, "Unknown bind method");
         send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
                           "Unknown bind method", 0, NULL );
         goto free_and_return;
@@ -265,7 +258,7 @@ do_bind( Slapi_PBlock *pb )
         LDAPDebug( LDAP_DEBUG_ANY,
                    "ber_scanf failed (op=Bind; params=Credentials)\n",
                    0, 0, 0 );
-        log_bind_access (pb, slapi_sdn_get_dn (&sdn), method, version, saslmech, "decoding error");
+        log_bind_access (pb, dn?dn:"empty", method, version, saslmech, "decoding error");
         send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
                           "decoding error", 0, NULL );
         goto free_and_return;
@@ -284,7 +277,7 @@ do_bind( Slapi_PBlock *pb )
 
         if (( err = get_ldapmessage_controls( pb, ber, &reqctrls ))
             != 0 ) {
-            log_bind_access (pb, slapi_sdn_get_dn (&sdn), method,
+            log_bind_access (pb, dn?dn:"empty", method,
                              version, saslmech, "failed to parse LDAP controls");
             send_ldap_result( pb, err, NULL, NULL, 0, NULL );
             goto free_and_return;
@@ -316,8 +309,8 @@ do_bind( Slapi_PBlock *pb )
         {
             auto_bind = 1; /* flag the bind method */
             dn = slapi_ch_strdup(pb->pb_conn->c_dn);
-            slapi_sdn_done(&sdn);
-            slapi_sdn_init_dn_passin(&sdn,dn);
+            slapi_sdn_free(&sdn);
+            sdn = slapi_sdn_new_dn_passin(dn);
         }
     }
 #endif /* ENABLE_AUTOBIND */
@@ -330,7 +323,7 @@ do_bind( Slapi_PBlock *pb )
     pb->pb_conn->c_needpw = 0;
     PR_Unlock( pb->pb_conn->c_mutex );
 
-    log_bind_access(pb, dn, method, version, saslmech, NULL);
+    log_bind_access(pb, dn?dn:"empty", method, version, saslmech, NULL);
 
     switch ( version ) {
     case LDAP_VERSION2:
@@ -372,9 +365,9 @@ do_bind( Slapi_PBlock *pb )
                version, method, dn );
     pb->pb_conn->c_ldapversion = version;
 
-    isroot = slapi_dn_isroot( slapi_sdn_get_ndn(&sdn) );
+    isroot = slapi_dn_isroot( slapi_sdn_get_ndn(sdn) );
     slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &isroot );
-    slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void*)slapi_sdn_get_ndn(&sdn) );
+    slapi_pblock_set( pb, SLAPI_BIND_TARGET_SDN, (void*)sdn );
     slapi_pblock_set( pb, SLAPI_BIND_METHOD, &method );
     slapi_pblock_set( pb, SLAPI_BIND_SASLMECHANISM, saslmech );
     slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, &cred );
@@ -613,9 +606,9 @@ do_bind( Slapi_PBlock *pb )
             slapi_value_init_berval(&cv,&cred);
 
             /* right dn and passwd - authorize */
-            if ( is_root_dn_pw( slapi_sdn_get_ndn(&sdn), &cv )) {
+            if ( is_root_dn_pw( slapi_sdn_get_ndn(sdn), &cv )) {
                 bind_credentials_set( pb->pb_conn, SLAPD_AUTH_SIMPLE,
-                                      slapi_ch_strdup( slapi_sdn_get_ndn(&sdn) ),
+                                      slapi_ch_strdup( slapi_sdn_get_ndn(sdn) ),
                                       NULL, NULL, NULL , NULL);
 
             /* right dn, wrong passwd - reject with invalid creds */
@@ -635,7 +628,7 @@ do_bind( Slapi_PBlock *pb )
             if ( auth_response_requested ) {
                 slapi_add_auth_response_control( pb,
                                            ( cred.bv_len == 0 ) ? "" :
-                                           slapi_sdn_get_ndn(&sdn));
+                                           slapi_sdn_get_ndn(sdn));
             }
             send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL );
 
@@ -687,7 +680,7 @@ do_bind( Slapi_PBlock *pb )
 
             /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */
             if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
-                bind_target_entry = get_entry(pb,  slapi_sdn_get_ndn(&sdn));
+                bind_target_entry = get_entry(pb,  slapi_sdn_get_ndn(sdn));
                 rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1);
             }
 
@@ -730,11 +723,11 @@ do_bind( Slapi_PBlock *pb )
                     if(!auto_bind)
                         bind_credentials_set( pb->pb_conn,
                                           authtype, slapi_ch_strdup(
-                                              slapi_sdn_get_ndn(&sdn)),
+                                              slapi_sdn_get_ndn(sdn)),
                                           NULL, NULL, NULL, bind_target_entry );
                     if ( auth_response_requested ) {
                         slapi_add_auth_response_control( pb,
-                                                   slapi_sdn_get_ndn(&sdn));
+                                                   slapi_sdn_get_ndn(sdn));
                     }
                 } else {	/* anonymous */
                     /* set bind creds here so anonymous limits are set */
@@ -803,16 +796,12 @@ do_bind( Slapi_PBlock *pb )
  free_and_return:;
     if (be)
         slapi_be_Unlock(be);
-    slapi_pblock_get(pb, SLAPI_BIND_TARGET, &test_bind_dn);
-    if (test_bind_dn != slapi_sdn_get_ndn(&sdn)) {
-        /* set in sasl bind or some other bind plugin */
-        slapi_ch_free_string(&test_bind_dn);
-    }
-    slapi_sdn_done(&sdn);
+    slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
+    slapi_sdn_free(&sdn);
     slapi_ch_free_string( &saslmech );
     slapi_ch_free( (void **)&cred.bv_val );
-	if ( bind_target_entry != NULL )
-		slapi_entry_free(bind_target_entry);
+    if ( bind_target_entry != NULL )
+        slapi_entry_free(bind_target_entry);
 }
 
 

ldap/servers/slapd/bulk_import.c

@@ -67,7 +67,7 @@ static int process_bulk_import_op (Slapi_PBlock *pb, int state, Slapi_Entry *e);
    SLAPI_CONNECTION -- connection over which bulk import is coming
    SLAPI_BACKEND -- the backend being imported 
    or 
-   SLAPI_TARGET_DN that contains root of the imported area.   
+   SLAPI_TARGET_SDN that contains root of the imported area.   
    The function returns LDAP_SUCCESS or LDAP error code 
 */
 
@@ -80,7 +80,7 @@ int slapi_start_bulk_import (Slapi_PBlock *pb)
    SLAPI_CONNECTION -- connection over which bulk import is coming
    SLAPI_BACKEND -- the backend being imported 
    or 
-   SLAPI_TARGET_DN that contains root of the imported area.   
+   SLAPI_TARGET_SDN that contains root of the imported area.   
    The function returns LDAP_SUCCESS or LDAP error code 
 */
 int slapi_stop_bulk_import (Slapi_PBlock *pb)
@@ -103,9 +103,7 @@ process_bulk_import_op (Slapi_PBlock *pb, int state, Slapi_Entry *e)
 {
     int rc;
     Slapi_Backend *be = NULL;
-    char *dn = NULL;
-    Slapi_DN sdn;
-    const Slapi_DN *target_sdn = NULL;
+    Slapi_DN *target_sdn = NULL;
 
     if (pb == NULL)
     {
@@ -125,29 +123,27 @@ process_bulk_import_op (Slapi_PBlock *pb, int state, Slapi_Entry *e)
         /* try to get dn to select backend */
         if (e)
         {
-            target_sdn = slapi_entry_get_sdn_const (e);
-            be = slapi_be_select (target_sdn);
+            target_sdn = slapi_entry_get_sdn(e);
         }
         else
         {
-			slapi_sdn_init(&sdn);
-            slapi_pblock_get (pb, SLAPI_TARGET_DN, &dn);
-            if (dn)
-            {
-                slapi_sdn_init_dn_byref(&sdn, dn);
-                be = slapi_be_select (&sdn);
-				target_sdn = &sdn;
+            slapi_pblock_get (pb, SLAPI_TARGET_SDN, &target_sdn);
+            if (NULL == target_sdn) {
+                slapi_log_error(SLAPI_LOG_FATAL, NULL,
+                                "process_bulk_import_op: NULL target sdn\n");
+                return LDAP_OPERATIONS_ERROR;
             }
         }
+        be = slapi_be_select (target_sdn);
         
         if (be) 
         {
-			if (state == SLAPI_BI_STATE_START && (!slapi_be_issuffix(be, target_sdn)))
-			{
-            	slapi_log_error(SLAPI_LOG_FATAL, NULL,
-				 	"process_bulk_import_op: wrong backend suffix\n");
-            	return LDAP_OPERATIONS_ERROR;    
-			}
+            if (state == SLAPI_BI_STATE_START && (!slapi_be_issuffix(be, target_sdn)))
+            {
+                slapi_log_error(SLAPI_LOG_FATAL, NULL,
+                     "process_bulk_import_op: wrong backend suffix\n");
+                return LDAP_OPERATIONS_ERROR;    
+            }
             slapi_pblock_set (pb, SLAPI_BACKEND, be);
         }
         else
@@ -155,9 +151,6 @@ process_bulk_import_op (Slapi_PBlock *pb, int state, Slapi_Entry *e)
             slapi_log_error(SLAPI_LOG_FATAL, NULL, "process_bulk_import_op: NULL backend\n");
             return LDAP_OPERATIONS_ERROR;    
         }        
-
-		if (NULL == e)
-            slapi_sdn_done (&sdn);
     }
 
     if (be->be_wire_import == NULL)

ldap/servers/slapd/charray.c

@@ -472,3 +472,24 @@ charray_get_index(char **array, char *s)
     }
     return -1;
 }
+
+int
+charray_normdn_add(char ***chararray, char *dn, char *errstr)
+{
+    int rc = 0;
+    size_t len = 0;
+    char *normdn = NULL;
+    rc = slapi_dn_normalize_ext(dn, 0, &normdn, &len);
+    if (rc < 0) {
+        LDAPDebug2Args(LDAP_DEBUG_ANY, "Invalid dn: \"%s\" %s\n",
+                       dn, errstr?errstr:"");
+        return rc;
+    } else if (0 == rc) {
+        /* rc == 0; optarg_extawdn is passed in; 
+         * not null terminated */
+        *(dn + len) = '\0';
+        normdn = slapi_ch_strdup(dn);
+    }
+    charray_add(chararray, slapi_dn_ignore_case(normdn));
+    return rc;
+}

ldap/servers/slapd/compare.c

@@ -66,8 +66,7 @@ do_compare( Slapi_PBlock *pb )
 {
 	BerElement	*ber = pb->pb_op->o_ber;
 	char		*rawdn = NULL;
-	char		*dn = NULL;
-	size_t		 len = 0;
+	const char	*dn = NULL;
 	struct ava	ava = {0};
 	Slapi_Backend		*be = NULL;
 	int		err;
@@ -118,18 +117,16 @@ do_compare( Slapi_PBlock *pb )
 			return;
 		}
 	}
-	err = slapi_dn_normalize_ext(rawdn, 0, &dn, &len);
-	if (err < 0) {
-		op_shared_log_error_access(pb, "CMP", rawdn?rawdn:"", "invalid dn");
-		send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
-						 NULL, "invalid dn", 0, NULL);
-		slapi_ch_free((void **) &rawdn);
-		return;
-	} else if (err > 0) { /* if rc == 0, rawdn is passed in */
-		slapi_ch_free((void **) &rawdn);
-	} else { /* rc == 0; rawdn is passed in; not null terminated */
-		*(dn + len) = '\0';
-	}
+	slapi_sdn_init_dn_passin(&sdn, rawdn);
+	dn = slapi_sdn_get_dn(&sdn);
+    if (rawdn && (strlen(rawdn) > 0) && (NULL == dn)) {
+        /* normalization failed */
+        op_shared_log_error_access(pb, "CMP", rawdn, "invalid dn");
+        send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
+                         "invalid dn", 0, NULL);
+        slapi_sdn_done(&sdn);
+        return;
+    }
 	/*
 	 * in LDAPv3 there can be optional control extensions on
 	 * the end of an LDAPMessage. we need to read them in and
@@ -139,19 +136,17 @@ do_compare( Slapi_PBlock *pb )
 		send_ldap_result( pb, err, NULL, NULL, 0, NULL );
 		goto free_and_return;
 	}
-	slapi_sdn_init_dn_passin(&sdn,dn);
-    dn = NULL; /* do not free - sdn owns it now */
 
 	/* target spec is used to decide which plugins are applicable for the operation */
 	operation_set_target_spec (pb->pb_op, &sdn);
 
 	LDAPDebug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s)\n",
-	    dn, ava.ava_type, 0 );
+	    rawdn, ava.ava_type, 0 );
 
 	slapi_log_access( LDAP_DEBUG_STATS,
 	    "conn=%" NSPRIu64 " op=%d CMP dn=\"%s\" attr=\"%s\"\n",
 	    pb->pb_conn->c_connid, pb->pb_op->o_opid,
-	    escape_string( dn, ebuf ), ava.ava_type );
+	    escape_string( rawdn, ebuf ), ava.ava_type );
 
 	/*
 	 * We could be serving multiple database backends.  Select the
@@ -188,7 +183,9 @@ do_compare( Slapi_PBlock *pb )
 		isroot = pb->pb_op->o_isroot;
 
 		slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &isroot );
-		slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void*)slapi_sdn_get_ndn(&sdn) );
+		/* EXCEPTION: compare target does not allocate memory. */
+		/* target never be modified by plugins. */
+		slapi_pblock_set( pb, SLAPI_COMPARE_TARGET_SDN, (void*)&sdn );
 		slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, ava.ava_type);
 		slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, &ava.ava_value );
 		/*
@@ -216,6 +213,5 @@ free_and_return:;
 	if (be)
 		slapi_be_Unlock(be);
 	slapi_sdn_done(&sdn);
-    slapi_ch_free_string(&dn);
 	ava_done( &ava );
 }

ldap/servers/slapd/delete.c

@@ -72,8 +72,6 @@ do_delete( Slapi_PBlock *pb )
 	Slapi_Operation *operation;
 	BerElement	*ber;
 	char	    *rawdn = NULL;
-	char	    *dn = NULL;
-	size_t		dnlen = 0;
 	int			err = 0;
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@@ -107,22 +105,9 @@ do_delete( Slapi_PBlock *pb )
 							"strict: invalid dn");
 			send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
 							 NULL, "invalid dn", 0, NULL);
-			slapi_ch_free_string(&rawdn);
 			goto free_and_return;
 		}
 	}
-	err = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
-	if (err < 0) {
-		op_shared_log_error_access(pb, "DEL", rawdn?rawdn:"", "invalid dn");
-		send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
-						 NULL, "invalid dn", 0, NULL);
-		slapi_ch_free_string(&rawdn);
-		goto free_and_return;
-	} else if (err > 0) { /* if err == 0, rawdn is passed in */
-		slapi_ch_free_string(&rawdn);
-	} else { /* err == 0; rawdn is passed in; not null terminated */
-		*(dn + dnlen) = '\0';
-	}
 
 	/*
 	 * in LDAPv3 there can be optional control extensions on
@@ -130,20 +115,20 @@ do_delete( Slapi_PBlock *pb )
 	 * pass them to the backend.
 	 */
 	if ( (err = get_ldapmessage_controls( pb, ber, NULL )) != 0 ) {
-		op_shared_log_error_access (pb, "DEL", dn, "decoding error");
+		op_shared_log_error_access (pb, "DEL", rawdn, "decoding error");
 		send_ldap_result( pb, err, NULL, NULL, 0, NULL );
 		goto free_and_return;
 	}
 
-	LDAPDebug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", dn, 0, 0 );
-			
+	LDAPDebug1Arg( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", rawdn );
+
 	slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot );
-	slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn);
+	slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, rawdn);
 
 	op_shared_delete (pb);
 
 free_and_return:;
-	slapi_ch_free ((void**)&dn);
+	slapi_ch_free ((void**)&rawdn);
 }
 
 /* This function is used to issue internal delete operation
@@ -158,7 +143,7 @@ slapi_delete_internal(const char *idn, LDAPControl **controls, int dummy)
     int             opresult;
 
     pblock_init (&pb);
-    	
+
     slapi_delete_internal_set_pb (&pb, idn, controls, NULL, plugin_get_default_component_id(), 0);
 
 	delete_internal_pb (&pb);
@@ -201,22 +186,26 @@ int slapi_delete_internal_pb (Slapi_PBlock *pb)
 }
 
 /* Initialize a pblock for a call to slapi_delete_internal_pb() */
-void slapi_delete_internal_set_pb (Slapi_PBlock *pb, const char *dn, LDAPControl **controls, const char *uniqueid, 
-								   Slapi_ComponentId *plugin_identity, int operation_flags)
+void
+slapi_delete_internal_set_pb (Slapi_PBlock *pb,
+                              const char *rawdn,
+                              LDAPControl **controls, const char *uniqueid, 
+                              Slapi_ComponentId *plugin_identity, 
+                              int operation_flags)
 {  
 	Operation *op;
 	PR_ASSERT (pb != NULL);
-	if (pb == NULL || dn == NULL)
+	if (pb == NULL || rawdn == NULL)
 	{
 		slapi_log_error(SLAPI_LOG_FATAL, NULL, 
 						"slapi_delete_internal_set_pb: NULL parameter\n");
 		return;
 	}
 
-    op = internal_operation_new(SLAPI_OPERATION_DELETE,operation_flags);
+	op = internal_operation_new(SLAPI_OPERATION_DELETE,operation_flags);
 	slapi_pblock_set(pb, SLAPI_OPERATION, op);
-	slapi_pblock_set(pb, SLAPI_ORIGINAL_TARGET, (void*)dn);
-    slapi_pblock_set(pb, SLAPI_CONTROLS_ARG, controls);
+	slapi_pblock_set(pb, SLAPI_ORIGINAL_TARGET, (void*)rawdn);
+	slapi_pblock_set(pb, SLAPI_CONTROLS_ARG, controls);
 	if (uniqueid)
 	{
 		slapi_pblock_set(pb, SLAPI_TARGET_UNIQUEID, (void*)uniqueid);
@@ -259,11 +248,12 @@ static int delete_internal_pb (Slapi_PBlock *pb)
 
 static void op_shared_delete (Slapi_PBlock *pb)
 {
-	char	      	*dn;
+	char			*rawdn = NULL;
+	const char		*dn = NULL;
 	Slapi_Backend	*be = NULL;
 	char			ebuf[ BUFSIZ ];
 	int				internal_op;
-	Slapi_DN		sdn;
+	Slapi_DN		*sdn = NULL;
 	Slapi_Operation *operation;
 	Slapi_Entry *referral;
 	Slapi_Entry	*ecopy = NULL;
@@ -274,15 +264,23 @@ static void op_shared_delete (Slapi_PBlock *pb)
 	int		proxy_err = LDAP_SUCCESS;
 	char		*errtext = NULL;
 
-	slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &dn);
+	slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &rawdn);
 	slapi_pblock_get(pb, SLAPI_OPERATION, &operation);
 	internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
 
-	slapi_sdn_init_dn_byref(&sdn,dn);
-	slapi_pblock_set(pb, SLAPI_DELETE_TARGET, (void*)slapi_sdn_get_ndn (&sdn));
+	sdn = slapi_sdn_new_dn_byval(rawdn);
+	dn = slapi_sdn_get_dn(sdn);
+	slapi_pblock_set(pb, SLAPI_DELETE_TARGET_SDN, (void*)sdn);
+	if (rawdn && (strlen(rawdn) > 0) && (NULL == dn)) {
+		/* normalization failed */
+		op_shared_log_error_access(pb, "DEL", rawdn, "invalid dn");
+		send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
+		                 NULL, "invalid dn", 0, NULL);
+		goto free_and_return;
+	}
 
 	/* target spec is used to decide which plugins are applicable for the operation */
-	operation_set_target_spec (operation, &sdn);
+	operation_set_target_spec (operation, sdn);
 
 	/* get the proxy auth dn if the proxy auth control is present */
 	proxy_err = proxyauth_get_dn(pb, &proxydn, &errtext);
@@ -299,7 +297,7 @@ static void op_shared_delete (Slapi_PBlock *pb)
 			slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d DEL dn=\"%s\"%s\n",
 							pb->pb_conn->c_connid, 
 							pb->pb_op->o_opid,
-							escape_string(dn, ebuf),
+							escape_string(slapi_sdn_get_dn(sdn), ebuf),
 							proxystr ? proxystr: "");
 		}
 		else
@@ -307,7 +305,7 @@ static void op_shared_delete (Slapi_PBlock *pb)
 			slapi_log_access(LDAP_DEBUG_ARGS, "conn=%s op=%d DEL dn=\"%s\"%s\n",
 							LOG_INTERNAL_OP_CON_ID,
 							LOG_INTERNAL_OP_OP_ID,
-							escape_string(dn, ebuf),
+							escape_string(slapi_sdn_get_dn(sdn), ebuf),
 							proxystr ? proxystr: "");
 		}
 	}
@@ -398,6 +396,7 @@ free_and_return:
 		slapi_be_Unlock(be);
 	}
 	{
+		char *coldn = NULL;
 		Slapi_Entry *epre = NULL, *eparent = NULL;
 		slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &epre);
 		slapi_pblock_get(pb, SLAPI_DELETE_GLUE_PARENT_ENTRY, &eparent);
@@ -408,10 +407,12 @@ free_and_return:
 		}
 		slapi_entry_free(epre);
 		slapi_entry_free(eparent);
+		slapi_pblock_get(pb, SLAPI_URP_NAMING_COLLISION_DN, &coldn);
+		slapi_ch_free_string(&coldn);
 	}
-	slapi_pblock_get(pb, SLAPI_URP_NAMING_COLLISION_DN, &dn);
-	slapi_ch_free((void **)&dn);
-	slapi_sdn_done(&sdn);
+
+	slapi_pblock_get(pb, SLAPI_DELETE_TARGET_SDN, &sdn);
+	slapi_sdn_free(&sdn);
 	slapi_ch_free_string(&proxydn);
 	slapi_ch_free_string(&proxystr);
 }

ldap/servers/slapd/dn.c

@@ -190,7 +190,6 @@ substr_dn_normalize_orig( char *dn, char *end )
 	char		*d = NULL;
 	char 		*s = NULL;
 	char		*typestart = NULL;
-	char		*rdnbegin = NULL;
 	char		*lastesc = NULL;
 	int		gotesc = 0;
 	int		state = B4TYPE;
@@ -231,7 +230,6 @@ substr_dn_normalize_orig( char *dn, char *end )
 				value_separator = NULL;
 				value = d;
 				state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE1ST;
-				rdnbegin = d;
 				lastesc = NULL;
 				*d++ = *s;
 			}
@@ -545,6 +543,9 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
             rc = 0;
         }
     }
+    if (0 == src_len) { /* src == "" */
+        goto bail;
+    }
 
     ends = src + src_len;
     endd = *dest + *dest_len;
@@ -1041,7 +1042,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
             break;
         default:
             LDAPDebug( LDAP_DEBUG_ANY,
-                "slapi_dn_normalize - unknown state %d\n", state, 0, 0 );
+                "slapi_dn_normalize_ext - unknown state %d\n", state, 0, 0 );
             break;
         }
     }
@@ -1116,6 +1117,39 @@ slapi_create_dn_string(const char *fmt, ...)
     return dest;
 }
 
+char *
+slapi_create_rdn_value(const char *fmt, ...)
+{
+    char *src = NULL;
+    char *dest = NULL;
+    size_t dest_len = 0;
+    va_list ap;
+    int rc = 0;
+    char *dnfmt;
+
+    if (NULL == fmt) {
+        return NULL;
+    }
+
+    dnfmt = slapi_ch_smprintf("cn=%s", fmt);
+    va_start(ap, fmt);
+    src = PR_vsmprintf(dnfmt, ap);
+    va_end(ap);
+    slapi_ch_free_string(&dnfmt);
+
+    rc = slapi_dn_normalize_ext(src, strlen(src), &dest, &dest_len);
+    if (rc == 0) { /* src is passed in. */
+        *(dest + dest_len) = '\0';
+        dest = slapi_ch_strdup(dest + 3);
+    } else if (rc > 0) {
+        char *odest = dest;
+        dest = slapi_ch_strdup(dest + 3);
+        slapi_ch_free_string(&odest);
+    }
+    slapi_ch_free_string(&src);
+    return dest;
+}
+
 /*
  * Append previous AV to the attribute value array if multivalued RDN.
  * We use a stack based array at first and if we overflow that, we
@@ -1370,12 +1404,13 @@ dn_ignore_case_to_end( char *dn, char *end )
  * slapi_dn_normalize_case - put dn into a canonical form suitable for storing
  * in a hash database.  this involves normalizing the case as well as
  * the format.  the dn is normalized in place as well as returned.
+ * (DEPRECATED)
  */
 
 char *
 slapi_dn_normalize_case( char *dn )
 {
-	/* normalize format */
+	/* normalize format (DEPRECATED) noop */
 	slapi_dn_normalize( dn );
 
 	/* normalize case */
@@ -1698,6 +1733,9 @@ PR_DEFINE_COUNTER(slapi_sdn_counter_dn_exist);
 PR_DEFINE_COUNTER(slapi_sdn_counter_ndn_created);
 PR_DEFINE_COUNTER(slapi_sdn_counter_ndn_deleted);
 PR_DEFINE_COUNTER(slapi_sdn_counter_ndn_exist);
+PR_DEFINE_COUNTER(slapi_sdn_counter_udn_created);
+PR_DEFINE_COUNTER(slapi_sdn_counter_udn_deleted);
+PR_DEFINE_COUNTER(slapi_sdn_counter_udn_exist);
 
 static void
 sdn_create_counters()
@@ -1711,12 +1749,16 @@ sdn_create_counters()
 	PR_CREATE_COUNTER(slapi_sdn_counter_ndn_created,"Slapi_DN","internal_ndn_created","");
 	PR_CREATE_COUNTER(slapi_sdn_counter_ndn_deleted,"Slapi_DN","internal_ndn_deleted","");
 	PR_CREATE_COUNTER(slapi_sdn_counter_ndn_exist,"Slapi_DN","internal_ndn_exist","");
+	PR_CREATE_COUNTER(slapi_sdn_counter_udn_created,"Slapi_DN","internal_udn_created","");
+	PR_CREATE_COUNTER(slapi_sdn_counter_udn_deleted,"Slapi_DN","internal_udn_deleted","");
+	PR_CREATE_COUNTER(slapi_sdn_counter_udn_exist,"Slapi_DN","internal_udn_exist","");
 	counters_created= 1;
 }
 
 #define FLAG_ALLOCATED 0
 #define FLAG_DN 1
 #define FLAG_NDN 2
+#define FLAG_UDN 3
 
 Slapi_DN *
 slapi_sdn_new()
@@ -1730,10 +1772,18 @@ slapi_sdn_new()
     return sdn;
 }
 
+/*
+ * WARNING:
+ * Do not call slapi_sdn_init and its sibling APIs against Slapi_DN 
+ * allocated by slapi_sdn_new.  slapi_sdn_init clears all bits in the flag. 
+ * If sdn is allocated by slapi_sdn_new, the FLAG_ALLOCATED bit is cleared 
+ * and slapi_sdn_free won't free Slapi_DN.
+ */
 Slapi_DN *
 slapi_sdn_init(Slapi_DN *sdn)
 {
     sdn->flag= 0;
+    sdn->udn= NULL;
     sdn->dn= NULL;
     sdn->ndn= NULL;
 	sdn->ndn_len=0;
@@ -1748,7 +1798,7 @@ Slapi_DN *
 slapi_sdn_init_dn_byref(Slapi_DN *sdn,const char *dn)
 {
     slapi_sdn_init(sdn);
-    slapi_sdn_set_dn_byref(sdn,dn);
+    slapi_sdn_set_dn_byref(sdn, dn);
 	return sdn;
 }
 
@@ -1768,20 +1818,33 @@ slapi_sdn_init_dn_passin(Slapi_DN *sdn,const char *dn)
 	return sdn;
 }
 
-/* use when dn is normalized previously */
+/* use when dn is already normalized (but case is yet touched) */
 Slapi_DN *
-slapi_sdn_init_dn_ndn_byref(Slapi_DN *sdn,const char *dn) {
-	  slapi_sdn_init(sdn);
-	  slapi_sdn_set_dn_byref(sdn,dn);
-	  /* slapi_sdn_set_ndn_byref nulls out dn set in above statement */
-	  sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_NDN);
-      sdn->ndn= dn;
-	  if(dn == NULL) {
-		  sdn->ndn_len=0;
-	  } else {
-	   sdn->ndn_len=strlen(dn);
-	  }
-	  return sdn;
+slapi_sdn_init_normdn_byref(Slapi_DN *sdn, const char *dn)
+{
+    slapi_sdn_init(sdn);
+    if(dn == NULL) {
+        sdn->ndn_len = 0;
+    } else {
+        sdn->ndn_len = strlen(dn);
+        sdn->dn = dn;
+    }
+    return sdn;
+}
+
+/* use when dn is already normalized (but case is yet touched) */
+Slapi_DN *
+slapi_sdn_init_normdn_passin(Slapi_DN *sdn, const char *dn)
+{
+    slapi_sdn_init(sdn);
+    if(dn == NULL) {
+        sdn->ndn_len = 0;
+    } else {
+        sdn->ndn_len = strlen(dn);
+        sdn->dn = dn;
+        sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+    }
+    return sdn;
 }
 
 Slapi_DN *
@@ -1789,7 +1852,7 @@ slapi_sdn_init_ndn_byref(Slapi_DN *sdn,const char *dn)
 {
     slapi_sdn_init(sdn);
     slapi_sdn_set_ndn_byref(sdn,dn);
-	return sdn;
+    return sdn;
 }
 
 Slapi_DN *
@@ -1797,7 +1860,7 @@ slapi_sdn_init_ndn_byval(Slapi_DN *sdn,const char *dn)
 {
     slapi_sdn_init(sdn);
     slapi_sdn_set_ndn_byval(sdn,dn);
-	return sdn;
+    return sdn;
 }
 
 Slapi_DN *
@@ -1845,16 +1908,46 @@ slapi_sdn_new_ndn_byref(const char *ndn)
     return sdn;
 }
 
+/* use when dn is already normalized */
+Slapi_DN *
+slapi_sdn_new_normdn_byref(const char *normdn)
+{
+    Slapi_DN *sdn = slapi_sdn_new();
+    slapi_sdn_set_normdn_byref(sdn, normdn);
+    SDN_DUMP( sdn, "slapi_sdn_new_normdn_byref");
+    return sdn;
+}
+
+/* use when dn is already normalized */
+Slapi_DN *
+slapi_sdn_new_normdn_passin(const char *normdn)
+{
+    Slapi_DN *sdn = slapi_sdn_new();
+    slapi_sdn_set_normdn_passin(sdn, normdn);
+    SDN_DUMP( sdn, "slapi_sdn_new_normdn_passin");
+    return sdn;
+}
+
+/* use when dn is already normalized */
+Slapi_DN *
+slapi_sdn_new_normdn_byval(const char *normdn)
+{
+    Slapi_DN *sdn = slapi_sdn_new();
+    slapi_sdn_set_normdn_byval(sdn, normdn);
+    SDN_DUMP( sdn, "slapi_sdn_new_normdn_byval");
+    return sdn;
+}
+
 Slapi_DN *
 slapi_sdn_set_dn_byval(Slapi_DN *sdn, const char *dn)
 {
     slapi_sdn_done(sdn);
-    sdn->flag= slapi_setbit_uchar(sdn->flag,FLAG_DN);
+    sdn->flag= slapi_setbit_uchar(sdn->flag,FLAG_UDN);
 	if(dn!=NULL)
 	{
-		sdn->dn= slapi_ch_strdup(dn);
-	    PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
-	    PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+		sdn->udn= slapi_ch_strdup(dn);
+	    PR_INCREMENT_COUNTER(slapi_sdn_counter_udn_created);
+	    PR_INCREMENT_COUNTER(slapi_sdn_counter_udn_exist);
 	}
     return sdn;
 }
@@ -1863,8 +1956,8 @@ Slapi_DN *
 slapi_sdn_set_dn_byref(Slapi_DN *sdn, const char *dn)
 {
     slapi_sdn_done(sdn);
-    sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_DN);
-    sdn->dn= dn;
+    sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_UDN);
+    sdn->udn= dn;
     return sdn;
 }
 
@@ -1872,16 +1965,63 @@ Slapi_DN *
 slapi_sdn_set_dn_passin(Slapi_DN *sdn, const char *dn)
 {
     slapi_sdn_done(sdn);
-    sdn->flag= slapi_setbit_uchar(sdn->flag,FLAG_DN);
-    sdn->dn= dn;
+    sdn->flag= slapi_setbit_uchar(sdn->flag,FLAG_UDN);
+    sdn->udn= dn;
 	if(dn!=NULL)
 	{
-	    PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
-	    PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+	    PR_INCREMENT_COUNTER(slapi_sdn_counter_udn_created);
+	    PR_INCREMENT_COUNTER(slapi_sdn_counter_udn_exist);
 	}
     return sdn;
 }
 
+Slapi_DN *
+slapi_sdn_set_normdn_byref(Slapi_DN *sdn, const char *normdn)
+{
+    slapi_sdn_done(sdn);
+    sdn->flag = slapi_unsetbit_uchar(sdn->flag, FLAG_DN);
+    sdn->dn = normdn;
+    if(normdn == NULL) {
+        sdn->ndn_len = 0;
+    } else {
+        sdn->ndn_len = strlen(normdn);
+    }
+    return sdn;
+}
+
+Slapi_DN *
+slapi_sdn_set_normdn_passin(Slapi_DN *sdn, const char *normdn)
+{
+    slapi_sdn_done(sdn);
+    sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+    sdn->dn = normdn;
+    if(normdn == NULL) {
+        sdn->ndn_len = 0;
+    } else {
+        sdn->ndn_len = strlen(normdn);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+    }
+    return sdn;
+}
+
+Slapi_DN *
+slapi_sdn_set_normdn_byval(Slapi_DN *sdn, const char *normdn)
+{
+    slapi_sdn_done(sdn);
+    sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+    if(normdn == NULL) {
+        sdn->dn = slapi_ch_strdup(normdn);
+        sdn->ndn_len = 0;
+    } else {
+        sdn->dn = slapi_ch_strdup(normdn);
+        sdn->ndn_len = strlen(normdn);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+    }
+    return sdn;
+}
+
 Slapi_DN *
 slapi_sdn_set_ndn_byval(Slapi_DN *sdn, const char *ndn)
 {
@@ -1925,7 +2065,7 @@ slapi_sdn_set_rdn(Slapi_DN *sdn, const Slapi_RDN *rdn)
 	else
 	{
 		/* NewDN= NewRDN + OldParent */
-		char *parentdn= slapi_dn_parent(sdn->dn);
+		char *parentdn = slapi_dn_parent(slapi_sdn_get_dn(sdn));
 		char *newdn = slapi_ch_smprintf("%s,%s", rawrdn, parentdn);
 		slapi_ch_free((void**)&parentdn);
 		slapi_sdn_set_dn_passin(sdn,newdn);
@@ -1939,7 +2079,7 @@ slapi_sdn_set_rdn(Slapi_DN *sdn, const Slapi_RDN *rdn)
 Slapi_DN *
 slapi_sdn_add_rdn(Slapi_DN *sdn, const Slapi_RDN *rdn)
 {
-	const char *rawrdn= slapi_rdn_get_rdn(rdn);
+	const char *rawrdn = slapi_rdn_get_rdn(rdn);
     if(slapi_sdn_isempty(sdn))
 	{
 		slapi_sdn_set_dn_byval(sdn,rawrdn);
@@ -1972,7 +2112,7 @@ slapi_sdn_set_parent(Slapi_DN *sdn, const Slapi_DN *parentdn)
 		/* NewDN= OldRDN + NewParent */
 		Slapi_RDN rdn;
 		const char *rawrdn;
-		slapi_rdn_init_dn(&rdn,sdn->dn);
+		slapi_rdn_init_dn(&rdn, slapi_sdn_get_dn(sdn));
 		rawrdn= slapi_rdn_get_rdn(&rdn);
 	    if(slapi_sdn_isempty(parentdn))
 		{
@@ -1980,12 +2120,9 @@ slapi_sdn_set_parent(Slapi_DN *sdn, const Slapi_DN *parentdn)
 		}
 		else
 		{
-			char *newdn;
-			newdn= slapi_ch_malloc(strlen(rawrdn)+1+strlen(parentdn->dn)+1);
-			strcpy( newdn, rawrdn );
-			strcat( newdn, "," );
-			strcat( newdn, parentdn->dn );
-			slapi_sdn_set_dn_passin(sdn,newdn);
+			char *newdn = 
+			    slapi_ch_smprintf("%s,%s", rawrdn, slapi_sdn_get_dn(parentdn));
+			slapi_sdn_set_dn_passin(sdn, newdn);
 		}
 		slapi_rdn_done(&rdn);
 	}
@@ -2005,7 +2142,6 @@ slapi_sdn_done(Slapi_DN *sdn)
         if(slapi_isbitset_uchar(sdn->flag,FLAG_DN))
         {
             slapi_ch_free((void**)&(sdn->dn));
-            sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_DN);
             PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_deleted);
             PR_DECREMENT_COUNTER(slapi_sdn_counter_dn_exist);
         }
@@ -2014,22 +2150,36 @@ slapi_sdn_done(Slapi_DN *sdn)
             sdn->dn= NULL;
         }
     }
+    sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_DN);
     if(sdn->ndn!=NULL)
     {
         if(slapi_isbitset_uchar(sdn->flag,FLAG_NDN))
         {
             slapi_ch_free((void**)&(sdn->ndn));
-            sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_NDN);
-			sdn->ndn_len=0;
             PR_INCREMENT_COUNTER(slapi_sdn_counter_ndn_deleted);
             PR_DECREMENT_COUNTER(slapi_sdn_counter_ndn_exist);
         }
         else
         {
             sdn->ndn= NULL;
-			sdn->ndn_len=0;
         }
     }
+    sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_NDN);
+    sdn->ndn_len=0;
+    if(sdn->udn!=NULL)
+    {
+        if(slapi_isbitset_uchar(sdn->flag,FLAG_UDN))
+        {
+            slapi_ch_free((void**)&(sdn->udn));
+            PR_INCREMENT_COUNTER(slapi_sdn_counter_udn_deleted);
+            PR_DECREMENT_COUNTER(slapi_sdn_counter_udn_exist);
+        }
+        else
+        {
+            sdn->udn= NULL;
+        }
+    }
+    sdn->flag= slapi_unsetbit_uchar(sdn->flag,FLAG_UDN);
 }
 
 void
@@ -2037,9 +2187,11 @@ slapi_sdn_free(Slapi_DN **sdn)
 {
 	if(sdn!=NULL && *sdn!=NULL)
 	{
+	    int is_allocated = 0;
 	    SDN_DUMP( *sdn, "slapi_sdn_free");
+	    is_allocated = slapi_isbitset_uchar((*sdn)->flag, FLAG_ALLOCATED);
 	    slapi_sdn_done(*sdn);
-	    if(slapi_isbitset_uchar((*sdn)->flag,FLAG_ALLOCATED))
+	    if(is_allocated)
 	    {
 	        slapi_ch_free((void**)sdn);
 	        PR_INCREMENT_COUNTER(slapi_sdn_counter_deleted);
@@ -2051,43 +2203,75 @@ slapi_sdn_free(Slapi_DN **sdn)
 const char *
 slapi_sdn_get_dn(const Slapi_DN *sdn)
 {
-    return (sdn->dn!=NULL ? sdn->dn : sdn->ndn);
+    if (NULL == sdn) {
+        return NULL;
+    }
+    if (sdn->dn) {
+        return sdn->dn;
+    } else if (sdn->ndn) {
+        return sdn->ndn;
+    } else if (sdn->udn) {
+        char *udn = slapi_ch_strdup(sdn->udn);
+        char *normed = NULL;
+        size_t dnlen = 0;
+        Slapi_DN *ncsdn = (Slapi_DN*)sdn; /* non-const Slapi_DN */
+        int rc = slapi_dn_normalize_ext(udn, 0, &normed, &dnlen);
+        if (rc == 0) { /* udn is passed in */
+            *(normed + dnlen) = '\0';
+            ncsdn->dn = normed;
+            ncsdn->ndn_len = dnlen;
+            ncsdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+            PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
+            PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+        } else if (rc > 0) { /* rc > 0 */
+            slapi_ch_free_string(&udn);
+            ncsdn->dn = normed;
+            ncsdn->ndn_len = dnlen;
+            ncsdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN);
+            PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_created);
+            PR_INCREMENT_COUNTER(slapi_sdn_counter_dn_exist);
+        }
+        /* else (rc < 0); normzlization failed. return NULL */
+        return sdn->dn;
+    } else {
+        return NULL;
+    }
 }
 
 const char *
 slapi_sdn_get_ndn(const Slapi_DN *sdn)
 {
-    if(sdn->ndn==NULL)
-    {
-        if(sdn->dn!=NULL)
-        {
-            char *p= slapi_ch_strdup(sdn->dn);
-            char *normed = NULL;
-            size_t dnlen = 0;
-            int rc = 0;
-
-            Slapi_DN *ncsdn= (Slapi_DN*)sdn; /* non-const Slapi_DN */
-            rc = slapi_dn_normalize_case_ext(p, 0, &normed, &dnlen);
-            if (rc < 0) {
-                /* we give up, just set dn to ndn */
-                slapi_dn_ignore_case(p); /* ignore case */
-                ncsdn->ndn = p;
-                ncsdn->ndn_len = strlen(p);
-            } else if (rc == 0) { /* p is passed in */
-                *(normed + dnlen) = '\0';
-                ncsdn->ndn = normed;
-                ncsdn->ndn_len = dnlen;
-            } else { /* rc > 0 */
-                slapi_ch_free_string(&p);
-                ncsdn->ndn = normed;
-                ncsdn->ndn_len = dnlen;
-            }
-            ncsdn->flag= slapi_setbit_uchar(sdn->flag,FLAG_NDN);
-            PR_INCREMENT_COUNTER(slapi_sdn_counter_ndn_created);
-            PR_INCREMENT_COUNTER(slapi_sdn_counter_ndn_exist);
-        }
+    if (NULL == sdn) {
+        return NULL;
+    }
+    if (sdn->ndn) {
+        return sdn->ndn;
+    } else if (sdn->dn || sdn->udn) {
+        Slapi_DN *ncsdn = (Slapi_DN*)sdn; /* non-const Slapi_DN */
+        char *ndn = slapi_ch_strdup(slapi_sdn_get_dn(sdn));
+        slapi_dn_ignore_case(ndn); /* ignore case */
+        ncsdn->ndn = ndn;
+        ncsdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_NDN);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_ndn_created);
+        PR_INCREMENT_COUNTER(slapi_sdn_counter_ndn_exist);
+        return ndn;
+    } else {
+        return NULL;
+    }
+}
+
+const char *
+slapi_sdn_get_udn(const Slapi_DN *sdn)
+{
+    if (sdn->udn) {
+        return sdn->udn;
+    } else if (sdn->dn) {
+        return sdn->dn;
+    } else if (sdn->ndn) {
+        return sdn->ndn;
+    } else {
+        return NULL;
     }
-    return sdn->ndn;
 }
 
 void
@@ -2123,52 +2307,45 @@ Slapi_DN *
 slapi_sdn_dup(const Slapi_DN *sdn)
 {
 	Slapi_DN *tmp;
-    SDN_DUMP( sdn, "slapi_sdn_dup");
-    tmp=slapi_sdn_new_dn_byval(slapi_sdn_get_dn(sdn));
-	/* can't use slapi_set_ndn_byval -- it nulls the dn */
-	tmp->flag= slapi_setbit_uchar(tmp->flag,FLAG_NDN);
-	if(sdn->ndn!=NULL)
-	{
-		tmp->ndn= slapi_ch_strdup(sdn->ndn);
-		tmp->ndn_len=sdn->ndn_len;
-	} else tmp->ndn=NULL;
+	SDN_DUMP( sdn, "slapi_sdn_dup");
+	tmp = slapi_sdn_new_normdn_byval(slapi_sdn_get_dn(sdn));
 	return tmp;
 }
 
 void
 slapi_sdn_copy(const Slapi_DN *from, Slapi_DN *to)
 {
-    SDN_DUMP( from, "slapi_sdn_copy from");
-    SDN_DUMP( to, "slapi_sdn_copy to");
+	SDN_DUMP( from, "slapi_sdn_copy from");
+	SDN_DUMP( to, "slapi_sdn_copy to");
 	slapi_sdn_done(to);
-	slapi_sdn_set_dn_byval(to,slapi_sdn_get_dn(from));
+	slapi_sdn_set_normdn_byval(to, slapi_sdn_get_dn(from));
 }
 
 int
 slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 )
 {
-    int rc;
-    const char *ndn1= slapi_sdn_get_ndn(sdn1);
-    const char *ndn2= slapi_sdn_get_ndn(sdn2);
+	int rc;
+	const char *ndn1= slapi_sdn_get_ndn(sdn1);
+	const char *ndn2= slapi_sdn_get_ndn(sdn2);
 	if(ndn1==ndn2)
 	{
 	    rc= 0;
 	}
 	else
 	{
-	    if(ndn1==NULL)
+		if(ndn1==NULL)
 		{
 		    rc= -1;
 		}
 		else
 		{
-    	    if(ndn2==NULL)
-    		{
-    		    rc= 1;
-    		}
-    		else
-    		{
-                rc= strcmp(ndn1,ndn2);
+			if(ndn2==NULL)
+			{
+				rc= 1;
+			}
+			else
+			{
+				rc= strcmp(ndn1,ndn2);
 			}
 		}
 	}
@@ -2176,22 +2353,25 @@ slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 )
 }
 
 int
-slapi_sdn_isempty( const Slapi_DN *sdn)
+slapi_sdn_isempty(const Slapi_DN *sdn)
 {
-    const char *dn= slapi_sdn_get_dn(sdn);
+	const char *dn = NULL;
+	if (sdn) {
+		dn = slapi_sdn_get_dn(sdn);
+	}
 	return (dn==NULL || dn[0]=='\0');
 }
 
 int
 slapi_sdn_issuffix(const Slapi_DN *sdn, const Slapi_DN *suffixsdn)
 {
-    int rc;
-    const char *dn= slapi_sdn_get_ndn(sdn);
+	int rc;
+	const char *dn= slapi_sdn_get_ndn(sdn);
 	const char *suffixdn= slapi_sdn_get_ndn(suffixsdn);
 	if(dn!=NULL && suffixdn!=NULL)
 	{
-    	int dnlen = slapi_sdn_get_ndn_len(sdn);
-        int suffixlen= slapi_sdn_get_ndn_len(suffixsdn);
+		int dnlen = slapi_sdn_get_ndn_len(sdn);
+		int suffixlen= slapi_sdn_get_ndn_len(suffixsdn);
 		if (dnlen<suffixlen)
 		{
 		    rc= 0;
@@ -2203,9 +2383,8 @@ slapi_sdn_issuffix(const Slapi_DN *sdn, const Slapi_DN *suffixsdn)
 				return ( 1 );
 			}
 
-        	rc= ( (strcasecmp(suffixdn, dn+dnlen-suffixlen)==0)
-					&& ( (dnlen == suffixlen)
-						 || DNSEPARATOR(dn[dnlen-suffixlen-1])) );
+			rc = (((dnlen == suffixlen) || DNSEPARATOR(dn[dnlen-suffixlen-1]))
+			      && (strcasecmp(suffixdn, dn+dnlen-suffixlen)==0));
 		}
 	}
 	else
@@ -2219,11 +2398,11 @@ slapi_sdn_issuffix(const Slapi_DN *sdn, const Slapi_DN *suffixsdn)
 int
 slapi_sdn_get_ndn_len(const Slapi_DN *sdn)
 {
-    int r= 0;
-	(void)slapi_sdn_get_ndn(sdn); /* does the normalization if needed */
-	if(sdn->ndn!=NULL)
+    int r = 0;
+	(void)slapi_sdn_get_dn(sdn); /* does the normalization if needed */
+	if(sdn->dn || sdn->ndn)
 	{
-		r= sdn->ndn_len;	
+		r = sdn->ndn_len;	
 	}
 	return r;
 }
@@ -2296,7 +2475,7 @@ slapi_sdn_scope_test( const Slapi_DN *dn, const Slapi_DN *base, int scope )
  * build the new dn of an entry for moddn operations
  */
 char *
-slapi_moddn_get_newdn(Slapi_DN *dn_olddn, char *newrdn, char *newsuperiordn)
+slapi_moddn_get_newdn(Slapi_DN *dn_olddn, const char *newrdn, const char *newsuperiordn)
 {
     char *newdn;
 	

ldap/servers/slapd/dse.c

@@ -1426,18 +1426,17 @@ dse_delete_entry(struct dse* pdse, Slapi_PBlock *pb, const Slapi_Entry *e)
 int
 dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from this function! */
 {
-	char *dn; /* The bind DN */
 	int	method; /* The bind method */
 	struct berval *cred; /* The bind credentials */
 	Slapi_Value **bvals; 
     struct dse* pdse;
 	Slapi_Attr *attr;
-	Slapi_DN sdn;
+	Slapi_DN *sdn = NULL;
 	Slapi_Entry *ec= NULL;
 
 	/*Get the parameters*/
 	if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-		slapi_pblock_get( pb, SLAPI_BIND_TARGET, &dn ) < 0 ||
+		slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn ) < 0 ||
 		slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ) < 0 ||
 		slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &cred ) < 0){
 		slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
@@ -1456,13 +1455,10 @@ dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from thi
 		return( SLAPI_BIND_FAIL );
 	}
 
-	/* Find the entry that the person is attempting to bind as */
-	slapi_sdn_init_dn_byref(&sdn,dn);
-    ec = dse_get_entry_copy(pdse,&sdn,DSE_USE_LOCK);
+    ec = dse_get_entry_copy(pdse, sdn, DSE_USE_LOCK);
     if ( ec == NULL )
 	{
 		slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
 		return( SLAPI_BIND_FAIL );
 	}
 
@@ -1475,7 +1471,6 @@ dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from thi
 		{
 			slapi_send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL );
 			slapi_entry_free(ec);
-			slapi_sdn_done(&sdn);
 			return SLAPI_BIND_FAIL;
 		}
 		bvals= attr_get_present_values( attr );
@@ -1485,7 +1480,6 @@ dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from thi
 		{
 			slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL );
 			slapi_entry_free(ec);
-			slapi_sdn_done(&sdn);
 			value_done(&cv);
 			return SLAPI_BIND_FAIL;
 		}
@@ -1496,11 +1490,9 @@ dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from thi
 	default:
 		slapi_send_ldap_result( pb, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL, "auth method not supported", 0, NULL );
 		slapi_entry_free(ec);
-		slapi_sdn_done(&sdn);
 		return SLAPI_BIND_FAIL;
 	}
 	slapi_entry_free(ec);
-	slapi_sdn_done(&sdn);
 	/* success:  front end will send result */
 	return SLAPI_BIND_SUCCESS;
 }
@@ -1647,7 +1639,6 @@ do_dse_search(struct dse* pdse, Slapi_PBlock *pb, int scope, const Slapi_DN *bas
 int
 dse_search(Slapi_PBlock *pb) /* JCM There should only be one exit point from this function! */
 {
-    char *base; /*Base of the search*/
     int scope; /*Scope of the search*/
     Slapi_Filter *filter; /*The filter*/
     char **attrs; /*Attributes*/
@@ -1657,7 +1648,7 @@ dse_search(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     int returncode= LDAP_SUCCESS;
     int isrootdse= 0;
     char returntext[SLAPI_DSE_RETURNTEXT_SIZE]= "";
-	Slapi_DN basesdn;
+	Slapi_DN *basesdn = NULL;
 	int estimate = 0; /* estimated search result set size */
 
     /* 
@@ -1666,7 +1657,7 @@ dse_search(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
      * more or less directly from the client.
      */
     if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-        slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &base ) < 0 ||
+        slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &basesdn ) < 0 ||
         slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope ) < 0 ||
         slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, &filter ) < 0 ||
         slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, &attrs ) < 0 ||
@@ -1675,27 +1666,23 @@ dse_search(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
         return(-1);
     }
-
-	slapi_sdn_init_dn_byref(&basesdn,base);
-	
     /*
      * Sadly the root dse is still a special case.  We must not allow
      * acl checks on it, or allow onelevel or subtree searches on it.
      */
-    isrootdse= slapi_sdn_isempty(&basesdn);
+    isrootdse= slapi_sdn_isempty(basesdn);
 
     switch(scope)
     {
     case LDAP_SCOPE_BASE:
         {
 		Slapi_Entry *baseentry= NULL;
-	    baseentry = dse_get_entry_copy(pdse,&basesdn,DSE_USE_LOCK);
+	    baseentry = dse_get_entry_copy(pdse, basesdn, DSE_USE_LOCK);
         if ( baseentry == NULL )
         {
             slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
 			slapi_log_error(SLAPI_LOG_PLUGIN,"dse_search", "node %s was not found\n",
-								 slapi_sdn_get_dn(&basesdn));
-			slapi_sdn_done(&basesdn);
+								 slapi_sdn_get_dn(basesdn));
             return -1;
         }
         /* 
@@ -1726,14 +1713,13 @@ dse_search(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     case LDAP_SCOPE_SUBTREE:
         if(!isrootdse)
         {
-            estimate = do_dse_search(pdse, pb, scope, &basesdn, filter, attrs, attrsonly);
+            estimate = do_dse_search(pdse, pb, scope, basesdn, filter, attrs, attrsonly);
         }
         break;
     }
 	slapi_pblock_set (pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate);
 
     /* Search is done, send LDAP_SUCCESS */
-	slapi_sdn_done(&basesdn);
     return 0;
 }
 
@@ -1756,19 +1742,19 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 {
     int	err; /*House keeping stuff*/
     LDAPMod **mods; /*Used to apply the modifications*/
-    char *dn; /*Storage for the dn*/
     char *errbuf = NULL; /* To get error back */
     struct dse* pdse;
     Slapi_Entry *ec= NULL;
     Slapi_Entry *ecc= NULL;
     int returncode= LDAP_SUCCESS;
     char returntext[SLAPI_DSE_RETURNTEXT_SIZE]= "";
-	Slapi_DN sdn;
+	Slapi_DN *sdn = NULL;
 	int dont_write_file = 0; /* default */
 
 	PR_ASSERT(pb);
     if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-        slapi_pblock_get( pb, SLAPI_MODIFY_TARGET, &dn ) < 0 ||
+        /* slapi_pblock_get( pb, SLAPI_MODIFY_TARGET, &dn ) < 0 || */
+        slapi_pblock_get( pb, SLAPI_MODIFY_TARGET_SDN, &sdn ) < 0 ||
         slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods ) < 0 || (NULL == pdse))
     {
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
@@ -1780,14 +1766,11 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
         return( -1 );
     }
 
-	slapi_sdn_init_dn_byref(&sdn,dn);
-
     /* Find the entry we are about to modify. */
-    ec = dse_get_entry_copy(pdse,&sdn,DSE_USE_LOCK);
+    ec = dse_get_entry_copy(pdse, sdn, DSE_USE_LOCK);
     if ( ec == NULL )
     {
         slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
         return dse_modify_return( -1, ec, ecc );
     }
 
@@ -1797,7 +1780,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     {
         slapi_send_ldap_result( pb, err, NULL, errbuf, 0, NULL );
         if (errbuf)  slapi_ch_free ((void**)&errbuf);
-		slapi_sdn_done(&sdn);
         return dse_modify_return( -1, ec, ecc );
     }
 
@@ -1817,7 +1799,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
         {
         /* Error occured in the callback -- return error code from callback */
         slapi_send_ldap_result( pb, returncode, NULL, returntext, 0, NULL );
-		slapi_sdn_done(&sdn);
 		return dse_modify_return( -1, ec, ecc );
         }
 
@@ -1825,7 +1806,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
         {
         /* Callback says don't apply the changes -- return Success */
 		slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
 		return dse_modify_return( 0, ec, ecc );
         }
 
@@ -1861,7 +1841,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 		{
 			/* entry_apply_mods() failed above, so return an error now */
             slapi_send_ldap_result( pb, err, NULL, NULL, 0, NULL );
-			slapi_sdn_done(&sdn);
             return dse_modify_return( -1, ec, ecc );
 		}
         break;
@@ -1875,7 +1854,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 
 	slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
         slapi_send_ldap_result( pb, LDAP_OBJECT_CLASS_VIOLATION, NULL, errtext, 0, NULL );
-		slapi_sdn_done(&sdn);
         return dse_modify_return( -1, ec, ecc );
     }
 
@@ -1886,7 +1864,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 
         slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
         slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, errtext, 0, NULL );
-        slapi_sdn_done(&sdn);
         return dse_modify_return( -1, ec, ecc );
     }
 
@@ -1895,7 +1872,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     if (dse_replace_entry( pdse, ecc, !dont_write_file, DSE_USE_LOCK )!=0 )
     {
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
         return dse_modify_return( -1, ec, ecc );
     }
     slapi_pblock_set( pb, SLAPI_ENTRY_POST_OP, slapi_entry_dup(ecc) ); /* JCM - When does this get free'd? */
@@ -1904,7 +1880,6 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 
     slapi_send_ldap_result( pb, returncode, NULL, returntext, 0, NULL );
 
-	slapi_sdn_done(&sdn);
     return dse_modify_return(0, ec, ecc);
 }
 
@@ -1922,7 +1897,6 @@ dse_add_return( int rv, Slapi_Entry *e)
 int
 dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this function! */
 {
-    char *dn = NULL;
     Slapi_Entry *e; /*The new entry to add*/
 	Slapi_Entry *e_copy = NULL; /* copy of added entry */
     char *errbuf = NULL;
@@ -1932,14 +1906,14 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
     struct dse* pdse;
     int returncode= LDAP_SUCCESS;
     char returntext[SLAPI_DSE_RETURNTEXT_SIZE]= "";
-	Slapi_DN sdn;
+	Slapi_DN *sdn = NULL;
 	Slapi_DN parent;
 
     /*
      * Get the database, the dn and the entry to add
      */
     if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-        slapi_pblock_get( pb, SLAPI_ADD_TARGET, &dn ) < 0 ||
+        slapi_pblock_get( pb, SLAPI_ADD_TARGET_SDN, &sdn ) < 0 ||
         slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ) < 0 || (NULL == pdse))
     {
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
@@ -1951,8 +1925,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
         return( error );
     }
 
-	slapi_sdn_init_dn_byref(&sdn,dn);
-
     /*
      * Check to make sure the entry passes the schema check
      */
@@ -1963,7 +1935,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
 				"dse_add: entry failed schema check\n", 0, 0, 0 );
 	slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
         slapi_send_ldap_result( pb, LDAP_OBJECT_CLASS_VIOLATION, NULL, errtext, 0, NULL );
-		slapi_sdn_done(&sdn);
         return error;
     }
 
@@ -1975,7 +1946,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
                                 "dse_add: entry failed syntax check\n", 0, 0, 0 );
         slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
         slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, errtext, 0, NULL );
-        slapi_sdn_done(&sdn);
         return error;
     }
 
@@ -1983,7 +1953,7 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
      * Attempt to find this dn.
      */
     {
-        Slapi_Entry *existingentry= dse_get_entry_copy( pdse, &sdn, DSE_USE_LOCK );
+        Slapi_Entry *existingentry= dse_get_entry_copy( pdse, sdn, DSE_USE_LOCK );
         if(existingentry!=NULL)
         {
             /*
@@ -1991,7 +1961,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
              * whose dn matches dn, so tell the user and return
              */
             slapi_send_ldap_result( pb, LDAP_ALREADY_EXISTS, NULL, NULL, 0, NULL );
-			slapi_sdn_done(&sdn);
 			slapi_entry_free(existingentry);
 			return dse_add_return(error, NULL);
         }
@@ -2003,7 +1972,7 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
      * add the entry.
      */
 	slapi_sdn_init(&parent);
-	slapi_sdn_get_parent(&sdn,&parent);
+	slapi_sdn_get_parent(sdn, &parent);
     if ( !slapi_sdn_isempty(&parent) )
     {
 	    Slapi_Entry *parententry= NULL;
@@ -2012,7 +1981,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
         {
             slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
             LDAPDebug( SLAPI_DSE_TRACELEVEL, "dse_add: parent does not exist\n", 0, 0, 0 );
-			slapi_sdn_done(&sdn);
 			slapi_sdn_done(&parent);
 			return dse_add_return(error, NULL);
         }
@@ -2023,7 +1991,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
             LDAPDebug( SLAPI_DSE_TRACELEVEL, "dse_add: no access to parent\n", 0, 0, 0 );
             slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
             slapi_ch_free((void**)&errbuf);
-			slapi_sdn_done(&sdn);
 			slapi_sdn_done(&parent);
 			return dse_add_return(rc, NULL);
         }
@@ -2037,7 +2004,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
         {
             LDAPDebug( SLAPI_DSE_TRACELEVEL, "dse_add: no parent and not root\n", 0, 0, 0 );
             slapi_send_ldap_result( pb, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, 0, NULL );
-			slapi_sdn_done(&sdn);
 			slapi_sdn_done(&parent);
 			return dse_add_return(error, NULL);
         }
@@ -2060,7 +2026,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
 			NULL, &returncode, returntext)!=SLAPI_DSE_CALLBACK_OK)
     {
         slapi_send_ldap_result( pb, returncode, NULL, returntext, 0, NULL );
-		slapi_sdn_done(&sdn);
 		return dse_add_return(error, NULL);
     }
 
@@ -2069,7 +2034,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
     if ( dse_add_entry_pb(pdse, e_copy, pb) != 0)
     {
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
 		return dse_add_return(error, NULL);
     }
 	/* The postop must be called after the write lock is released. */
@@ -2083,9 +2047,6 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
 	/* entry has been freed, so make sure no one tries to use it later */
 	slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
 
-    /* Free the dn, and return */
-	slapi_sdn_done(&sdn);
-
 	return dse_add_return(rc, e);
 }
 
@@ -2104,40 +2065,37 @@ dse_delete_return( int rv, Slapi_Entry *ec)
 int
 dse_delete(Slapi_PBlock *pb) /* JCM There should only be one exit point from this function! */
 {
-    char *dn = NULL;
     int rc= -1;
-	int dont_write_file = 0;	/* default */
+    int dont_write_file = 0;	/* default */
     struct dse* pdse = NULL;
     int returncode= LDAP_SUCCESS;
     char returntext[SLAPI_DSE_RETURNTEXT_SIZE]= "";
     char *entry_str = "entry";
     char *errbuf = NULL;
-	char *attrs[2] =  { NULL, NULL };
-	Slapi_DN sdn;
-	Slapi_Entry *ec = NULL; /* copy of entry to delete */
+    char *attrs[2] =  { NULL, NULL };
+    Slapi_DN *sdn = NULL;
+    Slapi_Entry *ec = NULL; /* copy of entry to delete */
 
     /*
      * Get the database and the dn
      */
     if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-        slapi_pblock_get( pb, SLAPI_DELETE_TARGET, &dn ) < 0 || (pdse == NULL))
+        slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn ) < 0 ||
+        (pdse == NULL))
     {
         slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
         return rc;
     }
 
-	slapi_pblock_get(pb, SLAPI_DSE_DONT_WRITE_WHEN_ADDING, &dont_write_file);
-	if ( !dont_write_file && dse_check_for_readonly_error(pb,pdse)) {
+    slapi_pblock_get(pb, SLAPI_DSE_DONT_WRITE_WHEN_ADDING, &dont_write_file);
+    if ( !dont_write_file && dse_check_for_readonly_error(pb,pdse)) {
         return( rc );
     }
 
-	slapi_sdn_init_dn_byref(&sdn,dn);
-
-    ec= dse_get_entry_copy( pdse, &sdn, DSE_USE_LOCK );
+    ec= dse_get_entry_copy( pdse, sdn, DSE_USE_LOCK );
     if (ec == NULL)
     {
         slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
         return dse_delete_return( rc, ec );
     }
 
@@ -2147,7 +2105,6 @@ dse_delete(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     if(dse_numsubordinates(ec)>0)
     {
         slapi_send_ldap_result( pb, LDAP_NOT_ALLOWED_ON_NONLEAF, NULL, NULL, 0, NULL );
-		slapi_sdn_done(&sdn);
         return dse_delete_return( rc, ec );
     }
 
@@ -2161,7 +2118,6 @@ dse_delete(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     {
         slapi_send_ldap_result( pb, returncode, NULL, NULL, 0, NULL );
         slapi_ch_free ( (void**)&errbuf );
-		slapi_sdn_done(&sdn);
         return dse_delete_return( rc, ec );
     }
 
@@ -2175,7 +2131,6 @@ dse_delete(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
     else
     {
         slapi_send_ldap_result( pb, returncode, NULL, NULL, 0, NULL );
-        slapi_sdn_done(&sdn);
         return dse_delete_return( rc, ec );
     }
 
@@ -2183,7 +2138,6 @@ dse_delete(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
 
     slapi_send_ldap_result( pb, returncode, NULL, returntext, 0, NULL );
 	slapi_pblock_set( pb, SLAPI_ENTRY_PRE_OP, slapi_entry_dup( ec ));
-	slapi_sdn_done(&sdn);
     return dse_delete_return(0, ec);
 }
 

ldap/servers/slapd/entry.c

@@ -276,18 +276,22 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 					normdn = 
 						slapi_dn_normalize_original(slapi_ch_strdup(rawdn));
 				} else {
-					normdn = slapi_create_dn_string("%s", rawdn);
-					if (NULL == normdn) {
-						LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-							  		"str2entry_fast: Invalid DN: %s\n", rawdn);
-						slapi_entry_free( e );
-						if (freeval) slapi_ch_free_string(&value.bv_val);
-						e = NULL;
-						goto done;
+					if (flags & SLAPI_STR2ENTRY_DN_NORMALIZED) {
+						normdn = slapi_ch_strdup(rawdn);
+					} else {
+						normdn = slapi_create_dn_string("%s", rawdn);
+						if (NULL == normdn) {
+							LDAPDebug1Arg(LDAP_DEBUG_TRACE,
+							     "str2entry_fast: Invalid DN: %s\n", rawdn);
+							slapi_entry_free( e );
+							if (freeval) slapi_ch_free_string(&value.bv_val);
+							e = NULL;
+							goto done;
+						}
 					}
 				}
 				/* normdn is consumed in e */
-				slapi_entry_set_dn(e, normdn);
+				slapi_entry_set_normdn(e, normdn);
 			}
 			if ( NULL == slapi_entry_get_rdn_const( e )) {
 				if (normdn) {
@@ -298,14 +302,19 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 						normdn = 
 							slapi_dn_normalize_original(slapi_ch_strdup(rawdn));
 					} else {
-						normdn = slapi_create_dn_string("%s", rawdn);
-						if (NULL == normdn) {
-							LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-							  		"str2entry_fast: Invalid DN: %s\n", rawdn);
-							slapi_entry_free( e );
-							if (freeval) slapi_ch_free_string(&value.bv_val);
-							e = NULL;
-							goto done;
+						if (flags & SLAPI_STR2ENTRY_DN_NORMALIZED) {
+							normdn = slapi_ch_strdup(rawdn);
+						} else {
+							normdn = slapi_create_dn_string("%s", rawdn);
+							if (NULL == normdn) {
+								LDAPDebug1Arg(LDAP_DEBUG_TRACE,
+								    "str2entry_fast: Invalid DN: %s\n", rawdn);
+								slapi_entry_free( e );
+								if (freeval) 
+								    slapi_ch_free_string(&value.bv_val);
+								e = NULL;
+								goto done;
+							}
 						}
 					}
 					/* normdn is just referred in slapi_entry_set_rdn. */
@@ -345,7 +354,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 				goto done;
 			}
 			/* normdn is consumed in e */
-			slapi_entry_set_dn(e, normdn);
+			slapi_entry_set_normdn(e, normdn);
 
 			/* the memory below was not allocated by the slapi_ch_ functions */
 			if (freeval) slapi_ch_free_string(&value.bv_val);
@@ -429,7 +438,6 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 			if (slapi_attr_is_dn_syntax_attr(*a)) {
 				int rc = 0;
 				char *dn_aval = NULL;
-				size_t dnlen = 0;
 				if (strict) {
 					/* check that the dn is formatted correctly */
 					rc = slapi_dn_syntax_check(NULL, value.bv_val, 1);
@@ -447,23 +455,14 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 					dn_aval = slapi_dn_normalize_original(value.bv_val);
 					slapi_value_set(svalue, dn_aval, strlen(dn_aval));
 				} else {
-					rc = slapi_dn_normalize_ext(value.bv_val, 
-												value.bv_len, &dn_aval, &dnlen);
-					if 	(rc < 0) {
-						/* Give up normalizing the attribute value */
-						LDAPDebug2Args(LDAP_DEBUG_TRACE,
-							       "str2entry_fast: Invalid DN value: %s: %s\n",
-							       type.bv_val, value.bv_val);
-						dn_aval = value.bv_val;
-						dnlen = value.bv_len;
-					} else if (rc == 0) { /* rc == 0; valuecharptr is passed in;
-											 not null terminated */
-						*(dn_aval + dnlen) = '\0';
-					}
-					slapi_value_set(svalue, dn_aval, dnlen);
-					if (rc > 0) { /* if rc == 0, valuecharptr is passed in */
-						slapi_ch_free_string(&dn_aval);
-					}
+					Slapi_DN *sdn = slapi_sdn_new_dn_byref(value.bv_val);
+					/* Note: slapi_sdn_get_dn returns normalized DN with
+					 * case-intact. Thus, the length of dn_aval is 
+					 * slapi_sdn_get_ndn_len(sdn). */
+					dn_aval = (char *)slapi_sdn_get_dn(sdn);
+					slapi_value_set(svalue, (void *)dn_aval,
+					                slapi_sdn_get_ndn_len(sdn));
+					slapi_sdn_free(&sdn);
 				}
 			} else {
 				slapi_value_set_berval(svalue, &value);
@@ -809,34 +808,42 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo )
 
 		if ( rawdn ) {
 			if ( NULL == slapi_entry_get_dn_const(e) ) {
-				normdn = slapi_create_dn_string("%s", rawdn);
-				if (NULL == normdn) {
-					LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-							  "str2entry_dupcheck: Invalid DN: %s\n", rawdn);
-					slapi_entry_free( e );
-					if (freeval) slapi_ch_free_string(&bvvalue.bv_val);
-					csn_free(&attributedeletioncsn);
-					csn_free(&maxcsn);
-					return NULL;
-				}
-				/* normdn is consumed in e */
-				slapi_entry_set_dn(e, normdn);
-			}
-			if ( NULL == slapi_entry_get_rdn_const(e) ) {
-				if (normdn) {
-					/* normdn is just referred in slapi_entry_set_rdn. */
-					slapi_entry_set_rdn(e, normdn);
+				if (flags & SLAPI_STR2ENTRY_DN_NORMALIZED) {
+					normdn = slapi_ch_strdup(rawdn);
 				} else {
 					normdn = slapi_create_dn_string("%s", rawdn);
 					if (NULL == normdn) {
 						LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-						         "str2entry_dupcheck: Invalid DN: %s\n", rawdn);
+						    "str2entry_dupcheck: Invalid DN: %s\n", rawdn);
 						slapi_entry_free( e );
 						if (freeval) slapi_ch_free_string(&bvvalue.bv_val);
 						csn_free(&attributedeletioncsn);
 						csn_free(&maxcsn);
 						return NULL;
 					}
+				}
+				/* normdn is consumed in e */
+				slapi_entry_set_normdn(e, normdn);
+			}
+			if ( NULL == slapi_entry_get_rdn_const(e) ) {
+				if (normdn) {
+					/* normdn is just referred in slapi_entry_set_rdn. */
+					slapi_entry_set_rdn(e, normdn);
+				} else {
+					if (flags & SLAPI_STR2ENTRY_DN_NORMALIZED) {
+						normdn = slapi_ch_strdup(rawdn);
+					} else {
+						normdn = slapi_create_dn_string("%s", rawdn);
+						if (NULL == normdn) {
+						LDAPDebug1Arg(LDAP_DEBUG_TRACE,
+							     "str2entry_dupcheck: Invalid DN: %s\n", rawdn);
+							slapi_entry_free( e );
+							if (freeval) slapi_ch_free_string(&bvvalue.bv_val);
+							csn_free(&attributedeletioncsn);
+							csn_free(&maxcsn);
+							return NULL;
+						}
+					}
 					/* normdn is just referred in slapi_entry_set_rdn. */
 					slapi_entry_set_rdn(e, normdn);
 					slapi_ch_free_string(&normdn);
@@ -866,7 +873,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo )
 				goto free_and_return;
 			}
 			/* normdn is consumed in e */
-			slapi_entry_set_dn(e, normdn);
+			slapi_entry_set_normdn(e, normdn);
 			/* the memory below was not allocated by the slapi_ch_ functions */
 			if (freeval) slapi_ch_free_string(&bvvalue.bv_val);
 		    continue;
@@ -1019,8 +1026,8 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo )
 		sa = prev_attr;	/* For readability */
 		value= value_new(NULL, CSN_TYPE_NONE, NULL);
 		if (slapi_attr_is_dn_syntax_attr(&(sa->sa_attr))) {
-			char *dn_aval = NULL;
-			size_t dnlen = 0;
+			Slapi_DN *sdn = NULL;
+			const char *dn_aval = NULL;
 			if (strict) {
 				/* check that the dn is formatted correctly */
 				rc = slapi_dn_syntax_check(NULL, valuecharptr, 1);
@@ -1033,22 +1040,13 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo )
 					goto free_and_return;
 				}
 			}
-			rc = slapi_dn_normalize_ext(bvvalue.bv_val, bvvalue.bv_len, &dn_aval, &dnlen);
-			if (rc < 0) {
-				/* Give up normalizing the attribute value */
-				LDAPDebug2Args(LDAP_DEBUG_TRACE,
-							   "str2entry_dupcheck: Invalid DN value: %s: %s\n",
-							   type, valuecharptr);
-				dn_aval = valuecharptr;
-				dnlen = bvvalue.bv_len;
-			}
-			slapi_value_set(value, dn_aval, dnlen);
-			if (rc > 0) { /* if rc == 0, valuecharptr is passed in */
-				slapi_ch_free_string(&dn_aval);
-			} else if (rc == 0) { /* rc == 0; valuecharptr is passed in; 
-									 not null terminated */
-				*(dn_aval + dnlen) = '\0';
-			}
+			sdn = slapi_sdn_new_dn_byref(bvvalue.bv_val);
+			/* Note: slapi_sdn_get_dn returns the normalized DN 
+			 * with case-intact. Thus, the length of dn_aval is 
+			 * slapi_sdn_get_ndn_len(sdn). */
+			dn_aval = slapi_sdn_get_dn(sdn);
+			slapi_value_set(value, (void *)dn_aval, slapi_sdn_get_ndn_len(sdn));
+			slapi_sdn_free(&sdn);
 		} else {
 			slapi_value_set_berval(value, &bvvalue);
 		}
@@ -1381,19 +1379,19 @@ slapi_str2entry( char *s, int flags )
  * NOTE: the first arg "dn" should have been normalized before passing.
  */
 Slapi_Entry *
-slapi_str2entry_ext( const char *dn, char *s, int flags )
+slapi_str2entry_ext( const char *normdn, char *s, int flags )
 {
 	Slapi_Entry *e;
 	int read_stateinfo= ~( flags & SLAPI_STR2ENTRY_IGNORE_STATE );
 
-	if (NULL == dn)
+	if (NULL == normdn)
 	{
 		return slapi_str2entry( s, flags );
 	}
 
 	LDAPDebug( LDAP_DEBUG_ARGS,
 			"slapi_str2entry_ext: flags=0x%x, dn=\"%s\", entry=\"%.50s...\"\n",
-			flags, dn, s );
+			flags, normdn, s );
 
 
 	/*
@@ -1404,11 +1402,13 @@ slapi_str2entry_ext( const char *dn, char *s, int flags )
 	if ( 0 != ( flags & SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF ) ||
 			0 != ( flags & ~SLAPI_STRENTRY_FLAGS_HANDLED_BY_STR2ENTRY_FAST ))
 	{
-	    e= str2entry_dupcheck( dn, s, flags, read_stateinfo );
+	    e = str2entry_dupcheck( normdn, s, 
+	                    flags|SLAPI_STR2ENTRY_DN_NORMALIZED, read_stateinfo );
 	}
 	else
 	{
-	    e= str2entry_fast( dn, s, flags, read_stateinfo );
+	    e = str2entry_fast( normdn, s, 
+	                    flags|SLAPI_STR2ENTRY_DN_NORMALIZED, read_stateinfo );
 	}
 	if (!e)
 		return e;	/* e == NULL */
@@ -1941,15 +1941,30 @@ void
 slapi_entry_init(Slapi_Entry *e, char *dn, Slapi_Attr *a)
 {
     slapi_sdn_set_dn_passin(slapi_entry_get_sdn(e), dn);
-	e->e_uniqueid= NULL;
+    e->e_uniqueid= NULL;
     e->e_attrs= a;
     e->e_dncsnset= NULL;
     e->e_maxcsn= NULL;
-	e->e_deleted_attrs= NULL;
-	e->e_virtual_attrs= NULL;
-	e->e_virtual_watermark= 0;
-	e->e_virtual_lock= slapi_new_rwlock();
-	e->e_flags= 0;
+    e->e_deleted_attrs= NULL;
+    e->e_virtual_attrs= NULL;
+    e->e_virtual_watermark= 0;
+    e->e_virtual_lock= slapi_new_rwlock();
+    e->e_flags= 0;
+}
+
+void
+slapi_entry_init_ext(Slapi_Entry *e, Slapi_DN *sdn, Slapi_Attr *a)
+{
+	slapi_sdn_copy(sdn, slapi_entry_get_sdn(e));
+    e->e_uniqueid= NULL;
+    e->e_attrs= a;
+    e->e_dncsnset= NULL;
+    e->e_maxcsn= NULL;
+    e->e_deleted_attrs= NULL;
+    e->e_virtual_attrs= NULL;
+    e->e_virtual_watermark= 0;
+    e->e_virtual_lock= slapi_new_rwlock();
+    e->e_flags= 0;
 }
 
 void
@@ -2004,10 +2019,10 @@ static size_t slapi_dn_size(Slapi_DN *sdn)
     if (sdn == NULL) return 0;
 
     if (slapi_sdn_get_dn(sdn)) {
-        size += strlen(slapi_sdn_get_dn(sdn)) + 1;
+        size += slapi_sdn_get_ndn_len(sdn) + 1;
     }
     if (slapi_sdn_get_ndn(sdn)) {
-        size += strlen(slapi_sdn_get_ndn(sdn)) + 1;
+        size += slapi_sdn_get_ndn_len(sdn) + 1;
     }
 
     return size;
@@ -2182,6 +2197,12 @@ slapi_entry_set_dn( Slapi_Entry *e, char *dn )
     slapi_sdn_set_dn_passin(slapi_entry_get_sdn(e),dn);
 }
 
+void
+slapi_entry_set_normdn( Slapi_Entry *e, char *dn )
+{
+    slapi_sdn_set_normdn_passin(slapi_entry_get_sdn(e), dn);
+}
+
 /*
  * WARNING - The DN is copied.
  *           The DN could be dn or RDN.
@@ -3166,18 +3187,18 @@ slapi_entry_rename(Slapi_Entry *e, const char *newrdn, int deleteoldrdn, const c
     /* Build new DN.  If newsuperior is set, just use "newrdn,newsuperior".  If
      * newsuperior is not set, need to add newrdn to old superior. */
     if (newsuperior) {
-        newdn = slapi_ch_smprintf("%s,%s", newrdn, newsuperior);
+        newdn = slapi_create_dn_string("%s,%s", newrdn, newsuperior);
     } else {
         char *oldsuperior = NULL;
 
         oldsuperior = slapi_dn_parent(olddn);
-        newdn = slapi_ch_smprintf("%s,%s", newrdn, oldsuperior);
+        newdn = slapi_create_dn_string("%s,%s", newrdn, oldsuperior);
 
         slapi_ch_free_string(&oldsuperior);
     }
 
     /* Set the new DN in the entry.  This hands off the memory used by newdn to the entry. */
-    slapi_entry_set_dn(e, newdn);
+    slapi_entry_set_normdn(e, newdn);
 
     /* Set the RDN in the entry. */
     slapi_entry_set_rdn(e, newdn);
@@ -3826,8 +3847,8 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **curr_entries,
                 }
                 if (0 == isfirst && force_update && testall)
                 {
-                    slapi_modify_internal_set_pb(&pb, 
-                                slapi_entry_get_dn_const(*oep),
+                    slapi_modify_internal_set_pb_ext(&pb, 
+                                slapi_entry_get_sdn_const(*oep),
                                 slapi_mods_get_ldapmods_byref(smods),
                                 NULL, NULL, plg_id, 0);