======================================================================== * openldap README ======================================================================== OpenLDAP 2.4 README For a description of what this distribution contains, see the ANNOUNCEMENT file in this directory. For a description of changes from previous releases, see the CHANGES file in this directory. This is 2.4 release, it includes significant changes from prior releases. REQUIRED SOFTWARE Building OpenLDAP Software requires a number of software packages to be preinstalled. Additional information regarding prerequisite software can be found in the OpenLDAP Administrator's Guide. Base system (libraries and tools): Standard C compiler (required) Cyrus SASL 2.1.21+ (recommended) OpenSSL 0.9.7+ (recommended) Reentrant POSIX REGEX software (required) SLAPD: BDB and HDB backends require Oracle Berkeley DB 4.4 - 4.8, or 5.0 - 5.1. It is highly recommended to apply the patches from Oracle for a given release. CLIENTS/CONTRIB ware: Depends on package. See per package README. MAKING AND INSTALLING THE DISTRIBUTION Please see the INSTALL file for basic instructions. More detailed instructions can be found in the OpenLDAP Admnistrator's Guide (see DOCUMENTATION section). DOCUMENTATION The OpenLDAP Administrator's Guide is available in the guide.html file in the doc/guide/admin directory. The guide and a number of other documents are available at . The distribution also includes manual pages for most programs and library APIs. See ldap(3) for details. The OpenLDAP website is available and contains the latest LDAP news, releases announcements, pointers to other LDAP resources, etc.. It is located at . The OpenLDAP Software FAQ is available at . SUPPORT / FEEDBACK / PROBLEM REPORTS / DISCUSSIONS OpenLDAP Software is user supported. If you have problems, please review the OpenLDAP FAQ and archives of the OpenLDAP-software and OpenLDAP-bugs mailing lists . If you cannot find the answer, please enquire on the OpenLDAP-software list. Issues, such as bug reports, should be reported using our Issue Tracking System . Do not use this system for software enquiries. Please direct these to an appropriate mailing list. CONTRIBUTING See for information regarding how to contribute code or documentation to the OpenLDAP Project for inclusion in OpenLDAP Software. While you are encouraged to coordinate and discuss the development activities on the mailing list prior to submission, it is noted that contributions must be submitted using the Issue Tracking System to be considered. --- $OpenLDAP$ This work is part of OpenLDAP Software . Copyright 1998-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . OpenLDAP is a registered trademark of the OpenLDAP Foundation. ======================================================================== * openldap contrib/ldaptcl/README ======================================================================== Copyright (c) 1998-1999 NeoSoft, Inc. For licensing information, see the file neoXldap.c and/or the COPYRIGHT file contained in the directory you found this file. This directory contains an extension to Tcl to interface with an LDAP server. While this software is being released to the OpenLDAP community, it is the authors' intention that support continue (and be added) for other client libraries as well. As time goes on, it is expected that code will converge rather than diverge. Support is provided for University of Michigan LDAP version 3.3, OpenLDAP, and Netscape. The default configuration supports OpenLDAP 1.2.4 and above. OpenLDAP 2.x is supported, but there is not yet any support for using SASL or TLS. There may be interface changes in the LDAP API which the author is unaware of (a leak was recently fixed for the return values of ldap_first/next_attribute() calls). It uses GNU autoconf. It builds and installs without requiring parallel directories, but it does require that Tcl and Extended Tcl are installed in the directory pointed to by --prefix (/usr/local by default). For further info, try "./configure --help". For example, I run: ./configure --prefix=/opt/neotcl --enable-shared \ --with-ldap=/usr/local/ldap Remember that --prefix must be the same prefix used when building and installint Tcl. Netscape configuration has not been well tested, and you may have to play with the resulting Makefile to get it to work. In particular, you will probably need to modify the LDAP_LIBFLAGS. However, the C code itself is reasonably well tested with Netscape. This module will install a regular shell (ldaptclsh) a windowing shell (ldapwish) a library, a pkgIndex.tcl, and a manpage (ldap.n). If your Tcl installation has been configured with --enable-shared, then you must also use --enable-shared here. Shared libraries and Tcl packages. If Tcl is built with --enable-shared, AND OpenLDAP (or another version for that matter) has been build to create -llber and -lldap as shared libaries, AND you build ldaptcl with --enable-shared, it should be possible to run a plain Tcl interpreter (eg. tclsh8.0) and do package require Ldaptcl which will install the "ldap" command into the interpreter. You may need to set the LD_LIBRARY_PATH environment variable appropriately, or use -R or -W,-rpath ld command options to resolve the search for ldap and lber libraries. This package was test built on a Alpha OSF4.0e with the native C compiler. Please email comments or bug fixes to openldap-devel@OpenLDAP.org, or to kunkee@OpenLDAP.org. I would also like to know if you are using this interface, so I invite you to drop me an email if you do. ======================================================================== * openldap contrib/slapd-modules/README ======================================================================== Copyright 2008-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. This directory contains native-API slapd modules (overlays etc): acl (plugins) Plugins implementing access rules. Currently one plugin which implements access control based on posixGroup membership. addpartial (overlay) Treat Add requests as Modify requests if the entry exists. allop (overlay) Return operational attributes for root DSE even when not requested, since some clients expect this. autogroup (overlay) Automated updates of group memberships. cloak (overlay) Hide specific attributes unless explicitely requested comp_match (plugin) Component Matching rules (RFC 3687). denyop (overlay) Deny selected operations, returning unwillingToPerform. dsaschema (plugin) Permit loading DSA-specific schema, including operational attrs. lastbind (overlay) Record the last successful authentication on an entry. lastmod (overlay) Track the time of the last write operation to a database. nops (overlay) Remove null operations, e.g. changing a value to same as before. nssov (listener overlay) Handle NSS lookup requests through a local Unix Domain socket. passwd (plugins) Support additional password mechanisms. Currently Kerberos, Netscape MTA-MD5 and RADIUS. proxyOld (plugin) Proxy Authorization compatibility with obsolete internet-draft. smbk5pwd (overlay) Make the PasswordModify Extended Operation update Kerberos keys and Samba password hashes as well as userPassword. trace (overlay) Trace overlay invocation. $OpenLDAP$ ======================================================================== * openldap contrib/slapd-modules/acl/README.gssacl ======================================================================== This directory contains native slapd plugins that implement access rules. gssacl.c contains a simple example that implements access control based on GSS naming extensions attributes. To use the acl-gssacl plugin, add: moduleload acl-gssacl.so to your slapd configuration file. It is configured using access to by dynacl/gss/.[.{base,regex,expand}]= {|} The default is "exact"; in case of "expand", "" results from the expansion of submatches in the "" portion. "|" describe the level of privilege this rule can assume. Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \ -o acl-gssacl.so gssacl.c --- Copyright 2011 PADL Software Pty Ltd. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. ======================================================================== * openldap contrib/slapd-modules/acl/README.posixgroup ======================================================================== This directory contains native slapd plugins that implement access rules. posixgroup.c contains a simple example that implements access control based on posixGroup membership, loosely inspired by ITS#3849. It should be made clear that this access control policy does not reflect any standard track model of handling access control, and should be essentially viewed as an illustration of the use of the dynamic extension of access control within slapd. To use the acl-posixgroup plugin, add: moduleload acl-posixgroup.so to your slapd configuration file; it requires "nis.schema" to be loaded. It is configured using access to by dynacl/posixGroup[.{exact,expand}]= {|" results from the expansion of submatches in the "" portion. "|" describe the level of privilege this rule can assume. Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \ -o acl-posixgroup.so posixgroup.c --- Copyright 2005-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. ======================================================================== * openldap contrib/slapd-modules/addpartial/README ======================================================================== addpartial Overlay README DESCRIPTION This package contains an OpenLDAP overlay called "addpartial" that intercepts add requests, determines if the entry exists, determines what attributes, if any, have changed, and modifies those attributes. If the entry does not exist, the add request falls through and proceeds normally. If the entry exists but no changes have been detected, the client receives LDAP_SUCCESS (I suppose it is debatable what to do in this case, but this is the most clean for my use. The LDAP_SUCCESS lets me know that the entry I sent slapd == the entry already in my slapd DB. Perhaps this behavior should be configurable in the future). When a change is found, the addpartial overlay will replace all values for the attribute (if an attribute does not exist in the new entry but exists in the entry in the slapd DB, a replace will be done with an empty list of values). Once a modify takes place, the syncprov overlay will properly process the change, provided that addpartial is the first overlay to run. Please see the CAVEATS for more specifics about this. The addpartial overlay makes it easy to replicate full entries to a slapd instance without worrying about the differences between entries or even if the entry exists. Using ldapadd to add entries, the addpartial overlay can compare about 500 records per second. The intent of the addpartial overlay is to make it easy to replicate records from a source that is not an LDAP instance, such as a database. The overlay is also useful in places where it is easier to create full entries rather than comparing an entry with an entry that must be retrieved (with ldapsearch or similar) from an existing slapd DB to find changes. The addpartial overlay has been used in production since August 2004 and has processed millions of records without incident. BUILDING A Makefile is included, please set your LDAP_SRC directory properly. INSTALLATION After compiling the addpartial overlay, add the following to your slapd.conf: ### slapd.conf ... moduleload addpartial.so ... # after database directive... # this overlay should be the last overlay in the config file to ensure that # it properly intercepts the add request overlay addpartial ... ### end slapd.conf CAVEATS - In order to ensure that addpartial does what it needs to do, it should be the last overlay configured so it will run before the other overlays. This is especially important if you are using syncrepl, as the modify that addpartial does will muck with the locking that takes place in the syncprov overlay. --- Copyright 2004-2016 The OpenLDAP Foundation. Portions Copyright (C) Virginia Tech, David Hawes. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in file LICENSE in the top-level directory of the distribution or, alternatively, at http://www.OpenLDAP.org/license.html. ======================================================================== * openldap contrib/slapd-modules/allop/README ======================================================================== This directory contains a slapd overlay, allop. The intended usage is as a global overlay for use with those clients that do not make use of the RFC3673 allOp ("+") in the requested attribute list, but expect all operational attributes to be returned. Usage: add to slapd.conf(5) moduleload path/to/allop.so overlay allop allop-URI if the allop-URI is not given, the rootDSE, i.e. "ldap:///??base", is assumed. Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \ -o allop.so allop.c --- Copyright 2004-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. ======================================================================== * openldap contrib/slapd-modules/allowed/README ======================================================================== This directory contains a slapd overlay, "allowed". --- o --- o --- o --- It adds to entries returned by search operations the value of attributes "allowedAttributes" "allowedAttributesEffective" "allowedChildClasses" "allowedChildClassesEffective" No other use is made of those attributes: they cannot be compared, they cannot be used in search filters, they cannot be used in ACLs, ... --- o --- o --- o --- Usage: add to slapd.conf(5) moduleload path/to/allowed.so overlay allowed or add dn: olcOverlay={0}allowed,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig olcOverlay: {0}allowed as a child of the database that's intended to support this feature (replace "olcDatabase={1}bdb,cn=config" with the appropriate parent); or use dn: olcOverlay={0}allowed,olcDatabase={-1}frontend,cn=config objectClass: olcOverlayConfig olcOverlay: {0}allowed if it's supposed to be global. --- o --- o --- o --- Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \ -o allowed.so allowed.c --- This work is part of OpenLDAP Software . Copyright 2006-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ACKNOWLEDGEMENTS: This work was initially developed by Pierangelo Masarati for inclusion in OpenLDAP Software. ======================================================================== * openldap contrib/slapd-modules/autogroup/README ======================================================================== autogroup overlay Readme DESCRIPTION The autogroup overlay allows automated updates of group memberships which meet the requirements of any filter contained in the group definition. The filters are built from LDAP URI-valued attributes. Any time an object is added/deleted/updated, it is tested for compliance with the filters, and its membership is accordingly updated. For searches and compares it behaves like a static group. If the attribute part of the URI is filled, the group entry is populated by the values of this attribute in the entries resulting from the search. BUILDING A Makefile is included. CONFIGURATION # dyngroup.schema: The dyngroup schema must be modified, adding the 'member' attribute to the MAY clause of the groupOfURLs object class, i.e.: objectClass ( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso $ member) ) # slapd.conf: moduleload /path/to/autogroup.so Loads the overlay (OpenLDAP must be built with --enable-modules). overlay autogroup This directive adds the autogroup overlay to the current database. autogroup-attrset This configuration option is defined for the autogroup overlay. It may have multiple occurrences, and it must appear after the overlay directive. The value is the name of the objectClass that represents the group. The value is the name of the attributeDescription that contains the URI that is converted to the filters. If no URI is present, there will be no members in that group. It must be a subtype of labeledURI. The value is the name of the attributeDescription that specifies the member attribute. User modification of this attribute is disabled for consistency. autogroup-memberof-ad This configuration option is defined for the autogroup overlay. It defines the attribute that is used by the memberOf overlay to store the names of groups that an entry is member of; it must be DN-valued. It should be set to the same value as memberof-memberof-ad. It defaults to 'memberOf'. EXAMPLE ### slapd.conf include /path/to/dyngroup.schema # ... moduleload /path/to/autogroup.so # ... database # ... overlay autogroup autogroup-attrset groupOfURLs memberURL member ### end slapd.conf ### slapd.conf include /path/to/dyngroup.schema # ... moduleload /path/to/autogroup.so moduleload /path/to/memberof.so # ... database #... overlay memberof memberof-memberof-ad foo overlay autogroup autogroup-attrset groupOfURLs memberURL member autogroup-memberof-ad foo ### end slapd.conf CAVEATS As with static groups, update operations on groups with a large number of members may be slow. If the attribute part of the URI is specified, modify and delete operations are more difficult to handle. In these cases the overlay will try to detect if groups have been modified and then simply refresh them. This can cause performance hits if the search specified by the URI deals with a significant number of entries. ACKNOWLEDGEMENTS This module was originally written in 2007 by Michał Szulczyński. Further enhancements were contributed by Howard Chu, Raphael Ouazana, Norbert Pueschel, and Christian Manal. --- Copyright 1998-2016 The OpenLDAP Foundation. Portions Copyright (C) 2007 Michał Szulczyński. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in file LICENSE in the top-level directory of the distribution or, alternatively, at http://www.OpenLDAP.org/license.html. ======================================================================== * openldap contrib/slapd-modules/comp_match/README ======================================================================== Copyright 2004 Sang Seok Lim, IBM . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . This directory contains a Component Matching module and a X.509 Certificate example. In order to understand Component Matching, see RFC 3687 and http://www.openldap.org/conf/odd-sandiego-2004/Sangseok.pdf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% A) Brief introduction about files in this directory %%%%%%%%%%55%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 1) init.c module_init() and functions which are dynamically linked into the main slapd codes. 2) componentlib.c and componentlib.h GSER and BER decoder library of each primitive ASN.1 type. They use component representation to store ASN.1 values. 3) certificate.c/.h authorityKeyIdentifier.c/.h eSNACC generated BER and GSER decoder routines of the X.509 certificate specification and one of its extensions, authorityKeyIdentifier. 4) asn_to_syn_mr.c asn.h An mapping table from ASN.1 types to corresponding Syntaxes, matching rules, and component description in slapd. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% B) How to use Component Matching on X.509 certificates %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 1) be sure to configure slapd with enable-modules on. 2) install the GSER-support eSNACC compiler. You can find only in www.openldap.org. At least, you need the library (libcasn1.a) and header files for compiling this module. 3) modify Makefile accordingly. then run make. you will get compmatch.la and other necessary files in ./libs 4) modify slapd.conf to include the following module command moduleload compmatch.la 5) run slapd and perform search operations against the attribute, userCertificate. You need to read through RFC 3687 in order to understand how to compose component filters. Ex) component search filter examples "(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value 2 })" You can find more examples in "test031-component-filter" in the OpenLDAP source directory. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% C) How to add a new ASN.1 syntax %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 1) download and install the eSNACC compiler supporting Component Matching. You can find the compiler only in www.openldap.org. Before compiling, be sure to define the "LDAP_COMPONENT" macro to obtain component supported version of C library and back-ends of eSNACC. Otherwise compiled library will fail to be linked to the module. 2) using eSNACC, compile your ASN.1 specifications and copy the generated .c and .h files to this directory Ex) $ esnacc -E BER_COMP -E GSER -t -d -f example.asn For Component Matching, set BOTH BER_COMP and GSER on. After compiling, you will get example.c and example.h 3) modify example.c accordingly, seeing certificate.c and certificate.asn as a reference. - add init_module_xxx() located in generated .c file into init_module() in init.c. - modify the arguments of InstallOidDecoderMapping(...) accordingly - in the generated .c file, you need to write "DecComponentxxxTop(...)" function for yourself. You can copy BDecComponentCertificateTop in the generated .c file and modify it accordingly. 4) register a new attribute syntax with a new OID in a schema file 5) then goto 3) of B) section. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% D) How to configure Component Indexing %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% You can generate indices on each component of a given attribute whose values are in either GSER or BER. Currently primitive ASN.1 types, DN, and RDN can be indexed for equality matching in BDB. In order to generate indices, put following line in the slapd configuration file, slapd.conf. index [attribute name].[component reference] eq Ex) index userCertificate eq index userCertificate.toBeSigned.issuer.rdnSequence eq index userCertificate.toBeSigned.serialNumber eq index userCertificate.toBeSigned.version eq %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% D) How to configure Attribute Alias %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% If your client is unable to use component filters, attribute aliasing can be used instead. Attribute Alias maps a virtual attribute type to an attribute component and a component matching rule. You can create your own aliases by following steps. 1) register aliasing attributes in the schema file. Sample aliasing attributes are in test.schema. 2) compose component filters for aliasing attributes and put them in "preprocessed_comp_filter" array in "init.c". 3) add "add_aa_entry" function calls in "init_attribute_aliasing_table()" in "init.c" 4) perform searching against the aliasing attribute Ex) "(x509CertificateIssuer:distinguishedNameMatch= cn=ray,L=yorktown,o=ibm,c=us)" ======================================================================== * openldap contrib/slapd-modules/dsaschema/README ======================================================================== Copyright 2004-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. This directory contains a native slapd plugin, dsaschema, that permits the loading of DSA-specific schema from configuration files (including operational attributes). To use the plugin, add: moduleload dsaschema.so /etc/openldap/schema/foo1.schema ...etc... /etc/openldap/schema/fooN.schema to your slapd configuration file. Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -Wall -g -o dsaschema.so dsaschema.c ======================================================================== * openldap contrib/slapd-modules/kinit/README ======================================================================== This directory contains the "kinit" slapd module. It is a simple plugin to have slapd request a Kerberos TGT and keep it renewed as long as slapd is running. The current implementation has only been tested against the MIT variant of the Kerberos libraries. (Heimdal support might come later) To use the overlay just load it into the slapd process: moduleload /kinit.so The module accepts two arguments. The first one being the principal for which to request the TGT (it defaults to "ldap/@") and the second one is the path to the keytab file to use for authentication, defaulting to whatever your system wide kerberos settings default to). Use Makefile or the following commands should work to build it from inside the unpacked slapd sources, provided the required KRB5 header files and libaries are installed on your system: gcc -fPIC -c -I ../../../include/ -I ../../../servers/slapd kinit.c gcc -shared -o kinit.so kinit.o -lkrb5 --- This work is part of OpenLDAP Software . Copyright 2010-2016 The OpenLDAP Foundation. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-modules/nssov/README ======================================================================== This directory contains a slapd overlay, nssov, that handles NSS lookup requests through a local Unix Domain socket. It uses the same IPC protocol as Arthur de Jong's nss-ldapd, and a complete copy of the nss-ldapd source is included here. It also handles PAM requests. To use this code, you will need the client-side stuf library from nss-pam-ldapd. You can get it from: http://arthurdejong.org/nss-pam-ldapd You will not need the nslcd daemon; this overlay replaces that part. To disable building of the nslcd daemon in nss-pam-ldapd, add the --disable-nslcd option to the nss-pam-ldapd configure script. You should already be familiar with the RFC2307 and RFC2307bis schema to use this overlay. See the nss-pam-ldapd README for more information on the schema and which features are supported. To use the overlay, add: include nis.schema moduleload nssov.so ... database hdb ... overlay nssov to your slapd configuration file. (The nis.schema file contains the original RFC2307 schema. Some modifications will be needed to use RFC2307bis.) The overlay may be configured with Service Search Descriptors (SSDs) for each NSS service that will be used. SSDs are configured using nssov-ssd where the may be one of aliases ethers group hosts netgroup networks passwd protocols rpc services shadow and the must be of the form ldap:///[][??[][?]] The will default to the first suffix of the current database. The defaults to "subtree". The default depends on which service is being used. If the local database is actually a proxy to a foreign LDAP server, some mapping of schema may be needed. Some simple attribute substitutions may be performed using nssov-map See the nss-ldapd/README for the original attribute names used in this code. The overlay also supports dynamic configuration in cn=config. The layout of the config entry is dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcNssOvConfig olcOverlay: {0}nssov olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one olcNssMap: passwd uid accountName which enables the passwd service, and uses the accountName attribute to fetch what is usually retrieved from the uid attribute. PAM authentication, account management, session management, and password management are supported. Authentication is performed using Simple Binds. Since all operations occur inside the slapd overlay, "fake" connections are used and they are inherently secure. Two methods of mapping the PAM username to an LDAP DN are provided: the mapping can be accomplished using slapd's authz-regexp facility. In this case, a DN of the form cn=+uid=,cn=,cn=pam,cn=auth is fed into the regexp matcher. If a match is produced, the resulting DN is used. otherwise, the NSS passwd map is invoked (which means it must already be configured). If no DN is found, the overlay returns PAM_USER_UNKNOWN. If the DN is found, and Password Policy is supported, then the Bind will use the Password Policy control and return expiration information to PAM. Account management also uses two methods. These methods depend on the ldapns.schema included with the nssov source. The first is identical to the method used in PADL's pam_ldap module: host and authorizedService attributes may be looked up in the user's entry, and checked to determine access. Also a check may be performed to see if the user is a member of a particular group. This method is pretty inflexible and doesn't scale well to large networks of users, hosts, and services. The second uses slapd's ACL engine to check if the user has "compare" privilege on an ipHost object whose name matches the current hostname, and whose authorizedService attribute matches the current service name. This method is preferred, since it allows authorization to be centralized in the ipHost entries instead of scattered across the entire user population. The ipHost entries must have an authorizedService attribute (e.g. by way of the authorizedServiceObject auxiliary class) to use this method. Session management: the overlay may optionally add a "logged in" attribute to a user's entry for successful logins, and delete the corresponding value upon logout. The attribute value is of the form () Password management: the overlay will perform a PasswordModify exop in the server for the given user. --- This work is part of OpenLDAP Software . Copyright 1998-2016 The OpenLDAP Foundation. Portions Copyright 2008-2009 Howard Chu, Symas Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-modules/nssov/nss-pam-ldapd/README ======================================================================== These files were pulled from the nss-pam-ldapd project version 0.9.4. Copyright notices are in the individual files. This is not the full distribution of nss-pam-ldapd, and does not include the client-side stub libraries. Get the latest release of nss-pam-ldapd from http://arthurdejong.org/nss-pam-ldapd/ to use this overlay. If your system already has the nss-pam-ldapd stub libraries installed, make sure the versions match the version number shown above. Otherwise, there may be incompatible differences in the protocols being used. Currently nssov requires at least version 0.9.0. If your system's version is older, you will need to install the client-side stubs from source. ======================================================================== * openldap contrib/slapd-modules/passwd/README ======================================================================== This directory contains native slapd plugins for password mechanisms that are not actively supported by the project. Currently this includes the Kerberos, Netscape MTA-MD5 and RADIUS password mechanisms. The Apache APR1 MD5 and BSD/Paul Henning Kamp MD5 mechanisms are also included. To use the Kerberos plugin, add: moduleload pw-kerberos.so to your slapd configuration file. To use the Netscape plugin, add: moduleload pw-netscape.so to your slapd configuration file. To use the APR1/BSD/MD5 plugin, add: moduleload pw-apr1.so to your slapd configuration file. To use the RADIUS plugin, add: moduleload pw-radius.so to your slapd configuration file; optionally, the path to a configuration file can be appended in the form moduleload pw-radius.so config="/etc/radius.conf" Use Makefile to compile this plugin or use a command line similar to: gcc -shared -I../../../include -Wall -g -DHAVE_KRB5 -o pw-kerberos.so kerberos.c Replace HAVE_KRB5 with HAVE_KRB4 if you want to use Kerberos IV. If your Kerberos header files are not in the C compiler's default path, you will need to add a "-I" directive for that as well. The corresponding command for the Netscape plugin would be: gcc -shared -I../../../include -Wall -g -o pw-netscape.so netscape.c The corresponding command for the RADIUS plugin would be: gcc -shared -I../../../include -Wall -g -o pw-radius.so radius.c -lradius (Actually, you might want to statically link the RADIUS client library libradius.a into the module). The corresponding command for the APR1 plugin would be: gcc -shared -I../../../include -Wall -g -o pw-apr1.so apr1.c --- This work is part of OpenLDAP Software . Copyright 2004-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-modules/passwd/pbkdf2/README ======================================================================== PBKDF2 for OpenLDAP ======================= pw-pbkdf2.c provides PBKDF2 key derivation functions in OpenLDAP. Schemes: * {PBKDF2} - alias to {PBKDF2-SHA1} * {PBKDF2-SHA1} * {PBKDF2-SHA256} * {PBKDF2-SHA512} # Requirements * OpenSSL 1.0.0 or later # Installations First, You need to configure and build OpenLDAP. $ cd /contrib/slapd-modules/passwd/ $ git clone https://github.com/hamano/openldap-pbkdf2.git $ cd openldap-pbkdf2/ $ make # make install # Configration In slapd.conf: moduleload pw-pbkdf2.so You can also tell OpenLDAP to use the schemes when processing LDAP Password Modify Extended Operations, thanks to the password-hash option in slapd.conf. For example: password-hash {PBKDF2} or password-hash {PBKDF2-SHA256} or password-hash {PBKDF2-SHA512} # Testing You can get hash to use slappasswd. $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw A quick way to test whether it's working is to customize the rootdn and rootpw in slapd.conf, eg: rootdn "cn=Manager,dc=example,dc=com" rootpw {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw Then to test, run something like: $ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret # Debugging You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging. # Message Format {PBKDF2}$$ # References * [RFC 2898 Password-Based Cryptography][^1] [^1]: http://tools.ietf.org/html/rfc2898 * [PKCS #5 PBKDF2 Test Vectors][^2] [^2]: http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 * [RFC 2307 Using LDAP as a Network Information Service][^3] [^3]: http://tools.ietf.org/html/rfc2307 * [Python Passlib][^4] [^4]: http://pythonhosted.org/passlib/ * [Adapted Base64 Encoding][^5] [^5]: http://pythonhosted.org/passlib/lib/passlib.utils.html#passlib.utils.ab64_encode # License This work is part of OpenLDAP Software . Copyright 2009-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . # ACKNOWLEDGEMENT This work was initially developed by HAMANO Tsukasa ======================================================================== * openldap contrib/slapd-modules/passwd/sha2/README ======================================================================== SHA-2 OpenLDAP support ---------------------- slapd-sha2.c provides support for SSHA-512, SSHA-384, SSHA-256, SHA-512, SHA-384 and SHA-256 hashed passwords in OpenLDAP. For instance, one could have the LDAP attribute: userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg== or: userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt or: userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= all of which encode the password 'secret'. Building -------- 1) Customize the OPENLDAP variable in Makefile to point to the OpenLDAP source root. For initial testing you might also want to edit DEFS to define SLAPD_SHA2_DEBUG, which enables logging to stderr (don't leave this on in production, as it prints passwords in cleartext). 2) Run 'make' to produce slapd-sha2.so 3) Copy slapd-sha2.so somewhere permanent. 4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add: moduleload ...path/to/slapd-sha2.so 5) Restart slapd. Configuring ----------- The {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384} and {SHA512} password schemes should now be recognised. You can also tell OpenLDAP to use one of these new schemes when processing LDAP Password Modify Extended Operations, thanks to the password-hash option in slapd.conf. For example: password-hash {SSHA512} Testing ------- A quick way to test whether it's working is to customize the rootdn and rootpw in slapd.conf, eg: rootdn "cn=admin,dc=example,dc=com" # This encrypts the string 'secret' rootpw {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Then to test, run something like: ldapsearch -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w secret -- Test hashes: Test hashes can be generated with openssl: $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= $ echo -n "secret" | openssl dgst -sha384 -binary | openssl enc -base64 WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt $ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64 vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm W192CF5bDufKRpayrW/isg== (join those lines up to form the full hash) Alternatively we could modify an existing user's password with ldappasswd, and then test binding as that user: $ ldappasswd -D "cn=admin,dc=example,dc=com" -x -W -S uid=jturner,ou=People,dc=example,dc=com New password: secret Re-enter new password: secret Enter LDAP Password: $ ldapsearch -b "dc=example,dc=com" -D "uid=jturner,ou=People,dc=example,dc=com" -x -w secret Debugging (SHA-512, SHA-384 and SHA-256 only) --------------------------------------------- To see what's going on, recompile with SLAPD_SHA2_DEBUG (use the commented-out DEFS in Makefile), and then run slapd from the console to see stderr: $ sudo /etc/init.d/slapd stop Stopping OpenLDAP: slapd. $ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d stats @(#) $OpenLDAP$ buildd@palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd slapd starting ... Validating password Hash scheme: {SHA256} Password to validate: secret Password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Stored password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Result: match conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" conn=0 fd=12 closed (connection lost) --- This work is part of OpenLDAP Software . Copyright 2009-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . --- ACKNOWLEDGEMENT: This work was initially developed by Jeff Turner for inclusion in OpenLDAP Software, based upon the SHA-2 implementation independently developed by Aaron Gifford. ======================================================================== * openldap contrib/slapd-modules/proxyOld/README ======================================================================== This directory contains a slapd module proxyOld that provides support for the obsolete draft-weltman-ldapb3-proxy-05 revision of the LDAP Proxy Authorization control. It is merely intended to provide compatibility in environments where other servers only recognize this old control. New installations should not use this code. To use the module, add: moduleload proxyOld.so ... to your slapd configuration file. Since this is an obsolete feature, the control is registered with the SLAP_CTRL_HIDE flag so that it will not be advertised in the rootDSE's supportedControls attribute. This code only works as a dynamically loaded module. --- This work is part of OpenLDAP Software . Copyright 1998-2016 The OpenLDAP Foundation. Portions Copyright 2005 Howard Chu, Symas Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-modules/samba4/README ======================================================================== # $OpenLDAP$ This directory contains slapd overlays specific to samba4 LDAP backend: - pguid (not used) - rdnval (under evaluation) - vernum (under evaluation) - PGUID This overlay maintains the operational attribute "parentUUID". It contains the entryUUID of the parent entry. This overlay is not being considered right now. - RDNVAL This overlay maintains the operational attribute "rdnValue". It contains the value of the entry's RDN. This attribute is defined by the overlay itself as ( 1.3.6.1.4.1.4203.666.1.58 NAME 'rdnValue' DESC 'the value of the naming attributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' EQUALITY caseIgnoreMatch USAGE dSAOperation NO-USER-MODIFICATION ) under OpenLDAP's development OID arc. This OID is temporary. To use the overlay, add: moduleload rdnval.so ... database ... overlay rdnval to your slapd configuration file. An instance is required for each database that needs to maintain this attribute. - VERNUM This overlay increments a counter any time an attribute is modified. It is intended to increment the counter 'msDS-KeyVersionNumber' when the attribute 'unicodePwd' is modified. These overlays are only set up to be built as a dynamically loaded modules. On most platforms, in order for the modules to be usable, all of the library dependencies must also be available as shared libraries. If you need to build the overlays statically, you will have to move them into the slapd/overlays directory and edit the Makefile and overlays.c to reference them. --- This work is part of OpenLDAP Software . Copyright 2009-2016 The OpenLDAP Foundation. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-modules/smbk5pwd/README ======================================================================== This directory contains a slapd overlay, smbk5pwd, that extends the PasswordModify Extended Operation to update Kerberos keys and Samba password hashes for an LDAP user. The Kerberos support is written for Heimdal using its hdb-ldap backend. If a PasswordModify is performed on an entry that has the krb5KDCEntry objectclass, then the krb5Key and krb5KeyVersionNumber will be updated using the new password in the PasswordModify request. Additionally, a new "{K5KEY}" password hash mechanism is provided. For krb5KDCEntries that have this hash specifier in their userPassword attribute, Simple Binds will be checked against the Kerberos keys of the Entry. No data is needed after the "{K5KEY}" hash specifier in the userPassword, it is looked up from the Entry directly. The Samba support is written using the Samba 3.0 LDAP schema. If a PasswordModify is performed on an entry that has the sambaSamAccount objectclass, then the sambaLMPassword, sambaNTPassword, and sambaPwdLastSet attributes will be updated accordingly. To use the overlay, add: include /krb5-kdc.schema include /samba.schema moduleload smbk5pwd.so ... database bdb ... overlay smbk5pwd to your slapd configuration file. (You should obtain the necessary schema files from the Heimdal and/or Samba distributions. At this time, there are several known errors in these schema files that you will have to correct before they will load in slapd. As of Samba 3.0 the schema looks fine as shipped.) All modules compiled in (i.e. krb5 and samba) are enabled; the statement smbk5pwd-enable can be used to enable only the desired one(s); legal values for are "krb5", "samba" and "shadow", if they are respectively enabled by defining DO_KRB5, DO_SAMBA and DO_SHADOW. The samba module also supports the smbk5pwd-must-change which sets the "sambaPwdMustChange" attribute accordingly to force passwd expiry. A value of 0 disables this feature. The overlay now supports table-driven configuration, and thus can be run-time loaded and configured via back-config. The layout of the entry is # {0}smbk5pwd, {1}bdb, config dn: olcOverlay={0}smbk5pwd,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSmbK5PwdConfig olcOverlay: {0}smbk5pwd olcSmbK5PwdEnable: krb5 olcSmbK5PwdEnable: samba olcSmbK5PwdMustChange: 2592000 which enables both krb5 and samba modules with a password expiry time of 30 days. The provided Makefile builds both Kerberos and Samba support by default. You must edit the Makefile to insure that the correct include and library paths are used. You can change the DEFS macro if you only want one or the other of Kerberos or Samba support. This overlay is only set up to be built as a dynamically loaded module. On most platforms, in order for the module to be usable, all of the library dependencies must also be available as shared libraries. If you need to build the overlay statically, you will have to move it into the slapd/overlays directory and edit the Makefile and overlays.c to reference it. You will also have to define SLAPD_OVER_SMBK5PWD to SLAPD_MOD_STATIC, and add the relevant libraries to the main slapd link command. --- This work is part of OpenLDAP Software . Copyright 2004-2016 The OpenLDAP Foundation. Portions Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapd-tools/README ======================================================================== Directory contents: statslog Program to output selected parts of slapd's statslog output (LDAP request/response log), grouping log lines by LDAP connection. Useful to search and inspect the server log. --- Copyright 2004-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap contrib/slapi-plugins/addrdnvalues/README ======================================================================== This directory contains a SLAPI plugin, addrdnvalues, which will add to an entry any attribute values that appear in the entry's RDN but not in the entry. This is necessary for compliance with some "broken" clients. To use the plugin, add: plugin preoperation libaddrdnvalues-plugin.so addrdnvalues_preop_init to your slapd configuration file. No Makefile is provided. Use a command line similar to: gcc -shared -I../../../include -Wall -g -o libaddrdnvalues-plugin.so addrdnvalues.c to compile this plugin. --- This work is part of OpenLDAP Software . Copyright 2003-2016 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . ======================================================================== * openldap doc/guide/admin/README.spellcheck ======================================================================== # $OpenLDAP$ # Copyright 2007-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. # # README.spellcheck # aspell.en.pws We use aspell to spell check the Admin Guide and Man Pages. Please move aspell.en.pws to ~/.aspell.en.pws and run: aspell --lang=en_US -c If you add additional words and terms, please add them or copy them to aspell.en.pws and commit. ======================================================================== * openldap doc/guide/images/src/README.fonts ======================================================================== # $OpenLDAP$ # Copyright 2007-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. # # README.fonts # In dia we use: sans Normal 1.00 #000000 ======================================================================== * openldap libraries/liblunicode/ucdata/README ======================================================================== # # $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $ # MUTT UCData Package 2.5 ----------------------- This is a package that supports ctype-like operations for Unicode UCS-2 text (and surrogates), case mapping, decomposition lookup, and provides a bidirectional reordering algorithm. To use it, you will need to get the latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site. The character information portion of the package consists of three parts: 1. A program called "ucgendat" which generates five data files from the UnicodeData-*.txt file. The files are: A. case.dat - the case mappings. B. ctype.dat - the character property tables. C. comp.dat - the character composition pairs. D. decomp.dat - the character decompositions. E. cmbcl.dat - the non-zero combining classes. F. num.dat - the codes representing numbers. 2. The "ucdata.[ch]" files which implement the functions needed to check to see if a character matches groups of properties, to map between upper, lower, and title case, to look up the decomposition of a character, look up the combining class of a character, and get the number value of a character. 3. The UCData.java class which provides the same API (with minor changes for the numbers) and loads the same binary data files as the C code. A short reference to the functions available is in the "api.txt" file. Techie Details ============== The "ucgendat" program parses files from the command line which are all in the Unicode Character Database (UCDB) format. An additional properties file, "MUTTUCData.txt", provides some extra properties for some characters. The program looks for the two character properties fields (2 and 4), the combining class field (3), the decomposition field (5), the numeric value field (8), and the case mapping fields (12, 13, and 14). The decompositions are recursively expanded before being written out. The decomposition table contains all the canonical decompositions. This means all decompositions that do not have tags such as "" or "". The data is almost all stored as unsigned longs (32-bits assumed) and the routines that load the data take care of endian swaps when necessary. This also means that supplementary characters (>= 0x10000) can be placed in the data files the "ucgendat" program parses. The data is written as external files and broken into six parts so it can be selectively updated at runtime if necessary. The data files currently generated from the "ucgendat" program total about 56K in size all together. The format of the binary data files is documented in the "format.txt" file. ========================================================================== The "Pretty Good Bidi Algorithm" -------------------------------- This routine provides an alternative to the Unicode Bidi algorithm. The difference is that this version of the PGBA does not handle the explicit directional codes (LRE, RLE, LRO, RLO, PDF). It should now produce the same results as the Unicode BiDi algorithm for implicit reordering. Included are functions for doing cursor motion in both logical and visual order. This implementation is provided to demonstrate an effective alternate method for implicit reordering. To make this useful for an application, it probably needs some changes to the memory allocation and deallocation, as well as data structure additions for rendering. Mark Leisher 19 November 1999 ----------------------------------------------------------------------------- CHANGES ======= Version 2.5 ----------- 1. Changed the number lookup to set the denominator to 1 in cases of digits. This restores functional compatibility with John Cowan's UCType package. 2. Added support for the AL property. 3. Modified load and reload functions to return error codes. Version 2.4 ----------- 1. Improved some bidi algorithm documentation in the code. 2. Fixed a code mixup that produced a non-working version. Version 2.3 ----------- 1. Fixed a misspelling in the ucpgba.h header file. 2. Fixed a bug which caused trailing weak non-digit sequences to be left out of the reordered string in the bidi algorithm. 3. Fixed a problem with weak sequences containing non-spacing marks in the bidi algorithm. 4. Fixed a problem with text runs of the opposite direction of the string surrounding a weak + neutral text run appearing in the wrong order in the bidi algorithm. 5. Added a default overall direction parameter to the reordering function for cases of strings with no strong directional characters in the bidi algorithm. 6. The bidi API documentation was improved. 7. Added a man page for the bidi API. Version 2.2 ----------- 1. Fixed a problem with the bidi algorithm locating directional section boundaries. 2. Fixed a problem with the bidi algorithm starting the reordering correctly. 3. Fixed a problem with the bidi algorithm determining end boundaries for LTR segments. 4. Fixed a problem with the bidi algorithm reordering weak (digits and number separators) segments. 5. Added automatic switching of symmetrically paired characters when reversing RTL segments. 6. Added a missing symmetric character to the extra character properties in MUTTUCData.txt. 7. Added support for doing logical and visual cursor traversal. Version 2.1 ----------- 1. Updated the ucgendat program to handle the Unicode 3.0 character database properties. The AL and BM bidi properties gets marked as strong RTL and Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked as Other Neutral. 2. Fixed some problems with testing against signed values in the UCData.java code and some minor cleanup. 3. Added the "Pretty Good Bidi Algorithm." Version 2.0 ----------- 1. Removed the old Java stuff for a new class that loads directly from the same data files as the C code does. 2. Fixed a problem with choosing the correct field when mapping case. 3. Adjust some search routines to start their search in the correct position. 4. Moved the copyright year to 1999. Version 1.9 ----------- 1. Fixed a problem with an incorrect amount of storage being allocated for the combining class nodes. 2. Fixed an invalid initialization in the number code. 3. Changed the Java template file formatting a bit. 4. Added tables and function for getting decompositions in the Java class. Version 1.8 ----------- 1. Fixed a problem with adding certain ranges. 2. Added two more macros for testing for identifiers. 3. Tested with the UnicodeData-2.1.5.txt file. Version 1.7 ----------- 1. Fixed a problem with looking up decompositions in "ucgendat." Version 1.6 ----------- 1. Added two new properties introduced with UnicodeData-2.1.4.txt. 2. Changed the "ucgendat.c" program a little to automatically align the property data on a 4-byte boundary when new properties are added. 3. Changed the "ucgendat.c" programs to only generate canonical decompositions. 4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for initial and final punctuation characters. 5. Minor additions and changes to the documentation. Version 1.5 ----------- 1. Changed all file open calls to include binary mode with "b" for DOS/WIN platforms. 2. Wrapped the unistd.h include so it won't be included when compiled under Win32. 3. Fixed a bad range check for hex digits in ucgendat.c. 4. Fixed a bad endian swap for combining classes. 5. Added code to make a number table and associated lookup functions. Functions added are ucnumber(), ucdigit(), and ucgetnumber(). The last function is to maintain compatibility with John Cowan's "uctype" package. Version 1.4 ----------- 1. Fixed a bug with adding a range. 2. Fixed a bug with inserting a range in order. 3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros. 4. Added the missing unload for the combining class data. 5. Fixed a bad macro placement in ucisweak(). Version 1.3 ----------- 1. Bug with case mapping calculations fixed. 2. Bug with empty character property entries fixed. 3. Bug with incorrect type in the combining class lookup fixed. 4. Some corrections done to api.txt. 5. Bug in certain character property lookups fixed. 6. Added a character property table that records the defined characters. 7. Replaced ucisunknown() with ucisdefined() and ucisundefined(). Version 1.2 ----------- 1. Added code to ucgendat to generate a combining class table. 2. Fixed an endian problem with the byte count of decompositions. 3. Fixed some minor problems in the "format.txt" file. 4. Removed some bogus "Ss" values from MUTTUCData.txt file. 5. Added API function to get combining class. 6. Changed the open mode to "rb" so binary data files will be opened correctly on DOS/WIN as well as other platforms. 7. Added the "api.txt" file. Version 1.1 ----------- 1. Added ucisxdigit() which I overlooked. 2. Added UC_LT to the ucisalpha() macro which I overlooked. 3. Change uciscntrl() to include UC_CF. 4. Added ucisocntrl() and ucfntcntrl() macros. 5. Added a ucisblank() which I overlooked. 6. Added missing properties to ucissymbol() and ucisnumber(). 7. Added ucisgraph() and ucisprint(). 8. Changed the "Mr" property to "Sy" to mark this subset of mirroring characters as symmetric to avoid trampling the Unicode/ISO10646 sense of mirroring. 9. Added another property called "Ss" which includes control characters traditionally seen as spaces in the isspace() macro. 10. Added a bunch of macros to be API compatible with John Cowan's package. ACKNOWLEDGEMENTS ================ Thanks go to John Cowan for pointing out lots of missing things and giving me stuff, particularly a bunch of new macros. Thanks go to Bob Verbrugge for pointing out various bugs. Thanks go to Christophe Pierret for pointing out that file modes need to have "b" for DOS/WIN machines, pointing out unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum(). Thanks go to Kent Johnson for finding a bug that caused incomplete decompositions to be generated by the "ucgendat" program. Thanks go to Valeriy E. Ushakov for spotting an allocation error and an initialization error. Thanks go to Stig Venaas for providing a patch to support return types on load and reload, and for major updates to handle canonical composition and decomposition. ======================================================================== * openldap libraries/liblunicode/ure/README ======================================================================== # # $Id: README,v 1.3 1999/09/21 15:47:43 mleisher Exp $ # # Copyright 1997, 1998, 1999 Computing Research Labs, # New Mexico State University # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the "Software"), # to deal in the Software without restriction, including without limitation # the rights to use, copy, modify, merge, publish, distribute, sublicense, # and/or sell copies of the Software, and to permit persons to whom the # Software is furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL # THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT # OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR # THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Unicode and Regular Expressions Version 0.5 This is a simple regular expression package for matching against Unicode text in UCS2 form. The implementation of this URE package is a variation on the RE->DFA algorithm done by Mark Hopkins (markh@csd4.csd.uwm.edu). Mark Hopkins' algorithm had the virtue of being very simple, so it was used as a model. --------------------------------------------------------------------------- Assumptions: o Regular expression and text already normalized. o Conversion to lower case assumes a 1-1 mapping. Definitions: Separator - any one of U+2028, U+2029, '\n', '\r'. Operators: . - match any character. * - match zero or more of the last subexpression. + - match one or more of the last subexpression. ? - match zero or one of the last subexpression. () - subexpression grouping. Notes: o The "." operator normally does not match separators, but a flag is available for the ure_exec() function that will allow this operator to match a separator. Literals and Constants: c - literal UCS2 character. \x.... - hexadecimal number of up to 4 digits. \X.... - hexadecimal number of up to 4 digits. \u.... - hexadecimal number of up to 4 digits. \U.... - hexadecimal number of up to 4 digits. Character classes: [...] - Character class. [^...] - Negated character class. \pN1,N2,...,Nn - Character properties class. \PN1,N2,...,Nn - Negated character properties class. POSIX character classes recognized: :alnum: :alpha: :cntrl: :digit: :graph: :lower: :print: :punct: :space: :upper: :xdigit: Notes: o Character property classes are \p or \P followed by a comma separated list of integers between 1 and 32. These integers are references to the following character properties: N Character Property -------------------------- 1 _URE_NONSPACING 2 _URE_COMBINING 3 _URE_NUMDIGIT 4 _URE_NUMOTHER 5 _URE_SPACESEP 6 _URE_LINESEP 7 _URE_PARASEP 8 _URE_CNTRL 9 _URE_PUA 10 _URE_UPPER 11 _URE_LOWER 12 _URE_TITLE 13 _URE_MODIFIER 14 _URE_OTHERLETTER 15 _URE_DASHPUNCT 16 _URE_OPENPUNCT 17 _URE_CLOSEPUNCT 18 _URE_OTHERPUNCT 19 _URE_MATHSYM 20 _URE_CURRENCYSYM 21 _URE_OTHERSYM 22 _URE_LTR 23 _URE_RTL 24 _URE_EURONUM 25 _URE_EURONUMSEP 26 _URE_EURONUMTERM 27 _URE_ARABNUM 28 _URE_COMMONSEP 29 _URE_BLOCKSEP 30 _URE_SEGMENTSEP 31 _URE_WHITESPACE 32 _URE_OTHERNEUT o Character classes can contain literals, constants, and character property classes. Example: [abc\U10A\p1,3,4] --------------------------------------------------------------------------- Before using URE ---------------- Before URE is used, two functions need to be created. One to check if a character matches a set of URE character properties, and one to convert a character to lower case. Stubs for these function are located in the urestubs.c file. Using URE --------- Sample pseudo-code fragment. ure_buffer_t rebuf; ure_dfa_t dfa; ucs2_t *re, *text; unsigned long relen, textlen; unsigned long match_start, match_end; /* * Allocate the dynamic storage needed to compile regular expressions. */ rebuf = ure_buffer_create(); for each regular expression in a list { re = next regular expression; relen = length(re); /* * Compile the regular expression with the case insensitive flag * turned on. */ dfa = ure_compile(re, relen, 1, rebuf); /* * Look for the first match in some text. The matching will be done * in a case insensitive manner because the expression was compiled * with the case insensitive flag on. */ if (ure_exec(dfa, 0, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Look for the first match in some text, ignoring non-spacing * characters. */ if (ure_exec(dfa, URE_IGNORE_NONSPACING, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Free the DFA. */ ure_free_dfa(dfa); } /* * Free the dynamic storage used for compiling the expressions. */ ure_free_buffer(rebuf); --------------------------------------------------------------------------- Mark Leisher 29 March 1997 =========================================================================== CHANGES ------- Version: 0.5 Date : 21 September 1999 ========================== 1. Added copyright stuff and put in CVS. ======================================================================== * openldap libraries/liblunicode/utbm/README ======================================================================== # # $Id: README,v 1.1 1999/09/21 15:45:17 mleisher Exp $ # # Copyright 1997, 1998, 1999 Computing Research Labs, # New Mexico State University # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the "Software"), # to deal in the Software without restriction, including without limitation # the rights to use, copy, modify, merge, publish, distribute, sublicense, # and/or sell copies of the Software, and to permit persons to whom the # Software is furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL # THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT # OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR # THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Unicode and Boyer-Moore Searching Version 0.2 UTBM (Unicode Tuned Boyer-Moore) is a simple package that provides tuned Boyer-Moore searches on Unicode UCS2 text (handles high and low surrogates). --------------------------------------------------------------------------- Assumptions: o Search pattern and text already normalized in some fasion. o Upper, lower, and title case conversions are one-to-one. o For conversions between upper, lower, and title case, UCS2 characters always convert to other UCS2 characters, and UTF-16 characters always convert to other UTF-16 characters. Flags: UTBM provides three processing flags: o UTBM_CASEFOLD - search in a case-insensitive manner. o UTBM_IGNORE_NONSPACING - ignore non-spacing characters in the pattern and the text. o UTBM_SPACE_COMPRESS - view as a *single space*, sequential groups of U+2028, U+2029, '\n', '\r', '\t', and any character identified as a space by the Unicode support on the platform. This flag also causes all characters identified as control by the Unicode support on the platform to be ignored (except for '\n', '\r', and '\t'). --------------------------------------------------------------------------- Before using UTBM ----------------- Before UTBM is used, some functions need to be created. The "utbmstub.c" file contains stubs that need to be rewritten so they work with the Unicode support on the platform on which this package is being used. Using UTBM ---------- Sample pseudo-code fragment. utbm_pattern_t pat; ucs2_t *pattern, *text; unsigned long patternlen, textlen; unsigned long flags, match_start, match_end; /* * Allocate the dynamic storage needed for a search pattern. */ pat = utbm_create_pattern(); /* * Set the search flags desired. */ flags = UTBM_CASEFOLD|UTBM_IGNORE_NONSPACING; /* * Compile the search pattern. */ utbm_compile(pattern, patternlen, flags, pat); /* * Find the first occurance of the search pattern in the text. */ if (utbm_exec(pat, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Free the dynamic storage used for the search pattern. */ ure_free_pattern(pat); --------------------------------------------------------------------------- Mark Leisher 2 May 1997 =========================================================================== CHANGES ------- Version: 0.2 Date : 21 September 1999 ========================== 1. Added copyright stuff and put in CVS. ======================================================================== * openldap servers/slapd/schema/README ======================================================================== This directory contains user application schema definitions for use with slapd(8). File Description ---- ----------- collective.schema Collective attributes (experimental) corba.schema Corba Object core.schema OpenLDAP "core" cosine.schema COSINE Pilot duaconf.schema Client Configuration (work in progress) dyngroup.schema Dynamic Group (experimental) inetorgperson.schema InetOrgPerson java.schema Java Object misc.schema Miscellaneous Schema (experimental) nadf.schema North American Directory Forum (obsolete) nis.schema Network Information Service (experimental) openldap.schema OpenLDAP Project (FYI) ppolicy.schema Password Policy Schema (work in progress) Additional "generally useful" schema definitions can be submitted using the OpenLDAP Issue Tracking System . Submissions should include a stable reference to a mature, open technical specification (e.g., an RFC) for the schema. The core.ldif and openldap.ldif files are equivalent to their corresponding .schema files. They have been provided as examples for use with the dynamic configuration backend. These example files are not actually necessary since slapd will automatically convert any included *.schema files into LDIF when converting a slapd.conf file to a configuration database, but they serve as a model of how to convert schema files in general. --- This notice applies to all files in this directory. Copyright 1998-2016 The OpenLDAP Foundation, Redwood City, California, USA All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available at http://www.OpenLDAP.org/license.html or in file LICENSE in the top-level directory of the distribution. --- This notice applies to all schema in this directory which are derived from RFCs and other IETF documents. Portions Copyright 1991-2004, The Internet Society. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. --- $OpenLDAP$ ======================================================================== * ltb-project-openldap-ppolicy-check-password LICENSE ======================================================================== OpenLDAP Public License The OpenLDAP Public License Version 2.8.1, 25 November 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions in source form must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All rights reserved. Permission to copy and distribute verbatim copies of this document is granted. ======================================================================== * openldap COPYRIGHT ======================================================================== Copyright 1998-2016 The OpenLDAP Foundation All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . OpenLDAP is a registered trademark of the OpenLDAP Foundation. Individual files and/or contributed packages may be copyright by other parties and/or subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at . This work also contains materials derived from public sources. Additional information about OpenLDAP can be obtained at . --- Portions Copyright 1998-2012 Kurt D. Zeilenga. Portions Copyright 1998-2006 Net Boolean Incorporated. Portions Copyright 2001-2006 IBM Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. --- Portions Copyright 1999-2008 Howard Y.H. Chu. Portions Copyright 1999-2008 Symas Corporation. Portions Copyright 1998-2003 Hallvard B. Furuseth. Portions Copyright 2007-2011 Gavin Henry. Portions Copyright 2007-2011 Suretec Systems Ltd. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided ``as is'' without express or implied warranty. --- Portions Copyright (c) 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty. ======================================================================== * openldap LICENSE, libraries/liblmdb/LICENSE ======================================================================== The OpenLDAP Public License Version 2.8, 17 August 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions in source form must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted. ======================================================================== * openldap build/LICENSE-2.0.1 ======================================================================== A number of files contained in OpenLDAP Software contain a statement: USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. The following is a verbatim copy of version 2.0.1 of the OpenLDAP Public License referenced in the above statement. The OpenLDAP Public License Version 2.0.1, 21 December 1999 Copyright 1999, The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain copyright statements and notices. Redistributions must also contain a copy of this document. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name "OpenLDAP" must not be used to endorse or promote products derived from this Software without prior written permission of the OpenLDAP Foundation. For written permission, please contact foundation@openldap.org. 4. Products derived from this Software may not be called "OpenLDAP" nor may "OpenLDAP" appear in their names without prior written permission of the OpenLDAP Foundation. OpenLDAP is a trademark of the OpenLDAP Foundation. 5. Due credit should be given to the OpenLDAP Project (http://www.openldap.org/). THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ======================================================================== * openldap contrib/ldapc++/COPYRIGHT ======================================================================== Copyright 1998-2016 The OpenLDAP Foundation. All rights reserved. COPYING RESTRICTIONS APPLY. See COPYRIGHT and LICENSE files in the top-level directory of this distribution (i.e., ../../COPYRIGHT and ../../LICENSE, respectively). ======================================================================== * openldap contrib/ldaptcl/COPYRIGHT ======================================================================== Copyright 1998-2016 The OpenLDAP Foundation. All rights reserved. COPYING RESTRICTIONS APPLY. See COPYRIGHT and LICENSE files in the top-level directory of this distribution (i.e., ../../COPYRIGHT and ../../LICENSE, respectively). --- NeoSoft Tcl client extensions to Lightweight Directory Access Protocol. Copyright (c) 1998-1999 NeoSoft, Inc. All Rights Reserved. This software may be used, modified, copied, distributed, and sold, in both source and binary form provided that these copyrights are retained and their terms are followed. Under no circumstances are the authors or NeoSoft Inc. responsible for the proper functioning of this software, nor do the authors assume any liability for damages incurred with its use. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to NeoSoft, Inc. NeoSoft, Inc. may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty. Requests for permission may be sent to NeoSoft Inc, 1770 St. James Place, Suite 500, Houston, TX, 77056. ======================================================================== * openldap doc/guide/release/copyright-plain.sdf ======================================================================== # $OpenLDAP$ # Copyright 1999-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. # # Plain Copyright for Software Distribution # !define HTML_TITLE "OpenLDAP Copyright Notices" !include "../plain.sdf" !include "copyright.sdf"; plain ======================================================================== * openldap doc/guide/release/copyright.sdf ======================================================================== # $OpenLDAP$ # Copyright 1999-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. # This file should match ../../../COPYRIGHT (except in formating) !if OPT_PP_HTML !define copyright '[[c]] Copyright' !else !define copyright 'Copyright' !endif H1: OpenLDAP Software Copyright Notices H2: OpenLDAP Copyright Notice !block nofill [[copyright]] 1998-2012 The OpenLDAP Foundation. {{All rights reserved.}} !endblock Redistribution and use in source and binary forms, with or without modification, are permitted {{only as authorized}} by the {{SECT:OpenLDAP Public License}}. A copy of this license is available in file {{F:LICENSE}} in the top-level directory of the distribution or, alternatively, at <{{URL:http://www.OpenLDAP.org/license.html}}>. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Individual files and/or contributed packages may be copyright by other parties and their use subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at <{{URL:http://www.umich.edu/~dirsvcs/ldap/ldap.html}}>. This work also contains materials derived from public sources. Additional information about OpenLDAP software can be obtained at <{{URL:http://www.OpenLDAP.org/}}>. H2: Additional Copyright Notices !block nofill Portions [[copyright]] 1998-2012 Kurt D. Zeilenga. Portions [[copyright]] 1998-2006 Net Boolean Incorporated. Portions [[copyright]] 2001-2006 IBM Corporation. {{All rights reserved.}} !endblock Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the {{SECT:OpenLDAP Public License}}. !block nofill Portions [[copyright]] 1999-2008 Howard Y.H. Chu. Portions [[copyright]] 1999-2008 Symas Corporation. Portions [[copyright]] 1998-2003 Hallvard B. Furuseth. Portions [[copyright]] 2007-2011 Gavin Henry. Portions [[copyright]] 2007-2011 Suretec Systems Limited. {{All rights reserved.}} !endblock Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided ``as is'' without express or implied warranty. H2: University of Michigan Copyright Notice !block nofill Portions [[copyright]] 1992-1996 Regents of the University of Michigan. {{All rights reserved.}} !endblock Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty. ======================================================================== * openldap doc/guide/release/license-plain.sdf ======================================================================== # $OpenLDAP$ # Copyright 1999-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. # # Plain Copyright for Software Distribution # !define HTML_TITLE "OpenLDAP Public License" !include "../plain.sdf" !include "license.sdf"; plain ======================================================================== * openldap doc/guide/release/license.sdf ======================================================================== # $OpenLDAP$ # Copyright 2000-2016 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. H1: OpenLDAP Public License #!block inline # #!endblock !include "../../../LICENSE" ; verbatim #!block inline # #!endblock ======================================================================== * openldap libraries/liblmdb/COPYRIGHT ======================================================================== Copyright 2011-2016 Howard Chu, Symas Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at . OpenLDAP is a registered trademark of the OpenLDAP Foundation. Individual files and/or contributed packages may be copyright by other parties and/or subject to additional restrictions. This work also contains materials derived from public sources. Additional information about OpenLDAP can be obtained at . ======================================================================== * openldap libraries/librewrite/Copyright ======================================================================== /****************************************************************************** * * Copyright (C) 2000 Pierangelo Masarati, * All rights reserved. * * Permission is granted to anyone to use this software for any purpose * on any computer system, and to alter it and redistribute it, subject * to the following restrictions: * * 1. The author is not responsible for the consequences of use of this * software, no matter how awful, even if they arise from flaws in it. * * 2. The origin of this software must not be misrepresented, either by * explicit claim or by omission. Since few users ever read sources, * credits should appear in the documentation. * * 3. Altered versions must be plainly marked as such, and must not be * misrepresented as being the original software. Since few users * ever read sources, credits should appear in the documentation. * * 4. This notice may not be removed or altered. * ******************************************************************************/