Added support for AIX security database:

configure.in: check for AIX security library, set in AUTH_LIBS macro
  top.mk: add AUTH_LIBS macro to SECURITY_LIBS
  portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
  passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
  	getpwnam must always succeed for the given user. It is not a
	fatal error if getspnam returns no result for the user: On
	systems that support /etc/shadow, its usage is optional. The
	same logic applies for AIX, SCO/HP SecureWare, etc.

build/top.mk

@@ -126,7 +126,8 @@ KRB5_LIBS = @KRB5_LIBS@
 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
 SASL_LIBS = @SASL_LIBS@
 TLS_LIBS = @TLS_LIBS@
-SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
+AUTH_LIBS = @AUTH_LIBS@
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
 
 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@

configure.in

@@ -481,6 +481,7 @@ SASL_LIBS=
 TERMCAP_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
+AUTH_LIBS=
 
 dnl ================================================================
 dnl Checks for programs
@@ -633,6 +634,13 @@ if test "${ol_cv_mkdep}" = no ; then
 	AC_MSG_WARN([do not know how to generate dependencies])
 fi
 
+dnl ----------------------------------------------------------------
+dnl Check for AIX security library
+AC_CHECK_LIB(s, afopen, [
+	AUTH_LIBS=-ls
+	AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
+])
+
 dnl ----------------------------------------------------------------
 dnl Check for module support
 ol_link_modules=no
@@ -2457,6 +2465,7 @@ AC_SUBST(SASL_LIBS)
 AC_SUBST(TERMCAP_LIBS)
 AC_SUBST(TLS_LIBS)
 AC_SUBST(MODULES_LIBS)
+AC_SUBST(AUTH_LIBS)
 
 AC_SUBST(SLAPD_SQL_LDFLAGS)
 AC_SUBST(SLAPD_SQL_LIBS)

include/portable.h.in

@@ -598,6 +598,9 @@
 /* defined to be the EXE extension */
 #undef EXEEXT
 
+/* define if you have AIX security lib */
+#undef HAVE_AIX_SECURITY
+
 /* define if you have libtool -ltdl */
 #undef HAVE_LIBLTDL
 

libraries/liblutil/passwd.c

@@ -42,6 +42,9 @@
 #ifdef HAVE_PWD_H
 #	include <pwd.h>
 #endif
+#ifdef HAVE_AIX_SECURITY
+#	include <userpw.h>
+#endif
 
 #include <lber.h>
 
@@ -162,8 +165,8 @@ static const struct pw_scheme pw_schemes[] =
 
 #ifdef SLAPD_CRYPT
 	{ {sizeof("{CRYPT}")-1, "{CRYPT}"},	chk_crypt, hash_crypt },
-# if defined( HAVE_GETSPNAM ) \
+#endif
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 	{ {sizeof("{UNIX}")-1, "{UNIX}"},	chk_unix, NULL },
 # endif
 #endif
@@ -833,8 +836,7 @@ static int chk_crypt(
 	return strcmp( passwd->bv_val, cr ) ? 1 : 0;
 }
 
-# if defined( HAVE_GETSPNAM ) \
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
 static int chk_unix(
 	const struct pw_scheme *sc,
 	const struct berval * passwd,
@@ -862,18 +864,6 @@ static int chk_unix(
 		return -1;	/* passwd must behave like a string */
 	}
 
-#  ifdef HAVE_GETSPNAM
-	{
-		struct spwd *spwd = getspnam(passwd->bv_val);
-
-		if(spwd == NULL) {
-			return -1;	/* not found */
-		}
-
-		pw = spwd->sp_pwdp;
-	}
-
-#  else
 	{
 		struct passwd *pwd = getpwnam(passwd->bv_val);
 
@@ -883,6 +873,23 @@ static int chk_unix(
 
 		pw = pwd->pw_passwd;
 	}
+#  ifdef HAVE_GETSPNAM
+	{
+		struct spwd *spwd = getspnam(passwd->bv_val);
+
+		if(spwd != NULL) {
+			pw = spwd->sp_pwdp;
+		}
+	}
+#  endif
+#  ifdef HAVE_AIX_SECURITY
+	{
+		struct userpw *upw = getuserpw(passwd->bv_val);
+
+		if (upw != NULL) {
+			pw = upw->upw_passwd;
+		}
+	}
 #  endif
 
 	if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) {