If multiple ppolicy overlays are present on a glued tree, they all
attempt to update the policy operational attributes in response to
password-related activities. The redundant mod ops will cause the
entire op to fail. Check for these ops before inserting new ones.
This code duplicates the basic function of lastbind. The two overlays
cannot be used together. The timestamp Mod op is changed to require
the old value to still be present at the end of the Bind. This allows
us to detect collisions (multiple successful Binds in the same time
window) and properly fail the extra Bind attempts.
Only drop connection if user originally bound to this backend,
and rebind-as-user was set. Sessions from other backends would
use idassert-bind so loss of creds doesn't affect them.
The LDIF output wasn't being explicitly flushed. In certain scenarios,
such as piping the output of a persistent ldapsearch to node.js v0.12
on Mac OS X 10.10.3, the output is unavailable to the process
consuming the search results until the stdio buffer fills (8192 bytes
for example). This can leave the tail end of persistent search results
in the buffer for a long time (until enough output has accumulated).
Explicitly call flush so that the output is immediately available.
Fix multiple argument handling. For example:
perlModuleConfig homedir /home/jsynacek
should be converted to
olcPerlModuleConfig: homedir /home/jsynacek
and not to
olcPerlModuleConfig: homedir
olcPerlModuleConfig: /home/jsynacek
select_backend() skips hidden backends so it fails to match the
rootdn of a database that has been hidden. rootpw tries to see
if the rootdn matches the current backend but the check fails
when hidden. Ignore this check on hidden backends since one
cannot Bind to a hidden backend anyway.
