Add client certificate authentication and optional SASL EXTERNAL bind,
which allows the client to bind as the subject of the certificate in cases
where the directory doesn't implicitly do that.

The client certificate is configured with 'certfile' and 'keyfile'
directives, and SASL EXTERNAL bind is configured with the 'bindext'
directive.

ok tb@

The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.

This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.

With help from tb@ and guenther@.

ok deraadt@, tb@

use $OpenBSD markers only

Sync aldap and ber with ldap(1).

OK claudio@

Sync aldap from ldap(1).

This also fixes the _url functions that was previously #ifdef'ed out.

OK claudio@

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.

The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.

This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.

With help from tb@ and guenther@.

ok deraadt@, tb@

use $OpenBSD markers only

Sync aldap and ber with ldap(1).

OK claudio@

Sync aldap from ldap(1).

This also fixes the _url functions that was previously #ifdef'ed out.

OK claudio@

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.

use $OpenBSD markers only

Sync aldap and ber with ldap(1).

OK claudio@

Sync aldap from ldap(1).

This also fixes the _url functions that was previously #ifdef'ed out.

OK claudio@

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.

Sync aldap and ber with ldap(1).

OK claudio@

Sync aldap from ldap(1).

This also fixes the _url functions that was previously #ifdef'ed out.

OK claudio@

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.

Sync aldap from ldap(1).

This also fixes the _url functions that was previously #ifdef'ed out.

OK claudio@

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.

Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@

Use paged searches so we can handle larger directories. Servers that don't
understand paging, such as ldapd(8), ignore it and return a single set of
results as before.
from Jim Smith, some tweaks and fixes by me, ok dlg@

Use the correct terminology, replace the term "entry" with the term "attribute" where applicable.

OK martinh@ pyr@

Simplify LDAP URL handling (currently unused):
instead of strdup()'ing multiple values from an already strdup'ed
buffer (none of which were checked for NULL upon return, which is
also fixed in this), just use a buffer attached to the aldap_url
struct.

Add an aldap_search_url() function, which is a wrapper around
aldap_parse_url and aldap_search.

Finally, since the URL bits are unused, wrap them in #if 0 for now.

ok pyr@, whose heart was a little broken by the #if 0 (temporary, I swear!)

Add correct error handling to the aldap API.
Use the error handling in the ldapclient.

with help from pyr@

move aldap_close in aldap.c, where it belongs.
discussed with aschrijver@

Add support for referrals and lists of attributes.

Oops, also commit the header file. Remove silly debug message.

add missing copyright.

aldap library -- Replacement for openldap used in ypldap. aldap is an semi-asynchronous client interface to connect to LDAP servers.