Full_Name: Ondrej Kuznik Version: HEAD OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.168.56.1)

Back-null database currently does not support cn=config. Although there is only one directive (bind allowed), it could be useful to support it once openldap no longer uses slapd.conf. The following patches represent two alternatives that attempt to add this capability, adding a new attribute type (OLcfgDbAt:8.1 'olcDbBindAllowed') and one objectclass (OLcfgDbOc:8.1 'olcNullConfig') to the schemas. They are two as I am new to slapd internals and do not know which approach is more preferable.

ftp://ftp.openldap.org/incoming/ondrej-kuznik-20100624-back_null_simple.patch The first patch adds the functionality using only bconfig.c config_{check,set}_vals (through flags ARG_ON_OFF|ARG_OFFSET) but a modify that deletes the attribute leaves the value of ni_bind_allowed intact.

ftp://ftp.openldap.org/incoming/ondrej-kuznik-20100624-back_null_magic.patch The second one uses a callback function like any other backend so it does not suffer from this issue.

This patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Acision. Acision has not assigned rights and/or interest in this work to any party. I, Ondřej Kuzník am authorized by Acision, my employer, to release this work under the following terms.

The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2010 Acision Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License.